25 Flashcards
The term “Forensic artifact” is used to describe an unintentional trace of an attacker activity that can be identified on a host or network. Forensic artifacts include information that can be extracted from (among other sources) registry keys (applies to MS Windows), event logs, timestamps, web browser search history, or files left in the system trash folder.
True
Which of the following can be used to validate the origin (provenance) of digital evidence? (Select 2 answers)
Hashing
Checksums
The process of searching, collecting, and securing electronic data with the intent of using it in a legal proceeding or investigation is known as:
** E-discovery **
E-discovery is a form of digital investigation that attempts to find evidence in email, business communications and other data that could be used in litigation or criminal proceedings. The traditional discovery process is standard during litigation, but e-discovery is specific to digital evidence.
The term “Non-repudiation” describes the inability to deny responsibility for performing a specific action. In the context of data security, non-repudiation ensures data confidentiality, provides the proof of data integrity, and proof of data origin.
False
Which of the following answers can be used to describe the category of managerial security controls? (Select 3 answers)
- Also known as administrative controls
- Focused on managing risk
- Documented in written policies
Which of the following examples fall into the category of managerial security controls? (Select 3 answers)
- Organizational security policy
- Risk assessments
- Vulnerability assessments
Which of the following answers can be used to describe the category of operational security controls (Select 3 answers)
- Focused on the day-to-day procedures of an organization
- Used to ensure that the equipment continues to work as specified
- Primarily implemented and executed by people (as opposed to systems)
Which of the following examples fall into the category of operational security controls? (Select 3 answers)
- Configuration management
- Data backups
- Awareness programs
Which of the following answers can be used to describe the category of technical security controls (Select 3 answers)
- Sometimes called logical security controls
- Executed by computer systems (instead of people)
- Implemented with technology
Which of the answers listed below refer to examples of technical security controls? (Select 3 answers)
- Encryption protocols
- Firewall ACLs
- Authentication protocols
What are the examples of preventive security controls? (Select 3 answers)
- Security guards
- System hardening
- Separation of duties
Which of the following answers refer to examples of detective security controls (Select all that apply)
- Log monitoring
- Security audits
- CCTV
- IDS
Which of the answers listed below refer to examples of corrective security controls? (Select all that apply)
- IPS
- Backups and system recovery
- Alternate site
- Fire suppression system
Examples of deterrent security controls include: (Select 3 answers)
- Warning signs
- Lighting
- Login banners
Which of the following answers refer to compensating security controls? (Select all that apply)
- Backup power system
- Sandboxing
- Temporary port blocking
- Temporary service disablement