Lesson 3 - Hands on Scenarios Flashcards

To be prepared when tech topics come up

1
Q

Zero Trust: You’re in a meeting discussing network security, and someone mentions ‘Zero Trust’.

A

Core Principles:
- Assume all network traffic is untrusted
- Enforce least-privilege access
- Continuously verify identity and access

Benefits:
- Reduces insider and outsider threats
- Enhances visibility across the network
- Limits lateral movement of attackers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Cloud Computing: Someone asks about the main advantages of cloud computing in digital transformation.

A

Core Principles:

Provides scalable and on-demand resources
Operates on a pay-as-you-go model
Enables remote data storage and processing

Benefits:

Reduces IT infrastructure costs
Increases flexibility and collaboration
Facilitates rapid deployment and scaling

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Multi-Factor Authentication (MFA): You’re reviewing security protocols, and MFA is mentioned as a requirement.

A

Core Principles:

Requires two or more verification factors
Combines knowledge (password), possession (device), and inherence (biometrics)
Strengthens access control by adding layers.

Benefits:

Prevents unauthorized access
Mitigates risk of compromised credentials
Enhances overall system security.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Digital Transformation: Someone in the meeting asks what digital transformation actually involves.

A

Core Principles: Leverages technology to improve processes; Focuses on user experience and operational efficiency; Integrates new digital tools into legacy systems. Benefits: Increases agility and responsiveness; Reduces operational costs; Improves customer experience.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Incident Response: A team member brings up the importance of having a robust incident response plan.

A

Core Principles: Detect incidents quickly and accurately; Contain and eliminate the threat; Recover systems to normal operations. Benefits: Minimizes damage and downtime; Protects sensitive data; Improves compliance with security regulations.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Network Segmentation: During a discussion on network security, someone suggests segmenting the network.

A

Core Principles: Divides the network into isolated segments; Controls data flow between segments; Limits access based on roles or needs. Benefits: Reduces attack surface; Enhances containment of security breaches; Improves regulatory compliance.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Artificial Intelligence (AI) in Cybersecurity: You’re in a meeting about new technologies, and AI in cybersecurity comes up.

A

Core Principles: Analyzes vast amounts of data for threats; Learns from past incidents to improve detection; Automates response to common security issues. Benefits: Enhances threat detection accuracy; Reduces response time; Allows for proactive rather than reactive security.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

DevSecOps: Someone asks how DevSecOps differs from traditional DevOps in a project planning meeting.

A

Core Principles: Integrates security into every phase of development; Emphasizes automation and continuous monitoring; Balances development, security, and operations. Benefits: Reduces security vulnerabilities early; Speeds up delivery with secure coding practices; Increases collaboration among teams.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

API Security: In a discussion about web applications, API security is raised as a concern.

A

Core Principles: Uses encryption (e.g., HTTPS) for secure communication; Requires strong authentication, such as API keys; Implements rate limiting to prevent abuse. Benefits: Prevents unauthorized access; Protects sensitive data in transit; Ensures availability and reliability of services.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Role-Based Access Control (RBAC): Someone mentions RBAC as a way to manage user permissions.

A

Core Principles: Assigns permissions based on job roles; Restricts access to necessary resources only; Regularly reviews and updates roles as needed. Benefits: Simplifies user management; Reduces risk of unauthorized access; Enhances security by minimizing unnecessary access.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Virtualization: A colleague asks about the benefits of using virtualization in the IT environment.

A

Core Principles: Creates virtual versions of physical resources; Runs multiple virtual machines on one physical host; Improves resource utilization and flexibility. Benefits: Reduces hardware costs; Allows for easy scaling and deployment; Enhances disaster recovery capabilities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Encryption: You’re discussing data security, and encryption is mentioned as a protective measure.

A

Core Principles: Converts data into unreadable format without a key; Uses symmetric or asymmetric keys; Ensures data confidentiality and integrity. Benefits: Protects data from unauthorized access; Secures data in transit and at rest; Meets regulatory compliance requirements.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Intrusion Detection System (IDS): During a security review, the importance of an IDS is brought up.

A

Core Principles: Monitors network traffic for suspicious activity; Uses signature and anomaly detection methods; Alerts administrators of potential threats. Benefits: Provides early warning of possible breaches; Helps identify policy violations; Supports compliance with security standards.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Data Governance: In a meeting on digital transformation, data governance is highlighted as a priority.

A

Core Principles: Establishes data policies and standards; Ensures data quality, integrity, and security; Defines roles and responsibilities for data management. Benefits: Enhances data accuracy and reliability; Improves regulatory compliance; Supports better decision-making across the organization.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Backup and Disaster Recovery: A team member mentions the importance of backup and disaster recovery for business continuity.

A

Core Principles: Regularly backs up critical data and systems; Plans for both data recovery and system restoration; Tests recovery procedures periodically. Benefits: Reduces downtime in the event of a disaster; Ensures data availability and integrity; Minimizes financial and operational impact.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Network Address Translation (NAT): In a network meeting, someone mentions NAT as a way to improve security.

A

Core Principles: Translates private IP addresses to a public IP; Maps multiple devices to a single IP address; Protects internal IP addresses from external exposure. Benefits: Conserves IP addresses; Increases network security by masking internal addresses; Simplifies IP management within local networks.

17
Q

Public Key Infrastructure (PKI): During a security review, PKI is mentioned as essential for secure communications.

A

Core Principles: Uses digital certificates to verify identities; Relies on asymmetric encryption (public and private keys); Includes a Certificate Authority (CA) to issue and manage certificates. Benefits: Enhances data integrity and confidentiality; Provides secure identity verification; Supports secure communications like SSL/TLS for websites.

18
Q

Virtual Private Network (VPN): Someone suggests using a VPN for remote access during a project discussion.

A

Core Principles: Encrypts data over public networks; Creates a secure tunnel for data transmission; Authenticates users and devices. Benefits: Protects sensitive data from eavesdropping; Enables secure access to internal resources from remote locations; Enhances privacy and security for users.

19
Q

Continuous Integration/Continuous Deployment (CI/CD): In a discussion about DevOps, someone brings up CI/CD pipelines.

A

Core Principles: Automates code integration and deployment processes; Integrates testing at every stage; Supports frequent, incremental updates. Benefits: Reduces time to deployment; Catches bugs early, improving code quality; Enhances collaboration between development and operations teams.

20
Q

Advanced Persistent Threats (APT): You’re in a cybersecurity meeting and APTs are mentioned as a serious threat.

A

Core Principles: Involves long-term, targeted attacks; Uses sophisticated, multi-phase techniques; Aims to steal sensitive information over time. Benefits: Helps identify sophisticated, persistent threats; Encourages proactive threat detection and monitoring; Raises awareness for more advanced cybersecurity strategies.

21
Q

Red Teaming: Someone asks about Red Teaming as part of the organization’s security strategy.

A

Core Principles: Simulates real-world attacks on the organization; Identifies vulnerabilities in security defenses; Provides an adversarial perspective for stronger security. Benefits: Strengthens security through realistic testing; Uncovers weaknesses before actual threats exploit them; Trains security teams on response strategies.

22
Q

Social Engineering: You’re discussing potential risks, and social engineering attacks come up as a concern.

A

Core Principles: Exploits human psychology to bypass security; Involves techniques like phishing and pretexting; Targets trust to obtain sensitive information. Benefits: Highlights the need for employee training; Encourages multi-layered security beyond technical measures; Improves awareness and vigilance against human-targeted attacks.

23
Q

Endpoint Detection and Response (EDR): In a security discussion, EDR is suggested for endpoint protection.

A

Core Principles: Monitors endpoints for suspicious activity; Provides real-time visibility into endpoints; Automates threat detection and response. Benefits: Enhances detection of advanced threats on devices; Speeds up response to security incidents; Supports proactive threat hunting and forensic investigations.

24
Q

Secure Sockets Layer/Transport Layer Security (SSL/TLS): Someone brings up SSL/TLS when discussing website security.

A

Core Principles: Encrypts data transmitted between a client and server; Authenticates the server to the client using certificates; Protects data integrity during transmission. Benefits: Ensures confidentiality of sensitive information; Builds trust with users through secure connections; Complies with regulatory standards for secure communications.

25
Q

Data Loss Prevention (DLP): In a meeting, DLP is mentioned as a measure to protect sensitive data.

A

Core Principles: Monitors and controls data movement; Prevents unauthorized data transfers; Detects and blocks potential data breaches. Benefits: Protects against accidental or malicious data leaks; Helps comply with data protection regulations; Ensures sensitive information remains secure.

26
Q

Application Programming Interface (API): A colleague mentions APIs when discussing integration of new software systems.

A

Core Principles: Defines how different software components communicate; Uses requests and responses to interact with applications; Enables data exchange between systems. Benefits: Facilitates integration and interoperability; Allows for scalable, modular system designs; Simplifies access to services and data.

27
Q

Ransomware: During a cybersecurity discussion, someone brings up the threat of ransomware attacks.

A

Core Principles: Encrypts files to prevent access; Demands payment for file decryption; Often spreads through phishing and infected downloads. Benefits: Emphasizes the need for data backups; Raises awareness for employee training on phishing; Encourages proactive monitoring for quick detection.

28
Q

Serverless Computing: Someone asks about serverless computing as a part of the cloud architecture.

A

Core Principles: Runs code in response to events without managing servers; Automatically scales based on demand; Charges based on actual usage rather than server capacity. Benefits: Reduces infrastructure management overhead; Lowers costs by charging per execution; Enables faster development and deployment of applications.

29
Q

Security Information and Event Management (SIEM): In a security review, SIEM is discussed for real-time monitoring.

A

Core Principles: Collects and analyzes security data from multiple sources; Correlates events for threat detection; Provides centralized logging and reporting. Benefits: Enhances situational awareness across the network; Speeds up threat detection and response; Supports regulatory compliance and audit trails.

30
Q

Internet of Things (IoT): You’re in a meeting about new technologies, and someone asks how IoT affects security.

A

Core Principles: Connects devices to the internet for data exchange; Requires secure communication and device management; Increases attack surface with more entry points. Benefits: Improves operational efficiency and data collection; Enables remote monitoring and management; Drives innovation in smart technology applications.