9. Resilience & Physical security Flashcards
What are the key components of physical security?
- Bollards
- Access control vestibule
- Fencing
- Video surveillance
- Security guard
- Access badge
- Lighting
- Sensors
These components work together to enhance the overall security posture of an organization.
What types of physical attacks are mentioned?
- Brute force
- Radio frequency identification (RFID) cloning
- Environmental
Understanding these types of attacks is crucial for implementing effective security measures.
What are the considerations for security architecture?
- Availability
- Resilience
- Cost
- Responsiveness
- Scalability
- Ease of deployment
- Risk transference
- Ease of recovery
- Patch availability
- Inability to patch
- Power
- Compute
These factors influence the effectiveness and efficiency of security systems.
What is the difference between load balancing and clustering?
Load balancing distributes workloads across multiple resources while clustering involves connecting multiple computers to work together as a single system.
Both techniques are important for achieving high availability.
What are the types of site considerations for resilience?
- Hot
- Cold
- Warm
- Geographic dispersion
These site types help organizations plan for disaster recovery and continuity of operations.
What is included in capacity planning?
- People
- Technology
- Infrastructure
Effective capacity planning ensures that an organization can handle expected workloads and emergencies.
What are the different types of testing methods for resilience?
- Tabletop exercises
- Failover
- Simulation
- Parallel processing
These methods help organizations prepare for and respond to incidents.
What are key aspects of backups?
- Onsite/offsite
- Frequency
- Encryption
- Snapshots
- Recovery
- Replication
- Journaling
Backups are essential for data preservation and recovery during failures.
What is the role of power management in resilience?
- Generators
- Uninterruptible power supply (UPS)
Reliable power sources are critical for maintaining operations during outages.
True or False: Resilience is a part of the availability leg of the CIA triad.
True
The CIA triad stands for Confidentiality, Integrity, and Availability.
Fill in the blank: Physical access to systems, networks, and devices is one of the easiest ways to ______ security controls.
[bypass]
This highlights the importance of physical security measures.
What are response and recovery controls designed to ensure?
They help to ensure that an organization can remain online and recover from issues.
These controls are vital for maintaining business continuity.
What is the importance of establishing restoration order for systems and devices?
It ensures that critical systems are prioritized during recovery processes.
This helps minimize downtime and impact on operations.
What are the three components of the CIA triad?
Confidentiality, Integrity, Availability
Why is availability critical for an organization’s security?
Systems that are offline or unavailable do not meet business needs.
What is continuity of operations?
Ensuring that operations continue despite issues like system failures or natural disasters.
What is a common method to build resilience in systems?
Redundancy
Define single point of failure.
A point where the failure of a single device or connection can disrupt the entire system.
What is geographic dispersion in the context of redundancy?
Placing datacenters at least 90 miles apart to prevent disasters from disabling multiple facilities.
What is the purpose of load balancing?
To distribute loads among multiple systems or services, providing redundancy and increasing performance.
What does clustering refer to in system design?
Groups of computers connected to perform the same task, providing redundancy through scale.
What is the role of uninterruptible power supply (UPS) systems?
To provide backup power options for short outages.
What is platform diversity?
Using different technologies and vendors to make systems less vulnerable to attacks or failures.
What are the architectural considerations for security design?
Availability targets, resilience, cost, responsiveness, scalability, ease of deployment, risk transference, ease of recovery, patch availability, and power consumption.
What is RAID used for?
To use multiple disks for data protection, ensuring data is not lost during disk failures.
Describe RAID 0.
Data is striped across all drives for better I/O performance but is not fault tolerant.
What is the advantage of RAID 1?
High read speeds and data availability if a drive fails.
What does RAID 5 provide?
Striping with parity, allowing for recovery from a single drive failure.
What is the difference between full, incremental, and differential backups?
Full: copies entire system; Incremental: captures changes since last backup; Differential: captures changes since last full backup.
What is replication in data management?
Copying live data to another location or device continuously as changes are made.
Define journaling.
Creating a log of changes that can be reapplied if an issue occurs.
True or False: Journaling eliminates the need for backups.
False
What are recovery point objectives (RPOs)?
Determinations of how much data loss is acceptable.
What are recovery time objectives (RTOs)?
Determinations of how long recovery can take without significant damage.
What is a snapshot in data backup?
A complete capture of the state of a system at a specific point in time.
What is the primary use of forensic images?
To capture a bitwise copy of an entire storage device with data validation.
What is a gold master image?
A non-modified image used for creating nonpersistent systems in virtualization.
Fill in the blank: Backup frequency should be determined by the rate of change, the organization’s tolerance for _______.
data loss
What is a gold master image in virtualization systems?
A gold master image is a base image used to create nonpersistent systems that remain unchanged after shutdown.
Why is it important to validate backup copies?
Validation ensures that the backup matches the original file, confirming its integrity.
What factors should organizations consider when choosing backup media?
- Capacity
- Reliability
- Speed
- Cost
- Expected lifespan
- Reusability
Which backup media option has historically been one of the lowest-cost-per-capacity?
Tape
What are the advantages of using disks for backup over tape?
Disks are typically faster, although more expensive for the same capacity as tape.
True or False: Optical media like Blu-ray discs are commonly used for large-scale backups.
False
Fill in the blank: Flash media like microSD cards and USB thumb drives are often used for _______.
short-term copies and longer-term backups
What is the key difference between online and offline backups?
Online backups are always available, while offline backups need to be retrieved from a storage location.
What are nearline backups?
Backup storage that is not immediately available but can be retrieved within a reasonable time, often without human involvement.
What type of cloud backup provides lower prices for slower access times?
Long-term archival storage models like Amazon’s S3 Glacier.
How has the changing model for backups affected what is backed up?
Instead of backing up systems, the code that defines them and key data is backed up.
What is off-site storage?
A method of storing backup media at a location separate from the primary site to ensure data safety.
What are some risks associated with poorly executed off-site storage?
Lack of distance from the primary site, inadequate security during transit, and lack of encryption.
What bandwidth considerations should organizations keep in mind for off-site backups?
Bandwidth for backups and restoration time, especially for low bandwidth locations.
What is a key security consideration for backups in remote storage?
Encryption of data both at rest and in transit.
What role do encryption keys play in backup recovery?
They are critical for restoring backups; losing access to keys means losing the backups.
True or False: Cloud providers often have lower reliability rates than local tape or disk options.
False
What types of controls are necessary for using third-party backup services?
Separation of accounts, additional controls, and encryption of data.
What are response controls?
Controls used to allow organizations to respond to an issue, whether it is an outage, a compromise, or a disaster.
What is the main focus of recovery controls?
Returning to normal operations.
Define nonpersistence in the context of response controls.
The ability to have systems or services that are spun up and shut down as needed.
How do systems revert to a known state?
Using snapshots in a virtualization environment or other tools that track changes.
What is a last-known good configuration?
A state that allows returning to a previous configuration before an issue occurred.
What is live boot media?
A bootable operating system that can run from removable media like a thumb drive or DVD.
What are high-availability solutions?
Solutions like load balancing, content distribution networks, and clustered systems that respond to high-demand scenarios.
What is vertical scalability?
Requires a larger or more powerful system or device.
What is horizontal scaling?
Uses smaller systems or devices and adds more of them.
List the three major types of disaster recovery sites.
- Hot sites
- Warm sites
- Cold sites
What is a hot site?
A site with all the infrastructure and data needed to operate the organization.
What is a warm site?
A site that has some systems needed but lacks live data.
What is a cold site?
A site with space, power, and connectivity but not prepared with systems or data.
What is the restoration order?
The sequence in which systems and services are restored after a disaster.
What key issue was highlighted by the aftermath of 9/11 regarding disaster recovery?
The need to ensure staff availability during a disaster.
What is geographic dispersion?
The practice of building infrastructure across multiple geographic regions to avoid disasters impacting multiple sites.
What are the three areas of focus for capacity planning?
- People
- Technology
- Infrastructure
What is the purpose of tabletop exercises?
Discussions to validate the disaster recovery plan with personnel assigned roles.
What is a simulation exercise?
Drills where personnel simulate actions they would take in an actual event.
What is a parallel processing exercise?
Moving processing to a backup system to validate its performance.
What is a failover exercise?
Testing full failover to an alternate site or system.
Why is it important to take notes during testing exercises?
To review what worked and did not work, and to apply lessons learned.
What are physical security controls?
Measures like fences, lighting, and locks that protect systems, facilities, and networks from unauthorized access.
What is the purpose of site security?
To implement a security plan based on threats and risks relevant to specific locations.
What is security through obscurity?
The belief that hiding resources and data will prevent or persuade malicious actors from attacking.
How do fences contribute to physical security?
They act as a deterrent and provide a physical barrier against unauthorized access.
What are bollards?
Posts or obstacles that prevent vehicles from moving through an area.
How does lighting enhance security?
Bright lighting discourages intruders and helps staff feel safer.
Fill in the blank: Drones can be used to capture images, deliver a payload, or _______.
[take action like cutting a wire or blocking a camera]
What are antidrone systems designed to do?
Detect and counteract drones using various technologies like radar and infrared sensors.
True or False: Locks are a genuine physical security control.
False
What role do access badges play in physical security?
They are used for entry access and to verify identity and authorization.
What are access control vestibules also known as?
Mantraps
What types of fire suppression systems are commonly used?
- Wet sprinkler systems
- Dry sprinklers
- Pre-action sprinklers
- Deluge sprinklers
What are the main types of alarm systems?
- Locally monitored
- Remotely monitored
What is a common phrase among security professionals regarding locks?
“Locks keep honest people honest.”
What is a key challenge of using security guards?
Humans can be fallible and susceptible to social engineering.
What are the types of cameras used in video surveillance?
- Black and white
- Infrared
- Color
What is the purpose of motion recognition cameras?
To activate when motion occurs, conserving storage space.
What are the four specific types of sensors mentioned?
- Infrared sensors
- Pressure sensors
- Microwave sensors
- Ultrasonic sensors
What are indicators of malicious activity for physical attacks?
Require in-person observation or detection using a camera system.
What is a brute-force attack in the context of physical security?
Breaking down doors, cutting off locks, or applying force for physical entry.
What is an environmental attack?
Targeting an organization’s heating and cooling systems or maliciously activating a sprinkler system.
What is the key part of ensuring the availability of your systems and services?
Building a resilient infrastructure with the ability to recover from issues.
What types of systems help provide resilience?
Redundant systems, networks, and other infrastructure and capabilities.
Name a technique that helps maintain organizational online status during disasters.
Geographic dispersal.
What is the purpose of high-availability designs?
To handle scaling and system/component failures.
What are multicloud systems used for?
To avoid a vendor’s outage or failure from causing broader issues.
What backup systems help control power-related events?
Generators and UPS systems.
What are the three types of backups you should know?
- Full backup
- Differential backup
- Incremental backup
What is a snapshot in the context of backups?
A copy of the state of a system at a point in time.
What is the function of journaling in backup systems?
Records changes, allowing for them to be replicated if needed.
How can the response to an outage impact an organization?
It can make the difference between being back online quickly or being offline for an extended period.
What are key parts of being ready for an issue?
- Capacity planning
- Testing
- Designing for continuity of operations
What are the three types of disaster recovery sites?
- Hot sites
- Warm sites
- Cold sites
What is a hot site?
A disaster recovery site built and fully ready to go.
What does knowing the restoration order during a restoration event help with?
Bringing systems and services online in an order that makes sense based on dependencies and criticality.
What does site security involve?
- Using controls to make facilities less likely to be targeted
- Fences
- Bollards
- Lighting
- Access badges
- Entry access systems
True or False: Detecting physical attacks requires less care than automated detection.
False
What is the role of sensors in physical security?
To detect issues and events and to trigger responses.
What does CASB stand for?
Cloud Access Security Broker
What is the primary function of a cloud access security broker?
Security policy enforcement point positioned between enterprise users and cloud service providers
