1.6 Vulnerabilities & Security Concerns

Question 1

Security concerns of a zero-day vulnerability

Answer 1

1. Nearly impossible to defend against a vulnerability that is unknown
2. Important to keep up to date on newly emerging vulnerabilities

Question 2

Security concern of open permissions

Answer 2

When data is stored across different systems it becomes easier to make a configuration mistake leaving open access to the data

Question 3

Security concern of unsecure root/admin accounts

Answer 3

Hackers could gain access to a system if the root/admin accounts have default, weak, or unset passwords

Question 4

Security concern of app error messages

Answer 4

Not properly masking app error messages could expose valuable information an attacker could use to breach a system

Question 5

Security concerns of weak encryption protocols

Answer 5

Use of weak encryption protocols could expose sensitive data. Also important to keep up to date on encryption protocols to ensure that data is not exposed

Question 6

Security concerns of unsecure protocols

Answer 6

Many protocols, such as HTTP, FTP, Telnet, send data in clear text without encryption exposing transmitted data

Question 7

Security concerns of default settings

Answer 7

Some devices have default admin passwords set or default settings that are unsecure. Ensure any new devices are properly configured and secured before live use.

Question 8

Security concerns of open ports/services

Answer 8

It is easy to mis-type when creating ACLs or forget to block unused ports which creates an opening for attackers to exploit

Question 9

Security concerns of using third-party vendors

Answer 9

Third-party vendors often have direct access to data and hardware. Must monitor and check all services provided by third-party vendors to ensure that everything is secure

Question 10

What is a key security concern of systems integration with external systems?

Answer 10

Ensuring those systems share the same security standards as your organization

Question 11

What is a key security concern involving lack of vendor support

Answer 11

When evaluating products from vendors it is important to ensure that they provide adequate support and system updates/patches

Question 12

Security concerns/risks of supply chain

Answer 12

Equipment/software could be compromised prior to delivery from a vendor

Question 13

3 key practices to address security concerns of outsourced development

Answer 13

1. Block access to production environment
2. Don’t provide sensitive data for testing purposes
3. review all code to ensure integrity and no back doors

Question 14

Security concerns of outsourced data storage

Answer 14

Must ensure that all data is stored and transmitted with proper security per organization standards and legal regulations

Question 15

What are the 3 key software types to include in a patch management plan

Answer 15

Firmware, Operating System, Applications

Question 16

Security risks associated with legacy platforms

Answer 16

Legacy platforms are often full of security vulnerabilities and must be isolated to mitigate the damage of a security breach