Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CySA+ 2023 > 1A. Identify Security Control Types obj 5.3 > Flashcards

1A. Identify Security Control Types obj 5.3 Flashcards

1
Q

Role of Cybersecurity analyst

A

Responsible for protecting sensitive information and preventing unauthorised access to data and systems

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Duties of a Cybersecurity analyst

A
  1. Implementing and configuring security controls
  2. working in SOC or CSIRT
  3. auditing security processes and procedures
  4. maintaining up-to-date threat intelligence
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

SOC

A

Security Operations Centre
- A location where an organisation’s information assets are monitored and protected
- Hard to finance and maintain, used by larger orgs (gov, health) that deal with PII

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Key principle of a SOC

A

1) supported by organisational policies
2) balances size/presence without overstepping its bounds
3) motivated staff
4) perform incident response
5) collab with other SOCs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is Security Control?

A

Technology and procedures put into place to mitigate vulnerabilities and risk to ensure the CIAN of data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Name the 3 types of classes of controls

A

1) Technical (Logical)
- Implemented as a system (hardware, software, firmware)
2) Operational
- implemented by people rather than systems
3) Managerial
- provides oversight of the information system and addresses the design and implementation of security controls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are Preventative controls? Name an example.

A

A control that acts to eliminate or reduce likelihood that an attack can succeed. E.g., Security awareness training, hardening, security guards, account disablement policy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What are Detective controls? Name an example.

A

A control that does not deter or prevent access, but identifies and records any attempts of intrusion. E.g., SIEM. Log monitoring, motion detection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What are Corrective controls? Name an example.

A

A control that acts to eliminate or reduce the impact of an intrusion event. E.g., IPS, backup and recovery

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What are Physical Controls? Name an example.

A

Type of security control that acts against in-person intrusion attempts. E.g., CCTV, Security guards, Biometrics

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What are Deterrent controls? Name an example.

A

A security control that discourages instruction attempts. E.g., Cable locks, video surveillance, guards

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What are Compensating controls? Name an example.

A

A security control that acts as a substitute for a principle control that cannot be implemented due to financial, infrastructure, or impractical reasons. E.g., Encryption, TOTP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

CySA+ 2023 (15 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions