2
ISC2 Certified in Cybersecurity (CC) Exam Domain 1 -
|| || || || || || || || ||
Security Principles questions with answers || || || ||
Information Security ||
Security that focuses on all of our information. This includes paper documents, voice information,
|| || || || || || || || || || || || ||
data, knowledge.
|| ||
IT security
||
Security that focuses on the hardware and software. THis includes Computers, servers, networks,
|| || || || || || || || || || || || ||
hardware, software, and data being communicated.
|| || || || ||
Cybersecurity
Everything from IT security that is accessible on the web.
|| || || || || || || || ||
Confidentiality
the act of holding information in confidence, not to be released to unauthorized individuals
|| || || || || || || || || || || || ||
Integrity
How we protect modifications of the data and the systems to ensure data has not been altered.
|| || || || || || || || || || || || || || || ||
Availability
Ensure authorized people can access the data they need when they need ti
|| || || || || || || || || || || ||
,2
Applications for Confidentiality || ||
- Encryption for Data at rest, full disk encyption
|| || || || || || || ||
- Secure transport encryption protocols for data-in-motion (SSL, TLS or IPSEC)
|| || || || || || || || || ||
Best practices for data-in-use
|| || ||
- Clean Desk
|| ||
- No shoulder surfin
|| || ||
- Screen view angle protector
|| || || ||
- PC Locking
|| ||
Other factors of confidentiality
|| || ||
- Strong Passwords
|| ||
- MFA
||
- Masking
||
- Access Control
|| ||
- Need-to-know
||
- Least Privilege
|| ||
Threats to Confidentiality || ||
- Attacks on encryption (cryptoanalysis)
|| || || ||
- Social Engineering
|| ||
- Key Loggers
|| ||
- Cameras
||
- Steganography
||
,2
- Internet of Things (IOT) devices
|| || || || ||
Applications for Integrity || ||
- Cryptography
||
- Check Sums
|| ||
- Message Digests
|| ||
- Digital Signatures
|| ||
- Non Repudiation
|| ||
- Access Control
|| ||
Threats to Integrity || ||
- Alternations of data
|| || ||
- Code Injections
|| ||
- Cryptoanalysis
||
Applications for Availability || ||
- IPS / IDS
|| || ||
- Patch Management
|| ||
- Redunancy on hardware power
|| || || ||
- Disks (RAID)
|| ||
- Traffic Paths
|| ||
- Service Level Agreement (SLA)
|| || || ||
Threats to Availability || ||
, 2
- Malicious attacks (DDOS, physical, system, compromise, staff)
|| || || || || || ||
- Application failures
|| ||
- Component failure
|| ||
The DAD Triad
|| ||
Disclosure;
Alteration; and, ||
Destruction.
Disclosure
Someone not authorized to access certain information
|| || || || || ||
Alteration
Data has been changed
|| || ||
Destruction
Data or systems have been destroyed or have become inaccessible
|| || || || || || || || ||
IAAA
Identification, authentication, authorization, accountability
|| || ||
Identification
ISC2 Certified in Cybersecurity (CC) Exam Domain 1 -
|| || || || || || || || ||
Security Principles questions with answers || || || ||
Information Security ||
Security that focuses on all of our information. This includes paper documents, voice information,
|| || || || || || || || || || || || ||
data, knowledge.
|| ||
IT security
||
Security that focuses on the hardware and software. THis includes Computers, servers, networks,
|| || || || || || || || || || || || ||
hardware, software, and data being communicated.
|| || || || ||
Cybersecurity
Everything from IT security that is accessible on the web.
|| || || || || || || || ||
Confidentiality
the act of holding information in confidence, not to be released to unauthorized individuals
|| || || || || || || || || || || || ||
Integrity
How we protect modifications of the data and the systems to ensure data has not been altered.
|| || || || || || || || || || || || || || || ||
Availability
Ensure authorized people can access the data they need when they need ti
|| || || || || || || || || || || ||
,2
Applications for Confidentiality || ||
- Encryption for Data at rest, full disk encyption
|| || || || || || || ||
- Secure transport encryption protocols for data-in-motion (SSL, TLS or IPSEC)
|| || || || || || || || || ||
Best practices for data-in-use
|| || ||
- Clean Desk
|| ||
- No shoulder surfin
|| || ||
- Screen view angle protector
|| || || ||
- PC Locking
|| ||
Other factors of confidentiality
|| || ||
- Strong Passwords
|| ||
- MFA
||
- Masking
||
- Access Control
|| ||
- Need-to-know
||
- Least Privilege
|| ||
Threats to Confidentiality || ||
- Attacks on encryption (cryptoanalysis)
|| || || ||
- Social Engineering
|| ||
- Key Loggers
|| ||
- Cameras
||
- Steganography
||
,2
- Internet of Things (IOT) devices
|| || || || ||
Applications for Integrity || ||
- Cryptography
||
- Check Sums
|| ||
- Message Digests
|| ||
- Digital Signatures
|| ||
- Non Repudiation
|| ||
- Access Control
|| ||
Threats to Integrity || ||
- Alternations of data
|| || ||
- Code Injections
|| ||
- Cryptoanalysis
||
Applications for Availability || ||
- IPS / IDS
|| || ||
- Patch Management
|| ||
- Redunancy on hardware power
|| || || ||
- Disks (RAID)
|| ||
- Traffic Paths
|| ||
- Service Level Agreement (SLA)
|| || || ||
Threats to Availability || ||
, 2
- Malicious attacks (DDOS, physical, system, compromise, staff)
|| || || || || || ||
- Application failures
|| ||
- Component failure
|| ||
The DAD Triad
|| ||
Disclosure;
Alteration; and, ||
Destruction.
Disclosure
Someone not authorized to access certain information
|| || || || || ||
Alteration
Data has been changed
|| || ||
Destruction
Data or systems have been destroyed or have become inaccessible
|| || || || || || || || ||
IAAA
Identification, authentication, authorization, accountability
|| || ||
Identification
