The Full Shabang

Question 1

What is the definition of Confidentiality?

Answer 1

Ensures that data is only accessible to those authorised to see it/prevents unauthorised access to private data.

Question 2

How is Confidentiality implemented?

Answer 2

Achieved through:
- Encryption of the data
- Access Controls
- User Authentication

Question 3

What is an example of how Confidentiality is implemented?

Answer 3

TLS encrypts HTTP data to protect it from eavesdropping

Question 4

What is the definition of Integrity?

Answer 4

Ensures that data has not been tampered with/prevents unauthorised modification of data.

Question 5

How is Integrity implemented?

Answer 5

Often implemented using:
- Hashing of data
- Digital Signatures used in connections

Question 6

What is an example of Integrity being implemented?

Answer 6

A file download might use SHA-256 checksums to verify that the file hasn’t been modified

Question 7

What is the definition of Availability?

Answer 7

Ensures that systems, services and data are accessible when needed.

Question 8

What affects Availability?

Answer 8

• Denial of Service attacks
• Server failures
• Overloads

Question 9

What is an example of Availability being compromised?

Answer 9

A bank service being taken offline by a DoS attack

Question 10

What is non-repudiation?

Answer 10

It ensures that a user cannot deny having performed an action

Question 11

How is non-repudiation implemented?

Answer 11

Implemented using:
- Digital Signatures
- Secure logging

Question 12

What is an example of non-repudiation being implemented?

Answer 12

Signing an email with a private key ensures that only the key holder could have sent it

Question 13

What is the definition of Accountability?

Answer 13

Links user actions to specific identities and ensures they can be traced and audited

Question 14

What is the difference between non-repudiation and accountability?

Answer 14

Non-repudiation - Prevents a party from denying their involvement
Accountability - Involves tracking and linking actions to identities within a system

Question 15

What are three principles in secure system design?

Answer 15

Least Privilege
Fail-safe defaults
Complete Mediation

Question 16

What is the definition of Least Privilege?

Answer 16

Ensures that a user or process has only the minimal permissions necessary to complete their task, reducing the attack surface.

Question 17

What is the definition of fail-safe default?

Answer 17

Ensures that access is denied by default, and must be explicitly granted

Question 18

What does Open Design mean in the context of Security?

Answer 18

The system should remain secure even if its internal workings are public, relying on secrecy of keys rather than secrecy of design.