Security+ SY0-601 (Lessons 1-4) QUESTIONS WITH COMPLETE ANSWERS GRADED A+

What are the three properties of secure information? - CORRECT ANS Confidentiality, Integrity, and Availability What does confidentiality mean in the context of the CIA Triad? - CORRECT ANS means that certain information should only be known to certain people. What does integrity mean in the context of the CIA Triad? - CORRECT ANS means that the data is stored and transferred as intended and that any modification is authorized. What does availability mean in the context of the CIA Triad? - CORRECT ANS means that information is accessible to those authorized to view or modify it. What is a fourth property of secure information that could be added to the CIA Triad? - CORRECT ANS Nonrepudiation What is nonrepudiation? - CORRECT ANS means that a subject cannot deny doing something, such as creating, modifying, or sending a resource. What are the five functions of cybersecurity according to the National Institute of Standards and Technology (NIST)? - CORRECT ANS Identify, Protect, Detect, Respond, and Recover What does 'Identify' mean in the context of cybersecurity functions according to the NIST? - CORRECT ANS develop security policies and capabilities. Evaluate risks, threats, and vulnerabilities and recommend security controls to mitigate them. What does 'protect' mean in the context of cybersecurity functions according to the NIST? - CORRECT ANS procure/develop, install, operate, and decommission IT hardware and software assets with security as an embedded requirement of every stage of this operations life cycle. What does 'detect' mean in the context of cybersecurity functions according to the NIST? - CORRECT ANS perform ongoing, proactive monitoring to ensure that controls are effective and capable of protecting against new types of threats. What does 'respond' mean in the context of cybersecurity functions according to the NIST? - CORRECT ANS identify, analyze, contain, and eradicate threats to systems and data security. What does 'recover' mean in the context of cybersecurity functions according to the NIST? - CORRECT ANS implement cybersecurity resilience to restore systems and data if other controls are unable to prevent attacks. Information security professionals must be competent in the following areas - CORRECT ANS Participate in risk assessments and testing of security systems and make recommendations. Specify, source, install, and configure secure devices and software. Set up and maintain document access control and user privilege profiles. Monitor audit logs, review user privileges, and document access controls. Manage security-related incident response and reporting. Create and test business continuity and disaster recovery plans and procedures. Participate in security training and education programs. What is a security policy? - CORRECT ANS A formalized statement that defines how security will be implemented within an organization Overall internal responsibility for security might be allocated to a dedicated department such as a - CORRECT ANS Director of Security, Chief Security Officer (CSO), or Chief Information Security Officer (CISO). What is a Security Operations Center (SOC)? - CORRECT ANS a location where security professionals monitor and protect critical information assets across other business functions, such as finance, operations, sales/marketing, and so on. Because SOCs can be difficult to establish, maintain, and finance, they are usually employed by larger corporations, like a government agency or a healthcare company. What is Development and Operations (DevOps)? - CORRECT ANS a cultural shift within an organization to encourage much more collaboration between developers and system administrators