Fundamentals of Security

Question 1

What is information Security

Answer 1

Act of protecting data from unauthorized access, unlawful modification and disruption, disclosure, corruption, and destruction.

Question 2

What is CIANA?

Answer 2

Confidentiality
integrity
Availability
Non-Repudiation
Authentication

Question 3

What is Information System Security

Answer 3

Act of protecting the systems that hold and process critical data.

Question 4

What is confidentiality

Answer 4

Ensuring that data is only available to those with the proper authorization.

Question 5

What is Integrity

Answer 5

Ensuring the accuracy and trustworthiness of data over it’s entire lifecycle

Question 6

What is Availability

Answer 6

Ensuring that data and resources are accessible and functional when needed by authorized users

Question 7

What is Non-Repudiation

Answer 7

The guarantee that a specific action or event has taken place and cannot be denied by the parties involved.

Question 8

What is Authentication

Answer 8

The process of verifying the identity of a user or system.

Question 9

What is AAA?

Answer 9

Authentication
Authorization
Accounting

Question 10

What is Authorization?

Answer 10

Defining what actions or resources a user can use/perform.

Question 11

What is Accounting?

Answer 11

Act of tracking user activities and resource usage, typically for audit or billing purposes.

Question 12

What are Security Controls?

Answer 12

Measures or mechanisms put in place to mitigate risks and protect the Confidentiality, Integrity, and Availability of information systems and data.

Question 13

What is Zero Trust?

Answer 13

Security model that operates on the idea of trust no one and verify everything

Question 14

What are the components of Zero Trust?

Answer 14

Control Plane and Data Plane

Question 15

What is a Control Plane?

Answer 15

Responsible for making decisions about how data should be forwarded within a network

Question 16

What is a Data Plane?

Answer 16

Responsible for the actual forwarding of data packets based on the decisions made by the control plane

Question 17

What is a Threat?

Answer 17

Anything that could cause harm, loss damage, or compromise to information technology systems.

Question 18

What is a Vulnerability

Answer 18

Any weakness in the system design or implementation.

Question 19

What is the difference between a Threat and a Vulnerability?

Answer 19

Threats we can’t control but can mitigate damage. Vulnerabilities are internal things we can control

Question 20

What are ways to ensure confidentiality?

Answer 20

Encryption
Access Controls
Data Masking
Physical Security Measures
Training and Awareness

Question 21

What are ways to ensure integrity?

Answer 21

Hashing
Digital Signatures
Checksums
Access Controls
Regular Audits

Question 22

What is redundancy?

Answer 22

Duplication of critical components or functions of a system with the intention of improving reliability.

Question 23

What are 4 types of redundancy?

Answer 23

Server
Data
Network
Power

Question 24

What is server redundancy?

Answer 24

using multiple servers in a load balance so that if one is overloaded or fails, the other servers can take over the load to continue supporting end users.

Question 25

What is Data Redundancy?

Answer 25

Involves storing data in multiple places as backups.

Question 26

What is Network Redundancy?

Answer 26

Ensures that if one network path fails, the data can travel another route

Question 27

What is Power Redundancy?

Answer 27

Involves using backup power sources like generators to ensure that an org’s systems remain operational during periods of power disruptions or outages within local service areas.

Question 28

What are the 5 factors of providing authentication?

Answer 28

Knowledge/Something you know
Possession/Something you have
Inherence/Something you are
Action/Something you do
Location/Somewhere you are

Question 29

What makes a robust accounting system?

Answer 29

Audit Trail
Regulatory Compliance
Forensic Analysis
Resource Optimization
User Accountability

Question 30

What is SIEM?

Answer 30

Security Information and Event Management Systems.
Provide real-time analysis of security alerts generated by various hardware and software infrastructures in an organization

Question 31

What are the 4 security control categories?

Answer 31

Technical
Managerial
Operational
Physical

Question 32

What is Technical Control?

Answer 32

The tech, hardware, and software mechanism that are implemented to manage and reduce risk. Think anti-virus software, firewalls, encryption processes.

Question 33

What is Managerial Control?

Answer 33

Involve the strategic planning and governance side of security. The typically the business side of an org that performs the risk assessment for a new product into the company ecosystem

Question 34

What is Operational Control?

Answer 34

Procedures and measures that are designed to protect data on a day-to-day basis and are mainly governed by internal processes and human actions.

Question 35

What is Physical Control?

Answer 35

Tangible, real-world measures used to protect assets

Question 36

What are the 6 basic Security Control Types?

Answer 36

Preventative
Deterrent
Detective
Corrective
Compensating
Directive

Question 37

What is a Gap Analysis?

Answer 37

Process of evaluating the differences between an organization’s current performance and its desired performance

Question 38

What are the 2 types of Gap Analysis?

Answer 38

Technical and Business

Question 39

What is a Technical Gap Analysis?

Answer 39

Looks at the technology currently used, and assesses the pros of cons of it in relation to where we ultimately want to go.

Question 40

What is a Business Gap Analysis?

Answer 40

Looks at the current business processes, and assesses areas where we’ll fall short in utilizing the solution we want to get to.

Question 41

How do we create a Gap Analysis?

Answer 41

• Define the Scope of Analysis.
• Gather data on the current state of the org
• Analyze the data to identify gaps
• Develop a plan to bridge the gaps.

Question 42

Adaptive Identity

Answer 42

The process of tailoring each customer authentication to the specifics of the request

Question 43

Threat Scope Reduction

Answer 43

Limit the user’s access to only what they need for their work tasks because it reduces the network’s potential attack surface(how much damage can occur if this particular user was compromised. )

Question 44

Policy-driven Access Control

Answer 44

Entails developing, managing, and enforcing user access polices based on their roles and responsibilities.

Question 45

Secured Zones

Answer 45

Isolating envs within a network that are designed to house data