General Security Concepts

Question 1

AAA

Answer 1

Authentication Authorization Accounting

who can access a system, what they can do, and what they did.

Authentication: Verified identity. Username + password, PIN, Smart card etc

Authorization: Once authenticated, the system decides your permissions.
Admin vs standard user. Access to certain folders, databases, or systems

Accounting: This is logging and auditing user activity.
Login/logout times. Files accessed

Question 2

CIA

Answer 2

Confidentiality Integrity Availability

Confidentiality: ensures information is not disclosed to unauthorized users.

Integrity: ensures data is accurate and unaltered.

Availability: ensures systems and data are accessible to authorized users.

Question 3

BIA
identifies what is critical to the business and what happens if it stops working.

Answer 3

Business Impact Analysis
identifies what is critical to the business and what happens if it stops working.

Question 4

DLP
set of tools and policies designed to prevent sensitive data from leaving the organization unintentionally or without authorization.

Answer 4

Data Loss Prevention

Question 5

IR
is the structured process an organization uses to detect, respond to, contain, and recover from security incidents such as malware infections, data breaches, or unauthorized access.
The goal of incident response is to minimize damage, reduce recovery time, and prevent future incidents.

Answer 5

Incident Response

Question 6

SIEM
is a centralized system that collects, correlates, analyzes, and alerts on security events from across an organization’s IT environment.

Answer 6

Security Information and Event Management

Question 7

SOC
is a centralized team and facility responsible for monitoring, detecting, analyzing, and responding to cybersecurity incidents 24/7.

Answer 7

Security Operations Center

Question 8

CSIRT
is a group of people responsible for responding to and managing security incidents once they are detected.
If the SOC detects, the CSIRT responds.

Answer 8

Computer Security Incident Response Team

Question 9

MTTR
is a metric that measures the average time it takes to resolve an incident or restore a system after a failure.

Answer 9

Mean Time To Recover
Mean Time to Repair – How long it takes to fix a system
Mean Time to Respond – How long it takes to begin responding to an incident
Mean Time to Recover – How long it takes to return to normal operations

Question 10

MTBF
is a reliability metric that measures the average amount of time a system operates normally before it fails.

Answer 10

Mean Time Between Failures