TryHackMe: Principles of Security a Walkthrough
This is a step-by-step walkthrough of TryHackMe’s Principles of Security room, with screenshots.
Task 1: Introduction
Read the material
Question 1: No answer required
Task 2: The CIA Triad
Question 2: What element of the CIA triad ensures that data cannot be altered by unauthorized people?
Per THM: Integrity
Question 3: What element of the CIA triad ensures that data is available?
Per THM: Availability
Question 4: What element of the CIA triad ensures that data is only accessed by authorized people?
Per THM: Confidentiality
Task 3: Principles of Privileges
Question 5: What does the acronym “PIM” stand for?
Per THM: Privileged Identity Management
Question 6: What does the acronym “PAM” stand for?
Per THM: Privileged Access Management
Question 7: If you wanted to manage the privileges a system access role had, what methodology would you use?
Per THM: PAM
Question 8: If you wanted to create a system role that is based on a user's role/responsibilities with an organization, what methodology is this?
Per THM: PIM
Task 4: Security Models Continued
Question 9: What is the name of the model that uses the rule “can’t read up, can read down”?
Per THM: The Bell-LaPadula Model
Question 10: What is the name of the model that uses the rule “can read up, can’t read down”?
Per THM: The Biba Model
Question 11: If you were a military, what security model would you use?
Per THM: The Bell-LaPadula Model
Question 12: If you were a software developer, what security model would the company perhaps use?
Per THM: The Biba Model
Task 5: Threat Modelling & Incident Response
Question 13: What model outlines “Spoofing”?
Per THM: STRIDE
Question 14: What does the acronym “IR” stand for?
Per THM: Incident Response
Question 15: You are tasked with adding some measures to an application to improve the integrity of data, what STRIDE principle is this?
Per THM: Tampering
Question 16: An attacker has penetrated your organization's security and stolen data. It is your task to return the organization to business as usual. What incident response stage is this?
Per THM: Recovery
Thank you for reading. If you think I bring you value, please clap and subscribe for more content.