Dion Training CompTIA Security+ Introduction

Question 1

CompTIA Security+ (SY0-701) certification exam consists of five domains or areas of
knowledge

Answer 1

■ 12% of General Security Concepts
■ 22% of Threats, Vulnerabilities, and Mitigations
■ 18% of Security Architecture
■ 28% of Security Operations
■ 20% of Security Program Management and Oversight

Question 2

What is Information Security

Answer 2

Protecting data and information from unauthorized access, modification,
disruption, disclosure, and destruction

Question 3

What is Information Systems Security

Answer 3

Protecting the systems (e.g., computers, servers, network devices) that hold and
process critical data

Question 4

What is the CIA Triad

Answer 4

■ Confidentiality
● Ensures information is accessible only to authorized personnel (e.g.,
encryption)
■ Integrity
● Ensures data remains accurate and unaltered (e.g., checksums)
■ Availability
● Ensures information and resources are accessible when needed (e.g.,
redundancy measures)

Question 5

What is Non-Repudiation

Answer 5

Guarantees that an action or event cannot be denied by the involved parties
(e.g., digital signatures)

Question 6

What is the CIANA Pentagon

Answer 6

An extension of the CIA triad with the addition of non-repudiation and
authentication

Question 7

What is the Triple A’s of Security

Answer 7

■ Authentication
● Verifying the identity of a user or system (e.g., password checks)
■ Authorization
● Determining actions or resources an authenticated user can access (e.g.,
permissions)
■ Accounting
● Tracking user activities and resource usage for audit or billing purposes

Question 8

What are the Security Control Categories

Answer 8

■ Technical
■ Managerial
■ Operational
■ Physical

Question 9

What are the Security Control Types

Answer 9

■ Preventative
■ Deterrent
■ Detective
■ Corrective
■ Compensating
■ Directive

Question 10

What is the Zero Trust Model

Answer 10

■ Operates on the principle that no one should be trusted by default
■ To achieve zero trust, we use the control plane and the data plane
● Control Plane
○ Adaptive identity, threat scope reduction, policy-driven access
control, and secured zones
● Data Plane
○ Subject/system, policy engine, policy administrator, and
establishing policy enforcement points

Question 11

What is a Threat

Answer 11

■ Anything that could cause harm, loss, damage, or compromise to our information
technology systems
■ Can come from the following
● Natural disasters
● Cyber-attacks
● Data integrity breaches
● Disclosure of confidential information

Question 12

What is a Vulnerability

Answer 12

■ Any weakness in the system design or implementation
■ Come from internal factors like the following
● Software bugs
● Misconfigured software
● Improperly protected network devices
● Missing security patches
● Lack of physical security

Question 13

Where threats and vulnerabilities intersect, that is where the risk to your enterprise
systems and networks lies

Answer 13

■ If you have a threat, but there is no matching vulnerability to it, then you have no
risk
■ The same holds true that if you have a vulnerability but there’s no threat against
it, there would be no risk

Question 14

What is Risk Management

Answer 14

■ Finding different ways to minimize the likelihood of an outcome and achieve the
desired outcome

Question 15

What is Confidentiality

Answer 15

■ Refers to the protection of information from unauthorized access and disclosure
■ Ensure that private or sensitive information is not available or disclosed to
unauthorized individuals, entities, or processes

Question 16

Confidentiality is important for 3 main reasons
What are they

Answer 16

■ To protect personal privacy
■ To maintain a business advantage
■ To achieve regulatory compliance

Question 17

To ensure confidentiality, we use five basic methods
What are they

Answer 17

■ Encryption
● Process of converting data into a code to prevent unauthorized access
■ Access Controls
● By setting up strong user permissions, you ensure that only authorized
personnel can access certain types data
■ Data Masking
● Method that involves obscuring specific data within a database to make it
inaccessible for unauthorized users while retaining the real data’s
authenticity and use for authorized users
■ Physical Security Measures
● Ensure confidentiality for both physical types of data, such as paper
records stored in a filing cabinet, and for digital information contained on
servers and workstations
■ Training and Awareness
● Conduct regular training on the security awareness best practices that
employees can use to protect their organization’s sensitive data

Question 18

What is Integrity

Answer 18

■ Helps ensure that information and data remain accurate and unchanged from its
original state unless intentionally modified by an authorized individual
■ Verifies the accuracy and trustworthiness of data over the entire lifecycle

Question 19

Integrity is important for three main reasons what are they

Answer 19

■ To ensure data accuracy
■ To maintain trust
■ To ensure system operability

Question 20

To help us maintain the integrity of our data, systems, and networks, we usually utilize
five methods, what are they?

Answer 20

■ Hashing
● Process of converting data into a fixed-size value
■ Digital Signatures
● Ensure both integrity and authenticity
■ Checksums
● Method to verify the integrity of data during transmission
■ Access Controls
● Ensure that only authorized individuals can modify data and this reduces
the risk of unintentional or malicious alterations
■ Regular Audits
● Involve systematically reviewing logs and operations to ensure that only
authorized changes have been made, and any discrepancies are
immediately addressed

Question 21

What is Availability

Answer 21

Ensure that information, systems, and resources are accessible and operational
when needed by authorized users

Question 22

As cybersecurity professionals, we value availability since it can help us with what

Answer 22

■ Ensuring Business Continuity
■ Maintaining Customer Trust
■ Upholding an Organization’s Reputation

Question 23

What is Redundancy

Answer 23

Duplication of critical components or functions of a system with the intention of enhancing its reliability

Question 24

There are various types of redundancy you need to consider when designing your systems and networks what are they

Answer 24

■ Server Redundancy
● Involves using multiple servers in a load balanced or failover configuration
so that if one is overloaded or fails, the other servers can take over the
load to continue supporting your end users
■ Data Redundancy
● Involves storing data in multiple places
■ Network Redundancy
● Ensures that if one network path fails, the data can travel through
another route
■ Power Redundancy
● Involves using backup power sources, like generators and UPS systems

Question 25

What is Non-repudiation

Answer 25

■ Focused on providing undeniable proof in the world of digital transactions ■ Security measure that ensures individuals or entities involved in a communication or transaction cannot deny their participation or the authenticity of their actions

Question 26

What is a Digital Signatures

Answer 26

■ Considered to be unique to each user who is operating within the digital domain ■ Created by first hashing a particular message or communication that you want to digitally sign, and then it encrypts that hash digest with the user’s private key using asymmetric encryption

Question 27

Non-repudiation is important for three main reasons what are they

Answer 27

■ To confirm the authenticity of digital transactions ■ To ensure the integrity of critical communications ■ To provide accountability in digital processes

Question 28

What is Authentication

Answer 28

■ Security measure that ensures individuals or entities are who they claim to be during a communication or transaction

Question 29

5 commonly used authentication methods are what

Answer 29

■ Something you know (Knowledge Factor) ● Relies on information that a user can recall ■ Something you have (Possession Factor) ● Relies on the user presenting a physical item to authenticate themselves ■ Something you are (Inherence Factor) ● Relies on the user providing a unique physical or behavioral characteristic of the person to validate that they are who they claim to be ■ Something you do (Action Factor) ● Relies on the user conducting a unique action to prove who they are ■ Somewhere you are (Location Factor) ● Relies on the user being in a certain geographic location before access is granted

Question 30

Multi-Factor Authentication System (MFA) is what

Answer 30

■ Security process that requires users to provide multiple methods of identification to verify their identity

Question 31

Authentication is critical to understand because of what

Answer 31

■ To prevent unauthorized access ■ To protect user data and privacy ■ To ensure that resources are accessed by valid users only

Question 32

What is Authorization

Answer 32

■ Pertains to the permissions and privileges granted to users or entities after they have been authenticated

Question 33

Authorization mechanisms are important to help us with what

Answer 33

■ To protect sensitive data ■ To maintain the system integrity in our organizations ■ To create a more streamlined user experience

Question 34

Accounting is what

Answer 34

■ Security measure that ensures all user activities during a communication or transaction are properly tracked and recorded