Fundamentals of security

Question 1

Threat

Answer 1

Anything that could cause harm, loss, damage, or compromise to our information
technology systems

Question 2

Vulnerability

Answer 2

Any weakness in the system design or implementation

Question 3

Risk

Answer 3

Intersection between threats and vulnerabilities

Question 4

Risk Management

Answer 4

Finding different ways to minimize the likelihood of an outcome and achieve the
desired outcome

Question 5

CIA triad

Answer 5

Confidentiality, Integrity, Availability

Question 6

Confidentiality

Answer 6

Refers to the protection of information from unauthorized access and disclosure

Ensure that private or sensitive information is not available or disclosed to
unauthorized individuals, entities, or processes

Question 7

Integrity

Answer 7

Helps ensure that information and data remain accurate and unchanged from its
original state unless intentionally modified by an authorized individual

Verifies the accuracy and trustworthiness of data over the entire lifecycle

Question 8

Availability

Answer 8

Ensure that information, systems, and resources are accessible and operational
when needed by authorized users

Question 9

Methods for confidentiality

Answer 9

1. Hashing
2. Digital signatures
3. Checksums
4. Access controls
5. Regular audits

Question 10

Redundancy

Answer 10

Duplication of critical components or functions of a system with the
intention of enhancing its reliability

Question 11

Redundancy types

Answer 11

1. Server redundancy
2. Data redundancy
3. Network redundancy
4. Power redundancy

Question 12

Non-repudiation

Answer 12

Focused on providing undeniable proof in the world of digital transactions

Security measure that ensures individuals or entities involved in a
communication or transaction cannot deny their participation or the authenticity
of their actions

Question 13

Authentication

Answer 13

Security measure that ensures individuals or entities are who they claim to be
during a communication or transaction

Question 14

Common authentication factors

Answer 14

1. Knowledge (something you know)
2. Possession (something you have)
3. Inherence (something you are)
4. Action (something you do)
5. Location (somewhere you are)

Question 15

Authorization

Answer 15

Pertains to the permissions and privileges granted to users or entities after they
have been authenticated

Question 16

Accounting

Answer 16

Security measure that ensures all user activities during a communication or
transaction are properly tracked and recorded

Question 17

AAA

Answer 17

Authentication, authorization and accounting

Question 18

Security control categories

Answer 18

1. Technical controls
2. Managerial controls
3. Operational controls
4. Physical controls

Question 19

Security control types

Answer 19

1. Preventive
2. Deterrent
3. Detective
4. Corrective
5. Compensating
6. Directive

Question 20

Gap analysis

Answer 20

Process of evaluating the differences between an organization’s current
performance and its desired performance

Question 21

POA&M

Answer 21

Plan of Action and Milestones

• Outlines specific measures to address each vulnerability
• Allocate resources
• Set up timelines for each remediation task

Question 22

Zero Trust

Answer 22

Zero Trust demands verification for every device, user, and transaction within the
network, regardless of its origin

Question 23

Control Plane (Zero Trust)

Answer 23

Refers to the overarching framework and set of components responsible
for defining, managing, and enforcing the policies related to user and
system access within an organization

Question 24

Data Plane (Zero Trust)

Answer 24

Ensures the policies are properly executed