CompTIA Security+ Chapter 2 Flashcards

Questions and Answers

What are the three primary security control types?

Technical (correct)

Physical

Operational (correct)

Management (correct)

What is a technical control?

A control that uses technology to reduce vulnerabilities.

What are management controls?

Administrative controls that include risk and vulnerability assessments.

What do operational controls ensure?

Compliance with the overall security plan during day-to-day operations.

What is the purpose of preventive controls?

To prevent security incidents

What are detective controls designed to do?

Detect when a vulnerability has been exploited.

What do corrective controls try to achieve?

Reverse the impact of an incident after it has occurred.

What are deterrent controls?

Controls that discourage threats and prevent incidents.

What are compensating controls?

Alternative controls used when primary control is not feasible.

What are door access control systems supposed to allow?

Personnel to exit without authentication.

What is the function of cipher locks?

Require users to enter a code to open doors.

What does a proximity card do?

Electronically unlocks a door.

What is tailgating?

When one user follows closely behind another user without using credentials.

What role do security guards play?

Prevent unauthorized personnel from entering a secure area.

What do closed-circuit television (CCTV) systems provide?

Video surveillance.

What is the purpose of barricades?

To provide stronger physical security than fences.

What does physical security include?

Basic locks and measures to secure physical assets.

What is the principle of least privilege?

Individuals are granted only the rights needed to perform tasks.

What does Group Policy manage?

Users and computers.

Study Notes

Security Control Types

• Three primary security control types: technical, management, and operational.
• Technical controls utilize technology to mitigate vulnerabilities (e.g., encryption, firewalls).
• Management controls emphasize administrative practices, including risk assessments.
• Operational controls ensure daily operations align with security plans, including security training.

Types of Controls

• Preventive controls aim to avert security incidents through methods like user training and system hardening.
• Detective controls identify when vulnerabilities have been exploited, using measures like log monitoring and security audits.
• Corrective controls focus on remedying incidents post-occurrence, utilizing systems like backups.
• Deterrent controls seek to discourage threats from occurring in the first place.
• Compensating controls serve as alternatives when primary controls cannot be executed.

Access Control Systems

• Door access control systems should allow easy exit without authentication during power loss for safety reasons.
• Cipher locks require a code for entry but can be vulnerable to shoulder surfers; training can mitigate this risk.
• Proximity cards enable electronic door unlocking but require additional measures (like PINs) for user authentication.

Security Challenges

• Tailgating occurs when unauthorized users follow legitimate users into secure areas, which can be prevented with mantraps.
• Security guards act as a physical preventive measure, identifying unauthorized individuals through ID checks.

Surveillance and Physical Security

• Closed-circuit television (CCTV) provides reliable video proof of identity and activity in secure areas.
• Barricades offer stronger security than fences and can effectively block vehicles while allowing pedestrian access.
• Physical security includes basic locks, cable locks for mobile devices, and secured cabinets for sensitive items.

Principles of Security

• The principle of least privilege mandates granting users only the permissions necessary for their tasks, minimizing potential security risks.
• Group Policy is utilized for the management of user and computer settings within an organization's network.

Description

Test your knowledge on the control types and methods discussed in CompTIA Security+ Chapter 2. This quiz covers the distinctions between technical, management, and operational controls, along with specific examples of each type. Perfect for reinforcement and review of key concepts in cybersecurity.