Section 1: Fundamentals Of Security

Question 1

Information security

Answer 1

Protecting data and information from unauthorized access, modification,disruption,disclosure , and destruction

Question 2

Information systems security

Answer 2

Protecting the systems (computers, servers, network devices) that hold and process critical data.

Question 3

CIA Triad

Answer 3

Confidentiality
Integrity
Availability:

Question 4

CIANA Pentagon

Answer 4

Extension of the CIA Triad with the addition of:
Non-Repudiation
Authentication

Question 5

Triple A’s of Security (AAA Model)

Answer 5

Authentication
Authorization
Accounting

Question 6

Zero Trust Model

Answer 6

Operates on the principle that no one should be trusted by default

Question 7

Control Plane

Answer 7

Adaptive identity, threat scope reduction, policy-driven access control, secured zones.

Question 8

Data Plane

Answer 8

Subject/system, policy engine, policy administrator, policy enforcement points

Question 9

Security Control Categories

Answer 9

Technical Controls
Managerial Controls
Operational Controls
Physical Controls

Question 10

Security Control Types

Answer 10

Preventive: Stops attacks before they happen.

Deterrent: Discourages malicious activity.

Detective: Identifies security incidents.

Corrective: Restores systems after an incident.

Compensating: Alternative measures when primary controls aren’t feasible.

Directive: Enforces organizational policies and compliance.

Question 11

Threats & Vulnerabilities

Answer 11

Threat: Anything that could cause harm, loss, damage, or compromise to IT systems.

Vulnerability: Any weakness in the system design or implementation, originating from internal factors.

Question 12

Risk Management

Answer 12

Finding different ways to minimize the likelihood of an outcome and achieve the desired outcome.

Question 13

Gap Analysis

Answer 13

Evaluating the differences between an organization’s current and desired performance.

Question 14

Types of Gap Analysis

Answer 14

Technical Gap Analysis
Business Gap Analysis

Question 15

Plan of Action and Milestones (POA&M)

Answer 15

Outlines measures to address vulnerabilities, allocate resources, and set timelines.

Question 16

Confidentiality

Answer 16

Protecting information from unauthorized access and disclosure

Question 17

Methods of Confidentiality

Answer 17

Encryption
Access Controls
Data Masking
Physical Security Measures
Training & Awareness

Question 18

Integrity

Answer 18

Ensuring data remains accurate and unaltered unless intentionally modified by an authorized individual.

Question 19

Methods of Integrity

Answer 19

Hashing
Digital Signatures
Checksums
Access Controls
Regular Audits

Question 20

Availability

Answer 20

Ensuring that information, systems, and resources are accessible when needed.

Question 21

Redundancy Types of Availabilty

Answer 21

Server Redundancy
Data Redundancy
Network Redundancy
Power Redundancy

Question 22

Non-Repudiation

Answer 22

Providing undeniable proof in digital transactions, ensuring individuals/entities cannot deny their participation.

Question 23

Method of Non-Repudiation

Answer 23

Digital Signatures

Question 24

Authentication

Answer 24

Security measure ensuring individuals/entities are who they claim to be.

Question 25

Method of Authentication

Answer 25

Knowledge Factor (Something you know) Possession Factor (Something you have) Inherence Factor (Something you are) Action Factor (Behavioral biometrics) Location Factor (Where you are) Multi-Factor Authentication (MFA) (Combining multiple factors)

Question 26

Authorization

Answer 26

The permissions and privileges granted to users after authentication.

Question 27

Accounting

Answer 27

Ensuring all user activities are properly tracked and recorded

Question 28

Technology of Accounting

Answer 28

Syslog Servers Network Analysis Tools Security Information and Event Management (SIEM) Systems