Chapter 1

Question 1

What are the main objectives of security controls?

Answer 1

Prevent security events, minimise impact, and limit the damage.

Question 2

What are the four categories of security controls?

Answer 2

Technical, Managerial, Operational, and Physical Controls.

Question 3

What is the CIA Triad in cybersecurity?

Answer 3

Confidentiality, Integrity, and Availability.

Question 4

How is confidentiality maintained?

Answer 4

Encryption, access controls, two-factor authentication.

Question 5

What mechanisms support integrity?

Answer 5

Hashing, digital signatures, certificates, non-repudiation.

Question 6

How is availability ensured?

Answer 6

Fault tolerance, redundancy, patching.

Question 7

What is non-repudiation in cybersecurity?

Answer 7

Proof of integrity and origin, ensuring authenticity using cryptographic methods.

Question 8

What is the purpose of a hash function?

Answer 8

To represent data as a short, fixed-size string and verify integrity.

Question 9

What are the three A’s in access control?

Answer 9

Authentication, Authorization, and Accounting.

Question 10

What is a digital certificate used for?

Answer 10

To authenticate devices using a trusted Certificate Authority (CA).

Question 11

What is a Gap Analysis?

Answer 11

A comparison of current security posture against desired goals to identify improvement areas.

Question 12

What is Zero Trust?

Answer 12

A security model where nothing is trusted by default, and verification is required for all devices and users.

Question 13

What are the functional planes in Zero Trust architecture?

Answer 13

Data plane, Control plane.

Question 14

What are honeypots used for?

Answer 14

To attract and trap attackers in a controlled environment.

Question 15

What is change management?

Answer 15

A formal process for managing updates to systems to avoid disruption and errors.

Question 16

What is the purpose of version control?

Answer 16

To track changes and enable reversion if needed.

Question 17

What is Public Key Infrastructure (PKI)?

Answer 17

A system for creating, managing, and validating digital certificates.

Question 18

What is symmetric encryption?

Answer 18

Encryption and decryption using the same key.

Question 19

What is asymmetric encryption?

Answer 19

Uses a pair of public and private keys; only the private key can decrypt data encrypted with the public key.

Question 20

What is key escrow?

Answer 20

A third party holds a decryption key for recovery or access purposes.

Question 21

What is full-disk encryption?

Answer 21

Encrypting all data on a storage device (e.g., BitLocker, FileVault).

Question 22

What is transport encryption?

Answer 22

Encryption of data in transit using protocols like HTTPS or VPN.

Question 23

What is hashing used for?

Answer 23

To verify data integrity by creating a fixed-size digest from input data.

Question 24

What is a digital signature?

Answer 24

A cryptographic method to verify the authenticity and integrity of a message using a private key.

Question 25

What is a blockchain?

Answer 25

A distributed ledger used to record transactions across multiple nodes securely.

Question 26

What does a digital certificate contain?

Answer 26

Serial number, version, signature algorithm, issuer, subject name, public key, and extensions.

Question 27

What is OCSP stapling?

Answer 27

An efficient method for verifying certificate status during SSL/TLS handshake.

Question 28

What is tokenisation?

Answer 28

Replacing sensitive data with a non-sensitive placeholder; commonly used in credit card processing.

Question 29

What is data masking?

Answer 29

Obfuscating data to hide some original information, protecting PII.

Question 30

What is key stretching?

Answer 30

Strengthening weak keys by hashing them multiple times to slow brute-force attacks.

Question 31

What is a hash collision?

Answer 31

When two different inputs produce the same hash output; indicates a flaw in the hashing algorithm.

Question 32

Why are salted hashes important?

Answer 32

They prevent rainbow table attacks by adding randomness to each hashed password.

Question 33

What is a secure enclave?

Answer 33

An isolated processor with its own memory, boot ROM, and crypto features for securely handling sensitive data.

Question 34

What is the role of a Certificate Authority (CA)?

Answer 34

To validate identities and digitally sign certificates to establish trust.

Question 35

What is a wildcard certificate?

Answer 35

A certificate that applies to all server names within a domain using a wildcard name.

Question 36

What is a self-signed certificate?

Answer 36

A certificate signed by the same entity that created it, often used internally.

Question 37

What is a Certificate Revocation List (CRL)?

Answer 37

A list maintained by a CA that shows revoked certificates.

Question 38

What is an Access Control Vestibule?

Answer 38

A physical security feature that controls access by locking and unlocking doors sequentially.

Question 39

What are honeynets?

Answer 39

Networks designed with multiple honeypots to simulate real environments and attract attackers.

Question 40

What is a policy enforcement point (PEP)?

Answer 40

A gatekeeper component that allows, monitors, or terminates connections based on policy.

Question 41

What is the function of a Policy Engine in Zero Trust?

Answer 41

Evaluates access requests using policies and other inputs to make grant/deny decisions.

Question 42

What are the steps in the Change Approval Process?

Answer 42

Request submission, scope identification, impact analysis, risk assessment, scheduling, board approval, user acceptance.

Question 43

Why is sandbox testing important in change management?

Answer 43

To test changes in a safe environment without affecting production systems.

Question 44

What is the purpose of a backout plan?

Answer 44

To revert a change if something goes wrong, ensuring business continuity.

Question 45

What is the difference between allow and deny lists?

Answer 45

Allow lists permit only approved applications; deny lists block known bad applications.

Question 46

Why are legacy applications challenging in change management?

Answer 46

They may be unsupported and undocumented, requiring special handling during changes.

Question 47

What is the benefit of version control in IT?

Answer 47

Tracks file/configuration changes over time, enabling rollback and auditing.