Fundamentals of Security

Question 1

Fundamentals of Security

Information Security

Fundamentals of Security

Answer 1

Protecting data and information from unauthorized access, modification, disruption, disclosure, and destruction

Question 2

Fundamentals of Security

Information Systems Security

Fundamentals of Security

Answer 2

Protecting the systems (computers, servers, network devices) that hold and process critical data

Question 3

Fundamentals of Security

Confidentiality

CIA Triad:

Fundamentals of Security

Answer 3

Ensures information is accessible only to authorized personnel (e.g., encrytpion)

Question 4

Fundamentals of Security

Integrity

CIA Triad:

Fundamentals of Security

Answer 4

Ensures data remains accurate and unaltered (e.g., checksums)

Question 5

Fundamentals of Security

Availability

CIA Triad:

Fundamentals of Security

Answer 5

Ensures information and resources are accessible when needed (e.g., redundancy measures)

Question 6

Fundamentals of Security

Non-Repudiation

Fundamentals of Security

Answer 6

Guarantees that an action or even cannot be denired by the involved parties (e.g., digital signatures)

Question 7

Fundamentals of Security

CIANA Pentagon

Fundamentals of Security

Answer 7

Extension of the CIA Triad with the addition non-repudiation and authentication

Question 8

Fundamentals of Security

Authentication

AAA’s of Security:

Fundamentals of Security

Answer 8

Verifying the identity of a user or system (e.g., password checks)

Question 9

Fundamentals of Security

Authorization

AAA’s of Security:

Fundamentals of Security

Answer 9

Determining actions or resources am authenticated user can access (e.g., permissions)

Question 10

Fundamentals of Security

Accounting

AAA’s of Security:

Fundamentals of Security

Answer 10

Tracking user activities and resource usage for audit or billing purposes

Question 11

Fundamentals of Security

Security Control Categories

Fundamentals of Security

Answer 11

• Technical
• Managerial
• Operational
• Physical

Question 12

Fundamentals of Security

Security Control Types

Fundamentals of Security

Answer 12

• Preventative
• Deterrent
• Detective
• Corrective
• Compensating
• Directive

Question 13

Fundamentals of Security

Zero Trust Model

Fundamentals of Security

Answer 13

Operates on the principle that no one should be trusted by default

Question 14

Fundamentals of Security

Control Plane

Fundamentals of Security

Answer 14

Adaptive identity, threat scope reduction, policy driven access control, and secured zones

Question 15

Fundamentals of Security

Data Plane

Fundamentals of Security

Answer 15

Subject/system, policy engine, policy administrator, and establishing policy enforcement points

Question 16

Fundamentals of Security

Threat

Threats & Vulnerabilities

Answer 16

Anything that could cause harm, loss, damage, or compromise to our IT systems (External)

Can come from…
- Natural disasters
- Cyber-attacks
- Data integrity breaches
- Disclosure of confidential information

Question 17

Fundamentals of Security

Vulnerability

Threats & Vulnerabilities

Answer 17

Any weakness IN the system design or implementation (Internal)

Can come from…
- Software bugs
- Misconfigured software
- Improperly protected network drives
- Missing security patches
- Lack of physical security

Question 18

Fundamentals of Security

Risk Management

Threats & Vulnerabilities

Answer 18

Finiding different ways to minimize the likelihood of an outcome and achieve the desired outcome

Question 19

Fundamentals of Security

Confidentiality

Confidentiality

Answer 19

• The protection of information from unauthorized access and disclosure
• Esure that private or sensitive information is not available or disclosed to unauthorized individuals, entities, or processes

Question 20

Fundamentals of Security

Confidentiality is important for 3 reasons…

Confidentiality

Answer 20

1. To protect personal privacy
2. To maintain a business advantage
3. To achieve regulatory compliance

Question 21

Fundamentals of Security

To ensure confidentiality, five basic methods are used…

Confidentiality

Answer 21

1. Encyrption
2. Access Controls
3. Data Masking
4. Physical Security Measures
5. Training and Awareness

Question 22

Fundamentals of Security

Encryption

Five methods used to ensure confidentiality

Confidentiality

Answer 22

Process of converting data into a code to prevent unauthorized access

(Confidentiality = Encryption) !!

Question 23

Fundamentals of Security

Access Controls

Five methods used to ensure confidentiality

Confidentiality

Answer 23

By setting up strong user permissions, you can ensure that only authorized personnel can access certain types of data

(e.g., Username and Password)

Question 24

Fundamentals of Security

Physical Security Measures

Five methods used to ensure confidentiality

Confidentiality

Answer 24

Ensures confidentiality for both physical and digital types of data

(Locks on rooms containing servers/locking file cabinets)

Question 24

# Fundamentals of Security Data Masking | Five methods used to ensure confidentiality ## Footnote Confidentiality

Answer 24

Involves obscuring data within a database to make it inaccessible for unauthorized users while retaining the real data's authenticity and use for authorized users | (User's last 4 digits of a credit card number) (**** **** **** 1234)

Question 25

# Fundamentals of Security Training & Awareness | Five methods used to ensure confidentiality ## Footnote Confidentiality

Answer 25

Conduct regular training on the security awareness best practices that employees can use to protect their organization's sensitive data