CIA & Controls
Q: What are the three components of the CIA Triad?
A: Confidentiality, Integrity, Availability. These are the three pillars of all security decisions.
Keywords: CIA Triad, three pillars, data protection goals.
Q: What is phishing?
A: A social engineering attack using fake emails or messages to trick people into clicking malicious links or revealing credentials. Keywords: phishing, social engineering, fake email, credential harvesting.
Q: What is encryption?
A: Converting readable data (plaintext) into unreadable data (ciphertext) using a key. Protects data in transit and at rest. Keywords: encryption, plaintext, ciphertext, data at rest, data in transit.
Q: What does a firewall do?
A: Filters network traffic based on rules — decides what is allowed in and out. Acts as a gatekeeper at the network boundary. Keywords: firewall, traffic filtering, ACL, allow/deny, network boundary.
Q: What is the difference between a vulnerability and a threat?
A: Vulnerability = a weakness (unlocked window). Threat = someone who could exploit it (burglar). Risk exists when both are present. Keywords: vulnerability, threat, risk, exploit, weakness.
Q: What is the difference between authentication and authorization?
A: Authentication proves who you are (password, fingerprint). Authorization decides what you can access (permissions). Authentication always comes first. Keywords: authentication, authorization, IAAA, access control.
Q: What is an insider threat?
A: A risk from someone inside the organization with legitimate access can be malicious (intentional), negligent (accidental), or compromised (hacked account). Keywords: insider threat, malicious, negligent, compromised, legitimate access.
Q: What is the difference between symmetric and asymmetric encryption?
A: Symmetric = one shared key for both sides (fast, e.g. AES). Asymmetric = public key + private key pair (slower, e.g. RSA). Keywords: symmetric, asymmetric, public key, private key, AES, RSA.
Q: What is a VPN and why is it used?
A: Virtual Private Network — creates an encrypted tunnel over a public network so data in transit is protected. Like sending mail in a locked box. Keywords: VPN, encrypted tunnel, remote access, IPSec, SSL VPN.
Q: What are the four ways to handle risk?
A: Accept (live with it), Avoid (stop the activity), Transfer (buy insurance), Mitigate (reduce with controls). Keywords: risk acceptance, avoidance, transfer, mitigation, risk response.
Q: A company uses network segmentation because they can't afford a next-gen firewall. What type of control is this?
A: Compensating control an alternative used when the preferred control isn't feasible. Keywords: compensating control, alternative, not feasible, substitute.
Q: An attacker compromised a software vendor's update server and pushed malicious code to thousands of customers. What type of attack is this?
A: Supply chain attack poisoning a trusted vendor to reach many targets at once. Example: SolarWinds. Keywords: supply chain, vendor compromise, third-party risk, trusted update.
Q: You download a file and want to verify it wasn't modified. What should you use?
A: A hash (like SHA-256). It creates a unique fingerprint if one bit changes, the entire hash changes. Hashing is one-way. Keywords: hash, SHA-256, integrity, checksum, one-way function.
Q: What is the difference between an IDS and an IPS?
A: IDS = detects and alerts (like a security camera). IPS = detects and blocks (like a security guard). IPS sits inline; IDS is passive. Keywords: IDS, IPS, intrusion detection, intrusion prevention, alert vs block, inline.
Q: Under GDPR, what is a Data Controller vs. a Data Processor?
A: Controller decides why and how data is used (the hospital). Processor handles data on their behalf (the cloud company). Both have legal obligations. Keywords: GDPR, data controller, data processor, PII, privacy.
Q: An employee digitally signs a document and later claims they never signed it. The company proves they did. What security concept is this?
A: Non-repudiation you can't deny an action when your private key created the digital signature. Keywords: non-repudiation, digital signature, cannot deny, proof of origin.
Q: A hacker sets up a fake Wi-Fi network called "Airport_Free_WiFi" to intercept travelers' traffic. What type of attack is this?
A: Evil twin attack (a type of man-in-the-middle). A rogue access point mimics a legitimate network to intercept data. Keywords: evil twin, rogue AP, on-path attack, MITM, wireless attack.
Q: A website shows a padlock and uses HTTPS. What technology makes this possible?
A: A digital certificate from a Certificate Authority (CA) using TLS encryption. Browser and server do a TLS handshake to establish a secure session. Keywords: TLS, HTTPS, certificate authority, digital certificate, PKI, handshake.
Q: An admin configures the network so HR, Finance, and Guest Wi-Fi cannot communicate with each other. What technique is this?
A: Network segmentation using VLANs. Isolates departments so a breach in one area can't spread. Keywords: segmentation, VLAN, isolation, lateral movement, least privilege.
Q: A server outage costs $10,000 per incident and happens 3 times per year. What is the ALE?
A: $30,000. ALE = SLE × ARO ($10,000 × 3). This helps justify security spending by showing expected yearly losses. Keywords: ALE, SLE, ARO, quantitative risk, cost-benefit analysis.
Q: A company requires two people to complete a financial transaction one initiates, one approves. What TWO principles does this enforce?
A: Separation of Duties (divides responsibilities across roles) and Dual Control (requires two people for one task). Keywords: separation of duties, dual control, two-person integrity, collusion prevention.
Q: An attacker emails the CEO pretending to be the CFO, requesting an urgent $500,000 wire transfer. What attack is this and name TWO defenses.
A: Business Email Compromise (BEC) / Whaling. Defenses: MFA on email accounts and out-of-band verification (call to confirm). Keywords: BEC, whaling, CEO fraud, out-of-band verification, SPF, DKIM, DMARC.
Q: What is the difference between a digital signature and encryption? Can you have one without the other?
A: Yes. Signature = sender's private key signs for proof of identity + integrity. Encryption = recipient's public key encrypts for confidentiality. Different keys, different purposes. Keywords: digital signature, private key signs, public key verifies, confidentiality vs integrity.
Q: What is Zero Trust architecture and how does it differ from traditional perimeter security?
A: Zero Trust = never trust, always verify. Every user/device must prove authorization regardless of location. Traditional = trusts everything inside the network. Keywords: Zero Trust, never trust always verify, assume breach, least privilege, no implicit trust.
Q: Name the SIX steps of incident response in order.
A: Preparation, Identification, Containment, Eradication, Recovery, Lessons Learned. Keywords: incident response, PICERL, preparation, containment, eradication, lessons learned.