Objective 1.2

Question 1

CIA Triad

Answer 1

C - Confidentiality
I - Integrity
A - Availability

Question 2

Ensures that information is only accessible to those with the appropriate authorization. (Ex: encryption)

Answer 2

Confidentiality

Question 3

\\\\\\\\\\\\\\\\\\

Ensures the data remains accurate and unaltered unless modification is required. (Ex: checksums, hashing)

Answer 3

Integrity

Question 4

Ensures that information resources are accessible and functional when needed by authorized users. (ex: website up and running all the time regardless the traffic it’s receiving.)

Answer 4

Availability

Question 5

2 new elements to CIA triad making it a pentagon

Answer 5

N - Non-repudiation
A - Authentication
CIANA

Question 6

Guaranteeing that specific action or event has taken place and cannot be denied by the parties involved. (Ex: A digitally signed email. That’s going to ensure that I cannot deny sending you that particular message because my digital signature is attached to it)

Answer 6

Non-repudiation

Question 7

Process of verifying the identity of a user or system.

Answer 7

Authentication

Question 8

AAA

Answer 8

Authentication
Authorization
Accounting

Question 9

Process of verifying the identity of a user or system.

Answer 9

Authentication

Question 10

Defines what actions or resources a user can access.

Answer 10

Authorization

Question 11

Act of tracking user activities and resources usage, typically for audit or billing purpose.

Answer 11

Accounting

Question 12

Measures or mechanisms put in place to mitigate risks and protect the confidentiality, integrity, and availability of information systems and data.

Answer 12

Security Controls

Question 13

Security Controls Categories

Answer 13

Technical
Managerial
Operational
Physical

Question 14

Types of Security Controls

Answer 14

Preventative
Deterrent
Detective
Corrective
Compensating
Directive

Question 15

Security model that operates on the principle that no one, whether inside or outside the organization, should be trusted by default.

Answer 15

Zero Trust

Question 16

ZeroTrust: ???

Consists of adaptative identity, threat scope reduction, policy-driven access control, and secured zones.

Answer 16

.ZeroTrust: Control Plane

Question 17

ZeroTrust: ???

Focused on the subject/system, policy engine, policy administrator, and establishing policy enforcement points.

Answer 17

ZeroTrust: Data Plane

Question 18

Confidentiality importance

Answer 18

1. Protect personal privacy
2. Maintaint a business advantage
3. Achieve a regulatory compliance

Question 19

5 methods to achieve CONFIDENTIALITY

Answer 19

1. Encryption
2. Access Control
3. Data Masking
4. Physical Secutiry Measures
5. Training and Awareness

Question 20

Ensure only authorized personnel can access certain types of data

Answer 20

Access Controls

Question 21

Process of converting data into code to prevent unathorized access

Answer 21

Encryption

Question 22

Method that involves obscuring data within a database to make it inacessible for unauthorized users while retaining the real data’s authencity and use for authorized users.

Answer 22

Data Masking

Question 23

Used to ensure confidentiality for physical types of data and for digital information contained on servers and workstations.

Answer 23

Physical Security Measures

Question 24

Conduct regular training on the security awareness best practices that employees can use to protect the organization’s sesitive data.

Answer 24

Training and Awareness

Question 25

most important thing linked to Confidentiality

Answer 25

**ENCRYPTION**

Question 26

Integrity importance

Answer 26

1. Ensure **DATA ACCURACY** 2. Maintain **TRUST** 3. Maintain **SYSTEM OPERABILITY**

Question 27

5 methods to achieve INTEGRITY

Answer 27

1. Hashing 2. Digital Signatures 3. Checksums 4. Access Controls 5. Regular Audits

Question 28

Process of **converting data into fixed-size value**.

Answer 28

Hashing

Question 29

most important thing linked to Integrity

Answer 29

**HASHING**

Question 30

[Hashing] The result of hashing function is called...

Answer 30

Hash Digest

Question 31

[Hashing] The Hash Digest will almost serve like a...

Answer 31

Digital Fingerprint

Question 32

Use **encryption to ensure integrity and authencity**.

Answer 32

Digital Signatures

Question 33

[Digital Sign.] How is the process of digitally sign a file?

Answer 33

1. Hash the file (**Integrity**) 2. Hash Digest is Encrypted using users private key (**Authencity**) Now this data is digitally signed and any alterations in the file will drastically change the file's hash, wich in turn, would invalidate that digital signature.

Question 34

Method to **verify the integrity of data during transmission**

Answer 34

Checksums

Question 35

**Ensure that only authorized individuals can modify data** and reduce the risk of unintentional or malicious alterations.

Answer 35

Access Controls

Question 36

Involve **reviewing logs and operations to ensure that only authorized changes have been made** and any discrepancies are addressed.

Answer 36

Regular Audits

Question 37

Availability importance

Answer 37

1. Ensure **business continuity**. 2. Maintaining **customer trust**. 3. Upholding an **organization's reputation**.

Question 38

most important thing linked to Availability

Answer 38

**REDUNDANCY**

Question 39

4 methods to achieve AVAILABILITY

Answer 39

1. Server Redundancy 2. Data Redundancy 3. Network Redundancy 4. Power Redundancy

Question 40

Involves using **multiple servers in a load balancer** so that if one is overloaded or fails, the other servers can take over the load to continue supporting end users.

Answer 40

Server Redundancy

Question 41

Involves **storing data in multiple places**.

Answer 41

Data Redundancy

Question 42

Ensures **if one network path fails, the data can travel through another route.**

Answer 42

Network Redundancy

Question 43

Involves using **backup power sources – like generations and uninterrupted powersupplies – to ensure that an organization's systems remain operational** during periods of power disruption or outages within a local service area.

Answer 43

Power Redundancy

Question 44

Non-repudiation importance

Answer 44

1. **Confirming authenticity** of digital transactions. 2. **Ensuring integrity**. 3. **Providing accountability**.

Question 45

most important thing linked to Non-repudiation

Answer 45

**DIGITAL SIGNATURES**

Question 46

Authentication methods

Answer 46

1. smth you know 2. smth you have 3. smth you are 4. smth yo do 5. swh you are

Question 47

Relies on **information that a user can recall**.

Answer 47

Smth you know (Knowledge Factor)

Question 48

Relies on the user presenting a **physical item to autheticate themselves**.

Answer 48

Smth you have (Possession Factor)

Question 49

**Relies on the user providing a unique physical or behaviorial characteristic** of the person to validate that they are who they claim to be.

Answer 49

Smth you are (Inherence Factor)

Question 50

Relies on the user conducting a unique **action to prove who they are**.

Answer 50

Smth you do (Action Factor)

Question 51

Relies on the **user being in the certain geographic location** before access is granted.

Answer 51

Swh you are (Location Factor)

Question 52

2 autentication methods.

Answer 52

**2FA** - Two Factor Authentication

Question 53

2 or more autentication methods.

Answer 53

**MFA** - Multi Factor Authentication

Question 54

Importance of Authentication

Answer 54

1. Prevent **unauthorized access**. 2. Protect user **data privacy**. 3. Ensure **resource validity**.

Question 55

most important thing linked to Authentication

Answer 55

**MFA** - Multi Factor Authentication

Question 56

[Authetication] Knowledge Factor

Answer 56

Smth you know Ex: login and password.

Question 57

[Authetication] Possession Factor

Answer 57

Smth you have Ex: OTP (One Time Password)

Question 58

[Authetication] Inherence Factor

Answer 58

Smth you are Ex: Iris or fingerprint.

Question 59

[Authetication] Action Factor

Answer 59

Smth you do Ex: handwriten samples.

Question 60

[Authetication] Location Factor

Answer 60

Swh you are Ex: Just open the door if you are within 20meters.

Question 61

Which are the types of Authorization mechanisms controls?

Answer 61

* role-based * rule-based * attribute-based

Question 62

Importance of Authorization

Answer 62

1. **Protect sesitive data** 2. **Maintain system integrity** in organizations 3. Create more **streamlined user experiences**

Question 63

Importance of ACCOUNTING

Answer 63

1. Logging into the system 2. Accessing files 3. Modifying configuration settings 4. Downloading or installing software 5. Attempting unauthorized actions on systems and networks

Question 64

5 things to a robust audit system

Answer 64

1. Audit Trail 2. Regulatory Compliance 3. Forensic Analysis 4. Resource Optimization 5. User Accountability

Question 65

[Accounting] Provides a chronological record of all user activities that can be used to trace changes, unauthorized access, or anomalies back to a specific user or point in time.

Answer 65

Audit Trail

Question 66

[Accounting] Maintains a comprehensive record of all the users' activities.

Answer 66

Regulatory Compliance

Question 67

[Accounting] Uses detailed accounting and event logs that can help cybersecurity experts understand what happened , how it happened, and how to prevent similar incidents from ocurring again in the future.

Answer 67

Forensic Analysis

Question 68

[Accounting] Organization can ........... system performance and minimize costs by tracking ........... utilization and allocation decisions.

Answer 68

Resource Optimization

Question 69

[Accounting] Thorough accounting system ensures users' actions are monitored and logged, deterring potential misuse and promoting adherence to the organization's policies.

Answer 69

User Accountability

Question 70

Tools related to Accountability

Answer 70

* Syslog servers * Network analysis tools * SIEMs (Security Information and Event Management systems)

Question 71

CIA Triad

Answer 71

C - Confidentiality I - Integrity A - Availability

Question 72

2 new elements to CIA triad making it a pentagon

Answer 72

N - Non-repudiation A - Authentication CIA**NA**

Question 73

most important thing linked to Confidentiality

Answer 73

**ENCRYPTION**

Question 74

most important thing linked to Integrity

Answer 74

**HASHING**

Question 75

most important thing linked to Availability

Answer 75

**REDUNDANCY**

Question 76

most important thing linked to Non-repudiation

Answer 76

**DIGITAL SIGNATURES**

Question 77

most important thing linked to Authentication

Answer 77

**MFA** - Multi Factor Authentication

Question 78

Deception and Disruption Technologies

Answer 78

* Honeypots * Honeynets * Honeyfiles * Honeytoken

Question 79

Decoy systems or servers designed to attract and deceive potential attackers, simulating real-world IT assets to study their techniques.

Answer 79

Honeypots

Question 80

Creates an entires network of decoy systems to observe complex, multi-stage attacks.

Answer 80

Honeynets

Question 81

Decoy files placed within systems to detect unauthoried access or data breaches.

Answer 81

Honeyfiles

Question 82

Fake pieces of data, like a fabricated user credential, inserted into databases or systems to alert administrators when they are accessed or used.

Answer 82

Honeytoken

Question 83

How could I learn from the different threat actors that are your network is to set up an utilized DECEPTION and DISRUPTION technologies, like?

Answer 83

- Honeypots - Honeynets - Honeyfiles - Honeytokens

Question 84

The DECEPTION and DISRUPTION technologies will log, monitor and track threat actors so that we can learn about their...... ?

Answer 84

Tactics, techniques and procedures. (TTPs)

Question 85

Designed to mislead, confuse, and divert attackers from critical assets while simultaneously detecting and neutralizing threats.

Answer 85

Deceptive and Disruption Technologies

Question 86

Decoy system or network set up to attract potential hackers. Can also be used against insider threats to detect internal fraud, snooping, and malpractice.

Answer 86

Honeypot

Question 87

Must be placed within a screened subnet or isolated segment that is easily accessed by potential attackers.

Answer 87

Honeypot

Question 88

Network of honeypots to create a more complex system that is designed to mimic an entire network of systems, including servers, routers, and switches. Also logs all activities to provide a wealth of data about successful and unsuccessful atacks.

Answer 88

Honeynets

Question 89

Have risks that the attacker could use to learn how production systems are configured

Answer 89

Honeypots and honeynets

Question 90

Decoy file placed within a system to lure potential attackers. Are typically embedded with unique identifiers or watermarks to help track if it is stolen or copied, and it is usually placed under loose or less strict defenses that files that contain sensitive data might have.

Answer 90

Honeyfiles

Question 91

Kind of files that can be used as a honeyfiles:

Answer 91

- Word-processing documents - Spreadsheets - Presentation files - Images - Database files - Executables

Question 92

Piece of data or a resource that has no legitimate value or use but is monitored for access or use. Useful for detecting insider threats.

Answer 92

Honeytokens

Question 93

An windows systems account deployed as 'admin' or 'root' just to monitor if a user would log into that account. Considering no legitimate user would ever log into that account, what kind of deception and disruptive technology we are talking about?

Answer 93

Honeytoken

Question 94

Other Deceptive and Disrution Technologies:

Answer 94

- Using bogus DNS entries - Creating decoy directories - Generating dynamic page - Using port triggering - Spoofing fake telemetry data

Question 95

Fake DNS entries introduced into a system's DNS server

Answer 95

Bogus DNS

Question 96

Fake folders and files placed within a system's storage

Answer 96

Decoy Directories

Question 97

Used in websites to present ever-changing content to web crawlers to confuse and slow down the threat actor.

Answer 97

Dynamic Page Generation

Question 98

Security mechanism where specific services or ports on a network device remain closed until a specific outbound traffic pattern is detected

Answer 98

Port Triggering

Question 99

System can respond to an attacker's network scan attempt by sending out fake data.

Answer 99

Fake Telemetry Data

Question 100

Prevent people from accessing your facilities

Answer 100

Fences

Question 101

Prevent vehicles from getting too close to your facilities

Answer 101

Bollards