Chapter 1

Question 1

When does a security incident occur?

Answer 1

Security incidents occur when an organization experiences a breach of confidentiality, integrity, and/or availability

Question 2

Explain CIA triad

Answer 2

The three key objectives of cybersecurity programs are confidentiality, integrity, and availability.

• Confidentiality ensures that unauthorized individuals are not able to gain access to sensitive information.
• Integrity ensures that there are no unauthorized modifications to information or systems
• Availability ensures that information and systems are ready to meet the needs of legitimate users

Question 3

Explain DAD triad

Answer 3

Explains the three key threats to cybersecurity.

• Disclosure is the exposure of sensitive information to unauthorized individuals
• Alteration is the unauthorized modification of information
• Denial is the unintended disruption of an authorized user’s legitimate access to information

Question 4

Explain breach impact

Answer 4

• Financial risk is, as the name implies, the risk of monetary damage. Examples: the costs of rebuilding a datacenter after it is physically destroyed or the costs of contracting experts for incident response and forensic analysis services
• Reputational risk occurs when the negative publicity surrounding a security breach causes the loss of goodwill among customers. Examples: identity theft
• Strategic risk is the risk that an organization will become less effective in meeting its major goals. Examples: if the organization does not have another copy of lost plans, they may be unable to bring the new product to market
• Operational risk is risk to the organization’s ability to carry out its day-to-day functions. Examples: Operational risks may slow down business processes, delay delivery of customer orders, or require the implementation of time-consuming manual work-arounds
• Compliance risk occurs when a security breach causes an organization to run afoul of legal or regulatory requirements. Example: If an organization loses patient medical records, they violate HIPAA requirements

Question 5

Security control categories

Answer 5

Security controls are categorized based on their mechanism of action: the way that they achieve their objectives

• Technical controls enforce confidentiality, integrity, and availability. Examples: firewall rules, access control lists, intrusion prevention systems, and encryption
• Operational controls include the processes that we put in place to manage technology in a secure manner. Examples: user access reviews, log monitoring, and vulnerability management
• Managerial controls are procedural mechanisms that focus on the mechanics of the risk management process. Examples: periodic risk assessments, security planning exercises, and the incorporation of security into the organization’s change management, service acquisition, and project management practices

Question 6

Security control types

Answer 6

CompTIA also divides security into types, based on their desired effect

• Preventive controls intend to stop a security issue before it occurs. Examples: Firewalls and encryption
• Detective controls identify security events that have already occurred. Examples: Intrusion detection systems
• Corrective controls remediate security issues that have already occurred. Examples: Restoring backups after a ransomware attack
• Deterrent controls seek to prevent an attacker from attempting to violate security policies. Examples: Vicious guard dogs and barbed wire fences
• Physical controls are security controls that impact the physical world. Examples: fences, perimeter lighting, locks, fire suppression systems, and burglar alarms
• Compensating controls are controls designed to mitigate the risk associated with exceptions made to a security policy. Examples: an organization might find that it needs to run an outdated version of an operating system on a specific machine

Question 7

Where can data exist?

Answer 7

The three states where data might exist:

• Data at rest is stored data that resides on hard drives, tapes, in the cloud, or on other storage media
• Data in motion is data that is in transit over a network
• Data in processing is data that is actively in use by a computer system

Question 8

Data loss prevention

Answer 8

Data loss prevention (DLP) systems help organizations enforce information handling policies and procedures to prevent data loss and theft

• Host-based DLP
• Network-based DLP systems

Mechanisms of action:

• Pattern matching, where they watch for the telltale signs of sensitive information
• Watermarking, where systems or administrators apply electronic tags to sensitive documents and then the DLP system can monitor systems and networks for unencrypted content containing those tags

Question 9

Data minimization

Answer 9

• Hashing uses a hash function to transform a value in our dataset to a corresponding hash value
• Tokenization replaces sensitive values with a unique identifier using a lookup table
• Masking partially redacts sensitive information by replacing some or all sensitive fields with blank characters

Question 10

Data protection types

Answer 10

• Data Encryption
• Data Loss Prevention
• Data Minimization