Security Concepts and Principles

Questions and Answers

What are the primary goals and objectives of a security infrastructure?

Authentication, encryption, and authorization

Integrity, authorization, and disclosure

Secrecy, protection, and disclosure

Confidentiality, integrity, and availability (correct)

Which principle of the CIA Triad focuses on the protection of the secrecy of data?

Confidentiality (correct)

Authorization

Availability

Integrity

How are security controls typically evaluated?

Based on how well they address the CIA Triad principles (correct)

Based on the number of employees in an organization

Based on their physical size

Based on their cost-effectiveness

What is the main goal of confidentiality protection?

Prevent unauthorized access to data (D)

What are some common causes of unauthorized disclosure of sensitive information?

Human error, oversight, or ineptitude (D)

In the CIA Triad, which principle focuses on ensuring authorized access to data?

Availability (C)

What is one of the main aspects of availability mentioned in the text?

Ensuring authorized access and acceptable performance (A)

Which of the following is NOT listed as a threat to availability in the text?

Sophisticated hacking attacks (C)

What is a crucial control measure needed to maintain availability on a system?

Ensuring redundancy for critical systems (D)

What type of attacks focus on violating availability, as mentioned in the text?

Denial-of-Service (DoS) attacks (B)

Which of the following is NOT a recommended countermeasure to ensure availability according to the text?

Disabling access controls for easier user access (C)

What can cause many availability breaches according to the text?

Human error, oversight, or ineptitude (B)

What does nonrepudiation prevent a subject from claiming?

All of the above (D)

Which of the following is not one of the three As in AAA services?

Accountability (C)

What is a core security mechanism of all security environments?

Authentication (D)

What process involves proving that you are the claimed identity?

Authentication (D)

Which element of nonrepudiation is essential for holding a suspect accountable?

Auditing (A)

How many elements are actually represented by the three As in AAA services?

5 (C)

What is the most secure form of authentication?

Multifactor authentication (B)

Which concept involves using multiple security controls in a series?

Defense in depth (D)

What is the primary advantage of using defense in depth for security?

Protection against various threats (B)

Which mechanism involves performing security controls one after the other in a linear fashion?

Defense in depth (A)

What does the use of multifactor authentication aim to prevent?

Compromise of authentication process (A)

Which aspect ensures that a single failed control doesn't expose systems or data?

Defense in depth (C)

What are the key aspects of availability?

Usability, accessibility, and timeliness (D)

Which feature is essential for maintaining the availability of critical systems?

Fault tolerance (B)

What does the DAD Triad consist of?

Disclosure, alteration, and destruction (D)

What does the opposite of the CIA Triad represent?

DAD Triad (B)

Which factor is crucial in ensuring that the widest range of subjects can interact with a resource?

Accessibility (B)

Which concept is vital when designing a security policy alongside the CIA Triad?

DAD Triad (B)