M3 - Network Security Concepts

Question 1

It is anything of value to the organization. In includes people equipment, resources, and data.

Answer 1

Assets

Question 2

It is a weakness in a system, or its design, that could be exploited by a threat.

Answer 2

Vulnerability

Question 3

It is a potential danger to a company’s assets, data or network functionality.

Answer 3

Threat

Question 4

It is a mechanism that takes advantage of a vulnerability.

Answer 4

Exploit

Question 5

It is a counter-measure that reduces the likelihood or severity of a potential threat or risk. Network Security involves multiple mitigation techniques.

Answer 5

Mitigation

Question 6

It is the likelihood of a threat to exploit the vulnerability of a asset, with the aim of negatively affecting an organization. It is measured using the probability of the occurence of an event and its consequences.

Answer 6

Risk

Question 7

Intercepted email or IM messages could be captured and reveal confidential information.

Answer 7

Email/Social Networking

Question 8

If the data is not stored using an encryption algorithm, then the thief can retrieve valuable confidential data.

Answer 8

Unencrypted Devices

Question 9

Sensitive data can be lost if access to the cloud is compromised due to weak security settings.

Answer 9

Cloud Storage Devices

Question 10

One risk is that an employee could perform an unauthorized transfer of data to a USB drive. Another risk is that a USB drive containing valuable corporate data could be lost.

Answer 10

Removable Media

Question 11

Confidential data should be shredded when no longer required.

Answer 11

Hard Copy

Question 12

Passwords or weak passwords which have been compromised can provide a threat actor with easy access to corporate data.

Answer 12

Improper Access Control