Section 2

Question 1

What is Risk Management in Cyber Security?

Answer 1

• Provide continuity of service to end users
• Maintain security of systems
• Protect from data breaches
• minimize vulnerabilities
• mitigate damage caused by a threat through mitigation actions

Question 2

Describe Confidentiality.

Answer 2

Protection of information from unauthorized access and disclosure.

ex. Encryption

Question 3

Why is Confidentiality important?

Answer 3

• Protects personal Privacy
• Maintain Business advantage
• Achieve Regulatory compliance

Question 4

Name 5 methods to ensure Confidentiality.

Answer 4

• Encryption
• Access Controls
• Data Masking
• Physical Security Measures
• Training & Awareness

Question 5

Encryption

Answer 5

Process of converting data into code to prevent unauthorized access.

Question 6

Access Controls

Answer 6

User permissions that ensure only authorized personnel can access certain data.

Question 7

Data Masking

Answer 7

Obscuring data for unauthorized users while maintaining authenticity and use for authorized users.

Question 8

Physical Security Measures

Answer 8

Physical measures used to protect both physical and digital data.

Ex. Cameras, Biometric scanners, keycards, door locks, cabinet locks etc.

Question 9

Training & Awareness

Answer 9

Training personnel on security awareness & best practices to mitigate human error and protect sensitive data.

Question 10

Describe Integrity

Answer 10

Verifies the Accuracy and Authenticity of Data over the entire lifecycle.

Question 11

Why is Integrity important?

Answer 11

• Ensure data Accuracy
• Maintain Trust
• Ensure System operability

Question 12

Name 5 Methods to ensure Integrity

Answer 12

• Hashing
• Digital Signatures
• Checksums
• Access Controls
• Regular Audits

Question 13

Hashing

Answer 13

Converting data into a fixed-size value.

• Any minor change will result in a vastly different hash

Question 14

Hash Digest

Answer 14

Digital fingerprint

Question 15

Digital Signatures

Answer 15

Uses encryption to ensure integrity and authenticity

Question 16

Checksums

Answer 16

Method to verify the integrity of data during transmission.

Question 17

Regular Audits

Answer 17

Reviewing logs and operations to address discrepancies and ensure authorized changes.

Question 18

Describe Availability

Answer 18

Ensuring that data, systems and services are accessible and operational to authorized end users.

Question 19

How is the quality Availability status determined?

Answer 19

By the number of “nines”
ex. 99.9%, 99.999%

Question 20

What is the Gold Standard for Availability status?

Answer 20

Five “nines” (99.999%)

Question 21

Why is Availability important?

Answer 21

• Ensures business continuity
• Maintain customer trust
• Upholds Reputation

Question 22

What is Redundancy?

Answer 22

Duplicating Critical system components and functions to ensure reliability.

Question 23

What are 4 types of Redundancy ?

Answer 23

• Server Redundancy
• Network Redundancy
• Power Redundancy
• Data Redundancy

Question 24

Server Redundancy

Answer 24

Using a Load balancer configuration to ensure server uptime should one fail.

Question 25

Network Redundancy

Answer 25

Ensuring data can travel through an alternate route should a network path fail.

Question 26

Data Redundancy

Answer 26

Storing Data in multiple places so it can always be recovered should a data store fail.

Question 27

Power Redundancy

Answer 27

Implementing back up power sources to ensure that systems remain operational.

Question 28

Define Non-repudiation

Answer 28

Providing undeniable proof in digital transactions

Question 29

Why is Non-Repudiation important?

Answer 29

- Confirms Authenticity in digital transactions - Ensures Integrity - Provides Accountability

Question 30

How is Non-Repudiation performed?

Answer 30

Digital Signatures

Question 31

Define Authentication

Answer 31

Verifying the identity of individuals or entities participating in a digital interaction.

Question 32

What are 5 common forms of Authentication?

Answer 32

- Something you KNOW - Something you HAVE - Something you ARE - Something you DO - SOMEWHERE you are

Question 33

Something you KNOW

Answer 33

Information a user can recall (Knowledge Factor) eg. Secret Phrase, Password,

Question 34

Something you HAVE

Answer 34

Use presents a physical item to authenticate themselves (Possession Factor) Eg. Keycard, Badge, Smartphone

Question 35

Something you ARE

Answer 35

User Provides a unique physical or behavioral characteristic of themselves to authenticate. (Inherence Factor) (Biometrics) Eg. Fingerprint scan, voice authentication, Facial Recognition

Question 36

Something you DO

Answer 36

User conduction a unique action to authenticate (Action Factor) Eg. Hand Writing recognition, Gait recognition

Question 37

SOMEWHERE you are

Answer 37

User being in a certain location to authenticate (Location Factor) Eg. Geo-Fencing, Region locking

Question 38

what is 2FA?

Answer 38

Two-factor Authentication - 2 authentication methods

Question 39

What is MFA?

Answer 39

Multi-factor Authentication - 2 or more authentication methods