Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

COMPTIA Security + > Chapter 1: Controls > Flashcards

Chapter 1: Controls Flashcards

1
Q

Prevents the disclosure of data to unauthorized people so that authorized people have access to data (CIA Triad)

A

Confidentiality

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

you know the data has not been altered or tampered with. (CIA Triad)

A

Integrity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Data is always available; example is RAID (CIA Triad)

A

Availability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

where you give someone only the most limited access required

A

Least Privilege

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Concept of protecting a company’s data with a series of protective layers so that if one layer fails another layer will already be in place to thwart attack

A

Defense in Depth

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Written by managers to create organizational policies and procedure to reduce risk within companies; annual risk assessments/penetration testing vulnerability scanning (Control Type)

A

Managerial Control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Executed by company personnel during their day to day operations; annual security awareness training/change management/business continuity plan; (Control Type)

A

Operational Control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Those implemented by IT team to reduce the risk to the business; firewall rules/antivirus/screensavers/IDS/IPS (Control Type)

A

Technical Controls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

CCTV and Motion Sensors (Control Type)

A

Deterrent Controls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Used to investigate and incident that has happened and needs to be investigated (Control Type)

A

Detective Controls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

The actions you take to recover from an incident; file suppression systems-fire destroyed data (Control Type)

A

Corrective Controls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Can be used instead of a primary control that has failed or is not available; use a credit card when all cash is gone (Control Type)

A

Compensating Controls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Are in place to deter any attack; could be having a security guard with a large dog whaling around the perimeter of building (Control Type)

A

Preventative Controls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

The user is only given the access needed to perform their job; also known as user based. (Type of Access Control)

A

Discretionary Access Control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Based on the classification level of the data-looks at how much damage could be inflicted to the interests of the nation; Top Secret/Secret/Confidential (Type of Access Control)

A

Mandatory Access Control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

subset of the department carrying out a subset of duties within a department; example would be two people within the finance department who only handle petty cash (type of Access Control)

A

Role Based Access Control (RBAC)

17
Q

a rule is applied to all the people within a department; contractors only have access between 8am and 5 pm (type of access control)

A

Rule-Based Access Control

18
Q

access is restricted based on an attribute in the account; John could be an executive and some data could be restricted to those with only the executive attribute (type of access control)

A

Attribute Based Access Control

19
Q

people may be put into groups to simplify access (type of access control)

A

Group-Based Access Control

20
Q

Signage/Fences/Visitor Logs/Badges/Lighting/Cameras/Robot Sentries (type of physical control)

A

Perimeter

21
Q

Security guards/key management/mantraps/proximity cards/tokens/biometric locks/electronic locks/burglar alarms/fire alarms/conduits/environmental controls; (type of physical control)

A

Building Security

22
Q

Cable Locks/Air gap/laptop safe/usb data blocker/vault/faraday cage; (type of physical control)

A

Device Protection

23
Q

Steps in the Digital Forensic Cycle

A

Collection–>Examination–>Analysis–>Reporting

24
Q

the data is examined; then extracted from the media that is on it, and then converted into a format that can be examined by forensic tools

A

Collection

25
Q

prior to this the data will be hashed and then an investigation will be carried out with the relevant forensic tools

A

Examination

26
Q

When all of the forensic data has been collected it is _____ and transformed into information that can be used as evidence

A

Analysis

27
Q

a report is compiled that can be used as evidence for a conviction

A

Reporting

28
Q

is collecting the most perishable evidence first. In a web based attack, we should collect the network traffic with a packet sniffer

A

Order of Volatility

29
Q

Cloud Service Providers may be subpoenaed so that we can collect, review, and interpret electronic documents located on hard disks, USB drives, and other forms of storage

A

E-Discovery

30
Q

Lists the evidence and who has handled it along the way.

A

Chain of Custody

31
Q

when the chain of custody has been carried out properly and the original data presented to the court has not been tampered with

A

Provenance

32
Q

is the process of protecting any documents that can be used in evidence from being altered or destroyed.

A

Legal Hold

COMPTIA Security + (21 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions