Security+ SY0-601 Certification Exam with complete solution

What are the three properties of secure information? - Confidentiality, Integrity, and Availability What does confidentiality mean in the context of the CIA Triad? - means that certain information should only be known to certain people. What does integrity mean in the context of the CIA Triad? - means that the data is stored and transferred as intended and that any modification is authorized. What does availability mean in the context of the CIA Triad? - means that information is accessible to those authorized to view or modify it. What is a fourth property of secure information that could be added to the CIA Triad? - Nonrepudiation What is nonrepudiation? - means that a subject cannot deny doing something, such as creating, modifying, or sending a resource. What are the five functions of cybersecurity according to the National Institute of Standards and Technology (NIST)? - Identify, Protect, Detect, Respond, and Recover What does 'Identify' mean in the context of cybersecurity functions according to the NIST? - develop security policies and capabilities. Evaluate risks, threats, and vulnerabilities and recommend security controls to mitigate them. What does 'protect' mean in the context of cybersecurity functions according to the NIST? - procure/develop, install, operate, and decommission IT hardware and software assets with security as an embedded requirement of every stage of this operations life cycle.What does 'detect' mean in the context of cybersecurity functions according to the NIST? - perform ongoing, proactive monitoring to ensure that controls are effective and capable of protecting against new types of threats. What does 'respond' mean in the context of cybersecurity functions according to the NIST? - identify, analyze, contain, and eradicate threats to systems and data security. What does 'recover' mean in the context of cybersecurity functions according to the NIST? - implement cybersecurity resilience to restore systems and data if other controls are unable to prevent attacks. Information security professionals must be competent in the following areas - Participate in risk assessments and testing of security systems and make recommendations. Specify, source, install, and configure secure devices and software. Set up and maintain document access control and user privilege profiles. Monitor audit logs, review user privileges, and document access controls. Manage security-related incident response and reporting. Create and test business continuity and disaster recovery plans and procedures. Participate in security training and education programs. What is a security policy? -A formalized statement that defines how security will be implemented within an organization