1. What are the three core principles of the CIA triad in information security?

Explain each principle.

Answer:

 Confidentiality: Ensures that data is only accessible to authorized users or systems,

preventing unauthorized access to sensitive information.
 Integrity: Ensures that the data remains accurate and unaltered during storage or
transmission, and any changes to the data can be detected.
 Availability: Ensures that authorized users have access to the data and services when
needed, and that systems are functioning properly without interruption.

What is a risk assessment, and why is it important for an organization?

Answer:
A risk assessment is the process of identifying, evaluating, and analyzing potential risks
(threats and vulnerabilities) to an organization’s assets and operations. It is important because
it helps an organization prioritize its security efforts, allocate resources efficiently, and
mitigate risks before they lead to financial, reputational, or operational damage.

3. Define the concept of "Defense in Depth" in information security.

Answer:
Defense in Depth is a security strategy that employs multiple layers of defense mechanisms
to protect information and systems. This means even if one layer of defense fails, there are
additional layers to stop or mitigate the attack. These layers may include firewalls,
encryption, intrusion detection systems, access controls, and employee training.

4. Explain the difference between a threat, vulnerability, and risk.

Answer:

 Threat: A potential event or action that could exploit a vulnerability and harm an
asset (e.g., hackers, natural disasters).
 Vulnerability: A weakness or flaw in a system that can be exploited by a threat (e.g.,
outdated software, misconfigured network settings).
 Risk: The likelihood and impact of a threat exploiting a vulnerability to cause damage
(Risk = Threat × Vulnerability × Impact).

5. What is social engineering, and what are some common types of social
engineering attacks?

Answer:
Social engineering is a manipulation technique used by cybercriminals to trick individuals
into revealing confidential information or performing actions that compromise security.
Common types of social engineering attacks include:

 Phishing: Sending fraudulent emails or messages to obtain sensitive information

(e.g., login credentials).
 Pretexting: Creating a false scenario to gain the victim’s trust and extract personal
information.
 Baiting: Offering something desirable (like free software or a prize) to lure victims
into providing their information.
 Tailgating: Gaining physical access to restricted areas by following an authorized
person.

6. What is an intrusion detection system (IDS), and how does it differ from an
intrusion prevention system (IPS)?

Answer:

 Intrusion Detection System (IDS): A security system that monitors network traffic
for signs of malicious activity or policy violations and alerts administrators when
suspicious activity is detected.
 Intrusion Prevention System (IPS): An advanced system that not only detects
malicious activity but also actively blocks or prevents any detected threats from
causing harm to the system or network.

7. What is the role of encryption in ensuring data confidentiality, and how

does symmetric encryption differ from asymmetric encryption?

Answer:
Encryption ensures data confidentiality by converting readable data into an unreadable format
(ciphertext), which can only be decrypted by those with the correct decryption key.

 Symmetric encryption uses the same key for both encryption and decryption,
making it faster but requiring secure key management.
 Asymmetric encryption uses a pair of keys—one public and one private—where the
public key encrypts data, and the private key decrypts it, offering greater security, but
it is slower than symmetric encryption.

8. What is a Denial-of-Service (DoS) attack, and how does a Distributed

Denial-of-Service (DDoS) attack differ?

Answer:
  A Denial-of-Service (DoS) attack aims to make a computer, network, or service
unavailable by overwhelming it with traffic or requests.
 A Distributed Denial-of-Service (DDoS) attack is a more advanced version, where
the attack comes from multiple, distributed sources (often botnets), making it harder
to defend against and mitigate.

9. What are the key components of an incident response plan (IRP)?

Answer:
An Incident Response Plan (IRP) outlines the steps an organization will take to respond to a
cybersecurity incident. Key components include:

 Preparation: Ensuring the organization is ready to respond by training personnel,

setting up tools, and creating communication plans.
 Identification: Detecting and recognizing a potential security incident.
 Containment: Limiting the damage by isolating affected systems or networks.
 Eradication: Removing the cause of the incident and vulnerabilities.
 Recovery: Restoring systems and services to normal operations.
 Lessons Learned: Analyzing the incident for improvement in future responses.

10. What is the difference between a public key infrastructure (PKI) and a
simple certificate authority (CA)?

Answer:

 Public Key Infrastructure (PKI): A framework for managing digital keys and
certificates to secure communications through encryption, digital signatures, and other
security mechanisms. It involves key generation, distribution, storage, and revocation.
 Certificate Authority (CA): A trusted entity that issues digital certificates to verify
the identity of organizations or individuals. It is one component of PKI, which also
involves registration authorities (RAs), certificate revocation lists (CRLs), and more.

11. What is the purpose of Multi-factor Authentication (MFA), and how does
it strengthen security?

Answer:
Multi-factor Authentication (MFA) enhances security by requiring users to provide two or
more different forms of verification before gaining access to a system. This typically involves
something the user knows (password), something they have (a smartphone or token), and
 something they are (fingerprint or facial recognition). By requiring multiple factors, MFA
makes it harder for attackers to gain unauthorized access.

12. Explain the concept of "least privilege" and its importance in

cybersecurity.

Answer:
Least privilege is the principle that users, systems, and applications should only be given the
minimum level of access or permissions necessary to perform their tasks. It minimizes the
potential damage from insider threats, reduces the attack surface, and prevents unauthorized
access to sensitive data and systems.

13. What is a vulnerability scanner, and how is it used in a security program?

Answer:
A vulnerability scanner is a tool that automatically scans systems, applications, or networks
for known vulnerabilities or security weaknesses. It is used in a security program to identify
potential risks, help patch systems, and assess the effectiveness of security measures.

Sample Topics and Questions:

1. Confidentiality, Integrity, Availability (CIA Triad)
 Question: Define the three principles of the CIA triad and
provide an example of each.
o Answer:
 Confidentiality: Ensures that sensitive
information is accessed only by authorized users (e.g., encryption
of sensitive data).
 Integrity: Ensures that data remains accurate
and unaltered (e.g., checksums or hash functions).
 Availability: Ensures that information and
resources are accessible when needed (e.g., redundant systems
or failover mechanisms).
2. Risk Management
 Question: What are the steps in the risk management
process?
o Answer:
1. Identify risks
2. Assess risks
3. Mitigate risks
4. Monitor and review risks
3. Types of Malware
 Question: What are the differences between a virus, a
worm, and a trojan horse?
o Answer:
 Virus: A type of malicious software that attaches
itself to a legitimate program and spreads to other programs/files
when executed.
 Worm: A standalone malware that replicates
itself to spread to other computers without needing to attach to a
program.
 Trojan Horse: A type of malware that disguises
itself as a legitimate application to trick users into installing it.
4. Security Protocols
 Question: Explain the purpose of SSL/TLS.
o Answer: SSL (Secure Sockets Layer) and TLS
(Transport Layer Security) are protocols that provide encryption
for data transmitted over a network, ensuring secure
communication between clients and servers.
5. Access Control Models
 Question: What is the difference between discretionary
access control (DAC) and mandatory access control (MAC)?
o Answer:
 DAC: Access rights are assigned based on the
identity of the users. Users have control over their own resources.
 MAC: Access rights are assigned based on fixed
policies determined by a central authority, and users cannot
change access permissions.
6. Incident Response
 Question: What are the key phases of an incident response
plan?
o Answer:
1. Preparation
2. Identification
3. Containment
4. Eradication
5. Recovery
6. Lessons Learned
7. Cryptography
 Question: What is the difference between symmetric and
asymmetric encryption?
o Answer:
 Symmetric Encryption: Uses the same key for
both encryption and decryption (e.g., AES).
 Asymmetric Encryption: Uses a pair of keys
(public and private) for encryption and decryption (e.g., RSA).
8. Security Policies
 Question: Why is it important to have a security policy in
place for an organization?
o Answer: A security policy defines an organization's
approach to managing and protecting its information assets,
ensuring compliance, guiding employee behavior, and
establishing protocols for incident management.
9. Social Engineering
 Question: Describe social engineering and provide an
example of a common technique.
o Answer: Social engineering is the manipulation of
individuals into divulging confidential or personal information. An
example is phishing, where attackers send fraudulent emails to
trick users into providing sensitive information.
10. Network Security
 Question: What is the purpose of a firewall?
o Answer: A firewall acts as a barrier between a trusted
internal network and untrusted external networks, controlling
incoming and outgoing traffic based on predetermined security
rules.
Tips for Studying
 Review definitions, as many questions may revolve around
understanding key terms and concepts.
 Understand practical applications—many exams may include
real-world scenarios.
 Practice explaining concepts in your own words, as
comprehension is key to retention.
 Consider group study sessions to discuss and clarify topics
with classmates.