Fundamentals of Security

Question 1

Information Security

Answer 1

Protecting data and information from unauthorized access, modification, disruption, disclosure, and destruction.

Question 2

Information Systems Security

Answer 2

Protecting the systems (e.g., computers, servers, network devices) that hold and process critical data.

Question 3

CIA Triad

Answer 3

Confidentiality, Integrity, & Availability

Question 4

Confidentiality

Answer 4

Ensures information is accessible only to authorized personnel (e.g., encryption)

Question 5

Integrity

Answer 5

Ensures data remains accurate and unaltered (e.g., checksums)

Question 6

Availability

Answer 6

Ensures information and resources are accessible when needed (e.g., redundancy measures)

Question 7

Non-Repudiation

Answer 7

Guarantees that an action or event cannot be denied by the involved parties (e.g., digital signatures)

Question 8

CIANA Pentagon

Answer 8

An extension of the CIA triad with the addition of non-repudiation and authentication.

Question 9

Triple A’s of Security

Answer 9

Authentication, Authorization, & Accounting

Question 10

Authentication

Answer 10

Verifying the identity of a user or system (e.g., password checks)

Question 11

Authorization

Answer 11

Determining actions or resources an authenticated user can access (e.g., permissions)

Question 12

Accounting

Answer 12

Tracking user activities and resource usage for audit or billing purposes.

Question 13

Security Control Categories

Answer 13

■ Technical
■ Managerial
■ Operational
■ Physical

Question 14

Security Control Types

Answer 14

■ Preventative
■ Deterrent
■ Detective
■ Corrective
■ Compensating
■ Directive

Question 15

Zero Trust Model

Answer 15

Operates on the principle that no one should be trusted by default.

To achieve zero trust, we use the control plane and the data plane.

Question 16

Control Plane

Answer 16

Adaptive identity, threat scope reduction, policy-driven access control, and secured zones.

Question 17

Data Plane

Answer 17

Subject/system, policy engine, policy administrator, and
establishing policy enforcement points.

Question 18

Threat

Answer 18

Anything that could cause harm, loss, damage, or compromise to our information
technology systems.

Can come from the following:
● Natural disasters
● Cyber-attacks
● Data integrity breaches
● Disclosure of confidential information

Question 19

Vulnerability

Answer 19

Any weakness in the system design or implementation.

Come from internal factors like the following:
● Software bugs
● Misconfigured software
● Improperly protected network devices
● Missing security patches
● Lack of physical security

Question 20

Risk Management

Answer 20

Finding different ways to minimize the likelihood of an outcome and achieve the desired outcome.

Question 21

Confidentiality

Answer 21

Refers to the protection of information from unauthorized access and disclosure.

Ensure that private or sensitive information is not available or disclosed to unauthorized individuals, entities, or processes.

Question 22

Confidentiality is important for 3 main reasons

Answer 22

■ To protect personal privacy
■ To maintain a business advantage
■ To achieve regulatory compliance

Question 23

To ensure confidentiality, we use five basic methods

Answer 23

■ Encryption
■ Access Controls
■ Data Masking
■ Physical Security Measures
■ Training and Awareness