Concepts

Question 1

Concept

Answer 1

Breakdown

Question 2

CIA Triad

Answer 2

Confidentiality, Integrity, Availability

Question 3

Risk Management

Answer 3

Identify, Assess, Mitigate, Monitor

Question 4

Access Control Models

Answer 4

MAC, DAC, RBAC, ABAC

Question 5

Authentication Methods

Answer 5

Something you know, have, are, do, or location

Question 6

Encryption

Answer 6

Symmetric vs Asymmetric

Question 7

Firewalls

Answer 7

Packet-filtering, Stateful, Application-layer

Question 8

IDS/IPS

Answer 8

Intrusion Detection/Prevention Systems

Question 9

Social Engineering

Answer 9

Phishing, Pretexting, Tailgating, Baiting

Question 10

Malware Types

Answer 10

Virus, Worm, Trojan, Ransomware, Spyware

Question 11

Security Controls

Answer 11

Preventive, Detective, Corrective, Deterrent, Recovery

Question 12

Ports and Protocols

Answer 12

Know common ports and their use

Question 13

VPN

Answer 13

Secure tunnel between networks

Question 14

Patch Management

Answer 14

Update software to fix vulnerabilities

Question 15

Zero Trust

Answer 15

Never trust, always verify

Question 16

Public Key Infrastructure (PKI)

Answer 16

Manages digital certificates and encryption keys

Question 17

Multi-Factor Authentication (MFA)

Answer 17

Requires two or more authentication factors

Question 18

Incident Response

Answer 18

Preparation, Identification, Containment, Eradication, Recovery, Lessons Learned

Question 19

Symmetric Encryption

Answer 19

One key for both encryption and decryption

Question 20

Asymmetric Encryption

Answer 20

Uses a public and private key pair

Question 21

Hashing

Answer 21

Produces a fixed-length string from input data

Question 22

Security Policies

Answer 22

Guidelines for employee behavior and IT usage

Question 23

Network Segmentation

Answer 23

Dividing network into zones

Question 24

SIEM

Answer 24

Security Information and Event Management

Question 25

Physical Security

Answer 25

Controls that protect the physical environment

Question 26

Threat Intelligence

Answer 26

Gathering data on potential or active threats

Question 27

Sandboxing

Answer 27

Isolating programs to prevent harm to the system

Question 28

Cloud Security

Answer 28

Securing data and systems in the cloud

Question 29

DDoS Attack

Answer 29

Distributed Denial of Service

Question 30

Concept

Answer 30

Breakdown

Question 31

Zero Trust Architecture

Answer 31

Security model that assumes no implicit trust; always verify identity, device, and context before granting access

Question 32

Elliptic Curve Cryptography (ECC)

Answer 32

Asymmetric encryption technique using elliptic curves over finite fields

Question 33

OAuth 2.0 and OpenID Connect

Answer 33

OAuth 2.0: authorization framework; OpenID Connect: authentication layer on top of OAuth

Question 34

Security Information and Event Management (SIEM)

Answer 34

Aggregates and analyzes logs and events in real-time for threat detection

Question 35

Advanced Persistent Threat (APT)

Answer 35

Prolonged and targeted cyberattack often conducted by a nation-state or highly skilled group

Question 36

Security Orchestration, Automation, and Response (SOAR)

Answer 36

Technology that helps unify and automate security operations and incident response

Question 37

Public Key Infrastructure (PKI)

Answer 37

Framework for creating, managing, distributing, and revoking digital certificates

Question 38

Data Loss Prevention (DLP)

Answer 38

Technology and policies that prevent unauthorized data transmission or leakage