Security Concepts and Principles

Questions and Answers

What are the primary goals and objectives of a security infrastructure?

Authentication, encryption, and authorization

Integrity, authorization, and disclosure

Secrecy, protection, and disclosure

Confidentiality, integrity, and availability (correct)

Which principle of the CIA Triad focuses on the protection of the secrecy of data?

Confidentiality (correct)

Authorization

Availability

Integrity

How are security controls typically evaluated?

Based on how well they address the CIA Triad principles (correct)

Based on the number of employees in an organization

Based on their physical size

Based on their cost-effectiveness

What is the main goal of confidentiality protection?

Prevent unauthorized access to data

What are some common causes of unauthorized disclosure of sensitive information?

Human error, oversight, or ineptitude

In the CIA Triad, which principle focuses on ensuring authorized access to data?

Availability

What is one of the main aspects of availability mentioned in the text?

Ensuring authorized access and acceptable performance

Which of the following is NOT listed as a threat to availability in the text?

Sophisticated hacking attacks

What is a crucial control measure needed to maintain availability on a system?

Ensuring redundancy for critical systems

What type of attacks focus on violating availability, as mentioned in the text?

Denial-of-Service (DoS) attacks

Which of the following is NOT a recommended countermeasure to ensure availability according to the text?

Disabling access controls for easier user access

What can cause many availability breaches according to the text?

Human error, oversight, or ineptitude

What does nonrepudiation prevent a subject from claiming?

All of the above

Which of the following is not one of the three As in AAA services?

Accountability

What is a core security mechanism of all security environments?

Authentication

What process involves proving that you are the claimed identity?

Authentication

Which element of nonrepudiation is essential for holding a suspect accountable?

Auditing

How many elements are actually represented by the three As in AAA services?

5

What is the most secure form of authentication?

Multifactor authentication

Which concept involves using multiple security controls in a series?

Defense in depth

What is the primary advantage of using defense in depth for security?

Protection against various threats

Which mechanism involves performing security controls one after the other in a linear fashion?

Defense in depth

What does the use of multifactor authentication aim to prevent?

Compromise of authentication process

Which aspect ensures that a single failed control doesn't expose systems or data?

Defense in depth

What are the key aspects of availability?

Usability, accessibility, and timeliness

Which feature is essential for maintaining the availability of critical systems?

Fault tolerance

What does the DAD Triad consist of?

Disclosure, alteration, and destruction

What does the opposite of the CIA Triad represent?

DAD Triad

Which factor is crucial in ensuring that the widest range of subjects can interact with a resource?

Accessibility

Which concept is vital when designing a security policy alongside the CIA Triad?

DAD Triad