CompTIA security + (SY0-701) chapter 1

"Describe the categories of security controls."

"The categories of security controls include Technical (hardware/software mechanisms), Physical (real-world protective measures), Managerial (policies and procedures), and Operational (actions by people to enforce security)."

"How does key escrow function in cryptographic solutions?"

"Key escrow serves as a backup mechanism for cryptographic key recovery, ensuring that keys can be retrieved if lost."

"What is the role of a Certificate Authority (CA)?"

"A Certificate Authority issues and manages digital certificates, establishing trust in the digital environment."

"Explain the purpose of a Certificate Revocation List (CRL)."

"A CRL is a list of revoked certificates that can be downloaded to check the status of certificates."

"Describe the difference between PEM and DER certificate formats."

"PEM is a base64 encoded format that includes a private key and is widely used for web servers, while DER is a binary format that does not include a private key and is used in systems like Linux."

"What is the function of Online Certificate Status Protocol (OCSP)?"

"OCSP provides real-time certificate validation, offering a faster alternative to checking the status of certificates compared to CRLs."

"Define the term 'pinning' in the context of certificate management."

"Pinning binds a certificate or public key to a domain to prevent impersonation, enhancing security."

"Explain the purpose of Wildcard certificates."

"Wildcard certificates allow a single certificate to secure multiple subdomains, such as '*.example.com'."

"Describe the significance of mapping dependencies in system changes."

"Mapping dependencies is crucial as changes can affect interconnected systems, requiring assessment to avoid disruptions."

"What are the best practices for version control in organizations?"

"Most organizations utilize Git or Git-based platforms like GitHub or GitLab for source control to manage changes effectively."

"How does certificate stapling improve validation speed?"

"Certificate stapling allows a server to provide a pre-fetched OCSP response to a client, speeding up the validation process."

"Define the purpose of Subject Alternative Name (SAN) certificates."

"SAN certificates support multiple Fully Qualified Domain Names (FQDNs) across different domains, enhancing flexibility in certificate management."

"Explain the risks associated with legacy applications during system updates."

"Legacy applications may not be compatible with new features, necessitating thorough testing to ensure functionality after updates."

"What is the purpose of a Certificate Signing Request (CSR)?"

"A CSR is a request sent to a Certificate Authority to issue a certificate, containing the public key and identity information."

"Describe the role of Root CA in certificate management."

"The Root CA acts as the top-level trust anchor in a certificate chain, establishing the foundation of trust for all subordinate certificates."

"How do service/application restarts pose risks during updates?"

"Service/application restarts are risky actions that require controlled environments and thorough testing to prevent disruptions."

"Describe a self-signed certificate."

"A self-signed certificate is issued by the entity using it and is not trusted externally."

"Explain the role of a third-party certificate authority (CA)."

"A third-party CA, like Digicert or GoDaddy, is trusted to issue certificates that validate the identity of entities."

"Do email encryption and digital signatures serve the same purpose?"

"No, email encryption is used to encrypt messages, while digital signatures ensure authenticity and non-repudiation."

"Define full-disk encryption (FDE)."

"Full-disk encryption (FDE) encrypts the entire drive, providing high security for all data stored on it."

"How does partition encryption differ from volume encryption?"

"Partition encryption secures individual sections of a disk, while volume encryption spans multiple drives or partitions."

"Explain the purpose of a Trusted Platform Module (TPM)."

"A TPM is a hardware-based module used for secure storage of encryption keys."

"Describe the function of a Hardware Security Module (HSM)."

"An HSM protects cryptographic keys in high-security environments."

"What is the role of a Key Management System (KMS)?"

"A KMS manages the lifecycle of encryption keys, including their creation, storage, and destruction."

"Define tokenization in the context of data security."

"Tokenization replaces sensitive data with non-sensitive tokens to protect the original data."

"Explain the concept of data masking."

"Data masking obscures data to protect sensitive information, especially for non-production use."

"Describe the process of salting in password security."

"Salting adds randomness to password hashes to defend against attacks like rainbow tables."

"What is the difference between symmetric and asymmetric encryption?"

"Symmetric encryption uses the same key for both encryption and decryption, while asymmetric encryption uses a public/private key pair."

"Define the AES encryption algorithm."

"AES is a symmetric encryption standard with key sizes of 128, 192, or 256 bits."

"Explain the significance of RSA in encryption."

"RSA is an asymmetric algorithm used for digital signatures and secure key exchange."

"Describe the function of a block cipher."

"A block cipher encrypts data in fixed-size blocks, such as 64 or 128 bits."

"What is key stretching and why is it used?"

"Key stretching strengthens weak keys through additional processing, making them more secure."

"Define the term 'digital signature'."

"A digital signature ensures the authenticity of a message and provides non-repudiation."

"Explain the concept of steganography."

"Steganography is the practice of hiding data within other data, such as embedding information in images."

"Describe the purpose of full disk encryption (FDE) in data security."

"FDE encrypts the entire disk to protect all data stored on it, ensuring high security."

"What is the function of a secure enclave?"

"A secure enclave is an isolated processor designed for performing sensitive operations securely."

"Define the term 'data at rest' in the context of encryption levels."

"Data at rest refers to inactive data stored physically in any digital form (e.g., databases, data warehouses) that can be encrypted."

"Explain the difference between file-level and volume-level encryption."

"File-level encryption secures individual files, while volume-level encryption secures entire logical volumes."

"What is the purpose of using a digital signature in communications?"

"A digital signature ensures that the message is authentic and has not been altered, providing non-repudiation."

"Describe the function of the Diffie-Hellman algorithm."

"Diffie-Hellman is an asymmetric algorithm used for secure key exchange between parties."

"Explain the concept of cryptographic key management."

"Cryptographic key management involves the generation, storage, distribution, and destruction of encryption keys."

"What is the role of blockchain in data security?"

"Blockchain serves as a tamper-evident distributed ledger for secure recordkeeping."

"Define the term 'encryption algorithm'."

"An encryption algorithm is a mathematical procedure for performing encryption on data."

"Describe the purpose of salting in password hashing."

"Salting adds unique random data to passwords before hashing to enhance security against attacks."

"Explain the difference between substitution and transposition ciphers."

"Substitution ciphers replace letters with other letters, while transposition ciphers rearrange the order of letters."

"Describe ephemeral keys in cryptography."

"Ephemeral keys are temporary session keys used for secure communication, such as those generated by the Diffie-Hellman (DH) key exchange."

"Define static keys and provide an example."

"Static keys are long-lived cryptographic keys, such as RSA keys, that remain unchanged over time."

"Explain row-level encryption and its purpose."

"Row-level encryption encrypts entire records in a database to protect sensitive information."

"How does column-level encryption differ from row-level encryption?"

"Column-level encryption encrypts specific fields within a record, such as Social Security Numbers or credit card numbers, rather than the entire record."

"What is Transparent Data Encryption (TDE)?"

"TDE is a method that encrypts the entire database, including logs and backups, to protect data at rest."

"Describe the function of a Trusted Platform Module (TPM)."

"A TPM is a hardware component that provides secure key storage and supports features like full disk encryption (FDE) and secure boot."

"What role does a Hardware Security Module (HSM) play in cryptography?"

"An HSM manages cryptographic keys and performs secure cryptographic operations."

"Explain the purpose of a Key Management System (KMS)."

"A KMS is a centralized system for managing cryptographic keys and secrets, such as Azure Key Vault or AWS KMS."

"Define steganography and provide an example of its use."

"Steganography is a technique that hides data within other files, such as embedding text within an image."

"What is tokenization in data protection?"

"Tokenization replaces sensitive data with a random token to protect the original data."

"Describe data masking and its application."

"Data masking hides parts of sensitive data, such as displaying a credit card number as ****1234."

"Explain pseudonymization and its benefits."

"Pseudonymization substitutes personally identifiable information (PII) with pseudonyms to enhance privacy."

"What is data minimization in the context of data collection?"

"Data minimization is the practice of only collecting the data that is necessary for a specific purpose."

"List the requirements for a hash function."

"A hash function must produce a fixed-length output, be one-way, and be collision-resistant."

"What are some common uses of hashing?"

"Hashing is commonly used for file integrity verification, password storage, and creating digital signatures."

"Describe the benefits of digital signatures."

"Digital signatures provide authentication, ensure data integrity, and offer non-repudiation for actions taken by the signer."

"What standards are associated with digital signatures?"

"Common standards for digital signatures include DSS (Digital Signature Standard), RSA, DSA, and ECDSA."

"Explain the characteristics of blockchain technology."

"Blockchain is a decentralized, immutable ledger that uses consensus mechanisms like Proof of Work (PoW) or Proof of Stake (PoS) and is cryptographically secured."

"How does a public blockchain differ from a centralized ledger?"

"A public blockchain is decentralized and relies on consensus, while a centralized ledger trusts a central authority."

"What are some cryptographic solutions for data at rest?"

"Cryptographic solutions for data at rest include Full Disk Encryption (FDE), Self-Encrypting Drives (SED), and Transparent Data Encryption (TDE)."

"Describe the cryptographic solutions for data in transit."

"Cryptographic solutions for data in transit include TLS (Transport Layer Security), VPN (Virtual Private Network), and HTTPS (Hypertext Transfer Protocol Secure)."

"What is the recommended solution for data in use?"

"The recommended solution for data in use is a Secure Enclave, which provides a trusted execution environment."

"Explain the use of Elliptic Curve Cryptography (ECC) in low power devices."

"ECC is used in low power devices due to its efficiency and lower resource requirements compared to other cryptographic methods."

"What obfuscation techniques are commonly used in data protection?"

"Common obfuscation techniques include steganography and data masking."

"Describe the authentication methods in cryptography."

"Authentication methods in cryptography include Multi-Factor Authentication (MFA) and the use of digital certificates."

"What is the role of hashing in ensuring file integrity?"

"Hashing is used to verify the integrity of files by generating a unique hash value that can be checked against the original."

"List some cryptographic algorithms used for digital signatures."

"Common cryptographic algorithms for digital signatures include RSA, ECC (Elliptic Curve Cryptography), and DSA (Digital Signature Algorithm)."

"Explain the purpose of preventive controls."

"Preventive controls are deployed to stop unwanted or unauthorized activity from occurring, preventing incidents before they happen."

"Define the term 'deterrent control'."

"Deterrent controls are designed to discourage violations of security policies and act as a psychological barrier."

"How do detective controls function in security management?"

"Detective controls are deployed to discover unwanted or unauthorized activity, usually identifying issues after they have occurred."

"Summarize the role of corrective controls."

"Corrective controls are deployed to restore systems after an incident, aiming to return to normal operations."

"What is the function of compensating controls?"

"Compensating controls provide alternatives or backups when primary controls cannot be used, supporting existing controls."

"Explain the concept of control overlap in security."

"Control overlap refers to the idea that a single control can function in multiple roles depending on the situation."

"Provide examples of overlapping controls in security."

"Examples include a security camera, which serves as both a deterrent and a detective control, and an Access Control List (ACL), which can be preventive and detective."

"Identify keywords associated with deterrent controls."

"Keywords for deterrent controls include 'Warning', 'Visible', and 'Sign'."

"What does the CIA Triad represent in security?"

"The CIA Triad represents Confidentiality (keeping data private), Integrity (ensuring data is unaltered), and Availability (ensuring data is accessible)."

"Describe the AAA framework in security."

"The AAA framework consists of Authentication (verifying identity), Authorization (determining access rights), and Accounting (tracking user actions)."

"What is non-repudiation in the context of security?"

"Non-repudiation ensures that a sender cannot deny having sent a message, providing proof of the origin of the message."

"List examples of technical security controls."

"Examples of technical security controls include encryption, firewalls, intrusion detection/prevention systems (IDS/IPS), biometrics, and passwords."

"What are some examples of physical security controls?"

"Examples of physical security controls include guards, fences, cameras, locks, and motion detectors."

"Define managerial security controls."

"Managerial security controls involve policies, procedures, and risk management practices to ensure security."

"Explain the importance of operational security controls."

"Operational security controls involve actions by people to enforce security, such as awareness training and configuration management."

"What are the key components of the AAA framework?"

"The key components of the AAA framework are Authentication, Authorization, and Accounting."

"Describe the concept of integrity in the CIA Triad."

"Integrity in the CIA Triad refers to ensuring that data is unaltered and remains accurate and trustworthy."

"How does availability relate to the CIA Triad?"

"Availability in the CIA Triad ensures that data is accessible to authorized users when needed."

"What is the significance of security policies in managerial controls?"

"Security policies are significant in managerial controls as they guide the implementation of security measures and risk management."

"Identify examples of corrective controls."

"Examples of corrective controls include backups and restores, patching systems, antivirus/antimalware, and forensic analysis."

"Describe the purpose of digital signatures in security."

"Digital signatures verify the sender's identity and ensure the integrity of the message."

"Explain the concept of gap analysis in security."

"Gap analysis identifies the difference between the current security posture and the desired state, useful for compliance or strategic improvement."

"Define the Zero Trust Model."

"The Zero Trust Model assumes a breach and requires explicit verification for everything, with no implicit trust, even within the network."

"How does Zero Trust Architecture differ from traditional security models?"

"Zero Trust Architecture emphasizes never trusting and always verifying, contrasting with traditional models that may assume trust within the network."

"What is the role of the Control Plane in Zero Trust Architecture?"

"The Control Plane manages authentication, access control, and policy decisions."

"Describe the function of the Data Plane in Zero Trust Architecture."

"The Data Plane handles the actual data transfer between users, systems, or applications."

"Explain the purpose of a Policy Enforcement Point."

"A Policy Enforcement Point is a system component that enforces access policies."

"What are Implicit Trust Zones and why are they problematic?"

"Implicit Trust Zones are segments where access is assumed to be safe, but this assumption can lead to vulnerabilities."