Fundamentals of Security Flashcards

Understanding Chapter 1 of security+ study material

1
Q

What is information Security

A

Act of protecting data from unauthorized access, unlawful modification and disruption, disclosure, corruption, and destruction.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is CIANA?

A

Confidentiality
integrity
Availability
Non-Repudiation
Authentication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is Information System Security

A

Act of protecting the systems that hold and process critical data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is confidentiality

A

Ensuring that data is only available to those with the proper authorization.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is Integrity

A

Ensuring the accuracy and trustworthiness of data over it’s entire lifecycle

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is Availability

A

Ensuring that data and resources are accessible and functional when needed by authorized users

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is Non-Repudiation

A

The guarantee that a specific action or event has taken place and cannot be denied by the parties involved.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is Authentication

A

The process of verifying the identity of a user or system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is AAA?

A

Authentication
Authorization
Accounting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is Authorization?

A

Defining what actions or resources a user can use/perform.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is Accounting?

A

Act of tracking user activities and resource usage, typically for audit or billing purposes.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What are Security Controls?

A

Measures or mechanisms put in place to mitigate risks and protect the Confidentiality, Integrity, and Availability of information systems and data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is Zero Trust?

A

Security model that operates on the idea of trust no one and verify everything

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What are the components of Zero Trust?

A

Control Plane and Data Plane

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is a Control Plane?

A

Responsible for making decisions about how data should be forwarded within a network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is a Data Plane?

A

Responsible for the actual forwarding of data packets based on the decisions made by the control plane

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What is a Threat?

A

Anything that could cause harm, loss damage, or compromise to information technology systems.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What is a Vulnerability

A

Any weakness in the system design or implementation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What is the difference between a Threat and a Vulnerability?

A

Threats we can’t control but can mitigate damage. Vulnerabilities are internal things we can control

20
Q

What are ways to ensure confidentiality?

A

Encryption
Access Controls
Data Masking
Physical Security Measures
Training and Awareness

21
Q

What are ways to ensure integrity?

A

Hashing
Digital Signatures
Checksums
Access Controls
Regular Audits

22
Q

What is redundancy?

A

Duplication of critical components or functions of a system with the intention of improving reliability.

23
Q

What are 4 types of redundancy?

A

Server
Data
Network
Power

24
Q

What is server redundancy?

A

using multiple servers in a load balance so that if one is overloaded or fails, the other servers can take over the load to continue supporting end users.

25
Q

What is Data Redundancy?

A

Involves storing data in multiple places as backups.

26
Q

What is Network Redundancy?

A

Ensures that if one network path fails, the data can travel another route

27
Q

What is Power Redundancy?

A

Involves using backup power sources like generators to ensure that an org’s systems remain operational during periods of power disruptions or outages within local service areas.

28
Q

What are the 5 factors of providing authentication?

A

Knowledge/Something you know
Possession/Something you have
Inherence/Something you are
Action/Something you do
Location/Somewhere you are

29
Q

What makes a robust accounting system?

A

Audit Trail
Regulatory Compliance
Forensic Analysis
Resource Optimization
User Accountability

30
Q

What is SIEM?

A

Security Information and Event Management Systems.
Provide real-time analysis of security alerts generated by various hardware and software infrastructures in an organization

31
Q

What are the 4 security control categories?

A

Technical
Managerial
Operational
Physical

32
Q

What is Technical Control?

A

The tech, hardware, and software mechanism that are implemented to manage and reduce risk. Think anti-virus software, firewalls, encryption processes.

33
Q

What is Managerial Control?

A

Involve the strategic planning and governance side of security. The typically the business side of an org that performs the risk assessment for a new product into the company ecosystem

34
Q

What is Operational Control?

A

Procedures and measures that are designed to protect data on a day-to-day basis and are mainly governed by internal processes and human actions.

35
Q

What is Physical Control?

A

Tangible, real-world measures used to protect assets

36
Q

What are the 6 basic Security Control Types?

A

Preventative
Deterrent
Detective
Corrective
Compensating
Directive

37
Q

What is a Gap Analysis?

A

Process of evaluating the differences between an organization’s current performance and its desired performance

38
Q

What are the 2 types of Gap Analysis?

A

Technical and Business

39
Q

What is a Technical Gap Analysis?

A

Looks at the technology currently used, and assesses the pros of cons of it in relation to where we ultimately want to go.

40
Q

What is a Business Gap Analysis?

A

Looks at the current business processes, and assesses areas where we’ll fall short in utilizing the solution we want to get to.

41
Q

How do we create a Gap Analysis?

A
  • Define the Scope of Analysis.
  • Gather data on the current state of the org
  • Analyze the data to identify gaps
  • Develop a plan to bridge the gaps.
42
Q

Adaptive Identity

A

The process of tailoring each customer authentication to the specifics of the request

43
Q

Threat Scope Reduction

A

Limit the user’s access to only what they need for their work tasks because it reduces the network’s potential attack surface(how much damage can occur if this particular user was compromised. )

44
Q

Policy-driven Access Control

A

Entails developing, managing, and enforcing user access polices based on their roles and responsibilities.

45
Q

Secured Zones

A

Isolating envs within a network that are designed to house data