Fundamentals of security Flashcards

1
Q

Threat

A

Anything that could cause harm, loss, damage, or compromise to our information
technology systems

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Vulnerability

A

Any weakness in the system design or implementation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Risk

A

Intersection between threats and vulnerabilities

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Risk Management

A

Finding different ways to minimize the likelihood of an outcome and achieve the
desired outcome

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

CIA triad

A

Confidentiality, Integrity, Availability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Confidentiality

A

Refers to the protection of information from unauthorized access and disclosure

Ensure that private or sensitive information is not available or disclosed to
unauthorized individuals, entities, or processes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Integrity

A

Helps ensure that information and data remain accurate and unchanged from its
original state unless intentionally modified by an authorized individual

Verifies the accuracy and trustworthiness of data over the entire lifecycle

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Availability

A

Ensure that information, systems, and resources are accessible and operational
when needed by authorized users

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Methods for confidentiality

A
  1. Hashing
  2. Digital signatures
  3. Checksums
  4. Access controls
  5. Regular audits
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Redundancy

A

Duplication of critical components or functions of a system with the
intention of enhancing its reliability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Redundancy types

A
  1. Server redundancy
  2. Data redundancy
  3. Network redundancy
  4. Power redundancy
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Non-repudiation

A

Focused on providing undeniable proof in the world of digital transactions

Security measure that ensures individuals or entities involved in a
communication or transaction cannot deny their participation or the authenticity
of their actions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Authentication

A

Security measure that ensures individuals or entities are who they claim to be
during a communication or transaction

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Common authentication factors

A
  1. Knowledge (something you know)
  2. Possession (something you have)
  3. Inherence (something you are)
  4. Action (something you do)
  5. Location (somewhere you are)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Authorization

A

Pertains to the permissions and privileges granted to users or entities after they
have been authenticated

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Accounting

A

Security measure that ensures all user activities during a communication or
transaction are properly tracked and recorded

17
Q

AAA

A

Authentication, authorization and accounting

18
Q

Security control categories

A
  1. Technical controls
  2. Managerial controls
  3. Operational controls
  4. Physical controls
19
Q

Security control types

A
  1. Preventive
  2. Deterrent
  3. Detective
  4. Corrective
  5. Compensating
  6. Directive
20
Q

Gap analysis

A

Process of evaluating the differences between an organization’s current
performance and its desired performance

21
Q

POA&M

A

Plan of Action and Milestones

  • Outlines specific measures to address each vulnerability
  • Allocate resources
  • Set up timelines for each remediation task
22
Q

Zero Trust

A

Zero Trust demands verification for every device, user, and transaction within the
network, regardless of its origin

23
Q

Control Plane (Zero Trust)

A

Refers to the overarching framework and set of components responsible
for defining, managing, and enforcing the policies related to user and
system access within an organization

24
Q

Data Plane (Zero Trust)

A

Ensures the policies are properly executed