Cram Guide SON 1.1 &1.2

Question 1

What are technical security controls?

Answer 1

Controls implemented through hardware or software.

Question 2

What is an example of a technical control?

Answer 2

Firewalls, encryption, IDS, authentication, and access controls.

Question 3

What is a key advantage of technical controls?

Answer 3

They provide automated protection and scalability.

Question 4

What is a drawback of technical controls?

Answer 4

They can fail or become outdated.

Question 5

What are managerial security controls?

Answer 5

Controls that focus on governance, strategy, and security policies.

Question 6

What is a key advantage of managerial controls?

Answer 6

They align security with organizational goals and compliance.

Question 7

What is a drawback of managerial controls?

Answer 7

Their effectiveness depends on managerial commitment and upkeep.

Question 8

What are operational security controls?

Answer 8

Controls tied to daily tasks and procedures followed by users or admins.

Question 9

What is an example of an operational control?

Answer 9

Backups, user training, incident response, and change management.

Question 10

What is a key advantage of operational controls?

Answer 10

They address user actions and routine security practices directly.

Question 11

What is a drawback of operational controls?

Answer 11

They depend on consistent human action and are prone to error.

Question 12

What are physical security controls?

Answer 12

Controls that protect the physical environment of information assets.

Question 13

What is an example of a physical control?

Answer 13

Guards, fences, locks, CCTV, biometrics, server rooms, fire suppression.

Question 14

What is a key advantage of physical controls?

Answer 14

They defend against theft, damage, and natural disasters.

Question 15

What is a drawback of physical controls?

Answer 15

No protection against cyber threats & maintenance cost.

Question 16

What are corrective security controls?

Answer 16

Controls that respond to and fix security incidents after they occur.

Question 17

What is an example of a corrective control?

Answer 17

Antivirus quarantine, incident response, backups, or patching.

Question 18

What are compensating security controls?

Answer 18

Alternative controls used when primary controls aren’t feasible.

Question 19

What is an example of a compensating control?

Answer 19

Strong password policy and behavior monitoring instead of MFA.

Question 20

What is non-repudiation in security?

Answer 20

It ensures no party can deny sending or receiving information.

Question 21

What is the control plane in Zero Trust?

Answer 21

It verifies identity and access dynamically using policy-driven decisions.

Question 22

What is the data plane in Zero Trust?

Answer 22

It enforces access decisions and defines trust boundaries between systems.

Question 23

What is the role of the Policy Engine in Zero Trust?

Answer 23

It evaluates access requests based on defined policies.

Question 24

What is the Policy Enforcement Point in Zero Trust?

Answer 24

It executes access decisions made by the policy engine.

Question 25

What is a honeypot?

Answer 25

A decoy system designed to lure and trap attackers.

Question 26

What is a honeynet?

Answer 26

A network made up of multiple honeypots.

Question 27

What is a honeyfile?

Answer 27

A fake file placed to detect unauthorized access.

Question 28

What is a honeytoken?

Answer 28

A piece of trap data that alerts when accessed.