General Security Concepts
Principle requiring users and services have only the minimum privileges necessary.
What is least privilege?
Malware that locks files or systems and demands payment for restoration.
What is ransomware?
Network segment that hosts public-facing services and separates them from the internal network.
What is a DMZ (demilitarized zone)?
Tool that aggregates logs and correlates events to detect and alert on security incidents.
What is a SIEM (Security Information and Event Management)?
Document that defines acceptable employee behavior and constraints for using organizational IT resources.
What is an acceptable use policy (AUP)?
Process of converting plaintext into ciphertext to protect confidentiality.
What is encryption?
Attack that sends deceptive emails to trick recipients into revealing credentials or clicking malicious links.
What is phishing?
Device that enforces access control policies at the network layer by permitting or blocking traffic based on IPs and ports.
What is a firewall?
Formal, documented steps taken when a security breach is suspected, starting with identification.
What is incident response?
Systematic process to identify, evaluate, and prioritize risks to the organizationSystematic process to identify, evaluate, and prioritize risks to the organization.
What is risk assessment?
Security goal focused on ensuring data is accurate and unaltered.
What is integrity?
Weakness in code where user input is not properly sanitized, enabling injection of malicious commands or queries.
What is an injection vulnerability (e.g., SQL injection)?
Technique that divides a network into logical or physical segments to limit broadcast domains and reduce attack surface.
What is network segmentation (VLANs/microsegmentation)?
Practice of capturing volatile system data and preserving evidence for analysis while maintaining chain of custody.
What is digital forensics?
Framework or standard that provides requirements for an information security management system (international standard).
What is ISO/IEC 27001?
Model that separates duties among multiple people to reduce fraud or error.
What is separation of duties (SoD)?
Attack type that overwhelms resources with traffic from many compromised devices.
What is a distributed denial-of-service (DDoS) attack?
Cryptographic approach using a public/private key pair for secure key exchange and digital signatures.
What is asymmetric cryptography (public key cryptography)?
Routine activity that tests backups by restoring data to verify recoverability.
What is a backup/restore test or disaster recovery drill?
Activity to evaluate and ensure third-party vendors meet security requirements, often including questionnaires and audits.
What is vendor or third-party risk management
Approach assuming no implicit trust for any user, device, or network—verify continuously.
What is zero trust?
Defensive measure that isolates running applications to limit impact if one is compromised.
What is sandboxing or containerization?
Design approach that replicates critical services across sites to ensure availability after failures.
What is redundancy or high availability (HA) / disaster recovery architecture?
Ongoing activity that proactively hunts for hidden adversaries in an environment using logs, endpoints, and threat intelligence.
What is threat hunting?
Continuous program-level activity that aligns security initiatives with business objectives, budgets, metrics, and executive reporting.
What is security governance or security program management