CompTIA Security+ (SY0-701) Fundamentals of Security M

Questions and Answers

What is the primary goal of Information Security?

Protecting data from unauthorized access, modification, and destruction (correct)

Verifying the identity of a user or system

Guaranteeing that an action or event cannot be denied by the involved parties

Ensuring the availability of information and resources

Which security concept ensures that information is accessible only to authorized personnel?

Availability

Non-Repudiation

Confidentiality (correct)

Integrity

What does the term 'Non-Repudiation' guarantee in the context of security?

The identity of a user or system is verified

An event cannot be denied by the involved parties (correct)

Information and resources are accessible when needed

Data remains accurate and unaltered

Which security control involves determining actions or resources an authenticated user can access?

Authorization

Which of the following is a common authentication method?

Something you possess

What is the purpose of a Multi-Factor Authentication System (MFA)?

To require multiple methods of identification for enhanced security

Which type of security control is used to deter security breaches?

Preventive

What is the purpose of accounting as a security measure?

To ensure user activities are properly tracked and recorded

What is the main purpose of performing forensic analysis using detailed accounting and event logs?

To prevent similar incidents from occurring

What is the primary purpose of gap analysis?

To evaluate the difference between an organization's current performance and its desired performance

What does Technical Gap Analysis involve?

Evaluating an organization's current technical infrastructure and identifying areas where it falls short of the technical capabilities required

What is the Control Plane responsible for in a zero trust architecture?

Defining, managing, and enforcing the policies related to user and system access within an organization

What is the purpose of Threat Scope Reduction in a network?

To limit users' access to only what they need for their work tasks and minimize the network’s potential attack surface

What is Secured Zones in the context of network security?

Isolated environments within a network designed to house sensitive data

What does Data Plane in network security consist of?

Subject/System, Policy Engine, Policy Administrator, Policy Enforcement Point

What is Policy-Driven Access Control focused on?

Developing, managing, and enforcing user access policies based on their roles and responsibilities

What does Zero Trust demand verification for within the network?

Every device, user, and transaction within the network, regardless of its origin

What is Adaptive Identity reliant on in real-time validation?

Real-time validation that takes into account the user's behavior, device, location, and more

Which security strategy assumes no one should be trusted by default?

Zero Trust Model

What does the Data Plane deal with?

Policy enforcement points

Where can threats and vulnerabilities come from?

Natural disasters

What does confidentiality refer to?

Protection of information from unauthorized access and disclosure

What does integrity ensure?

Information and data remain accurate and unchanged from their original state

What is redundancy in the context of security?

Duplication of critical components or functions to enhance reliability

What does non-repudiation provide in digital transactions?

Proof in digital transactions

What is the main focus of the Zero Trust Model?

Emphasizing the control plane and data plane for implementation

Which of the following is not a method used for ensuring integrity?

Redundancy in systems and network designs

What is the primary purpose of availability in a security context?

Maintaining customer trust

Study Notes

• Zero Trust Model: a security strategy that assumes no one should be trusted by default, emphasizing the control plane and data plane for implementation.
• Control Plane: includes adaptive identity, threat scope reduction, policy-driven access control, and secured zones.
• Data Plane: deals with subject/system, policy engine, policy administrator, and policy enforcement points.
• Threats and vulnerabilities: can come from natural disasters, cyber-attacks, and data integrity breaches. Vulnerabilities can stem from software bugs, misconfigurations, unprotected network devices, and missing security patches.
• Confidentiality: refers to the protection of information from unauthorized access and disclosure. Important for personal privacy, business advantage, and regulatory compliance. Ensured through encryption, access controls, data masking, and physical security.
• Integrity: ensures information and data remain accurate and unchanged from their original state. Essential for data accuracy, maintaining trust, and ensuring system operability. Five methods used: hashing, digital signatures, checksums, access controls, and regular audits.
• Availability: ensures information, systems, and resources are accessible and operational when needed. Important for business continuity, maintaining customer trust, and upholding an organization's reputation. Maintained through redundancy in systems and network designs.
• Redundancy: duplication of critical components or functions to enhance reliability. Various types, including server, data, network, and power redundancy.
• Non-repudiation: a security measure that provides undeniable proof in digital transactions. Provides individuals or entities involved in a communication or transaction cannot deny their participation or the authenticity of their actions. Digital signatures are a method for achieving non-repudiation.
• Digital Signatures: one method for achieving non-repudiation. Involves first hashing a message or communication, then encrypting the hash digest with the user's private key using asymmetric encryption.

Description

Test your knowledge of the authentication methods covered in CompTIA Security+ (SY0-701) study notes. Learn about non-repudiation, authentication, and the commonly used authentication methods.