Fundamentals of Security

Question 1

Ensures information and resources are accessible when needed. (e.g., redundancy measures)

Answer 1

Availability

Question 2

Ensures data remains accurate and unaltered. (e.g., checksums)

Answer 2

Integrity

Question 3

Ensures information is accessible only to authorized personnel. (e.g., encryption)

Answer 3

Confidentiality

Question 4

Protecting the systems (e.g., computers, servers, network devices) that hold and process critical data.

Answer 4

Information Systems Security

Question 5

Protecting data and information from unauthorized access, modification, disruption, disclosure, and destruction.

Answer 5

Information Security

Question 6

Guarantees that an action or event cannot be denied by the involved parties

Example: digital signatures

Answer 6

Non-Repudiation

Question 7

An extension of the CIA triad with the addition of non-repudiation and authentication.

Answer 7

CIANA Pentagon

Question 8

Authentication, Authorization, Accounting.

Answer 8

Triple A’s

Question 9

Verifying the identity of a user or system (e.g., password checks).

Answer 9

Authentication

Question 10

Determining actions or resources an authenticated user can access (e.g., permissions).

Answer 10

Authorization

Question 11

Tracking user activities and resource usage for audit or billing purposes.

Answer 11

Accounting

Question 12

Technical, Managerial, Operational, Physical.

Answer 12

Security Control Categories

Question 13

Preventative, Deterrent, Detective, Corrective, Compensating, Directive.

Answer 13

Security Control Types

Question 14

Operates on the principle that no one should be trusted by default.

Answer 14

Zero Trust Model

Question 15

Adaptive identity, threat scope reduction, policy-driven access control, and secured zones.

Answer 15

Control Plane

Question 16

Subject/system, policy engine, policy administrator, and establishing policy enforcement points.

Answer 16

Data Plane

Question 17

Anything that could cause harm, loss, damage, or compromise to our information technology systems.

Answer 17

information technology systems

Question 18

What are some sources of threats?

Answer 18

Natural disasters, cyber-attacks, data integrity breaches, and disclosure of confidential information.

Question 19

What is a vulnerability in a system?

Answer 19

Any weakness in the system design or implementation.

Question 20

What are some internal factors that can cause vulnerabilities?

Answer 20

Software bugs
Misconfigured software
Improperly protected network devices
Missing security patches
Lack of physical security.

Question 21

Finding different ways to minimize the likelihood of an outcome and achieve the desired outcome.

Answer 21

Risk Management

Question 22

What does Confidentiality refer to?

Answer 22

The protection of information from unauthorized access and disclosure.

Question 23

Why is Confidentiality important?

Answer 23

It is important to protect personal privacy, maintain a business advantage, and achieve regulatory compliance.

Question 24

What are the five basic methods to ensure confidentiality?

Answer 24

1. Encryption
2. Access Controls
3. Data Masking
4. Physical Security Measures
5. Training and Awareness

Question 25

The process of converting data into a code to prevent unauthorized access.

Answer 25

Encryption

Question 26

Setting up strong user permissions to ensure that only authorized personnel can access certain types of data.

Answer 26

Access Controls

Question 27

a technique where sensitive information is replaced with fake data to protect confidentiality while still allowing data to be used for purposes like testing or analytics.

Answer 27

Data Masking

Question 28

designed to protect physical assets, such as hardware, data centers, and network equipment, from unauthorized access, theft, or damage.

Answer 28

Physical Security Measures

Question 29

educate individuals on identifying and avoiding cyber threats, promoting a safer online environment.

Answer 29

Training and Awareness

Question 30

information and data remain accurate and unchanged from its original state

Answer 30

Integrity

Question 31

What does integrity verify?

Answer 31

Accuracy and Trustworthiness of Data

Question 32

Integrity is important for three main reasons:

Answer 32

1. To ensure data accuracy 2. To maintain trust 3. To ensure system operability.

Question 33

Process of converting data into a fixed-size value.

Answer 33

hashing

Question 34

They ensure both integrity and authenticity.

Answer 34

digital signatures

Question 35

A method to verify the integrity of data during transmission.

Answer 35

checksum

Question 36

Measures that ensure only authorized individuals can modify data, reducing the risk of unintentional or malicious alterations.

Answer 36

access controls

Question 37

Systematically reviewing logs and operations to ensure that only authorized changes have been made, and addressing any discrepancies immediately.

Answer 37

regular audits

Question 38

ensures that information, systems, and resources are accessible and operational when needed by authorized users.

Answer 38

availability

Question 39

the practice of duplicating critical components or systems to ensure continuous operation and minimize downtime in the event of a failure

Answer 39

Redundancy

Question 40

the practice of deploying duplicate servers and infrastructure components to minimize downtime and data loss

Answer 40

Server Redundancy

Question 41

Involves storing data in multiple places

Answer 41

Data Redundancy

Question 42

Ensures that if one network path fails, the data can travel through

Answer 42

Network Redundancy

Question 43

Involves using backup power sources, like generators and UPS systems

Answer 43

Power Redundancy

Question 44

a principle that prevents individuals from denying they performed a specific action or created a digital communication

Answer 44

Non-repudiation

Question 45

Considered to be unique to each user who is operating within the digital domain

Answer 45

Digital Signatures

Question 46

Non-repudiation is important for three main reasons

Answer 46

To confirm the authenticity of digital transactions To ensure the integrity of critical communications To provide accountability in digital processes

Question 47

Security measure that ensures individuals or entities are who they claim to be during a communication or transaction.

Answer 47

authentication

Question 48

Relies on information that a user can recall.

Answer 48

Knowledge Factor

Question 49

Relies on the user presenting a physical item to authenticate themselves.

Answer 49

Possession Factor

Question 50

Relies on the user providing a unique physical or behavioral characteristic to validate their identity.

Answer 50

Inherence Factor

Question 51

Relies on the user conducting a unique action to prove who they are.

Answer 51

Action Factor

Question 52

Relies on the user being in a certain geographic location before access is granted.

Answer 52

Location Factor

Question 53

Security process that requires users to provide multiple methods of identification to verify their identity.

Answer 53

Multi-Factor Authentication (MFA)

Question 54

Authentication is critical to understand because of the following

Answer 54

■ To prevent unauthorized access ■ To protect user data and privacy ■ To ensure that resources are accessed by valid users only

Question 55

Pertains to the permissions and privileges granted to users or entities after they have been authenticated

Answer 55

Authorization

Question 56

Security measure that ensures all user activities during a communication or transaction are properly tracked and recorded

Answer 56

Accounting

Question 57

Provides achronological record of all user activities that can be used to trace changes, unauthorized access, or anomalies back to a source or point in time

Answer 57

Create an audit trail

Question 58

Technologies, hardware, and software mechanisms that are implemented to manage and reduce risks.

Answer 58

Technical Controls

Question 59

Sometimes also referred to as administrative controls, they involve the strategic planning and governance side of security.

Answer 59

Managerial Controls

Question 60

Procedures and measures that are designed to protect data on a day-to-day basis They are mainly governed by internal processes and human actions.

Answer 60

Operational Controls

Question 61

Tangible, real-world measures taken to protect assets.

Answer 61

Physical Controls