🃏 Security Concepts Flashcards

Q: What is the CIA triad?

A: Confidentiality (only authorized access), Integrity (data is accurate and unaltered), Availability (systems accessible when needed).

Q: What is the difference between a threat, vulnerability, and exploit?

A: Threat: potential danger. Vulnerability: weakness in a system. Exploit: method used to take advantage of a vulnerability.

Q: What is defense-in-depth?

A: A layered security approach — multiple security controls at different levels (network, host, application, data) so no single failure compromises the system.

Q: What is the difference between IDS and IPS?

A: IDS (Intrusion Detection System) detects and alerts. IPS (Intrusion Prevention System) detects and blocks. IPS is inline; IDS is passive.

Q: What port does HTTPS use?

A: 443 (TCP).

Q: What is a zero-day vulnerability?

A: A vulnerability that is unknown to the vendor and has no patch available. Attackers can exploit it before a fix is released.

Q: What is AES?

A: Advanced Encryption Standard — a symmetric encryption algorithm. Common key sizes: 128, 192, 256 bits. Used for bulk data encryption.

Q: What is the MITRE ATT&CK framework?

A: A knowledge base of adversary tactics, techniques, and procedures (TTPs) observed in real-world attacks, organized by stages of an attack lifecycle.

Q: What is a SOC?

A: Security Operations Center — a team that monitors, detects, analyzes, and responds to security incidents 24/7.

Q: What are the syslog severity levels?

A: 0=Emergency, 1=Alert, 2=Critical, 3=Error, 4=Warning, 5=Notice, 6=Informational, 7=Debug.