Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Security+ > Module 01 - Security Concepts > Flashcards

Module 01 - Security Concepts Flashcards

Módulo 01

1
Q

Definition:
Assets

A

Anything of value to a Company
Examples: People, servers, softwares.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Definition:
Threats

A

Threats are anything with the potential to damage an asset
Examples: Ransomwares, hackers, insiders

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Definition:
Threat Agents

A

Entity that carries out a threat

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Definition:
Vulnerability

A

Security opening on a system or physical on a site.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Definition:
Exploits

A

Pieces of code that takes advantage of a vulnerability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What are the most basic security principles?
(CIA triad)

A
  1. Confidentiality
  2. Integrity
  3. Availability
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Definition:
What is the Confidentiality in the CIA triad?

A

Confidentiality is the concept of no asset being accessed by unauthorized persononel

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Definition:
What is the Integrity in the CIA triad?

A

Integrity is the concept of no asset being tampered with nor modified by not authorized actions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Definition:
What is the Availability in the CIA triad?

A

Availability is the concept of every asset being ready to be used whenever it’s needed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What are the modern-day security challenges?

A

Sophisticated attacks
Proliferation of attack softwares
Attack scale and velocity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Acronym:
SOC

A

Security Operations Center

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Acronym:
DevOps

A

Development and Operations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Acronym:
DevSecOps

A

Development and Security and Operations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Acronym:
CISO

A

Chief Information Security Officer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Acronym:
CIRT

A

Computer Incident Response Team

Single point of contact for incident notification

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Acronym:
CSIRT

A

Computer Security Incident Response Team

Single point of contact for incident notification

17
Q

Acronym:
CERT

A

Computer Emergency Response Team

Single point of contact for incident notification

18
Q

What are the security controls categories?

A

Managerial
Operational
Technical
Physical

19
Q

What are the security controls funcional types?

A

Preventative
Detective
Corrective
Deterent
Directive
Compensating

20
Q

Definition:
What is the control category “Managerial Control”?

A

Consists on controls implemented as policies, procedures or other written plans.
Examples: Information Security Policy, BCP - Backup Continuity Plan, DRP - Disaster Recovery Plan

21
Q

Definition:
What is the control category “Operational Control”?

A

Operational controls are controls that defines how to perform an activity.
Example: Require company signature in emails.

22
Q

Definition:
What is the control category “Technical Control”?

A

A technical control is one implemented by technology, by a software or network appliance.
Example: IDS/IPS, Firewall, EDR, DLP tools

23
Q

Definition:
What is the control category “Physical Control”?

A

Physical Controls are implemented to filter unauthorized physical access to sites.

24
Q

Definition:
What is the control functional type “Preventative Control”?

A

Preventative Controls are implemented in order to avoid an incident before it happens.

25
Q

Definition:
What is the control functional type “Detective Control”?

A

Detective controls are implemented in order to alert when an event happens and to provide logs to work with

26
Q

Definition:
What is the control functional type “Corrective Control”?

A

Corrective controls are implemented to act on an incident, stopping or reducing the damage as its happening or has happened.

Could also be a “preventive control” applied after an incident had happened.

Examples: IPS, EDR

27
Q

Definition:
What is the control functional type “Deterrent Control”?

A

Deterrent Controls are implemented to discourage attackers to engaje. (Pyramid of Pain)
Examples: Locked door, encodings, man traps

28
Q

Definition:
What is the control functional type “Directive Control”?

A

Directive Controls are implemented to enforce a rule of behavior.
Example: Trainning and Awareness programs, Dismissal cause or disciplinary procedures if not comply.

29
Q

Definition:
What is the control functional type “Compensating Control”?

A

Compensating Controls are substitutes for principal controls, mitigating partially the risk.

30
Q

Acronym:
BCP

A

Backup Continuity Plan,

31
Q

Acronym:
DRP

A

Disaster Recovery Plan

Security+ (4 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions