Domain 1: Study Essentials

Question 1

What does confidentiality seek to prevent?

Answer 1

Confidentiality seeks to prevent the unauthorized disclosure of information: it keeps data secret

Question 2

What is the goal of integrity?

Answer 2

Integrity seeks to prevent unauthorized modification of information and ensure that data written in an authorized manner is complete and accurate

Question 3

What does availability ensure?

Answer 3

Availability ensures that information is available when needed

Question 4

What is an active entity in an information system called?

Answer 4

Subject

Question 5

What is a passive data file referred to as?

Answer 5

Object

Question 6

What does Annualized Loss Expectancy represent?

Answer 6

The cost of loss due to a risk over a year

Question 7

What is a threat?

Answer 7

A potentially negative occurrence

Question 8

What is a vulnerability?

Answer 8

A weakness in a system

Question 9

What defines risk?

Answer 9

A matched threat and vulnerability

Question 10

What is a safeguard?

Answer 10

A measure taken to reduce risk

Question 11

What does Total Cost of Ownership refer to?

Answer 11

The cost of a safeguard

Question 12

What is Return on Investment?

Answer 12

Money saved by deploying a safeguard

Question 13

What are the elements of the CIA Triad?

Answer 13

The elements are confidentiality, integrity, and availability.

Question 14

What does confidentiality mean?

Answer 14

Confidentiality is the principle that objects are not disclosed to unauthorized subjects.

Question 15

What does integrity mean?

Answer 15

Integrity is the principle that objects retain their veracity and are intentionally modified only by authorized subjects.

Question 16

What does availability mean?

Answer 16

Availability is the principle that authorized subjects are granted timely and uninterrupted access to objects.

Question 17

What are the elements of AAA services?

Answer 17

AAA services focus on identification, authentication, authorization, auditing, and accounting.

Question 18

How does identification work?

Answer 18

Identification is when a subject professes an identity and accounting is initiated.

Question 19

What is authentication?

Answer 19

Authentication is the process of verifying or testing that a claimed identity is valid.

Question 20

What is the role of authorization in security?

Answer 20

Authorization ensures that the requested activity or object access is possible given the rights and privileges assigned to the authenticated identity.

Question 21

What is the auditing process?

Answer 21

Auditing is the programmatic means by which subjects are held accountable for their actions while authenticated on a system.

Question 22

Why is accounting important in security?

Answer 22

Effective accounting relies on the capability to prove a subject’s identity and track their activities.

Question 23

What is abstraction in security?

Answer 23

Abstraction is used to collect similar elements into groups, classes, or roles that are assigned security controls, restrictions, or permissions.

Question 24

What are security boundaries?

Answer 24

A security boundary is the line of intersection between any two areas, subnets, or environments that have different security requirements.

Question 25

What is security governance?

Answer 25

Security governance is the collection of practices related to supporting, defining, and directing the security efforts of an organization.

Question 26

What is third-party governance?

Answer 26

Third-party governance is the system of external entity oversight that may be mandated by law, regulation, or contractual obligation.

Question 27

What is documentation review?

Answer 27

Documentation review is the process of reading the exchanged materials and verifying them against standards and expectations.

Question 28

How does security function align with business strategy?

Answer 28

Security management planning aligns the security functions to the strategy, goals, mission, and objectives of the organization.

Question 29

What is a business case?

Answer 29

A business case is usually a documented argument to define a need to make a decision or take some form of action.

Question 30

What is security management planning?

Answer 30

Security management is based on strategic, tactical, and operational plans.

Question 31

What are the elements of a formalized security policy structure?

Answer 31

The elements include security policy, standards, baselines, guidelines, and procedures.

Question 32

What are key security roles?

Answer 32

The primary security roles are senior manager, security professional, asset owner, custodian, user, and auditor.

Question 33

What is due diligence?

Answer 33

Due diligence is establishing a plan, policy, and process to protect the interests of an organization.

Question 34

What is due care?

Answer 34

Due care is practicing the individual activities that maintain the due diligence effort.

Question 35

What is threat modeling?

Answer 35

Threat modeling is the security process where potential threats are identified, categorized, and analyzed.

Question 36

What are the concepts of supply chain risk management (SCRM)?

Answer 36

SCRM is a means to ensure that all the vendors or links in the supply chain are reliable, trustworthy, reputable organizations that disclose their practices and security requirements to their business partners.

Question 37

What is a computer-assisted crime?

Answer 37

A computer-assisted crime occurs when a computer is used as a tool to help commit a crime.

Question 38

How can criminals steal confidential organizational data?

Answer 38

Criminals can steal confidential organizational data in many different ways, and this can occur without a computer.

Question 39

What is a computer-targeted crime?

Answer 39

A computer-targeted crime occurs when a computer is the victim of an attack that’s sole purpose is to harm the computer and its owner.

Question 40

What are examples of computer-targeted crimes?

Answer 40

Examples include denial-of-service (DoS) and buffer overflow attacks.

Question 41

What is an incidental computer crime?

Answer 41

An incidental computer crime occurs when a computer is involved in a computer crime without being the victim of the attack or the attacker.

Question 42

What is an example of an incidental computer crime?

Answer 42

A computer being used as a zombie in a botnet is part of an incidental computer crime.

Question 43

What is a computer prevalence crime?

Answer 43

A computer prevalence crime occurs due to the fact that computers are so widely used in today’s world.

Question 44

What is an example of a computer prevalence crime?

Answer 44

Software piracy is an example of this type of crime.

Question 45

What is the difference between hackers and crackers?

Answer 45

Hackers attempt to break into secure systems to obtain knowledge, while crackers do so without using the knowledge for nefarious purposes.

Question 46

What is Civil Law?

Answer 46

Civil law, also known as civil code law, is based on written laws and does not rely on precedence. It is the most common legal system in the world.

Question 47

What is Common Law?

Answer 47

Common law, developed in England, is based on customs and precedent. It requires lower courts to follow higher court decisions.

Question 48

What are the three systems of Common Law?

Answer 48

Common law is divided into criminal law, civil/tort law, and administrative/regulatory law.

Question 49

What does Criminal Law cover?

Answer 49

Criminal law covers actions harmful to others and requires proof of guilt beyond a reasonable doubt.

Question 50

Who prosecutes in Criminal Law?

Answer 50

The plaintiff is usually the state or federal government.

Question 51

What are the consequences in Criminal Law?

Answer 51

Guilty parties may be imprisoned and/or fined.

Question 52

What does Civil/Tort Law deal with?

Answer 52

Civil/tort law addresses wrongs committed against individuals or organizations.

Question 53

What must a plaintiff prove in Civil/Tort Law?

Answer 53

The plaintiff must prove that the defendant had a duty of care, breached that duty, and caused harm.

Question 54

What types of damages can a victim seek in Civil Law?

Answer 54

Victims can seek compensatory, punitive, and statutory damages.

Question 55

What is Administrative/Regulatory Law?

Answer 55

Administrative law sets performance standards by government agencies for organizations and industries.

Question 56

What sectors are covered by Administrative/Regulatory Law?

Answer 56

Common sectors include public utilities, communications, banking, and healthcare.

Question 57

What is Customary Law?

Answer 57

Customary law is based on the customs of a country or region and is often incorporated into mixed legal systems.

Question 58

What is Religious Law?

Answer 58

Religious law is based on religious beliefs and varies by culture and country.

Question 59

What is Mixed Law?

Answer 59

Mixed law combines two or more types of law, often civil law and common law.

Question 60

What is a Patent?

Answer 60

A patent grants exclusive rights to an invention for a period of time, usually 20 years.

Question 61

What is a Trade Secret?

Answer 61

A trade secret protects proprietary information and can be kept indefinitely if confidentiality is maintained.

Question 62

What is a Trademark?

Answer 62

A trademark protects symbols, sounds, or expressions that identify a product or organization.

Question 63

How long is a Trademark valid?

Answer 63

A trademark is valid for 10 years and must be renewed.

Question 64

What is Copyright?

Answer 64

Copyright protects authored works from reproduction without consent and lasts for the life of the author plus 70 years.

Question 65

What is Freeware?

Answer 65

Freeware is software available free of charge, including rights to copy, distribute, and modify.

Question 66

What is Shareware?

Answer 66

Shareware is software shared for a limited time that requires purchase after a trial period.

Question 67

What is Commercial Software?

Answer 67

Commercial software is licensed for purchase in a wholesale or retail market.

Question 68

What is Software Piracy?

Answer 68

Software piracy is the unauthorized reproduction or distribution of copyrighted software.

Question 69

What is Digital Rights Management (DRM)?

Answer 69

DRM controls the use of digital content and involves device controls.

Question 70

What does the U.S. DMCA of 1998 impose?

Answer 70

The DMCA imposes criminal penalties on those who circumvent content protection technologies.

Question 71

What are the steps of NIST risk management framework

Answer 71

The NIST risk management framework includes the following steps:

1. Categorize information systems.
2. Select security controls.
3. Implement security controls.
4. Assess security controls.
5. Authorize information systems.
6. Monitor security controls.

Question 72

What is eDiscovery?

Answer 72

Electronic discovery (eDiscovery) refers to civil litigation or government investigations that deal with the exchange of information in electronic format as part of the discovery process.