Fundamentals

Question 1

Information Security

Answer 1

act of protecting the data from bad actors

Question 2

Information Systems Security

Answer 2

act of protecting the SYSTEM that holds the data

Question 3

C.I.A.N.A

Answer 3

Confidentiality Integrity Availability Non-repudiation A.A.A

Question 4

A.A.A

Answer 4

Authentication Authorization Accounting

Question 5

C.I.A.N.A Confidentiality

Answer 5

ensures that information is only accessible to those with proper authorization

Question 6

C.I.A.N.A Integrity

Answer 6

ensures that data remoins unaltered during transit

Question 7

C.I.A.N.A Availability

Answer 7

ensures that information and resources are accessible/functional when needed

Question 8

C.I.A.N.A Non-Repudiation

Answer 8

ensures that an action has taken place and cannot be denied by all parties involved

Question 9

A.A.A Authentication

Answer 9

process of verifying the identity of an user and/or system

Question 10

A.A.A Authorization

Answer 10

defines what actions or resources an user can access

Question 11

A.A.A Accounting

Answer 11

act of tracking user activities and resource usage

Question 12

Security Controls

Answer 12

the measures put in place to mitigate risks and protect the C.I.A.N.A

Question 13

Control Plane

Answer 13

consists of the identity, scope reductions of threats, policy driven, and secured zones

Question 14

Data Plane

Answer 14

focused on the system, policy engine, policy admin, and enforcement points

Question 15

Threats

Answer 15

the ideas/actions that can harm systems; Usaually outside of your control

Question 16

Vulnerabilities

Answer 16

the weaknesses you let in by design

Question 17

PII

Answer 17

Personal ID Information

Question 18

PHI

Answer 18

Personal Health Information

Question 19

Ways to ensure confidentiality (5 E,D,A,P,T)

Answer 19

Encryption, Data Masking, Access Controls, Physical Security Measures, Training

Question 20

Confidentiality =

Answer 20

Encryption

Question 21

Confidentiality Encryption

Answer 21

process of converting data to code

Question 22

Confidentiality Access Controls

Answer 22

ensure only authorized personnel can access certain types of data

Question 23

Confidentiality Data Masking

Answer 23

obscuring data within a database so that unauthorized users cannot read it

Question 24

Confidentiality Physical Security Measures

Answer 24

physical security

Question 25

Confidentiality Training

Answer 25

training the workers

Question 26

Integrity =

Answer 26

Hashing

Question 27

Integrity Hashing

Answer 27

converting data into a fixed sized data → Makes a hash digest

Question 28

Integrity Digitial Signatures

Answer 28

use encryption to ensure integerity

Question 29

Integrity Checksums

Answer 29

verify the integrity of data during transmissions

Question 30

Integrity Regular Audits

Answer 30

reviewing logs and operations to ensure authorized changes have been made

Question 31

Availability =

Answer 31

Redundancy

Question 32

Non-Repudiation =

Answer 32

Digital Signature

Question 33

A.A.A Authentication =

Answer 33

Verifying Identity

Question 34

Authenticatication Factors (5)

Answer 34

Possesion, Location, Inherited, Behavior, Knowledge

Question 35

Authenticatication TFA

Answer 35

Two Factor Authentication

Question 36

Authenticatication MFA

Answer 36

two or more factor authentication

Question 37

Accounting Audit Trail

Answer 37

used to provide a chronological record of user activities

Question 38

Accounting Regulatory Compliance

Answer 38

maintains a comprehensive record of all user’s activities

Question 39

Accounting Forensic Analysis

Answer 39

use detailed accounting and event logs to analyze incidents

Question 40

Accounting Resource Allocation

Answer 40

tracking resource utilization we can optimize the system

Question 41

Accounting User Accountability

Answer 41

informing the user of logging

Question 42

Accounting Syslog Servers

Answer 42

collecting various of logs to analyze patterns and anomalies

Question 43

Accounting Network Analyzers

Answer 43

Capture & analyze the network for solutions

Question 44

Accounting System Information and Event Management (SIEM)

Answer 44

using events and system infrastructure to keep track

Question 45

Technical Controls

Answer 45

technologies, hardware, and software used to manage/reduce risks

Question 46

Managerial Controls (Administration)

Answer 46

the strategic planning/governance of security

Question 47

Operational Controls

Answer 47

the procedures and measures designed to protect data on a day-to-day basis (Backup Procedures, Account Reviews, and Training Programs)

Question 48

Physical Controls

Answer 48

real world preventative measure of a security asset (Shreading Documents, Security Guards, Locking the Doors)

Question 49

Types of Security Controls (Pre, Deter, Dete, Corr, Comp, Direc)

Answer 49

Preventative, Deterrent, Detective, Corrective, Compensating, and Directive

Question 50

Zero Trust seperates the architecture to what planes

Answer 50

Data and Control

Question 51

Zero Trust Adaptive Identity

Answer 51

use adaptive identities that rely on real-time validation that takes into account the user’s behavior, device location, etc…

Question 52

Control Plane Policy Engine

Answer 52

cross reference the access requrest with predefined policies

Question 53

Control Plane Poly Administrator

Answer 53

the person that enforces the policy engine

Question 54

Data Plane Policy Enforcement Point

Answer 54

where the access is either given or denied

Question 55

Gap Analysis

Answer 55

evaluating the differences between an org’s current performance to the target performance

Question 56

Gap Analysis Types:

Answer 56

Technical and Buisness