Chapter 01 - Todays Security Professional

Question 1

What is Confidentiality

Answer 1

Confidentiality ensures that unauthorized individuals are not able to gain access to sensitive data.

Question 2

Name 3 cyber security objectives.

Answer 2

CIA:
* Confidentiality
* Integrity
* Availability

Question 3

Integrity

Answer 3

Ensures that there is no unauthorized modifications to information or systems, either intentionally or unintentionally.

Question 4

What is Availability

Answer 4

Ensures that info and systems are rready to meet the needs of legimitate users at the time those users request it.

Question 5

Name some confidentiality security controls.

Answer 5

• Firewalls
• Access Control Lists
• Encryption

Question 6

Name some Integrity controls.

Answer 6

• Hashing
• Integrity Monitoring Solutions

Question 7

Name some availability controls.

Answer 7

• Fault tolerance
• Clustering
• Backups

Question 8

________ occur when an organization experiences a breach of the confidentiality, integrity, and/or availability of information or information systems.

Answer 8

Security Incidents occur when an organization experiences a breach of the confidentiality, integrity, and/or availability of information or information systems.

Question 9

Name the DAD triad

Answer 9

Disclosure
Alteration
Denial

Question 10

_____ model explains the three key threats to cyber security efforts.

Answer 10

DAD triad model explains the three key threats to cyber security efforts.

Question 11

_____ is the exposure of sensitive information to unauthorized individuals, otherwise known as data loss.

Answer 11

Disclosure

Question 12

_____ is the unauthorized modification of information and is a violation of the principle of integrity.

Answer 12

Alteration

Question 13

_____ is the unintended disruption of an authorized users legitimate access to information.

Answer 13

Denial

Question 14

Attackers who gain access to sensitive information and remote it from the organization are said to be performing _______.

Answer 14

Data exfiltration

Question 15

We can categorize the potential impact of a security incident using the same categories that businesses generally use to describe any type of risk. The categories are ____, _____, _____, _____ and _____.

Answer 15

Financial, Reputational, Strategic, Operational, and Compliance

Question 16

________ is the risk of monetary damage to the organization as the result of the data breach.

Answer 16

Financial

Question 17

______ risk occurs when the negative publicity surrounding a security breach causes the loss of goodwill among customers, employees, suppliers, and other stakeholders.

Answer 17

Reputational risk

Question 18

________ is the risk that an organization will become less effective in meeting its major goals and objectives as a result of the breach.

Answer 18

Strategic Risk

Question 19

_____ is risk to the organization’s ability to carry out its day-to-day functions. This may slow down business processes, delay delivery of customer orders, or require the implementation of time-consuming manual work-arounds to normally automated practices.

Answer 19

Operational Risk

Question 20

_____ occurs when a security breach causes an organization to run afoul of legal or regulatory requirements.

Answer 20

Compliance Risk

Question 21

______ requires that health-care providers and other covered entities protect the confidentiality, integrity and availability of protected health information (PHI).

Answer 21

HIPAA

Question 22

HIPAA is an example of a ______ risk.

Answer 22

Compliance

Question 23

Losing a laptop with new product development plans fits under _______ risk.

Answer 23

Strategic Risk

Question 24

Name the three security control categories.

Answer 24

Technical, Operational and Managerial Controls.

Question 25

______ enforce confidentiality, integrity and availability in the digital space. Examples include firewall rules.

Answer 25

Technical Controls

Question 26

_____ include the processes that we put in place to manage technology in a secure manner.

Answer 26

Operational controls

Question 27

______ are procedural mechanisms that focus on the mechanics of the risk management process.

Answer 27

Managerial controls

Question 28

What security control is the following:
Firewall, Intrusion prevention system, encryption, and access control lists.

Answer 28

Technical Controls

Question 29

What security control is the following:
Access Reviews, Log monitoring, and vulnerability management.

Answer 29

Operational Controls

Question 30

What security control is the following:
“Periodic risk assessments, security planning exercises, and the incorporation of security into the organization’s change management, service acquisition, and project management practices. “

Answer 30

Managerial controls

Question 31

____ controls intend to stop a security issue before it occurs.

Answer 31

Preventive Controls

Question 32

___ controls identify security events that have already occurred. Example: Intrusion detection system.

Answer 32

Detective Controls

Question 33

____ controls remediate security issues that have already occurred. Restoring backups after a ransomware attack is an example.

Answer 33

Corrective Controls

Question 34

____ controls seek to prevent an attacker from attempting to violating security policies.

Answer 34

Deterrent Controls

Question 35

_____ controls are security controls that impact the physical world.

Answer 35

Physical controls

Question 36

___ controls are controls designed to mitigate the risk associated with exceptions made to a security policy.

Answer 36

Compensating controls

Question 37

Payment Card Industry Data Security Standard (PCI DSS) includes one of the most formal _______ control processes in use today.

Answer 37

Payment Card Industry Data Security Standard (PCI DSS) includes one of the most formal compensating control processes in use today.

Question 38

Intrusion detection systems are ____ controls.

Answer 38

Detective Controls

Question 39

Firewalls and encryption are _____ controls.

Answer 39

Preventive

Question 40

Vicious guard dogs, barbed wire fences are an example of ______ control. (Not a physical control)

Answer 40

Deterrent control

Question 41

Name the three states where data might exists:

Answer 41

1. Data in Motion
2. Data at Rest
3. Data in processing

Question 42

_______ technology uses mathematical algorithms to protect information from prying eyes, both while it is in transit over a network and while it resides on systems.

Answer 42

Encryption

Question 43

_________ systems help organizations enforce information handling policies and procedures to prevent data loss and theft.

Answer 43

Data Loss Prevention (DLP)

Question 44

______ systems uses software agents installed on systems that search systems for the presence of sensitive information.

Answer 44

Host based DLP

Question 45

______ systems are dedicated devices that sit on the network and monitor outbound network traffic, watching for any transmissions that contain unencrypted sensitive information.

Answer 45

Network-based DLP systems

Question 46

DLP systems detect sensitive information using two methods: _________ and/or _______.

Answer 46

pattern maching and/or digital watermarking

Question 47

________ techniques seek to reduce risk by reducing the amount of sensitive information that we maintain on a regular basis.

Answer 47

Data minimization

Question 48

The best way to achieve data minimization is through _______.

Answer 48

Destroying data

Question 49

________ process removes the ability to link data back to an individual, reducing its sensitivity.

Answer 49

De-identification

Question 50

An alternative to de-identifying data is transforming it into a format where the orginal information can’t be retrieved. This process is called _______.

Answer 50

Data Obfuscation

Question 51

Name 3 tools that can assist with data obfuscation.

Answer 51

Hashing, Tokenization, and Masking

Question 52

____ uses a function to transform a value in our dataset to a corresponding hash value.

Answer 52

Hashing

Question 53

____ replaces sensitive values with a unique identifier using a lookup table.

Answer 53

Tokenization

Question 54

_____ partially redacts sensitive information by replacing some or all sensitive fields with blank characters.

Answer 54

Masking