Terms & Concepts

Question 1

What is the CIA triad?

Answer 1

CIA stands for confidentiality, integrity and availability.

Question 2

Define the “C” in the CIA triad?

Answer 2

“C” stands for confidentiality.

Sensitive information is only accessible by authorized individuals.

Question 3

Define the “I” in the CIA triad.

Answer 3

“I” stands for integrity.

Maintaining the accuracy and completeness of data.

Question 4

Define the “A” in the CIA triad.

Answer 4

“A” stands for availability.

Information and resources should be available to authorized individuals when needed.

Question 5

What is the principle of least privilege?

Answer 5

Granting users the minimum level of access (or permissions) necessary to perform their job functions.

Question 6

Explain “defense in depth”.

Answer 6

Implementing multiple layers of security controls to protect information and resources, so that if one layer fails, others still provide protection.

Question 7

Explain “zero trust”.

Answer 7

A security model that assumes no implicit trust, verifying every access request as though it originates from an open network.

Question 8

Define RBAC.

Answer 8

RBAC stands for role-based access control.

Assigning permission to users based on their role within an organization.

Question 9

Define ABAC.

Answer 9

ABAC stands for attribute-based access control.

Granting access based on user attributes (eg. department, location) and environmental conditions.

Question 10

Explain multi-factor authentication (MFA).

Answer 10

MFA involves requiring two or more verification factors to authenticate a user, enhancing security beyond just passwords.

Question 11

Explain single sign-on (SSO).

Answer 11

Allowing users to authenticate once and gain access to multiple systems without re-entering credentials.

Question 12

Explain privileged access management (PAM).

Answer 12

Controlling and monitoring accounts with elevated permissions to reduce the risk of misuse.

Question 13

Define “federation”.

Answer 13

Federation is linking a user’s identity across multiple identity management systems, often used for SSO across organizations.

Question 14

Explain identity lifecycle management.

Answer 14

Managing user identities from creation to deactivation, including onboarding, role changes, and offboarding.

Question 15

Explain third-party risk assessment.

Answer 15

Evaluating the security posture of vendors who have access to your systems or data.

Question 16

Define service-level agreements (SLA).

Answer 16

Contracts that define the level of service expected from a vendor, including security commitments.

Question 17

What is supply chain security?

Answer 17

Ensuring that security is maintained throughout the supply chain to prevent breaches via third-party vendors.

Question 18

Explain vendor onboarding and offboarding.

Answer 18

Processes for securely integrating new vendors and removing their access when no longer needed.

Question 19

Define due diligence.

Answer 19

Conducting thorough evaluations of a vendor’s security practices before engagement.

Question 20

What is GDPR?

Answer 20

GDPR stands for General Data Protection Regulation.

EU regulation on data protection and privacy for individuals within the European Union.

Question 21

What is the California Consumer Privacy Act (CCPA)?

Answer 21

California state law enhancing privacy rights and consumer protection for residents of California.

Question 22

What is SOC2?

Answer 22

SOC2 stands for Service Organization Control 2.

Framework for managing customer data based on five trust service principles: security, availability, processing integrity, confidentiality, and privacy.

Question 23

What is ISO / IEC 27001?

Answer 23

International standard for information security management systems (ISMS).

Question 24

What is HIPAA?

Answer 24

HIPAA stands for Health Insurance Portability and Accountability Act.

US regulation safeguarding medical information.

Question 25

What is PCI DSS?

Answer 25

PCI DSS stands for Payment Card Industry Data Security Standard.

Security standards for organizations that handle credit card information.

Question 26

What is the NIST Cybersecurity Framework?

Answer 26

A set of guidelines for improving critical infrastructure cybersecurity, including Identify, Protect, Detect, Respond, and Recover functions.

Question 27

Explain CIS controls.

Answer 27

CIS stands for Center for Internet Security.

A prioritized set of actions to protect organizations against the most common cyber threats.

Question 28

What is the OWASP Top Ten?

Answer 28

OWASP stands for Open Worldwide Application Security Project.

A list of the top ten most critical web application security risks, providing guidelines to mitigate them.