2.1 Security Concepts in Enterprise Environments

Question 1

Why is it important to keep up with configuration management?

Answer 1

Change is the only constant

Question 2

This is the configuration to which all devices on a network should be conforming to. Integrity measurements should be checked against this configuration.

Answer 2

Baseline config

Question 3

Data that resides in a country is subject to the laws of that country.

Answer 3

Data Sovereignty

Question 4

The act of hiding some of the original data in order to protect sensitive data like PII. Usually only protected from view, data is still intact in storage.

Answer 4

Data masking

Question 5

The process of encoding information into unreadable data

Answer 5

Data encryption

Question 6

Used to describe data that is on a storage device, often encrypted and given appropriate permissions.

Answer 6

Data at-rest

Question 7

Description of data that it is being transmitted over a network. Less protection that data at rest

Answer 7

Data in transit

Question 8

Describes data that is actively processing in a computer’s memory or CPU cache. Almost always decrypted at this state.

Answer 8

Data in use

Question 9

This method is used to replace sensitive data with a benign placeholder. No encryption is involved.

Answer 9

Tokenization.

Question 10

What does information rights management (IRM) designate?

Answer 10

How data is used

Restricts data access

Question 11

System used for stopping data leakages before attackers can get to them

Answer 11

Data Loss Prevention (DLP)

Question 12

What areas can a DLP system be installed to prevent data leakage?

Answer 12

Endpoint (PC)

Network

Servers

Cloud

Question 13

What is one of the largest geographical considerations when storing data in other states or in other countries?

Answer 13

Legal implications

Question 14

What are 3 major goals of an Incident Response Plan?

Answer 14

Identify the attack

Contain the attack

Limit impact of an attack

Question 15

What is being inspected when you are performing an SSL Inspection?

Answer 15

If the trusted certificate between the browser and the web server has been signed

Question 16

True or false: When a PC sends a hello message to a web server on a network with SSL inspection on the firewall, the SSL decrypter on the firewall does not send it’s own proxy hello message to the web server.

Answer 16

False

Question 17

Composed of a short string of letters and numbers, also known as a message digest

Answer 17

Hash

Question 18

True or false: It is possible to recover the original message from a message digest created using a hashing function.

Answer 18

False

Question 19

What is a major consideration to hashing when it comes to reapeat data?

Answer 19

Collisions are possible

Question 20

This interface is commonly used to perform mobile app processes such as login pages. Can be subject to on-path attacks involving replaying received commands, as well as injection.

Answer 20

Application Programming Interface (API)

Question 21

Type of firewall used to protect applications over the web. Often used to protect APIs

Answer 21

WAF - Web application firewall

Question 22

What are two important security areas to consider when implementing an API?

Answer 22

Authentication - limit access

Authorization - keep roles limited

Question 23

Recovery site:

• An exact replica
– Duplicate everything
• Stocked with hardware
– Constantly updated
– You buy two of everything
• Applications and software are constantly updated
– Automated replication
• Flip a switch and everything moves

Answer 23

Hot site

Question 24

Recovery site:

• No hardware
– Empty building
• No data
– Bring it with you
• No people
– Bus in your team

Answer 24

Cold Site

Question 25

Recovery site:

• Somewhere between cold and hot
– Just enough to get going
• Big room with rack space
– You bring the hardware
• Hardware is ready and waiting
– You bring the software and data

Answer 25

Warm site

Question 26

A trap intended to lure in bad guys and keep them trapped there.

Answer 26

Honeypot

Question 27

Term referring to a network of honeypots

Answer 27

Honeynets

Question 28

Files created on a network to intentionally lure in attackers. Acts as an alert when file is accessed.

Answer 28

Honeyfile

Question 29

This method of deception involves sending false information to a machine learning AI which makes malicious malware look benign.

Answer 29

Fake telemetry

Question 30

A DNS server that hands out incorrect IP addresses

Can be bad: attacker can redirect traffic to a malicious site

Can be good: detects devices trying to access a malicious IP and redirects them back into the network

Answer 30

DNS Sinkhole