Mastering Security Basics

Question 1

What is CIA triad?

Answer 1

CIA triad stands for Confidentiality, Integrity, and Availability. It’s a fundamental concept in information security.

Question 2

Define Confidentiality

Answer 2

Confidentiality ensures that information is only accessible to those who are authorized to view it.

Question 3

Define Integrity.

Answer 3

Integrity ensures that data remains accurate, complete, and unaltered.

Question 4

Define Availability.

Answer 4

Availability ensures that information and resources are accessible and usable when needed.

Question 5

What is Risk Management?

Answer 5

Risk Management is the process of identifying, assessing, and prioritizing risks followed by the coordinated application of resources to minimize, monitor, and control the probability and/or impact of unfortunate events.

Question 6

What is Vulnerability?

Answer 6

A vulnerability is a weakness that could be exploited by a threat to breach security.

Question 7

What is Threat?

Answer 7

A threat is any potential danger to information or systems.

Question 8

Define Exploit.

Answer 8

An exploit is a piece of software, a chunk of data, or a sequence of commands that take advantage of a bug, glitch, or vulnerability to cause unintended or unanticipated behavior to occur on computer software, hardware, or something electronic (usually computerized).

Question 9

What are the four security Categories?

Answer 9

Technical, Managerial, Operational, Physical.

Question 10

Describe technical controls

Answer 10

Use of technology such as hardware, software, and firmware to reduce vulnerabilities.

Question 11

Describe Managerial controls.

Answer 11

Administrative documents or policies to enforce security protocols.

Question 12

Provide some examples of technical controls.

Answer 12

Encryption, Antivirus software, intrusion detection system (IDSs) and intrusion prevention systems (IPSs), Firewalls, Least privilege.

Question 13

What are some examples of Managerial controls

Answer 13

Risk assessment, vulnerability assessments,

Question 14

Describe Operational security controls.

Answer 14

Ensure daily operations and compliance of an organizations security plan.

Question 15

Provide some examples of operational security controls

Answer 15

Patrols, personnel security, awareness and training, configuration management

Question 16

Describe physical security controls.

Answer 16

Physical security controls are physical objects or items to deter unauthorized personnel from areas of data

Question 17

Provide some examples of physical security controls.

Answer 17

Bollards or other barricades, access control vestibules, lighting, signs, fences, sensors, cameras.

Question 18

What are the 6 controls types?

Answer 18

Preventative, deterrent, detective, corrective, compensating, and directive.

Question 19

What are some examples of preventative control types?

Answer 19

Firewalls, software applications, Access control list(ACL), security guards, intrusion prevention systems (IPSs), Patch Managment, Antivirus or anti-malware software,

Question 20

What is a preventative control?

Answer 20

Use of policies to mitigate or stop security risk before they occur.

Question 21

What is a deterrent control type?

Answer 21

Discourage or deter an attacker from carrying out unauthorized activities.

Question 22

What are some examples of deterrent controls

Answer 22

Warning or Security signs, login banners,

Question 23

What is a detective security control?

Answer 23

Identifies security events or breaches when they have already occurred.

Question 24

What are some examples of detective controls?

Answer 24

Security information event management (SIEM), log monitoring,security audit, Video Surveillance (CCTV), intrusion detection system (IDSs)

Question 25

What is a corrective control?

Answer 25

Mitigates the impact of breaches or security events.

Question 26

What are some examples of corrective controls?

Answer 26

Incident response plan (IRP), software patching,

Question 27

What is a compensating control

Answer 27

Control that is Put in place as an alternative security method when existing ones no longer suffice.

Question 28

Provide some examples of compensating controls.

Answer 28

Virtual Private Network (VPN), Encryption, Multi-factor Authentication (MFA),

Question 29

Describe directive controls.

Answer 29

Security measure to establish clear rules and procedures on how to handle security events and incidents should they arise.

Question 30

Provide some examples of Directive controls.

Answer 30

Acceptable Use Policy (AUP), password policies, change management.