701

Question 1

Term

Answer 1

Definition

Question 2

Domain 1: General Security Concepts

Answer 2

Security Controls

Question 3

Technical: Security controls implemented through technology (e.g.

Answer 3

firewalls

Question 4

Physical: Physical barriers and controls to protect resources (e.g.

Answer 4

locks

Question 5

Deterrent: Controls that discourage violations (e.g.

Answer 5

warning signs).

Question 6

Compensating: Alternative controls that compensate for weaknesses (e.g.

Answer 6

increased monitoring).

Question 7

CIA Triad:

Answer 7

Confidentiality: Ensuring that information is accessible only to those authorized.

Question 8

Availability: Ensuring that information is accessible when needed.

Answer 8

Non-repudiation: Ensuring that a party cannot deny the authenticity of their signature or actions.

Question 9

Authentication: Verifying the identity of a user or system.

Answer 9

Authorization: Granting permissions to authenticated users or systems.

Question 10

Authenticating people/systems: Methods used to verify identities (e.g.

Answer 10

passwords

Question 11

Control Plane: Manages the flow of data to enforce policies.

Answer 11

Data Plane: Carries the actual data or application traffic.

Question 12

Bollards: Physical barriers to prevent vehicle access.

Answer 12

Access control vestibule: Small

Question 13

Video surveillance: Monitoring using cameras.

Answer 13

Security guard: Human security personnel.

Question 14

Lighting: Use of light to deter or detect unauthorized access.

Answer 14

Sensors: Devices to detect movement

Question 15

Honeypot: Decoy systems to attract attackers.

Answer 15

Honeynet: Network of honeypots.

Question 16

Honeytoken: Decoy data used to detect unauthorized access.

Answer 16

Cryptographic Solutions

Question 17

Public key: Key used to encrypt data

Answer 17

known to everyone.

Question 18

Encryption: Converting data into a coded form.

Answer 18

Full-disk: Encrypting all data on a disk.

Question 19

File: Encrypting individual files.

Answer 19

Volume: Encrypting a specific volume.

Question 20

Record: Encrypting individual records.

Answer 20

Transport/communication: Encrypting data in transit.

Question 21

Symmetric: Encryption using a single key for both encryption and decryption.

Answer 21

Key exchange: Method of securely exchanging encryption keys.

Question 22

Key length: Length of the encryption key.

Answer 22

Tools:

Question 23

HSM (Hardware Security Module): Device for managing cryptographic keys.

Answer 23

Key management system: Software for managing encryption keys.

Question 24

Obfuscation:

Answer 24

Steganography: Hiding data within other data.

Question 25

Data masking: Obscuring data to protect sensitive information.

Answer 25

Hashing: Converting data into a fixed-size string of characters.

Question 26

Digital Signatures: Cryptographic signatures to verify authenticity.

Answer 26

Key Stretching: Techniques to strengthen keys.

Question 27

Certificates: Digital certificates used for authentication.

Answer 27

Certificate authorities: Entities that issue certificates.

Question 28

OCSP (Online Certificate Status Protocol): Protocol for checking certificate status.

Answer 28

Self-signed: Certificates signed by the entity itself.

Question 29

Root of trust: Base level of trust in a security model.

Answer 29

CSR (Certificate Signing Request): Request for a digital certificate.

Question 30

Change Management

Answer 30

Business Processes:

Question 31

Ownership: Responsibility for changes.

Answer 31

Stakeholders: Parties affected by changes.

Question 32

Test results: Outcomes of testing changes.

Answer 32

Backout plan: Plan for reverting changes if needed.

Question 33

SOP (Standard Operating Procedure): Established procedures for tasks.

Answer 33

Technical Implications:

Question 34

Restricted activities: Actions that are limited.

Answer 34

Downtime: Period when systems are unavailable.

Question 35

Application restart: Restarting applications.

Answer 35

Legacy applications: Older software systems.

Question 36

Documentation:

Answer 36

Updating diagrams: Keeping architectural diagrams current.

Question 37

Version Control: Managing changes to documents or code.

Answer 37

Domain 2: Threats

Question 38

Threat Actors:

Answer 38

Nation-state: Government-sponsored attackers.

Question 39

Hacktivist: Activists using hacking.

Answer 39

Insider threat: Internal personnel posing a threat.

Question 40

Shadow IT: Unapproved IT systems or devices.

Answer 40

Attributes:

Question 41

Resources/funding: Financial and material support.

Answer 41

Level of sophistication/capability: Skills and techniques.

Question 42

Data exfiltration: Stealing data.

Answer 42

Espionage: Spying activities.

Question 43

Blackmail: Forcing action through threats.

Answer 43

Financial gain: Monetary benefits.

Question 44

Ethical: Driven by moral principles.

Answer 44

Revenge: Retaliation motives.

Question 45

War: Conflict motives.

Answer 45

Threat Vectors and Attack Surfaces

Question 46

Image-based: Attacks hidden in images.

Answer 46

File-based: Attacks in files.

Question 47

Removable device: Attacks via USB drives.

Answer 47

Vulnerable software (Client-based vs. agentless): Exploiting software weaknesses.

Question 48

Unsecure networks (Wireless

Answer 48

Wired

Question 49

Supply chain (MSPs

Answer 49

Vendors

Question 50

Application:

Answer 50

Memory injection: Injecting malicious code into memory.

Question 51

Race conditions (TOC/TOU): Exploiting timing issues.

Answer 51

Malicious update: Compromised software updates.

Question 52

Web-based:

Answer 52

SQLi (SQL Injection): Injecting SQL commands.

Question 53

Hardware:

Answer 53

Firmware: Vulnerabilities

Question 54

Hardware:

Answer 54

Firmware: Vulnerabilities in the firmware of devices.

Question 55

Network:

Answer 55

DNS poisoning: Corrupting DNS cache to redirect traffic.

Question 56

DDoS (Distributed Denial of Service): Overloading a service with excessive traffic.

Answer 56

Cloud:

Question 57

Misconfiguration: Incorrectly configured cloud services.

Answer 57

Mobile:

Question 58

Unsecure connections: Unencrypted or poorly secured connections.

Answer 58

IoT (Internet of Things):

Question 59

Unpatched firmware: Vulnerabilities in outdated firmware.

Answer 59

Industrial control systems (ICS):

Question 60

Unsecure protocols: Use of unsecure communication protocols.

Answer 60

Exploit Techniques

Question 61

Phishing: Fraudulent attempts to obtain sensitive information.

Answer 61

Spear phishing: Targeted phishing attacks.

Question 62

Pretexting: Creating a fabricated scenario to steal information.

Answer 62

Baiting: Offering something enticing to lure victims.

Question 63

Network attacks:

Answer 63

Man-in-the-middle: Intercepting communication between two parties.

Question 64

Replay attack: Reusing captured data packets.

Answer 64

Spoofing: Impersonating another device or user.

Question 65

Virus: Malicious code that attaches to a host file and spreads.

Answer 65

Worm: Self-replicating malware that spreads without user interaction.

Question 66

Ransomware: Malware that encrypts data and demands payment for decryption.

Answer 66

Spyware: Malware that collects information without consent.

Question 67

Rootkit: Malware designed to gain root-level access.

Answer 67

Code-based attacks:

Question 68

Cross-site scripting (XSS): Injecting malicious scripts into web pages.

Answer 68

Buffer overflow: Exploiting buffer overflow vulnerabilities to execute arbitrary code.

Question 69

USB drop attack: Leaving malicious USB drives for victims to use.

Answer 69

Hardware keyloggers: Physical devices that record keystrokes.

Question 70

Security Assessment

Answer 70

Vulnerability assessments: Identifying and evaluating security weaknesses.

Question 71

Security audits: Reviewing and evaluating security measures.

Answer 71

Risk assessments: Identifying and analyzing risks.

Question 72

Bug bounty programs: Offering rewards for finding security vulnerabilities.

Answer 72

Mitigation Strategies

Question 73

Firewalls: Devices or software that control network traffic based on security rules.

Answer 73

Intrusion detection systems (IDS): Systems that detect unauthorized access.

Question 74

Network segmentation: Dividing networks into segments to improve security.

Answer 74

Endpoint security:

Question 75

Endpoint detection and response (EDR): Tools for detecting and responding to endpoint threats.

Answer 75

Patch management: Keeping software up to date with patches and updates.

Question 76

Code review: Examining code for vulnerabilities.

Answer 76

Application hardening: Securing applications by reducing vulnerabilities.

Question 77

Data protection:

Answer 77

Encryption: Converting data into a coded form to prevent unauthorized access.

Question 78

Access controls: Restricting access to data based on user roles and permissions.

Answer 78

Physical security:

Question 79

Access control systems: Systems that control entry to physical spaces.

Answer 79

Surveillance cameras: Cameras used to monitor physical spaces.

Question 80

Incident response planning: Preparing for and responding to security incidents.

Answer 80

Domain 3: Architecture and Design

Question 81

Network Architecture:

Answer 81

Intranet: Internal private network.

Question 82

DMZ (Demilitarized Zone): Network segment that separates internal networks from untrusted networks.

Answer 82

NAC (Network Access Control): Policies to control access to network resources.

Question 83

SDN (Software-Defined Networking): Network management using software.

Answer 83

Microsegmentation: Dividing networks into smaller segments.

Question 84

Public cloud: Cloud services offered to multiple customers.

Answer 84

Private cloud: Cloud services for a single organization.

Question 85

Community cloud: Cloud services shared by a community of organizations.

Answer 85

Virtualization: Creating virtual versions of resources.

Question 86

Containers: Lightweight virtualization for applications.

Answer 86

Virtual networks: Virtualizing network resources.

Question 87

Zero Trust Architecture: Security model that assumes no implicit trust.

Answer 87

Control Plane: Manages the flow of data to enforce policies.

Question 88

Security Frameworks and Models

Answer 88

Security Frameworks:

Question 89

ISO/IEC 27001: Standard for information security management systems.

Answer 89

COBIT: Framework for managing and governing IT.

Question 90

CSA (Cloud Security Alliance): Guidelines for cloud security.

Answer 90

Security Models:

Question 91

Biba Model: Security model focused on data integrity.

Answer 91

Clark-Wilson Model: Security model focused on data integrity through well-formed transactions.

Question 92

Secure System Design

Answer 92

Principles of Secure Design:

Question 93

Separation of duties: Dividing responsibilities to prevent fraud.

Answer 93

Defense in depth: Using multiple layers of security.

Question 94

Economy of mechanism: Keeping security mechanisms simple.

Answer 94

Complete mediation: Checking access permissions every time a resource is accessed.

Question 95

Least common mechanism: Minimizing shared security mechanisms.

Answer 95

Psychological acceptability: Security mechanisms should not be overly complex for users.

Question 96

Secure Protocols:

Answer 96

SSL/TLS: Protocols for secure communication over a network.

Question 97

IPsec: Protocol suite for securing Internet Protocol (IP) communications.

Answer 97

Virtual Private Networks (VPNs):

Question 98

Remote access VPN: VPN that allows individual users to connect to a network.

Answer 98

Wireless Security:

Question 99

WPA2: Wi-Fi security protocol using AES encryption.

Answer 99

WEP: Older

Question 100

Antivirus/anti-malware: Software that detects and removes malicious software.

Answer 100

EDR (Endpoint Detection and Response): Tools for detecting and responding to endpoint threats.

Question 101

Application control: Restricting applications that can be run on endpoints.

Answer 101

Cloud Security

Question 102

Cloud Security Controls:

Answer 102

CASB (Cloud Access Security Broker): Tools that provide visibility and control over cloud applications.

Question 103

Encryption: Protecting data in transit and at rest in the cloud.

Answer 103

Monitoring: Continuously monitoring cloud environments for threats.

Question 104

Compliance: Ensuring cloud environments meet regulatory requirements.

Answer 104

Data Security

Question 105

Public: Data that can be freely shared.

Answer 105

Internal: Data meant for internal use only.

Question 106

Top secret: Highly sensitive data with the highest level of protection.

Answer 106

Data Retention: Policies for how long data should be kept.

Question 107

Data Masking: Obscuring data to protect sensitive information.

Answer 107

Tokenization: Replacing sensitive data with non-sensitive tokens.

Question 108

contunue with the other domian

Answer 108

ChatGPT

Question 109

Continuing with the definitions for Domain 4 and Domain 5:

Answer 109

Domain 4: Security Operations and Monitoring

Question 110

Log Types:

Answer 110

Event logs: Logs generated by operating systems

Question 111

Audit logs: Logs that track changes and access to data and systems.

Answer 111

Log Management:

Question 112

Log aggregation: Combining logs from different sources for analysis.

Answer 112

Log correlation: Analyzing logs to identify patterns and relationships between events.

Question 113

SIEM (Security Information and Event Management): Tools that provide real-time analysis of security alerts.

Answer 113

ELK Stack (Elasticsearch

Question 114

Security Monitoring:

Answer 114

Network monitoring: Tracking and analyzing network traffic for signs of malicious activity.

Question 115

Application monitoring: Tracking and analyzing application performance and behavior.

Answer 115

Continuous Monitoring: Ongoing assessment of security controls and risk.

Question 116

Anomaly Detection: Identifying unusual patterns or behaviors that may indicate a security incident.

Answer 116

Trend Analysis: Identifying trends and patterns over time to predict future security incidents.

Question 117

Incident Response

Answer 117

Incident Response Process:

Question 118

Identification: Detecting and identifying potential security incidents.

Answer 118

Containment: Limiting the impact of the incident.

Question 119

Recovery: Restoring systems and operations to normal.

Answer 119

Lessons Learned: Reviewing and improving the incident response process.

Question 120

Incident Response Plan: Documented plan detailing how to respond to security incidents.

Answer 120

Forensics: Collecting and analyzing digital evidence related to security incidents.

Question 121

Threat Intelligence Sources:

Answer 121

Open source: Publicly available threat intelligence data.

Question 122

Internal: Threat intelligence data generated within the organization.

Answer 122

Threat Intelligence Types:

Question 123

Tactical: Detailed intelligence related to specific threats and attack methods.

Answer 123

Operational: Intelligence related to ongoing threats and incidents.

Question 124

Threat Intelligence Sharing: Sharing threat intelligence data with other organizations and communities.

Answer 124

Vulnerability Management

Question 125

Penetration Testing: Simulated attacks to identify vulnerabilities and assess security controls.

Answer 125

Patch Management: Process of applying patches and updates to software and systems to address vulnerabilities.

Question 126

Domain 5: Incident Response

Answer 126

Forensics

Question 127

Identification: Detecting and determining the nature of an incident.

Answer 127

Containment: Isolating affected systems to prevent further damage.

Question 128

Recovery: Restoring systems and operations to normal.

Answer 128

Lessons Learned: Reviewing the incident and improving response processes.

Question 129

Digital Forensics: Collecting

Answer 129

preserving

Question 130

EnCase: Digital forensics software for examining data.

Answer 130

FTK (Forensic Toolkit): Digital forensics tool for data analysis.

Question 131

Forensic Analysis:

Answer 131

Disk imaging: Creating a bit-by-bit copy of a storage device.

Question 132

Memory forensics: Analyzing volatile memory (RAM) for evidence.

Answer 132

Legal Considerations: Ensuring compliance with laws and regulations during forensic investigations.

Question 133

Disaster Recovery (DR):

Answer 133

DR Plan: Documented strategy for recovering IT systems and data after a disaster.

Question 134

DR Testing: Regular testing of disaster recovery plans and procedures.

Answer 134

Recovery Time Objective (RTO): Target time to restore systems after a disaster.

Question 135

Business Continuity (BC):

Answer 135

BC Plan: Documented strategy for maintaining business operations during and after a disaster.

Question 136

Business Impact Analysis (BIA): Identifying critical business functions and their dependencies.

Answer 136

Continuity of Operations: Ensuring essential functions continue during a disruption.

Question 137

Internal Communication: Coordinating communication within the organization during incidents.

Answer 137

External Communication: Communicating with external stakeholders

Question 138

Incident Coordination: Collaborating with external organizations

Answer 138

including law enforcement and industry groups.

Question 139

GDPR (General Data Protection Regulation): EU regulation on data protection and privacy.

Answer 139

HIPAA (Health Insurance Portability and Accountability Act): US regulation on health data privacy.

Question 140

SOX (Sarbanes-Oxley Act): US regulation on corporate financial practices and disclosures.

Answer 140

FISMA (Federal Information Security Management Act): US regulation on federal information security.

Question 141

Compliance Audits: Regular audits to ensure compliance with laws and regulations.

Answer 141

Data Breach Notification: Informing affected individuals and authorities about data breaches.