CompTIA Security+ 701: Approaching & Core Concepts

Questions and Answers

Restricting user login times to coincide with class start times is an example of which type of security control?

• Physical control
• Technical control (correct)
• Managerial control
• Operational control

Which of the following BEST describes the purpose of managerial controls?

• Setting policies and rules to govern security. (correct)
• Enforcing daily security tasks.
• Implementing technical security measures.
• Physically securing the premises.

Requiring employees to change their passwords every 90 days is primarily an example of what type of control?

• An operational control
• A physical control
• A managerial control (correct)
• A deterrent control

Which action exemplifies an operational security control in the context of password management?

A manager reminding employees to change their passwords before expiration. (D)

Which security control is exemplified by a fence, security guard, or CCTV system?

Physical control (B)

Why is it important to implement multiple layers of security controls, rather than relying on a single control?

To compensate for the inevitable failure of individual controls. (D)

An organization implements a firewall and intrusion prevention system (IPS). This is an example of what kind of control?

Preventative (B)

What is the primary purpose of a deterrent control?

To discourage potential attackers. (D)

In what situation would a compensating control be MOST appropriate?

When a primary security control cannot be implemented or has a weakness. (D)

An organization has a policy that all employees must complete security awareness training annually. This is an example of what type of control, and what is its primary aim?

Directive control; to provide guidance and patch the 'human brain'. (C)

What is the primary goal of the presenter's approach to Security+ training?

To help students pass the certification exam and understand the core principles of cybersecurity. (B)

According to the presenter, what makes Domain 1 ("General Security Concepts") particularly important for newcomers to cybersecurity?

It introduces the core foundation of cybersecurity knowledge and terminology. (A)

Instead of immediately implementing security tools, what does the presenter suggest doing first upon being hired by a company?

Identify and prioritize the company's most valuable data. (B)

According to the presenter, what is the role of security in relation to a business?

Security enables the business to operate without unnecessary interruptions. (D)

What key addition was introduced in the second version of the cybersecurity NIST framework?

The integration of governance principles. (C)

What is the foundational concept of cybersecurity?

Confidentiality, Integrity, and Availability (CIA) (D)

A company that is an online retailer would MOST likely focus on which aspect of the CIA triad?

Availability (A)

Which of the following BEST describes the relationship between threat, vulnerability, and risk?

Risk is the probability of a threat exploiting a vulnerability, leading to potential loss. (D)

What is the significance of 'non-repudiation' in cybersecurity?

Preventing someone from denying they took a certain action. (B)

Insanely Difficult: Which of the following scenarios BEST exemplifies the concept of prioritizing the CIA triad based on organizational needs?

A bank implements multi-factor authentication and strict access controls, focusing most resources on preventing unauthorized modifications to financial data. (A)

Implementing door locks, fences, and security personnel exemplifies which security strategy?

Applying the concept of defense in depth. (A)

Which of the following actions is the BEST example of an operational control related to password management?

A manager reminding employees to change their passwords before expiration. (C)

Which type of security control is best represented by security policies, standards, and procedures?

Managerial controls (C)

Which security control aims to discourage potential attackers, rather than physically stop them?

Deterrent (D)

In the event of a successful malware attack, which type of security control is used to restore systems to their normal operational state?

Recovery Control (B)

What kind of security control is implemented as an alternative when a primary control cannot be used?

Compensating control (A)

What is the purpose of 'directive' security controls?

To provide guidance, policies, and direction for security efforts. (C)

An IT technician runs a program to remove spyware from an infected computer. Which type of security control does this represent?

Corrective control (B)

Insanely Difficult: An organization's primary firewall fails unexpectedly. Lacking an immediate replacement, security personnel implement a series of host-based firewalls on critical servers and increase monitoring of network traffic. Which security control is being demonstrated?

Compensating Control (A)

Insanely Difficult: Following a breach, an organization discovers that attackers exploited a vulnerability that was previously identified in a penetration test but not addressed due to resource constraints. The organization's security team now mandates immediate patching of all critical vulnerabilities, implements stricter change management procedures, and conducts a comprehensive review of incident response plans. Which combination of controls is being emphasized?

Primarily preventative, with elements of response. (A)

According to the presenter, what is the MOST important focus for a security professional upon being hired by a company?

Identifying and securing the company's most valuable data. (B)

What is the primary shift in mindset introduced by the second version of the NIST cybersecurity framework?

Integrating governance and leadership involvement in security strategy. (B)

For an online retailer like Amazon, which aspect of the CIA triad should be given the HIGHEST priority?

Availability, to ensure uninterrupted access to the website. (A)

What is the MOST accurate description of a 'threat' in cybersecurity?

Someone or something with the potential to cause harm to a system. (C)

Which of the following BEST describes the relationship between vulnerability and risk?

Risk is the potential for loss resulting from a threat exploiting a vulnerability. (D)

What is the PRIMARY goal of 'non-repudiation' in cybersecurity?

Preventing a party from denying their actions or involvement in a transaction. (A)

Why is 'identification' considered a critical first step in securing an organization, according to the presenter?

Organizations cannot protect assets they are unaware of. (C)

What does the presenter suggest is the MOST effective approach to vulnerability management?

Prioritizing vulnerabilities based on their potential impact to the organization. (C)

Insanely Difficult: An organization is implementing a zero-trust architecture. Which of the following changes represents a fundamental shift in their approach to network security?

From implicitly trusting users and devices inside the network perimeter to requiring continuous verification for every access request, regardless of location. (B)

Insanely Difficult: A large financial institution identifies both a critical vulnerability in their core banking application and a high-risk vulnerability in their employee onboarding portal. Limited resources prevent immediate remediation of both. Which of the following factors should be the MOST decisive in determining which vulnerability to address first, according to the principles discussed?

The potential financial impact and reputational damage resulting from a successful exploit, considering the criticality of the affected systems. (D)

Flashcards are hidden until you start studying

Study Notes

• This training focuses on the CompTIA Security+ 701 exam, covering the latest cybersecurity technologies.
• The aim is to ensure a solid understanding of cybersecurity, not just rote memorization for the certification.
• The training is divided into five domains matching the exam.
• Domain one covers general security concepts and is foundational for newcomers to cybersecurity.

Approaching Security

• Focus on securing valuable data because the company hires security professionals to protect it
• Security enables the business to function without interruption.
• Protecting valuable data will be appreciated by the company.
• Security is an enabler, allowing the business to operate without interruption.

Cybersecurity Framework (NIST)

• The second version of the NIST framework includes governance, involving business leaders in security strategy and funding.
• The framework addresses security as a business problem, not just a technical one.
• The framework includes identifying assets, protecting them, and monitoring for threats.
• The NIST framework makes it easier to understand security by identifying, protecting, and monitoring assets.

Core Security Concepts

• The CIA triad, confidentiality, integrity, and availability makes up the cornerstone of cybersecurity.
• The importance and focus on each aspect of the CIA triad varies depending on the context and the organization.
• Important definitions include threat, vulnerability, risk, and non-repudiation.
• Authentication is an important concept for security.
• Gap analysis is a new concept to the 701 version of the exam.
• A deep dive into zero trust architecture is expected.
• Identification, Authentication, Authorization, and Accounting are important security concepts.

Key Questions for Cybersecurity

• What is your critical data? Understanding how the company makes money helps identify critical data and resources.
• Where is that data located? Knowing the physical or cloud location aids in securing it appropriately.
• Who has access to that data? Review access rights, especially after promotions or role changes.
• Who should have access to it? Ensure that data access aligns with current roles and responsibilities.

Cybersecurity Framework Phases

• Identification involves identifying critical hardware and software.
• Protection involves implementing security measures like firewalls and access control lists.
• Detection involves detecting attackers as soon as possible using intrusion prevention and detection systems.
• Response involves fixing the issue and stopping the bleed.
• Recovery involves restoring systems from backups to recover from damages.
• Governance involves organizational leadership providing strategic direction, funding, and policies for cybersecurity
• The cyber security framework version one came out in 2014.
• Version 1.1 came out in 2018.
• Version 2.0 introduced governance.

The CIA Triad

• The CIA Triad comprises confidentiality, integrity, and availability and is a cornerstone of information security.
• All three elements of the CIA triad must be present for something to be considered secure. The relative importance of each aspect of the CIA triad can vary depending on the specific context.
• Confidentiality aims to maintain secrecy, protecting data like PII, healthcare information, and trade secrets.
• Accomplishing confidentiality involves implementing encryption, access controls, and physical security measures.
• Integrity ensures that data remains unaltered by unauthorized personnel, preserving its originality.
• Hashing algorithms are used to verify data integrity by generating a unique checksum.
• Availability ensures that data and systems are accessible to authorized users when needed.
• Redundancy, fault tolerance, and backup power supplies help ensure availability.

Risk Terminology

• Risk is the probability for loss; security is about managing risk.
• A threat is something that can cause harm, such as a virus, human attacker, or natural disaster.
• A threat actor is someone or something with the intent and means to cause harm.
• A vulnerability is a weakness in a system that a threat can exploit.
• An exploit is a technique or code used to take advantage of a vulnerability.
• Risk is equal to threat times vulnerability. To be classified as a risk, the threat must be able to exploit a valid vulnerability.
• Focus should be put on mitigating the vulnerabilities that matter to your organization that have the highest impact.
• Security balances with functionality.

Non-Repudiation and Authenticity

• Authenticity ensures that data, messages, and identities are real and have not been tampered with.
• Authenticity can be verified through digital signatures
• Digital signatures help verify the authenticity of emails or software patches.
• Non-repudiation prevents someone from denying an action they performed.
• Digital signatures provide proof of identity, preventing denial of actions.

Defense in Depth

• There is no single product that can stop all threats, so defense in depth is needed.
• Defense in depth uses multiple security controls to protect an organization.
• A Unifi threat management system is a single box that comes with a bunch of security capabilities.
• A single point of failure is the enemy of security

Security Control Categories

• Security controls are different ways to secure an organization.
• Technical controls are implemented with technology, such as firewalls and encryption.
• Managerial controls are policies that set the direction and rules of security.
• Operational controls are daily habits that enforce security policies.
• Physical controls are tangible security measures like fences and guards.

Types of Security Controls

• Preventative controls are applied before an attack happens to prevent it.
• Deterrent controls try to discourage someone from attacking, such as warning signs.
• Deterrent controls psychologically discourage attackers through warnings and signs.
• Corrective controls react to an attack and try to restore things to normal operations.
• Recovery controls restore systems to a normal state after an attack or system failure.
• Compensating controls act as alternative controls when the primary one is not available.
• Directive controls provide guidance and instructions through policies and procedures
• A computer Intrusion can be considered a type of trespassing

Description

Training on CompTIA Security+ 701 exam, focusing on cybersecurity fundamentals and business integration. Highlights data security prioritization and the NIST framework's governance role. Covers core security concepts.