Fundamental of Security

Question 1

CIA TRIAD

Answer 1

Confidentiality
Integrity
Avaliablity

Question 2

Non-Repudation

Answer 2

Guaranteeing that a specific acation or reven has taken place and cannot be denied

Question 3

AAA Security

Answer 3

Authentication
Authorization
Accounting-Tracking

Question 4

Zero Trust

Answer 4

Should be trusted without correct crendintals

Question 5

Control Plane

Answer 5

Threat scope reduction

Question 6

Data plane

Answer 6

Subject/System

Question 7

Confidentiality

Answer 7

Protection of info from unauthorized personal.

Question 8

Encryption

Answer 8

Turning data into code to prevent unauthorized access

Question 9

Access Controls

Answer 9

Ensure only authorized personall can access some type’s of data.

Question 10

Data Masking

Answer 10

Obscuring data within database. Masking a credit card number besides the last four.

Question 11

Physical Security Measures

Answer 11

Ensures confidentiality for physical aspect of things.

Question 12

Training and awareness

Answer 12

Conducting regular training basically like an all hands to help employees.

Question 13

Integrity

Answer 13

Helps data reamin accurate unless changed by someone else. Showing who is who.

Question 14

Hashing

Answer 14

Process of converting data to a fized value

Question 15

Digital Signtture

Answer 15

Use encryption to ensure integrity and authenticity just like the CAC card or permissons of saying who is changing this.

Question 16

CheckSums

Answer 16

Verify the integrity during transmission.

Question 17

Access Controls

Answer 17

Ensuring that only authorized individuals can mod data.

Question 18

Regular Audits

Answer 18

Revewings lows and operations to make sure if anything has changed.

Question 19

Availability

Answer 19

Making sure services are available when they suppose to be.

Question 20

Redundancy

Answer 20

Backup options in case systems fail.

Question 21

Server Redundancy

Answer 21

Using multiple servers in a load balance. If one fails you have other servers to support.

Question 22

Data Redundancy

Answer 22

Storing data in multiple places. Raids or hybrids

Question 23

Network Redundancy

Answer 23

Traffic can travel still through another route.

Question 24

Power Redundancy

Answer 24

Genertors and etc that provide power.

Question 25

Non-Repuditation/Digital Signatures

Answer 25

Undeniable proof of digital transactions.

Question 26

Authentication

Answer 26

Ensures individuals who they are. Focus on the Identity in a digital interaction.

Question 27

Authorization/Gate Keeper

Answer 27

Permissions and privileges granted to users.
Set of rules and actions.

Question 28

Accounting

Answer 28

Ensures all user activities are tracked and recorded.

Question 29

Audit Trail

Answer 29

Chronloligcal record of all user activities

Question 30

Regulatory Complance

Answer 30

maintains record of all user activity

Question 31

Forensic Analysis

Answer 31

Detailed accounting and even logs help cybersec users.

Question 32

Resource Optimization

Answer 32

Can optimize systems and minimize cost.S

Question 33

Syslog servers

Answer 33

Used to aggregate logs from various network devices

Question 34

Network Analyzers. Ex WireShark

Answer 34

Use to capture and analyze network traffic to gain detailed insights on all data moving within a network.

Question 35

Security Control Cateogries:
1.Technical Controls
2.Managerial Controls
3.Operational Controls
4.Physical Controls

Answer 35

1.Tech and hardware and software are implemented to manage and reduce risk(Ex. AntiVirus,Firewalls, encryption processes).
2.Strategic planning and governance.(Ex. Admin Stuff, risk assessments, security policies etc)
3. Protect data day to day. Changing your password every 90 days or back up procedires.
4. Real world measures that are not digital.Cameras doors etc.

Question 36

Security Info and even managment

Answer 36

Real time analysis of security alerts.

Question 37

Preventative Controls

Answer 37

Proactive measures to thwart potential security threats like a firewall.

Question 37

Deterrent Controls

Answer 37

Discourage potential attackers makeing the effort more challenging. Like a burglar systems and ads in the house like the ADT grass stamp.(Warning Signs).

Question 37

Detective Contriols

Answer 37

Monitor and alerts orgs to malicious activities. Focus on detection and modification.(IDS- Intrusion detection system)

Question 37

Corrective Controls

Answer 37

Mitigating any damage and restoring systems. Like an antivirus that quirtines the malwate

Question 37

Compensating Controls

Answer 37

Alternative measures when primary security controls are not effective. Using a back up security type vibe.

Question 37

Directive Controls

Answer 37

Directive controls are policies or procedures that dictate specific actions or behaviors by users or systems.

Question 38

Control Plane

Answer 38

Framework and set of componets responsible for defining managing. What where when etc.

Question 38

Policy-Driven Access Control

Answer 38

Developing,managing and enforcing user access into there role.

Question 38

Adaptive Identity

Answer 38

Rely on real time validation. Account the user behavior

Question 38

Threat scope reduction

Answer 38

Limit userr access to only what they need for work

Question 39

Secured Zones

Answer 39

Isolated environments within the network designed to house sensitive data.

Question 40

Policy Engine

Answer 40

Cross references the access request like a rule book.

Question 41

Subject/System

Answer 41

Refers to the indiviual or entity attempting to gain access.

Question 42

Policy Enforcement point

Answer 42

Allow or restrict the access.

Question 43

Gap Analysis

Answer 43

Process of evaluating current performance and where they want to be and looking at what needs to be approved.

Question 44

Technical Gap Analysis

Answer 44

Evaluating an or current tech infrastructure. Finding gaps they need to make there technical aspect stronger.

Question 45

Business Gap Analysis

Answer 45

evaluating an org current business processes. Finding areas where they fall short for cost and etc.

Question 46

Plan of action and Milestones(POA&M)

Answer 46

Outlining specific measuers to address each vulnerability allocate resources and set up times likes for task that need to be done.