Fundamentals

Question 1

Security Concern Areas

Answer 1

Internal Users
Ease of use and Security
Convenience and Usability

Question 2

Information Security (Data)

Answer 2

Protecting data and information from unauthorized access, modification, disruption, disclosure, and destruction.

Question 3

Information Systems Security

Answer 3

Protecting the systems (e.g., computers, servers, network devices) that hold and process critical data.

Question 4

CIA Triad

Answer 4

Confidentiality, Integrity, Availibility

Question 5

CIANA Pentagon

Answer 5

CIA plus Non-repudiation, Authentication

Question 6

Confidentiality (CIA Triad)

Answer 6

Ensures information is accessible only to authorized personnel (e.g., encryption)

Question 7

Integrity (CIA Triad)

Answer 7

Ensures data remains accurate and unaltered (e.g., checksums)

Question 8

Availibility (CIA Triad)

Answer 8

Ensures information and resources are accessible when needed (e.g., redundancy measures)

Question 9

Triple A’s of Security

Answer 9

Authentication / Authorization / Accounting

Question 10

Authentication (Triple A)

Answer 10

Verifying the identity of a user or system (e.g., password checks)

Question 11

Authorization (Triple A)

Answer 11

Determining actions or resources an authenticated user can access (e.g., permissions)

Question 12

Accounting (Triple A)

Answer 12

Tracking user activities and resource usage for audit or billing purposes

Question 13

Security Control Categories

Answer 13

Technical / Managerial / Operational / Physical

Question 14

Security Control Types

Answer 14

Preventive / Deterrent / Detective / Corrective / Compensating / Directive

Question 15

Zero Trust Model

Answer 15

Operates on the principle that no one should be trusted by default.
To achieve Zero Trust we use Control Plane and Data Plane.