Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CompTIA Security + > Fundamentals of Security > Flashcards

Fundamentals of Security Flashcards

Section 2

1
Q

Act of protecting data and information from unauthorized access, unlawful modification and disruption, disclosure and corruption and destruction.

A

Information Security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

The data that systems hold, not the data systems themselves is an example of what?

A

Information Security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Act of protecting the systems that hold and process the critical data.

A

Information Systems Security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

The actual data systems (cell phones, computers, servers) not the actual data they hold are an example of what?

A

Information Systems Security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is the CIA Triad also known as the 3 pillars of security

A

Confidentiality
Integrity
Availability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Ensures that information is only accessible to those with appropriate authorization.

A

Confidentiality

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What Pillar of security is this an example of. Encrypting sensitive files and authorizing specific people to de-encrypt them and read them.

A

Confidentiality

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Ensures that data remains accurate and unaltered unless modification is required.

A

Integrity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What Pillar of security is this an example of. Checksums can be used to verify that a file has not been changed or corrupted as it moves along a network during a data transfer

A

Integrity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Ensures that information and resources are accessible and functional when needed by authorized users.

A

Availability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What Pillar of security is this an example of. When you implement redundancy measures for a website to ensure it remains online and up at any time regardless of how much traffic it is receiving.

A

Availability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is the CIANA Pentagon

A

Confidentiality
Integrity
Availability
Non-Repudiation
Authentication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Guaranteeing that a specific action or event has taken place and cannot be denied by the parties involved.

A

Non-Repudiation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Sending an email that has been digitally signed that a person cannot deny sending the email is an example of what

A

Non-Repudiation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What are the AAA of Security

A

Authentication
Authorization
Accounting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Process of verifying the identity of a user or system

A

Authentication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Defines what actions or resources a user can access

A

Authorization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Act of tracking user activities and resource usage, typically for auditing or billing purposes

A

Accounting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

This is an example of what AAA of security. When you try to login to get our email username and password is being checked against a stored version to confirm your identity.

A

Authentication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

This is an example of what AAA of security. In a company database you as an employee you may have access to view records but you many not have access to edit them so you have read permission

A

Authorization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

This is an example of what AAA of security. When you log into your computer what you do is being logged to be able to monitor unusual or unauthorized behavior.

A

Accounting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Measures or mechanisms put in place to mitigate risks and protect the confidentiality, integrity and availability of information systems and data

A

Security Controls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

What are Security Control Categories

A

Technical
Managerial
Operational
Physical

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

What are Security Control Types

A

Preventative
Deterrent
Detective
Corrective
Compensation
Directive

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Security model that operates on the principle that no one whether inside or outside the organization should be trusted be default.

A

Zero Trust

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Verification required for everybody is an example of what.

A

Zero Trust

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

Consists of the adaptive identity, threat scope reduction, policy-driven access control and secured zones.

A

Control Plane

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

Focused of the subject/system, policy engine, policy administrator, and establishing policy enforcement points.

A

Data Plane

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

Anything that could cause harm, loss, damage or compromise to information technology systems.

A

Threat

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

External Source Threats are threats we cannot fully control. Name four types

A

Natural Disasters
Cyber Attacks
Data integrity breaches
Disclosure of confidential infomration

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

Any weakness in the system design or implementation

A

Vulnerability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

Internal factors are threats we can control and prevent name 5 examples

A

Softeware bugs
Misconfigured software
Improperly protected network devices
Missing security patches
Lack of physical security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

Finding different ways to minimize the likely hood of an outcome occurring and achieving the desired outcomes

A

Risk Management

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

This is an example of what Threat, Vulnerability or Risk Management.
You are trying to get to work on time but you remember you have to stop and get gas causing you to be late.

A

Vulnerability - Getting gas is something that could have been done the night before. Vulnerabilities can be prevented

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

This is an example of what Threat, Vulnerability or Risk Management.
You are trying to get to work on time but a there is a car accident on the high way you are now stuck in traffic causing you to be late.

A

Threat - You could not have prevented the other driver to not cause a car accident

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

This is an example of what Threat, Vulnerability or Risk Management.
You are trying to get to work on time you feel rushed so you decide to leave an extra 30 minutes early.

A

Risk Management - You are giving yourself extra time incase any vulnerabilities or threats pop up on your way to work

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

Refers to the process of information from unauthorized access and disclosure

A

Confidentiality

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

This is an example of what CIA. Sensitive data is only to be seen by authorized people

A

Confidentiality

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

What are the 5 basic methods of Confidentiality

A

Encryption
Access controls
Data masking
Physical Security Measures
Training and awareness

40
Q

Process of converting data into code to prevent unauthorized access

A

Encryption

41
Q

This is an example of what 5 basic methods of Confidentiality (Encryption, Access Controls, Data Masking, Physical Security Measures, Training and awareness) Scrambles the plane text data into an indecipherable jumble until the right decryption key is provided.

A

Encryption

42
Q

Ensure only authorized personal can access certain type of access

A

Access Control

43
Q

This is an example of what 5 basic methods of Confidentiality (Encryption, Access Controls, Data Masking, Physical Security Measures, Training and awareness) Your boss might want you to save your personal record on the companies shared drive but they only want themselves to access it. Permissions are set to give them read/right access.

A

Access Control

44
Q

Method that involves obscuring data within a data base to make it in accessible for unauthorized users while retaining the real data’s authenticity and use for authorized users.

A

Data Masking

45
Q

This is an example of what 5 basic methods of Confidentiality (Encryption, Access Controls, Data Masking, Physical Security Measures, Training and awareness) Hiding the first 12 numbers of a credit card but showing the last four numbers.

A

Data Masking

46
Q

Used to ensure confidentiality for physical types of data and for digital information contained on servers and worksheets

A

Physical Security Measures

47
Q

This is an example of what 5 basic methods of Confidentiality (Encryption, Access Controls, Data Masking, Physical Security Measures, Training and awareness) Locking doors to filing cabinets or installing security cameras.

A

Physical Security Measures

48
Q

Conducting regular training on the security awareness best practices that employees can use to protect the organization.

A

Training and awareness

49
Q

Confidentiality should always be paired with what word

A

Encryption

50
Q

Helps to ensure information and data remain accurate and unchanged from their original state unless intentionally modified by an authorized individual.

A

Integrity

51
Q

What are the 5 methods of Integrity

A

Hashing
Digital Signature
Checksums
Access Controls
Regular Audits

52
Q

Integrity should always be paired with what word.

A

Hashing

53
Q

Process of converting data into a fixed size volume

A

Hashing

54
Q

Use encryption to ensure integrity and authenticity

A

Digital Signature

55
Q

Method to verify integrity of data during transmission

A

Checksums

56
Q

Ensure that only authorized individuals can modify data and reduce the risk of unintentional or malicious alternations

A

Access Control

57
Q

Reviewing logs and operations to ensure that only authorized changes have been made and discrepancies are addressed

A

Regular Audits

58
Q

Used to ensure that information, systems, and resources are accessible and operational when needed by authorized users

A

Availability

59
Q

What word should always be paired with Availability

A

Redundancy

60
Q

Duplicates critical components or functions of a system with the intent of enhancing its reliability

A

Redundancy

61
Q

What are 4 types of redundancy

A

Server Redundancy
Data Redundancy
Network Redundancy
Power Redundancy

62
Q

Focused on providing undeniable proof in digital transations

A

Non-Repudiation

63
Q

Proof it was sent by a specific user

A

Digital Signature

64
Q

What are 3 important reasons of non-repudiation

A

Confirming the authenticity of digital transactions
Ensuring Integrity
Providing Accountability

65
Q

Non-Repudiation should always be paired with what word

A

Digital Signature

66
Q

Security measures that ensures individual or entities are who they claim to be during a communication or transaction.

A

Authentication

67
Q

What are the 5 common authentication methods

A

Something you know
Something you have
Something you are
Something you do
Something you are

68
Q

Permissions and privileges granted to users or entities after they have been authenticated

A

Authorization

69
Q

Security measure that ensures all users activities are properly tracked and recorded.

A

Accounting

70
Q

Used to aggregate logs from various network devices so systems admins can analyze them to detect patterns or anomalies in he organization

A

Syslog Server

71
Q

Used to capture and analyze network traffic to gain detailed insights into all the data moving with in a network.

A

Network Analyzer

72
Q

Provides real-time analysis of security alerts generated by various hardware and software infrastructures in an organization

A

Security Information and Event Management (SIEM)

73
Q

4 Types of Security Control Categories

A
  1. Technical Controls
  2. Managerial Controls
  3. Operational Controls
  4. Physical Controls
74
Q

6 Types of Security Control Types

A
  1. Preventative Controls
  2. Deterrent Controls
  3. Detective Controls
  4. Corrective Controls
  5. Compensating Controls
  6. Directive Controls
75
Q

Which Security Control builds our foundation
1. Preventative Controls
2. Deterrent Controls
3. Detective Controls
4. Corrective Controls
5. Compensating Controls
6. Directive Controls

A
  1. Preventative Controls

Proactive measures implemented to thwart potential security threats or breaches.

Example: Firewall

76
Q

Which Security Control Discourages threats
1. Preventative Controls
2. Deterrent Controls
3. Detective Controls
4. Corrective Controls
5. Compensating Controls
6. Directive Controls

A
  1. Deterrent Controls

Aim to discourage potential attackers by making the effort seem less appealing or more challenging.

Example: Warning signs on property or a banner on a website

77
Q

Which Security Control Keeps a watchful eye
1. Preventative Controls
2. Deterrent Controls
3. Detective Controls
4. Corrective Controls
5. Compensating Controls
6. Directive Controls

A
  1. Detective Controls

Monitor and alerts organizations to malicious activities as they occur or shortly there after.

Example: Security camera, Intrusion detection system (IDS) in a network system

78
Q

Which Security Control has to do with Emergency
1. Preventative Controls
2. Deterrent Controls
3. Detective Controls
4. Corrective Controls
5. Compensating Controls
6. Directive Controls

A
  1. Corrective Controls

Mitigate any potential damage and restore the systems to their normal state.

Example: Anti virus software quarantine and removing malicious software.

79
Q

Which Security Control has to do with Backups
1. Preventative Controls
2. Deterrent Controls
3. Detective Controls
4. Corrective Controls
5. Compensating Controls
6. Directive Controls

A
  1. Compensating Controls

Alternative measures that are implemented when primary security controls are not feasible or effective

80
Q

Which Security Control Guides entire process
1. Preventative Controls
2. Deterrent Controls
3. Detective Controls
4. Corrective Controls
5. Compensating Controls
6. Directive Controls

A
  1. Directive Controls

Often rooted in policy or documentation and set the standards for behavior within an organization.

Example: A policy on how to use company equipment

81
Q

Process of evaluating the differences between an organization current performance and its desired performance

A

Gap Analysis

82
Q

What are 2 types of gap analysis

A
  1. Technical Gap Analysis
  2. Business Gap Analysis
83
Q

What type of gap analysis involves evaluating an organizations current technical infrastructure and identifying any areas where it falls short of the technical capabilities required to fully utilize their security solutions

A

Technical Gap Analysis

84
Q

What type of gap analysis involves evaluating an organizations current business process and identifying any areas where they fall short of the capabilities required to fully utilize cloud based solutions

A

Business Gap Analysis

85
Q

Plan of Action and Milestones (POA&M)

A

Outline the specific measures to address each vulnerability, allocate resources and set up timelines for each remediation task that is needed.

86
Q

The overarching framework and set of components responsible for defining managing and enforcing the policies related to users and system access within an organization

A

Control Plane

87
Q

Ensures that the polices and procedures are properly executed

A

Data Plane

88
Q

Is this a control plane or a data plane

Adaptive Identity: Identities that rely on real time validation that takes into account the users behavior device, location and other factors like that.

A

Control Plane

89
Q

Is this a control plane or a data plane

Threat scope reduction: Limits the users access to only what they need for their work tasks

A

Control Plane

90
Q

Is this a control plane or a data plane

Secured Zones: Isolated environments within a network that are designed to house sensitive data

A

Control Plane

91
Q

Is this a control plane or a data plane

Policy-Driven Access Control: Entails developing, managing , and enforcing user access policies based on their roles and responsibilities

A

Control Plane

92
Q

Is this a control plane or a data plane

Subject/System: Refers to the individual or entity attempting to gain access

A

Data Plane

93
Q

Is this a control plane or a data plane

Policy Engine: Cross-references the access request with its pre-defined policies

A

Data Plane

94
Q

Is this a control plane or a data plane

Policy Administrator: Used to establish and manage the access polices

A

Data Plane

95
Q

Is this a control plane or a data plane

Policy Enforcement Point: Allow or restrict access and it will effectively act as a gatekeeper to the sensitive areas of the systems or networks

A

Data Plane

CompTIA Security + (2 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions