foundations

Question 1

Compliance

Answer 1

the process of adhering to internal standards and external regulations and enables organizations to avoid fines and security breaches.

Question 2

Security frameworks

Answer 2

guidelines used for building plans to help mitigate risks and threats to data and privacy.

Question 3

Security controls

Answer 3

safeguards designed to reduce specific security risks. They are used with security frameworks to establish a strong security posture

Question 4

Security posture

Answer 4

an organization’s ability to manage its defense of critical assets and data and react to change. A strong security posture leads to lower risk for the organization

Question 5

threat actor

Answer 5

any person or group who presents a security risk. This risk can relate to computers, applications, networks, and data.

Question 6

internal threat

Answer 6

current or former employee, an external vendor, or a trusted partner who poses a security risk

Question 7

Network security

Answer 7

the practice of keeping an organization’s network infrastructure secure from unauthorized access

Question 8

Cloud security

Answer 8

the process of ensuring that assets stored in the cloud are properly configured, or set up correctly, and access to those assets is limited to authorized users

Question 9

Programming

Answer 9

a process that can be used to create a specific set of instructions for a computer to execute tasks.

Question 10

Security information and event management (SIEM) tools:

Answer 10

collect and analyze log data, or records of events such as unusual login behavior, and support analysts’ ability to monitor critical activities in an organization

Question 11

Intrusion detection systems (IDSs)

Answer 11

monitor system activity and alerts for possible intrusions

Question 12

Threat landscape knowledge

Answer 12

allows security teams to build stronger defenses against threat actor tactics and techniques-staying up to date on attack trends and patterns

Question 13

computer virus

Answer 13

malicious code written to interfere with computer operations and cause damage to data and software

Question 14

worm

Answer 14

type of computer virus that can duplicate and spread on its own without human involvement.

Question 15

Social engineering

Answer 15

a manipulation technique that exploits human error to gain private information, access, or valuables.

Question 16

Phishing

Answer 16

the use of digital communications to trick people into revealing sensitive data or deploying malicious software

Question 17

CSIRTs

Answer 17

computer security incident response teams

Question 18

Security and risk management

Answer 18

focuses on defining security goals and objectives, risk mitigation, compliance, business continuity, and the law

Question 19

asset security

Answer 19

focuses on securing digital and physical assets. It’s also related to the storage, maintenance, retention, and destruction of data

Question 20

security architecture and engineering

Answer 20

optimizing data security by ensuring effective tools, systems, and processes are in place

Question 21

communication and network security

Answer 21

managing and securing physical networks and wireless communications.

Question 22

identity and access management

Answer 22

focuses on keeping data secure, by ensuring users follow established policies to control and manage physical assets, like office spaces, and logical assets, such as networks and applications

Question 23

security assessment and testing

Answer 23

conducting security control testing, collecting and analyzing data, and conducting security audits to monitor for risks, threats, and vulnerabilities

Question 24

security operations

Answer 24

conducting investigations and implementing preventative measures

Question 25

software development security

Answer 25

using secure coding practices, which are a set of recommended guidelines that are used to create secure applications and services