Defense in Depth

Question 1

Which component of the CIA triad refers to assurance that information can be read and interpreted only by persons and processes explicitly authorized to do so.

Answer 1

Confidentiality

Question 2

Which component of the CIA triad refers to the assurance that information remains intact, correct, and authentic.

Answer 2

Integrity

Question 3

Which component of the CIA triad refers to assurance that authorized users can access and work with information
assets, resources, and systems when needed, with sufficient response and performance.

Answer 3

Availability

Question 4

____________ * _______________ = Risk

Answer 4

Threat * Vulnerability = Risk

Question 5

What are the different threat categories?

Answer 5

Environmental: fire, flood, power outage
External: terrorists, organized crime, hackers, etc.
Internal: disgruntled employees, agents, errors
Structured: well organized planned, methodical attacks
Unstructured: random attacks with limited resources

Question 6

Potential for threat-source to exploit vulnerability

Answer 6

Threat

Question 7

Flaw that can present a security breach

Answer 7

Vulnerability

Question 8

Which Defense-in-Depth approach treats all systems as equally important?

Answer 8

Uniform Protection

Question 9

Which Defense-in-Depth approach subdivides and separates networks using VLANs, VPNs, Host-Based Firewalls and Internal Network Firewalls?

Answer 9

Protected Enclaves

Question 10

Which Defense-in-Depth approach prioritizes protection of information over systems and creates successive layers of protection between the information and the attacker

Answer 10

Information Centric

Question 11

Which Defense-in-Depth approach IDs various vectors of threats and provides security mechanisms to prevent the use of the vector? This requires figuring out how to place controls on the vectors to prevent the threat from crossing the vulnerability.

Answer 11

Vector Oriented