CompTIA Security+

Question 1

Confidentiality

Answer 1

Ensures that unauthorized individuals are not able to gain access to sensitive information.

Question 2

Integrity

Answer 2

ensures that there are no unauthorized modifications to information or systems, either intentionally or unintentionally.

Question 3

Availability

Answer 3

ensures that information and systems are ready to meet the needs of legitimate users at the time those users request them.

Question 4

Nonrepudiation

Answer 4

while not part of the CIA triad, is also an important goal of some cybersecurity controls. ________ means that someone who performed some action, such as sending a message, cannot later deny having taken that action.

Question 5

Security incidents

Answer 5

occur when an organization experiences a breach of the confidentiality, integrity, and/or availability of information or information systems.

Question 6

Disclosure

Answer 6

is the exposure of sensitive information to unauthorized individuals, otherwise known as data loss.

Question 7

Alteration

Answer 7

is the unauthorized modification of information and is a violation of the principle of integrity.

Question 8

Denial

Answer 8

is the disruption of an authorized user’s legitimate access to information.

Question 9

Financial risk

Answer 9

is, as the name implies, the risk of monetary damage to the organization as the result of a data breach.

Question 10

Reputational risk

Answer 10

occurs when the negative publicity surrounding a security breach causes the loss of goodwill among customers, employees, suppliers, and other stakeholders.

Question 11

Strategic risk

Answer 11

is the risk that an organization will become less effective in meeting its major goals and objectives as a result of the breach.

Question 12

Operational risk

Answer 12

is risk to the organization’s ability to carry out its day-to-day functions.

Question 13

Compliance risk

Answer 13

occurs when a security breach causes an organization to run afoul of legal or regulatory requirements. F

Question 14

Gap Analysis

Answer 14

the cybersecurity professional reviews the control objectives for a particular organization, system, or service and then examines the controls designed to achieve those objectives. If there are any cases where the controls do not meet the control objective, that is an example of a ___.

Question 15

Technical controls

Answer 15

enforce confidentiality, integrity, and availability in the digital space. Examples of ________ security controls include firewall rules, access control lists, intrusion prevention systems, and encryption.

Question 16

Operational controls

Answer 16

include the processes that we put in place to manage technology in a secure manner. These include user access reviews, log monitoring, and vulnerability management.

Question 17

Managerial controls

Answer 17

are procedural mechanisms that focus on the mechanics of the risk management process. Examples of administrative ______ controls include periodic risk assessments, security planning exercises, and the incorporation of security into the organization’s change management, service acquisition, and project management practices.

Question 18

Physical controls

Answer 18

are security controls that impact the ______ world. Examples of _______ security controls include fences, perimeter lighting, locks, fire suppression systems, and burglar alarms.

Question 19

Preventive controls

Answer 19

intend to stop a security issue before it occurs. Firewalls and encryption are examples of _______ controls.

Question 20

Deterrent controls

Answer 20

seek to prevent an attacker from attempting to violate security policies. Vicious guard dogs and barbed wire fences are examples of ________ controls.

Question 21

Detective controls

Answer 21

identify security events that have already occurred. Intrusion detection systems are ________ controls.

Question 22

Corrective controls

Answer 22

remediate security issues that have already occurred. Restoring backups after a ransomware attack is an example of a ______ control.

Question 23

Compensating controls

Answer 23

are controls designed to mitigate the risk associated with exceptions made to a security policy.

Question 24

Directive controls

Answer 24

inform employees and others what they should do to achieve security objectives. Policies and procedures are examples of _______ controls.

Question 25

Data at rest

Answer 25

is stored data that resides on hard drives, tapes, in the cloud, or on other storage media. This data is prone to theft by insiders or external attackers who gain access to systems and are able to browse through their contents.

Question 26

Data in transit

Answer 26

is data that is in motion/_____ over a network. When data travels on an untrusted network, it is open to eavesdropping attacks by anyone with access to those networks.

Question 27

Data in use

Answer 27

is data that is actively in use by a computer system. This includes the data stored in memory while processing takes place. An attacker with control of the system may be able to read the contents of memory and steal sensitive information.

Question 28

Encryption

Answer 28

technology uses mathematical algorithms to protect information from prying eyes, both while it is in transit over a network and while it resides on systems.

Question 29

Data Loss Prevention (DLP)

Answer 29

systems help organizations enforce information handling policies and procedures to prevent data loss and theft.

Question 30

DLP systems work in two different environments:

Answer 30

NAME?

Question 31

Agent-based DLP

Answer 31

-uses software agents installed on systems that search those systems for the presence of sensitive information. These searches often turn up Social Security numbers, credit card numbers, and other sensitive information in the most unlikely places!

Question 32

Agentless (network-based) DLP

Answer 32

systems are dedicated devices that sit on the network and monitor outbound network traffic, watching for any transmissions that contain unencrypted sensitive information. They can then block those transmissions, preventing the unsecured loss of sensitive information.

Question 33

DLP systems also have two mechanisms of action:

Answer 33

NAME?

Question 34

Pattern matching

Answer 34

where they watch for the telltale signs of sensitive information.

Question 35

Watermarking

Answer 35

where systems or administrators apply electronic tags to sensitive documents and then the DLP system can monitor systems and networks for unencrypted content containing those tags

Question 36

Hashing

Answer 36

uses a _____ function to transform a value in our dataset to a corresponding hash value. If we apply a strong _____ function to a data element, we may replace the value in our file with the ______ value

Question 37

Tokenization

Answer 37

replaces sensitive values with a unique identifier using a lookup table. For example, we might replace a widely known value, such as a student ID, with a randomly generated 10-digit number.

Question 38

Masking

Answer 38

partially redacts sensitive information by replacing some or all sensitive fields with blank characters.

Question 39

Access restrictions

Answer 39

are security measures that limit the ability of individuals or systems to access sensitive information or resources.

Question 40

Two common types of access restrictions:

Answer 40

NAME?

Question 41

Geographic restrictions

Answer 41

limit access to resources based on the physical location of the user or system.

Question 42

Permission restrictions

Answer 42

limit access to resources based on the user’s role or level of authorization.

Question 43

Segmentation

Answer 43

places sensitive systems on separate networks where they may communicate with each other but have strict restrictions on their ability to communicate with systems on other networks.

Question 44

Isolation

Answer 44

goes a step further and completely cuts a system off from access to or from outside networks.