1.2 Summarize fundamental security concepts.

Question 1

What does the CIA Triad include?

Answer 1

Confidentiality
Integrity
Availability

Question 2

Confidentiality

Answer 2

Ensures sensitive information is only accessible to authorized users and remains shielded from unauthorized access.

Question 3

Integrity

Answer 3

Guarantees data is accurate, unaltered, and trustworthy by preventing unauthorized changes. Hashing algorithms such as SHA1 or MD5 provide data integrity.

Question 4

Availability

Answer 4

Ensures data and services are accessible when needed, minimizing disruptions in access.

Question 5

What does non-repudiation ensure?

Answer 5

Accountability in digital actions by preventing denial of involvement.
Mechanisms include digital signatures, authentication, and audit trails to establish the origin and legitimacy of actions or communications.

Question 6

AAA

Answer 6

Authentication
Authorization
Accounting

Question 7

Authentication

Answer 7

Verifies the identity of users or systems seeking access. For systems, protocols like 802.1X validate endpoint certificates.

Question 8

Authorization

Answer 8

Determines what actions users or systems can perform within the network.

Question 9

Accounting

Answer 9

Tracks and logs user activities, resource access, and actions performed for compliance and troubleshooting.

Question 10

AAA protocols

Answer 10

RADIUS
Diameter
TACACS+

Question 11

RADIUS

Answer 11

Used in remote access scenarios; secures sensitive data exchange between clients and servers using shared secrets.

Question 12

Diameter

Answer 12

Successor to RADIUS, supporting modern networks like 4G/5G.

Question 13

TACACS+

Answer 13

Developed by Cisco, grants or denies access to network devices while enhancing security with shared secrets.

Question 14

What is gap analysis?

Answer 14

A strategic process to evaluate an organization’s security posture against standards and best practices.
Includes assessment, benchmarking, identifying gaps, prioritization of risks, and a remediation strategy.

Question 15

Key tasks of gap analysis process

Answer 15

Assessment, benchmarking, identifying gaps, prioritization of risks, and a remediation strategy.

Question 16

Assessment (gap analysis process)

Answer 16

A thorough assessment is conducted to
understand the organization’s current security measures,
policies, procedures, and technologies.

Question 17

Benchmarking (gap analysis process)

Answer 17

This involves comparing the existing
security practices against established industry standards frameworks, and compliance regulations.

Question 18

Identification (gap analysis process)

Answer 18

Gaps are pinpointed by identifying areas where security measures fall short of the desired or required level

Question 19

Prioritization (gap analysis process)

Answer 19

Not all gaps are equal in terms of risk.
Prioritization involves ranking the identified gaps based on their potential impact and likelihood of exploitation.

Question 20

Remediation strategy (gap analysis process)

Answer 20

With prioritized gaps in mind, a comprehensive remediation strategy is developed. This strategy outlines actionable steps to close the identified gaps
and enhance the organization’s security posture.

Question 21

What is zero trust in cybersecurity?

Answer 21

The principle of “never trust, always verify,” ensuring continuous validation of users and devices.
Involves concepts like adaptive identity, policy-driven access control, and threat scope reduction.

Question 22

What is the control plane in a zero-trust model?

Answer 22

The command center that manages user/device authorization based on policies and threat intelligence.

Question 23

Components of control plane

Answer 23

• Policy engine: Determines access based on company rules.
• Policy administrator: Executes the engine’s decisions and issues access tokens.
• Policy enforcement point: Ensures authorized actions are allowed, blocking unauthorized access.

Question 24

Adaptive identity

Answer 24

Adaptive identity tailors user privileges based on contextual understanding. By analyzing user behavior, location, and device characteristics, this approach ensures that access rights are dynamically

Question 25

Threat scope reduction

Answer 25

Preventing threats before they manifest is a paramount goal in cybersecurity. By intentionally narrowing the potential attack surface, organizations can preemptively thwart possible avenues of exploitation. This involves strategies such as minimizing exposed services, reducing the attackable code base, and employing rigorous patch management.

Question 26

Policy-driven access control

Answer 26

The translation of security policies and guidelines into concrete action is a challenge faced by many organizations. Policy-driven access control offers a solution by automating the enforcement of these directives. Through a systematic approach, organizations can define access rights, permissions, and responses to specific scenarios. This not only ensures consistency but also eliminates the risk of human error in the execution of security protocols.

Question 27

Policy administrator

Answer 27

The policy administrator executes the decisions made by the policy engine to control access to the network. They issue access tokens and can communicate with the data plane.

Question 28

Policy engine

Answer 28

The policy engine determines who gains access to critical network resources on a per-user basis. It operates based on policies, written by the organization’s security team, which lay down the rules for access. Context is crucial, with data from SIEM, threat intelligence, user attributes, and device information informing decisions. Once the policy engine evaluates all the parameters, it communicates its decision to a policy administrator, who executes it on the ground.

Question 29

Policy enforcement point

Answer 29

The policy enforcement point (PEP) is a security checkpoint that ensures only authorized actions are allowed by following the rules set by the policy administrator and verified by the policy engine. It blocks unauthorized actions and allows only safe, trusted ones.

Question 30

Data plane

Answer 30

The data plane is responsible for the movement and forwarding of data packets within a network, executing tasks like routing, switching, and packet forwarding based on predefined policies. It ensures secure and efficient data transmission, with entities (subjects) initiating communication and systems (like routers and firewalls) handling the processing and forwarding of data. Together, subjects and systems ensure smooth and secure network operations.

Question 31

Four of trust zones

Answer 31

Implicit trust zones Internal network zone Demilitarized Zone (DMZ) External network zone

Question 32

Implicit trust zones

Answer 32

Implicit trust zones are areas within a network or system where trust is assumed without explicit verification. These zones simplify communication by allowing components to interact without strict authentication, based on predefined security rules or assumptions.

Question 33

The internal network zone

Answer 33

The internal network zone is where devices and resources are considered trustworthy due to being behind the company’s firewall. This zone, also known as the local area network (LAN), houses critical infrastructure such as domain controllers and database servers.

Question 34

The Demilitarized Zone (DMZ)

Answer 34

The Demilitarized Zone (DMZ) is a middle ground between trusted and untrusted areas, allowing controlled access to certain services from the external network. It often includes resources accessed by both trusted and untrusted networks and may have stricter communication controls with the internal network.

Question 35

The external network zone

Answer 35

The external network zone, such as the internet, is typically considered untrusted due to inherent risks. Communication from this zone into the internal network requires strong security measures, and it is often referred to as the untrusted wide area network.

Question 36

Physical security

Answer 36

Physical security is crucial as it involves measures to deter, detect, and respond to risks. It includes barriers and surveillance systems, all contributing to a security framework that protects people, assets, and critical information.

Question 37

Bollards

Answer 37

Bollards are a key physical security measure, acting as strong barriers against vehicular threats. Typically placed around important buildings, public spaces, or critical infrastructure, they are designed to withstand impacts and prevent unauthorized vehicle access.

Question 38

Access control vestibules

Answer 38

Access control vestibules create a controlled environment to improve security. For example, in door entry systems, individuals enter a space through one door, where their identity is verified by a security guard before accessing the building through a second door.

Question 39

Fencing

Answer 39

Fencing is a classic yet effective element of physical security. It not only marks property boundaries but also serves as a visible deterrent against unauthorized access. Modern fencing incorporates advanced materials, designs, and technologies to enhance security.

Question 40

Video surveillance

Answer 40

Video surveillance is a vital part of physical security, using advanced cameras, analytics, and monitoring systems for real-time visibility and event recording. It helps security teams identify threats, investigate incidents, and enhance overall security management.

Question 41

Security guards

Answer 41

Security guards are essential for physical security, enforcing protocols, patrolling, and responding to incidents. Their observation skills, along with training in conflict resolution and emergency response, make them a crucial asset.

Question 42

Access badges

Answer 42

Access badges, often using RFID or smart technology, allow authorized personnel seamless entry to secure areas. They help identify authorized individuals and create an audit trail of entry events, with different colors used for guests.

Question 43

Lighting

Answer 43

Lighting in physical security deters intruders by illuminating areas, enhances visibility by reducing hiding spots, discourages crimes like theft and vandalism, and aids in access control and identity verification.

Question 44

Visitor logs

Answer 44

Visitor logs track every entry and exit, serving as an important reference for audits and investigations. Signing in visitors also makes you responsible for their presence, highlighting the need for accurate documentation to maintain accountability.

Question 45

Sensor technologies

Answer 45

Sensor technologies are key to modern security, detecting anomalies and triggering responses. With types like infrared, pressure, microwave, and ultrasonic, they enable real-time threat detection with minimal human involvement.

Question 46

Types of sensors

Answer 46

Infrared Pressure Microwave Ultrasonic

Question 47

Infrared sensors

Answer 47

Infrared sensors detect heat signature changes, identifying human or animal presence, and are used in perimeter and indoor security.

Question 48

Pressure sensors

Answer 48

Pressure sensors detect pressure changes from touch or movement, providing reliable indicators of activity.

Question 49

Microwave sensors

Answer 49

Microwave sensors emit pulses and detect frequency changes from moving objects, excelling in various security situations.

Question 50

Ultrasonic sensors

Answer 50

Ultrasonic sensors use sound waves to "see" around corners or in hidden areas, proving valuable in difficult environments.

Question 51

Deception and disruption technology

Answer 51

Deception and disruption technology is a modern cybersecurity approach that goes beyond traditional defense, using strategies like honeypots, honeynets, honeyfiles, honeytokens, and fake information to deceive and disrupt potential threats. These digital decoys turn vulnerabilities into a strategic advantage.

Question 52

Honeypot

Answer 52

A honeypot is a decoy website with lower security set up by security teams to observe hacker attack methods. It helps in preventing future attacks and serves as a distraction to protect the real web server.

Question 53

Honeynet

Answer 53

A honeynet is a network of honeypots designed to deceive attackers, drawing them away from the actual network. It provides a controlled environment for cybersecurity professionals to study and analyze malicious activities while protecting real networks from harm.

Question 54

Honeyfile

Answer 54

A honeyfile is a strategically crafted file, such as one titled "password," designed to lure attackers. When accessed, it triggers alarms, marking the intrusion and helping defenders anticipate the attacker's next move.

Question 55

Honeytoken

Answer 55

Honeytokens are deceptive markers used in cybersecurity to trap digital intruders. These tokens contain dummy data that appears valuable but holds no real worth for the organization. Once taken, they trigger alerts, allowing defenders to track the infiltrator, whether external or internal.

Question 56

Fake Information

Answer 56

Fake information tactics, such as a DNS sinkhole and fake telemetry, are used to mislead attackers. A DNS sinkhole redirects queries to different IP addresses, creating a "black hole" effect, while fake telemetry involves returning false data to confuse attackers and obscure real information.