Domain 1 General Security Concepts Flashcards
In a corporate office, employees are required to use their access cards to enter different sections of the building. What type of control is being implemented in this scenario?
Physical control
A financial institution implements encryptions for all sensitive data transmitted between its branches to ensure confidentiality. What type of control is being applied here?
Technical Control - Encryption is a technical control that involves the use of technology to protect sensitive data during transmission, ensuring its confidentiality.
A company encrypts sensitive customer data to prevent unauthorized access. What security principle does this primarily address?
Confidentiality - Encrypting sensitive customer data helps maintain confidentiality by protecting it from unauthorized access.
A system administrator implements regular backups to ensure that critical data can be restored in the event of a hardware failure. Which security principle does this align with?
Availability Regular backups contribute to the availability of critical data by ensuring it can be restored in case of a hardware failure or data loss.
A security mechanism is implemented to verify that data remains unchanged during transmission over a network. Which security principle is being emphasized?
Integrity - Verifying data integrity ensures that it remains unchanged during transmission, guarding against unauthorized alterations.
In a network environment, what AAA component is responsible for tracking the activities of users and monitoring resource usage?
Accounting - involves tracking user activities and resource usage for the purpose of billing, auditing, and security monitoring.
In a multi-factor authentication system, which of the following is an example of something you know?
One-time password - Something you know refers to knowledge-based factors, such as a password or PIN, and a one-time password is an example of this.
What is a common outcome of a gap analysis process in the context of cybersecurity?
Establishment of a remediation plan – to address the gaps
A company has recently implemented a new cybersecurity policy and wants to assess its current security posture. What specific steps might they take in a gap analysis process to identify areas for improvement?
Reviewing existing security controls, policies, and procedures against the new policy.
A multinational corporation adopts a Zero Trust security model to enhance its cybersecurity posture. How might the organization implement Zero Trust principles to secure its network infrastructure?
Implementing micro-segmentation, multifactor authentication, and continuous monitoring.
A global corporation is implementing “Policy-Driven Access Control” as part of its Zero Trust strategy. How might the organization practically enforce access policies based on contextual factors?
Dynamically adjusting access based on user behavior, device health, and location.
A healthcare organization is implementing Zero Trust principles to safeguard patient data. How might the organization practically leverage “Adaptive Identity” to enhance access controls?
Dynamically adjusting access based on changing conditions such as user behavior
Which control type involves implementing measures to prevent unauthorized access to systems and data?
Preventive controls
A large retail company is implementing a Zero Trust model to secure its online customer data. How might the organization apply the principle of “Threat Scope Reduction” to protect customer information?
Segmenting the network to isolate sensitive customer databases.
In a city center, where there is a potential threat of vehicle attacks, how might bollards strategically placed around public spaces enhance security?
Restricting vehicle access and preventing ramming attacks.
Why is change management considered crucial for maintaining a secure IT environment?
To ensure that changes are thoroughly planned, tested, and approved to prevent security vulnerabilities.
Which of the following best describes the purpose of conducting an impact analysis in change management operations?
To understand the consequences of proposed changes on security.
A manufacturing plant installs security cameras at entry points and critical areas to monitor and record activities. What type of control is this?
Detective - Security cameras, in this case, serve as detective controls by monitoring and recording activities for later review, helping to identify and respond to security incidents
Why is identifying stakeholders important in change management operations?
Stakeholders may have vested interests and influence in security-related decisions.
What is the purpose of an approval process in change management, and how does it contribute to security operations?
Verifies that the change aligns with organizational security policies.