Chapter 1 Flashcards
Domain 1.0: General Security Concepts 1.1. Compare and contrast various types of security controls. -Categories(Technical, Managerial, Operational, Physical) -Control Types (Preventative, Deterrent, Detective, Corrective, Compensating, Directive) 1.2. Summarize fundamental security concepts -Confidentiality, Integrity, Availability (CIA) -Non-repudiation -Gap Analysis 1.4. Explain the importance of using appropriate cryptographic solutions. -Obfuscation (Tokenization, Data Masking) Domain 3. (25 cards)
Which of the following answers can be used to describe technical security controls? (Select 3 answers)
Sometimes called logical security controls; Executed by computer systems (instead of people); Implemented with technology
Which of the answers listed below refer to examples of technical security controls? (Select 3 answers)
Encryption, IDSs, Firewalls
Which of the following answers refer to the characteristic features of managerial security controls? (Select 3 answers)
Also known as administrative controls, Documented in written policies, Focused on reducing the risk of security incidents
Examples of managerial security controls include: (Select 3 answers)
Security awareness training, Organizational security policy, Risk assessments
Which of the answers listed below can be used to describe operational security controls (Select 3 answers)
Focused on the day-to-day procedures of an organization; Used to ensure that the equipment continues to work as specified; Primarily implemented and executed by people (as opposed to computer systems)
Which of the following examples fall into the category of operational security controls? (Select 3 answers)
System backups; Configuration management; Patch management
Which of the answers listed below refers to security controls designed to deter, detect, and prevent unauthorized access, theft, damage, or destruction of material assets?
Physical security controls
Which of the following examples do not fall into the category of physical security controls? (Select 3 answers)
Data backups, Firewalls, Asset management
What are the examples of preventive security controls? (Select 3 answers)
Encryption, Firewalls, AV software
Examples of deterrent security controls include: (Select 3 answers)
Warning signs, Lighting, Fencing/Bollards
Which of the answers listed below refer(s) to detective security control(s)? (Select 5)
Log monitoring, CCTV, IDS, Security Audits, Vulnerability scanning
Which of the following answers refer(s) to corrective security control(s)? (Select 5)
Recovering data from backup copies, Applying software updates and patches to fix vulnerabilities, Developing and implementing IRPs to respond to and recover from security incidents, Activating and executing DRPs to restore operations after a major incident
Which of the answers listed below refer(s) to compensating security control(s)? (Select 4)
Backup power systems, Application sandboxing, MFA, Network segmentation
The term ‘Directive security controls’ refers to the category of security controls that are implemented through policies and procedures.
True
Which of the following terms fall into the category of directive security controls? (Select 2 answers)
IRP, AUP
Which of the terms listed below can be used to describe the basic principles of information security?
CIA
The term ‘Non-repudiation’ describes the inability to deny responsibility for performing a specific action.
True
Which of the following best applies to the concept of non-repudiation?
Digital certificate
Which type of user account violates the concept of non-repudiation?
Shared account
Which part of the AAA security architecture deals with the verification of the identity of a person or process?
Authentication
In the AAA security architecture, the process of granting or denying access to resources is known as:
Authorization
In the AAA security architecture, the process of tracking accessed services and logging resource consumption is called:
Accounting
Which of the following solutions provide(s) the AAA functionality? (Select all that apply)
TACACS+, RADIUS
In the context of the AAA framework, common methods for authenticating people include: (Select 3 answers)
Usernames and passwords, Biometrics, MFA
