General Security
The security principle that ensures sensitive information is accessible only to those authorized to see it
Confidentiality
Attackers motivated by political or social causes
hacktivists
Employees are accessing corporate resources remotely. The company wants to ensure encrypted communication over the internet. Which solution should they implement?
VPN
Identifying users through passwords, tokens, or biometrics
aunthentication
Assessing risks, determining tolerance, and planning mitigation strategies
risk management
A type of control designed to stop security incidents before they happen, such as firewalls or access restrictions
Preventative control
A type of malware that spreads by self-replication across systems
worm
Devices that enforce security policies at the network boundary
firewalls
Tools that monitor systems for malicious activity or suspicious behavio
intrusion detection/prevention systems (IDS/IPS)
Evaluating vendors’ security posture before doing business with them
third-party risk management
The principle of granting users only the access they need to perform their job
Least privilege
Dividing a network into smaller sections to limit attack impact
network segmentation
The IT team must ensure backups, recovery procedures, and system testing are in place to maintain business operations after an incident. Which discipline does this represent?
continuity of operations / disaster recovery planning
A continuous process of finding, assessing, and mitigating system weaknesses
vulnerability management
The IT department implements mandatory phishing simulations and trains employees to report suspicious emails. Which security program is being implemented?
security awareness training
A technique used to mislead attackers by deploying fake systems or data to detect and study attacks
honeypot
An employee receives an email asking for login credentials—what type of attack is this exploiting?
phishing attack or social engineering
An organization decides to purchase cyber insurance to transfer the financial risk associated with a potential data breach, what risk management strategy is being employed?
Risk transference
Investigating incidents using logs, memory images, and other sources
digital forensics / incident response
The organization establishes rules, policies, and procedures to guide security activities and ensure accountability across all departments. What is this overall structure called?
security governance
The security model assuming no device or user is trusted by default
zero trust
After discovering multiple systems with outdated software and insecure configurations, which strategy reduces vulnerabilities and enforces secure settings across the network?
hardening/patch management
In a government agency, there is a need to handle information related to national security. What data classification level would likely be assigned to this type of sensitive information?
Top secret
A company wants to ensure that only authorized users and devices can connect to its network, automatically checking devices for security compliance before granting access. Which solution should they implement?
Network Access Control (NAC)
An internal team performs a systematic review of systems and processes to verify compliance with policies, identify weaknesses, and recommend improvements. What type of activity is this?
security auditing