Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Security+ > Chapter 1 & 2 Todays Security Professional & CyberSecurity Threat Landscape > Flashcards

Chapter 1 & 2 Todays Security Professional & CyberSecurity Threat Landscape Flashcards

1
Q
  1. What is the CIA triad of cybersecurity?
    2a. What is C**?
    2b. What is I    ?
    2c. What is A    **?
  2. What data obfuscation method is used above?
A
  1. Confidentiality, Integrity, and Availability
    2a. Ensures unauthorized users cannot access information
    2b. Ensures there are no unauthorized modifications to data or systems
    2c. Ensures that info and systems are ready to meet the needs of users when requested.
  2. Masking
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q
  1. What is the DAD Triad?
A
  1. Disclosure, Alteration, Denial
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What differentiates Strategic vs. Operational Risk?

A

If a risk threatens the very existence of an organization and its ability to execute business plans, that is a strategic risk, which seriously jeopardizes the organizations ongoing viability. If a risk only causes inefficiency and delay within the organization, that is operational.

Strategic Risk - risk that an organization will become less effective in meeting its major goals and objectives as a result of a breach.
Operational Risk - risk to an organizations ability to carry out day to day functions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Breach Impact: other risks

A

Financial Risk
Reputational Risk
Compliance Risk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Security Controls

A

Technical Controls - enforce CIA in digital space. ex. firewall rules, ACLs, IPSs, Encryption.
Operational Controls - processes put in place to manage technology, access reviews, log monitoring, vulnerability management.
Managerial Controls - procedural mechanisms that focus on mechanics of risk management, periodic risk assessments, security planning exercises, security practice incorporation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Security Control Types

A

Preventative Controls - Firewalls and encryption
Detective Controls - Intrusion Detection (IDS)
Corrective Controls - Restoring backups after ransomware attack
Deterrent Controls - Guard dogs, barbed wire fences, etc.
Physical Controls - fences, lighting, locks, fire suppression/burglar alarms
Compensating Controls - designed to mitigate risk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

PCI DSS Compensating Controls Criteria:

A

Control must meet intent and rigor of OEM requirement
Control must provide similar defense as OEM requirement
Control must be “above and beyond” other PCI DSS requirements

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

Security+ (16 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions