COMPTIA SECURITY + WEEK 1 CHAPTER 1 & 2 Flashcards

1
Q

What are the three key objectives of cybersecurity?

A

Confidentiality, Integrity, Availability

These objectives are often referred to as the CIA triad.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is confidentiality in cybersecurity?

A

Ensures that unauthorized individuals cannot gain access to sensitive information

Security controls like firewalls, access control lists, and encryption are used to maintain confidentiality.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is integrity in cybersecurity?

A

Ensures that there are no unauthorized modifications to information or systems

Integrity controls include hashing and integrity monitoring solutions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is availability in cybersecurity?

A

Ensures that information and systems are ready for legitimate users when needed

Availability controls include fault tolerance, clustering, and backups.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What does the CIA triad stand for?

A

Confidentiality, Integrity, Availability

This triad is used to characterize risks, attacks, and security controls.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is nonrepudiation?

A

The assurance that someone cannot deny having taken an action

Digital signatures are a common example of nonrepudiation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are the three key threats to cybersecurity efforts according to the DAD triad?

A

Disclosure, Alteration, Denial

Each threat maps to one of the CIA triad goals.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is disclosure in the context of cybersecurity?

A

The exposure of sensitive information to unauthorized individuals

This is a violation of the principle of confidentiality.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is alteration in cybersecurity?

A

The unauthorized modification of information

This is a violation of the principle of integrity.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is denial in cybersecurity?

A

The disruption of an authorized user’s legitimate access to information

This violates the principle of availability.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What are the categories of potential impact from a security incident?

A
  • Financial Risk
  • Reputational Risk
  • Identity Theft
  • Strategic Risk
  • Operational Risk
  • Compliance Risk

Each category describes different consequences an organization may face after a breach.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is financial risk in the context of a data breach?

A

The risk of monetary damage to the organization as a result of a breach

This can include direct costs, like rebuilding a datacenter, and indirect costs, like lost business opportunities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What constitutes reputational risk?

A

Negative publicity surrounding a security breach that affects goodwill

It is often difficult to quantify this type of damage.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is identity theft risk?

A

The risk posed by exposure of personally identifiable information (PII) to malicious individuals

Organizations should protect sensitive identifiers like Social Security numbers and bank account information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Define strategic risk in the context of cybersecurity.

A

The risk that an organization will become less effective in meeting its goals due to a breach

For example, losing product development plans may hinder market competitiveness.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is operational risk?

A

Risk to the organization’s ability to carry out its day-to-day functions

This may slow down processes or require manual workarounds.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What does compliance risk entail?

A

Risk of violating legal or regulatory requirements due to a breach

An example is violating HIPAA by losing patient medical records.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

True or False: Risks often fit into only one category.

A

False

Many risks can cross multiple categories, such as reputational and financial risks arising from the same incident.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What is a gap analysis in cybersecurity?

A

A review to evaluate security controls against control objectives

Gaps identified should be treated as potential risks to be remediated.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

List the four categories of security controls.

A
  • Technical Controls
  • Operational Controls
  • Managerial Controls
  • Physical Controls

Each category achieves security objectives through different mechanisms.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What are technical controls?

A

Controls that enforce confidentiality, integrity, and availability in the digital space

Examples include firewalls, access control lists, and encryption.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

What are operational controls?

A

Processes put in place to manage technology securely

Examples include user access reviews and log monitoring.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

What are managerial controls?

A

Procedural mechanisms focusing on the risk management process

Examples include risk assessments and security planning.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

What are physical controls?

A

Security controls that impact the physical world

Examples include fences, locks, and fire suppression systems.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
What is the primary focus of security professionals?
Protecting the confidentiality, integrity, and availability of sensitive data ## Footnote This is often referred to as the CIA triad.
26
What are the three states of data?
* Data at rest * Data in transit * Data in use
27
What is the purpose of preventive controls?
To stop a security issue before it occurs ## Footnote Examples include firewalls and encryption.
28
What do corrective controls do?
Remediate security issues that have already occurred ## Footnote An example is restoring backups after a ransomware attack.
29
What is a compensating control?
A control designed to mitigate the risk associated with exceptions made to a security policy
30
What criteria must a compensating control meet according to PCI DSS?
* Meet the intent and rigor of the original requirement * Provide a similar level of defense as the original requirement * Be above and beyond other PCI DSS requirements
31
What is data loss prevention (DLP)?
Systems that help organizations enforce information handling policies to prevent data loss and theft
32
What are the two environments where DLP systems operate?
* Agent-based DLP * Agentless (network-based) DLP
33
What is data minimization?
Techniques that seek to reduce risk by decreasing the amount of sensitive information maintained
34
What is the process of transforming sensitive data into a format where the original information can't be retrieved called?
Data obfuscation
35
What are the two common types of access restrictions?
* Geographic restrictions * Permission restrictions
36
What does the CIA triad stand for?
* Confidentiality * Integrity * Availability
37
What is nonrepudiation?
Prevents someone from denying that they took an action ## Footnote Digital signatures are a common example of nonrepudiation.
38
What are the categories of security controls based on their mechanism of action?
* Managerial * Operational * Physical * Technical
39
How do DLP systems detect sensitive information?
* Pattern matching * Watermarking
40
What is the risk associated with hashing sensitive data?
Rainbow table attacks can be conducted if an attacker has a list of possible values
41
What is the function of segmentation in network security?
Places sensitive systems on separate networks with strict communication restrictions
42
What happens during a data breach?
Organizations suffer both direct and indirect damages, including financial repercussions and reputational damage
43
What is the goal of data encryption?
To protect information from unauthorized access while it is in transit and at rest
44
What is the main purpose of directive controls?
To inform employees and others what they should do to achieve security objectives
45
What is masking in the context of data protection?
Partially redacting sensitive information by replacing some or all sensitive fields with blank characters
46
Fill in the blank: The three core objectives of cybersecurity are _______.
[confidentiality, integrity, availability]
47
What has caused the increase in sophistication and diversity of cybersecurity threats?
The involvement of skilled technologists, organized criminal syndicates, and government-sponsored attackers.
48
What are the three key aspects that cybersecurity professionals must safeguard?
* Confidentiality * Integrity * Availability
49
What is essential for developing appropriate defensive mechanisms against cybersecurity threats?
A strong understanding of the threat environment.
50
What are the two main categories of threat actors based on their origin?
* Internal * External
51
What are the key characteristics that differentiate cybersecurity threat actors?
* Level of Sophistication/Capability * Resources/Funding * Intent/Motivation
52
True or False: All cybersecurity threats come from external sources.
False
53
What term is used to describe unskilled attackers who rely on automated tools?
Script kiddie
54
What is the primary motivation of unskilled attackers?
Proving their skill.
55
What is the defining characteristic of hacktivists?
They use hacking techniques to accomplish activist goals.
56
Who is considered a notable hacktivist for leaking sensitive government documents?
Edward Snowden
57
What is the primary motive of organized crime in the context of cybercrime?
Illegal financial gain.
58
List two types of cybercrime activities organized crime groups are involved in.
* Ransomware * Online fraud
59
What does APT stand for in cybersecurity?
Advanced Persistent Threat
60
What distinguishes APT attacks from other types of attacks?
They use advanced techniques and are persistent over time.
61
What is a zero-day attack?
An attack that exploits vulnerabilities unknown to product vendors.
62
What is a common outcome of insider threats?
Disclosing confidential information.
63
Fill in the blank: A _______ hacker acts with authorization to discover and correct security vulnerabilities.
white-hat
64
Fill in the blank: A _______ hacker has malicious intent and seeks to compromise systems for unauthorized purposes.
black-hat
65
Fill in the blank: A _______ hacker acts without proper authorization but intends to inform targets of vulnerabilities.
gray-hat
66
What is a common trait of the hacktivist group Anonymous?
They collectively decide their agenda and targets.
67
What do organized crime groups prefer regarding their activities?
To remain in the shadows and draw little attention.
68
What are the resources like for organized crime compared to other threat actors?
They tend to have more resources in terms of time and money.
69
What is the primary motivation behind insider attacks?
Insiders may be motivated by various factors, including activist goals, financial gain, or personal grievances.
70
True or False: Insiders typically work with a team to execute their attacks.
False
71
What is shadow IT?
Shadow IT refers to the use of technology services by employees that are not approved by the organization.
72
What risks does shadow IT pose to an organization?
It puts sensitive information in the hands of vendors outside of the organization's control.
73
What types of information might competitors seek to steal through corporate espionage?
* Customer information * Proprietary software * Confidential product development plans * Other beneficial information
74
What is a common source for competitors to obtain insider information?
The dark web
75
List some primary motivations behind cyberattacks.
* Data exfiltration * Espionage * Service disruption * Blackmail * Financial gain * Philosophical/political beliefs * Ethical hacking * Revenge * Disruption/chaos * War
76
What is a threat vector?
A threat vector is the means that threat actors use to gain access to an organization's systems or information.
77
Fill in the blank: Email is one of the most commonly exploited _______.
[threat vectors]
78
What type of attack involves tricking a user into opening a file that contains malicious code?
Malware infection
79
How can attackers use removable devices to spread malware?
By distributing USB drives in public areas, hoping users will plug them into their computers.
80
What is meant by the term 'supply chain attack'?
An attack that targets an organization's vendors and suppliers to indirectly compromise the organization.
81
What is threat intelligence?
Threat intelligence encompasses activities and resources that help cybersecurity professionals learn about changes in the threat environment.
82
What are indicators of compromise (IoCs)?
Signs that an attack has taken place, such as file signatures and log patterns.
83
True or False: Open source threat intelligence is acquired from publicly available sources.
True
84
What is the significance of vulnerability databases in threat intelligence?
They direct defensive efforts and provide insights into the types of exploits being discovered.
85
List some examples of open source threat intelligence sources.
* Senki.org * Open Threat Exchange * MISP Threat Sharing project * Threatfeeds.io
86
What role does the Cybersecurity & Infrastructure Security Agency (CISA) play in threat intelligence?
CISA provides alerts and resources related to cybersecurity threats.
87
What can organizations do to reduce their attack surface?
Implement effective security measures and risk mitigation strategies.
88
Fill in the blank: Attackers may gain access to hardware devices at the _______ or while the devices are in transit.
[manufacturer]
89
What is the website for the U.S. Cybersecurity & Infrastructure Security Agency (CISA)?
www.cisa.gov
90
What does CISA's Automated Indicator Sharing (AIS) program focus on?
Information sharing regarding cyber threats
91
Name one Australian cybersecurity resource.
Australian Signals Directorate's Cyber Security Centre: www.cyber.gov.au
92
What is the purpose of the Spamhaus Project?
Focuses on blocklists including spam and compromised computers
93
True or False: The dark web uses standard Internet connections without encryption.
False
94
What is the primary use of dark web marketplaces by hackers?
To share information and sell stolen credentials and data
95
What is proprietary threat intelligence?
Intelligence created by organizations that is not publicly available
96
What are the potential reasons for using proprietary threat intelligence?
* Keep data secret * Sell or license the data * Protect methods and sources
97
What is a confidence score in threat intelligence?
A measure to filter and assess the trustworthiness of threat information
98
What does STIX stand for?
Structured Threat Information eXpression
99
Fill in the blank: STIX is an _______ language originally sponsored by the U.S. Department of Homeland Security.
XML
100
What is the purpose of the Trusted Automated eXchange of Intelligence Information (TAXII) protocol?
To communicate cyber-threat information at the application layer via HTTPS
101
What is the role of Information Sharing and Analysis Centers (ISACs)?
Facilitate sharing of threat information among infrastructure owners
102
What year was the ISAC concept introduced?
1998
103
Name a source for conducting your own cybersecurity research.
* Vendor security information websites * Academic journals * Social media accounts of security professionals
104
What are common motivations for cyberattacks?
* Data exfiltration * Espionage * Financial gain * Political beliefs
105
How can attackers gain initial access to an organization?
* Remotely over the Internet * Wireless connection * Direct physical access
106
What is a common vector for cyberattacks?
Email and social media
107
What is the significance of threat maps in cybersecurity?
Provide a geographic view of threat intelligence
108
True or False: Geographic attribution in threat maps is always reliable.
False
109
What is the potential issue when a threat feed fails?
It can lead to delayed detection and exposure of systems
110
What is the purpose of threat indicator management?
To standardize and automate processing of threat information
111
What is the confidence rating scale used for threat intelligence?
* Confirmed (90–100) * Probable (70–89) * Possible (50–69) * Doubtful (30–49) * Improbable (2–29) * Discredited (1)
112
What does the term 'threat actor' refer to?
An individual or group that conducts a cyberattack
113
What are advanced persistent threats (APTs)?
Sophisticated attacks typically associated with nation-state actors
114
Fill in the blank: Cybersecurity threats may be classified based on their internal or _______ status.
external
115
What are common methods attackers use to gain initial access to an organization?
Attackers may gain access through: * Remote access over the Internet * Wireless connections * Direct physical access * Email or social media interactions * Removable media tricks * Cloud services exploits
116
What is the purpose of threat intelligence for organizations?
Threat intelligence provides valuable insight into the threat landscape.
117
How do security teams utilize threat intelligence?
Security teams leverage threat intelligence from: * Public sources * Private sources * Their own research
118
What are indicators of compromise?
Indicators of compromise are detailed signs that help identify current threats and vulnerabilities.
119
What is the role of predictive analytics in threat intelligence?
Predictive analytics helps security teams analyze their own data for potential threats.
120
Why must security teams monitor for supply chain risks?
Modern enterprises depend on vendors for IT services, making them vulnerable to external attacks.
121
What vendor management techniques protect the supply chain?
Vendor management techniques protect against attackers targeting: * Outsourced code development * Cloud data storage * Integration between external and internal systems
122
True or False: Attackers only use direct physical access to compromise networks.
False
123
Fill in the blank: Security professionals should pay particular attention to risks posed by _______.
[outsourced code development, cloud data storage, integration between external and internal systems]