Chapter 1

Question 1

What is cybersecurity?

Answer 1

The art of protecting networks, devices, and data from unauthorized access or criminal use and the practice of ensuring confidentiality, integrity, and availability of information

According to the U.S. Cybersecurity & Infrastructure Security Agency (CISA)

Question 2

What does the CIA triad stand for?

Answer 2

Confidentiality, Integrity, Availability

Question 3

What is the expected growth percentage of cybersecurity jobs between 2021 and 2023?

Answer 3

35%

Question 4

What is the role of a Cybersecurity Architect (CSA)?

Answer 4

Helps shape, design, and plan the technical aspects of an organization’s approach to security at all levels

Question 5

What are the three main topics covered in the introduction to cybersecurity?

Answer 5

• What is cybersecurity?
• Confidentiality/integrity/availability
• Networking and operating systems

Question 6

True or False: The only secure computer system is one that is never turned on or used.

Answer 6

True

Question 7

Define access control.

Answer 7

The procedure of permitting solely authorized individuals, programs, or other computer systems to observe, alter, or gain control over a computer system’s resources

Question 8

What does secure software development encompass?

Answer 8

Procedures and tasks associated with the strategic planning, coding, and administration of software and systems to guarantee confidentiality, integrity, and availability

Question 9

What is the goal of Business Continuity Planning/Disaster Recovery (BCP/DR)?

Answer 9

To uphold uninterrupted business operations in the face of significant disruptions

Question 10

What is cryptography?

Answer 10

The science of using deception and mathematics to hide data from unwanted access

Question 11

What is the purpose of information security governance and risk management?

Answer 11

To safeguard critical information assets and systems through holistic strategies

Question 12

List the key responsibilities of security operations.

Answer 12

• Asset protection
• Monitoring and detection
• Incident response
• Ongoing maintenance
• Process integration

Question 13

What does physical and environmental security involve?

Answer 13

Safeguarding facilities housing critical information systems against unauthorized access and environmental hazards

Question 14

What is security architecture?

Answer 14

Translating organizational requirements into comprehensive cybersecurity designs encompassing people, processes, and technology controls

Question 15

What is the main purpose of telecommunications/network security?

Answer 15

To ensure the confidentiality, integrity, and availability of data transmitted over networks

Question 16

Fill in the blank: Cybersecurity is the mitigation of ______ to maintain confidentiality, integrity, and availability.

Answer 16

risk

Question 17

What is the significance of governance frameworks in information security?

Answer 17

They provide guiding models for protection through integrated frameworks, policies, and standards

Question 18

What are the components of legal/regulatory/compliance and investigations?

Answer 18

• Computer crime legislation
• Associated regulations
• Investigative measures
• Evidence gathering/management methodologies
• Reporting protocols

Question 19

What does effective governance in cybersecurity require?

Answer 19

Going beyond technology to address human behavior, security awareness, and best practices

Question 20

True or False: The growth of computers and web-based applications has only positive effects on society.

Answer 20

False

Question 21

What is the typical breakdown of cybersecurity domains by ISC2?

Answer 21

• Access control
• Secure software development
• Business continuity planning/Disaster recovery (BCP/DR)
• Cryptography
• Information security governance/risk management
• Legal/regulatory/compliance and investigations
• Security operations
• Physical and environmental security
• Security architecture
• Telecommunications/network security

Question 22

What is the CIA triad?

Answer 22

Confidentiality, Integrity, Availability

The CIA triad is a foundational concept in cybersecurity.

Question 23

What does confidentiality refer to in cybersecurity?

Answer 23

Protecting information from unauthorized access

Confidentiality ensures that sensitive information is only accessible to authorized individuals.

Question 24

What is integrity in the context of cybersecurity?

Answer 24

Reliability and completeness of data

Integrity ensures data has not been unintentionally modified or altered.

Question 25

Define availability in cybersecurity.

Answer 25

Continuous accessibility and optimal functioning of data and systems ## Footnote Availability ensures minimal disruptions or downtime for users.

Question 26

Which aspect of cybersecurity ensures actions cannot be denied?

Answer 26

Non-repudiation ## Footnote Non-repudiation provides evidence that a specific action took place.

Question 27

What is data encryption?

Answer 27

Converting plaintext into coded form (ciphertext) ## Footnote Encryption prevents unauthorized access to data content.

Question 28

What are access controls?

Answer 28

Mechanisms to restrict access based on user roles ## Footnote Access controls help prevent unauthorized individuals from accessing confidential data.

Question 29

What is data validation?

Answer 29

Verifying the accuracy and consistency of data ## Footnote Data validation ensures data meets predefined criteria.

Question 30

What are hash functions?

Answer 30

Mathematical algorithms generating unique hash values for data ## Footnote Hash functions help detect integrity violations by comparing hash values.

Question 31

What does disaster recovery planning involve?

Answer 31

Creating strategies to recover systems and data after disruptions ## Footnote This includes regular backups and documented restoration procedures.

Question 32

What are Distributed Denial of Service (DDoS) attacks?

Answer 32

Attacks that overwhelm systems causing service unavailability ## Footnote DDoS attacks can be mitigated through traffic filtering and CDNs.

Question 33

What is the purpose of digital certificates?

Answer 33

Validate the identity of individuals or entities in transactions ## Footnote Digital certificates are issued by trusted third parties.

Question 34

What are audit trails?

Answer 34

Records capturing activities and events within a system ## Footnote Audit trails provide evidence of actions performed in a system.

Question 35

True or False: The CIA triad components are interconnected.

Answer 35

True ## Footnote Understanding the relationships between confidentiality, integrity, and availability is vital.

Question 36

What are Local Area Networks (LANs)?

Answer 36

Networks connecting devices within a limited geographical area ## Footnote LANs are commonly used in homes and offices.

Question 37

What is the function of routers in networking?

Answer 37

Direct data packets between different networks ## Footnote Routers play a critical role in managing network traffic.

Question 38

What is the principle of least privilege?

Answer 38

Users have only the necessary privileges to perform tasks ## Footnote This principle reduces the risk of unauthorized access.

Question 39

What is network segmentation?

Answer 39

Dividing a network into smaller, isolated segments ## Footnote Network segmentation limits the impact of potential breaches.

Question 40

What is the Untrusted Zone (UTZ)?

Answer 40

The lowest level of trust within a network, typically internet-facing ## Footnote Traffic from the UTZ is usually restricted from entering other zones.

Question 41

What does the Trusted Zone (TZ) represent?

Answer 41

The highest level of trust within a network ## Footnote TZs are assumed to be secure and trustworthy.

Question 42

Fill in the blank: The _______ Zone (RZ) contains the most sensitive data and databases.

Answer 42

Restricted ## Footnote The RZ is characterized by stringent access controls.

Question 43

What is perimeter defense in cybersecurity?

Answer 43

Security measures at the network's edge against external threats ## Footnote This includes firewalls and intrusion detection systems.

Question 44

What are secure protocols?

Answer 44

Protocols ensuring encrypted communication to prevent eavesdropping ## Footnote Examples include HTTPS.

Question 45

What is the role of antivirus software in operating systems?

Answer 45

Detect and remove malicious programs ## Footnote Antivirus solutions protect against various forms of malware.

Question 46

What is the purpose of intrusion detection systems (IDSs) and intrusion prevention systems (IPSs)?

Answer 46

They monitor and filter network traffic ## Footnote IDSs detect potential threats, while IPSs actively prevent them.

Question 47

What does HTTPS stand for and what is its significance?

Answer 47

Hypertext Transfer Protocol Secure; it ensures encrypted communication between clients and servers ## Footnote This prevents eavesdropping and data tampering.

Question 48

What is the principle of least privilege?

Answer 48

Users have only the necessary privileges to perform their tasks ## Footnote This reduces the risk of unauthorized access.

Question 49

What does endpoint security focus on?

Answer 49

Securing individual devices connected to the network ## Footnote It includes measures like antivirus software and host-based firewalls.

Question 50

What are the fundamental components of cybersecurity?

Answer 50

Networking and operating systems ## Footnote Understanding these enables comprehension of secure communication.

Question 51

What are the types of applications?

Answer 51

Desktop applications, mobile applications, web applications, and enterprise applications ## Footnote Each type has unique characteristics and security considerations.

Question 52

What is application security?

Answer 52

It is vital in protecting sensitive information and ensuring reliable application functioning ## Footnote It prevents unauthorized access and data breaches.

Question 53

What is input validation?

Answer 53

Properly validating and sanitizing user inputs to prevent attacks ## Footnote This includes protection against SQL injection and cross-site scripting (XSS).

Question 54

What role does governance play in GRC?

Answer 54

It guides overall management and decision-making within an organization ## Footnote Good governance ensures ethical and transparent operations.

Question 55

What do regulations refer to in the context of GRC?

Answer 55

Rules and guidelines established by governmental bodies or industry regulators ## Footnote Compliance with these is crucial for avoiding penalties.

Question 56

What is compliance in GRC?

Answer 56

Adherence to laws, regulations, internal policies, and industry standards ## Footnote It involves processes to ensure operations align with requirements.

Question 57

What are common application security challenges?

Answer 57

Input validation, authentication and authorization, secure coding practices, secure configuration, and patch management ## Footnote Addressing these challenges is essential for resilient applications.

Question 58

What is the CIA triad?

Answer 58

Confidentiality, Integrity, and Availability ## Footnote These are crucial aspects of protecting sensitive information.

Question 59

What is the secure development life cycle (SDL)?

Answer 59

An approach to ensure application security throughout its development phases ## Footnote It includes requirements, design, development, testing, deployment, and maintenance.

Question 60

Fill in the blank: Governance, regulations, and _______ (GRC) is a framework for ethical conduct and risk mitigation.

Answer 60

Compliance

Question 61

True or False: Organizations can ignore regulations if they have strong internal policies.

Answer 61

False ## Footnote Organizations must comply with external regulations regardless of internal policies.

Question 62

What is the significance of maintaining trust in application security?

Answer 62

Secure applications build trust among users, customers, and stakeholders ## Footnote This leads to increased adoption and customer satisfaction.

Question 63

What is the importance of application security in today's digital landscape?

Answer 63

Protects sensitive data, prevents exploits, and maintains user trust ## Footnote Essential for safeguarding against threats and vulnerabilities.

Question 64

What are some key aspects related to applications?

Answer 64

Types of applications, application development, and common application platforms ## Footnote Each aspect has unique security considerations.

Question 65

What is the primary focus of the book 'Mastering Windows Security and Hardening'?

Answer 65

Secure and protect your Windows environment from cyber threats using zero-trust security principles

Question 66

What is the second edition of 'Mastering Windows Security and Hardening' about?

Answer 66

It covers securing and protecting Windows environments from cyber threats using zero-trust security principles

Question 67

What does the book 'Network Security Principles and Practices' focus on?

Answer 67

Fundamental principles and practices of network security

Question 68

What is included in the 'Computer Security Handbook, Set (Volume 1 and 2) 6th Edition'?

Answer 68

Comprehensive coverage of computer security topics

Question 69

What is the purpose of the 'CISSP All-in-One Exam Guide, Ninth Edition'?

Answer 69

Preparation for the CISSP certification exam

Question 70

Fill in the blank: 'Mastering Windows Security and Hardening' employs _______ security principles.

Answer 70

[zero-trust]

Question 71

True or False: 'Network Security Principles and Practices' is a book focused solely on theoretical aspects of network security.

Answer 71

False

Question 72

What are the two volumes of the 'Computer Security Handbook' designed to provide?

Answer 72

A comprehensive overview of computer security topics

Question 73

What certification does the 'CISSP All-in-One Exam Guide' help prepare for?

Answer 73

CISSP certification

Question 74

What is a key theme in the book 'Mastering Windows Security and Hardening'?

Answer 74

Utilizing zero-trust security principles

Question 75

List two books that focus on network security.

Answer 75

* Network Security Principles and Practices * Mastering Windows Security and Hardening