security +

1. What are technical security controls

Controls implemented through technology such as firewalls, encryption, IDS, and access controls.

2. What are managerial security controls

Strategic controls involving risk assessments, policies, training programs, and vendor management.

3. What are operational security controls

Day-to-day security procedures like backup processes, incident response, and change management.

4. What are physical security controls

Tangible measures like guards, fences, CCTV, biometric locks, and fire suppression.

5. What are preventive controls in security

Measures taken to stop security incidents before they occur (e.g., firewalls, encryption).

6. What are deterrent security controls

Measures to discourage attackers, such as warning banners or visible cameras.

7. What are detective security controls

Controls that identify and alert on security incidents, like IDS and SIEM systems.

8. What are corrective controls

Post-incident measures like antivirus tools, backup/restoration, and patching.

9. What are compensating controls

Alternative controls used when primary security methods are not feasible.

10. What are directive security controls

Policies and procedures that guide user actions to ensure secure behavior.

11. What is the CIA triad

Confidentiality, Integrity, Availability – the core goals of information security.

12. What is non-repudiation in security

Ensures that a sender cannot deny sending a message and the receiver cannot deny receiving it.

13. What is AAA in cybersecurity

Authentication, Authorization, Accounting – key components of identity management.

14. What is zero trust security

A model that assumes no implicit trust and continuously verifies identities and context.

15. What is a honeypot

A decoy system designed to attract and monitor attackers.

16. What is tokenization

Replacing sensitive data with non-sensitive equivalents to reduce risk.

17. What is key escrow

A trusted third party holds encryption keys for recovery or legal access.

18. What is hashing used for

Ensuring data integrity by generating a fixed-size value from input data.

19. What is a digital signature

A cryptographic method to verify the authenticity of digital messages or documents.

20. What is a certificate authority (CA)

An entity that issues digital certificates to verify identities online.

What is a nation-state actor

A government or affiliated group engaging in cyber operations, often for espionage or warfare.

Who are unskilled attackers (script kiddies)

Individuals with limited knowledge using pre-made tools to launch attacks.

What motivates hacktivists

Political, ethical, or social causes.

What defines an insider threat

An employee or contractor who misuses access to harm the organization.

What is shadow IT

Unauthorized technology used by employees without IT department approval.

What are typical motivations for cyber attacks

Financial gain, revenge, ideology, espionage, disruption, or ethical duty.

What are threat vectors

Pathways through which threats exploit vulnerabilities.

What are message-based threat vectors

Vectors using email, SMS, or messaging platforms to deliver attacks like phishing.

What is a watering hole attack

Compromising a website to infect visitors from a targeted group.

What is typosquatting

Using misspelled domain names to deceive users.

What are attack surfaces

Points in a system or network vulnerable to attack, including people, devices, and apps.

What are application vulnerabilities

Flaws in apps like buffer overflows, TOC/TOU issues, and malicious updates.

What are cloud-specific vulnerabilities

Issues like misconfigured storage, insecure APIs, and data exposure in cloud environments.

What is a zero-day vulnerability

An unknown and unpatched flaw actively exploited before vendor awareness.

What is a race condition

An issue where system behavior depends on event timing, leading to exploits.

What are virtualization vulnerabilities

Flaws like VM escape that allow interaction with host systems.

What indicates a malware attack

System slowdowns, unauthorized access, strange processes, or encryption notes (ransomware).

What are signs of a keylogger

Unexpected input logs, strange file behavior, or unauthorized data transmissions.

What are signs of a DDoS attack

Massive network traffic, slow service response, or complete outages.

What is privilege escalation

When a user gains access rights beyond their authorization level.

What is a logic bomb

Malware triggered by specific conditions or dates.

What is network segmentation

Dividing networks into zones to limit lateral movement during breaches.

What is an access control list (ACL)

A table specifying which users or systems can access resources and how.

What is application allowlisting

Permitting only approved apps to run on a system to reduce risk.

What is system isolation

Keeping systems or apps separate to contain breaches.

Why is encryption used

To ensure confidentiality by making intercepted data unreadable without the key.

What is patching in cybersecurity

Updating systems to fix vulnerabilities and prevent exploits.

What is the role of monitoring in security

Continuously observing systems to detect and respond to threats.

Perfect! Here's the next set of flashcards, continuing from #49

---

49. What is the shared responsibility model in cloud computing

Cloud providers manage the infrastructure, while the customer is responsible for securing data and applications.

50. What is the implication of Infrastructure as Code (IaC)

Automation boosts efficiency but can quickly propagate vulnerabilities if not properly managed.

51. What security concern is related to serverless architecture

Increased reliance on third-party services which may introduce new risks.

52. What does microservices architecture improve

Isolation, which helps limit breach scope.

53. What is physical isolation in network infrastructure

An air-gapped system not connected to external networks to reduce threats.

54. How does SDN (Software Defined Networking) impact security

Increases flexibility but requires careful configuration to avoid vulnerabilities.

55. What is a demilitarized zone (DMZ) in networking

A buffer zone for public-facing services separated from internal networks.

56. What is the purpose of minimizing an attack surface

To reduce potential points of entry for attackers.

57. What is a fail-open system

Defaults to allowing traffic when security systems fail—used when availability is critical.

58. What’s the difference between active and passive devices

Active devices interact with traffic (e.g., firewalls); passive devices monitor (e.g., IDS).

59. What is regulated data

Data governed by laws and regulations, such as HIPAA or GDPR.

60. What are the three states of data

Data at rest, data in transit, and data in use.

61. What is data masking

Replacing real data with fictional data to protect privacy during testing or analytics.

62. What is data tokenization

Replacing sensitive data with a non-sensitive equivalent token.

63. What is data sovereignty

The concept that data is subject to the laws of the country in which it is stored.

64. What is high availability in security architecture

Ensuring systems remain accessible with minimal downtime.

65. What is the difference between a hot and cold site

A hot site is fully equipped and operational, while a cold site has minimal setup.

66. What is geographic dispersion in disaster recovery

Placing backup sites in different regions to avoid single-point failure.

67. What is the purpose of failover testing

Ensures backup systems activate when the primary system fails.

68. What is snapshotting in data recovery

Capturing the system state at a specific time for restoration.

69. What is a secure baseline

A defined set of secure configurations applied to systems.

70. What is system hardening

Reducing vulnerabilities by removing unnecessary services and applying security controls.

71. What is MDM (Mobile Device Management)

Software used to monitor and secure employee mobile devices.

72. What is WPA3

A more secure wireless encryption standard for Wi-Fi networks.

73. What are site surveys and heat maps used for

Determining optimal wireless device placement and signal strength coverage.

74. What is asset classification

Categorizing assets based on sensitivity (e.g., public, confidential) to apply suitable security controls.

75. What is the purpose of asset inventory

Maintaining a current list of hardware/software to ensure visibility and control over the environment.

76. Why is asset disposal important

To ensure data is securely removed or destroyed to prevent leakage or unauthorized access.

77. What is asset enumeration

The process of scanning and listing all devices on a network for visibility and control.

78. What role does vendor trustworthiness play in procurement

Helps avoid counterfeit or vulnerable components.

79. What is a vulnerability scan

Automated tool that checks systems for known security flaws.

80. What is static application analysis

Examining code without running it to detect vulnerabilities.

You're on a roll! Here's the next batch, #81 to #120, fully formatted

---

81. What is dynamic application analysis

Running the application to observe behavior and identify runtime vulnerabilities.

82. What is a penetration test

Simulated attack to evaluate system defenses.

83. What is a bug bounty program

A program where researchers are rewarded for reporting security bugs.

84. What is a false positive in vulnerability analysis

A flagged issue that turns out to be non-threatening.

85. What is log aggregation

Collecting logs from different systems into one place for analysis.

86. What does alert tuning do

Adjusts alert settings to reduce false positives and improve accuracy.

87. What is file integrity monitoring

Detects unauthorized changes to critical files.

88. What is SIEM

Security Information and Event Management – real-time threat detection and analysis system.

89. What is SCAP

A protocol for standardizing vulnerability management and policy compliance.