Objective 1.2

Question 1

Confidentiality

Answer 1

Ensures that information is only accessible to those with the appropriate authorization. (Ex: exncryption)

Question 2

CIA Triad

Answer 2

C - Confidentiality
I - Integrity
A - Availability

Question 3

Integrity

Answer 3

Ensures the data remains accurate and unaltered unless modification is required. (Ex: checksums, hashing)

Question 4

Availability

Answer 4

Ensures that information resources are accessible and functional when needed by authorized users. (ex: website up and running all the time regardless the traffic it’s receiving.)

Question 5

Non-repudiation

Answer 5

Guaranteeing that specific action or event has taken place and cannot be denied by the parties involved. (Ex: A digitally signed email. That’s going to ensure that I cannot deny sending you that particular message because my digital signature is attached to it)

Question 6

New to CIANA Triad making it a pentagon

Answer 6

CIA
N - Non-repudiation
A - Authentication

Question 7

AAA

Answer 7

Authentication
Authorization
Accounting

Question 8

Authentication

Answer 8

Process of verifying the identity of a user or system.

Question 9

Authorization

Answer 9

Defines what actions or resources a user can access.

Question 10

Accounting

Answer 10

Act of tracking user activities and resources usage, typically for audit or billing purpose.

Question 11

Security Controls

Answer 11

Measures or mechanisms put in place to mitigate risks and protect the confidentiality, integrity, and availability of information systems and data.

Question 12

Security Controls Categories

Answer 12

Technical
Managerial
Operational
Physical

Question 13

Types of Security Controls

Answer 13

Preventative
Deterrent
Detective
Corrective
Compensating
Directive

Question 14

Zero Trust

Answer 14

Security model that operates on the principle that no one, whether inside or outside the organization, should be trusted by default.

Question 15

ZeroTrust: Control Plane

Answer 15

Consists of adaptative identity, threat scope reduction, policy-driven access control, and secured zones.

Question 16

ZeroTrust: Data Plane

Answer 16

Focused on the subject/system, policy engine, policy administrator, and establishing policy enforcement points.

Question 17

Confidentiality importance

Answer 17

1. Protect personal privacy
2. Maintaint a business advantage
3. Achieve a regulatory compliance

Question 18

5 methods to achieve CONFIDENTIALITY

Answer 18

1. Encryption
2. Access Control
3. Data Masking
4. Physical Secutiry Measures
5. Training and Awareness

Question 19

Access Controls

Answer 19

Ensure only authorized personnel can access certain types of data

Question 20

Encryption

Answer 20

Process of converting data into code to prevent unathorized access

Question 21

Data Masking

Answer 21

Method that involves obscuring data within a database to make it inacessible for unauthorized users while retaining the real data’s authencity and use for authorized users.

Question 22

Physical Security Measures

Answer 22

Used to ensure confidentiality for physical types of data and for digital information contained on servers and workstations.

Question 23

Training and Awareness

Answer 23

Conduct regular training on the security awareness best practices that employees can use to protect the organization’s sesitive data.

Question 24

most important thing linked to Confidentiality

Answer 24

ENCRYPTION

Question 25

Integrity importance

Answer 25

1. Ensure DATA ACCURACY
2. Maintain TRUST
3. Maintain SYSTEM OPERABILITY

Question 26

5 methods to achieve INTEGRITY

Answer 26

1. Hashing
2. Digital Signatures
3. Checksums
4. Access Controls
5. Regular Audits

Question 27

Hashing

Answer 27

Process of converting data into fixed-size value.

Question 28

most important thing linked to Integrity

Answer 28

HASHING

Question 29

[Hashing] The result of hashing function is called…

Answer 29

Hash Digest

Question 30

[Hashing] The Hash Digest will almost serve like a…

Answer 30

Digital Fingerprint

Question 31

Digital Signatures

Answer 31

Use encryption to ensure integrity and authencity.

Question 32

[Digital Sign.] How is the process of digitally sign a file?

Answer 32

1. Hash the file (Integrity)
2. Hash Digest is Encrypted using users private key (Authencity)

Now this data is digitally signed and any alterations in the file will drastically change the file’s hash, wich in turn, would invalidate that digital signature.

Question 33

Checksums

Answer 33

Method to verify the integrity of data during transmission

Question 34

Access Controls

Answer 34

Ensure that only authorized individuals can modify data and reduce the risk of unintentional or malicious alterations.

Question 35

Regular Audits

Answer 35

Involve reviewing logs and operations to ensure that only authorized changes have been made and any discrepancies are addressed.

Question 36

Availability importance

Answer 36

1. Ensure business continuity.
2. Maintaining customer trust.
3. Upholding an organization’s reputation.

Question 37

most important thing linked to Availability

Answer 37

REDUNDANCY

Question 38

4 methods to achieve AVAILABILITY

Answer 38

1. Server Redundancy
2. Data Redundancy
3. Network Redundancy
4. Power Redundancy

Question 39

Server Redundancy

Answer 39

Involves using multiple servers in a load balancer so that if one is overloaded or fails, the other servers can take over the load to continue supporting end users.

Question 40

Data Redundancy

Answer 40

Involves storing data in multiple places.

Question 41

Network Redundancy

Answer 41

Ensures if one network path fails, the data can travel through another route.

Question 42

Power Redundancy

Answer 42

Involves using backup power sources – like generations and uninterrupted powersupplies – to ensure that an organization’s systems remain operational during periods of power disruption or outages within a local service area.

Question 43

Non-repudiation importance

Answer 43

1. Confirming authenticity of digital transactions.
2. Ensuring integrity.
3. Providing accountability.

Question 44

most important thing linked to Non-repudiation

Answer 44

DIGITAL SIGNATURES

Question 45

Authentication methods

Answer 45

1. smth you know
2. smth you have
3. smth you are
4. smth yo do
5. swh you are

Question 46

Relies on information that a user can recall.

Answer 46

Smth you know (Knowledge Factor)

Question 47

Relies on the user presenting a physical item to autheticate themselves.

Answer 47

Smth you have (Possession Factor)

Question 48

Relies on the user providing a unique physical or behaviorial characteristic of the person to validate that they are who they claim to be.

Answer 48

Smth you are (Inherence Factor)

Question 49

Relies on the user conducting a unique action to prove who they are.

Answer 49

Smth you do (Action Factor)

Question 50

Relies on the user being in the certain geographic location before access is granted.

Answer 50

Swh you are (Location Factor)

Question 51

2 autentication methods.

Answer 51

2FA - Two Factor Authentication

Question 52

2 or more autentication methods.

Answer 52

MFA - Multi Factor Authentication

Question 53

Importance of Authentication

Answer 53

1. Prevent unauthorized access.
2. Protect user data privacy.
3. Ensure resource validity.

Question 54

most important thing linked to Authentication

Answer 54

MFA - Multi Factor Authentication

Question 55

Knowledge Factor

Answer 55

Smth you know
Ex: login and password.

Question 56

Possession Factor

Answer 56

Smth you have
Ex: OTP (One Time Password)

Question 57

Inherence Factor

Answer 57

Smth you are
Ex: Iris or fingerprint.

Question 58

Action Factor

Answer 58

Smth you do
Ex: handwriten samples.

Question 59

Location Factor

Answer 59

Swh you are
Ex: Just open the door if you are within 20meters.

Question 60

Which are the types of Authorization mechanisms controls?

Answer 60

• role-based
• rule-based
• attribute-based

Question 61

Importance of Authorization

Answer 61

1. Protect sesitive data
2. Maintain system integrity in organizations
3. Create more streamlined user experiences

Question 62

Importance of ACCOUNTING

Answer 62

1. Logging into the system
2. Accessing files
3. Modifying configuration settings
4. Downloading or installing software
5. Attempting unauthorized actions on systems and networks

Question 63

5 things to a robust audit system

Answer 63

1. Audit Trail
2. Regulatory Compliance
3. Forensic Analysis
4. Resource Optimization
5. User Accountability

Question 64

[Accounting] Provides a chronological record of all user activities that can be used to trace changes, unauthorized access, or anomalies back to a specific user or point in time.

Answer 64

Audit Trail

Question 65

[Accounting] Maintains a comprehensive record of all the users’ activities.

Answer 65

Regulatory Compliance

Question 66

[Accounting] Uses detailed accounting and event logs that can help cybersecurity experts understand what happened , how it happened, and how to prevent similar incidents from ocurring again in the future.

Answer 66

Forensic Analysis

Question 67

[Accounting] Organization can ……….. system performance and minimize costs by tracking ……….. utilization and allocation decisions.

Answer 67

Resource Optimization

Question 68

[Accounting] Thorough accounting system ensures users’ actions are monitored and logged, deterring potential misuse and promoting adherence to the organization’s policies.

Answer 68

User Accountability

Question 69

Tools related to Accountability

Answer 69

• Syslog servers
• Network analysis tools
• SIEMs (Security Information and Event Management systems)