Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Security Plus 701 > Fundamentals Of Security > Flashcards

Fundamentals Of Security Flashcards

1
Q

What is Information Security?

A

Act of protecting data and information from unauthorized access, unlawful modification and disruption, disclosure, and corruption and destruction.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is Information Systems Security?

A

Act of protecting the systems that hold and the process critical data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is confidentiality?

A

Ensures that information is only accessible to those with the appropriate authorisation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Confidentiality is important for 3 main reasons. What are they?

A
  • to protect personal privacy
  • to maintain business advantage
  • to achieve regulatory compliance
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is a threat?

A

Anything that could cause harm, loss, damages or compromise to our information technology systems.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is a vulnerability?

A

Any weakness in the system design or implementation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

List the 5 basics methods to ensure confidently.

A
  • Encryption
  • Access Controls
  • Data Masking
  • Physical Security Measures
  • Training and Awareness
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is Data Masking?

A

Method that involves obscuring specific data within database to make it inaccessible for unauthorised
users while retaining the real data’s authenticity and for authorized users.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is integrity?

A

Helps ensure that information and data remain accurate and unchanged from its original state unless intentionally modified by an authorised individual.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Integrity is important for three reasons. What are they?

A
  • To ensure data accuracy
  • To maintain trust
  • To ensure the system operability
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What are 5 methods utilised to maintain integrity?

A
  • Hashing
  • Digital Signature
  • Checksums
  • Access Controls
  • Regular Audits
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is availability?

A

Ensuring that information, systems and resources are accessible and operational when needed by authorised users

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What are the benefits of ensuring availability?

A
  • ensuring business continuity
  • maintaining customer trust
  • upholding an organisations reputation
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is redundancy?

A

Duplication of critical components or functions of a system the intention of enhancing its reliability.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Name the 4 types of redundancy to consider

A
  • Server redundancy
  • Data redundancy
  • Network redundancy
  • Power redundancy
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is non-repudiation?

A

A security measure that ensures individuals or entities
Involved in communication or transaction cannot deny participation or authenticity of actions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

List three reasons non- repudiation is important?

A
  • to confirm the authenticity of digital transactions
  • to ensure the integrity of critical communications
  • to provide accountability in digital processes
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What are the 5 commonly used authentication methods

A
  • Knowledge factor
  • Possession factor
  • Inference factor
  • Action factor
  • Location factor
19
Q

What three terms are differed to as the 3A’s (AAA)

A
  • Authentication
  • Authorisation
  • Accounting
20
Q

What is authentication?

A

Security measure that insures individuals or entities are who they claim to be during a communication or transaction

21
Q

What is authorisation?

A

Pertains to the permissions and privileges, granted to use all entities after they have been authenticated

22
Q

What is accounting?

A

Hey, security measure that ensures all you say activities during a communication or transaction, I’ll probably tracked and recorded.

23
Q

What are the four broad categories of security controls?

A
  • Technical controls
  • Managerial controls
  • Operational controls
  • Physical controls
24
Q

What are the six basic types of security controls?

A
  • Preventative controls
  • Deterrent controls
  • Detective controls
  • Corrective controls
  • Compensative controls
  • Directive controls
25
Q

Define technical controls

A

Technologies, hardware and software mechanisms that are implemented to manage and reduce risk

26
Q

Define managerial controls

A

Also referred to as administrative controls, sat

27
Q

Define operational controls

A

Procedures and measures that are designed to protect data on a day-to-day basis. These are many governed by internal processes and human actions..

28
Q

Define physical controls

A

Tangible real-world measures taken to protect as it.

29
Q

Define threat actors intent

A

Specific objective, although that a threat actor is aiming to achieve through their attack.

30
Q

Define threat actors motivations

A

Underline reasons or driving forces that pushes a threat to carry out their attack

31
Q

List some motivations behind threat actors

A
  • Data exfiltration
  • Financial gain
  • Blackmail
  • Service Disruption
  • Philosophical-political beliefs
  • Ethical reasons
  • Revenge
  • Disruption of chaos
  • Espionage.
  • War
32
Q

What are preventive controls?

A

Proactive measures implemented to thwart potential security threats or breaches.

33
Q

What is Deterrent Controls?

A
  • Discourage potential attackers by making the effort seem less appealing or more challenging
34
Q

What are Detective Controls?

A

Monitor and alert organizations to malicious activities as they occur or shortly thereafter

35
Q

What are Corrective Controls?

A

Mitigate any potential damage and restore our systems to their normal state.

36
Q

What are Compensating Controls?

A

Alternative measures that are implemented when primary security controls are not feasible or effective.

37
Q

What are Directive Controls?

A
  • Guide, inform, or mandate actions.
  • Often rooted in policy or documentation and set the standards for behaviour within an organisation.
38
Q

What is Gap Analysis?

A

Process of evaluating the differences between an organizations current performance and its desired performance.

39
Q

List the activities involved in an Gap Analysis (4)?

A
  • Define the scope of the analysis?
  • Gather data on the current state of the organization.
  • Analyse the data to identify any areas where the organisation’s current performance falls short of its desired performance.
  • Develop a plan to bridge the gap
40
Q

What are the 2 basic types of Gap Analysis?

A
  • Technical Gap Analysis
  • Business Gap Analysis
41
Q

Describe Zero Trust

A

Zero Trust demands verification for every device, user and transaction within the network, regardless of its origin.

42
Q

What are the two different planes used to create a zero trust architecture?

A
  • Control plane
  • Data plane
43
Q

What is the control plane?

A

Refers to the overarching framework and set of components responsible for defining, managing, and enforcing the policies related to user and
system access within an organization

44
Q

What is the Data plane?

A

Ensures the policies are properly executed

Security Plus 701 (4 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions