CompTIA Security+ (SY0-701) Fundamentals of Security E

Questions and Answers

What is the primary goal of information security?

Ensuring data accuracy

Verifying the identity of users

Preventing unauthorized access to data (correct)

Providing redundancy measures for data

Which security concept ensures that information is only accessible to authorized personnel?

Confidentiality (correct)

Non-Repudiation

Integrity

Availability

What does the concept of non-repudiation guarantee?

An action or event cannot be denied by the involved parties (correct)

The identity of users or systems is verified

Information and resources are accessible when needed

Data remains accurate and unaltered

Which security principle encompasses the concepts of non-repudiation and authentication?

CIANA Pentagon

What does the Zero Trust Model assume?

No one should be trusted by default

Which of the following is part of the Control Plane in the Zero Trust Model?

Policy-driven access control

What is the main purpose of Integrity in the context of information and data?

Maintaining data accuracy and trust

What does Availability ensure in a security context?

Operational accessibility when needed

What is the purpose of Redundancy in a security context?

To enhance reliability by duplicating critical components or functions

Which method is used to achieve Non-repudiation in digital transactions?

Digital signatures

What is the purpose of Technical Gap Analysis?

To identify areas where an organization falls short of the technical capabilities required for security solutions

What does Zero Trust demand verification for within the network?

For system access within an organization

What is the primary focus of Threat Scope Reduction?

To minimize the potential attack surface of a network

What is the function of Policy Engine in the Data Plane?

It cross-references the access request with predefined policies

What is the purpose of Secured Zones in a network?

To create an isolated environment for sensitive data

What is the primary focus of Adaptive Identity in the Control Plane?

To rely on real-time validation based on user behavior and device location

What does Policy-Driven Access Control entail?

Developing, managing, and enforcing user access policies based on their roles and responsibilities

What is the purpose of Plan of Action and Milestones (POA&M)?

Outlines specific measures to address each vulnerability

What is the purpose of non-repudiation in digital transactions?

To confirm the authenticity of digital transactions and ensure communication integrity

Which authentication method involves providing something you have?

Something you have

What is the purpose of multi-factor authentication (MFA)?

To enhance security by requiring multiple methods of identification

What is the primary purpose of accounting in a security context?

To ensure user activities are properly tracked and recorded

Which technology is typically used in accounting for security purposes?

Security Information and Event Management (SIEM) systems

How are security controls categorized?

Technical, Managerial, Operational, Physical

What type of analysis is used to evaluate the difference between an organization's current performance and its desired performance?

Gap analysis

What type of security measure verifies the identity of individuals or entities during a communication or transaction?

Authentication

What is the main purpose of multi-factor authentication (MFA)?

To enhance security by requiring multiple methods of identification

Which method of authentication involves providing something you have?

Something you have

What does gap analysis evaluate?

The difference between current performance and desired performance

Study Notes

• Non-repudiation is essential for confirming the authenticity of digital transactions, ensuring integrity of communications, and providing accountability in digital processes
• Authentication is a security measure that verifies the identity of individuals or entities during a communication or transaction
• Five commonly used authentication methods: something you know, have, are, do, or are at
• Multi-Factor Authentication System (MFA) requires users to provide multiple methods of identification for enhanced security
• Authentication is critical to prevent unauthorized access, protect user data and privacy, and ensure resources are accessed only by valid users
• Accounting is a security measure that ensures user activities are properly tracked and recorded to create an audit trail, maintain regulatory compliance, and provide user accountability
• Perform forensic analysis using detailed accounting and event logs to understand and prevent similar incidents from occurring
• Accounting typically uses technologies like syslog servers, network analysis tools, and Security Information and Event Management (SIEM) systems
• Security Controls are categorized into four broad categories: Technical, Managerial, Operational, and Physical
• Six basic types of security controls: Preventive, Deterrent, Detective, Corrective, Compensating, and Directive
• Gap analysis is a process used to evaluate the difference between an organization's current performance and its desired performance and develop a plan to bridge the gap.

Description

Enhance your understanding of CompTIA Security+ (SY0-701) concepts with these study notes covering non-repudiation and authentication. Learn about the significance of non-repudiation and the five commonly used authentication methods.