Security Basics Chpt 1

Question 1

What are examples of Confidentiality Controls?

Answer 1

Encryption, Access Control, Stegonagraphy, Least privilege, Need to know, separation of duties

Question 2

What are examples of Integrity Controls?

Answer 2

Hashing, Digital Signatures, Backups, Version Control

Question 3

What are examples of Availability Controls

Answer 3

Redundancy, Fault Tolerance, Patch Management

Question 4

Fault Tolerance

Answer 4

Systems that continue functioning after components fail

Question 5

Patch management

Answer 5

Application of software updates with minimal service disruption

Question 6

Redundancy

Answer 6

Multiple or backup systems designed for immediate or quick recovery

Question 7

Digital signatures

Answer 7

Hashing and encryption used to prove a file’s origin

Question 8

Hashing

Answer 8

Digital fingerprints used to detect file alteration

Question 9

Steganography

Answer 9

Secret messages concealed inside of ordinary ones

Question 10

What is the Layer Security/Defense Depth

Answer 10

Policies, Procedures & Awareness -> Physical -> Perimeter ->Network -> Host -> App -> Data

Question 11

What is the Basic Risk Concept Order

Answer 11

Risk -> Threat -> Vulnerability -> Loss/Impact

Question 12

Risk

Answer 12

the likelihood that a threat will exploit a vulnerability

Question 13

Risk mitigation

Answer 13

Reduces the chances that a threat will exploit a vulnerability by implementing controls

Question 14

How do you calculate risk?

Answer 14

threat * vulnerability * Loss(Impact)

Question 15

What is Attack Surface?

Answer 15

Points where ama attacker can discover/exploit vulnerabilities in a network or application

Question 16

Examples of Attack Vectors

Answer 16

Direct Access, Email, Removable Media, Remote and wireless, Supply Chain, Web, and social media, cloud

Question 17

Lowers costs, high level of flexibility, used to test security controls, updates, and patches

Answer 17

Virtualization

Question 18

What are Virtualization Concepts?

Answer 18

Hypervisor, Host, Guest, Snapshots, Sandboxing, Host availability, patch compatibility

Question 19

Used to create an authenticated and encrypted area of an employees phone

Answer 19

containers

Question 20

What are the functions of CASB?

Answer 20

Scan for malware and rogue device ass, monitor and audit user and resource activity, enable single-sign-on authentication, and enforce access controls and authorizations from the enterprise network to the cloud provider, mitigate data exfiltration by preventing access to unauthorized cloud services from managed devices