Chapter 1: Mastering Security Basics

Question 1

What are the 3 main components of the “security triad” (CIA)?

Answer 1

Confidentiality, Integrity, Availabillity

Question 2

What is a “use case”?

Answer 2

A series of steps taken to complete a process by following a specific Place Order (basically a checklist). (This order can follow a Normal Flow where steps are done in a specified order, or Alternate flow where steps are repeated or done in a random manner.)

Eg: In an e-commerce use case, elements might include:
Actor: Lisa is shopping online
Precondition: Lisa needs to select an item to buy before she can place an order
Trigger: Lisa clicks on her shopping cart to begin the purchase process
Postcondition: Lisa’s order enters into the system, she might be billed, the item is shipped

Question 3

What prevents the unauthorised disclosure of data?

Answer 3

Confidentiality

Question 4

What method is used to scramble data to make it unreadable by unauthorised personnel?

Answer 4

Encryption

Question 5

What does PII stand for?

Answer 5

Personally Identifiable Information

Question 6

What can be used to grant and/or restrict specific users access to specified data?

Answer 6

Access Controls

Question 7

What are the 3 key elements used as Access Controls?

Answer 7

Identification, Authentication, Authorisation

Eg. Identification = an identity claimed by a user with a unique username
Authentication = a password
Authorisation = use of permissions

Question 8

What confidentiality method is the practice of hiding data within data?
(Hiding data in plain sight)

Answer 8

Steganography

Question 9

What confidentiality methods attempt to make something unclear or difficult to understand?
(Security through obscurity)

Answer 9

Obfuscation

Question 10

What provides assurances that data has not changed/modified/tampered with/corrupted?

Answer 10

Integrity

Question 11

What do you call a number created by executing a type of algorithm against data, such as a file or a message?

Answer 11

A hash (Hashing)

By comparing hashes created at two different times, you can determine if the original data is still the same. If the hashes are the same, the data is the same. If the hashes are different, the data has changed.

Question 12

What can verify the integrity of emails and files and also provide authentication and non-repuditation?
(These require certificates.)

Answer 12

Digital signature

Question 13

What indicates that data and services are available when needed?

Answer 13

Availability

Question 14

What are some common examples of fault-tolerance?

Answer 14

- Disk redundancies
(RAIDs)
- Server redundancies
(failover clusters)
-Load Balancing 
(multiple servers for single service)
-Site redundancies
(alternate hot or cold sites in case of natural disasters)
-Backups
(data can be restored)
-Alternate power
(UPSs/power generators)
-Cooling systems
(HVAC)

Question 15

What is the possibility or likelihood of a threat exploiting a vulnerability resulting in a loss?

Answer 15

Risk

Question 16

What would you call any circumstance or event that has the potential to compromise confidentiality, integrity, or availability?

Answer 16

A Threat

Question 17

What is another word for a weakness that’s often used in the world of IT Security?

Answer 17

A Vulnerability

Question 18

What is an adverse event or series of events that can negatively affect the confidentiality, integrity or availability of an orgainisation’s IT systems and data?

Answer 18

A Security Incident

Question 19

What can be used to reduce the chance that a threat will exploit a vulnerability?

Answer 19

Risk Mitigation

also sometimes called countermeasures or safeguards

Question 20

What are some examples of Technical controls?

Answer 20

• Encryption
• Antivirus software
• IDSs and IPSs
• Firewalls
• Least privelege