Lesson1: Summarize Fundamental Security Concepts
What component of modern access controls determines what rights a users should have on each resource?
Authorization
An information technology (IT) department is growing to a size where there is a need for a new group to manage security. The chief executive officer (CEO) wants to hire a new executive officer for the role and split it into its own department, separate from the IT department. The CEO should hire for which position?
CISO
An engineer for a small company is trying to explain the importance of security to the company's owner. The owner feels the company does not need permissions added to the shared drive containing highly sensitive information. What security concept means that information can only be read by people who have been explicitly authorized to access it?
Confidentiality
After a server outage due to a security breach, a company has taken several steps to recover from the incident. They have restored critical data from the latest backups and applied urgent security patches to address the exploited vulnerabilities. The security team has updated the incident response plan to incorporate lessons learned from the breach. What category of security control functional type BEST describes the function of these recent implementations?
Corrective
An information technology manager conducted an audit of the company's support tickets. The manager noticed a trend with the tickets, where the majority were for new computer setups. What security control function would the manager's implementation of a new standard operating procedure have?
Directive
After implementing the National Institute of Standards and Technology (NIST) Cybersecurity Framework, the chief information security officer (CISO) is assessing the company's security posture to identify deficiencies from the framework's recommendations. What process can the CISO run to get a better sense of what the company needs to improve upon?
Gap Analysis
A medium-sized mechanical engineering firm wants to better define the account creation process during the onboarding of new hires. It is looking to ensure that the new hires have the right programs, file permissions, and security controls completed ahead of time through automation. What modern access control implementation would aid the company's account creation process?
IAM
A newly hired chief information security officer (CISO) is implementing the National Institute of Standards and Technology (NIST) Cybersecurity Framework. What first function would help the CISO better develop the company's security policies, such as acceptable use policy (AUP), and build out recommendations for security controls?
Identify
After restoring a file from a backup, the owner of a small company wants to better understand the purpose of permissions. A particular situation occurred, and even though there are permissions on the shared drive, why does the company still not know who deleted the file? The engineer explained that enabling file auditing would help pinpoint all changes to the shared drive and who made them. How would this help prevent the lack of knowing who changed the files?
Non-repudiation
After a recent server outage, the company discovered that an employee accidentally unplugged the power cable from the server while grabbing some office supplies from the nearby shelf. What security control did the company lack that led to the server outage?
Physical
A newly hired chief information security officer (CISO) met with the human resources (HR) department to discuss how to better manage the company's access to sensitive information. In what way does this meeting fall under the responsibility of the new CISO?
Reviewing user permissions
After a company hires a new chief information security officer (CISO), the chief executive officer (CEO) requests the CISO to hire staff for the new team. The purview of the team will be for monitoring and protecting critical information assets throughout the company. What BEST describes the location of this new team within the structure of the company?
SOC
