2.1 Enterprise Security Concepts

Question 1

What is the importance of configuration management and documentation?

Answer 1

Mainly to allow easy manual re-configuration of devices should there be a failure or catastrophe

Question 2

What is the importance of network diagrams?

Answer 2

To know where devices are on the network and how they are physically connected to each other

Question 3

What is the importance of baseline configurations? (2)

Answer 3

1. ensure new equipment is configured correctly
2. check to ensure that existing equipment is properly configured

Question 4

What is the importance of standard naming conventions?

Answer 4

Standard naming conventions allow for easy identification of equipment, such as if the device is a router, switch, user workstation, etc..

Question 5

What is the importance of an IP Schema? (2)

Answer 5

1. Identifying physical location of an IP address
2. Identifying type of equipment by IP address

Question 6

Define data sovereignty

Answer 6

Laws and regulations for data based on the location of the data, i.e. data collected on EU citizens must physically reside in the EU

Question 7

What is masking (relative to data)?

Answer 7

A technique to protect sensitive data, such as only display the last 4 numbers of a credit card and replacing the rest of the numbers with asterisks

Question 8

What is data at rest and how can it be protected?

Answer 8

Data at rest is data that is stored on a storage device, such as SSD. Encryption and file/folder permissions can be used to protect this data.

Question 9

Define data in transit/motion and how to protect it

Answer 9

1. Data that is being transmitted across a network
2. Encryption and network devices, such as a firewall

Question 10

Define data in-processing and how it is vulnerable

Answer 10

Data in-processing is data that is in the memory or other system caches. It is not encrypted and vulnerable if access is gained to those hardware resources

Question 11

What is tokenization?

Answer 11

Replacing data with data different from the original data. For example, instead of transmitting credit card numbers, a token is transferred across the network that can be used to identify the credit number

Question 12

What is information rights management?

Answer 12

Protecting a document by only allowing certain actions based on the user. For example, denying copy/paste from a document.

Question 13

What is DLP?

Answer 13

Data-Loss Prevention, intelligent systems that inspect and identify sensitive information and prevent it from exfiltrating the organization

Question 14

Define response and recovery

Answer 14

Pre-determined and documented procedures need to be defined to follow in case of an attack or catastrophe to stop the threat and recover from the event

Question 15

Define SSL/TLS Inspection

Answer 15

A host or device that acts as a man-in-middle to decrypt and re-encrypt network traffic to allow monitoring/inspection of network traffic

Question 16

Importance of hashing in an enterprise environment - 3 uses

Answer 16

Using strong hashing, like SHA256, is important to:
1. protect passwords
2. create strong digital signatures
3. prevent encryption from being cracked via brute force

Question 17

API Security concerns

Answer 17

API traffic must be monitored, encrypted, and properly secured with permissions to limit access and actions using principle of least privilege

Question 18

Define Site Resiliency: Hot Site

Answer 18

An exact replica of the network at an alternate location; all data and configurations are kept in-sync with the live environment

Question 19

Define Site Resiliency: Cold Site

Answer 19

A site containing empty racks; all devices and data must be setup and restored from backups

Question 20

Define Site Resiliency: Warm Site

Answer 20

In-between a hot and cold site; has some equipment to get your network back up and running in a relatively short time frame

Question 21

Define Honeypot

Answer 21

A system or series of systems designed to look like a real environment to bait attackers and monitor what exploits are attempted against it

Question 22

Define Honeynet

Answer 22

Multiple honeypots designed to gather more intel on exploits attempted by threat actors

Question 23

Define Honeyfiles

Answer 23

Files to attract the attention of threat actors to determine what type of information they are interested in accessing, such as “passwords.txt”

Question 24

Define Fake Telemetry in relation to AI

Answer 24

Attackers feeding data to AI during its learning phase in order to alter its behavior, such as a specific malware program that the AI learns to identify as a good program

Question 25

Define DNS Sinkhole

Answer 25

A DNS server that provides responses to direct traffic to alternate websites, instead of the valid website. Can be used by attackers or by IT Security to monitor users attempted access to known malicious sites