1.1 General Security Concepts Flashcards

1
Q

Core Security Concepts

A

CIA Triad:
Confidentiality, Integrity, Availability

Non-Repudiation:

Ensuring that a sender cannot deny sending a message.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Zero Trust Architecture

A

Never Trust, Always Verify: A security model that assumes no implicit trust.

Least Privilege Principle: Granting users only the necessary permissions.

Zero Trust Control Plane: Manages security policies and enforces access controls.

Zero Trust Data Plane: Network infrastructure that transmits data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Deception Technologies

A

Honeypots:
Decoy systems to attract and distract attackers.

Honeynets:
Networks of honeypots.

Honeyfiles and Honeytokens:
False data or credentials to identify attackers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Physical Security Controls

A

Preventative Controls:
Fences, gates, access controls, security guards.

Detective Controls:
Surveillance cameras, intrusion detection systems, sensors.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Change Management

A

Business Processes: Change request, approval, impact analysis, testing, deployment, review.

Technical Implications: Configuration management, version control, downtime, service restarts.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Documentation and Version Control

A

Importance of Documentation:
Clear and accurate documentation for security operations

Version Control Systems:
Manage changes to code and configurations.

Configuration Management Database (CMDB):
Repository for IT asset information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly