Security Fundamentals
This facility is where security professionals monitor an organization’s critical information assets.
What is a Security Operations Center (SOC)?
This term refers to an individual or group responsible for initiating a security incident.
What is a threat actor?
This process converts readable data into an unreadable format using a specific key and algorithm.
What is encryption?
Enhancing security by requiring two or more forms of verification is known by this term.
What is multi-factor authentication (MFA)?
This term describes the set of physical components—including routers, switches, and cables—that form the foundation of a computer network.
What is network infrastructure?
Integrating software development, IT operations, and security practices to build secure systems is known by this name.
What is DevSecOps?
This type of attack is designed to interrupt or degrade the availability of a service is known by this term.
What is a Denial-Of-Service (DOS) attack?
Data in its original, readable form before encryption is known as this.
What is plaintext?
In this model, the owner of a resource controls access through an access control list.
What is discretionary access control (DAC)?
A device that inspects and filters traffic based on predetermined rules is known by this name.
What is a firewall?
This type of control is implemented before an incident occurs to reduce the likelihood of a breach.
What is a preventive control?
The process by which an attacker secretly transfers data from a private network to an external one is called this.
What is data exfiltration?
In this type of encryption, the same key is used to both encrypt and decrypt data.
What is symmetric encryption?
This AAA framework ensures that users are properly authenticated, authorized, and their activities are logged.
What is Authentication, Authorization, and Accounting?
An encrypted tunnel that allows secure remote access over an untrusted network is provided by this technology.
What is a Virtual Private Network (VPN)?
This category of security control involves the policies, procedures, and planning that provide overall oversight of security.
What are managerial controls?
Supported by national military resources, this type of threat actor poses a significant risk to critical infrastructures.
What is a nation-state actor?
This encryption method uses a mathematically linked pair of keys—one public, one private—to secure communications.
What is asymmetric encryption?
This model grants access based on a user’s role or job function within an organization.
What is role-based access control (RBAC)?
This term describes the practice of restricting network access based on a device’s compliance with security policies.
What is network access control (NAC)?
After an incident, these controls are activated to restore systems and reduce further damage.
What are corrective controls?
This deceptive tactic involves registering domain names with common misspellings of legitimate sites to lure unsuspecting users.
What is typosquatting?
Known for its efficiency and smaller key sizes, this method relies on the mathematics of elliptic curves.
What is elliptic curve cryptography (ECC)?
This Microsoft directory service centralizes management of users, computers, and security policies in a domain environment.
What is Active Directory?
This network segment, often containing publicly accessible resources, serves as a buffer between a private network and the internet.
What is a screened subnet?