Help
Options
Didn't know it?
click below
click below
Knew it?
click below
click below
Don't Know
Remaining cards (0)
Know
retry
shuffle
restart
0:00
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.
Normal Size Small Size show me how
Normal Size Small Size show me how
Security+ Chapter 1
Security+ Chapter 1 Review Questions
| Question | Answer |
|---|---|
| Question 1: What are three key objectives of cybersecurity programs? | Answer 1: Confidentiality, integrity, and availability |
| Question 2: What are specific goals of confidentiality? | Answer 2: Confidentiality ensures that unauthorized individuals are not able to gain access to sensitive information |
| Question 3: What are three key threats to cybersecurity programs? | Answer 3: Disclosure, alteration, and denial |
| Question 4: What term describes the unauthorized modification of information? | Answer 4: Alteration is the unauthorized modification of information and is a violation of the principle of integrity. Denial is the unintended disruption of an authorized user’s legitimate access to information |
| Question 5: Name all five risk categories | Answer 5: Financial, reputational, strategic, operational, and compliance |
| Question 6: What are the three security control categories? | Answer 6: Technical controls, operational controls, and managerial controls |
| Question 7: What are some examples of technical controls? | Answer 7: Firewall rules, access control lists, intrusion prevention systems, and encryption |
| Question 8: What are some examples of operational controls? | Answer 8: User access reviews, log monitoring, and vulnerability management |
| Question 9: What are some examples of managerial controls? | Answer 9: Periodic risk assessments, security planning exercises, and the incorporation of security into the organization’s change management, service acquisition, and project management practices |
| Question 10: Name all security control types | Answer 10: Preventive controls, detective controls, corrective controls, deterrent controls, physical controls, and compensating controls |
| Question 11: What are the three states where data might exist? | Answer 11: Data at rest, data in motion, and data in processing |
| Question 12: What is data encryption? | Answer 12: Encryption technology uses mathematical algorithms to protect information from prying eyes, both while it is in transit over a network and while it resides on systems. |
| Question 13: What is DLP and what can it do? | Answer 13: DLP is Data Loss Prevention. Data loss prevention (DLP) systems help organizations enforce information handling policies and procedures to prevent data loss and theft. |
| Question 14: Name two different environments that DLP systems work in. | Answer 14: Host-based DLP and Network DLP |
| Question 15: Name two mechanisms of action of DLP systems. | Answer 15: Pattern matching and watermarking |
| Question 16: What is data minimization and how can we do it? | Answer 16: Data minimization techniques seek to reduce risk by reducing the amount of sensitive information that we maintain on a regular basis. The best way to achieve data minimization is to destroy data when it's no longer necessary. |
| Question 17: What should we do if we can’t completely remove data from a dataset? | Answer 17: We can transform it into a format where the original sensitive information is deidentified. The deidentification process removes the ability to link data back to an individual, reducing its sensitivity. |
| Question 18: Name some tools we can use in the process of data obfuscation. | Answer 18: Hashing, tokenization, and masking |
Created by:
musa_husseini
Popular Computers sets