Deck1_Domain1_General_Security_Concepts

Question 1

What are the three pillars of the CIA Triad?

Answer 1

Confidentiality, Integrity, and Availability.

Question 2

What does Confidentiality protect?

Answer 2

Ensures data is seen only by authorized parties. Controls: encryption, access controls, MFA, data classification.

Question 3

What does Integrity protect?

Answer 3

Ensures data has not been tampered with or altered. Controls: hashing, digital signatures, checksums, write-once logs.

Question 4

What does Availability protect?

Answer 4

Ensures systems and data are accessible when needed. Controls: redundancy, backups, load balancers, failover.

Question 5

Ransomware primarily threatens which CIA pillar?

Answer 5

Availability — it encrypts data and systems, making them inaccessible.

Question 6

A data breach primarily threatens which CIA pillar?

Answer 6

Confidentiality — unauthorized parties gain access to sensitive data.

Question 7

Tampered audit logs threaten which CIA pillar?

Answer 7

Integrity — the logs have been altered and can no longer be trusted.

Question 8

What does AAA stand for in security?

Answer 8

Authentication, Authorization, and Accounting.

Question 9

What is Authentication?

Answer 9

Verifying identity — answering ‘Who are you?’ Examples: passwords, fingerprints, smart cards, MFA.

Question 10

What is Authorization?

Answer 10

Granting or denying access — answering ‘What can you do?’ Examples: file permissions, RBAC policies, firewall rules.

Question 11

What is Accounting?

Answer 11

Logging and tracking activity — answering ‘What did you do?’ Examples: SIEM logs, audit trails, session recording.

Question 12

Which always comes first: authentication or authorization?

Answer 12

Authentication. You must verify WHO someone is before deciding WHAT they can access.

Question 13

What is IAM?

Answer 13

Identity and Access Management (eye-ay-em) — the umbrella discipline for managing identities, credentials, and permissions.

Question 14

What is RBAC?

Answer 14

Role-Based Access Control (ar-back) — permissions assigned based on job role within the organization.

Question 15

What is ABAC?

Answer 15

Attribute-Based Access Control (ay-back) — access decisions based on attributes like time, location, device, and user properties.

Question 16

How does RBAC differ from ABAC?

Answer 16

RBAC assigns permissions by job role (simple). ABAC uses multiple attributes for granular, context-aware decisions.

Question 17

What is the principle of least privilege?

Answer 17

Users get only the minimum permissions needed to perform their job — nothing more.

Question 18

What is separation of duties?

Answer 18

No single person should control an entire critical process. Requires multiple people to complete sensitive tasks.

Question 19

What is MFA?

Answer 19

Multi-Factor Authentication (em-eff-ay) — requiring two or more different authentication factors to verify identity.

Question 20

What are the three MFA factor categories?

Answer 20

Something you know (password/PIN), something you have (smart card/phone), something you are (fingerprint/face).

Question 21

What is TOTP?

Answer 21

Time-Based One-Time Password (tee-oh-tee-pee) — authentication code that changes every 30 seconds, synced to time.

Question 22

What is HOTP?

Answer 22

HMAC-Based One-Time Password (aitch-oh-tee-pee) — authentication code that changes with each use, based on a counter.

Question 23

How does TOTP differ from HOTP?

Answer 23

TOTP is time-based (code expires every 30 seconds). HOTP is counter-based (code changes on each use).

Question 24

A password + fingerprint = how many factors?

Answer 24

Two factors: something you know + something you are. This is valid MFA.

Question 25

A password + security question = how many factors?

Answer 25

Only one factor category: both are something you know. This is NOT MFA.

Question 26

What is SSO?

Answer 26

Single Sign-On — one login grants access to multiple systems or applications without re-authenticating.

Question 27

What is SAML?

Answer 27

Security Assertion Markup Language (sam-el) — protocol for exchanging authentication/authorization data for enterprise SSO.

Question 28

What is OAuth?

Answer 28

Open Authorization (oh-auth) — protocol for granting third-party access to resources without sharing credentials.

Question 29

What is OpenID Connect (OIDC)?

Answer 29

Authentication layer built on top of OAuth (oh-eye-dee-see) — verifies user identity.

Question 30

How does SAML differ from OAuth?

Answer 30

SAML handles authentication (enterprise SSO). OAuth handles authorization (granting app permissions to resources).

Question 31

How does OAuth differ from OIDC?

Answer 31

OAuth authorizes access to resources. OIDC adds an identity/authentication layer on top of OAuth.

Question 32

What is the Zero Trust model?

Answer 32

Never trust, always verify — regardless of network location. Every access request must be authenticated and authorized.

Question 33

What are the four building blocks of Zero Trust?

Answer 33

Strong identity verification, least privilege access, micro-segmentation, and continuous monitoring.

Question 34

What is micro-segmentation?

Answer 34

Dividing the network into small isolated zones so that compromise in one segment does not spread to others.

Question 35

Is Zero Trust a product or a philosophy?

Answer 35

A philosophy/design approach — not a single product. It crosses all five SY0-701 domains.

Question 36

What is a preventive control?

Answer 36

Stops incidents before they happen. Examples: firewalls, locked doors, encryption, access controls.

Question 37

What is a detective control?

Answer 37

Identifies incidents during or after they occur. Examples: IDS, security cameras, SIEM alerts, log monitoring.

Question 38

What is a corrective control?

Answer 38

Fixes issues after detection. Examples: restoring from backups, patching, antivirus quarantine.

Question 39

What is a compensating control?

Answer 39

An alternative control when the primary control isn't feasible. Provides equivalent protection through a different method.

Question 40

What is a deterrent control?

Answer 40

Discourages threat actors from attempting an attack. Examples: warning signs, visible cameras, security guards.

Question 41

What is symmetric encryption?

Answer 41

Uses one shared key for both encryption and decryption. Fast, used for bulk data. Example: AES.

Question 42

What is asymmetric encryption?

Answer 42

Uses a key pair: public key (encrypt/verify) and private key (decrypt/sign). Slower. Examples: RSA, ECC.

Question 43

What is AES?

Answer 43

Advanced Encryption Standard (ay-ee-ess) — symmetric encryption algorithm; the industry standard for bulk data encryption.

Question 44

What is RSA?

Answer 44

Rivest-Shamir-Adleman (ar-ess-ay) — asymmetric encryption algorithm used for key exchange and digital signatures.

Question 45

What is ECC?

Answer 45

Elliptic Curve Cryptography (ee-see-see) — asymmetric encryption offering strong security with shorter key lengths than RSA.

Question 46

When would you use symmetric vs asymmetric?

Answer 46

Symmetric (AES) for fast bulk data encryption. Asymmetric (RSA/ECC) for key exchange, digital signatures, and small payloads.

Question 47

What is hashing?

Answer 47

One-way function producing a fixed-length output (digest). Verifies integrity — cannot be reversed. Example: SHA-256.

Question 48

How does hashing differ from encryption?

Answer 48

Hashing is one-way (verifies integrity). Encryption is reversible with a key (protects confidentiality).

Question 49

What is a digital signature?

Answer 49

Created with the sender's private key. Proves integrity (not tampered) and non-repudiation (sender cannot deny sending).

Question 50

What is PKI?

Answer 50

Public Key Infrastructure (pee-kay-eye) — system of certificates, certificate authorities, and trust that supports asymmetric encryption.

Question 51

What does a digital certificate prove?

Answer 51

It proves who owns a public key. Issued by a Certificate Authority (CA). Contains the public key and owner identity.

Question 52

What is TLS?

Answer 52

Transport Layer Security (tee-el-ess) — protocol encrypting data in transit. Successor to SSL. Used in HTTPS.

Question 53

What does TLS protect?

Answer 53

Confidentiality and integrity of data in transit. Uses both symmetric (bulk data) and asymmetric (key exchange) encryption.

Question 54

Name four categories of threat actors.

Answer 54

Nation-states, organized crime, hacktivists, and insider threats.

Question 55

What motivates nation-state threat actors?

Answer 55

Espionage, political disruption, military intelligence. They are well-funded, persistent, and sophisticated.

Question 56

What is an insider threat?

Answer 56

A current or former employee, contractor, or partner who misuses authorized access to harm the organization.

Question 57

What is the difference between a vulnerability and a threat?

Answer 57

A vulnerability is a weakness. A threat is what could exploit it. Risk exists where they overlap.

Question 58

What is defense in depth?

Answer 58

Layering multiple security controls so that if one fails, others still protect the asset. No single point of failure.

Question 59

What is non-repudiation?

Answer 59

Ensuring a party cannot deny having performed an action. Achieved through digital signatures and audit logs.

Question 60

What is data classification?

Answer 60

Categorizing data by sensitivity level (e.g., public, internal, confidential, top secret) to determine protection requirements.