Fundamentals of Security

Question 1

What is Information Security?

Answer 1

Protecting data and information from unauthorized access, modification, disruption, disclosure, and destruction.

Question 2

What is Information Systems Security?

Answer 2

Protecting the systems (e.g., computers, servers, network devices) that hold and process critical data.

Question 3

What does the CIA Triad stand for?

Answer 3

Confidentiality, Integrity, Availability.

Question 4

What is Confidentiality?

Answer 4

Ensures information is accessible only to authorized personnel (e.g., encryption).

Question 5

What is Integrity?

Answer 5

Ensures data remains accurate and unaltered (e.g., checksums).

Question 6

What is Availability?

Answer 6

Ensures information and resources are accessible when needed (e.g., redundancy measures).

Question 7

What is Non-Repudiation?

Answer 7

Guarantees that an action or event cannot be denied by the involved parties (e.g., digital signatures).

Question 8

What is the CIANA Pentagon?

Answer 8

An extension of the CIA triad with the addition of non-repudiation and authentication.

Question 9

What are the Triple A’s of Security?

Answer 9

Authentication, Authorization, Accounting.

Question 10

What is Authentication?

Answer 10

Verifying the identity of a user or system (e.g., password checks).

Question 11

What is Authorization?

Answer 11

Determining actions or resources an authenticated user can access (e.g., permissions).

Question 12

What is Accounting?

Answer 12

Tracking user activities and resource usage for audit or billing purposes.

Question 13

What are the Security Control Categories?

Answer 13

Technical, Managerial, Operational, Physical.

Question 14

What are the Security Control Types?

Answer 14

Preventative, Deterrent, Detective, Corrective, Compensating, Directive.

Question 15

What is the Zero Trust Model?

Answer 15

Operates on the principle that no one should be trusted by default.

Question 16

What is the Control Plane in Zero Trust?

Answer 16

Adaptive identity, threat scope reduction, policy-driven access control, and secured zones.

Question 17

What is the Data Plane in Zero Trust?

Answer 17

Subject/system, policy engine, policy administrator, and establishing policy enforcement points.

Question 18

What is a Threat?

Answer 18

Anything that could cause harm, loss, damage, or compromise to our information technology systems.

Question 19

What is a Vulnerability?

Answer 19

Any weakness in the system design or implementation.

Question 20

What is Risk Management?

Answer 20

Finding different ways to minimize the likelihood of an outcome and achieve the desired outcome.

Question 21

What is Confidentiality in security?

Answer 21

Refers to the protection of information from unauthorized access and disclosure.

Question 22

Why is Confidentiality important?

Answer 22

To protect personal privacy, maintain a business advantage, and achieve regulatory compliance.

Question 23

What are methods to ensure Confidentiality?

Answer 23

Encryption, Access Controls, Data Masking, Physical Security Measures, Training and Awareness.

Question 24

What is Integrity in security?

Answer 24

Helps ensure that information and data remain accurate and unchanged from its original state.

Question 25

Why is Integrity important?

Answer 25

To ensure data accuracy, maintain trust, and ensure system operability.

Question 26

What are methods to maintain Integrity?

Answer 26

Hashing, Digital Signatures, Checksums, Access Controls, Regular Audits.

Question 27

What is Availability in security?

Answer 27

Ensure that information, systems, and resources are accessible and operational when needed.

Question 28

Why is Availability important?

Answer 28

Ensuring Business Continuity, Maintaining Customer Trust, Upholding an Organization's Reputation.

Question 29

What is Redundancy?

Answer 29

Duplication of critical components or functions of a system to enhance its reliability.

Question 30

What are types of Redundancy?

Answer 30

Server Redundancy, Data Redundancy, Network Redundancy, Power Redundancy.

Question 31

What is Non-repudiation?

Answer 31

Focused on providing undeniable proof in the world of digital transactions.

Question 32

What are Digital Signatures?

Answer 32

Unique to each user, created by hashing a message and encrypting it with the user’s private key.

Question 33

Why is Non-repudiation important?

Answer 33

To confirm the authenticity of digital transactions, ensure integrity of communications, and provide accountability.

Question 34

What is Authentication?

Answer 34

Ensures individuals or entities are who they claim to be during a communication or transaction.

Question 35

What are common Authentication methods?

Answer 35

Something you know, Something you have, Something you are, Something you do, Somewhere you are.

Question 36

What is Multi-Factor Authentication (MFA)?

Answer 36

Security process that requires users to provide multiple methods of identification.

Question 37

Why is Authentication critical?

Answer 37

To prevent unauthorized access, protect user data and privacy, and ensure valid user access.

Question 38

What is Authorization?

Answer 38

Pertains to the permissions and privileges granted to users after authentication.

Question 39

Why are Authorization mechanisms important?

Answer 39

To protect sensitive data, maintain system integrity, and create a streamlined user experience.

Question 40

What is Accounting?

Answer 40

Ensures all user activities during a communication or transaction are properly tracked and recorded.

Question 41

What should a robust accounting system provide?

Answer 41

Create an audit trail, maintain regulatory compliance, conduct forensic analysis, perform resource optimization, achieve user accountability.

Question 42

What are the 4 Broad Categories of Security Controls?

Answer 42

Technical Controls, Managerial Controls, Operational Controls, Physical Controls.

Question 43

What are the 6 Basic Types of Security Controls?

Answer 43

Preventive Controls, Deterrent Controls, Detective Controls, Corrective Controls, Compensating Controls, Directive Controls.

Question 44

What is Gap Analysis?

Answer 44

Process of evaluating the differences between an organization's current performance and its desired performance.

Question 45

What are the steps involved in conducting a Gap Analysis?

Answer 45

Define the scope, gather data, analyze data, develop a plan to bridge the gap.

Question 46

What are the 2 Basic Types of Gap Analysis?

Answer 46

Technical Gap Analysis, Business Gap Analysis.

Question 47

What is the Plan of Action and Milestones (POA&M)?

Answer 47

Outlines specific measures to address each vulnerability, allocate resources, and set up timelines.