Chapter 1

Question 1

What are the four categories of security controls?

Answer 1

Technical, managerial, operational, physical

Question 2

Technical controls

Answer 2

• controls implemented using systems
• operation systems controls
• firewalls, antivirus

Question 3

Operational controls

Answer 3

-Controls implanted by people instead of systems
-security guards, awareness of programs

Question 4

Control types

Answer 4

Preventive, deterrent, detective, compensating, directive

Question 5

Preventive control

Answer 5

• block access to a resource
• you shall not pass

Question 6

Deterrent control

Answer 6

• discourage an intrusion attempt
• does not directly prevent access

Question 7

Detective control

Answer 7

• identify and log and intrusion attempt
• may not prevent access

Question 8

Corrective control

Answer 8

-Apply a control an enemy has been detected
- can reverse the impact with minimal downtime

Question 9

Compensating control

Answer 9

-control using other means
- existing controls aren’t sufficient
-may be temporary

Question 10

Directive control

Answer 10

• directive subject to data security compliance
• a relatively weak security control

Question 11

Preventive technical

Answer 11

Firewall

Question 12

Preventive managerial

Answer 12

Onboarding policy

Question 13

Preventive operational

Answer 13

Guard shack

Question 14

Preventive physical

Answer 14

Door lock

Question 15

Deterrent technical

Answer 15

Splash screen

Question 16

Deterrent managerial

Answer 16

Demotion

Question 17

Deterrent operational

Answer 17

Reception desk

Question 18

Deterrent physical

Answer 18

Warning signs

Question 19

Detective technical

Answer 19

System log

Question 20

Detective managerial

Answer 20

Review login reports

Question 21

Detective operational

Answer 21

Property patrols

Question 22

Detective physical

Answer 22

Motion detector

Question 23

Corrective technical

Answer 23

Back up recovery

Question 24

Corrective managerial

Answer 24

Policies for reporting issues

Question 25

Corrective operational

Answer 25

Contact authorities

Question 26

Corrective physical

Answer 26

Fire extinguisher

Question 27

Compensating technical

Answer 27

Block instead of patch

Question 28

Compensating Managerial

Answer 28

Separation of duties

Question 29

Compensating operational

Answer 29

Require multiple security staff

Question 30

Compensating physical

Answer 30

Power generator

Question 31

Directive technical

Answer 31

File storage policy

Question 32

Directive managerial

Answer 32

Compliance policy

Question 33

Directive operational

Answer 33

Security policy training

Question 34

Directive physical

Answer 34

Sign: Authorized Personnel only

Question 35

Are control types inclusive

Answer 35

No there are many types of control and some organizations will combine types

Question 36

What is the three pillars of the triad?

Answer 36

Confidentiality, integrity, availability

Question 37

Confidentiality

Answer 37

Prevent disclosed of information to unauthorized individuals or systems

Question 38

Integrity

Answer 38

Messages won’t be modified without detection

Question 39

Availability

Answer 39

Systems and networks must be up and running

Question 40

Encryption

Answer 40

Encoded messages so only certain people can read it

Question 41

Access control

Answer 41

Selectively restrict access to resources

Question 42

Two-factor authentication

Answer 42

Additional confirmation before information is disclosed

Question 43

Hashing

Answer 43

Map data of an arbitrary length to data of a fixed length

Question 44

Digital signatures

Answer 44

Mathematical scheme to verify integrity of data

Question 45

Non-repudiation

Answer 45

Provides proof of integrity, can be asserted to be genuine

Question 46

Redundancy

Answer 46

Build services that will always be available

Question 47

Fault tolerance

Answer 47

Systems will continue to run even when a failure occurs

Question 48

Patching

Answer 48

-stability
-close security holes

Question 49

What does a digital signature provide?

Answer 49

• you can’t deny what you’ve said
• adds a different perspective for cryptography

Question 50

Why use hash in cryptography ?

Answer 50

-represents data as a short string of text
- a message digest, a fingerprint

Question 51

What does hash not tell you?

Answer 51

Doesn’t necessarily associate data with an individual

Question 52

Proof of origin: Authentication

Answer 52

Prove the source/s of the data received

Question 53

Sign with private key

Answer 53

• message doesn’t need to be encrypted
• no one else can sign this

Question 54

Verify with public key

Answer 54

Any change to the message will invalidate the signature

Question 55

Identification

Answer 55

• this is who you claim to be
• usually your username

Question 56

Login authentication

Answer 56

• prove you are who you say you are
• password and other authentication factors

Question 57

User authorization

Answer 57

• based on your identification and authorization, what access do you have?

Question 58

Accounting

Answer 58

• resources: login time, data sent and received, logout time

Question 59

How can you truly authenticate a device?

Answer 59

Put a digitally signed certificate on the device

Question 60

What happens after The organization creates a certificate for a device

Answer 60

The organization digitally signs the certificate with the organization’s CA

Question 61

Why is a certificate included on a Device as an authentication factor

Answer 61

The CA’s digital signature is used to validate the certificate therefore the device

Question 62

Users and services —> data and applications

Answer 62

Associating individual users to access rights does not scale

Question 63

Why is this more efficient? Put an authorization model in the middle of (user and services—> authorization model —> data and applications)

Answer 63

Authorization model is Defined by roles, organizations, attributes, etc.

Question 64

No authorization model

Answer 64

• a simple relationship
  •user—> resources
• issues with this method
  • difficult to understand why an authorization may exist
  • does not scale

Question 65

Using an authorization model

Answer 65

• add an abstraction
  • reduce complexity
  • create a clear relationship between the user and the resource
• administration is streamlined
  • easy to understand the authorizations
  • support any number of users or resources

Question 66

Gap analysis

Answer 66

• where you are compared with where you want to be
• the is can take weeks or months
  • extensive study with numerous participants
  • get ready for emails,data gathering, and technical research

Question 67

Choosing framework for gap analysis

Answer 67

• work towards known baseline
  • internal set of goals
  • some organization should use formal standards example: )NIST special publication 800-171 Revision 2, Protecting controlled unclassified information in non federal systems and organizations) or (ISO/IEC 27001, information security management systems

Question 68

Gap analysis evaluate people

Answer 68

• get a baseline of employees
  • formal experience
  • current training
  • knowledge of security policies and procedures

Question 69

Gap analysis evaluating process

Answer 69

-research existing IT systems
- evaluate existing security policies

Question 70

Gap analysis compare and contrast

Answer 70

• the comparison
  • evaluate existing systems
• identify weaknesses
  • along with most effective processes
• a detailed analysis
  • examine a broad security categories
  • break those down into smaller segments

Question 71

Gab analysis final comparison

Answer 71

-detailed baseline objectives
- a clear view of the current state

Question 72

Gab analysis: what resources will it take on the pathway from the current security to goal

Answer 72

Time, money, and lot of change control will occur

Question 73

Zero trust

Answer 73

-holistic approach to network security
- covers every device, every process, every person

Question 74

Zero trust: how is everything verified ?

Answer 74

-nothing is inherently trusted
- multi-factor authentication, encryption, system permission, additional firewalls, monitoring, and analytics, etc

Question 75

Planes of operation

Answer 75

Split the network into functional planes such as physical, virtual, and component

Question 76

Planes of operation: Data plane

Answer 76

• process the frames, packets, and network data
• processing, forward, trunking, encrypting , NAT

Question 77

Planes of operation: Control plane

Answer 77

• manages the actions of the data plane
• define policies and rules
• determine how packets should be forwarded
• routing tables, session tables,NAT tables

Question 78

NAT

Answer 78

network address translation: performed by firewalls or routers

Question 79

Controlling trust

Answer 79

-adaptive identity:consider source and requested resources

-threat scope reduction: decrease number of possible entry points

• policy-driven access control: combine adaptive identity with a predefined set of rules

Question 80

Security zones

Answer 80

-broad categories provides a security-related foundation

• where you are coming from and where are you going (trusted, untrusted)( marketing,it, accounting, HR)

-using zones may be enough by itself to deny traffic

• some zones are implicitly trusted

Question 81

Policy enforcement point

Answer 81

-subject and systems: end users, applications, non-human entities

-policy enforcement point (PEP): gate keeper

• Allow, monitor, and terminate connections: multiple components working together

Question 82

What policies are need to be applied to put trust in the plane?

Answer 82

• policy decision point: there’s a process for making an authentication decision
• policy engine: evaluates each access decision based on policy and other information sources ( grant deny revoke)

-policy administration: communicates with policy enforcement point, generates access tokens and credentials and tells PEP to allow or disallow access

Question 83

Physical security includes

Answer 83

-Baracades/ballards
-Access control vestibules
- fencing
-video surveillance
-guards and access badges
-lighting
-sensors

Question 84

Physical security: Barricades/bollards

Answer 84

-prevent access: there are limits to prevention

• channel people through specific access point: allow people and prevent cars, trucks, and other things

-identify safety concerns and prevent injuries

• can be used to an extreme: concrete barriers/ bollards, moats

Question 85

Physical security: access control vestibules

Answer 85

-all doors normally unlocked: opening one door causes others to lock

• all doors normal locked: unlocking one door prevents others from being unlocked

-one door open other locked: when one is open the other doors cannot lock

-one at a time controlled groups: manage control through an area

Question 86

Physical security: fencing

Answer 86

• build a perimeter: usually very obvious, may not be what your looking for
• transparent or opaque: see through fence or solid
• robust: difficult to cut

-prevent climbing: razor wire, building or high

Question 87

Physical security: video surveillance

Answer 87

-CCTV (close circuit television: can replicate guards

-camera features: motion recognition that can alarm and alert when something moves, object detection and identification

• often many different cameras: networked together and recorded overtime

Question 88

Physical security: guard and access badges

Answer 88

-Guards: physical protection at the reception area of a facility, they can validate identification of existing employees

-two-person integrity/control: minimize exposer to attack and no single person has access to a physical asset

Question 89

Physical security: lighting

Answer 89

-more lighting means more security: attackers avoid light, easier to see lit, IR cameras can see better

• specialized design: consider overall light levels,lighting angles for facial recognition, avoid shadows or glare

Question 90

Physical security: sensors

Answer 90

-infrared: detects infrared reaction in both lighting and darkness, common in motion detectors

-pressure: detects change in force, floor and window sensors

-microwave: detects movement across large areas

-ultrasonic: send signals, receive sound waves,detect motion, collision detection

Question 91

Deception and disruption includes

Answer 91

-Honey pots
-honey nets
-honey files
-honey tokens

Question 92

Deception and disruption: Honey pots

Answer 92

-create a virtual world to explore

-attract the bad guys and trap them there

• attacker is probably a machine

-Different options for honey pots: most are open source and available to download

Question 93

Deception and disruption: honey nets

Answer 93

-build a larger deception network with one or more honeypots

• a real network includes more than a single device: servers, workstations, routers,firewalls,switches
• more than one source of information

Question 94

Deception and disruption: honey files

Answer 94

-bait for the honeypot (passwords.txt),and many honey files to file share

-attract the attackers with more honey:create files with fake information, something bright and shiny

-an alert is sent if the file is accessed: a virtual bear trap

Question 95

Deception and disruption: Honey tokens

Answer 95

-attract the malicious actors: add traceable data to the honey pot, if the data is stolen you will know where it came from

• API credentials: does not actually provide access, notification are sent when used
• fake email addresses: add it to contact list, monitor the internet to see who posted it

-honey token examples: database records, browser cookies, webpage pixel