Ch 1-5 Flashcards
Which security related phrase relates to the integrity of data? Availability is authorized Modification is authorized Knowledge is authorized Non-repudiation is authorized
Integrity means that any data is stored and transferred as intended and that any modification is authorized.
Integrity is part of the CIA triad.
Define Availability
Information is accessible only to those authorized to view or modify it
An engineer looks to implement security measures by following the five functions in the National Institute of Standards and Technology (NIST) Cybersecurity Framework. When documenting the “detect” function, what does the engineer focus on?
Detect refers to performing ongoing proactive monitoring to ensure that controls are effective and capable of protecting against new types of threats.
What does the Identity mean per NIST?
Identify covers developing security policies and capabilities, and evaluating risks, threats, and vulnerabilities and recommend security controls to mitigate them.
What does protect mean according to NIST?
covers the processes to install, operate, and decommission IT hardware and software assets with security as an embedded requirement of every stage of an operations life cycle.
What is recovery per NIST?
The implementation of cybersecurity resilience to restore systems and data if other controls are unable to prevent attacks.
What are the properties of a secure information processing system?
Confidentiality, Integrity, and Availability (and Non-repudiation)
A multinational company manages a large amount of valuable intellectual property (IP) data, plus personal data for its customers and account holders. What type of business unit can be used to manage such important and complex security requirements?
A security operations center (SOC).
A business is expanding rapidly and the owner is worried about tensions between its established IT and programming divisions. What type of security business unit or function could help to resolve these issues?
Development and operations (DevOps) is a cultural shift within an organization to encourage much more collaboration between developers and system administrators. DevSecOps embeds the security function within these teams as well.
You have implemented a secure web gateway that blocks access to a social networking site. How would you categorize this type of security control?
It is a technical type of control (implemented in software) and acts as a preventive measure.
A company has installed motion-activated floodlighting on the grounds around its premises. What class and function is this security control?
It would be classed as a physical control and its function is both detecting and deterring.
A firewall appliance intercepts a packet that violates policy. It automatically updates its Access Control List to block all further packets from the source IP. What TWO functions is the security control performing?
Preventive and corrective.
If a security control is described as operational and compensating, what can you determine about its nature and function?
That the control is enforced by a a person rather than a technical system, and that the control has been developed to replicate the functionality of a primary control, as required by a security standard.
If a company wants to ensure it is following best practice in choosing security controls, what type of resource would provide guidance?
A cybersecurity framework and/or benchmark and secure configuration guides.
Any external responsibility for an organization’s security lies mainly with which individuals?
External responsibility for security (due care or liability) lies mainly with directors or owners. It is important to note that all employees share some measure of responsibility.
What does Defense in Depth mean?
Defense in depth means an attacker must get past multiple security controls to fully compromise a network. Since employees are the greatest security risk, user training is a critical component of defense in depth.
What are 5 NIST properties?
Id, Protect, Detect, Respond, Recover
Name the 3 types of security controls and their 6 functions.
Technical, Operative, Managerial
Preventive, Detective, Corrective, Physical, Deterrent, Compensating
Which of the following would be assessed by likelihood and impact: vulnerability, threat, or risk?
Risk. To assess likelihood and impact, you must identify both the vulnerability and the threat posed by a potential exploit.
True or false? Nation state actors primarily only pose a risk to other states.
False—nation state actors have targeted commercial interests for theft, espionage, and extortion.
You receive an email with a screenshot showing a command prompt at one of your application servers. The email suggests you engage the hacker for a day’s consultancy to patch the vulnerability. How should you categorize this threat?
This is either gray hat hacking or black hat hacking. If the request for compensation via consultancy is an extortion threat (if refused, the hacker sells the exploit on the dark web), then the motivation is purely financial gain and can be categorized as black hat. If the consultancy is refused and the hacker takes no further action, it can be classed as gray hat.
Which type of threat actor is primarily motivated by the desire for social change?
Hacktivist
Which three types of threat actor are most likely to have high levels of funding?
State actors, criminal syndicates, and competitors
You are assisting with writing an attack surface assessment report for a small company. Following the CompTIA syllabus, which two potential attack vectors have been omitted from the following headings in the report? Direct access, Email, Remote and wireless, Web and social media, Cloud.
Removable media and supply chain.