Principles of Security

THM Room https://tryhackme.com/room/principlesofsecurity

  • Let's proceed  !

No Answer

  • What element of the CIA triad ensures that data cannot be altered by unauthorised people ?

Answer : Integrity

  • What element of the CIA triad ensures that data is available ?

Answer : Availability

  • What element of the CIA triad ensures that data is only accessed by authorised people ?

Answer : Confidentiality

  • What does the acronym "PIM" stand for ? 

Answer : Privileged Identity Management

  • What does the acronym "PAM" stand for ?

Answer : Privileged Access Management

  • If you wanted to manage the privileges a system access role had, what methodology would you use ?

Answer : PAM

  • If you wanted to create a system role that is based on a users role/responsibilities with an organisation, what methodology is this?

Answer : PIM

  • What is the name of the model that uses the rule "can't read up, can read down" ? 

Answer : The Bell-la Padula Model

  • What is the name of the model that uses the rule "can read up, can't read down" ?

Answer : The Biba Model

  • If you were a military, what security model would you use ?

Answer : The Bell-la Padula Model

  • If you were a software developer, what security model would the company perhaps use ?

Answer : The Biba Model

  • What model outlines "Spoofing" ?

Answer : STRIDE

  • What does the acronym "IR" stand for ?

Answer : Incident Response

  • You are tasked with adding some measures to an application to improve the integrity of data, what STRIDE principle is this ?

Answer : Tampering

  • An attacker has penetrated your organisation's security and stolen data. It is your task to return the organisation to business as usual. What incident response stage is this ?

Answer : Recovery