Fundamentals of Security

Question 1

Information Security

Answer 1

Protecting data and information from unauthorized access, modification,
disruption, disclosure, and destruction

Question 2

Information Systems Security

Answer 2

Protecting the systems (e.g., computers, servers, network devices) that hold and
process critical data

Question 3

Confidentiality

Answer 3

Ensures information is accessible only to authorized personnel (e.g.,
encryption)

Question 4

Integrity

Answer 4

Ensures data remains accurate and unaltered (e.g., checksums)

Question 5

Availability

Answer 5

Ensures information and resources are accessible when needed (e.g.,
redundancy measures)

Question 6

Non-Repudiation

Answer 6

Guarantees that an action or event cannot be denied by the involved parties
(e.g., digital signatures)

Question 7

CIANA Pentagon

Answer 7

An extension of the CIA triad with the addition of non-repudiation and
authentication

Question 8

Triple A’s of Security

Answer 8

Authentication, Authorization, Accounting

Question 9

Security Control Categories

Answer 9

■ Technical
■ Managerial
■ Operational
■ Physical

Question 10

Security Control Types

Answer 10

■ Preventative
■ Deterrent
■ Detective
■ Corrective
■ Compensating
■ Directive

Question 11

Zero Trust Model

Answer 11

Operates on the principle that no one should be trusted by default

Question 12

To achieve zero trust, we use what two PLANES?

Answer 12

■ Control Plan
■ Data Plane

Question 13

Control Plane

Answer 13

Adaptive identity, threat scope reduction, policy-driven access
control, and secured zones

Question 14

Data Plane

Answer 14

Subject/system, policy engine, policy administrator, and
establishing policy enforcement points

Question 15

Threat

Answer 15

Anything that could cause harm, loss, damage, or compromise to our information
technology systems

■ Disasters
■ Cyber attacks
■ Security breaches

Question 16

Vulnerability

Answer 16

Any weakness in the system design or implementation that is INTERNAL

■ Missing security patches
■ Bugs
■ Physical security

Question 17

Risk Management

Answer 17

Finding different ways to minimize the likelihood of an outcome and achieve the
desired outcome

Question 18

Confidentiality

Answer 18

■ Information from unauthorized access and disclosure
■ Ensure that private or sensitive information is not available or disclosed to
unauthorized individuals, entities, or processes

Question 19

3 main reasons why confidentiality is important

Answer 19

■ To protect personal privacy
■ To maintain a business advantage
■ To achieve regulatory compliance

Question 20

What are the five basic methods to ensure confidentiality?

Answer 20

■ Encryption
■ Access Controls
■ Data Masking
■ Physical Security Measures
■ Training and Awareness

Question 21

Encryption

Answer 21

Process of converting data into a code to prevent unauthorized access

Question 22

Access Controls

Answer 22

By setting up strong user permissions, you ensure that only authorized
personnel can access certain types data

Question 23

Data Masking

Answer 23

Method that involves obscuring specific data within a database to make it
inaccessible for unauthorized users while retaining the real data’s
authenticity and use for authorized users

Question 24

Physical Security Measures

Answer 24

Ensure confidentiality for both physical types of data, such as paper
records stored in a filing cabinet, and for digital information contained on
servers and workstations

Question 25

Training and Awareness

Answer 25

Conduct regular training on the security awareness best practices that employees can use to protect their organization’s sensitive data

Question 26

Integrity

Answer 26

Helps ensure that information and data remain accurate and unchanged from its original state unless intentionally modified by an authorized individual

Question 27

What are the three main reasons why Integrity is important?

Answer 27

■ To ensure data accuracy ■ To maintain trust ■ To ensure system operability

Question 28

What are the five methods used to help us maintain the integrity of our data, systems, and networks?

Answer 28

■ Hashing ■ Digital Signatures ■ Checksums ■ Access Controls ■ Regular Audits

Question 29

Hashing

Answer 29

Process of converting data into a fixed-size value

Question 30

Digital Signatures

Answer 30

Ensure both integrity and authenticity

Question 31

Checksums

Answer 31

Method to verify the integrity of data during transmission

Question 32

Access Controls

Answer 32

Ensure that only authorized individuals can modify data and this reduces the risk of unintentional or malicious alterations

Question 33

Regular Audits

Answer 33

involve systematically reviewing logs and operations to ensure that only authorized changes have been made, and any discrepancies are immediately addressed

Question 34

Availability

Answer 34

Ensure that information, systems, and resources are accessible and operational when needed by authorized users ■ Continuity ■ Maintaining Customer Trust ■ Upholding an Organization's Reputation

Question 35

What is needing to combat the challenges that come with availability?

Answer 35

Redundancy

Question 36

Redundancy

Answer 36

Duplication of critical components or functions of a system with the intention of enhancing its reliability

Question 37

What are the four types of redundancy?

Answer 37

■ Server ■ Data ■ Network ■ Power

Question 38

Server Redundancy

Answer 38

Involves using multiple servers in a load balanced or failover configuration so that if one is overloaded or fails, the other servers can take over the load to continue supporting your end users

Question 39

Data Redundancy

Answer 39

Involves storing data in multiple places

Question 40

Network Redundancy

Answer 40

Ensures that if one network path fails, the data can travel through another route

Question 41

Power Redundancy

Answer 41

Involves using backup power sources, like generators and UPS systems

Question 42

Non-repudiation

Answer 42

Security measure that ensures individuals or entities involved in a communication or transaction cannot deny their participation or the authenticity of their actions

Question 43

Digital Signatures

Answer 43

Created by first hashing a particular message or communication that you want to digitally sign, and then it encrypts that hash digest with the user’s private key using asymmetric encryption

Question 44

Authentication

Answer 44

Security measure that ensures individuals or entities are who they claim to be during a communication or transaction

Question 45

What are the 5 authentication methods used?

Answer 45

■ Knowledge ■ Possession ■ Inherence ■ Location ■ Action

Question 46

Knowledge Factor

Answer 46

Relies on information that a user can recall

Question 47

Possession Factor

Answer 47

Relies on the user presenting a physical item to authenticate themselves

Question 48

Inherence Factor

Answer 48

Relies on the user providing a unique physical or behavioral characteristic of the person to validate that they are who they claim to be

Question 49

Action Factor

Answer 49

Relies on the user conducting a unique action to prove who they are

Question 50

Location Factor

Answer 50

Relies on the user being in a certain geographic location before access is granted

Question 51

Authorization

Answer 51

Pertains to the permissions and privileges granted to users or entities after they have been authenticated

Question 52

Accounting

Answer 52

Security measure that ensures all user activities during a communication or transaction are properly tracked and recorded

Question 53

What are the 4 Broad Categories of Security Controls?

Answer 53

■ Technical ■ Operational ■ Managerial ■ Physical

Question 54

Technical Controls

Answer 54

Technologies, hardware, and software mechanisms that are implemented to manage and reduce risks (Antivirus,firewall)

Question 55

Managerial/Admin Controls

Answer 55

Involve the strategic planning and governance side of security

Question 56

Operational Controls

Answer 56

Procedures and measures that are designed to protect data on a day-to-day basis

Question 57

Physical Controls

Answer 57

Tangible, real-world measures taken to protect assets(cameras, doors, security people)

Question 58

What are the 6 Basic Types of Security Controls?

Answer 58

■ Preventive ■ Deterrent ■ Detective ■ Corrective ■ Compensating ■ Directive

Question 59

Preventive Controls

Answer 59

Proactive measures implemented to thwart potential security threats or breaches

Question 60

Deterrent Controls

Answer 60

Discourage potential attackers by making the effort seem less appealing or more challenging

Question 61

Detective Controls

Answer 61

Monitor and alert organizations to malicious activities as they occur or shortly thereafter

Question 62

Corrective Controls

Answer 62

Mitigate any potential damage and restore our systems to their normal state

Question 63

Compensating Controls

Answer 63

Alternative measures that are implemented when primary security controls are not feasible or effective

Question 64

Directive Controls

Answer 64

● Guide, inform, or mandate actions ● Often rooted in policy or documentation and set the standards for behavior within an organization

Question 65

What are the 2 types of Gap Analysis?

Answer 65

■ Technical Gap Analysis ■ Business Gap Analysis

Question 66

Technical Gap Analysis

Answer 66

● Involves evaluating an organization's current technical infrastructure ● identifying any areas where it falls short of the technical capabilities required to fully utilize their security solutions

Question 67

Business Gap Analysis

Answer 67

● Involves evaluating an organization's current business processes ● Identifying any areas where they fall short of the capabilities required to fully utilize cloud-based solutions

Question 68

Zero Trust

Answer 68

Zero Trust demands verification for every device, user, and transaction within the network, regardless of its origin

Question 69

What are the two different planes to create a zero trust architecture?

Answer 69

■ Control Plane ■ Data Plane