01a. Information Security Technologies

Question 1

Information Security Technologies

Information security utilizes its own portfolio of protective and detective technologies in its function to protect “all things IT”

Answer 1

1. Foundation technologies
2. Endpoint protection
3. Network Protection
4. Data Protection
5. Identity and Access Management
6. Event Management
7. Vulnerability Management
8. Systems and Software Development
9. Governance, Risk and Compliance

202

Question 2

Foundation technologies

Foundation technologies include…

Answer 2

1. TCP/IP
2. Operating Systems Internals
3. Middleware
4. Applications and Tools

201

Question 3

Endpoint protection

Endpoint protection includes…

Answer 3

1. Antimalware
2. Firewalls
3. Patch and Configuration Management
4. Host-based Intrusion Detection Systems (HIDSs)
5. Mobile DEvice Management (MDM)
6. Mobile Application Management (MAM)
7. Secure Access Service Edge (SASE)

202

Question 4

Network Protection

Network Protection includes…

Answer 4

1. Antimalware
2. Firewalls
3. Patch and Configuration Management
4. Intrusion Detection Systems (IDS/NIDS)
5. Intrusion Provention Systems (IPS)
6. Web Content Filtering
7. Cloud Access Security Brokers (CASBs)
8. Spam and Phishing Filtering
9. Remote Access and Virtual Private Networks (VPNs)

202

Question 5

Data Protection

Data Protection includes…

Answer 5

1. Data Loss Prevention (DLP)
2. Backup, replication, Snapshots, and Vaulting
3. Removable Storage Monitoring and Management
4. Encryption and Digital Signatures
5. Fingerprinting, Tagging, and Watermarking

202

Question 6

Identity and Access Management

Identity and Access Management includes…

Answer 6

1. Passowrd Vaults
2. Privileged Access Gateways
3. Multifactor Authentication (MFA)
4. Federated Identity (OAuth, FIDO Alliance)

202

Question 7

Event Management

Event Management includes…

Answer 7

1. Centralised Logging
2. Security Information and Event Management (SIEM)
3. Threat Intelligence Platforms (TIPs)
4. Security Orchestration, Automation, and Response (SOAR)

202

Question 8

Vulnerability Management

Vulnerability Management includes…

Answer 8

1. Security Scanning
2. Penetration Testing
3. Social Engineering Testing

202

Question 9

Systems and Software Development

Systems and Software Development includes…

Answer 9

1. Dynamic Application Security Testing (DAST)
2. Static Application Security Testing (SAST)
3. Penetration Testing
4. Code Review

202

Question 10

Governance, Risk and Compliance

Governance, Risk and Compliance includes…

Answer 10

1. Governance, Risk and Compliance (GRC) platforms
2. Integrated Risk Management (IRM) platform

202