Home > Articles > Security Principles

Security Principles


  1. "Do I Know This Already?" Quiz
  2. Foundation Topics
  3. Exam Preparation Tasks

Chapter Description

In this sample chapter from CCNA Cyber Ops SECFND #210-250 Official Cert Guide, explore principles of the defense-in-depth strategy, risk assessments, and more.

Exam Preparation Tasks

Review All Key Topics

Review the most important topics in the chapter, noted with the Key Topic icon in the outer margin of the page. Table 3-2 lists a reference of these key topics and the page numbers on which each is found.


Table 3-2 Key Topics

Key Topic Element




Describe what are vulnerabilities



Define what are threats



Define threat actors



Describe what is threat intelligence and why is it useful



Define what are exploits



Describe confidentiality, integrity, and availability



Describe risk and risk analysis



Define and provides examples of PII



Define and provides examples of PHI



Decribe the principle of least privilege



Define what is a security operations center



Describe runbook automation



Define and describe chain of custody



Describe what is reverse engineering


Define Key Terms

Define the following key terms from this chapter, and check your answers in the glossary:

  • Vulnerabilities

  • threats

  • threat actors

  • exploits


The answers to these questions appear in Appendix A, “Answers to the ‘Do I Know This Already?’ Quizzes and Q&A Questions.” For more practice with exam format questions, use the exam engine on the website.

  1. Which of the following statements are true about vulnerabilities?

    1. A vulnerability is a threat on a system.

    2. A vulnerability is an exploitable weakness in a system or its design.

    3. Vulnerabilities can be found in protocols, operating systems, applications, hardware, and system designs.

    4. Vulnerabilities are exploits that are discovered every day in software and hardware products.

  2. On which of the following can exploit kits be run from?

    1. Web servers

    2. Email servers

    3. NTP servers

    4. Firewalls

  3. Which of the following are examples of exploit kits?

    1. Angler

    2. Mangler

    3. Blackhole

    4. Black ICE

  4. Which of the following describe what a threat is?

    1. Threats and vulnerabilities are the same.

    2. A threat is an exploit against a patched vulnerability.

    3. A threat is any potential danger to an asset.

    4. A threat is a piece of software aimed at exploiting a vulnerability.

  5. What is an IoC?

    1. An indicator of compromise

    2. An indicator of containment

    3. An intrusion operating control

    4. An intrusion of compromise

  6. Which of the following are provided by threat intelligence feeds?

    1. Indicators of compromise

    2. IP addresses of attacking systems

    3. The overall risk score of all vulnerabilities in the corporate network

    4. The overall risk score of threats in the corporate network

  7. The way you document and preserve evidence from the time you start the cyber forensics investigation to the time the evidence is presented in court is referred to as which of the following?

    1. Chain of compromise

    2. Custody of compromise

    3. Chain of forensics

    4. Chain of custody

  8. What are decompilers?

    1. Programs that take an executable binary file and attempt to produce readable high-level language code from it

    2. Programs that take a non-executable binary file and attempt to produce compiled code from it

    3. Programs that take a non-executable binary file and attempt to produce encrypted code from it

    4. Programs that execute a binary file and attempt to crack the encryption of it

  9. Which of the following are metrics that can measure the effectiveness of a runbook?

    1. Mean time to repair (MTTR)

    2. Mean time between failures (MTBF)

    3. Mean time to discover a security incident

    4. All of the above

  10. What is PHI?

    1. Protected HIPAA information

    2. Protected health information

    3. Personal health information

    4. Personal human information

There are currently no related articles. Please check back later.