2.1 Security Measures

Question 1

Logical controls

Answer 1

Prevent or allow access to resources once a user’s identity has been established. Can be hardware or software.

Question 2

Auditing of logical controls

Answer 2

Once-off; examining the controls and procedures in place

Question 3

Monitoring of logical controls

Answer 3

Ongoing checks of the controls and procedures in place

Question 4

Managerial controls

Answer 4

Focuses on the design of the security or the policy implementation associated with the security

Question 5

List three controls that fall under ‘managerial’

Answer 5

• Data classification and labelling
• Personnel supervision
• Security awareness training

Question 6

Operational controls

Answer 6

Controls managed by people

Question 7

Give two examples of operational controls

Answer 7

Guards at the front doors; security awareness training

Question 8

Technical controls

Answer 8

Using own systems to prevent security events from occurring

Question 9

Give two examples of technical controls

Answer 9

Firewall on the network; antivirus on workstations

Question 10

Provide one advantage and one disadvantage of see-through fences

Answer 10

Employees and guards can see incoming threats; outsides can see inside the property

Question 11

Provide one advantage and one disadvantage of non see-through fences

Answer 11

Outsiders are prevented from seeing in, but employees and guards can’t see incoming threats

Question 12

What are some considerations when installing bollards?

Answer 12

Will they protect the most vital assets?
Do they still integrate with the environment so as not to be off-putting to customers/staff?

Question 13

List two best practices for lighting

Answer 13

Always on and having motion sensors

Question 14

Preventive control

Answer 14

Prevents access to a particular area

Question 15

Give three examples of preventive controls

Answer 15

• Locks on a door
• Security guard
• Firewall

Question 16

Detective control

Answer 16

Identifies and records that a security event has occurred but may not be able to prevent access

Question 17

Give two examples of a detective control

Answer 17

• Motion sensor
• IDS

Question 18

Corrective control

Answer 18

Designed to mitigate any damage that has occurred because of a security event

Question 19

Give two examples of a corrective control

Answer 19

• IPS
• Offsite backup

Question 20

Deterrent

Answer 20

A security measure that may deter someone from performing and intrusion

Question 21

Compensating control

Answer 21

Attempts to recover from an intrusion by compensating for the issues caused

Question 22

Give two examples of a compensating control

Answer 22

• Buying a new device and restoring from backup to replace an old one
• Having a generator in case of loss of power

Question 23

Physical control

Answer 23

Something tangible that would prevent the security event

Question 24

Proximity alarm

Answer 24

Alarm that turns on when there is movement in a certain area

Question 25

Duress alarm

Answer 25

Can be manually triggered by someone when there is a threat

Question 26

What may a mechanically operated lock also be referred to as?

Answer 26

Cipher lock

Question 27

What is bad about fingerprint readers?

Answer 27

They are considered a hygiene issue

Question 28

Name two security measures that could be used to protect a data cabinet

Answer 28

- Chassis lock - Faceplate

Question 29

List three types of badge readers that can be used as a way to log into a computer

Answer 29

- Magnetic strip - Smart card - RFID

Question 30

Are badge readers contact or non contact based?

Answer 30

Contact-based

Question 31

DAC

Answer 31

Object access is determined via and access policy set by the object's owner

Question 32

What are the two fundamental rules of DAC?

Answer 32

- Every object in a system must have an owner - Each owner must determine the access rights and permissions for each object

Question 33

MAC

Answer 33

An access control policy that is uniformly enforced across all subjects and objects within the boundary of an information system

Question 34

What is the primary use case of MAC and why?

Answer 34

In organisations that deal with highly sensitive data (e.g. military, government, healthcare) because it has a high, centralised level of control

Question 35

How are MAC criteria defined and enforced?

Answer 35

Defined by the system admin and enforced by the OS or security kernel. They cannot be altered by end users

Question 36

What are the two factors that MAC considers when restricting access to a resource?

Answer 36

Sensitivity of information and authorisation level of the user

Question 37

RBAC

Answer 37

Users are assigned permissions based on their role (and placed in groups) rather than being assigned permissions individually

Question 38

Power user

Answer 38

A user with more rights than a normal user but not as many as an administrator

Question 39

Zero-trust

Answer 39

A security framework that requires ALL users inside or outside the organisation to be authenticated, authorised and validated

Question 40

What are the four steps to implementing a zero-trust framework?

Answer 40

1. Reexamine all default access controls 2. Employ a variety of prevention techniques and defense in depth 3. Enable real-time monitoring and controls to identify and stop malicious activity 4 . Ensure the network's zero-trust architecture aligns with a broader security strategy

Question 41

MFA

Answer 41

Using two or more factors to prove a user's identity

Question 42

What are the five factors of MFA?

Answer 42

- Knowledge - Ownership - Characteristic - Location - Action

Question 43

TOTP

Answer 43

A computer algorithm that generates a one-time password using the current time as a source of uniqueness

Question 44

HOTP

Answer 44

Password is computed from a shared secret and synchronised across the client and the server

Question 45

In-band authentication

Answer 45

Identity signals that rely on the same system that is requesting user authentication (verifies within the primary channel)

Question 46

Out-of-band authentication

Answer 46

Uses a separate channel for verification

Question 47

Is in-band or out-of-band authentication more secure?

Answer 47

Out-of-band

Question 48

EMM

Answer 48

The set of people, processes and technology that enable centralised management and control of corporate mobile devices

Question 49

Give three elements of EMM

Answer 49

- Tracking - Controlling - Securing

Question 50

Contrast EMM and MDM

Answer 50

EMM uses policies and tools to manage the entire mobile ecosystem, whereas MDM focuses on simple management of devices and uses more technical controls

Question 51

When would you set a phone to remote wipe?

Answer 51

- Incorrect password entered too many times - Device attempts to connect to a network and doesn't meet baseline requirements

Question 52

List 6 technical controls used in MDM

Answer 52

- Application control - Password/passcode functionality - MFA requirements - Token-based access - Patch management - Remote wipe

Question 53

List 7 settings that can be used to manage security in the AD

Answer 53

- Domain-based security - Security group - Organisational unit - Group policies - Login scripts - Home folders - Folder redirection

Question 54

How can you assign permissions to a security group in AD?

Answer 54

- Group policies - Login scripts - Access control list

Question 55

What is an organisational unit

Answer 55

A way of dividing the domain into different administrative realms

Question 56

Group policies

Answer 56

Allow for configuration of computer and user profile settings

Question 57

Home folder

Answer 57

Private drive mapped to a network share

Question 58

Folder redirection

Answer 58

Redirecting the path of a known folder to a new location. Can be done manually or by group policy, and can be a local folder or a directory on a file share