Fundamentals of Security

Question 1

What is Information Security?

Answer 1

■ Protecting data and information from unauthorized access, modification,
disruption, disclosure, and destruction

Question 2

What is Information Systems Security?

Answer 2

■ Protecting the systems (e.g., computers, servers, network devices) that hold and
process critical data

Question 3

What is the CIA Triad, and what does each part mean?

Answer 3

■ Confidentiality
● Ensures information is accessible only to authorized personnel (e.g.,
encryption)
■ Integrity
● Ensures data remains accurate and unaltered (e.g., checksums)
■ Availability
● Ensures information and resources are accessible when needed (e.g.,
redundancy measures)

Question 4

What is the CIANA Pentagon

Answer 4

■ Confidentiality
● Ensures information is accessible only to authorized personnel (e.g.,
encryption)
■ Integrity
● Ensures data remains accurate and unaltered (e.g., checksums)
■ Availability
● Ensures information and resources are accessible when needed (e.g.,
redundancy measures)
Non-Repudiation
■ Guarantees that an action or event cannot be denied by the involved parties
(e.g., digital signatures)
Authentication
● Verifying the identity of a user or system (e.g., password checks)

Question 5

What are the Triple A’s of Security

Answer 5

■ Authentication
● Verifying the identity of a user or system (e.g., password checks)
■ Authorization
● Determining actions or resources an authenticated user can access (e.g.,
permissions)
■ Accounting
● Tracking user activities and resource usage for audit or billing purposes

Question 6

What are the four Security Control Categories?

Answer 6

■ Technical
■ Managerial
■ Operational
■ Physical

Question 7

What are the five Security Control Types?

Answer 7

■ Preventative
■ Deterrent
■ Detective
■ Corrective
■ Compensating
■ Directive

Question 8

What is the Zero Trust Model?

Answer 8

■ Operates on the principle that no one should be trusted by default

Question 9

What must we do to achieve zero trust, using the control plane and the data plane?

Answer 9

● Control Plane
○ Adaptive identity, threat scope reduction, policy-driven access
control, and secured zones
● Data Plane
○ Subject/system, policy engine, policy administrator, and
establishing policy enforcement points

Question 10

What is a Threat?

Answer 10

■ Anything that could cause harm, loss, damage, or compromise to our information
technology systems

Question 11

Threats can come from where?

Answer 11

● Natural disasters
● Cyber-attacks
● Data integrity breaches
● Disclosure of confidential information

Question 12

Vulnerability are what?

Answer 12

■ Any weakness in the system design or implementation

Question 13

Vulnerabilities come from internal factors such as?

Answer 13

● Software bugs
● Misconfigured software
● Improperly protected network devices
● Missing security patches
● Lack of physical security

Question 14

Describe how Threats and Vulnerabilities intersect.

Answer 14

■ If you have a threat, but there is no matching vulnerability to it, then you have no
risk
■ The same holds true that if you have a vulnerability but there’s no threat against
it, there would be no risk

Question 15

Define Risk Management?

Answer 15

■ Finding different ways to minimize the likelihood of an outcome and achieve the
desired outcome

Question 16

Define Confidentiality.

Answer 16

■ Refers to the protection of information from unauthorized access and disclosure
■ Ensure that private or sensitive information is not available or disclosed to
unauthorized individuals, entities, or processes

Question 17

Confidentiality is important for 3 main reasons. What are they?

Answer 17

■ To protect personal privacy
■ To maintain a business advantage
■ To achieve regulatory compliance

Question 18

To ensure confidentiality, we use five basic methods. What are they?

Answer 18

■ Encryption
● Process of converting data into a code to prevent unauthorized access
■ Access Controls
● By setting up strong user permissions, you ensure that only authorized
personnel can access certain types data.
■ Data Masking
● Method that involves obscuring specific data within a database to make it
inaccessible for unauthorized users while retaining the real data’s
authenticity and use for authorized users
■ Physical Security Measures
● Ensure confidentiality for both physical types of data, such as paper
records stored in a filing cabinet, and for digital information contained on
servers and workstations
■ Training and Awareness
● Conduct regular training on the security awareness best practices that
employees can use to protect their organization’s sensitive data

Question 19

Define Integrity.

Answer 19

■ Helps ensure that information and data remain accurate and unchanged from its
original state unless intentionally modified by an authorized individual
■ Verifies the accuracy and trustworthiness of data over the entire lifecycle

Question 20

Integrity is important for three main reasons. What are they?

Answer 20

■ To ensure data accuracy
■ To maintain trust
■ To ensure system operability

Question 21

To help us maintain the integrity of our data, systems, and networks, we usually utilize five methods. What are they?

Answer 21

■ Hashing
● Process of converting data into a fixed-size value.
■ Digital Signatures
● Ensure both integrity and authenticity
■ Checksums
● Method to verify the integrity of data during transmission
■ Access Controls
● Ensure that only authorized individuals can modify data and this reduces
the risk of unintentional or malicious alterations
■ Regular Audits
● Involve systematically reviewing logs and operations to ensure that only
authorized changes have been made, and any discrepancies are
immediately addressed

Question 22

Define Availability.

Answer 22

■ Ensure that information, systems, and resources are accessible and operational
when needed by authorized users

Question 23

As cybersecurity professionals, we value availability since it can help us with what three points.

Answer 23

■ Ensuring Business Continuity
■ Maintaining Customer Trust
■ Upholding an Organization’s Reputation

Question 24

To overcome the challenges associated with maintaining availability, the best strategy is to use redundancy in your systems and network designs is what?

Answer 24

■ Redundancy
● Duplication of critical components or functions of a system with the intention of enhancing its reliability

Question 25

There are various types of redundancy you need to consider when designing your systems and networks. What are they?

Answer 25

■ Server Redundancy
● Involves using multiple servers in a load balanced or failover configuration
so that if one is overloaded or fails, the other servers can take over the
load to continue supporting your end users
■ Data Redundancy
● Involves storing data in multiple places
■ Network Redundancy
● Ensures that if one network path fails, the data can travel through
another route
■ Power Redundancy
● Involves using backup power sources, like generators and UPS systems

Question 26

Non-repudiation focuses on what?

Answer 26

■ Focused on providing undeniable proof in the world of digital transactions
■ Security measure that ensures individuals or entities involved in a
communication or transaction cannot deny their participation or the authenticity
of their actions

Question 27

Digital Signatures is what and how is it created?

Answer 27

■ Considered to be unique to each user who is operating within the digital domain
■ Created by first hashing a particular message or communication that you want to digitally sign, and then it encrypts that hash digest with the user’s private key using asymmetric encryption

Question 28

Non-repudiation is important for three main reasons. What are they?

Answer 28

■ To confirm the authenticity of digital transactions
■ To ensure the integrity of critical communications
■ To provide accountability in digital processes

Question 29

Define Authentication

Answer 29

■ Security measure that ensures individuals or entities are who they claim to be
during a communication or transaction

Question 30

name and define 5 commonly used authentication methods.

Answer 30

■ Something you know (Knowledge Factor)
● Relies on information that a user can recall
■ Something you have (Possession Factor)
● Relies on the user presenting a physical item to authenticate themselves
■ Something you are (Inherence Factor)
● Relies on the user providing a unique physical or behavioral characteristic
of the person to validate that they are who they claim to be
■ Something you do (Action Factor)
● Relies on the user conducting a unique action to prove who they are
■ Somewhere you are (Location Factor)
● Relies on the user being in a certain geographic location before access is
granted

Question 31

What is Multi-Factor Authentication System (MFA)

Answer 31

■ Security process that requires users to provide multiple methods of identification
to verify their identity

Question 32

Authentication is critical to understand for what reasons?

Answer 32

■ To prevent unauthorized access
■ To protect user data and privacy
■ To ensure that resources are accessed by valid users only

Question 33

Define Authorization

Answer 33

■ Pertains to the permissions and privileges granted to users or entities after they
have been authenticated

Question 34

Authorization mechanisms are important to help us. Why

Answer 34

■ To protect sensitive data
■ To maintain the system integrity in our organizations
■ To create a more streamlined user experience

Question 35

Define Accounting

Answer 35

■ Security measure that ensures all user activities during a communication or
transaction are properly tracked and recorded

Question 36

Your organization should use a robust accounting system so that you can create and do what 5 things?

Answer 36

■ Create an audit trail
● Provides a chronological record of all user activities that can be used to
trace changes, unauthorized access, or anomalies back to a source or
point in time
■ Maintain regulatory compliance
● Maintains a comprehensive record of all users’ activities
■ Conduct forensic analysis
● Uses detailed accounting and event logs that can help cybersecurity
experts understand what happened, how it happened, and how to
prevent similar incidents from occurring again
■ Perform resource optimization
● Organizations can optimize system performance and minimize costs by
tracking resource utilization and allocation decisions
■ Achieve user accountability
● Thorough accounting system ensures users’ actions are monitored and
logged , deterring potential misuse and promoting adherence to the
organization’s policies

Question 37

To perform accounting, we usually use different technologies like what?

Answer 37

■ Syslog Servers
● Used to aggregate logs from various network devices and systems so that
system administrators can analyze them to detect patterns or anomalies
in the organization’s systems
■ Network Analysis Tools
● Used to capture and analyze network traffic so that network
administrators can gain detailed insights into all the data moving within a
network
■ Security Information and Event Management (SIEM) Systems
● Provides us with a real-time analysis of security alerts generated by
various hardware and software infrastructure in an organization

Question 38

What are the 4 Broad Categories of Security Controls

Answer 38

■ Technical Controls
● Technologies, hardware, and software mechanisms that are implemented
to manage and reduce risks
■ Managerial Controls
● Sometimes also referred to as administrative controls
● Involve the strategic planning and governance side of security
■ Operational Controls
● Procedures and measures that are designed to protect data on a
day-to-day basis
● Are mainly governed by internal processes and human actions
■ Physical Controls
● Tangible, real-world measures taken to protect assets

Question 39

What are the 6 Basic Types of Security Controls

Answer 39

■ Preventive Controls
● Proactive measures implemented to thwart potential security threats or
breaches
■ Deterrent Controls
● Discourage potential attackers by making the effort seem less appealing
or more challenging
■ Detective Controls
● Monitor and alert organizations to malicious activities as they occur or shortly thereafter
■ Corrective Controls
● Mitigate any potential damage and restore our systems to their normal
state
■ Compensating Controls
● Alternative measures that are implemented when primary security
controls are not feasible or effective
■ Directive Controls
● Guide, inform, or mandate actions
● Often rooted in policy or documentation and set the standards for
behavior within an organization

Question 40

What is Gap Analysis

Answer 40

■ Process of evaluating the differences between an organization’s current
performance and its desired performance

Question 41

There are several steps involved in conducting a gap analysis what are they?

Answer 41

■ Define the scope of the analysis
■ Gather data on the current state of the organization
■ Analyze the data to identify any areas where the organization’s current
performance falls short of its desired performance
■ Develop a plan to bridge the gap

Question 42

2(3) Basic Types of Gap Analysis. What are they?

Answer 42

■ Technical Gap Analysis
● Involves evaluating an organization’s current technical infrastructure
● identifying any areas where it falls short of the technical capabilities
required to fully utilize their security solutions
■ Business Gap Analysis
● Involves evaluating an organization’s current business processes
● Identifying any areas where they fall short of the capabilities required to
fully utilize cloud-based solutions
■ Plan of Action and Milestones (POA&M)
● Outlines the specific measures to address each vulnerability
● Allocate resources
● Set up timelines for each remediation task that is needed

Question 43

What is Zero Trust

Answer 43

○ Zero Trust demands verification for every device, user, and transaction within the
network, regardless of its origin

Question 44

To create a zero trust architecture, we need to use two different planes. What are they and what do they involve?

Answer 44

■ Control Plane
● Refers to the overarching framework and set of components responsible
for defining, managing, and enforcing the policies related to user and
system access within an organization
● Control Plane typically encompasses several key elements
○ Adaptive Identity
■ Relies on real-time validation that takes into account the
user’s behavior, device, location, and more ○ Threat Scope Reduction
■ Limits the users’ access to only what they need for their
work tasks because this reduces the network’s potential
attack surface
■ Focused on minimizing the “blast radius” that could occur
in the event of a breach
○ Policy-Driven Access Control
■ Entails developing, managing, and enforcing user access
policies based on their roles and responsibilities
○ Secured Zones
■ Isolated environments within a network that are designed
to house sensitive data
■ Data Plane
● Ensures the policies are properly executed
● Data plane consists of the following
○ Subject/System
■ Refers to the individual or entity attempting to gain access
○ Policy Engine
■ Cross-references the access request with its predefined
policies
○ Policy Administrator
■ Used to establish and manage the access policies
○ Policy Enforcement Point
■ Where the decision to grant or deny access is actually
execute