Seccion 1

Question 1

What is the main goal of Information Security?

Answer 1

Protecting data and information from unauthorized access, modification, disruption, disclosure, and destruction

Question 2

Define Information Systems Security.

Answer 2

Protecting the systems (e.g., computers, servers, network devices) that hold and process critical data

Question 3

What does the CIA Triad stand for?

Answer 3

• Confidentiality
• Integrity
• Availability

Question 4

What is Confidentiality in the context of the CIA Triad?

Answer 4

Ensures information is accessible only to authorized personnel (e.g., encryption)

Question 5

What does Integrity ensure?

Answer 5

Ensures data remains accurate and unaltered (e.g., checksums)

Question 6

What is the purpose of Availability?

Answer 6

Ensures information and resources are accessible when needed (e.g., redundancy measures)

Question 7

Define Non-Repudiation.

Answer 7

Guarantees that an action or event cannot be denied by the involved parties (e.g., digital signatures)

Question 8

What is the CIANA Pentagon?

Answer 8

An extension of the CIA triad with the addition of non-repudiation and authentication

Question 9

List the Triple A’s of Security.

Answer 9

• Authentication
• Authorization
• Accounting

Question 10

What is the difference between Authentication and Authorization?

Answer 10

Authentication verifies the identity of a user or system; Authorization determines actions or resources an authenticated user can access

Question 11

Identify the categories of Security Controls.

Answer 11

• Technical
• Managerial
• Operational
• Physical

Question 12

What are the types of Security Controls?

Answer 12

• Preventative
• Deterrent
• Detective
• Corrective
• Compensating
• Directive

Question 13

What is the Zero Trust Model?

Answer 13

Operates on the principle that no one should be trusted by default

Question 14

What does the Control Plane in the Zero Trust Model include?

Answer 14

• Adaptive identity
• Threat scope reduction
• Policy-driven access control
• Secured zones

Question 15

Define Threat in the context of cybersecurity.

Answer 15

Anything that could cause harm, loss, damage, or compromise to our information technology systems

Question 16

What is a Vulnerability?

Answer 16

Any weakness in the system design or implementation

Question 17

Where do threats and vulnerabilities intersect?

Answer 17

That is where the risk to your enterprise systems and networks lies

Question 18

What is Risk Management?

Answer 18

Finding different ways to minimize the likelihood of an outcome and achieve the desired outcome

Question 19

What are the five basic methods to ensure Confidentiality?

Answer 19

• Encryption
• Access Controls
• Data Masking
• Physical Security Measures
• Training and Awareness

Question 20

What does Integrity ensure?

Answer 20

Helps ensure that information and data remain accurate and unchanged from its original state unless intentionally modified by an authorized individual

Question 21

List the methods used to maintain Integrity.

Answer 21

• Hashing
• Digital Signatures
• Checksums
• Access Controls
• Regular Audits

Question 22

What is the importance of Availability in cybersecurity?

Answer 22

Ensures that information, systems, and resources are accessible and operational when needed by authorized users

Question 23

Define Redundancy in the context of Availability.

Answer 23

Duplication of critical components or functions of a system with the intention of enhancing its reliability

Question 24

What are the types of Redundancy to consider in system design?

Answer 24

• Server Redundancy
• Data Redundancy
• Network Redundancy
• Power Redundancy

Question 25

What is the role of Digital Signatures in Non-repudiation?

Answer 25

Provide undeniable proof in the world of digital transactions

Question 26

What are the five commonly used authentication methods?

Answer 26

• Something you know (Knowledge Factor)
• Something you have (Possession Factor)
• Something you are (Inherence Factor)
• Something you do (Action Factor)
• Somewhere you are (Location Factor)

Question 27

What is Multi-Factor Authentication (MFA)?

Answer 27

Security process that requires users to provide multiple methods of identification to verify their identity

Question 28

What is the purpose of Accounting in security?

Answer 28

Ensures all user activities during a communication or transaction are properly tracked and recorded

Question 29

List the types of technologies used for Accounting.

Answer 29

• Syslog Servers
• Network Analysis Tools
• Security Information and Event Management (SIEM) Systems

Question 30

What are the four broad categories of Security Controls?

Answer 30

• Technical Controls
• Managerial Controls
• Operational Controls
• Physical Controls

Question 31

What are the six basic types of Security Controls?

Answer 31

• Preventive Controls
• Deterrent Controls
• Detective Controls
• Corrective Controls
• Compensating Controls
• Directive Controls

Question 32

What is Gap Analysis?

Answer 32

Process of evaluating the differences between an organization’s current performance and its desired performance

Question 33

What are the two basic types of Gap Analysis?

Answer 33

• Technical Gap Analysis
• Business Gap Analysis

Question 34

What does the Plan of Action and Milestones (POA&M) outline?

Answer 34

Specific measures to address each vulnerability, allocate resources, and set up timelines for each remediation task

Question 35

What does the Control Plane encompass in Zero Trust architecture?

Answer 35

• Adaptive Identity
• Threat Scope Reduction
• Policy-Driven Access Control
• Secured Zones

Question 36

What is the role of the Policy Engine in the Control Plane?

Answer 36

Cross-references the access request with its predefined policies

Question 37

Define the Data Plane in Zero Trust architecture.

Answer 37

Consists of the subject/system and policy enforcement point where access decisions are executed