CIA Triad & Non-Repudiation
Threat, Risk & Vulnerability
Physical Security
Policy Types
Hash vs. Checksum
100

This principle ensures only authorized people can access data.

What is Confidentiality?

100

An unpatched piece of software on a server is an example of this.

What is a Vulnerability?

100

Fencing, guards, lighting, and CCTV protecting a facility perimeter fall under this category.

What is Site Security?

100

Security awareness training and background checks are examples of this control type.

What are Administrative Controls?

100

This simple, fast value (like CRC32) catches accidental data corruption during transfer.

What is a Checksum?

200

This principle ensures systems and data are accessible when needed.

What is Availability?

200

A hacker actively scanning your network for weaknesses is an example of this.

What is a Threat?

200

Cable locks and BIOS/UEFI passwords are examples of this device-level protection.

What is Computer Security?

200

Firewalls, encryption, and multi-factor authentication are examples of this control type.

What are Technical Controls?

200

This cryptographic value is designed to resist deliberate tampering, not just accidental errors.

What is a (Cryptographic) Hash?

300

This principle ensures data stays accurate and hasn't been altered without authorization.

What is Integrity?

300

This term describes the likelihood and impact of a threat actually exploiting a vulnerability.

What is Risk?

300

USB drives and external media are controlled with port blocking and DLP because they pose this kind of risk.

What are Removable Devices & Drives?

300

This is the third major control category, alongside administrative and technical, and includes badges and mantraps.

What are Physical Controls?

300

This hash property means a tiny change to the input drastically changes the output.

What is the Avalanche Effect?

400

This security concept means someone can't deny performing an action, often proven with digital signatures or audit logs.

What is Non-Repudiation?

400

This principle limits a user or system to only the access needed to do their job.

What is the Principle of Least Privilege?

400

This physical control uses two interlocking doors so only one person is admitted at a time.

What is a Mantrap?

400

This document defines how employees may use company systems and data, and is a classic administrative control.

What is an Acceptable Use Policy (AUP)?

400

This hash property makes it extremely difficult to find two different inputs that produce the same output.

Collision Resistance?

500

A published hash value that lets users confirm a downloaded file hasn't been tampered with primarily supports this CIA principle.

What is Integrity?

500

Smart cameras, sensors, and locks with weak default security expand this network-wide concept.

What is the Attack Surface (including IoT)?

500

This term describes an unauthorized person slipping through a secure door behind an authorized employee.

What is Tailgating (or Piggybacking)?

500

A firewall configured to 'deny by default' is an example of this control category enforcing a security policy.

What is a Technical Control?

500

On the Certiport exam, this term describes cryptographic integrity verification, while the other term mostly appears in networking/error-detection contexts.

What are Hashing and Checksums?