Security Principles
What are the three elements of the CIA triad?
Confidentiality, Integrity, Availability
What is the correct order of the Incident Response lifecycle?
Preparation → Identification → Containment → Eradication → Recovery → Lessons Learned
What does IAAA stand for?
Identification, Authentication, Authorization, Accountability
IDS vs IPS?
IDS = detects/alerts (passive). IPS = detects AND blocks (active, inline).
Three types of security controls by implementation?
Administrative (policies/training), Technical (firewalls/encryption), Physical (locks/cameras).
What is the difference between a vulnerability, a threat, and a risk?
Vulnerability = weakness. Threat = exploits weakness. Risk = likelihood × impact.
What is the difference between RTO and RPO?
RTO = max acceptable downtime. RPO = max acceptable data loss.
Three factors of authentication with examples?
Know (password), Have (smart card), Are (fingerprint).
Three cloud service models who manages the OS?
IaaS = customer manages OS. PaaS = provider manages OS. SaaS = provider manages all
Differential vs incremental backup?
Differential = since last FULL (grows). Incremental = since last ANY backup (stays small).
What is the formula for Single Loss Expectancy (SLE)?
SLE = Asset Value (AV) × Exposure Factor (EF)
Difference between hot site, warm site, and cold site?
Hot = minutes (real-time mirror). Warm = hours (hardware ready). Cold = days/weeks (empty space)
Difference between DAC, MAC, and RBAC?
DAC = owner decides. MAC = labels/clearances. RBAC = job role determines access.
VLAN vs VPN?
VLAN = segments INTERNAL network. VPN = secure tunnel OVER internet for remote access.
What does a File Integrity Monitor (FIM) do?
Compares files against known-good baseline using hash values to detect unauthorized changes.
Explain due diligence vs due care.
Due diligence = researching risks (homework). Due care = implementing measures (action).
BCP vs DRP what's the difference?
BCP = keeping ENTIRE BUSINESS running. DRP = restoring IT SYSTEMS after disaster.
Least privilege vs need-to-know?
Least privilege = minimum access rights for job. Need-to-know = limited to info for current task.
Hub, Switch, Router which OSI layer for each?
Hub = L1 (Physical). Switch = L2 (Data Link/MAC). Router = L3 (Network/IP).
What is a compensating control?
An alternative safeguard when the primary control isn't possible. E.g., WAF when no patch exists.
What is the difference between governance and management in security?
Governance = strategic direction by board (WHAT/WHY). Management = tactical execution (HOW).
Name the four DR test types from least to most disruptive.
Tabletop → Simulation → Parallel → Full Interruption
Ex-employee still has credentials. What failed?
Deprovisioning/offboarding. Account should be disabled immediately.
Shared responsibility: what is ALWAYS customer's and provider's?
Customer ALWAYS: data + access. Provider ALWAYS: physical security + hardware.
Preventive vs detective vs corrective controls with examples?
Preventive = stops (firewall, policy, fence). Detective = discovers (IDS, log, camera). Corrective = fixes (patch, termination, extinguisher).