1. Today's Security Professional

Question 1

CIA Triangle

Answer 1

The 3 Key Objectives of Cybersecurity:

Confidentiality
Integrity
Availability

Question 2

Confidentiality

Definition & Examples

Answer 2

Ensures that unauthorized individuals are not able to gain access to sensitive information.

Examples: Encryption, Firewalls, Access Control Lists.

Question 3

Integrity

Definition & Examples

Answer 3

Ensures that there are no unauthorized modifications to information or systems, either intentionally or unintentionally.

Examples: Hashing, Integrity Monitoring Solutions.

Question 4

Availability

Definition & Examples

Answer 4

Ensures that information and systems are ready to meet the needs of legitimate users at the time those users request them.

Examples: Backups, Clustering, Fault Tolerance.

Question 5

DAD Triangle

Answer 5

The 3 Key Threats to Cybersecurity efforts:

Disclosure
Alteration
Denial

Question 6

Technical Controls

Definition & Examples

Answer 6

Enforce CIA in the digital space.

Examples: Firewall rules, access control lists, IPS, and encryption.

Question 7

Operational Controls

Definition & Examples

Answer 7

The processes that we put into place to manage technology in a secure manner.

Examples: Access Reviews, Log Monitoring, Vulnerability Management.

Question 8

Managerial Controls

Definition & Examples

Answer 8

Procedural mechanisms that focus on the mechanics of the risk management process.

Examples: Periodic Risk Assessments, Security Planning Exercises.

Question 9

Preventative Controls

Definition & Examples

Answer 9

Intend to stop a security issue before it occurs.

Examples: Firewalls, Encryption

Question 10

Detective Controls

Definition & Examples

Answer 10

Identify security events that have already occurred.

Example: IDS

Question 11

Corrective Controls

Definition & Examples

Answer 11

Remediate security issues that have already occurred.

Example: Restoring backups after a Ransomware attack.

Question 12

Deterrent Controls

Definition & Examples

Answer 12

Seek to prevent an attacker from attempting to violate security policies.

Examples: Vicious Guard Dogs, Barbed wire fences.

Question 13

Physical Controls

Definition & Examples

Answer 13

Security Controls that impact the physical world.

Examples: Fences, Perimeter Lighting, Locks, Burglar Alarms.

Question 14

Compensating Controls

Definition & Examples

Answer 14

Controls designed to mitigate the risk associated with exceptions made to a security policy.

Example: Having to run an outdated version but putting it on a less important network to compensate.

Question 15

DLP

Answer 15

Data Loss Prevention Systems:

Block data exfiltration attempts.
Help organizations enforce information handling policies and procedures to prevent data loss and theft.

Can Be: Host-Based DLP or Network DLP

Question 16

Data Obfuscation

Definition & Examples

Answer 16

Transforming data into a format where the original format can’t be retrieved.

Examples: Hashing, Tokenization, Masking

Question 17

Hashing

Answer 17

Uses a hash function to transform a value in our dataset to a corresponding hash value.

Question 18

Tokenization

Answer 18

Replaces sensitive values with a unique identifier using a lookup table.

For example: Replacing a student ID with a randomly generated 10 digit number. We’d maintain a lookup table that allows us to convert back.

Question 19

Masking

Answer 19

Partially redacts sensitive information by replacing some or all sensitive fields with blank characters, such as an X or *