Fundamentals of Security

Question 1

Protecting data and information from unauthorized access, modification, disruption, disclosure, and destruction

Answer 1

Information Security

Question 2

Protecting the systems (e.g., computers, servers, network devices) that hold and
process critical data

Answer 2

Information Systems Security

Question 3

CIA Triad

Answer 3

Confidentiality, Integrity, Availability

Question 4

Guarantees that an action or event cannot be denied by the involved parties
(e.g., digital signatures

Answer 4

Non-Repudiation

Question 5

CIANA Pentagon

Answer 5

An extension of the CIA triad with the addition of non-repudiation and
authentication

Question 6

AAA of Secuirty

Answer 6

Authentication, Authorization, and Accounting

Question 7

Security Control Categories

Answer 7

Technical
Managerial
Operational
Physical

Question 8

Security Control Types

Answer 8

Preventative
Deterrent
Detective
Corrective
Compensating
Directive

Question 9

Operates on the principle that no one should be trusted by default.
To achieve zero trust, we use the control plane and the data plane

Answer 9

Zero Trust Model

Question 10

Adaptive identity, threat scope reduction, policy-driven access
control, and secured zones

Answer 10

Control Plane

Question 11

Subject/system, policy engine, policy administrator, and
establishing policy enforcement points

Answer 11

Data Plane

Question 12

Process of evaluating the differences between an organization’s current
performance and its desired performance

Answer 12

Gap Analysis

Question 13

Conducting a gap analysis can be a valuable tool for organizations looking to improve
their…

Answer 13

operations, processes, performance, or overall security posture

Question 14

2 Types of Gap Analysis

Answer 14

Tehcnical Gap Analysis
Business Gap Anaalysis

Question 15

Outlines the specific measures to address each vulnerability, Allocate resources,
Set up timelines for each remediation task that is needed

Answer 15

Plan of Action and Milestones (POA&M)

Question 16

demands verification for every device, user, and transaction within the
network, regardless of its origin

Answer 16

Zero Trust

Question 17

Relies on real-time validation that takes into account the
user’s behavior, device, location, and more

Answer 17

Adaptive Identity

Question 18

Limits the users’ access to only what they need for their
work tasks because this reduces the network’s potential
attack surface.
Focused on minimizing the “blast radius” that could occur
in the event of a breach

Answer 18

Threat Scope Reduction

Question 19

Entails developing, managing, and enforcing user access
policies based on their roles and responsibilities

Answer 19

Polivy-Driven Access Control

Question 20

Isolated environments within a network that are designed
to house sensitive data

Answer 20

Secured Zones

Question 21

Guide, inform, or mandate actions

Often rooted in policy or documentation and set the standards for behavior within an organization

Answer 21

Directive Controls

Question 22

Alternative measures that are implemented when primary security
controls are not feasible or effective

Answer 22

Compensating Controls

Question 23

Mitigate any potential damage and restore our systems to their normal
state

Answer 23

Corrective Controls

Question 24

Monitor and alert organizations to malicious activities as they occur or shortly thereafter

Answer 24

Detective Controls

Question 25

Discourage potential attackers by making the effort seem less appealing
or more challenging

Answer 25

Deterrent Controls

Question 26

Proactive measures implemented to thwart potential security threats or
breaches

Answer 26

Preventative Controls

Question 27

Refers to the individual or entity attempting to gain access

Answer 27

Subject/System

Question 28

Cross-references the access request with its predefined
policies

Answer 28

Policy Engine

Question 29

Used to establish and manage the access policies

Answer 29

Policy Administrator

Question 30

Where the decision to grant or deny access is actually
execute

Answer 30

Policy Enforcement Point