Skip to main content

Skillber v1.0 is here!

Learn more
On this page

    Flashcards

    Checking access...

    Q1: What are the three pillars of the CIA triad?

    Tip

    A: Confidentiality (data is accessible only to authorised parties), Integrity (data is accurate and unmodified), Availability (systems and data are accessible when needed). The foundation of all information security.

    Q2: What is defence in depth?

    Tip

    A: Multiple layers of security controls so that if one fails, another catches the threat. Layers include: policies, network security (firewall, IDS), endpoint security (EDR, AV), application security, data encryption, and physical security.

    Q3: What is the difference between a vulnerability, threat, and risk?

    Tip

    A: A vulnerability is a weakness (e.g., unpatched software). A threat is what could exploit that weakness (e.g., a ransomware gang). Risk is the likelihood and impact of the threat exploiting the vulnerability (Risk = Threat × Vulnerability × Impact).

    Q4: What is the most important security control an organisation can implement?

    Tip

    A: Multi-Factor Authentication (MFA). MFA blocks 99.9% of automated credential attacks. It is the highest-ROI security control available. Every organisation should enforce MFA on all external-facing systems before investing in any other control.

    Q5: What are the four phases of the NIST incident response lifecycle?

    Tip

    A: 1. Preparation (plan, train, tools). 2. Detection & Analysis (triage, scope, impact). 3. Containment, Eradication & Recovery (stop the bleeding, remove the attacker, restore operations). 4. Post-Incident Activity (lessons learned, improve).

    Q6: What is the difference between AES and RSA?

    Tip

    A: AES is symmetric encryption (same key for encrypt and decrypt) — fast, used for bulk data encryption. RSA is asymmetric encryption (public/private key pair) — slow, used for key exchange and digital signatures. AES encrypts the data; RSA encrypts the AES key.

    Q7: What is Zero Trust?

    Tip

    A: A security model based on “never trust, always verify.” No user or device is trusted by default, regardless of whether they are inside or outside the network perimeter. Every access request must be authenticated, authorised, and encrypted.

    Q8: What is the OWASP Top 10?

    Tip

    A: A regularly updated list of the most critical web application security risks. 2021 edition: A01-Broken Access Control, A02-Cryptographic Failures, A03-Injection, A04-Insecure Design, A05-Security Misconfiguration, A06-Vulnerable Components, A07-Auth Failures, A08-Software/Data Integrity, A09-Logging/Monitoring, A10-SSRF.

    Q9: What is the most important skill for a cybersecurity professional?

    Tip

    A: The ability to LEARN continuously. Cybersecurity changes every day — new attacks, new tools, new defences. The specific technical skills you learn today may be obsolete in 2 years. The meta-skill of learning, adapting, and staying curious is what separates great security professionals from average ones.

    Q10: What is the single most important thing to remember about cybersecurity?

    Tip

    A: Security is a process, not a product. There is no “fire and forget” security solution. Every control requires continuous monitoring, tuning, and improvement. The organisations that get breached are not the ones with the weakest technology — they are the ones that stopped paying attention.