Introduction

Question 1

Information Security

Answer 1

Protect the privacy and integrity of data at rest or on the go

Question 2

Network Security

Answer 2

Protect computer network from attacks or malware

Question 3

Operational Security

Answer 3

Create and maintain processes, procedures and decision-making for processing and protection of data assets

Question 4

Three pillars of cybersecurity

Answer 4

People (Training, Authorization control)
Processes (Policies, Audits)
Technology (Antivirus, Firewalls)

Question 5

NIST Cyber Framework 5 phases

Answer 5

Identify (Asset Management, Risk Assessment)

Protect (Data Security, Maintenance)

Detect (Anomalies and Events)

Respond (Mitigation, Improvements)

Recover (Recovery Planning)

Question 6

CIA Triangle

Answer 6

Confidentiality, Integrity and Availability

Question 7

Access (Concept)

Answer 7

The ability of a subject or object to use, manipulate, modify, or affect another subject or object.

Question 8

Asset (Concept)

Answer 8

The organizational resource that is being protected. An asset can be logical or intangible, such as a Web site, software information, or data; or an asset can be physical or tangible, such as a person, computer system, hardware, or other tangible object.

Question 9

Attack (Concept)

Answer 9

An intentional or unintentional act that may damage or compromise the information and systems that support it. Attacks may be active or passive, intentional or unintentional and indirect or indirect.

Question 10

Control, Safeguard or Countermeasure (Concept)

Answer 10

Security mechanisms, policies, or procedures that can contain attacks, reduce risks, resolve vulnerabilities, and otherwise improve security within an organization

Question 11

Exploit (Concept)

Answer 11

A technique used to compromise a system.

Question 12

Exposure (Concept)

Answer 12

A condition or state of exposure; in information security, exposure exists when a vulnerability is known to an attacker.

Question 13

Loss (Concept)

Answer 13

An instance of an information asset that suffers unintentional or unauthorized damage or destruction, modification or disclosure or denial of service.

Question 14

Security Profile (Concept)

Answer 14

The entire set of controls and safeguards, including policy, education, training and awareness raising, and technology, that the organization implements to protect the asset

Question 15

Risk (Concept)

Answer 15

The probability of an unwanted occurrence, such as an adverse event or loss.

Question 16

Threat (Concept)

Answer 16

Any event or circumstance that has the potential to adversely affect the operations and assets

Question 17

Threat Agent (Concept)

Answer 17

The specific instance or component of a threat

Question 18

Threat Event (Concept)

Answer 18

An occurrence of an event caused by a threat agent

Question 19

Threat Source (Concept)

Answer 19

A category of objects, persons, or other entities that represent the source of the hazard for an asset

Question 20

Vulnerability (Concept)

Answer 20

A potential weakness in an asset or defensive control system

Question 21

Role of security professional is of

Answer 21

advisor and not decision-maker

Question 22

Tangible Assets Examples

Answer 22

Servers, disk drivers, data center, optical disks, rooms, buildings, workers

Question 23

Intangible Assets Examples

Answer 23

Software, data, intellectual property (IP), business secrets

Question 24

Threats - Typology

Answer 24

Natural (Tornados, etc)
Technical (Disk or Server failure)
Man-Made (Deliberate attacks)
Supply System (Electricity, water)

Question 25

What is a Virus?

Answer 25

Malware that spreads with human collaboration

Question 26

What is a Worm?

Answer 26

Malware that propagates itself

Question 27

What is a Trojan Horse?

Answer 27

Malware that appears to be benign

Question 28

What is a Logic Bomb?

Answer 28

Malicious code hidden in software, activated by attacker

Question 29

What is a Backdoor?

Answer 29

Hidden bypass of system authentication

Question 30

Attack automation involves 4 phases

Answer 30

• Search for victims
• Commitment to vulnerable systems
• Spread of attack
• Coordinated management of attack tools