Section 1

Question 1

Threat

Answer 1

Anything that could cause harm, loss, damage, or compromise to our information technology systems

Ex.
Natural disasters
Cyber-attacks
Data integrity breaches
Disclosure of confidential information

Question 2

Vulnerability

Answer 2

Any weakness in the system design or implementation

Ex.
● Software bugs
● Misconfigured software
● Improperly protected network devices
● Missing security patches
● Lack of physical security

Question 3

Threat and Vulnerability

Answer 3

Threat + Vulnerability = Risk

Question 4

Confidentiality

Answer 4

Refers to the protection of information from unauthorized access and disclosure
Ensure that private or sensitive information is not available or disclosed to
unauthorized individuals, entities, or processes

THINK ENCRYPTION

Question 5

Encryption

Answer 5

Process of converting data into a code to prevent unauthorized access

Question 6

Integrity

Answer 6

Helps ensure that information and data remain accurate and unchanged from its original state unless intentionally modified by an authorized individual
Verifies the accuracy and trustworthiness of data over the entire lifecycle

THINK HASHING

Question 7

Hashing

Answer 7

Process of converting data into a fixed-size value

Question 8

Availability

Answer 8

Ensure that information, systems, and resources are accessible and operational when needed by authorized users

Question 9

Redundancy

Answer 9

Duplication of critical components or functions of a system with the intention of enhancing its reliability

Question 10

Non-repudiation

Answer 10

Focused on providing undeniable proof in the world of digital transactions

THINK DIGITAL SIGNATURES

Question 11

Digital Signatures

Answer 11

Considered to be unique to each user who is operating within the digital domain

Question 12

Authentication

Answer 12

Security measure that ensures individuals or entities are who they claim to be during a communication or transaction

-Knowledge Factor
-Possession Factor
-Inherence Factor
-Action Factor
-Location Factor

Question 13

Multi-Factor Authentication System (MFA)

Answer 13

Security process that requires users to provide multiple methods of identification
to verify their identity

Question 14

Accounting

Answer 14

Security measure that ensures all user activities during a communication or transaction are properly tracked and recorded

-Syslog Servers
-Network Analysis Tools
Security Information and Event Management Systems

Question 15

Authorization

Answer 15

Pertains to the permissions and privileges granted to users or entities after they have been authenticated

Question 16

Technical Controls

Answer 16

Technologies, hardware, and software mechanisms that are implemented
to manage and reduce risks

Question 17

Managerial Controls

Answer 17

Involve the strategic planning and governance side of security

Question 18

Operational Controls

Answer 18

Procedures and measures that are designed to protect data on a
day-to-day basis

Question 19

Physical Controls

Answer 19

Tangible, real-world measures taken to protect assets

Question 20

Preventive Controls

Answer 20

Proactive measures implemented to thwart potential security threats or
breaches

Question 21

Deterrent Controls

Answer 21

Discourage potential attackers by making the effort seem less appealing
or more challenging

Question 22

Detective Controls

Answer 22

Monitor and alert organizations to malicious activities as they occur or shortly thereafter

Question 23

Corrective Controls

Answer 23

Mitigate any potential damage and restore our systems to their normal
state

Question 24

Compensating Controls

Answer 24

Alternative measures that are implemented when primary security
controls are not feasible or effective

Question 25

Directive Controls

Answer 25

Often rooted in policy or documentation and set the standards for
behavior within an organization

Question 26

Gap Analysis

Answer 26

Process of evaluating the differences between an organization’s current performance and its desired performance

Question 27

Technical Gap Analysis

Answer 27

Identifying any areas where it falls short of the technical capabilities
required to fully utilize their security solutions

Question 28

Business Gap Analysis

Answer 28

Identifying any areas where they fall short of the capabilities required to
fully utilize cloud-based solutions

Question 29

Zero Trust

Answer 29

Zero Trust demands verification for every device, user, and transaction within the
network, regardless of its origin

Question 30

Control Plane

Answer 30

Refers to the overarching framework and set of components responsible
for defining, managing, and enforcing the policies related to user and
system access within an organization

Question 31

Adaptive Identity

Answer 31

Relies on real-time validation that takes into account the
user’s behavior, device, location, and more

Question 32

Threat Scope Reduction

Answer 32

Limits the users’ access to only what they need for their
work tasks because this reduces the network’s potential
attack surface

Question 33

Policy-Driven Access Control

Answer 33

Entails developing, managing, and enforcing user access
policies based on their roles and responsibilities

Question 34

Secured Zones

Answer 34

Isolated environments within a network that are designed
to house sensitive data

Question 35

Data Plane

Answer 35

Subject/System - Refers to the individual or entity attempting to gain access.
Policy Enforcement Point- Where the decision to grant or deny access is actually
executed