General security concepts
The trio of security goals: preventing unauthorized changes, ensuring data access, and protecting secrecy.
What is integrity, availability, and confidentiality (CIA)?
An attacker motivated by political or social causes rather than financial gain.
What are hacktivists?
Deployment model where resources are hosted and managed offsite by a third party.
What is cloud (or cloud computing)?
Method that an admin can implement to allow employees to use one set of domain credentials to access multiple SaaS applications.
What is Single Sign-On (SSO)?
Written rules that define acceptable technology and behavior in an organization.
What are policies?
A control designed to detect incidents after they occur, like IDS or SIEM.
What are detective controls?
Vulnerability class that arises from third-party libraries, build pipelines, or compromised suppliers.
What is supply chain vulnerability?
Planning and procedures designed to ensure that critical, mission-essential business functions continue during a disaster, cyberattack, or emergency.
What is continuity of operations?
Asset management phase where IT assets are obtained through approved channels, ensuring vendors meet security requirements, and configuring assets with proper security baselines before deployment.
What is acquisition (procurement)?
An authorized, simulated attack on IT systems to identify and exploit vulnerabilities before malicious actors do.
What is penetration testing?
Involves protecting source code repositories from unauthorized access, modification, and supply chain attacks. It ensures code integrity, tracks changes with timestamps and user identities, manages permissions, and allows reverting to secure versions.
What is version control?
Term for separating insecure or high-risk systems from the production network to prevent infection spread. Techniques include air-gapping, virtual machines, and sandboxing.
What is isolation?
Classification and protections applied to data based on sensitivity, such as public, internal, confidential, and restricted.
What is data classification and corresponding protection?
Tool category that records system events and centralizes logs for correlation and investigation.
What is SIEM (security information and event management)?
This identifies and evaluates the potential effects of disruptions—such as cyberattacks, disasters, or power outages—on critical business operations.
What is a BIA (business impact analysis)?
A set of technologies including certificates, keys, and trust hierarchies that enable secure public-key operations.
What is public key infrastructure (PKI)?
Flaws in software code, such as buffer overflows, memory injection, or unpatched third-party components, often exploited to execute malicious code.
What are application vulnerabilities?
Architecture for operational technology often used in manufacturing, requiring specialized protocols and considerations for safety and availability.
What are industrial control systems (ICS)?
Endpoint solution that detects, responds to, and can remediate threats across devices, often integrated with XDR.
What is EDR (endpoint detection and response)?
The formal, documented guidelines defining the scope, boundaries, methods, and timing of a penetration test or security assessment.
What are rules of engagement?
A cryptographic technique that adds a unique, random string of data to an input—typically a password—before it is processed by a one-way transformation algorithm.
What is salting?
Attack method that exploits math collisions or predictable outputs to defeat integrity checking or authentication.
What are cryptographic attacks?
The management and provisioning of infrastructure (networks, VMs, load balancers) through machine-readable definition files (code) rather than manual configuration.
What is infrastructure as code (IaC)?
The formalized process for identifying, containing, eradicating, and recovering from cybersecurity incidents.
What is incident response?
Formal evaluation performed by internal or external teams to confirm compliance with laws, standards, or internal policies.
What is an audit or compliance assessment?