Module 2 - 02-1

Question 1

Define Security frameworks

Answer 1

Guidelines used for building plans to help mitigate risks and threats to data and privacy

Question 2

What is the biggest threat to security?

Answer 2

People

Question 3

Define Security Controls

Answer 3

Safeguards designed to reduce specific security risks

Question 4

What are three common types of controls?

Answer 4

1) Encryption
2) Authentication
3) Authorization

Question 5

Define Encryption

Answer 5

The process of converting data from a readable format to an encoded format

Question 6

Encryption involves converting data from plaintext to ____

Answer 6

ciphertext

Question 7

Define Ciphertext

Answer 7

The raw, encoded message that’s unreadable to humans and computers

Ciphertext data cannot be read until it’s been decrypted into its original plaintext form.

Question 8

Encryption is used to ensure _____ of sensitive data

Answer 8

confidentiality

Question 9

Define Authentication

Answer 9

The process of verifying who someone or something is

Question 10

What is an example of an advanced method of authentication?

Answer 10

Multi-Factor Authentication (MFA)

Question 11

What does MFA stand for?

Answer 11

Multi-Factor Authentication

Question 12

What is an example of an MFA?

Answer 12

A security code or biometrics, such as a fingerprint, voice, or face scan

Question 13

Define Biometrics

Answer 13

Unique physical characteristics that can be used to verify a person’s identity

Question 14

What are examples of biometrics (3)?

Answer 14

A fingerprint, an eye scan, or a palm scan.

Question 15

What is one example of a social engineering attack that can exploit biometrics?

Answer 15

Vishing

Question 16

Define Vishing

Answer 16

The exploitation of electronic voice communication to obtain sensitive information or to impersonate a known source

Question 17

Define Authorization

Answer 17

The concept of granting access to specific resources within a system.

Essentially, authorization is used to verify that a person has permission to access a resource.

Question 18

What does CTF stand for?

Answer 18

Cyber Threat Framework (CTF)

Question 19

What organization developed the Cyber Threat Framework (CTF)?

Answer 19

The U.S. government

Question 20

Why was the Cyber Threat Framework (CTF) developed?

Answer 20

To provide “a common language for describing and communicating information about cyber threat activity.”

Question 21

How does the Cyber Threat Framework (CTF) help cybersecurity professionals and organizations (2)?

Answer 21

1) Analyze and share information more efficiently
2) Improve their response to the constantly evolving cybersecurity landscape and threat actors’ many tactics and techniques

Question 22

What does ISO/IEC stand for?

Answer 22

International Organization for Standardization/International Electrotechnical Commission (ISO/IEC)

Question 23

Define ISO 27000

Answer 23

The ISO 27000 family of standards enables organizations of all sectors and sizes to manage the security of assets, such as financial information, intellectual property, employee data, and information entrusted to third parties.
This framework outlines requirements for an information security management system, best practices, and controls that support an organization’s ability to manage risks.

Question 24

How are Controls used alongside frameworks?

Answer 24

Controls are used alongside frameworks to reduce the possibility and impact of a security threat, risk, or vulnerability.

Question 25

In what forms can Controls come in (3)?

Answer 25

• Physical
• Technical
• Administrative

Question 26

How are these forms of Control typically used?

Answer 26

To:

• Prevent
• Detect
• Correct security issues

Question 27

What are examples of physical controls (4)?

Answer 27

• Gates, fences, and locks
• Security guards
• Closed-circuit television (CCTV), surveillance cameras, and motion detectors
• Access cards or badges to enter office spaces

Question 28

What are examples of technical controls (3)?

Answer 28

• Firewalls
• MFA
• Antivirus software

Question 29

What are examples of administrative controls (3)?

Answer 29

• Separation of duties
• Authorization
• Asset classification

Question 30

Cybersecurity frameworks and controls are used together to establish an organization’s ______.

Answer 30

security posture

Question 31

How do security frameworks enable security professionals to help mitigate risk?

• They are used to establish guidelines for building security plans.
• They are used to establish laws that reduce a specific security risk.
• They are used to create unique physical characteristics to verify a person’s identity.
• They are used to refine elements of a core security model known as the CIA triad.

Answer 31

They are used to establish guidelines for building security plans.

Security frameworks are used to establish guidelines for building security plans that enable security professionals to help mitigate risk.

Question 32

True or False?
Competitor organizations are the biggest threat to a company’s security.

Answer 32

False

People are the biggest threat to a company’s security. This is why educating employees about security challenges is essential for minimizing the possibility of a breach.

Question 33

Security controls are safeguards designed to reduce _____ security risks.

• public
• broadscale
• specific
• general

Answer 33

specific

Question 34

A security analyst works on a project designed to reduce the risk of vishing. They develop a plan to protect their organization from attackers who could exploit biometrics. Which type of security control does this scenario describe?

• Ciphertext
• Classification
• Authentication
• Encryption

Answer 34

Authentication

This describes authentication, which is the process of implementing controls to verify who someone or something is before granting access to specific resources within a system.