Core Security Concepts

Question 1

Define: Threat

Answer 1

Any potential danger

Question 2

Define: Threat agent

Answer 2

An entity that may act upon a vulnerability

Question 3

Define: Vulnerability

Answer 3

A weakness or flaw that may provide an opportunity to a threat agent

Question 4

Define: Risk

Answer 4

the likelihood of a threat agent exploiting a discovered vulnerability

Question 5

Define: Exposure

Answer 5

an instance of being compromised by a threat agent

Question 6

Define: Countermeasure

Answer 6

An administrative operation, or logical mitigation against potential risks

Question 7

Define 3 core security concepts

Answer 7

1. Accounting
2. Non-repudiation
3. Privacy

Question 8

Define: CIA triangle

Answer 8

Confidentiality Integrity Availability All wrapped around data and services

Question 9

Define: Confidentiality

Answer 9

The concept of preventing the disclosure of information to unauthorised parties

Question 10

Define 3 confidentiality concepts

Answer 10

1. is about viewing data
2. assure the secrecy of data
3. helps maintaining data privacy

Question 11

What is integrity?

Answer 11

The concept of protecting the data from unauthorised alteration

Question 12

Define 3 integrity concepts

Answer 12

1. It must ensure that the data that is transmitted, processed and stored correctly
2. Is as accurate as the originator intended
3. The software performs reliably as it was intended to

Question 13

Define: Availability

Answer 13

The security concept that is related to the access of the software or the data or information it handles

Question 14

What 2 determines availability ?

Answer 14

1. the criticality of the data or service
2. its purpose in the system

Question 15

Actions that support availability

Answer 15

1. Loading balancing
2. replication
3. redundancy

Question 16

Define: Authentication

Answer 16

Authentication is the process of determining the identity of a user

Question 17

3 Authentication methods and examples

Answer 17

1. Something you know (password or pin)
2. Something you have (one time token or phone)
3. Something you are (fingerprint or biometric)

Question 18

Define: Authorisation

Answer 18

1. Applying access control rules to a user process
2. Determining whether or not a particular user process can access an object.

Question 19

Define: Requester and requestes resource

Answer 19

1. Requester is referred to as the subject
2. Requested resource is referred to as the object

Question 20

Authorisation subject can be

and priviledge levels

Answer 20

1. Subject may be human process another object
2. Can be categorized by privilege level

• Admin
• user
• manager
• anonymous user

Question 21

Define: Accounting

Answer 21

• Means of measuring activity
• Also known as auditing

Question 22

Accounting 2 concepts

Answer 22

• Logging crucial elemnts of activity as they occur
• Audit logs must be balanced as they required resources to create, store and review

Question 23

Define: Non-repudiation

Answer 23

The concept of preventing a subject from denying a previous action with an object in a system

Question 24

prevention of repudiation is ensured by:

Answer 24

authentication, authorisation and auditing are properly configured

Question 25

privacy 3 concepts

Answer 25

• data anonymisation
• user consent
• test data management - prevention of production data leaking into test environments