COMPTIA SECURITY + WEEK 1 CHAPTER 1 & 2 Flashcards

1
Q

What are the three key objectives of cybersecurity?

A

Confidentiality, Integrity, Availability

These objectives are often referred to as the CIA triad.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is confidentiality in cybersecurity?

A

Ensures that unauthorized individuals cannot gain access to sensitive information

Security controls like firewalls, access control lists, and encryption are used to maintain confidentiality.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is integrity in cybersecurity?

A

Ensures that there are no unauthorized modifications to information or systems

Integrity controls include hashing and integrity monitoring solutions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is availability in cybersecurity?

A

Ensures that information and systems are ready for legitimate users when needed

Availability controls include fault tolerance, clustering, and backups.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What does the CIA triad stand for?

A

Confidentiality, Integrity, Availability

This triad is used to characterize risks, attacks, and security controls.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is nonrepudiation?

A

The assurance that someone cannot deny having taken an action

Digital signatures are a common example of nonrepudiation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are the three key threats to cybersecurity efforts according to the DAD triad?

A

Disclosure, Alteration, Denial

Each threat maps to one of the CIA triad goals.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is disclosure in the context of cybersecurity?

A

The exposure of sensitive information to unauthorized individuals

This is a violation of the principle of confidentiality.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is alteration in cybersecurity?

A

The unauthorized modification of information

This is a violation of the principle of integrity.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is denial in cybersecurity?

A

The disruption of an authorized user’s legitimate access to information

This violates the principle of availability.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What are the categories of potential impact from a security incident?

A
  • Financial Risk
  • Reputational Risk
  • Identity Theft
  • Strategic Risk
  • Operational Risk
  • Compliance Risk

Each category describes different consequences an organization may face after a breach.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is financial risk in the context of a data breach?

A

The risk of monetary damage to the organization as a result of a breach

This can include direct costs, like rebuilding a datacenter, and indirect costs, like lost business opportunities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What constitutes reputational risk?

A

Negative publicity surrounding a security breach that affects goodwill

It is often difficult to quantify this type of damage.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is identity theft risk?

A

The risk posed by exposure of personally identifiable information (PII) to malicious individuals

Organizations should protect sensitive identifiers like Social Security numbers and bank account information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Define strategic risk in the context of cybersecurity.

A

The risk that an organization will become less effective in meeting its goals due to a breach

For example, losing product development plans may hinder market competitiveness.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is operational risk?

A

Risk to the organization’s ability to carry out its day-to-day functions

This may slow down processes or require manual workarounds.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What does compliance risk entail?

A

Risk of violating legal or regulatory requirements due to a breach

An example is violating HIPAA by losing patient medical records.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

True or False: Risks often fit into only one category.

A

False

Many risks can cross multiple categories, such as reputational and financial risks arising from the same incident.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What is a gap analysis in cybersecurity?

A

A review to evaluate security controls against control objectives

Gaps identified should be treated as potential risks to be remediated.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

List the four categories of security controls.

A
  • Technical Controls
  • Operational Controls
  • Managerial Controls
  • Physical Controls

Each category achieves security objectives through different mechanisms.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What are technical controls?

A

Controls that enforce confidentiality, integrity, and availability in the digital space

Examples include firewalls, access control lists, and encryption.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

What are operational controls?

A

Processes put in place to manage technology securely

Examples include user access reviews and log monitoring.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

What are managerial controls?

A

Procedural mechanisms focusing on the risk management process

Examples include risk assessments and security planning.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

What are physical controls?

A

Security controls that impact the physical world

Examples include fences, locks, and fire suppression systems.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

What is the primary focus of security professionals?

A

Protecting the confidentiality, integrity, and availability of sensitive data

This is often referred to as the CIA triad.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

What are the three states of data?

A
  • Data at rest
  • Data in transit
  • Data in use
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

What is the purpose of preventive controls?

A

To stop a security issue before it occurs

Examples include firewalls and encryption.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

What do corrective controls do?

A

Remediate security issues that have already occurred

An example is restoring backups after a ransomware attack.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

What is a compensating control?

A

A control designed to mitigate the risk associated with exceptions made to a security policy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

What criteria must a compensating control meet according to PCI DSS?

A
  • Meet the intent and rigor of the original requirement
  • Provide a similar level of defense as the original requirement
  • Be above and beyond other PCI DSS requirements
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

What is data loss prevention (DLP)?

A

Systems that help organizations enforce information handling policies to prevent data loss and theft

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

What are the two environments where DLP systems operate?

A
  • Agent-based DLP
  • Agentless (network-based) DLP
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

What is data minimization?

A

Techniques that seek to reduce risk by decreasing the amount of sensitive information maintained

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

What is the process of transforming sensitive data into a format where the original information can’t be retrieved called?

A

Data obfuscation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

What are the two common types of access restrictions?

A
  • Geographic restrictions
  • Permission restrictions
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

What does the CIA triad stand for?

A
  • Confidentiality
  • Integrity
  • Availability
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

What is nonrepudiation?

A

Prevents someone from denying that they took an action

Digital signatures are a common example of nonrepudiation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

What are the categories of security controls based on their mechanism of action?

A
  • Managerial
  • Operational
  • Physical
  • Technical
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

How do DLP systems detect sensitive information?

A
  • Pattern matching
  • Watermarking
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

What is the risk associated with hashing sensitive data?

A

Rainbow table attacks can be conducted if an attacker has a list of possible values

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

What is the function of segmentation in network security?

A

Places sensitive systems on separate networks with strict communication restrictions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q

What happens during a data breach?

A

Organizations suffer both direct and indirect damages, including financial repercussions and reputational damage

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
43
Q

What is the goal of data encryption?

A

To protect information from unauthorized access while it is in transit and at rest

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
44
Q

What is the main purpose of directive controls?

A

To inform employees and others what they should do to achieve security objectives

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
45
Q

What is masking in the context of data protection?

A

Partially redacting sensitive information by replacing some or all sensitive fields with blank characters

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
46
Q

Fill in the blank: The three core objectives of cybersecurity are _______.

A

[confidentiality, integrity, availability]

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
47
Q

What has caused the increase in sophistication and diversity of cybersecurity threats?

A

The involvement of skilled technologists, organized criminal syndicates, and government-sponsored attackers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
48
Q

What are the three key aspects that cybersecurity professionals must safeguard?

A
  • Confidentiality
  • Integrity
  • Availability
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
49
Q

What is essential for developing appropriate defensive mechanisms against cybersecurity threats?

A

A strong understanding of the threat environment.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
50
Q

What are the two main categories of threat actors based on their origin?

A
  • Internal
  • External
51
Q

What are the key characteristics that differentiate cybersecurity threat actors?

A
  • Level of Sophistication/Capability
  • Resources/Funding
  • Intent/Motivation
52
Q

True or False: All cybersecurity threats come from external sources.

53
Q

What term is used to describe unskilled attackers who rely on automated tools?

A

Script kiddie

54
Q

What is the primary motivation of unskilled attackers?

A

Proving their skill.

55
Q

What is the defining characteristic of hacktivists?

A

They use hacking techniques to accomplish activist goals.

56
Q

Who is considered a notable hacktivist for leaking sensitive government documents?

A

Edward Snowden

57
Q

What is the primary motive of organized crime in the context of cybercrime?

A

Illegal financial gain.

58
Q

List two types of cybercrime activities organized crime groups are involved in.

A
  • Ransomware
  • Online fraud
59
Q

What does APT stand for in cybersecurity?

A

Advanced Persistent Threat

60
Q

What distinguishes APT attacks from other types of attacks?

A

They use advanced techniques and are persistent over time.

61
Q

What is a zero-day attack?

A

An attack that exploits vulnerabilities unknown to product vendors.

62
Q

What is a common outcome of insider threats?

A

Disclosing confidential information.

63
Q

Fill in the blank: A _______ hacker acts with authorization to discover and correct security vulnerabilities.

64
Q

Fill in the blank: A _______ hacker has malicious intent and seeks to compromise systems for unauthorized purposes.

65
Q

Fill in the blank: A _______ hacker acts without proper authorization but intends to inform targets of vulnerabilities.

66
Q

What is a common trait of the hacktivist group Anonymous?

A

They collectively decide their agenda and targets.

67
Q

What do organized crime groups prefer regarding their activities?

A

To remain in the shadows and draw little attention.

68
Q

What are the resources like for organized crime compared to other threat actors?

A

They tend to have more resources in terms of time and money.

69
Q

What is the primary motivation behind insider attacks?

A

Insiders may be motivated by various factors, including activist goals, financial gain, or personal grievances.

70
Q

True or False: Insiders typically work with a team to execute their attacks.

71
Q

What is shadow IT?

A

Shadow IT refers to the use of technology services by employees that are not approved by the organization.

72
Q

What risks does shadow IT pose to an organization?

A

It puts sensitive information in the hands of vendors outside of the organization’s control.

73
Q

What types of information might competitors seek to steal through corporate espionage?

A
  • Customer information
  • Proprietary software
  • Confidential product development plans
  • Other beneficial information
74
Q

What is a common source for competitors to obtain insider information?

A

The dark web

75
Q

List some primary motivations behind cyberattacks.

A
  • Data exfiltration
  • Espionage
  • Service disruption
  • Blackmail
  • Financial gain
  • Philosophical/political beliefs
  • Ethical hacking
  • Revenge
  • Disruption/chaos
  • War
76
Q

What is a threat vector?

A

A threat vector is the means that threat actors use to gain access to an organization’s systems or information.

77
Q

Fill in the blank: Email is one of the most commonly exploited _______.

A

[threat vectors]

78
Q

What type of attack involves tricking a user into opening a file that contains malicious code?

A

Malware infection

79
Q

How can attackers use removable devices to spread malware?

A

By distributing USB drives in public areas, hoping users will plug them into their computers.

80
Q

What is meant by the term ‘supply chain attack’?

A

An attack that targets an organization’s vendors and suppliers to indirectly compromise the organization.

81
Q

What is threat intelligence?

A

Threat intelligence encompasses activities and resources that help cybersecurity professionals learn about changes in the threat environment.

82
Q

What are indicators of compromise (IoCs)?

A

Signs that an attack has taken place, such as file signatures and log patterns.

83
Q

True or False: Open source threat intelligence is acquired from publicly available sources.

84
Q

What is the significance of vulnerability databases in threat intelligence?

A

They direct defensive efforts and provide insights into the types of exploits being discovered.

85
Q

List some examples of open source threat intelligence sources.

A
  • Senki.org
  • Open Threat Exchange
  • MISP Threat Sharing project
  • Threatfeeds.io
86
Q

What role does the Cybersecurity & Infrastructure Security Agency (CISA) play in threat intelligence?

A

CISA provides alerts and resources related to cybersecurity threats.

87
Q

What can organizations do to reduce their attack surface?

A

Implement effective security measures and risk mitigation strategies.

88
Q

Fill in the blank: Attackers may gain access to hardware devices at the _______ or while the devices are in transit.

A

[manufacturer]

89
Q

What is the website for the U.S. Cybersecurity & Infrastructure Security Agency (CISA)?

A

www.cisa.gov

90
Q

What does CISA’s Automated Indicator Sharing (AIS) program focus on?

A

Information sharing regarding cyber threats

91
Q

Name one Australian cybersecurity resource.

A

Australian Signals Directorate’s Cyber Security Centre: www.cyber.gov.au

92
Q

What is the purpose of the Spamhaus Project?

A

Focuses on blocklists including spam and compromised computers

93
Q

True or False: The dark web uses standard Internet connections without encryption.

94
Q

What is the primary use of dark web marketplaces by hackers?

A

To share information and sell stolen credentials and data

95
Q

What is proprietary threat intelligence?

A

Intelligence created by organizations that is not publicly available

96
Q

What are the potential reasons for using proprietary threat intelligence?

A
  • Keep data secret
  • Sell or license the data
  • Protect methods and sources
97
Q

What is a confidence score in threat intelligence?

A

A measure to filter and assess the trustworthiness of threat information

98
Q

What does STIX stand for?

A

Structured Threat Information eXpression

99
Q

Fill in the blank: STIX is an _______ language originally sponsored by the U.S. Department of Homeland Security.

100
Q

What is the purpose of the Trusted Automated eXchange of Intelligence Information (TAXII) protocol?

A

To communicate cyber-threat information at the application layer via HTTPS

101
Q

What is the role of Information Sharing and Analysis Centers (ISACs)?

A

Facilitate sharing of threat information among infrastructure owners

102
Q

What year was the ISAC concept introduced?

103
Q

Name a source for conducting your own cybersecurity research.

A
  • Vendor security information websites
  • Academic journals
  • Social media accounts of security professionals
104
Q

What are common motivations for cyberattacks?

A
  • Data exfiltration
  • Espionage
  • Financial gain
  • Political beliefs
105
Q

How can attackers gain initial access to an organization?

A
  • Remotely over the Internet
  • Wireless connection
  • Direct physical access
106
Q

What is a common vector for cyberattacks?

A

Email and social media

107
Q

What is the significance of threat maps in cybersecurity?

A

Provide a geographic view of threat intelligence

108
Q

True or False: Geographic attribution in threat maps is always reliable.

109
Q

What is the potential issue when a threat feed fails?

A

It can lead to delayed detection and exposure of systems

110
Q

What is the purpose of threat indicator management?

A

To standardize and automate processing of threat information

111
Q

What is the confidence rating scale used for threat intelligence?

A
  • Confirmed (90–100)
  • Probable (70–89)
  • Possible (50–69)
  • Doubtful (30–49)
  • Improbable (2–29)
  • Discredited (1)
112
Q

What does the term ‘threat actor’ refer to?

A

An individual or group that conducts a cyberattack

113
Q

What are advanced persistent threats (APTs)?

A

Sophisticated attacks typically associated with nation-state actors

114
Q

Fill in the blank: Cybersecurity threats may be classified based on their internal or _______ status.

115
Q

What are common methods attackers use to gain initial access to an organization?

A

Attackers may gain access through:
* Remote access over the Internet
* Wireless connections
* Direct physical access
* Email or social media interactions
* Removable media tricks
* Cloud services exploits

116
Q

What is the purpose of threat intelligence for organizations?

A

Threat intelligence provides valuable insight into the threat landscape.

117
Q

How do security teams utilize threat intelligence?

A

Security teams leverage threat intelligence from:
* Public sources
* Private sources
* Their own research

118
Q

What are indicators of compromise?

A

Indicators of compromise are detailed signs that help identify current threats and vulnerabilities.

119
Q

What is the role of predictive analytics in threat intelligence?

A

Predictive analytics helps security teams analyze their own data for potential threats.

120
Q

Why must security teams monitor for supply chain risks?

A

Modern enterprises depend on vendors for IT services, making them vulnerable to external attacks.

121
Q

What vendor management techniques protect the supply chain?

A

Vendor management techniques protect against attackers targeting:
* Outsourced code development
* Cloud data storage
* Integration between external and internal systems

122
Q

True or False: Attackers only use direct physical access to compromise networks.

123
Q

Fill in the blank: Security professionals should pay particular attention to risks posed by _______.

A

[outsourced code development, cloud data storage, integration between external and internal systems]