1.1 Basic Concepts

Question 1

Confidentiality

Answer 1

Ensures that sensitive information is accessible only to authorized individuals or entities. Involves protecting data from unauthorized access, disclosure, or exposure.

Question 2

Integrity

Answer 2

Ensures that data remains accurate, complete, and unaltered during storage, transmission, or processing. Guards against unauthorized modification or tampering.

Question 3

Authorization

Answer 3

Determines the level of access or privileges granted to authenticated users or entities. Ensures users can only access the resources they are authorized to use

Question 4

Availability

Answer 4

Ensures systems, networks, and data are accessible and operational when needed. Measures are taken to prevent disruptions or denial-of-service attacks that could render resources unavailable.

Question 5

Authentication

Answer 5

Verifies the identity of users or devices attempting to access a system. Confirms individuals or entities are who they claim to be before granting access.

Question 6

Non-Repudiation

Answer 6

Prevents individuals from denying their actions or transactions. Ensures that actions, such as data exchange or digital signatures, are verifiable and cannot later be denied.

Question 7

Vulnerability

Answer 7

A weakness or flaw in a system, application, or process that could be exploited by attackers to gain unauthorized access or cause harm.

Question 8

Threat

Answer 8

Any potential danger or harmful event that could exploit vulnerabilities and compromise security. Threats can be internal or external.

Question 9

Risk

Answer 9

The likelihood of a threat exploiting a vulnerability and the potential impact of that occurrence. Cybersecurity exists to mitigate risks.

Question 10

Malware

Answer 10

Malicious software designed to harm, steal, or disrupt systems or data. Includes viruses, worms, trojans, ransomeware, or spyware.

Question 11

Phishing

Answer 11

Social engineering technique where attackers impersonate trusted people or entities to trick individuals into revealing sensitive information.

Question 12

Firewall

Answer 12

A security device or software that monitors and controls incoming and outgoing network traffic, acting as a barrier between a trusted internal network and untrusted external networks.

Question 13

Encryption

Answer 13

The process of converting data into a secure code to protect it from unauthorized access. Only those with the decryption key can access the original data.

Question 14

Patch

Answer 14

A software update released by vendors to fix security vulnerabilities and improve functionality. Regularly applying patches helps protect against known threats.

Question 15

Incident Response

Answer 15

The process of identifying, managing, and mitigating the impact of a cybersecurity incident or breach to minimize damage and recover quickly.

Question 16

Social Engineering

Answer 16

The phycological manipulation of individuals to trick them into revealing sensitive information or performing actions that may compromise security.

Question 17

Multi-Factor Authentication (MFA)

Answer 17

A security mechanism that requires users to provide multiple forms of verification before gaining access to an account or system . It adds an extra layer of security beyond passwords.

Question 18

Denial of Service (DoS) Attack

Answer 18

A n attempt to make a computer system or network resource unavailable to its users by overwhelming it with excessive traffic or requests. When this is done using multiple devices it is a Distributed Denial of Service (DDoS)

Question 19

Advanced Persistent Threat (APT)

Answer 19

A prolonged and targeted cyberattack by sophisticated adversaries, such as nation-states or well-funded groups. ATPs often aim to steal sensitive information or conduct espionage.

Question 20

Internet of Things (IoT) Security

Answer 20

Involves protecting the vast network of devices, ranging from smart home appliances to industrial sensors, from cyber threats.

Question 21

Red Team vs. Blue Team

Answer 21

Red Team–Conducts offensive operations and attacks.
Blue Team–Defend against Red Team.
Exercises are done to assess security posture and situational preparedness.

Question 22

Virtual Private Network (VPN)

Answer 22

A secure and encrypted connection that allows users to access the internet or a private network while maintaining privacy and anonymity.

Question 23

Zero-Day Exploit

Answer 23

An attack that exploits a previously unknown vulnerability in software or systems before a patch or solution is available.

Question 24

Cybersecurity Frameworks

Answer 24

Provide a structured approach for organizations to assess, develop, and improve their cybersecurity capabilities. Examples include NIST Cybersecurity Framework, ISO/IEC 27001, and CIS Controls.

Question 25

Cybersecurity Awareness Training

Answer 25

Training employees and users to recognize and respond to cybersecurity threats is crucial in reducing the risk of successful cyberattacks.