Domain 1 General Security Concepts Flashcards

1
Q

In a corporate office, employees are required to use their access cards to enter different sections of the building. What type of control is being implemented in this scenario?

A

Physical control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

A financial institution implements encryptions for all sensitive data transmitted between its branches to ensure confidentiality. What type of control is being applied here?

A

Technical Control - Encryption is a technical control that involves the use of technology to protect sensitive data during transmission, ensuring its confidentiality.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

A company encrypts sensitive customer data to prevent unauthorized access. What security principle does this primarily address?

A

Confidentiality - Encrypting sensitive customer data helps maintain confidentiality by protecting it from unauthorized access.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

A system administrator implements regular backups to ensure that critical data can be restored in the event of a hardware failure. Which security principle does this align with?

A

Availability Regular backups contribute to the availability of critical data by ensuring it can be restored in case of a hardware failure or data loss.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

A security mechanism is implemented to verify that data remains unchanged during transmission over a network. Which security principle is being emphasized?

A

Integrity - Verifying data integrity ensures that it remains unchanged during transmission, guarding against unauthorized alterations.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

In a network environment, what AAA component is responsible for tracking the activities of users and monitoring resource usage?

A

Accounting - involves tracking user activities and resource usage for the purpose of billing, auditing, and security monitoring.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

In a multi-factor authentication system, which of the following is an example of something you know?

A

One-time password - Something you know refers to knowledge-based factors, such as a password or PIN, and a one-time password is an example of this.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is a common outcome of a gap analysis process in the context of cybersecurity?

A

Establishment of a remediation plan – to address the gaps

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

A company has recently implemented a new cybersecurity policy and wants to assess its current security posture. What specific steps might they take in a gap analysis process to identify areas for improvement?

A

Reviewing existing security controls, policies, and procedures against the new policy.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

A multinational corporation adopts a Zero Trust security model to enhance its cybersecurity posture. How might the organization implement Zero Trust principles to secure its network infrastructure?

A

Implementing micro-segmentation, multifactor authentication, and continuous monitoring.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

A global corporation is implementing “Policy-Driven Access Control” as part of its Zero Trust strategy. How might the organization practically enforce access policies based on contextual factors?

A

Dynamically adjusting access based on user behavior, device health, and location.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

A healthcare organization is implementing Zero Trust principles to safeguard patient data. How might the organization practically leverage “Adaptive Identity” to enhance access controls?

A

Dynamically adjusting access based on changing conditions such as user behavior

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Which control type involves implementing measures to prevent unauthorized access to systems and data?

A

Preventive controls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

A large retail company is implementing a Zero Trust model to secure its online customer data. How might the organization apply the principle of “Threat Scope Reduction” to protect customer information?

A

Segmenting the network to isolate sensitive customer databases.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

In a city center, where there is a potential threat of vehicle attacks, how might bollards strategically placed around public spaces enhance security?

A

Restricting vehicle access and preventing ramming attacks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Why is change management considered crucial for maintaining a secure IT environment?

A

To ensure that changes are thoroughly planned, tested, and approved to prevent security vulnerabilities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Which of the following best describes the purpose of conducting an impact analysis in change management operations?

A

To understand the consequences of proposed changes on security.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

A manufacturing plant installs security cameras at entry points and critical areas to monitor and record activities. What type of control is this?

A

Detective - Security cameras, in this case, serve as detective controls by monitoring and recording activities for later review, helping to identify and respond to security incidents

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Why is identifying stakeholders important in change management operations?

A

Stakeholders may have vested interests and influence in security-related decisions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What is the purpose of an approval process in change management, and how does it contribute to security operations?

A

Verifies that the change aligns with organizational security policies.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Identify and describe the primary stakeholders involved in the approval of a security change. How do their roles differ, and why is their involvement crucial?

A

Stakeholders include anyone in the organization; their roles may vary from approvers to implementers

22
Q

What is the primary purpose of the approval process in change management?

A

To ensure that proposed changes are reviewed and authorized.

23
Q

Which control type focuses on minimizing the impact of a security incident and restoring normal operations quickly?

A

Corrective controls

24
Q

How do allow lists and deny lists contribute to security in an organization’s network?

A

Allow lists specify authorized entities, while deny lists specify entities to be blocked.

25
Q

Why is restarting a service a common practice in response to security incidents?

A

To apply security updates and patches.

26
Q

A security incident response team is investigating a data breach in which sensitive customer information may have been compromised. What is the most critical aspect of documentation during this incident response process?

A

Documenting the steps taken during the investigation and remediation.

27
Q

A company is transitioning its email infrastructure from an on-premises solution to a cloud-based service. What are the primary technical implications of this transition?

A

Increased scalability and accessibility.

28
Q

An organization is concerned about potential information leakage and wants to ensure the confidentiality of sensitive data transmitted over the network. What application of steganography would address this concern?

A

Hiding a confidential document within a seemingly unrelated image file.

29
Q

An organization is planning to implement a Public Key Infrastructure (PKI) for securing its communication channels and authenticating users. What are the key components of a PKI that the organization should consider?

A

Digital certificates, public and private key pairs, and a Certificate Authority (CA).

30
Q

A company has implemented a PKI for its internal network, and employees use digital certificates for secure access. One employee loses their smart card containing the private key. What is the appropriate action to take in this scenario?

A

Revoke the compromised certificate and issue a new one with a new key pair.

31
Q

A development team is working on a critical software application. They are using version control to manage the source code. Why is version control essential in this scenario?

A

To track changes, maintain a history of revisions, and enable collaboration.

32
Q

A government agency is implementing a PKI for secure communications. The agency is concerned about potential loss of access to encrypted data if an employee leaves or loses their private key. What PKI concept addresses this concern?

A

Key Escrow

33
Q

An organization is implementing a PKI and is considering methods for checking the revocation status of digital certificates. Which statement accurately describes the difference between Online Certificate Status Protocol (OCSP) and Certificate Revocation Lists (CRLs)?

A

OCSP provides real-time certificate status, while CRLs are only updated periodically.

34
Q

An organization is implementing encryption for securing its sensitive data. The team is debating whether to use symmetric or asymmetric encryption. What is a key consideration when deciding between symmetric and asymmetric encryption?

A

Symmetric encryption requires the exchange of secret keys.

35
Q

An e-commerce website is implementing TLS to secure the transmission of customer data during online transactions. What is the primary purpose of TLS in this context?

A

Ensuring the integrity of customer data during transmission.

36
Q

An organization is implementing encryption to secure sensitive data, and they are considering using the Advanced Encryption Standard (AES). What key lengths are commonly used with AES for secure encryption?

A

128-bit keys.

37
Q

An organization is implementing a security strategy for its devices and wants to ensure the integrity of the system boot process. Which cryptographic tool is designed to provide a secure root of trust for the system and help protect against attacks such as firmware tampering?

A

Trusted Platform Module (TPM).

38
Q

A financial institution is implementing a system to securely store and manage cryptographic keys used in its payment processing application. Which cryptographic tool is best suited for this purpose, providing a dedicated hardware-based solution for key protection?

A

Hardware Security Module (HSM)

39
Q

A mobile device manufacturer is implementing a security feature to protect sensitive user data, such as biometric information and device-specific keys. What cryptographic tool is commonly used to create a secure, isolated environment within the device’s processor?

A

Secure Enclave

40
Q

A cybersecurity analyst discovers an image file shared online, suspecting that it may contain hidden information. What technique might be employed to hide sensitive data within the image while maintaining the image’s appearance?

A

Steganography

41
Q

A financial institution wants to enhance the security of its payment processing system by reducing the storage of sensitive cardholder information. What technique can the institution use to replace the actual credit card numbers with unique tokens for storage and transaction processing?

A

Tokenization

42
Q

A healthcare organization is preparing a dataset for research purposes while ensuring that the personally identifiable information (PII) of patients remains confidential. What technique could the organization use to replace actual names and addresses with fictitious or generalized information?

A

Tokenization

43
Q

A healthcare organization is preparing a dataset for research purposes while ensuring that the personally identifiable information (PII) of patients remains confidential. What technique could the organization use to replace actual names and addresses with fictitious or generalized information?

A

Data Masking

44
Q

An organization is implementing a system to verify the authenticity and integrity of digitally signed documents. What is the primary purpose of using digital signatures in this context?

A

To ensure the document has not been altered.

45
Q

An organization is planning to implement a blockchain-based system for secure and transparent record-keeping. What are two key security features associated with blockchain technology?

A

Data encryption and decentralized consensus

46
Q

A company is considering using a blockchain with an open public ledger for its supply chain management. What privacy concerns should the company address when utilizing an open public ledger?

A

Protection of proprietary information.

47
Q

A website is storing user passwords and wants to enhance security by using a hash function. What is a crucial property of a secure hash function?

A

Collision resistance, preventing different inputs from producing the same hash.

48
Q

An organization is using legacy applications critical to its business operations. What is a primary security concern associated with legacy applications?

A

They may have unpatched vulnerabilities

49
Q

An organization is implementing a secure communication system and wants to ensure that participants cannot deny their involvement in the communication. What security concept addresses this concern?

A

Non-repudiation

50
Q

A network administrator is configuring a system to use a secure authentication protocol for remote access. What is a commonly used protocol for authenticating systems in this context?

A

RADIUS