701 - Chapter 1 Flashcards
What prevents the unauthorized disclosure of information, it keeps secret information secret?
Confidentiality
What prevents the unauthorized alteration of information or systems. It keeps our information safe from unintentional or accidental changes.
Integrity
What insurer authorized users are able to access information and systems when they need them?
Availability
What are the two ways to ensure confidentiality?
Encryption and access controls
Within access controls, what are the three core identity and access management activities that help ensure that only authorized person can access data?
Identification, authentication, authorization
Within access controls, users claim and identity with a unique username. What is this called?
Identification
Within access control, what is it called when users prove their identity for example with a password?
Authentication
Within access control, this can grant or restrict access to resources uses using such things as permissions, what is this called?
Authorization
You can increase availability by adding what and what? Give some examples.
Fault tolerance, and redundancy… RAID, failover clusters, backups, generators
What is a common goal of fault tolerance, and redundancy techniques?
To remove each single point of failure, SPOF
RAID is an example of what type of redundancy?
Disc
Failover clusters are an example of what type of redundancy?
Server
Load balancing uses multiple servers to support a single service such as a high volume website, what type of redundancy is that?
Network
UPS and power generators can provide power to key systems if commercial power fails, what type of redundancy is this?
Power
What is it called to put two or more network cards in a single server? And what type of redundancy is this?
NIC teaming…network
What are two things that can contribute to high availability?
Scalability and elasticity
What are the two types of scalability?
Horizontal and vertical
Adding additional servers would be an example of this type of scalability? Adding additional resources (for example, adding more RAM) to the existing servers is an example of this type of scaling?
Horizontal and vertical
What is called when scalability is automated by having the system add and remove resources as needed?
Elasticity
What is an alternative to seeking the highest possible availability?
resiliency
Resiliency methods help system _____ themselves or recover from _____ with minimal downtime?
Heal and Faults
Resiliency methods also expect components to do what with fail processes? Give an example.
Retry… Examples would include the chrome browser and also TCP packets, when failing to reach the destination, TCP packets will be resent
Organizations frequently need to balance resource availability with what? And why is this difficult to do?
Security constraints… it is difficult because when applying security constraint, such as encryption, it will require more memory and processing power in addition to slowing down applications
What is the possibility or likelihood of a threat exploiting a vulnerability resulting in a loss?
Risk
What is any circumstance or event that has the potential to compromise CIA?
Threat
What is another name for a weakness?
A vulnerability
What is an adverse event or series of events that can negatively affect the CIA of an organizations IT?
A security incident
What are four types of threats?
Insider, an outside attacker, natural, accidental
What is the process of reducing the chances that a threat will exploit of vulnerability or reduces the impact of the threat?
Risk mitigation
What do organizations implement to help mitigate risk?
Security controls also called counter measures and safeguards
What are some examples of technical controls?
Encryption, antivirus software, IDS and IPS, firewalls , least privilege
Where are managerial controls typically documented?
In an organizations written security policy
What type of control is implemented by people who performed the day-to-day operations to comply with an organizations overall security plan?
Operational controls
What are three ways of assessing risk within managerial controls?
Quantitative and qualitative risk assessments, vulnerability assessments
What are the three families of operational controls?
Awareness and training, configuration management, media protection
Name some examples of the preventative control type?
Hardening, training, security guards, account disablement process, IPS
What control type is put in place to discourage a threat? Give some examples.
Deterrent… Warning signs and login banners
This type of control is used to discover an event after it has occurred? Give some examples.
Detective… Log monitoring, SIEM Systems, security audit, video surveillance, motion detection, IDS
This control type attempts to reverse the impact of an incident or problem after it has occurred? Give some examples.
Corrective… Back ups/system recovery and incident handling processes
This control type provides an alternate control instead of using a primary control?
Compensating
This control type is designed to provide instruction to individuals and how they should handle security related situations that arise? Give some examples.
Directive… Policy, standards, procedures, guidelines and change management
What are the three primary windows operating system logs?
Security, system, application
What directory does Linux Systems store logs in?
/var/log
Which Lennox log contain a wide variety of general system Messages including startup, mail, kernel messages?
Syslog or messages
Which Linux log contains information related to authentication and authorization of user sessions?
Secure log
What are three examples of network logs?
Firewall, IPS/IDS, packet captures
What is the type of application log that follows the W3C common log format?
Web server logs
Within an SIEM system, what is called the process of combining several similar items into a single similar format?
Log aggregation
Within an SIEM system, what is the software component used to collect an analyze event log data from various systems within the network?
The correlation engine
Within an SIEM system, this focuses on what users are doing such as application and network activity, and is looking for abnormal patterns of activity that may indicate malicious intent?
User behavior analysis, UBA
What are the agents that an SIEM system places on Systems throughout a network called? These collect logs and send the logs to the SIEM system.
Sensors
What are some common elements in a SIEM dashboard?
Sensors, alerts, correlation, trends
What is the protocol that specifies a general log entry format and the details on how to transport log entries?
Syslog
The system sending Syslog messages is called what? And what is the recipient of the syslog entries?
Originators and collectors
