1.2 Summarize fundamental security concepts.

Question 1

CIA Triad

Answer 1

• Confidentiality
• Integrity
• Availability

CIANA Pentagon: +non-repudiation and authentication

Question 2

Availability

Answer 2

Think about Redundancy

Ensures information and resources are accessible when needed. Duplication of critical components or functions of a system

Question 3

Non-repudiation

Answer 3

Think about Digital Signature

Focused on providing undeniable proof in the world of digital transactions

Question 4

Integrity

Answer 4

Think about Hashing

Ensures data remains accurate and unaltered (e.g., checksums)

• Hashing
• Digital Signatures
• Checksums
• Access Controls
• Regular Audits

Question 5

Confidentiality

Answer 5

Think about Encryption

Ensures information is accessible only to authorized personnel.

• Encryption
• Access Controls
• Data Masking
• Physical Security Measures
• Training and Awareness

Question 6

Authentication

Answer 6

• Something you know (Knowledge Factor) - Passwords, PINs, security questions
• Something you have (Possession Factor) - Smart cards, security tokens, or mobile phones
• Something you are (Inherence Factor) - Fingerprint scans, facial recognition, voice recognition. STRONGEST method. Iris and retina are the STRONGEST
• Something you do (Action Factor) - Typing patterns, signature analysis, or gesture recognition
• Somewhere you are (Location Factor) - GPS location, IP address-based location detection

Question 7

Accounting

Answer 7

Ensure that every action in the system is tracked and recorded

• Syslog Servers - Used to aggregate logs from various network devices and systems
• Network Analysis Tools - Used to capture and analyze network traffic
• Security Information and Event Management (SIEM) Systems - Provide with a real-time analysis of security alerts generated by various hardware and software

Question 8

Zero Trust

Answer 8

Demands verification for every device, user, and transaction within the network, regardless of its origin

• Control Plane: brain that makes and manages access rules.
  
  • Policy Engine: Decides if access is allowed.
  • Policy Administrator: is responsible for communicating the decisions made by the PE to PEP
• Data Plane: Where people or systems attempt to access resources.
  
  • Subject/System: The person, device, or service requesting access.
  • Policy Enforcement Point (PEP): The gate that allows or denies access based on rules.

Question 9

Door Locks

Answer 9

• Traditional Padlocks. Minimal protection, easily bypassed
• Basic Door Locks. Vulnerable to techniques like lock picking
• Modern Electronic Door Locks. Enhanced security through various authentication methods
• Cipher Locks
  
  • Mechanical locks with numbered push buttons
  • Commonly used in high-security areas, such as server rooms