Help
Options
Didn't know it?
click below
click below
Knew it?
click below
click below
Don't Know
Remaining cards (0)
Know
retry
shuffle
restart
0:00
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.
Normal Size Small Size show me how
Normal Size Small Size show me how
Stack #4599488
| Question | Answer |
|---|---|
| What are the three CIA Triad principles? | Confidentiality, Integrity, Availability. Foundation of information security. |
| Define Confidentiality | Ensures only authorized users access data. Uses encryption and access controls. |
| Define Integrity | Ensures data accuracy and prevents unauthorized modification. Uses hashing and checksums. |
| Define Availability | Ensures authorized access to resources when needed. Uses redundancy and failover. |
| An attacker modifies database records. Which CIA principle violated? | Integrity. Data altered without authorization. |
| Which CIA principle does SSL/TLS primarily protect? | Confidentiality. Encrypts data in transit. |
| How do digital signatures support Integrity? | Detects tampering by verifying hash matches original. |
| Define Non-repudiation | Proves an action occurred and cannot be denied. Uses digital signatures and audit logs. |
| What mechanism provides non-repudiation? | Digital signatures using asymmetric encryption. Mathematically binds identity to action. |
| How is non-repudiation different from authentication? | Authentication verifies identity; non-repudiation proves action occurred and prevents denial. |
| What is Authentication in AAA? | Verifies identity using credentials (passwords, biometrics, tokens). |
| What is Authorization in AAA? | Grants permissions to resources after authentication. Determines what user can access. |
| What is Accounting in AAA? | Tracks and logs user activities. Creates audit trail for security monitoring. |
| Why does Authorization come after Authentication? | Identity must be verified before granting access permissions. |
| What does "Something You Know" represent? | Knowledge factor: passwords, PINs, passphrases. Weakest factor alone. |
| What does "Something You Have" represent? | Possession factor: tokens, smart cards, mobile devices. Physical item required. |
| What does "Something You Are" represent? | Biometric factor: fingerprints, iris scans, facial recognition. Unique biological characteristic. |
| What does "Somewhere You Are" represent? | Location factor: GPS coordinates, IP address verification. Geographic authentication. |
| Define Multi-Factor Authentication (MFA) | Requires 2+ independent authentication factors. Significantly increases security. |
| Why is MFA more secure than single-factor? | Compromise of one factor doesn't grant access. Multiple barriers prevent unauthorized entry. |
| What is Device Authentication? | Verifies device identity before network access. Uses certificates, MAC addresses, or TPM. |
| How does mutual authentication work? | Both client and server verify each other's identity. Used in SSL/TLS handshakes. |
| Define Data Subject | Individual whose personal data is collected or processed. Has rights under privacy laws. |
| Define Data Controller | Entity determining purpose and means of data processing. Responsible for compliance. |
| Define Data Processor | Entity processing data on behalf of controller. Follows controller's instructions. |
| What is Right to Be Forgotten? | GDPR right to request deletion of personal data. Applies when no longer necessary. |
| Define Risk Identification | Process of discovering potential threats to organization. Creates comprehensive risk register. |
| Define Risk Assessment | Evaluates likelihood and impact of identified risks. Enables prioritization for mitigation. |
| What is Qualitative Risk Analysis? | Subjective assessment using descriptive categories (Low/Medium/High). No numerical values. |
| What is Quantitative Risk Analysis? | Data-driven approach assigning numerical values. Uses formulas like SLE and ALE. |
| Define Exposure Factor (EF) | Percentage of asset value lost in risk event. Expressed as 0-100%. |
| Define Single Loss Expectancy (SLE) | Financial loss from one risk occurrence. Formula: SLE = AV × EF. |
| If a $50,000 server has 40% EF, what is SLE? | $20,000. Calculation: $50,000 × 0.40 = $20,000. |
| Define Annualized Rate of Occurrence (ARO) | Expected frequency of risk per year. Example: 0.5 = once every 2 years. |
| Define Annualized Loss Expectancy (ALE) | Projected annual loss from risk. Formula: ALE = SLE × ARO. |
| If SLE is $10,000 and ARO is 3, what is ALE? | $30,000. Calculation: $10,000 × 3 = $30,000. |
| What is Risk Tolerance? | Acceptable variation in outcomes organization can withstand. Operational day-to-day threshold. |
| What is Risk Appetite? | Overall risk level organization willing to accept for strategic goals. Broader than tolerance. |
| Define Risk Transfer | Shifting risk to third party via insurance or contracts. Reduces direct responsibility. |
| Define Risk Acceptance | Acknowledging risk without mitigation action. Appropriate for low-impact risks. |
| Define Risk Avoidance | Eliminating risk by discontinuing risky activity. Used for high-impact unavoidable risks. |
| Define Risk Mitigation | Reducing risk to acceptable level through controls. Most common risk response. |
| What is a Risk Exemption? | Formal exclusion of risk from security policies. Often for negligible risks. |
| What is a Risk Exception? | Temporary deviation from risk policy with oversight. Time-limited allowance. |
| Define Technical Controls | Hardware/software mechanisms managing access and protection. Examples: firewalls, encryption, ACLs. |
| Define Managerial Controls | Policies and procedures from security policy. Examples: risk assessments, background checks. |
| Define Operational Controls | Day-to-day activities ensuring security compliance. Implemented by people. Examples: backups, training. |
| Define Physical Controls | Mechanisms protecting facilities and physical assets. Examples: guards, fences, cameras, locks. |
| What is a Preventive Control? | Stops unwanted activity before occurrence. Examples: firewalls, locks, access controls. |
| What is a Detective Control? | Discovers unwanted activity after occurrence. Examples: IDS, cameras, audit logs. |
| What is a Deterrent Control? | Discourages security policy violations. Examples: warning signs, security guards, cameras. |
| What is a Corrective Control? | Fixes vulnerabilities after incident. Examples: patching, backups, incident response. |
| What is a Compensating Control? | Alternative control supporting primary controls. Provides additional enforcement layer. |
| What is a Directive Control? | Guides behavior and enforces compliance. Examples: policies, procedures, signage. |
| A firewall blocking unauthorized traffic is what control type? | Technical and Preventive. Stops unwanted access before entry. |
| Security cameras recording facility access are what control type? | Physical and Detective. Records activity for later review. |
| A warning sign about surveillance is what control type? | Physical and Deterrent. Discourages unauthorized entry. |
| What is ISC2 Code of Ethics Canon 1? | Protect society, common good, public trust, and infrastructure. Highest priority. |
| What is ISC2 Code of Ethics Canon 2? | Act honorably, honestly, justly, responsibly, and legally. Professional conduct. |
| What is ISC2 Code of Ethics Canon 3? | Provide diligent and competent service to principals. Quality service obligation. |
| What is ISC2 Code of Ethics Canon 4? | Advance and protect the profession. Maintain professional integrity. |
| Which Canon takes precedence in ethics conflicts? | Canon 1 (Protect society). Public interest overrides other obligations. |
| Define Security Policy | High-level mandatory statement defining security approach. Broad scope, enforceable. |
| Define Security Standard | Detailed mandatory rules for uniform implementation. Specifies technical requirements. |
| Define Security Procedure | Step-by-step task instructions for compliance. Detailed and role-specific. |
| Define Security Guideline | Recommended best practices, optional not mandatory. Flexible implementation advice. |
| What is an Acceptable Use Policy (AUP)? | Defines permitted and prohibited use of organizational resources. Mandatory compliance. |
| What does a Password Standard specify? | Minimum length, complexity, expiration, reuse rules. Technical password requirements. |
| What is Change Management Policy? | Controls for requesting, approving, implementing system changes. Includes rollback planning. |
| Policies are _____, Guidelines are _____ | Mandatory; Optional (or Recommended). |
| Standards define _____, Procedures define _____ | What (requirements); How (steps to implement). |
| Define Business Continuity (BC) | Organization's ability to continue critical functions during disruption. Focuses on people, processes, technology. |
| Why is BC important? | Minimizes downtime, prevents financial loss, maintains stakeholder trust, ensures compliance. |
| What is Business Impact Analysis (BIA)? | Identifies critical functions and disruption impacts. Prioritizes recovery efforts. |
| What are BC Recovery Strategies? | Methods to restore operations: backup systems, alternate sites, failover procedures. |
| Define Disaster Recovery (DR) | IT-focused restoration of systems and data after disaster. Subset of BC. |
| What is Recovery Time Objective (RTO)? | Maximum acceptable downtime for system restoration. Example: 4 hours. |
| What is Recovery Point Objective (RPO)? | Maximum acceptable data loss measured in time. Example: 1 hour. |
| What is a Hot Site? | Fully operational backup facility with real-time replication. Immediate failover capability. |
| What is a Warm Site? | Partially equipped facility requiring setup time. Recovery in hours to days. |
| What is a Cold Site? | Basic facility with power/space only, no equipment. Recovery in days to weeks. |
| Hot Site has _____ RTO, Cold Site has _____ RTO | Shortest (minutes-hours); Longest (days-weeks). |
| Define Incident Response (IR) | Structured approach to managing security incidents. Minimizes damage and recovery time. |
| What are the 6 IR phases? | Preparation, Detection/Analysis, Containment, Eradication, Recovery, Post-Incident Review. |
| What occurs in IR Preparation phase? | Establish policies, tools, training, and IR team. Proactive readiness. |
| What occurs in IR Containment phase? | Isolate incident to prevent spread. Short-term and long-term containment. |
| What occurs in IR Eradication phase? | Remove root cause: malware, vulnerabilities, unauthorized access. |
| What occurs in Post-Incident Review? | Analyze incident, document lessons learned, improve future response. |
| Define Least Privilege | Grant minimum access necessary for job function. Reduces risk from compromised accounts. |
| Define Separation of Duties (SoD) | Divide critical tasks among multiple users. Prevents fraud and unauthorized actions. |
| Give example of SoD in financial transactions | One person initiates payment, another approves, third reconciles. No single control. |
| Define Discretionary Access Control (DAC) | Resource owner determines access permissions. Flexible but less secure. |
| Define Mandatory Access Control (MAC) | Central authority enforces permissions via security labels. Highly secure, inflexible. |
| Define Role-Based Access Control (RBAC) | Access based on user's organizational role. Simplifies management, scalable. |
| DAC is _____, MAC is _____ | Flexible/Owner-controlled; Strict/Centrally-enforced. |
| What are Access Badges used for? | Verify identity, restrict zone access, track entry/exit, provide audit logs. |
| What are Bollards? | Vertical posts blocking vehicle access to restricted areas. Prevents ramming attacks. |
| What is purpose of Security Fences? | First defense line creating boundary between secure and public areas. Physical barrier. |
| What do Security Guards provide? | Detective, deterrent, preventive control with rapid response. Human monitoring. |
| Why is lighting critical for physical security? | Deters intruders, enhances camera visibility, enables monitoring, reduces accidents. |
| What do Infrared Sensors detect? | Heat signatures from people, animals, objects via infrared radiation. |
| What do Pressure Sensors detect? | Weight/pressure changes on surfaces. Detects footsteps on protected areas. |
| What do Microwave Sensors detect? | Movement within area using microwave radiation. Often combined with other sensors. |
| What do Ultrasonic Sensors detect? | Objects via high-frequency sound wave reflection. Measures distance and presence. |
| What is the OSI Model? | 7-layer conceptual framework standardizing network communication. ISO standard. |
| Name OSI Layers 7, 4, 3 (top to bottom) | Application (HTTP/FTP), Transport (TCP/UDP), Network (IP/routing). |
| What operates at OSI Layer 7? | Application protocols: HTTP, FTP, SMTP, DNS. User-facing services. |
| What operates at OSI Layer 4? | Transport protocols: TCP (reliable) and UDP (fast). End-to-end communication. |
| What operates at OSI Layer 3? | IP addressing and routing. Routers operate here. |
| What operates at OSI Layer 2? | MAC addressing and switching. Ethernet operates here. |
| What operates at OSI Layer 1? | Physical transmission: cables, wireless, electrical signals. Bits transmission. |
| What is the TCP/IP Model? | 4-layer internet communication model. More practical than OSI. |
| Name TCP/IP Model layers (top to bottom) | Application, Transport, Internet, Network Access. |
| How does TCP/IP differ from OSI? | TCP/IP has 4 layers vs OSI 7 layers. Combines Presentation/Session into Application. |
| Define IPv4 | 32-bit addressing protocol in dotted decimal format. 4.3 billion addresses. |
| What causes IPv4 address exhaustion? | Only 4.3 billion addresses insufficient for connected devices. Growth exceeds capacity. |
| How does NAT solve IPv4 exhaustion? | Network Address Translation allows multiple devices sharing one public IP. |
| Define IPv6 | 128-bit addressing protocol in hexadecimal. 340 undecillion addresses. |
| What are key IPv6 advantages? | No NAT required, built-in IPSec, simplified header, auto-configuration. |
| What is Wi-Fi? | Wireless networking using radio frequencies under IEEE 802.11 standard. |
| What is 802.11ac? | Wi-Fi 5 standard operating at 5 GHz, speeds over 1 Gbps. |
| What is 802.11ax? | Wi-Fi 6 standard on 2.4/5 GHz, speeds up to 9.6 Gbps. Latest standard. |
| What is WPA3? | Latest Wi-Fi security protocol. Strongest encryption for wireless networks. |
| What are Network Ports? | Virtual endpoints enabling multiple services on single IP. Range 0-65535. |
| What is Port 80? | HTTP unencrypted web traffic. |
| What is Port 443? | HTTPS encrypted web traffic using SSL/TLS. |
| What is Port 22? | SSH for secure remote administration. |
| What is Port 25? | SMTP for sending email. |
| What is Port 53? | DNS for domain name resolution. |
| What is Port 3389? | RDP for Windows remote desktop access. |
| Define DDoS attack | Overwhelming target with traffic from multiple sources. Causes service disruption. |
| How to prevent DDoS? | Use DDoS protection services, rate limiting, traffic filtering, WAF. |
| What is Amplified DDoS? | Exploits servers to magnify attack traffic via small requests generating large responses. |
| What is Reflected DDoS? | Exploits servers to reflect traffic to target using IP spoofing. |
| Define Ransomware | Malware encrypting files demanding ransom payment for decryption key. |
| How to prevent Ransomware? | Regular offline backups, endpoint protection, patch management, user training. |
| Define Trojan | Malware disguised as legitimate software. Provides unauthorized backdoor access. |
| Define Worm | Self-replicating malware spreading without user action. Exploits network vulnerabilities. |
| How does Worm differ from Virus? | Worm self-propagates without host file; Virus requires host file attachment. |
| Define Spyware | Malware secretly monitoring and stealing user data without consent. |
| Define Bloatware | Unnecessary pre-installed software consuming resources. Potential security risk. |
| Define Virus | Malware attaching to legitimate files, spreading when host executes. |
| Define Logic Bomb | Malicious code activating on specific trigger conditions (date, action, event). |
| Define Rootkit | Stealthy malware gaining privileged access while hiding from detection tools. |
| How to detect Rootkits? | Anti-rootkit tools, secure boot, integrity checking, firmware updates. |
| Define Man-in-the-Middle (MITM) | Attacker intercepts communication between two parties. Steals or modifies data. |
| How to prevent MITM? | Use HTTPS, SSL/TLS, VPNs, certificate validation. |
| What is a Side-channel attack? | Exploits indirect information leaks: power consumption, timing, electromagnetic radiation. |
| Define Intrusion Detection System (IDS) | Monitors network/system for suspicious activity. Generates alerts. |
| What is Signature-Based IDS? | Matches activity against known attack patterns. Accurate for known threats, misses new. |
| What is Anomaly-Based IDS? | Detects deviations from normal behavior using AI/ML. Catches zero-days, more false positives. |
| What is HIDS? | Host-based IDS monitoring individual device for local threats and file changes. |
| What is NIDS? | Network-based IDS monitoring traffic across multiple devices for anomalies. |
| Define Intrusion Prevention System (IPS) | Actively blocks detected threats automatically. Inline security device. |
| How does IPS differ from IDS? | IDS detects and alerts; IPS detects and blocks automatically. |
| What is a Firewall? | Controls network traffic based on security rules. Blocks unauthorized access. |
| What is Next-Generation Firewall (NGFW)? | Advanced firewall with deep packet inspection, application awareness, threat intelligence. |
| What is Antivirus software? | Detects, prevents, removes malware using signatures and behavior analysis. |
| Define On-Premises Infrastructure | Physical hardware and facilities managed locally. Not cloud-based. |
| What is UPS (Uninterruptible Power Supply)? | Battery backup providing short-term power during outages. Prevents abrupt shutdown. |
| What is purpose of Generators? | Long-term backup power for extended outages. Sustains operations. |
| What is a Data Center? | Secure controlled environment housing network hardware. Physical and environmental security. |
| What is HVAC purpose? | Regulate temperature and humidity preventing hardware failure. Climate control. |
| What is Gas-Based Fire Suppression? | Reduces oxygen without damaging equipment. Uses FM-200 or CO2. |
| Why is redundancy critical? | Eliminates single points of failure. Ensures continuous operation during failures. |
| What is MOU? | Memorandum of Understanding. Informal non-binding agreement defining roles. |
| What is MOA? | Memorandum of Agreement. Formal often legally binding agreement specifying obligations. |
| Define Network Segmentation | Divides network into isolated segments. Limits breach scope and improves performance. |
| What is DMZ? | Demilitarized Zone isolating public services from internal network. Dual firewall protection. |
| What is VLAN? | Virtual LAN creating logical segmentation within physical network. Software-defined isolation. |
| What are VLAN benefits? | Reduces broadcast traffic, isolates devices, flexible management, enhances security. |
| What is VPN? | Virtual Private Network encrypting traffic over public networks. Secure remote access. |
| Define Micro-Segmentation | Granular segmentation per workload/device. Zero Trust Architecture enabler. |
| What is Defense in Depth? | Multiple security layers protecting assets. No single point of failure. |
| Name 5 Defense in Depth layers | Perimeter, Network, Endpoint, Application, Data security. |
| What is Network Admission Control? | Ensures only authorized compliant devices connect to network. Pre/post admission checks. |
| What is 802.1X? | Port-based network access control using RADIUS authentication. |
| How to secure IoT devices? | Separate from enterprise network, use VLANs, disable unnecessary features, monitor traffic. |
| Define IaaS | Infrastructure as a Service. Virtualized computing resources (servers, storage, network). |
| Name 2 IaaS examples | Amazon EC2, Microsoft Azure Virtual Machines. |
| Define PaaS | Platform as a Service. Development platform without infrastructure management. |
| Name 2 PaaS examples | Google App Engine, Microsoft Azure App Service. |
| Define SaaS | Software as a Service. Fully managed applications via browser. |
| Name 2 SaaS examples | Gmail, Microsoft 365, Salesforce. |
| Define FaaS | Function as a Service. Serverless code execution on events. |
| Name 2 FaaS examples | AWS Lambda, Azure Functions. |
| What does CSP manage in IaaS? | Physical hardware, networking, virtualization, data center security. |
| What does Customer manage in IaaS? | OS, applications, middleware, data, configurations, access. |
| What does CSP manage in SaaS? | Everything: application, platform, infrastructure, updates. |
| What does Customer manage in SaaS? | Data, user access, compliance requirements. |
| Define Public Cloud | Multi-tenant resources from third-party provider over internet. Shared infrastructure. |
| Name 3 Public Cloud providers | AWS, Microsoft Azure, Google Cloud Platform. |
| Define Private Cloud | Single-tenant dedicated cloud infrastructure. On-premises or provider-hosted. |
| Define Hybrid Cloud | Combines public and private clouds. Workload portability between environments. |
| Define Community Cloud | Shared cloud for organizations with common needs. Cost-sharing among members. |
| Define Multi-Cloud | Using multiple cloud providers simultaneously. Avoids vendor lock-in. |
| What is SLA? | Service Level Agreement. Contract defining service expectations and guarantees. |
| What are key SLA elements? | Uptime guarantees, performance metrics, data protection, disaster recovery. |
| What is MSP? | Managed Service Provider. Third-party managing cloud infrastructure and security remotely. |
| What services do MSPs provide? | Security monitoring, patch management, disaster recovery, compliance support. |
| Define Encryption | Converting plaintext to ciphertext protecting data confidentiality. Reversible with key. |
| What are Encryption key components? | Algorithm (AES, RSA) and Key (symmetric or asymmetric). |
| What are Encryption types? | Symmetric (single key) and Asymmetric (key pair). |
| What is Full Disk Encryption (FDE)? | Encrypts entire storage drive including OS. Requires authentication at boot. |
| Name 2 FDE examples | BitLocker (Windows), FileVault (Mac). |
| What is Self-Encrypting Drive (SED)? | Hardware-based encryption at drive level. Automatic encryption/decryption. |
| What is Cloud Storage Encryption? | Encrypts data stored in cloud at rest. Prevents unauthorized cloud access. |
| What is Transparent Data Encryption (TDE)? | Automatic database file encryption at storage level. Seamless for applications. |
| What is SSL/TLS? | Encrypts data in transit between client and server. Used for HTTPS. |
| What is Data in Use protection? | Safeguards data during active processing in memory. Uses secure enclaves. |
| What is Secure Enclave? | Hardware-protected isolated computing environment. Examples: Intel SGX, ARM TrustZone. |
| What is Homomorphic Encryption? | Allows computation on encrypted data without decryption. Preserves privacy during processing. |
| Define Symmetric Encryption | Same key for encryption and decryption. Fast but key distribution challenge. |
| Give Symmetric Encryption example | AES (Advanced Encryption Standard). Block cipher. |
| Define Asymmetric Encryption | Key pair: public encrypts, private decrypts. Slower but solves key distribution. |
| Give Asymmetric Encryption example | RSA (Rivest-Shamir-Adleman). Based on prime factorization. |
| How to encrypt with Asymmetric Encryption? | Use recipient's public key for encryption. |
| How to decrypt with Asymmetric Encryption? | Recipient uses their private key for decryption. |
| How to create Digital Signature? | Sign with sender's private key. |
| How to verify Digital Signature? | Verify with sender's public key. |
| When to use Symmetric Encryption? | Bulk data encryption, databases, full disk, VPN tunnels. Speed priority. |
| When to use Asymmetric Encryption? | Key exchange, digital signatures, small data. Security/scalability priority. |
| What is Block Cipher? | Encrypts fixed-size data blocks (128 bits). Example: AES. |
| What is Stream Cipher? | Encrypts data one bit/byte at a time continuously. Example: RC4. |
| What is TPM? | Trusted Platform Module. Microchip storing cryptographic keys securely on hardware. |
| What does TPM provide? | Secure boot, key storage, tamper resistance, hardware-based encryption. |
| What is HSM? | Hardware Security Module. Physical device for key generation and management. |
| Where are HSMs used? | Banking, government, cloud services for high-security cryptographic operations. |
| Define Hashing | One-way conversion to fixed-length string. Cannot be reversed. |
| What are Hashing uses? | Password storage, data integrity verification, digital signatures. |
| Name 2 Hash algorithms | SHA-256 (secure), MD5 (legacy/weak). |
| How does Hashing differ from Encryption? | Hashing one-way irreversible; Encryption two-way reversible with key. |
| What is Deterministic hash property? | Same input always produces identical hash output. |
| What is Collision Resistance? | Computationally infeasible for two inputs producing same hash. |
| What is Pre-image Resistance? | Cannot reverse hash to discover original input. |
| What is Avalanche Effect? | Small input change produces drastically different hash output. |
| Define Data Governance | Policies managing data throughout lifecycle. Classification to destruction. |
| What are Data Governance key aspects? | Classification, labeling, retention, secure destruction. |
| What is Data Classification? | Categorizing data by sensitivity and regulatory requirements. |
| What are classification levels? | Public, Internal/Confidential, Sensitive, Regulated/Highly Sensitive. |
| What is Public data? | Accessible to anyone. Example: marketing materials, public website content. |
| What is Sensitive data? | Requires extra protection. Examples: financial data, trade secrets, PII. |
| What is Data Labeling? | Tagging data with classification indicators. Visual or metadata-based. |
| What are labeling methods? | Physical labels, digital metadata, color-coding. |
| What is Data Retention Policy? | Defines storage duration before deletion. Based on legal and business needs. |
| What influences retention policies? | Legal requirements (GDPR, HIPAA), business needs, security risks. |
| What is Long-Term Retention? | Compliance records stored for years. Tax documents, HR files, legal records. |
| Define Data Destruction | Secure removal preventing recovery. Goes beyond simple deletion. |
| What is Software-Based Wiping? | Overwrites data multiple times. DoD 5220.22-M standard. |
| What is Degaussing? | Magnetic field erasing data from magnetic media. Renders media unusable. |
| What is Physical Destruction? | Shredding, incineration, drilling storage devices. Complete destruction. |
| What is Cryptographic Erasure? | Deleting encryption keys making encrypted data unrecoverable. Fast method. |
| Define Log Aggregation | Centralizing logs into single location for analysis. Simplifies monitoring. |
| What are Log Aggregation tools? | SIEM solutions: Splunk, ELK Stack. |
| What is Alerting? | Notifications of abnormal activities or threats. Enables rapid response. |
| What is Security Reporting? | Generating summaries of activities, alerts, trends. Provides insights. |
| What is Archiving? | Long-term log storage for forensics and compliance. Months to years retention. |
| What is Quarantine in security operations? | Isolating affected systems preventing malware spread or lateral movement. |
| What is Alert Tuning? | Adjusting alert thresholds minimizing false positives. Reduces alert fatigue. |
| What is SCAP? | Security Content Automation Protocol. Framework automating vulnerability management. |
| What are Security Benchmarks? | Predefined secure configuration standards. Example: CIS Benchmarks. |
| What is Agent-based monitoring? | Software on endpoints collecting and transmitting data. Full visibility. |
| What is Agentless monitoring? | Remote monitoring without installed software. Uses SNMP or APIs. |
| Define SIEM | Security Information and Event Management. Centralized log correlation and analysis. |
| Name 3 SIEM solutions | Splunk, ArcSight, QRadar. |
| What is Data Loss Prevention (DLP)? | Prevents unauthorized data transfer or exfiltration. Monitors data at rest/motion/use. |
| What are SNMP Traps? | Event notifications sent by network devices to management system. |
| What is NetFlow? | Protocol collecting IP traffic data. Identifies bandwidth usage and anomalies. |
| What are Vulnerability Scanners? | Tools identifying weaknesses, misconfigurations, missing patches. |
| Name 3 Vulnerability Scanners | Nessus, OpenVAS, Qualys. |
| What is Configuration Management? | Maintaining system security and functionality through standardized configurations. |
| What are Configuration Management components? | Baselines, updates, patches, change control, auditing. |
| What is Security Baseline? | Standardized secure starting configuration. Vendor or industry standard. |
| Name 2 Baseline sources | CIS Benchmarks, NIST SP 800-128 Guidelines. |
| What are Patch Management steps? | Identify, Assess priority, Test, Deploy, Verify. |
| What risks occur without Configuration Management? | Unpatched vulnerabilities, misconfigurations, baseline drift, system instability. |
| What is Data Handling Policy? | Defines storage, transmission, disposal of sensitive data. Classification-based controls. |
| What is Password Policy? | Requirements for strong authentication. Length, complexity, MFA, storage. |
| What are minimum Password Policy requirements? | 12-16 characters minimum, complexity (mixed case/numbers/symbols), MFA for critical accounts. |
| What is BYOD Policy? | Manages risks of personal devices for work. Security requirements for employee devices. |
| What are BYOD security requirements? | Device encryption, remote wipe capability, VPN for access, approved applications only. |
| What is Change Management Policy? | Controls for implementing system changes securely. Requires approval, testing, rollback plan. |
| What is Privacy Policy? | Governs personal data collection, storage, sharing. User consent and transparency. |
| What are Privacy Policy requirements? | Collect only necessary data, obtain consent, disclose sharing, define retention. |
| What is Security Awareness Training? | Program educating employees about cyber risks. Reduces human error. |
| Why is Awareness Training critical? | Employees are first defense line. Prevents phishing, reduces breaches, creates security culture. |
| What topics covered in Awareness Training? | Social engineering, password security, email threats, safe browsing, physical security. |
| Define Phishing | Fraudulent emails impersonating legitimate sources. Steals credentials or delivers malware. |
| Define Vishing | Voice phishing via phone calls. Tricks victims into revealing sensitive information. |
| Define Baiting | Leaving infected media (USB, links) to lure victims. Exploits curiosity. |
| Define Pretexting | Impersonating authority to extract information. Creates false scenario for trust. |
| What are password security best practices? | Unique per account, enable MFA, never share, use password manager. |
| How to identify phishing emails? | Suspicious sender, urgent tone, grammar errors, unexpected attachments, hover before clicking. |
Created by:
user-2013169