2.1

Question 1

Configuration management

Answer 1

Document os, patches, app updates, network modifications, new app instances etc

Identify and document settings

Rebuild these in instances if disasters occur

Use diagrams for networks and even physical wires

Ip schema

Question 2

Protecting data

Answer 2

So many locations so sec policies and encryption

Question 3

Data sovereighty

Answer 3

Laws per country depending on where the data resides like the gdpr in eu

Question 4

Data masking

Answer 4

Or obfuscation that hides data info lime receipts showing ***

Question 5

Diffusion

Answer 5

Change one character of input and make characters change in encryption output

Question 6

Data at rest

Answer 6

On a file on storage device like ssd, flash drivez

Need whole disk encryption, data base encryption or file folder level encryption

Then apply permissions

Question 7

Data in transit or motion

Answer 7

Going between switches, routers and devices,

need firewall or IPS to protect

Transport level encryption with transport level security (TLS) or IPsec (internet sec protocol)

Question 8

Data in use

Answer 8

In system ram, cpu registers and cache

Usually decrypted cause in use

Hackers can pick decrypted data from ram

Question 9

Tokenization

Answer 9

Replacing sensitive data with a non-sensitive placeholder

Question 10

Information rights management

Answer 10

Prevents certain function in doc like copy, paste, edit, screenshots etc and only allowing with permission

Question 11

Data loss prevention

Answer 11

Examining all data in use, in motion and at rest

Can block access To certain hardware like usb storage

There are also cloud based dlp, that observes traffic and restricts based on rules

Question 12

Managing security

Answer 12

Geographical considerations such as legal concerns when needing to do things in another country like passports and third parties and backups

Response and recovery to know next steps and document all from beginning to end

Question 13

Ssl/tls inspection

Answer 13

Secure sockets layer, transport layer to block incoming or outgoing info

Uses trusted CAs certificate authorities

Question 14

Ssl/tls proxy

Answer 14

Firewall ssl decrypt and internal CA

User has internal CA certs

Hello gets sent to server, intercepted by firewall and sents as proxy
To server, server sends back to firewall, and firewall creates new internal CA with internal encryption internally

Question 15

Api

Answer 15

Application programming interface needs control software and set it up securely because usually logins go through api

Hackers use on path attack to listen and learn the api and insert their own data using api injection

Can use web app firewall

Question 16

Site resiliency

Answer 16

Always have back ups, synchronized, the ability to change locations if disaster occurs

Therefore need process and procedures to move back and forth.

There are hot sites (exactly the same), warm sites (mix of both, some equipment) and cold sites (room with racks but no equipment, data or apps)

Question 17

Honey pots

Answer 17

Attract bad guys and trap them there, a virtual world thats fake like a vm that trapped scammers

The more honeypots it becomes a honeynet

Inside are honey files that act as bait (passwords.txt) then we receive an alert

Question 18

Fake telemetry

Answer 18

Train data with machine learning, to show what bad data is what malware is so identification is easier. Fake telemetry can fake that the malware is good

Question 19

Dns sinkholes

Answer 19

Dns that hands out incorrect ip address
Best for intel gathering to configure a sinkhole for whoever tries to find a certain site and goes with IPS