Module 2 - 02-2

Question 1

Define Security Posture

Answer 1

An organization’s ability to manage its defense of critical assets and data and react to change

Question 2

What is a core security model?

Answer 2

CIA Triad

Question 3

Define CIA Triad

Answer 3

A model that helps inform how organizations consider risk when setting up systems and security policies

Question 4

What does CIA stand for?

Answer 4

i. Confidentiality
ii. Integrity
iii. Availability

Question 5

What are the three core principles of the CIA Triad?

Answer 5

i. Confidentiality
ii. Integrity
iii. Availability

Question 6

Define Confidentiality

Answer 6

Only authorized users can access specific assets or data

Sensitive data should be available on a “need to know” basis

Question 7

What design principle can be implemented in an organization to enhance Confidentiality?

Answer 7

Principle of Least Privilege

Question 8

Define the Principle of Least Privilege

Answer 8

Limits users’ access to only the information they need to complete work-related tasks

Question 9

Define Integrity

Answer 9

The data is verifiably correct, authentic, and reliable

Question 10

What is an example to verify data Integrity?

Answer 10

Cryptography

Question 11

Define Cryptography

Answer 11

To transform data so unauthorized parties cannot read or tamper with it (NIST, 2022)

Question 12

What is an example of how an organization might implement Integrity?

Answer 12

By enabling Encryption

Question 13

Define Encryption

Answer 13

The process of converting data from a readable format to an encoded format

Question 14

Define Availability

Answer 14

The data is accessible to those who are authorized to access it

Question 15

The CIA triad is a model that helps inform how organizations consider _____ when setting up systems and security policies.

• access
• assets
• data
• risk

Answer 15

risk

Question 16

Match each CIA triad component to the correct scenario: You must use two-factor authentication before signing into an employee portal.
CIA triad component

Confidentiality
Integrity
Availability

Answer 16

Confidentiality

Question 17

Match each CIA triad component to the correct scenario:
You recently shopped at Store Y and verify you were charged correctly.
CIA triad component

Confidentiality
Integrity
Availability

Answer 17

Integrity

Question 18

Match each CIA triad component to the correct scenario:
You frequently sign into your bank account to check your balances.
CIA triad component

Confidentiality
Integrity
Availability

Answer 18

Availability

Question 19

What is the CIA triad?

A set of security controls used to update systems and networks
A foundational security model used to set up security policies and systems
Ongoing validation processes involving all employees in an organization
A mandatory security framework involving the selection of appropriate controls

Answer 19

The CIA triad is a foundational security model used to set up security policies and systems. The core principles of the model are confidentiality, integrity, and availability.

Question 20

Which element of the CIA triad specifies that only authorized users can access specific information?

Confidentiality
Confirmation
Integrity
Access

Answer 20

Confidentiality specifies that only authorized users can access specific information.

Question 21

A security analyst discovers that certain data is inaccessible to authorized users, which is preventing these employees from doing their jobs efficiently. The analyst works to fix the application involved in order to allow for timely and reliable access. Which element of the CIA triad does this scenario describe?

Applicability
Integrity
Capacity
Availability

Answer 21

Availability

This scenario describes availability. Availability specifies that data is accessible to authorized users.

Question 22

According to the CIA triad, _____ refers to ensuring that an organization’s data is verifiably correct, authentic, and reliable.

Availability
Accuracy
Credibility
Integrity

Answer 22

Integrity