Domain 1 Chapter 2

Question 1

What is CIA TRIAD?

Answer 1

Confidentiality,Integrity, and Availability

Question 2

CIA TRIAD

Answer 2

The CIA Triad
* Combination of principles
– The fundamentals of security
– Sometimes referenced as the AIC Triad
* Confidentiality
– Prevent disclosure of information to
unauthorized individuals or systems
* Integrity
– Messages can’t be modified without detection
* Availability
– Systems and networks must be up and running

Question 3

Confidentiality

Answer 3

• Certain information should only be known
  to certain people
  – Prevent unauthorized information disclosure
• Encryption
  – Encode messages so only certain people
  can read it
• Access controls
  – Selectively restrict access to a resource
• Two-factor authentication
  – Additional confirmation before information
  is disclosed

Question 4

Integrity

Answer 4

Integrity
* Data is stored and transferred as intended
– Any modification to the data would be identified
* Hashing
– Map data of an arbitrary length to data of a fixed length
* Digital signatures
– Mathematical scheme to verify the integrity of data
* Certificates
– Combine with a digital signature to verify an individual
* Non-repudiation
– Provides proof of integrity, can be asserted to be genuine

Question 5

Availability

Answer 5

Information is accessible to authorized users
– Always at your fingertips
* Redundancy
– Build services that will always be available
* Fault tolerance
– System will continue to run, even when a failure occurs
* Patching
– Stability
– Close security holes

Question 6

Non Repudiation

Answer 6

Prevents denial of action, ensuring accountability and reliability in electronic transaction and communication

Key aspects : Digital Signatures
Audit trails
Access controls
Identification
Security Identifier(SID)
Authorization

Question 7

AAA

Answer 7

Authentication, Authorization and Accounting

Question 8

AAA framework

Answer 8

• Identification
  – This is who you claim to be
  – Usually your username
• Authentication
  – Prove you are who you say you are
  – Password and other authentication factors
• Authorization
  – Based on your identification and authentication,
  what access do you have?
• Accounting
  – Resources used: Login time, data sent and
  received, logout time

Question 9

Authenticating systems

Answer 9

Put a digitally signed certificate on the device
* Other business processes rely on the certificate
– Access to the VPN from authorized devices
– Management software can validate the end device

Question 10

Certificate authentication

Answer 10

An organization has a trusted Certificate Authority (CA)
– Most organizations maintain their own CAs
* The organization creates a certificate for a device
– And digitally signs the certificate with the organization’s CA
* The certificate can now be included on a device as an
authentication factor
– The CA’s digital signature is used to validate the certificate

Question 11

Authorization models

Answer 11

define the scope of permissible activities, creating a controlled enviroment

Question 12

RADIUS

Answer 12

Remote Authentication Dial in user service(safeguard the exchange of data)

Question 13

TACACS

Answer 13

Terminal Access Controller Access Control System Plus, grant or deny access to network devices.