Section 1.2

Question 1

What is the CIA Triad?

Answer 1

It’s a combination of principles to describe the fundamentals of security.

Question 2

What does the C, I and A stand for?

Answer 2

C: Confidentiality
- Prevent disclosure of information to unauthorized individuals or systems

I: Integrity
- Messages can’t be modified without detection

A: Availability
- Systems and networks must be up and running

Question 3

What is Confidentiality?

Answer 3

Definition: Certain information should only be known to certain people

Encryption is used to encode messages so only certain people can read it.
Access control are used to restrict access to resources.
Two-factor authentication is used to confirm the correct user is getting access to the resource

Question 4

What is Integrity?

Answer 4

Definition: Data is stored and transferred as intended, without any changes.

Hashing is used to compare the hash of the sender with the receiver to make sure the same hash is found.
Digital signatures take hash and encrypts it to verify the integrity of data.
Certificates are used to identify devices/people

Question 5

What is Availability?

Answer 5

Definition: information is accessible to authorized users

Redundancy: build services that will always be available
Fault tolerance: System should continue to run even when failure occurs
Patching: Ensuring stability and closing security holes

Question 6

What is non-repudiation?

Answer 6

Non repudiation means that you cannot deny what you’ve done by using proof of integrity and proof of origin with high assurance of authenticity.

Question 7

What is proof of integrity?

Answer 7

Proof of integrity means that we can verify the data that we received is exactly the same data that was originally sent.

This means that the data remains accurate and consistent.

Question 8

What is a hash?

Answer 8

A hash is a short string of text that we can create based on data that is contained within the plaintext.

If any of the plaintext data changes, then the hash would also change.

It’s used to verify integrity of the data that was received is the same as the data that was sent.

Question 9

What is proof of origin?

Answer 9

Proving the source of the message.

Digital signatures are used to verify proof of origin. Digital signatures use a private key that is only known to the person sending the data. To verify the private key, a public key associated with the private key is used.

Question 10

What is authentication?

Answer 10

Proving you are who you say you are by using username/password or other authentication factors.

Question 11

What is authorization?

Answer 11

Based on the identification and authentication, what access do you have in the system.

Question 12

How to authenticate a device?

Answer 12

A digitally signed certificate can be put in the device. VPNs can verify that the device is a company device.

Question 13

What is a CA?

Answer 13

A Certificate Authority (CA) is a device that manages all of our certificates in our environment.

Question 14

What is a Gap Analysis?

Answer 14

A gap analysis is a comparison of where we are vs where we want to be.

Question 15

What does Zero Trust mean?

Answer 15

Zero trust means that you have to authenticate each time you have to get access to a particular resource.

Nothing is trusted and everything needs to be verified.

Question 16

What is meant by Planes of Operation?

Answer 16

In Zero Trust security model, the planes of operation, the Data Plane, Control Plane and Management Plane are important to enforce the “never trust, always verify” principle.

Question 17

What is Data Plane?

Answer 17

The data plane is the part of the device that is performing the actual security process. This is where data packets are transmitted between devices.

Question 18

What is the Control Plane?

Answer 18

This is where we manage the actions of the data plane. In here policies and rules are defined. Also, in here its determined how packets should be forwarded.

Question 19

What is adaptive identity?

Answer 19

This is where we exam the identity of an individual and applying security controls based on not just what the user is telling us, but other information that we have available for this authentication process.
For example:
- Someone who’s requesting data that’s located in United States, is using an IP address that’s in China. This means that we would need to add additional security measures to confirm the individual is who they say they are.

Question 20

What is threat scope reduction?

Answer 20

This is the process of limiting the possible entry points to an environment.

Question 21

What are security zones?

Answer 21

Security zones look at where are we connecting from, and where are we trying to connect to.

For example you can separate different company functions in security zones, or you can separate untrusted security zone with trusted security zones.

Then you can set up rules such as blocking all access from any untrusted zone to a trusted zone.

Question 22

What is a policy enforcement point (PEP)?

Answer 22

The policy enforcement point is a gatekeeper. All traffic must pass through the PEP to determine what traffic is allowed and blocked.

Question 23

What is a Policy Decision Point?

Answer 23

The policy decision point is the process for making an authentication decision. (allow or block traffic coming from somewhere)

Question 24

What is a Honeypot?

Answer 24

A honeypot is a way to attract attackers to your system and keep them stuck in the system to see what type of attacks they’re trying to use to attack the system.

Honeypots are not part of the production environment, but instead a virtual world build to attract attackers.

Question 25

What is a Honeynet?

Answer 25

It’s a real network that includes more than a single device. it may have servers, workstations, routers, switches and more.

Question 26

What are honeyfiles?

Answer 26

Honeyfiles have fake information, but appear to have very important information such as passwords.

Question 27

What are Honeytokens?

Answer 27

Honeytokens are traceable data to track malicious actors. For example, providing API credentials in honeyfiles, and then waiting to find out who will use these API credentials.