Section 2 Fundamentals of Security

Question 1

What is a Threat?

Answer 1

Anything that could cause harm/damage/compromise to IT systems

Threats can be natural disasters, cyber attacks, or human errors.

Question 2

Define Vulnerability.

Answer 2

Any weakness in the system design or implementation

Vulnerabilities can be software bugs, misconfigurations, or lack of security controls.

Question 3

What is the intersection of a threat and a vulnerability called?

Answer 3

Risk

Risk represents the potential for loss or damage when threats exploit vulnerabilities.

Question 4

What does Risk Management involve?

Answer 4

Finding different ways to minimize the likelihood of an outcome

This includes assessing risks and implementing controls.

Question 5

What is Confidentiality in information security?

Answer 5

The protection of information from unauthorized access and disclosure

Ensuring confidentiality is crucial for sensitive data.

Question 6

What is Encryption?

Answer 6

Converting data into code to prevent unauthorized access (ciphertext)

Encryption is essential for protecting data in transit and at rest.

Question 7

Fill in the blank: _______ is obscuring specific data within a database to make it inaccessible for unauthorized users.

Answer 7

Data Masking

An example of data masking is blocking out all numbers but the last 4 of a Social Security Number.

Question 8

What is Hashing?

Answer 8

Converts data into a fixed-size value; if any data changes, the hash value dramatically changes (hash digest)

Hashing is often used for data integrity verification.

Question 9

What are Digital Signatures?

Answer 9

File is hashed and then the hash digest is encrypted using the user’s private key. Alterations change the hash which invalidates the signature

Digital signatures ensure authenticity and integrity of digital messages.

Question 10

What is the purpose of Checksums?

Answer 10

Used to verify the data being sent via transmission

Checksums compare the sender’s checksum for the transmitted data with the receiver’s calculated checksum.

Question 11

Define Redundancy in IT systems.

Answer 11

The duplication of critical components or functions of a system to enhance reliability

Types of redundancy include server, data, network, and power.

Question 12

What is Digital Signature?

Answer 12

Hashing a message, then encrypting the hash digest with user’s private key using asymmetric encryption

Asymmetric encryption uses a public and a private key for encryption and decryption.

Question 13

What does Authentication confirm?

Answer 13

Confirms that people are who they say they are during a communication or transaction

Authentication methods include passwords, biometrics, and tokens.

Question 14

What is Authorization?

Answer 14

Determines permissions that are granted to users or entities after authentication

Authorization ensures users have the right access to resources.

Question 15

What is Accounting in the context of IT security?

Answer 15

Monitors and logs the actions of users or entities during their digital transactions

This process helps in auditing and tracking user activities.

Question 16

What is an Audit Trail?

Answer 16

Chronological record of all user activities that can be used to trace any changes, unauthorized access, or anomalies back to a specific user or point in time

Audit trails are crucial for forensic analysis and compliance.

Question 17

What is a Syslog Server?

Answer 17

Server that aggregates logs from various network devices and systems

Syslog servers help in centralized log management.

Question 18

What does a Network Analyzer do?

Answer 18

A tool that captures and analyzes network traffic

Network analyzers are used for troubleshooting and monitoring network performance.

Question 19

What is a Security Information and Event Management (SIEM) System?

Answer 19

Provides real-time analysis of security alerts within the organization

SIEM systems aggregate and analyze security data from across the organization.

Question 20

Define Technical Controls.

Answer 20

Technologies, hardware, and software to manage and reduce risk

Examples include antivirus software, firewalls, and encryption.

Question 21

What are Managerial Controls?

Answer 21

Administrative controls such as risk assessment, security policies, training, and incident response programs

Managerial controls guide the overall security strategy of an organization.

Question 22

What are Operational Controls?

Answer 22

Day-to-day controls such as password changes, account reviews, etc.

Operational controls ensure the effectiveness of security policies on a daily basis.

Question 23

Define Physical Controls.

Answer 23

Physical, real-world controls such as document sharing and security guards

Physical controls protect assets and facilities from physical threats.

Question 24

What are Preventative Controls?

Answer 24

Proactive measures such as firewalls

Preventative controls aim to stop incidents before they occur.

Question 25

What are Deterrent Controls?

Answer 25

Presents higher challenge for attackers, such as warning signs that monitoring is occurring ## Footnote Deterrent controls aim to discourage potential attackers.

Question 26

What are Detective Controls?

Answer 26

Monitor & alert organizations to malicious activities during or shortly after the attack ## Footnote Examples include intrusion detection systems and alerts.

Question 27

What are Corrective Controls?

Answer 27

After detection controls that mitigate potential damage and restore systems to normal states ## Footnote Corrective controls are essential for incident response.

Question 28

What are Compensating Controls?

Answer 28

Alternative measures implemented when primary security controls are not feasible or effective ## Footnote Compensating controls provide a temporary solution to security gaps.

Question 29

What are Directive Controls?

Answer 29

Guide, inform, or mandate different actions, such as policy and documentation that set standards of behavior within an organization ## Footnote Directive controls help establish a security culture.

Question 30

What is The Zero Trust Model?

Answer 30

"Trust nothing and verify everything"—identity and permissions are always verified continuously ## Footnote The Zero Trust Model enhances security by assuming all entities may be compromised.

Question 31

What is the Control Plane?

Answer 31

Provides a centralized way to dictate and control how, when, and where access is granted ## Footnote The Control Plane ensures only authenticated and authorized entities can access resources.

Question 32

What is Adaptive Identity?

Answer 32

Limits users' access to only what they need for their tasks ## Footnote This minimizes the blast radius in the event of a breach.

Question 33

What is Policy-Driven Access Control?

Answer 33

Developing/managing/enforcing user access policies based on roles and responsibilities ## Footnote This approach ensures users have appropriate access rights.

Question 34

What are Secured Zones?

Answer 34

Isolated environments within a network designed to house sensitive data ## Footnote Only users with appropriate permissions can access these zones.

Question 35

What is the Data Plane?

Answer 35

The subject or system and the policy enforcement point that executes decisions to grant or deny access ## Footnote The Data Plane is essential for implementing access control policies.

Question 36

What is Gap Analysis?

Answer 36

Process of evaluating the differences between an organization's current performance and its desired performance ## Footnote Gap Analysis helps identify areas for improvement.