Section 2: Fundamentals Of Security

Question 1

Definition

Informational Security

Answer 1

Protecting data and information from unauthorized access, modification, disruption, disclosure, and destruction

Question 2

Definition

Information Systems Security

Answer 2

Protecting the systems (e.g. computers, servers, network devices) that hold and process critical data.

Question 3

Definition

What is the CIA Triad?

Answer 3

• Confidentiality - Ensures information is accessible only to authorized personell
• Integrity - Ensures data remains accurate and unaltered
• Availability - Ensures information and resources are accessible when needed

Question 4

Definition

Non-Repudiation

Answer 4

Guarantees that an action or event cannot be denied by the involved parties.

Question 5

Definition

CIANA Pentagon

Answer 5

An extension of the CIA triad with the addition of non-repudiation and authentication

Question 6

Definition

What are the Triple A’s of security?

Answer 6

• Authentication - verifying the identity of a user or system
• Authorization - Determining actions or resources an authenticated user can access
• Accounting - Tracking user activities and resource usage for audit or billing purposes

Question 7

Knowledge

What are the Security Control Categories?

Answer 7

1. Technical
2. Managerial
3. Operational
4. Physical

Question 8

Knowledge

What are the Security Control Types

Answer 8

1. Preventative
2. Deterrent
3. Detective
4. Corrective
5. Compensating
6. Directive

Question 9

Definition

Zero Trust Model

Answer 9

Operates on the principle that no one should be trusted by default.

Question 10

Knowledge

What planes we use to achieve zero trust?

Answer 10

• Control Plane - adaptive identity, threat scope reduction, policy driven access control, and secured zones
• Data Plane - subject/system, policy engine, policy administrator, and establishing policy enforcement points

Question 11

Definition

Threat

Answer 11

Anything that could cause harm, loss, damage, or compromise our information technology systems.

Question 12

Knowledge

Threats can come from the following:

Answer 12

1. Natural disasters
2. Cyber attacks
3. Data integrity breaches
4. Disclosure of confidential information

Question 13

Definition

Vulnerability

Answer 13

Any weakness in the system design or implementation

Question 14

Knowledge

Vulnerabilities can come from internal factors such as:

Answer 14

1. Software bugs
2. Misconfigured software
3. Improperly protected network devices
4. Missing security patches
5. Lack of physical security

Question 15

Definition

Risk Management

Answer 15

Finding different ways to minimize the likelihood of a negative outcome and acheive the desired outcome.

Question 16

Definition

Confidentiality

Answer 16

• Refers to the protection of information from unauthorized access and disclosure
• Ensures that private or sensitive information is not available or disclosed to unauthrorized individuals, entities, or processes.