Fundamentals Of Security

Question 1

What does the C.I.A Triad stand for?

Answer 1

Confidentiality, Integrity, Availability

These are the 3 pillars of security.

Question 2

What is Confidentiality?

Answer 2

Ensures that information is only accessible to those with appropriate authorization.

Question 3

What is Integrity?

Answer 3

Ensures that data remains accurate and unaltered unless modifications are required.

Question 4

What is Availability?

Answer 4

Ensures that information and resources are accessible and functional when needed by authorized users.

Question 5

What does C.I.A.N.A stand for?

Answer 5

Confidentiality, Integrity, Availability, Non-repudiation, Authentication.

Question 6

What is Non-repudiation?

Answer 6

Guaranteeing that a specific action or event has taken place and cannot be denied by the parties involved.

Example: Digital signatures in emails.

Question 7

What is Authentication?

Answer 7

Process of verifying the identity of a user or system.

Question 8

What does A.A.A stand for?

Answer 8

Authentication, Authorization, Accounting.

Question 9

What is Authorization?

Answer 9

Defines what actions or resources a user can access or perform.

Question 10

What is Accounting?

Answer 10

Act of tracking user activities and resource usage, used for audit or billing purposes.

Question 11

What are Security Controls?

Answer 11

Measures put in place to mitigate risk and protect the confidentiality, integrity, and availability of information systems and data.

Example: Zero Trust

Question 12

What is the Zero Trust security model?

Answer 12

A security model that operates on the principle that no one, inside or out of the organization, should be trusted by default (verification required from anyone trying to gain access).

Question 13

What is the Control Plane?

Answer 13

Consists of adaptive identity, threat scope reduction, policy-driven access control, and secured zones.

Question 14

What is the Data Plane?

Answer 14

Focused on the subject/system, policy engine, policy administrator, and establishing policy enforcement points.

Question 15

What is needed to achieve Zero Trust?

Answer 15

Control Plane and Data Plane

Question 16

What is Information Security?

Answer 16

Act of protecting data and information from unauthorized access, unlawful modification and disruption, disclosure, and corruption, and destruction.

Question 17

What is Information Systems Security?

Answer 17

The act of protecting the systems that hold and process critical data.

Question 18

What is a threat?

Answer 18

Anything that could cause harm, loss, damage, or compromise to our information technology systems.

Threats can come from natural disasters, cyber-attacks, data integrity breaches, or disclosure of confidential information.

Question 19

What are examples of sources of threats?

Answer 19

Natural disasters, cyber-attacks, data integrity breaches, and disclosure of confidential information.

Question 20

What is a vulnerability?

Answer 20

Any weakness in the system design or implementation.

Vulnerabilities can arise from internal factors.

Question 21

What are examples of internal factors that can create vulnerabilities?

Answer 21

Software bugs, misconfigured software, improperly protected network devices, missing security patches, and lack of physical security.

Question 22

What are the three main reasons for confidentiality?

Answer 22

1. To protect personal privacy
2. To maintain a business advantage
3. To achieve regulatory compliance

Question 23

What are the five basic methods to ensure confidentiality?

Answer 23

1. Encryption
2. Access Controls
3. Data Masking
4. Physical Security Measures
5. Training and Awareness

Question 24

What is encryption?

Answer 24

Process of converting data into a code to prevent unauthorized access.

Question 25

What are access controls?

Answer 25

Setting up strong user permissions to ensure that only authorized personnel can access certain types of data.

Question 26

What is data masking?

Answer 26

Method that involves obscuring specific data within a database to make it inaccessible for unauthorized users while retaining the real data’s authenticity and use for authorized users.

Question 27

What are physical security measures?

Answer 27

Measures that ensure confidentiality for both physical types of data, such as paper records stored in a filing cabinet, and for digital information contained on servers and workstations.

Question 28

What is the purpose of training and awareness in confidentiality?

Answer 28

Conducting regular training on security awareness best practices that employees can use to protect their organization’s sensitive data.

Question 29

What are the three main reasons integrity is important?

Answer 29

1. To ensure data accuracy
2. To maintain trust
3. To ensure system operability

Question 30

What are the five methods used to maintain data integrity?

Answer 30

1. Hashing
2. Digital Signatures
3. Checksums
4. Access Controls
5. Regular Audits

Question 31

What is hashing?

Answer 31

Hashing is the process of converting data into a fixed-size value.

Question 32

What do checksums ensure?

Answer 32

Checksums ensure both integrity and authenticity.

They verify the integrity of data during transmission.

Question 33

What is the purpose of access controls?

Answer 33

Access controls ensure that only authorized individuals can modify data, reducing the risk of unintentional or malicious alterations.

Question 34

What do regular audits involve?

Answer 34

Regular audits involve systematically reviewing logs and operations to ensure that only authorized changes have been made, and any discrepancies are immediately addressed.

Question 35

What is availability in cybersecurity?

Answer 35

Availability ensures that information, systems, and resources are accessible and operational when needed by authorized users.

Question 36

Why do cybersecurity professionals value availability?

Answer 36

Availability helps with ensuring business continuity, maintaining customer trust, and upholding an organization’s reputation.

Question 37

What is the best strategy to maintain availability?

Answer 37

The best strategy is to use redundancy in your systems and network designs.

Question 38

What is redundancy?

Answer 38

Redundancy is the duplication of critical components or functions of a system with the intention of enhancing its reliability.

Question 39

What is server redundancy?

Answer 39

Server redundancy involves using multiple servers in a load balanced or failover configuration to support end users if one server fails.

Question 40

What is data redundancy?

Answer 40

Data redundancy involves storing data in multiple places.

Question 41

What is network redundancy?

Answer 41

Network redundancy ensures that if one network path fails, the data can travel through another route.

Question 42

What is power redundancy?

Answer 42

Power redundancy involves using backup power sources, like generators and UPS systems.