Fundamentals of Security

Question 1

What is information security?

Answer 1

Protecting data and information from unauthorized access, modification,
disruption, disclosure, and destruction

Question 2

What is information system security?

Answer 2

Protecting the systems (e.g., computers, servers, network devices) that hold and
process critical data

Question 3

Examples of information security systems?

Answer 3

computers, servers, network devices

Question 4

What is the CIA triad?
What does each one ensure?
Example of how each is achieved?

Answer 4

Confidentiality: Ensures information is accessible only to authorized personnel (e.g., encryption)

Integrity: Ensures data remains accurate and unaltered (e.g., checksums)

Availability: Ensures information and resources are accessible when needed (e.g.,
redundancy measures)

Question 5

What is Non-repudiation?
Example of how it is achieved?

Answer 5

Guarantees that an action or event cannot be denied by the involved parties
(e.g., digital signatures)

Question 6

What is CIANA pentagon?

Answer 6

An extension of the CIA triad with the addition of non-repudiation and
authentication

Question 7

What are the triple A’s of security?
Define each and give an example of each

Answer 7

Authentication: Verifying the identity of a user or system (e.g., password checks)

Authorization: Determining actions or resources an authenticated user can access (e.g., permissions)

Accounting: Tracking user activities and resource usage for audit or billing purposes

Question 8

List the four security control categories

Answer 8

Technical, Managerial, Operational, Physical

Question 9

List the six security control types

Answer 9

Deterrent, Detective, Directive, Corrective, Compensating, Preventative

Question 10

What does the zero trust model operate on?

Answer 10

Operates on the principle that no one should be trusted by default

Question 11

To achieve zero trust we use the ———— and ———- plane

Answer 11

Control; Data

Question 12

Give examples of what constitute both control plane and data plane

Answer 12

Control plane: Adaptive identity, threat scope reduction, policy-driven access
control, and secured zones

Data plane: Subject/system, policy engine, policy administrator, and policy enforcement points

Question 13

What is a threat?
List some of the things that threat could come from

Answer 13

Anything that could cause harm, loss, damage, or compromise to our information
technology systems

Natural disasters, Cyber-attacks, Data integrity breaches, Disclosure of confidential information

Question 14

What is vulnerability?
Vulnerability could come from?

Answer 14

Any weakness in the system design or implementation

Software bugs, Misconfigured software, Improperly protected network devices, Missing security patches, Lack of physical security

Question 15

Where threat and vulnerability intersect is where ———– lies

Answer 15

Risk

Question 16

Threat with no vulnerability = _______
Vulnerability with no threat = _______

Answer 16

No risk

Question 17

What is risk management?

Answer 17

Finding different ways to minimize the likelihood of an outcome and achieve the desired outcome

Question 18

What are the five methods used to achieve confidentiality?
Explain how each is implemented

Answer 18

1) Encryption: Process of converting data into a code to prevent unauthorized access

2) Access Controls: By setting up strong user permissions, you ensure that only authorized personnel can access certain types data

3) Data Masking: Method that involves obscuring specific data within a database to make it inaccessible for unauthorized users while retaining the real data’s authenticity and use for authorized users

4) Physical Security Measures: Ensure confidentiality for both physical types of data, such as paper records stored in a filing cabinet, and for digital information contained on servers and workstations

5) Training and Awareness: Conduct regular training on the security awareness best practices that employees can use to protect their organization’s sensitive data

Question 19

List five methods used to maintain data integrity
Define each

Answer 19

Hashing: Process of converting data into a fixed-size value

Digital Signatures: Ensure both integrity and authenticity

Checksums: Method to verify the integrity of data during transmission

Access Controls: Ensure that only authorized individuals can modify data and this reduces the risk of unintentional or malicious alterations

Regular Audits: Involve systematically reviewing logs and operations to ensure that only authorized changes have been made, and any discrepancies are
immediately addressed

Question 20

What is redundancy?

Answer 20

Duplication of critical components or functions of a system with the intention of enhancing its reliability

Question 21

Describe the four various types of redundancy

Answer 21

Server Redundancy: Involves using multiple servers in a load balanced or failover configuration so that if one is overloaded or fails, the other servers can take over the
load to continue supporting your end users

Data Redundancy: Involves storing data in multiple places

Network Redundancy: Ensures that if one network path fails, the data can travel through another route

Power Redundancy: Involves using backup power sources, like generators and UPS systems

Question 22

Digital signature for non-repudiation is created by first ______ a message or communication. Hash digest is then encrypted using the user’s _______ via ______encryption

Answer 22

Hashing; Private key; Assymetric

Question 23

What are the five commonly used authentication methods?

Answer 23

Something you know (Knowledge Factor)
Something you have (Possession Factor)
Something you are (Inherence Factor)
Something you do (Action Factor)
Somewhere you are (Location Factor)

Question 24

What is a Multi-factor authentication (MFA) system?

Answer 24

Security process that requires users to provide multiple methods of identification
to verify their identity

Question 25

List three different technologies used to perform accounting
Describe what each is used for

Answer 25

Syslog Servers: Used to aggregate logs from various network devices and systems so that system administrators can analyze them to detect patterns or anomalies
in the organization’s systems

Network Analysis Tools: Used to capture and analyze network traffic so that network
administrators can gain detailed insights into all the data moving within a
network

Security Information and Event Management (SIEM) Systems: Provides us with a real-time analysis of security alerts generated by various hardware and software infrastructure in an organization

Question 26

What is gap analysis?

Answer 26

Process of evaluating the differences between an organization’s current
performance and its desired performance

Question 27

What are two basic types of gap analysis

Answer 27

Technical gap analysis: Involves evaluating an organization’s current technical infrastructure, identifying any areas where it falls short of the technical capabilities
required to fully utilize their security solutions

Business gap analysis: Involves evaluating an organization’s current business processes and Identifying any areas where they fall short of the capabilities required to
fully utilize cloud-based solutions

Question 28

What does Plan of Action and Milestones (POA&M) do?

Answer 28

1) Outlines the specific measures to address each vulnerability

2) Allocate resources

3) Set up timelines for each remediation task that is needed

Question 29

Explain each key element that encompass the control plane

Answer 29

Adaptive Identity: Relies on real-time validation that takes into account the
user’s behavior, device, location, and more

Threat Scope Reduction: Limits the users’ access to only what they need for their
work tasks. Focused on minimizing the “blast radius” that could occur
in the event of a breach

Policy-Driven Access Control: Entails developing, managing, and enforcing user access policies based on their roles and responsibilities

Secured Zones: Isolated environments within a network that are designed
to house sensitive data

Question 30

Explain each key element that encompass the data plane

Answer 30

Subject/System: Refers to the individual or entity attempting to gain access

Policy Engine: Cross-references the access request with its predefined policies

Policy Administrator: Used to establish and manage the access policies

Policy Enforcement Point: Where the decision to grant or deny access is actually
executed