CC CC - Certified in Cybersecurity Question and Answers

BCP requires input from all business units to identify dependencies and ensure continuity of critical functions.

A Security Information and Event Management (SIEM) system is designed tocollect, correlate, analyze, and alert on security eventsgenerated across an organization’s IT environment. SIEM platforms aggregate logs from diverse sources such as servers, firewalls, endpoints, applications, and cloud services, providing centralized visibility into security activity.

The core value of a SIEM lies inevent correlation and contextual analysis. By correlating events across systems and over time, a SIEM can detect suspicious patterns that individual logs alone would not reveal—such as lateral movement, privilege escalation, or coordinated attacks. SIEMs also support real-time alerting, dashboards, querying, and incident investigation, enabling security teams to respond faster and more effectively.

SIEM systems donotencrypt files (that’s cryptography), block websites directly (that’s firewalls or secure web gateways), or manage passwords (that’s IAM). Instead, they serve as thecentral nervous system of a Security Operations Center (SOC), supporting monitoring, detection, compliance reporting, and incident response workflows as recommended by NIST and other security frameworks.

Zero Trust assumes no implicit trust and requires continuous verification of every access request. Microsegmentation is a core Zero Trust technique that limits lateral movement.

Consistencyensures data remains uniform and synchronized across systems, databases, and backups—critical for accuracy and trustworthiness.

Digital signatures provideauthentication,integrity, andnon-repudiation, but they donot provide confidentiality. A digital signature verifies who sent the message and ensures it was not altered, but the content remains readable unless encryption is also applied.

Confidentiality requires encryption, typically using symmetric or asymmetric cryptography. Digital signatures are often combined with encryption (such as in TLS or secure email), but by themselves they do not hide message contents.

ASHRAE recommends64°F–81°Ffor modern data centers to balance hardware longevity and energy efficiency.

Logical (technical) controls such as encryption, access controls, DLP, and firewalls directly prevent unauthorized data access and exfiltration.

The three core structural components of an SQL database aretables,views, andschemas. Tables store the actual data in rows and columns. Views are virtual tables created from queries that present data in a specific way without duplicating it. Schemas act as logical containers that organize database objects and define ownership and access control.

Object-oriented interfaces are not a fundamental component of an SQL database. While modern databases may support object-relational features or APIs that allow object-oriented programming languages to interact with the database, these interfaces exist outside the core database structure.

SQL databases are based on the relational model, not the object-oriented model. Even though object-relational mapping (ORM) tools exist, they are middleware components rather than native database structures.

Understanding core database components is important for security professionals when managing access controls, permissions, and data exposure risks.

Website spoofing involves impersonating legitimate sites to deceive users. Phishing often uses spoofed sites but is the broader attack method.

Cloud orchestration coordinates automated tasks, workflows, and resource provisioning across cloud environments to improve efficiency and consistency.

A URL filter is the most effective control for restricting access to specific websites. URL filtering allows administrators to block access based on domain names, URLs, or content categories such as gambling, social media, or malicious sites.

IP address blocking is less precise because many websites share IP addresses or use dynamic hosting. DLP solutions focus on data protection, not web access control. IPS systems detect and block attacks but are not designed for enforcing acceptable-use browsing policies.

URL filtering is commonly implemented in firewalls, secure web gateways, and proxy servers and is widely used to enforce organizational internet usage policies.

The final phase in the data security lifecycle isdestruction. After data is no longer required for business, legal, or regulatory purposes, it must be securely destroyed to prevent unauthorized recovery or misuse.

Encryption, backup, and archival are all earlier phases focused on protecting data during use, storage, and retention. Destruction ensures data is permanently removed through secure wiping, degaussing, or physical destruction of media.

Improper data disposal can lead to data breaches through remanence. NIST SP 800-88 provides detailed guidance on secure media sanitization and destruction methods. Secure destruction is especially critical for sensitive and regulated data such as PII, PHI, and financial records.

Incident management is often referred to as crisis management because it focuses on managing disruptive events that threaten operations.

Replay attacks disrupt communication by resending captured packets, potentially causing session confusion or denial of service. IPSec mitigates this using sequence numbers.

The ISC2 Code of Ethics prioritizesprotecting society and the public, including users, over employer interests.

Human life and safety always take precedence over systems, data, and business operations. Security awareness ensures employees know how to act safely during incidents such as fires, active threats, or infrastructure failures.

ATrojandeceives users into executing it by appearing legitimate while performing malicious actions.

Network segmentation isolates systems and resources into separate security zones to limit lateral movement by attackers. By segmenting networks, organizations protect critical assets and reduce the impact of breaches.

If one segment is compromised, segmentation prevents attackers from easily accessing other systems. This approach supports defense-in-depth and zero trust architectures.

Network segmentation is implemented using VLANs, firewalls, and access controls and is a foundational security practice recommended by NIST and CIS.

A Red Book is ahard-copy version of critical business continuity and emergency procedures. It is essential when disasters such as hurricanes, earthquakes, or cyberattacks disable power, networks, or electronic backups. In such scenarios, electronic access may be impossible, making physical documentation vital.

Data loss affecting availability or integrity is classified as asecurity incident, even if no attacker is involved.

While managementparticipatesin BCP, “management” alone is not a documented component. The other options represent formal, documented BCP elements.

An IPS monitors traffic, detects malicious activity, and actively blocks attacks. Encryption is handled by protocols such as TLS or IPSec, not IPS devices.

Criticality reflects how essential an asset or system is to business success or mission accomplishment. It is commonly determined during a Business Impact Analysis (BIA) and influences recovery priorities.

Risk transference is a risk management strategy in which an organization or individual shifts the financial impact of a risk to a third party. Purchasing insurance is a classic example of risk transference. In this scenario, Mark transfers the financial consequences of potential damage to the laptop screen to the insurance provider.

Risk acceptance involves acknowledging a risk and choosing to do nothing. Risk deterrence discourages risky behavior through controls or penalties. Risk mitigation reduces the likelihood or impact of a risk through safeguards such as protective cases or training.

Risk transference does not eliminate the risk itself; the laptop can still be damaged. However, it reduces the financial burden associated with the event. In cybersecurity, common examples include cyber insurance, outsourcing, and service-level agreements (SLAs).

This strategy is widely recognized in risk management frameworks such as NIST SP 800-30 and ISO 31000 as an appropriate option when mitigation is too costly or impractical.

A switch operates at Layer 2 and forwards traffic only to the destination port based on MAC address tables, unlike hubs which broadcast traffic.

A user ID provides identification—it claims an identity. Authentication verifies that claim using credentials like a password.

Logical access controls are implemented through software and system configurations. They include settings such as user permissions, authentication mechanisms, firewall rules, and system policies managed through GUIs or command-line interfaces. Logical controls protect digital assets by restricting access based on identity and authorization.

A Smurf attack amplifies ICMP traffic to overwhelm targets.

An Incident Response Plan (IRP) outlines roles, responsibilities, and procedures for handling security incidents and minimizing damage.

Microsegmentationdivides networks into granular zones protected by internal firewalls or policy enforcement points. It limits lateral movement and is a core Zero Trust principle.

Token-based authentication relies on encrypted, machine-generated tokens to verify a user’s identity. After successful authentication, the system issues a token (often a JSON Web Token or OAuth token) that represents the user’s session or authorization claims. This token is then presented with each request instead of repeatedly transmitting credentials.

Unlike basic or form-based authentication, token-based methods reduce exposure of usernames and passwords, improve scalability, and support modern distributed architectures such as APIs, cloud services, and mobile applications. Tokens can also include expiration times and scopes, improving security control.

Anadverse eventis a harmful occurrence that may or may not constitute a security incident or breach.

In Software as a Service (SaaS), the provider manages nearly all infrastructure, platforms, and applications, leaving customers responsible mainly for data and access.

Metal detectors are effectivepreventive physical controlsthat detect electronic devices and storage media. They are commonly used in high-security environments to enforce device restrictions.

Discretionary Access Control (DAC) allows the owner or creator of an object to decide who can access it and what permissions they receive. This delegation capability is a defining feature of DAC systems.

MAC enforces centrally controlled policies, RBAC assigns permissions through roles, and ABAC uses attributes evaluated by a policy engine. Only DAC explicitly allows object owners to grant or revoke access at their discretion.

Microsoft SQL Server commonly uses TCP port 1433, which falls in the registered port range.

A firewall is a network security device designed to monitor, filter, and control incoming and outgoing traffic based on predefined security rules. Firewalls act as a barrier between trusted internal networks and untrusted external networks, such as the internet.

Firewalls can operate at multiple layers of the OSI model and may inspect packet headers, session states, and even application-level data. Modern firewalls often include advanced features such as intrusion prevention, deep packet inspection, and threat intelligence integration.

Servers and endpoints generate or consume traffic but do not filter it by default. Ethernet is a networking standard, not a device. Firewalls are a foundational security control recommended by virtually all cybersecurity frameworks, including NIST and CIS Critical Security Controls.

By enforcing traffic filtering rules, firewalls help prevent unauthorized access, reduce attack surfaces, and protect systems from threats such as malware, scanning, and exploitation.

Token Ringis a legacy networking technology defined by IEEE 802.5 and operates primarily at thePhysical Layer (Layer 1)of the OSI model, with some functions extending into the Data Link Layer.

The Physical Layer is responsible for transmitting raw bits over a physical medium, defining signaling, cabling, and transmission characteristics. Token Ring used a token-passing mechanism to control access to the physical medium, ensuring only one device transmitted at a time.

While modern Ethernet has replaced Token Ring, understanding its OSI placement remains important for foundational networking knowledge and certification exams.

An intranet is a private network that uses internet technologies (such as TCP/IP and web browsers) but is accessible only to an organization’s internal users. It mirrors the structure and functionality of the internet while remaining private.

An extranet extends limited access to external partners. A VLAN is a logical network segmentation technique. A VPN is a secure communication tunnel, not a network architecture.

Intranets are commonly used for internal portals, documentation, collaboration tools, and internal services. From a security standpoint, intranets require strong authentication, segmentation, and access controls.

Policies are high-level statements of management intent and direction. Standards and procedures derive from policies.

Antivirus softwareis apreventive security controldesigned to stop known malware threats before they can execute or spread within a system. Antivirus solutions use signature-based detection, heuristic analysis, and increasingly behavior-based techniques to block malicious code such as viruses, worms, trojans, and ransomware.

In contrast,IDS (Intrusion Detection Systems)andHIDS (Host-based IDS)are primarilydetective controls. They monitor systems and networks for suspicious activity but do not inherently block threats.SIEMplatforms aggregate and analyze logs for visibility and correlation; they support detection and response but do not directly prevent threats.

According to NIST SP 800-53, preventive controls are designed to stop incidents from occurring, while detective controls identify events after or during occurrence. Therefore, antivirus is the correct choice as it directly prevents threats.

Non-repudiationensures that a party involved in a transaction cannot later deny having performed an action, such as sending a message or authorizing a payment. This is a critical security property in digital communications and e-commerce environments.

Non-repudiation is typically achieved throughdigital signatures, cryptographic hashing, timestamps, and public key infrastructure (PKI). These mechanisms provide proof of origin and integrity, allowing actions to be traced back to the responsible party.

Authentication verifies identity, identification claims who a user is, and verification confirms correctness—but none of these alone prevent denial after the fact. Only non-repudiation provides legally and technically enforceable proof.

ICMP is used for network diagnostics, including ping operations that test host availability. RFC 792 defines ICMP behavior.

Knowledge-based authentication relies onsomething the user knows, such as passwords, PINs, or answers to security questions. It is the most common but also the weakest form of authentication due to susceptibility to guessing, phishing, and brute-force attacks. For this reason, it is often combined with other factors in multi-factor authentication (MFA).

Mandatory Access Control (MAC) enforces centrally managed security labels and clearances, making it suitable for classified and government systems.

DAC allows object owners broad discretion to manage permissions, including delegation and modification of access controls.

Clear roles ensure fast, coordinated response, reduce confusion, and prevent duplicated or missed actions during incidents.

Defense in depth requiresmultiple layers of security controls. None of the listed scenarios include layered controls, making “None” the correct answer.

Standards define mandatory technical or operational requirements that must be followed to comply with policy. Guidelines are optional, and procedures provide step-by-step instructions.

Address Space Layout Randomization (ASLR) randomizes the memory locations used by applications, making it significantly harder for attackers to predict where malicious payloads should be placed during buffer overflow attacks.

Buffer overflow exploits rely on predictable memory layouts. ASLR disrupts this predictability, increasing attacker effort and reducing exploit reliability.

The other options are either non-standard terms or unrelated to buffer overflow mitigation. ASLR is widely used in modern operating systems and is a key defensive control recommended by secure coding and system hardening guidelines.

ASLR does not eliminate vulnerabilities but raises the attack complexity, which is a core defensive strategy.

ABusiness Impact Analysis (BIA)identifies critical systems, dependencies, and acceptable downtime to prioritize recovery and continuity strategies.

The loopback address allows a system to test its own network stack.127.0.0.1is the IPv4 loopback address, while::1is its IPv6 equivalent. Both route traffic internally without leaving the host.

The Data Link layer (Layer 2) handles MAC addressing and frame delivery within local networks.

Electromagnetic eavesdropping (TEMPEST attacks) exploits signal leakage. EMI shielding blocks emissions, screened rooms prevent signal escape, and white noise generators mask signals. Together, these controls provide comprehensive protection.

Two-factor authentication (2FA) requires users to verify their identity usingtwo independent authentication factorsfrom different categories, such as something you know and something you have.

The purpose of 2FA is to strengthen authentication security and reduce the risk of unauthorized access. Even if one factor is compromised, the attacker cannot authenticate without the second factor.

2FA is a subset of multi-factor authentication and is strongly recommended by modern security standards, particularly for remote access, cloud services, and privileged accounts.

DNSSEC (Domain Name System Security Extensions) adds cryptographic signatures to DNS records to ensure authenticity and integrity. It prevents attacks such as DNS spoofing and cache poisoning.

DNSSEC allows clients to verify that DNS responses have not been altered. It is the industry-standard solution recommended by security frameworks for protecting DNS infrastructure.

If CIA is not impacted, the occurrence remains asecurity event, not an incident or breach.

Cryptographic hash functions areone-wayfunctions and are intentionallynot reversible. Given a hash value, it should be computationally infeasible to recover the original input.

Hash functions are deterministic (same input produces the same output), designed to minimize collisions (unique in practice), and useful for integrity verification, password storage, and digital signatures. Reversibility would completely undermine their security purpose.

Operating system logs are the most relevant source of information for detecting and investigating privilege escalation attacks. These logs record authentication events, privilege changes, process executions, and system-level actions.

Because the attacker already had authorized access, firewall and IDS logs may show little or no suspicious activity. Database logs focus on database-level operations, not OS privilege changes.

OS logs provide the best visibility into actions such as sudo usage, kernel exploits, and unauthorized permission changes. They are essential for forensic analysis and incident response involving insider threats.

Abotis malware that allows attackers to remotely control infected systems, often forming botnets used for DDoS attacks, spam, or credential theft.

The purpose of multi-factor authentication (MFA) in Identity and Access Management (IAM) is to strengthen authentication by requiring users to present two or more independent factors from different categories: something you know, something you have, or something you are. This layered approach significantly reduces the risk of unauthorized access, even if one factor—such as a password—is compromised.

MFA addresses common attack techniques such as phishing, credential stuffing, and brute-force attacks. For example, even if an attacker steals a user’s password, they would still need access to the user’s hardware token or biometric factor to authenticate successfully.

MFA does not simplify access, remove authentication, or grant unrestricted access. Instead, it deliberately increases verification requirements to improve security. NIST SP 800-63 and other security frameworks strongly recommend MFA for privileged accounts, remote access, and cloud services because of its proven effectiveness in preventing account compromise.

Business Continuity Plans ensure operations continue during long-term disruptions.

Distributed Denial of Service (DDoS) attacks primarily impactavailability, one of the three pillars of the CIA triad. DDoS attacks overwhelm systems, networks, or applications with massive volumes of traffic, exhausting resources such as bandwidth, CPU, or memory and preventing legitimate users from accessing services.

The goal of a DDoS attack is not to steal data, alter information, or deny accountability, but rather todisrupt access. Confidentiality and integrity may remain intact, but users are unable to reach the system, resulting in service outages, financial loss, and reputational damage.

Availability is a critical security objective for public-facing services such as websites, APIs, and online platforms. Defenses against DDoS attacks include traffic filtering, rate limiting, content delivery networks (CDNs), scrubbing services, and redundant architectures.

Security frameworks such as NIST and ISO/IEC explicitly associate denial-of-service attacks with availability risks, making availability the most directly affected cybersecurity principle.

Asecurity breachrefers to an incident where an unauthorized individual successfully gains access to a system, application, network, or data resource. Unlike a general security event, a breach confirms that confidentiality, integrity, or availability has been compromised. According to NIST SP 800-61, a breach occurs when security controls fail and protected information is accessed, disclosed, altered, or destroyed without authorization.

Not every event or intrusion results in a breach. For example, a blocked attack detected by an IDS is an event, not a breach. A breach has legal, regulatory, and business implications, often triggering notification requirements, forensic investigations, and remediation actions.

Aturnstileis a physical access control device designed to allow only one individual to pass at a time. Turnstiles are commonly used to prevent tailgating and unauthorized entry in offices, transit stations, and secure facilities. Unlike mantraps, turnstiles typically allow one-way movement and do not lock a person inside an enclosed space.

Well-known ports (0–1023) are reserved for core services such as HTTP (80), HTTPS (443), FTP (21), and SSH (22).

Firewalls control and filter network traffic based on security rules to prevent unauthorized access. While they may monitor traffic, their primary function is enforcing access control at network boundaries.

Risk management is an ongoing process that identifies threats, evaluates risk, and applies controls to reduce risk to acceptable levels. It is foundational to cybersecurity governance.

HVAC (Heating, Ventilation, and Air Conditioning)systems regulate temperature, humidity, and airflow in data centers. Proper environmental controls are critical to prevent equipment failure and ensure system reliability.

A breach occurs when unauthorized access results in the disclosure, theft, or loss of sensitive data. An intrusion may not always result in data loss, but a breach does.

Worms are self-propagating malware that spread automatically across networks by exploiting vulnerabilities. Unlike viruses, worms do not require user interaction.

During the detection and analysis phase, incidents are identified, triaged, categorized, and prioritized based on impact and urgency. This ensures resources are allocated appropriately.

IPv6 allows removal of leading zeros and compression of consecutive zero blocks using “::”, making option A correct.

A URL filter is specifically designed to block access to prohibited websites based on domain names, URLs, or content categories. It provides granular and user-friendly control over web access.

IP address blocking is less effective because many websites use shared IP addresses and dynamic hosting. DLP focuses on data protection, not web browsing. IPS detects and blocks attacks, not policy-based browsing restrictions.

URL filtering is commonly implemented in firewalls, secure web gateways, and proxy servers and is a best-practice control for acceptable use enforcement.

A hierarchical database organizes data in a tree-like structure where each parent record can have multiple child records, but each child has only one parent. This model resembles a file system hierarchy and is designed to represent one-to-many relationships efficiently.

Hierarchical databases were among the earliest database models and are still used in specific environments such as legacy systems and mainframe applications. Data access is fast when the hierarchy is well understood, but the model lacks flexibility when relationships become complex.

Relational databases use tables with rows and columns, object-oriented databases store objects, and network databases allow many-to-many relationships. Only the hierarchical model strictly enforces a tree structure.

Understanding database models is important for security professionals when evaluating access control, data exposure, and system design risks.

An eavesdropping attack occurs when an attacker passively intercepts network communications to capture sensitive information such as credentials, session tokens, or authentication exchanges. This data can later be reused in impersonation or replay attacks.

CSRF and XSS are application-layer attacks, while ARP spoofing is an active network attack. Eavesdropping relies on unencrypted or weakly protected communications, highlighting the importance of TLS and secure authentication protocols.

Standards such as ISO, NIST, and CIS are commonly developed by third-party organizations and provide best practices and compliance guidance. They are not laws unless mandated.

Attribute-Based Access Control (ABAC) grants access based on complex logical rules that evaluate attributes of the user, resource, action, and environment. Examples include user role, department, time of day, device type, and data sensitivity. These attributes are evaluated dynamically, allowing fine-grained and context-aware access decisions.

DAC allows owners to grant permissions, MAC uses labels and classifications, and RBAC assigns permissions based on roles. None of these provide the same level of flexibility as ABAC. Because ABAC supports complex, rule-based decisions, it is widely used in modern cloud environments and zero trust architectures.

Zenmap is the graphical front end for Nmap. It performs host discovery, port scanning, service enumeration, and OS fingerprinting.

Input validation ensures user inputs are sanitized and conform to expected formats, preventing injection attacks such as SQL injection and command injection.

AService Level Agreement (SLA)defines availability, performance, responsibilities, security controls, and incident response expectations between cloud providers and customers.

Senior management is ultimately responsible for approving, signing, and publishing organizational policies. While departments such as security, HR, and legal may draft, review, or advise on policies, executive leadership provides formal authorization and accountability.

This responsibility aligns with governance principles outlined in frameworks like ISO/IEC 27001 and NIST, which emphasize management commitment to information security. Policies require executive endorsement to ensure they are enforceable, aligned with business objectives, and supported with appropriate resources.

Senior management’s involvement demonstrates organizational commitment, establishes authority, and ensures compliance across all departments. Without leadership approval, policies lack legitimacy and may not be consistently followed.

Security operations rely on clear, management-approved policies to guide procedures, incident response, and compliance activities. Executive sponsorship also enables enforcement and disciplinary actions when policies are violated.

Logical access controls enforce security through software-based mechanisms such as access control lists, authentication systems, and configuration settings.

The primary goal of incident management is toreduce the impact of an incidenton the organization. Incident management focuses on minimizing damage, limiting scope, and restoring stability as quickly as possible.

Preparation is handled before incidents occur, and disaster recovery focuses on long-term system restoration. Protecting life and safety is important but not the core definition of incident management in cybersecurity frameworks.

NIST SP 800-61 emphasizes rapid containment, mitigation, and impact reduction as the central objectives of incident management.

Abreachoccurs when sensitive or protected information is accessed, disclosed, or used without authorization—regardless of intent. Even accidental disclosures, such as sending confidential data to the wrong recipient, qualify as breaches because confidentiality has been compromised.

Anintrusionis an unauthorized attempt to access systems or networks. It may or may not succeed. Intrusions are more serious than simple events but may not rise to the level of a breach if controls prevent access.

Disaster Recovery Planning focuses on restoring IT infrastructure, systems, and communications after major disruptions.

Security policies are high-level, mandatory statements approved by management that define security objectives, principles, and rules. Procedures and standards support policies but do not establish overarching intent.

Data Loss Prevention (DLP) tools inspect outbound traffic to prevent unauthorized data exfiltration.

ATrojanis a direct form of malware that disguises itself as legitimate software to perform malicious actions.

Public IP addresses are routable on the Internet and assigned by ISPs.

Risk Avoidanceeliminates risk by discontinuing activities that expose the organization to unacceptable threats.

Recovery controls restore systems and data after an incident. Examples include backups, failover systems, and disaster recovery procedures.

Risk identification is the first step in the risk management process. Organizations must first identify assets, threats, and vulnerabilities before they can assess likelihood or impact. Without knowing what risks exist, meaningful assessment and mitigation are impossible.

Authorization determines what actions a user is allowed to perform after their identity has been authenticated. Identification claims an identity, authentication verifies it, and authorization grants permissions.

Integrityis the primary factor in system and information reliability. Reliable systems must ensure that data is accurate, complete, and protected from unauthorized modification. If integrity is compromised, decisions based on the data become unreliable—even if systems are available or confidential. NIST and ISO frameworks emphasize integrity as essential to trustworthiness and operational reliability.

When a device does not meet security baseline requirements, it poses a risk to the environment. Best practice is todisable or quarantine the deviceto prevent potential compromise or lateral movement. Network Access Control (NAC) solutions commonly automate this process.

Isolation ensures the device cannot interact with production systems until it is patched, configured correctly, and verified as compliant. This approach aligns with NIST and Zero Trust principles, emphasizing continuous compliance and containment.

Digital signatures provide authentication, integrity, and non-repudiation. They confirm who sent a message and ensure it was not altered.

GRC (Governance, Risk, and Compliance) integrates business objectives with risk management and regulatory compliance.

The ISC2 Code of Ethics requires members to act lawfully and ethically. Accepting pirated material violates this obligation.

ABAC uses centralized policy engines (PDPs) to evaluate attributes and enforce fine-grained access control decisions dynamically.

Role-Based Access Control (RBAC) assigns permissions based on job roles, making it scalable and efficient for large organizations. It simplifies access management and supports least privilege.

DDoS attacks can target bothLayer 3 (Network)andLayer 4 (Transport)by overwhelming IP routing, ICMP traffic, TCP SYN floods, or UDP floods. Hence, both layers are impacted.

Ethernet (IEEE 802.3) defines wired LAN communication standards.

HTTPS uses SSL/TLS to provide encryption, authentication, and integrity for web communications.

A security assessment evaluates the effectiveness of security controls and verifies whether they meet security requirements. It differs from risk assessments, which focus on identifying threats and vulnerabilities.

Anintrusionis an unauthorized attempt to access systems or networks. Not all intrusions succeed or result in breaches, but they represent active threats.

A security incident is any event that actually or potentially compromises confidentiality, integrity, or availability.

TheApplication Layer (Layer 7)of the OSI model provides services directly to the user and user-facing applications. This layer supports protocols such as HTTP, HTTPS, SMTP, FTP, and DNS, which enable web browsing, email, file transfers, and name resolution.

While users interact with applications rather than the OSI model itself, the Application Layer is responsible for enabling those interactions. The Session Layer manages session establishment, the Presentation Layer handles data formatting and encryption, and the Physical Layer transmits raw bits over physical media.

From a security perspective, many attacks target the Application Layer, including SQL injection, cross-site scripting (XSS), and authentication bypasses. As a result, application-layer security controls such as WAFs, secure coding practices, and input validation are critical.

Understanding OSI layers helps security professionals design layered defenses and properly place controls.

Tunneling encapsulates packets to securely transmit them across networks, commonly used in VPNs.

A Business Impact Analysis (BIA) identifies critical systems, dependencies, and acceptable downtime. It is foundational to both BCP and DRP development.

Endpoints are user-facing devices such as laptops, desktops, and mobile devices.

Most VPNs (e.g., IPSec) operate atLayer 3 (Network layer), encapsulating IP packets to create secure tunnels.

Asecurity incidentis an event or series of events that indicates a possible compromise of confidentiality, integrity, or availability of information systems or data. According to NIST SP 800-61, incidents include attempted or successful unauthorized access, misuse, modification, or denial of service.

Not all incidents result in breaches, but all breaches are incidents. Incidents trigger incident response processes, investigations, and potential escalation depending on severity.

Backups are recovery controls because they restore data and systems after failures, attacks, or disasters.

The principle of least privilege states that users, systems, and processes should be granted only the minimum permissions required to perform their assigned tasks—nothing more. This principle reduces the attack surface and limits potential damage from compromised accounts or insider threats.

If an attacker gains access to a low-privilege account, the impact is significantly reduced compared to a highly privileged account. Least privilege also helps prevent accidental misuse of system resources.

Two-person control requires two individuals to approve an action. Job rotation reduces fraud by changing responsibilities. Separation of privileges ensures critical tasks require multiple permissions. While all are valid security concepts, least privilege directly addresses permission minimization.

This principle is foundational in access control models, identity and access management (IAM), and zero trust architectures. NIST and CIS explicitly recommend least privilege as a core security control for protecting systems and sensitive data.

A guard dog deters unauthorized access by increasing perceived risk. Deterrent controls discourage attacks before they occur.