ISC2 Certified in Cybersecurity (CC) Exam Domain 1 -
Security Principles questions with correct answers
Information |Security
Security |that |focuses |on |all |of |our |information. |This |includes |paper |documents, |voice |
information, |data, |knowledge.
IT |security
Security |that |focuses |on |the |hardware |and |software. |THis |includes |Computers, |servers, |
networks, |hardware, |software, |and |data |being |communicated.
Cybersecurity
Everything |from |IT |security |that |is |accessible |on |the |web.
Confidentiality
the |act |of |holding |information |in |confidence, |not |to |be |released |to |unauthorized |individuals
Integrity
How |we |protect |modifications |of |the |data |and |the |systems |to |ensure |data |has |not |been |
altered.
Availability
Ensure |authorized |people |can |access |the |data |they |need |when |they |need |ti
Applications |for |Confidentiality
- |Encryption |for |Data |at |rest, |full |disk |encyption
- |Secure |transport |encryption |protocols |for |data-in-motion |(SSL, |TLS |or |IPSEC)
Best |practices |for |data-in-use
- |Clean |Desk
- |No |shoulder |surfin
- |Screen |view |angle |protector
- |PC |Locking
Other |factors |of |confidentiality
- |Strong |Passwords
- |MFA
,- |Masking
- |Access |Control
- |Need-to-know
- |Least |Privilege
Threats |to |Confidentiality
- |Attacks |on |encryption |(cryptoanalysis)
- |Social |Engineering
- |Key |Loggers
- |Cameras
- |Steganography
- |Internet |of |Things |(IOT) |devices
Applications |for |Integrity
- |Cryptography
- |Check |Sums
- |Message |Digests
- |Digital |Signatures
- |Non |Repudiation
- |Access |Control
Threats |to |Integrity
- |Alternations |of |data
- |Code |Injections
- |Cryptoanalysis
Applications |for |Availability
- |IPS |/ |IDS
- |Patch |Management
- |Redunancy |on |hardware |power
- |Disks |(RAID)
- |Traffic |Paths
- |Service |Level |Agreement |(SLA)
Threats |to |Availability
- |Malicious |attacks |(DDOS, |physical, |system, |compromise, |staff)
- |Application |failures
- |Component |failure
, The |DAD |Triad
Disclosure;
Alteration; |and,
Destruction.
Disclosure
Someone |not |authorized |to |access |certain |information
Alteration
Data |has |been |changed
Destruction
Data |or |systems |have |been |destroyed |or |have |become |inaccessible
IAAA
Identification, |authentication, |authorization, |accountability
Identification
Using |a |piece |of |information |to |identify |who |you |are
Examples |include |name, |username, |ID, |number, |employe |number, |SSN
Authentication
Proving |that |a |user |is |genuine, |and |not |an |imposter.
Type |1 |Authentication
A |type |of |authentication |that |requires |the |user |to |provide |something |that |they |know, |such |as |
a |password |or |PIN.
This |is |the |weakest |form |of |authentication.
key |stretching
A |technique |used |to |increase |the |strength |of |stored |passwords. |it |adds |additional |bits |(called |
salts) |and |can |help |thwart |brute |force |and |rainbow |table |attacks.
Brute |Force |Attack
the |password |cracker |tries |every |possible |combination |of |characters
Clipping |levels
Security Principles questions with correct answers
Information |Security
Security |that |focuses |on |all |of |our |information. |This |includes |paper |documents, |voice |
information, |data, |knowledge.
IT |security
Security |that |focuses |on |the |hardware |and |software. |THis |includes |Computers, |servers, |
networks, |hardware, |software, |and |data |being |communicated.
Cybersecurity
Everything |from |IT |security |that |is |accessible |on |the |web.
Confidentiality
the |act |of |holding |information |in |confidence, |not |to |be |released |to |unauthorized |individuals
Integrity
How |we |protect |modifications |of |the |data |and |the |systems |to |ensure |data |has |not |been |
altered.
Availability
Ensure |authorized |people |can |access |the |data |they |need |when |they |need |ti
Applications |for |Confidentiality
- |Encryption |for |Data |at |rest, |full |disk |encyption
- |Secure |transport |encryption |protocols |for |data-in-motion |(SSL, |TLS |or |IPSEC)
Best |practices |for |data-in-use
- |Clean |Desk
- |No |shoulder |surfin
- |Screen |view |angle |protector
- |PC |Locking
Other |factors |of |confidentiality
- |Strong |Passwords
- |MFA
,- |Masking
- |Access |Control
- |Need-to-know
- |Least |Privilege
Threats |to |Confidentiality
- |Attacks |on |encryption |(cryptoanalysis)
- |Social |Engineering
- |Key |Loggers
- |Cameras
- |Steganography
- |Internet |of |Things |(IOT) |devices
Applications |for |Integrity
- |Cryptography
- |Check |Sums
- |Message |Digests
- |Digital |Signatures
- |Non |Repudiation
- |Access |Control
Threats |to |Integrity
- |Alternations |of |data
- |Code |Injections
- |Cryptoanalysis
Applications |for |Availability
- |IPS |/ |IDS
- |Patch |Management
- |Redunancy |on |hardware |power
- |Disks |(RAID)
- |Traffic |Paths
- |Service |Level |Agreement |(SLA)
Threats |to |Availability
- |Malicious |attacks |(DDOS, |physical, |system, |compromise, |staff)
- |Application |failures
- |Component |failure
, The |DAD |Triad
Disclosure;
Alteration; |and,
Destruction.
Disclosure
Someone |not |authorized |to |access |certain |information
Alteration
Data |has |been |changed
Destruction
Data |or |systems |have |been |destroyed |or |have |become |inaccessible
IAAA
Identification, |authentication, |authorization, |accountability
Identification
Using |a |piece |of |information |to |identify |who |you |are
Examples |include |name, |username, |ID, |number, |employe |number, |SSN
Authentication
Proving |that |a |user |is |genuine, |and |not |an |imposter.
Type |1 |Authentication
A |type |of |authentication |that |requires |the |user |to |provide |something |that |they |know, |such |as |
a |password |or |PIN.
This |is |the |weakest |form |of |authentication.
key |stretching
A |technique |used |to |increase |the |strength |of |stored |passwords. |it |adds |additional |bits |(called |
salts) |and |can |help |thwart |brute |force |and |rainbow |table |attacks.
Brute |Force |Attack
the |password |cracker |tries |every |possible |combination |of |characters
Clipping |levels
