1. Mastering Security Basics

Question 1

Use Case​

Answer 1

a goal that an organization wants to achieve.

Question 2

CIA Security Triad

Answer 2

Confidentiality, Integrity, and Availability

Question 3

Confidentiality

Answer 3

prevents the unauthorized disclosure of data.

Question 4

Encryption

Answer 4

scrambles data to make it unreadable by unauthorized personnel.

Question 5

What are the three Access Controls?

Answer 5

identification, authentication, authorization

Question 6

Steganography

Answer 6

practice of hiding data in data.

Question 7

Integrity

Answer 7

provides assurances that data has not changed.

Question 8

Hash

Answer 8

a number created by executing a hashing algorithm against data, such as a file or a message.

Question 9

The 3 MAC’s

Answer 9

media access control

mandatory access control

message authentication code

Question 10

What’s that acronym?

PKI

Answer 10

public key infrastructure

Question 11

Availability

Answer 11

idicates that data and services are available when needed.

Question 12

Risk

Answer 12

is the possibility or likelihood of a threat exploiting a vulnerability resulting in a loss.

Question 13

Vulnerability

Answer 13

is a weakness

Question 14

Threat

Answer 14

is any circumastance or event that has the potential to compromise confidentiality

Question 15

Security Incident

Answer 15

is an adverse event or series of events that can negatively affect the condifentiality, integrity, or availability of an organization’s informatation technology systems and data

Question 16

Risk Mitigation

Answer 16

reduces the chances that a threat will exploit a vunerability., or reduces the impact of the risk, by implementing security controls.

Question 17

Technical controls and the 6 common types?

Answer 17

use technology to reduce vulnerabilities.

Common types:

Encryption

Antivirus Software

Intrusion detection systems (IDSs) and Intruson Prevention Systems (IPSs)

Firewalls

Least Privilege

Question 18

Administration Controls and common types?

Answer 18

use methods mandated by organizational policies or other guidlelines.

Also known as Operational Controls

Risk assessments

Vulnerability assessments

Penetrative tests

Awarness and training

Configuration and change managment

Contingency training

Media Protection (physical media)

Physical and enviromental protection

Question 19

Physical Controls

Answer 19

are any controls that you can physically touch.

Lighting

Signs

Fencing

Security guard

etc

Question 20

Preventive Controls

Answer 20

to prevent security incidents.

Hardening

Security Awareness and training

Security Guards

Change Managment

Account Disablement policy

Question 21

Hardening

Answer 21

is the practice of making a system or application more secure than its default configuration.

Question 22

Detective Controls and some common types?

Answer 22

attempt to detect when vulnerabilities have been exploited, resulting in a security incident.

Log monitoring

Trend analysis

Security audit

Video surveillance

Motion detection

Question 23

What’s that acronym?

IDS

Answer 23

intrusion detection system

Question 24

What’s that acronym?

CCTV

Answer 24

closed-circuit television

Question 25

Corrective controls and some common exaples?

Answer 25

attempt to reverse the impact of an incident or problem after it has occured.

IPS

Backups and system recovery

Question 26

What’s the acronym?

IPS

Answer 26

intrusion prevention system

Question 27

Deterrent controls and some common examples?

Answer 27

attempt to discourage a threat.

Many of these controls can also be preventative controls

Cable locks

Hardware locks

Question 28

Compensating controls

Answer 28

are alternative controls used instead of a primary control.

TPOTP

Question 29

What’s that acronym?

TOTP

Answer 29

Time-based One-Time Password

Question 30

Type I Hypervisors

Answer 30

run directly on the system hardware

Question 31

Type II Hypervisors

Answer 31

run as software within a host operating system.

Question 32

Kernal

Answer 32

central part of the operating system.

Question 33

What’s that acronym?

VM

Answer 33

Virtual Machine

Question 34

What’s the acronym?

NIC

Answer 34

Network interface card