Fundamentals of Security Flashcards

1
Q

Protecting data and information from unauthorized access, modification, disruption, disclosure, and destruction

A

Information Security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Protecting the systems (e.g., computers, servers, network devices) that hold and
process critical data

A

Information Systems Security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

CIA Triad

A

Confidentiality, Integrity, Availability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Guarantees that an action or event cannot be denied by the involved parties
(e.g., digital signatures

A

Non-Repudiation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

CIANA Pentagon

A

An extension of the CIA triad with the addition of non-repudiation and
authentication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

AAA of Secuirty

A

Authentication, Authorization, and Accounting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Security Control Categories

A

Technical
Managerial
Operational
Physical

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Security Control Types

A

Preventative
Deterrent
Detective
Corrective
Compensating
Directive

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Operates on the principle that no one should be trusted by default.
To achieve zero trust, we use the control plane and the data plane

A

Zero Trust Model

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Adaptive identity, threat scope reduction, policy-driven access
control, and secured zones

A

Control Plane

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Subject/system, policy engine, policy administrator, and
establishing policy enforcement points

A

Data Plane

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Process of evaluating the differences between an organization’s current
performance and its desired performance

A

Gap Analysis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Conducting a gap analysis can be a valuable tool for organizations looking to improve
their…

A

operations, processes, performance, or overall security posture

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

2 Types of Gap Analysis

A

Tehcnical Gap Analysis
Business Gap Anaalysis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Outlines the specific measures to address each vulnerability, Allocate resources,
Set up timelines for each remediation task that is needed

A

Plan of Action and Milestones (POA&M)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

demands verification for every device, user, and transaction within the
network, regardless of its origin

A

Zero Trust

17
Q

Relies on real-time validation that takes into account the
user’s behavior, device, location, and more

A

Adaptive Identity

18
Q

Limits the users’ access to only what they need for their
work tasks because this reduces the network’s potential
attack surface.
Focused on minimizing the “blast radius” that could occur
in the event of a breach

A

Threat Scope Reduction

19
Q

Entails developing, managing, and enforcing user access
policies based on their roles and responsibilities

A

Polivy-Driven Access Control

20
Q

Isolated environments within a network that are designed
to house sensitive data

A

Secured Zones

21
Q

Guide, inform, or mandate actions

Often rooted in policy or documentation and set the standards for behavior within an organization

A

Directive Controls

22
Q

Alternative measures that are implemented when primary security
controls are not feasible or effective

A

Compensating Controls

23
Q

Mitigate any potential damage and restore our systems to their normal
state

A

Corrective Controls

24
Q

Monitor and alert organizations to malicious activities as they occur or shortly thereafter

A

Detective Controls

25
Q

Discourage potential attackers by making the effort seem less appealing
or more challenging

A

Deterrent Controls

26
Q

Proactive measures implemented to thwart potential security threats or
breaches

A

Preventative Controls

27
Q

Refers to the individual or entity attempting to gain access

A

Subject/System

28
Q

Cross-references the access request with its predefined
policies

A

Policy Engine

29
Q

Used to establish and manage the access policies

A

Policy Administrator

30
Q

Where the decision to grant or deny access is actually
execute

A

Policy Enforcement Point