Fundamentals of Security Flashcards

Question 1

Q

Define / Explain

Information Security

Obj. 1.0 - General Security Concepts | Fundamentals of Security

Answer

A

Protecting data and information from unauthorized access, modification, disruption, disclosure, and destruction

Question 2

Q

Define / Explain

Information Systems Security

Obj. 1.0 - General Security Concepts | Fundamentals of Security

Answer

A

Protecting the systems (e.g., computers, servers, network devices) that hold and process critical data

Question 3

Q

Define / Explain

Confidentiality

CIA Triad

Obj. 1.0 - General Security Concepts | Fundamentals of Security

Answer

A

Ensures information is acessible only to authorized personnel (e.g., encryption)

CIA Triad - Confidentiality

Question 4

Q

Define / Explain

Integrity

CIA Triad

Obj. 1.0 - General Security Concepts | Fundamentals of Security

Answer

A

Ensures data remains accurate and unaltered (e.g., checksums)

CIA Triad - Integrity

Question 5

Q

Define / Explain

Availability

CIA Triad

Obj. 1.0 - General Security Concepts | Fundamentals of Security

Answer

A

Ensures information and resources are accessible when needed (e.g., redundancy measures)

CIA Triad - Availability

Question 6

Q

Define / Explain

CIANA Pentagon

CIA Triad + NA = CIANA Pentagon

Obj. 1.0 - General Security Concepts | Fundamentals of Security

Answer

A

An extension of the CIA triad with the addition of non-repudiation and authentication

CIANA Pentagon = Non-repudiation + Authentication

Question 7

Q

Define / Explain

Non-Repudiation

CIA Triad + NA = CIANA Pentagon

Obj. 1.0 - General Security Concepts | Fundamentals of Security

Answer

A

Guarantees that an action or event cannot be denied by the involved parties (e.g., digital signatures)

CIANA Pentagon - Non-repudiation

Question 8

Q

Define / Explain

Authentication

AAA / Triple A’s of Security & CIANA Pentagon

Obj. 1.0 - General Security Concepts | Fundamentals of Security

Answer

A

Verifying the identity of a user or system (e.g., password checks)

AAA / Triple A’s of Security & CIANA Pentagon - Authentication

Question 9

Q

Define / Explain

Authorization

AAA / Triple A’s of Security

Obj. 1.0 - General Security Concepts | Fundamentals of Security

Answer

A

Determining actions or resources an authenticated user can access (e.g., permissions)

AAA / Triple A’s of Security

Question 10

Q

Define / Explain

Accounting

AAA / Triple A’s of Security

Obj. 1.0 - General Security Concepts | Fundamentals of Security

Answer

A

Tracking user activities and resource usage for audit or billing purposes

AAA / Triple A’s of Security

Question 11

Q

List the following

Security Control Categories

Obj. 1.0 - General Security Concepts | Fundamentals of Security

Answer

A

Technical
Managerial
Operational
Physical

Security Control Categories (4)

Question 12

Q

List the following

Security Control Types

Obj. 1.0 - General Security Concepts | Fundamentals of Security

Answer

A

Preventative
Deterrent
Detective
Corrective
Compensating
Directive

Security Control Types (5)

Question 13

Q

Define / Explain

Zero Trust Model

Obj. 1.0 - General Security Concepts | Fundamentals of Security

Answer

A

Operates on the principle that no one should be trusted by default

Question 14

Q

Informational

Zero Trust Model

Obj. 1.0 - General Security Concepts | Fundamentals of Security

Answer

A

To achieve zero trust, we use the control plane and the data plane

Informational

Question 15

Q

Define / Explain

Control Plane

Zero Trust Model

Obj. 1.0 - General Security Concepts | Fundamentals of Security

Answer

A

Adaptive identity, threat scope reduction, policy-driven access control, and secured zones

Question 16

Q

Define / Explain

Data Plane

Zero Trust Model

Obj. 1.0 - General Security Concepts | Fundamentals of Security

Answer

A

Subject/system, policy engine, policy administrator, and establishing policy enforcement points

Question 17

Q

Define / Explain

Threat

Obj. 1.0 - General Security Concepts | Threats & Vulnerabilities

Answer

A

Anything that could cause harm, loss, damage, or compromise to our information technology systems

Question 18

Q

Informational

Threats can come from the following…

Obj. 1.0 - General Security Concepts | Threats & Vulnerabilities

Answer

A

Natural disasters
Cyber-attacks
Data integrity breaches
Disclosure of confidential information

Informational

Question 19

Q

Define / Explain

Vulnerability

Obj. 1.0 - General Security Concepts | Threats & Vulnerabilities

Answer

A

Any weakness in the system design or implementation

Question 20

Q

Informational

Vulnerabilities can come from internal factors like the following…

Obj. 1.0 - General Security Concepts | Threats & Vulnerabilities

Answer

A

Software bugs
Misconfigured software
Improperly protected network devices
Missing security patches
Lack of physical security

Informational

Question 21

Q

Informational

Where threats and vulnerabilities intersect, that is where the risk to your enterprise systems and networks lies

Obj. 1.0 - General Security Concepts | Threats & Vulnerabilities

Answer

A

If you have a threat, but there is no matching vulnerability to it, t hen you have no risk
The same holds true that if you have a vulnerability but there’s no threat against it, there would be no risk

Informational

Question 22

Q

Define / Explain

Risk Management

Obj. 1.0 - General Security Concepts | Threats & Vulnerabilities

Answer

A

Finding different ways to minimize the likelihood of an outcome and achieve the desired outcome

Question 23

Q

Informational

Confidentiality…

Obj. 1.2 - Summarize fundamental security concepts | Confidentiality

Answer

A

Refers to the protection of information from unauthorized access and disclosure
Ensure that private or sensitive information is not available or disclosed to unauthorized individuals, entities, or processes

Informational

Question 24

Q

Informational

Confidentiality is important for three main reasons…

Obj. 1.2 - Summarize fundamental security concepts | Confidentiality

Answer

A

To protect personal privacy
To maintain a business advantage
To achieve regulatory compliance

Informational

Question 25

Q

Define / Explain

Encryption

Obj. 1.2 - Summarize fundamental security concepts | Confidentiality

Answer

A

Process of converting data into a code to prevent unauthorized access

(5) Basic methods of confidentiality

Question 26

Q

Define / Explain

Access Controls

Obj. 1.2 - Summarize fundamental security concepts | Confidentiality

Answer

A

By setting up strong user permissions, you ensure that only authorized personnel can access certain types of data

(5) Basic methods of confidentiality

Question 27

Q

Define / Explain

Data Masking

Obj. 1.2 - Summarize fundamental security concepts | Confidentiality

Answer

A

Method that involves obscuring specific data within a database to make it inaccessible for unauthorized users while retaining the real data’s authenticity and use for authorized users

(5) Basic methods of confidentiality

Question 28

Q

Define / Explain

Physical Security Measures

Obj. 1.2 - Summarize fundamental security concepts | Confidentiality

Answer

A

Ensure confidentiality for both physical types of data, such as paper records stored in a filing cabinet, and for digital information contained on servers and workstations

(5) Basic methods of confidentiality

Question 29

Q

Define / Explain

Training & Awareness

Obj. 1.2 - Summarize fundamental security concepts | Confidentiality

Answer

A

Conduct regular training on the security awareness best practices that employees can use to protect their organization’s sensitive data

(5) Basic methods of confidentiality

Question 30

Q

Informational

Integrity…

Obj. 1.2 - Summarize fundamental security concepts | Integrity

Answer

A

Helps ensure that information and data remain accurate and unchanged from its original state unless intentionally modified by an authorized individual
Verifies the accuracy and trustworthiness of data over the entire lifecycle

Informational

Question 31

Q

Informational

Integrity is important for three main reasons…

Obj. 1.2 - Summarize fundamental security concepts | Integrity

Answer

A

To ensure data accuracy
To maintain trust
To ensure system operability

Informational

Question 32

Q

Informational

To help us maintain the integrity of our data, systems, and networks, we usually utilize five methods

Obj. 1.2 - Summarize fundamental security concepts | Integrity

Answer

A

Hashing
Digital Signatures
Checksums
Access Controls
Regular Audits

Informational

Question 33

Q

Define / Explain

Hashing

Obj. 1.2 - Summarize fundamental security concepts | Integrity

Answer

A

Process of converting data into a fixed-size value

(5) Methods of integrity

Question 34

Q

Define / Explain

Digital Signatures

Obj. 1.2 - Summarize fundamental security concepts | Integrity

Answer

A

Ensures both integrity and authenticity

(5) Methods of integrity

Question 35

Q

Define / Explain

Checksums

Obj. 1.2 - Summarize fundamental security concepts | Integrity

Answer

A

Method to verify the integrity of data during transmission

(5) Methods of integrity

Question 36

Q

Define / Explain

Access Controls

Obj. 1.2 - Summarize fundamental security concepts | Integrity

Answer

A

Ensure that only authorized individuals can modify data and this reduces the risk of unintentional or malicious alterations

(5) Methods of integrity

Question 37

Q

Define / Explain

Regular Audits

Obj. 1.2 - Summarize fundamental security concepts | Integrity

Answer

A

Involve systematically reviewing logs and operations to ensure that only authorized changes have been made, and any discrepancies are immediately addressed

(5) Methods of integrity

Question 38

Q

Define / Explain

Availability

Obj. 1.2 - Summarize fundamental security concepts | Availability

Answer

A

Ensures that information, systems, and resources are accessible and operational when needed by authorized users

Question 39

Q

Informational

As cybersecurity professionals, we value availability since it can help us with the following…

Obj. 1.2 - Summarize fundamental security concepts | Availability

Answer

A

Ensuring Business Continuity
Maintaining Customer Trust
Upholding an Organization’s Repudiation

Informational

Question 40

Q

Informational, both sides

To overcome the challenges associated with maintaining availability, the best strategy is to use redundancy in your systems and network designs

Obj. 1.2 - Summarize fundamental security concepts | Availability

Answer

A

To overcome the challenges associated with maintaining availability, the best strategy is to use redundancy in your systems and network designs

Informational, both sides

Question 41

Q

Define / Explain

Redundancy

Obj. 1.2 - Summarize fundamental security concepts | Availability

Answer

A

Duplication of critical components or functions of a system with the intention of enhancing its reliability

Question 42

Q

Informational

There are various types of redundancy you need to consider when designing your systems and networks…

Obj. 1.2 - Summarize fundamental security concepts | Availability

Answer

A

Server Redundancy
Data Redundancy
Network Redundancy
Power Redundancy

Informational

Question 43

Q

Define / Explain

Server Redundancy

Obj. 1.2 - Summarize fundamental security concepts | Availability

Answer

A

Involves using multiple servers in a load balanced or failover configuration so that if one is overloaded or fails, the other servers can take over the load to continue supporting your end users

Question 44

Q

Define / Explain

Data Redundancy

Obj. 1.2 - Summarize fundamental security concepts | Availability

Answer

A

Involves storing data in multiple places

Question 45

Q

Define / Explain

Network Redundancy

Obj. 1.2 - Summarize fundamental security concepts | Availability

Answer

A

Ensures that if one network path fails, the data can travel through another route

Question 46

Q

Define / Explain

Power Redundancy

Obj. 1.2 - Summarize fundamental security concepts | Availability

Answer

A

Involes using backup power sources, like generators and UPS systems

UPS = Uninterruptable Power Supply

Question 47

Q

Informational

Non-repudiation

Obj. 1.2 - Summarize fundamental security concepts | Non-repudiation

Answer

A

Focused on providing undeniable proof in the world of digital transactions
Security measure that ensures individuals or entities involved in a communication or transaction cannot deny their participation or the authenticity of their actions

Informational

Question 48

Q

Informational

Digital Signatures

Obj. 1.2 - Summarize fundamental security concepts | Non-repudiation

Answer

A

Considered to be unique to each user who is operating within the digital domain
Created by first hashing a particular message or communication that you want to digitally sign, and then it encrypts that hash digest with the user’s private key using asymmetric encryption

Informational

Question 49

Q

Informational

Non-repudiation is important for three main reasons…

Obj. 1.2 - Summarize fundamental security concepts | Non-repudiation

Answer

A

To confirm the authenticity of digital transactions
To ensure the integrity of critical communications
To provide accountability in digital processes

Informational

Question 50

Q

Define / Explain

Authentication

Obj. 1.2 - Summarize fundamental security concepts | Authentication

Answer

A

Security measure that ensures invidivuals or entities are who they claim to be during a communication or transaction

Question 51

Q

Informational

Five commonly used authentication methods are…

Obj. 1.2 - Summarize fundamental security concepts | Authentication

Answer

A

Something you know (Knowledge Factor)
Something you have (Possession Factor)
Something you are (Inherence Factor)
Something you do (Action Factor)
Somewhere you are (Location Factor)

Informational

Question 52

Q

Define / Explain

Something you know

Obj. 1.2 - Summarize fundamental security concepts | Authentication

Answer

A

Relies on information that a user can recall

Knowledge Factor

(5) commonly used authentication methods

Question 53

Q

Define / Explain

Something you have

Obj. 1.2 - Summarize fundamental security concepts | Authentication

Answer

A

Relies on the user presenting a physical item to authenticate themselves

Possession Factor

(5) commonly used authentication methods

Question 54

Q

Define / Explain

Something you are

Obj. 1.2 - Summarize fundamental security concepts | Authentication

Answer

A

Relies on the user providing a unique physical or behavioral characteristic of the person to validate that they are who they claim to be

Inherence Factor

(5) commonly used authentication methods

Question 55

Q

Define / Explain

Something you do

Obj. 1.2 - Summarize fundamental security concepts | Authentication

Answer

A

Relies on the user conducting a unique action to prove who they are

Action Factor

(5) commonly used authentication methods

Question 56

Q

Define / Explain

Somewhere you are

Obj. 1.2 - Summarize fundamental security concepts | Authentication

Answer

A

Relies on the user being in a certain geographic location before access is granted

Location Factor

(5) commonly used authentication methods

Question 57

Q

Define / Explain

Multifactor Authentication System

Obj. 1.2 - Summarize fundamental security concepts | Authentication

Answer

A

Security process that requires users to provide multiple methods of identification to verify their identity

MFA = Multifactor Authentication

Question 58

Q

Informational

Authenticaiton is critical to understand because of the following…

Obj. 1.2 - Summarize fundamental security concepts | Authentication

Answer

A

To prevent unauthorized access
To protect user data and privacy
To ensure that resources are accessed by valid users only

Informational

Question 59

Q

Define / Explain

Authorization

Obj. 1.2 - Summarize fundamental security concepts | Authorization

Answer

A

Pertains to the permissions and privileges granted to users or entities after they have been authenticated

Question 60

Q

Informational

Authorization mechanisms are important to help us with the following…

Obj. 1.2 - Summarize fundamental security concepts | Authorization

Answer

A

To protect sensitive data
To maintain the system integrity in our organizations
To create a more streamlined user experience

Informational

Question 61

Q

Define / Explain

Accounting

Obj. 1.2 - Summarize fundamental security concepts | Accounting

Answer

A

Security measure that ensures all user activities during a communication or transaction are properly tracked and recorded

Question 62

Q

Informational

Your organization should use a robust accounting system so that you can create the following…

Obj. 1.2 - Summarize fundamental security concepts | Accounting

Answer

A

Create an audit trail
Maintain regulatory compliance
Conduct forensic analysis
Perform resource optimization
Achieve user accountability

Informational

Question 63

Q

Define / Explain

Create an audit trail

Accounting System

Obj. 1.2 - Summarize fundamental security concepts | Accounting

Answer

A

Provides a chronological record of all user activities that can be used to trace changes, unauthorized access, or anomalies back to a source or point in time

Question 64

Q

Define / Explain

Maintain regulatory compliance

Accounting System

Obj. 1.2 - Summarize fundamental security concepts | Accounting

Answer

A

Maintains a comprehensive record of all users’ activities

Answer 65

A

Uses detailed accounting and event logs that can help cybersecurity experts understand what happened, how it happened, and how to prevent similar incidents from occurring again

Answer 66

A

Organizations can optimize system performance and minimize costs by tracking resource utilization and allocation decisions

Answer 67

A

Thorough accounting system ensures users’ actions are monitored and logged, deterring potential misuse and promoting adherence to the organization’s policies

Answer 68

A

Syslog Servers
Network Analysis Tools
SIEM Systems

SIEM = Security Information and Event Management

Informational

Answer 69

A

Used to aggregate logs from various network devices and systems so that system administrators can analyze them to detect patterns or anomalies in the organization’s systems

Example: Kiwi Syslog Server NG by SolarWinds

Answer 70

A

Used to capture and analyze network traffic so that network administrators can gain detailed insights into all the data moving within a network

Example: Wireshark

Answer 71

A

Provides us with real-time analysis of security alerts generated by various hardware and software infrastructure in an organization

Example: Splunk

Answer 72

A

Technical Controls
Managerial Controls
Operational Controls
Physical Controls

Informational

Answer 73

A

Technologies, hardware, and software mechanisms that are implemented to manage and reduce risks

Answer 74

A

Sometimes also referred to as administrative controls
Involves the strategic planning and governance side of security

Answer 75

A

Procedures and measures that are designed to protect data on a day-to-day basis
Are mainly governed by internal processes and human actions

Answer 76

A

Tangible, real-world measures taken to protect assets

Answer 77

A

Preventic Controls
Deterrent Controls
Detective Controls
Corrective Controls
Compensating Controls
Directive Controls

Informational

Answer 78

A

Proactive measures implemented to thwart potential security threats or breaches

Answer 79

A

Discourage potential attackers by making the effort seem less appealing or more challenging

Answer 80

A

Monitor and alert organizations to malicious activities as they occur or shortly thereafter

Answer 81

A

Mitigate any potential damage and restore our systems to their normal state

Answer 82

A

Alternative measures that are implemented when primary security controls are not feasible or effective

Answer 83

A

Guide, inform, or mandate actions
Often rooted in policy or documentation and set the standards for behavior within an organization

Answer 84

A

Process of evaluating the differences between an organization’s current performance and its desired performance

Answer 85

A

Conducting a gap analysis can be a valuable tool for organizations looking to improve their operations, processes, performance, or overall security posture

Informational, both sides

Answer 86

A

Define the scope of the analysis
Gather data on the current state of the organization
Analyze the data to identify any areas where the organization’s current performance falls short of its desired performance
Develop a plan to bridge the gap

Informational

Answer 87

A

Technical Gap Analysis
Business Gap Analysis

Informational

Answer 88

A

Involves evaluating an organization’s current technical infrastructure
Identifying any areas where it falls short of the technical capabilities required to fully utilize their security solutions

Answer 89

A

Involves evaluating an organization’s current business processes
Identifying any areas where they fall short of the capabilities required to fully utilize cloud-based solutions

Answer 90

A

Outlines the specific measures to address each vulnerability
Allocate resources
Set up timelines for each remediation task that is needed

POA&M = Plan of Action & Milestones

Answer 91

A

Zero Trust demands verification for every device, user, and transaction within the network, regardless of its origin

Informational, both sides

Answer 92

A

Control Plane
Data Plane

Informational

Answer 93

A

Refers to the overarching framework and set of components responsible for defining, managing, and enforcing the policies related to user and system access within an organization

Answer 94

A

Adaptive Identity
Threat Scope Reduction
Policy-Driven Access Control
Secured Zones

informational

Answer 95

A

Relies on real-time validation that takes into account the user’s behavior, device, location, and more

Answer 96

A

Limits the users’ access to only what they need for their work tasks because this reduces the network’s potential attack surface
Focused on minimizing the “blast radius” that could occur in the event of a breach

Answer 97

A

Entails developing, managing, and enforcing user access policies based on their roles and responsibilities

Answer 98

A

Isolated environments within a network that are designed to house sensitive data

Answer 99

A

Control Plane uses a Policy Engine and a Policy Administrator to make decions about access

Informational, both sides

Answer 100

A

Cross-references the access request with its predefined policies

Answer 101

A

Used to establish and manage the access policies

Answer 102

A

Subject / System
Policy Enforcement Point

Informational

Answer 103

A

Refers to the individual or entity attempting to gain access

Answer 104

A

Where the decision to grant or deny access is actually executed

Brainscape's Knowledge GenomeTM

Fundamentals of Security Flashcards

Objectives 1.1 and 1.2

Brainscape's Knowledge Genome^TM