TryHackMe: Principles of Security a Walkthrough

This is a step-by-step walkthrough of TryHackMe’s Principles of Security room, with screenshots.

TryHackMe | Principles of Security

TryHackMe Screenshot

Task 1: Introduction

Read the material

Question 1: No answer required

TryHackMe Screenshot

Task 2: The CIA Triad

Question 2: What element of the CIA triad ensures that data cannot be altered by unauthorized people?
Per THM: Integrity

TryHackMe Screenshot

Question 3: What element of the CIA triad ensures that data is available?
Per THM: Availability

TryHackMe Screenshot

Question 4: What element of the CIA triad ensures that data is only accessed by authorized people?
Per THM: Confidentiality

TryHackMe Screenshot

Task 3: Principles of Privileges

Question 5: What does the acronym “PIM” stand for?
Per THM: Privileged Identity Management

TryHackMe Screenshot

Question 6: What does the acronym “PAM” stand for?
Per THM: Privileged Access Management

TryHackMe Screenshot

Question 7: If you wanted to manage the privileges a system access role had, what methodology would you use?
Per THM: PAM

TryHackMe Screenshot

Question 8: If you wanted to create a system role that is based on a user's role/responsibilities with an organization, what methodology is this?
Per THM: PIM

TryHackMe Screenshot

Task 4: Security Models Continued

Question 9: What is the name of the model that uses the rule “can’t read up, can read down”?
Per THM: The Bell-LaPadula Model

TryHackMe Screenshot

Question 10: What is the name of the model that uses the rule “can read up, can’t read down”?
Per THM: The Biba Model

TryHackMe Screenshot

Question 11: If you were a military, what security model would you use?
Per THM: The Bell-LaPadula Model

TryHackMe Screenshot

Question 12: If you were a software developer, what security model would the company perhaps use?
Per THM: The Biba Model

TryHackMe Screenshot

Task 5: Threat Modelling & Incident Response

Question 13: What model outlines “Spoofing”?
Per THM: STRIDE

TryHackMe Screenshot

Question 14: What does the acronym “IR” stand for?
Per THM: Incident Response

TryHackMe Screenshot

Question 15: You are tasked with adding some measures to an application to improve the integrity of data, what STRIDE principle is this?
Per THM: Tampering

TryHackMe Screenshot

Question 16: An attacker has penetrated your organization's security and stolen data. It is your task to return the organization to business as usual. What incident response stage is this?
Per THM: Recovery

TryHackMe Screenshot

Thank you for reading. If you think I bring you value, please clap and subscribe for more content.