Chapter 1 - Security Fundamentals

Question 1

What does CIA stand for?

Answer 1

Confidentiality, Integrity, Availability

Question 2

What is the concept of “Least Privilege”?

Answer 2

Users should be granted access to what they need and nothing more.

Question 3

What is the concept of “Separation of Duties”?

Answer 3

Ensures that no single person has complete control/oversight over a process

Question 4

What are the different types of sensitive Data?

Answer 4

Personal Identifiable Information (PII)

Protected Health Information (PHI)

Intellectual Property (IP) such as Industrial Property and Copyrights

Question 5

What is Defense in Depth?

Answer 5

The implementation of several layers of defense aiming to minimize the impact of threats.

Question 6

What is Nonrepudiation?

Answer 6

Ensures a party cannot believably deny performing an action, ensuring actions can be accurately attributed to an entity.

Question 7

What does the “Security triple AAA” stand for?

Answer 7

Authentication, Authorization, Accounting

Question 8

In the security AAA, what does “Authentication” entail?

Answer 8

Authentication is to confirm the identity of the user typically done via “username:password” combination.

Question 9

In the security AAA, what does “Authorization” entail?

Answer 9

Authorization is when the authenticated user is allocated access and permission rights to systems and data.

Question 10

In the security AAA, what does “Accounting” entail?

Answer 10

Accounting is when all user activity within a system is logged for monitored for purposes of analysis and nonrepudiation.