Fundamentals of Security

Question 1

What is Information Security?

Answer 1

Protecting data and information from unauthorized access, modification, disruption, disclosure, and destruction.

Question 2

What is Information Systems Security?

Answer 2

Protecting the systems (e.g., computers, servers, network devices) that hold and process critical data.

Question 3

What does the CIA Triad stand for?

Answer 3

• Confidentiality
• Integrity
• Availability

Question 4

Define Confidentiality in the CIA Triad.

Answer 4

Ensures information is accessible only to authorized personnel (e.g., encryption).

Question 5

Define Integrity in the CIA Triad.

Answer 5

Ensures data remains accurate and unaltered (e.g., checksums).

Question 6

Define Availability in the CIA Triad.

Answer 6

Ensures information and resources are accessible when needed (e.g., redundancy measures).

Question 7

What is Non-Repudiation?

Answer 7

Guarantees that an action or event cannot be denied by the involved parties (e.g., digital signatures).

Question 8

What is the CIANA Pentagon?

Answer 8

An extension of the CIA triad with the addition of non-repudiation and authentication.

Question 9

What are the Triple A’s of Security?

Answer 9

• Authentication
• Authorization
• Accounting

Question 10

What is Authentication?

Answer 10

Verifying the identity of a user or system (e.g., password checks).

Question 11

What is Authorization?

Answer 11

Determining actions or resources an authenticated user can access (e.g., permissions).

Question 12

What is Accounting in security?

Answer 12

Tracking user activities and resource usage for audit or billing purposes.

Question 13

List the Security Control Categories.

Answer 13

• Technical
• Managerial
• Operational
• Physical

Question 14

List the types of Security Controls.

Answer 14

• Preventative
• Deterrent
• Detective
• Corrective
• Compensating
• Directive

Question 15

What is the Zero Trust Model?

Answer 15

Operates on the principle that no one should be trusted by default.

Question 16

What are the two planes used in Zero Trust?

Answer 16

• Control Plane
• Data Plane

Question 17

Define Threat in the context of cybersecurity.

Answer 17

Anything that could cause harm, loss, damage, or compromise to our information technology systems.

Question 18

What can be considered as sources of threats?

Answer 18

• Natural disasters
• Cyber-attacks
• Data integrity breaches
• Disclosure of confidential information

Question 19

Define Vulnerability.

Answer 19

Any weakness in the system design or implementation.

Question 20

What are internal factors contributing to vulnerabilities?

Answer 20

• Software bugs
• Misconfigured software
• Improperly protected network devices
• Missing security patches
• Lack of physical security

Question 21

What is Risk Management?

Answer 21

Finding different ways to minimize the likelihood of an outcome and achieve the desired outcome.

Question 22

What are the five basic methods to ensure Confidentiality?

Answer 22

• Encryption
• Access Controls
• Data Masking
• Physical Security Measures
• Training and Awareness

Question 23

What is Hashing?

Answer 23

Process of converting data into a fixed-size value.

Question 24

What is the importance of Integrity?

Answer 24

• To ensure data accuracy
• To maintain trust
• To ensure system operability

Question 25

What methods are used to maintain data integrity?

Answer 25

* Hashing * Digital Signatures * Checksums * Access Controls * Regular Audits

Question 26

What is the role of Redundancy in Availability?

Answer 26

Duplication of critical components or functions of a system with the intention of enhancing its reliability.

Question 27

What types of redundancy should be considered?

Answer 27

* Server Redundancy * Data Redundancy * Network Redundancy * Power Redundancy

Question 28

What is the purpose of Digital Signatures?

Answer 28

Provide undeniable proof in digital transactions.

Question 29

What are the 5 commonly used authentication methods?

Answer 29

* Something you know (Knowledge Factor) * Something you have (Possession Factor) * Something you are (Inherence Factor) * Something you do (Action Factor) * Somewhere you are (Location Factor)

Question 30

What is Multi-Factor Authentication (MFA)?

Answer 30

Security process that requires users to provide multiple methods of identification to verify their identity.

Question 31

What does Authorization pertain to?

Answer 31

Permissions and privileges granted to users or entities after they have been authenticated.

Question 32

What is the purpose of Accounting?

Answer 32

Ensures all user activities during a communication or transaction are properly tracked and recorded.

Question 33

What are the steps involved in conducting a Gap Analysis?

Answer 33

* Define the scope of the analysis * Gather data on the current state of the organization * Analyze the data to identify areas of shortfall * Develop a plan to bridge the gap

Question 34

What is a Plan of Action and Milestones (POA&M)?

Answer 34

Outlines the specific measures to address each vulnerability, allocate resources, and set up timelines for remediation tasks.