Module 2 - 02-1

Question 1

Define Security frameworks

Answer 1

Guidelines used for building plans to help mitigate risks and threats to data and privacy

Question 2

What is the biggest threat to security?

Answer 2

People

Question 3

Define Security Controls

Answer 3

Safeguards designed to reduce specific security risks

Question 4

What are three common types of controls?

Answer 4

1) Encryption
2) Authentication
3) Authorization

Question 5

Define Encryption

Answer 5

The process of converting data from a readable format to an encoded format

Question 6

Encryption involves converting data from plaintext to ____

Answer 6

ciphertext

Question 7

Define Ciphertext

Answer 7

The raw, encoded message that’s unreadable to humans and computers

Question 8

e) Encryption is used to ensure _____ of sensitive data

Answer 8

confidentiality

Question 9

Define Authentication

Answer 9

The process of verifying who someone or something is

Question 10

What is an example of an advanced method of authentication?

Answer 10

Multi-Factor Authentication (MFA)

Question 11

What does MFA stand for?

Answer 11

Multi-Factor Authentication

Question 12

What is an example of an MFA?

Answer 12

A security code or biometrics, such as a fingerprint, voice, or face scan

Question 13

Define Biometrics

Answer 13

Unique physical characteristics that can be used to verify a person’s identity

Question 14

What are examples of biometrics (3)?

Answer 14

A fingerprint, an eye scan, or a palm scan.

Question 15

What is one example of a social engineering attack that can exploit biometrics?

Answer 15

Vishing

Question 16

Define Vishing

Answer 16

The exploitation of electronic voice communication to obtain sensitive information or to impersonate a known source

Question 17

Define Authorization

Answer 17

The concept of granting access to specific resources within a system.

Essentially, authorization is used to verify that a person has permission to access a resource.

Question 18

What does CTF stand for?

Answer 18

Cyber Threat Framework (CTF)

Question 19

What organization developed the Cyber Threat Framework (CTF)?

Answer 19

The U.S. government

Question 20

Why was the Cyber Threat Framework (CTF) developed?

Answer 20

To provide “a common language for describing and communicating information about cyber threat activity.”

Question 21

How does the Cyber Threat Framework (CTF) help cybersecurity professionals and organizations (2)?

Answer 21

1) Analyze and share information more efficiently
2) Improve their response to the constantly evolving cybersecurity landscape and threat actors’ many tactics and techniques

Question 22

What does ISO/IEC stand for?

Answer 22

International Organization for Standardization/International Electrotechnical Commission (ISO/IEC)

Question 23

Define ISO 27000

Answer 23

The ISO 27000 family of standards enables organizations of all sectors and sizes to manage the security of assets, such as financial information, intellectual property, employee data, and information entrusted to third parties.
This framework outlines requirements for an information security management system, best practices, and controls that support an organization’s ability to manage risks.

Question 24

What are examples of physical controls (4)?

Answer 24

• Gates, fences, and locks
• Security guards
• Closed-circuit television (CCTV), surveillance cameras, and motion detectors
• Access cards or badges to enter office spaces

Question 25

What are examples of technical controls (3)?

Answer 25

• Firewalls
• MFA
• Antivirus software

Question 26

What are examples of physical controls (3)?

Answer 26

• Separation of duties
• Authorization
• Asset classification

Question 27

How do security frameworks enable security professionals to help mitigate risk?

They are used to establish guidelines for building security plans.
They are used to establish laws that reduce a specific security risk.
They are used to create unique physical characteristics to verify a person’s identity.
They are used to refine elements of a core security model known as the CIA triad.

Answer 27

They are used to establish guidelines for building security plans.

Security frameworks are used to establish guidelines for building security plans that enable security professionals to help mitigate risk.

Question 28

True or False?
Competitor organizations are the biggest threat to a company’s security.

Answer 28

False

People are the biggest threat to a company’s security. This is why educating employees about security challenges is essential for minimizing the possibility of a breach.

Question 29

Security controls are safeguards designed to reduce _____ security risks.

public
broadscale
specific
general

Answer 29

specific

Question 30

A security analyst works on a project designed to reduce the risk of vishing. They develop a plan to protect their organization from attackers who could exploit biometrics. Which type of security control does this scenario describe?

Ciphertext
Classification
Authentication
Encryption

Answer 30

Authentication

This describes authentication, which is the process of implementing controls to verify who someone or something is before granting access to specific resources within a system.