Security Fundamentals
Core concepts, common threats, and defensive controls.
Showing 10 of 10
SEC-01
What is the CIA triad?
▾
SEC-01
What is the CIA triad?
Answer: Confidentiality (prevent unauthorized access), Integrity (prevent unauthorized modification), Availability (keep systems usable).
Tip: Relate incidents: ransomware hits availability; data breach hits confidentiality.
SEC-02
Define vulnerability, threat, and risk.
▾
SEC-02
Define vulnerability, threat, and risk.
Answer: Vulnerability is a weakness, threat is something that can exploit it, and risk is the likelihood and impact of that exploitation.
Tip: A clean example helps: unpatched server (vuln) + attacker (threat) → risk.
SEC-03
What is defense-in-depth?
▾
SEC-03
What is defense-in-depth?
Answer: Layered security controls so if one fails (e.g., email filter), others still detect/stop (EDR, MFA, SIEM alerts).
Tip: SOC work is observing these layers and correlating signals.
SEC-04
What’s the difference between IDS and IPS?
▾
SEC-04
What’s the difference between IDS and IPS?
Answer: IDS detects and alerts; IPS can block or actively prevent traffic based on rules/signatures/behavior.
Tip: Mention tuning to reduce false positives and avoid blocking business-critical traffic.
SEC-05
What is a SIEM?
▾
SEC-05
What is a SIEM?
Answer: A platform that ingests logs/events, normalizes them, correlates signals, and provides alerting, dashboards, and investigation workflows.
Tip: Say “SIEM is only as good as the data and tuning.”
SEC-06
What is EDR?
▾
SEC-06
What is EDR?
Answer: Endpoint Detection and Response: collects endpoint telemetry (process, file, registry, network) and supports detection, investigation, and response actions.
Tip: Great answer includes: visibility + containment actions (isolate host, kill process).
SEC-07
Explain phishing vs spear phishing.
▾
SEC-07
Explain phishing vs spear phishing.
Answer: Phishing is broad and generic; spear phishing is targeted to a specific person/org and often uses context to appear legitimate.
Tip: Mention common indicators: domain lookalikes, urgent language, unexpected attachments/links.
SEC-08
What is MFA and why does it matter?
▾
SEC-08
What is MFA and why does it matter?
Answer: Multi-factor authentication requires two or more factors (something you know/have/are). It reduces account takeover success.
Tip: Be aware of MFA fatigue/push bombing and token theft attacks.
SEC-09
What is “lateral movement”?
▾
SEC-09
What is “lateral movement”?
Answer: When an attacker moves from one compromised host/account to others to expand access and reach valuable systems.
Tip: Mention signals: remote services usage, credential dumping, abnormal admin tool use.
SEC-10
What is ransomware and how does it typically get in?
▾
SEC-10
What is ransomware and how does it typically get in?
Answer: Malware that encrypts data and demands payment. Common entry points include phishing, exposed RDP/VPN, exploit of unpatched systems, and stolen credentials.
Tip: Include mitigation: backups, segmentation, MFA, patching, EDR, email security.