Chapter 1: Review Questions Flashcards

1
Q

What are the three components of the CIA triad?

A
  1. Confidentiality
  2. Integrity
  3. Availability
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Why might a CCTV camera be situated outside a building without any film inside?

A

If anyone outside your premise is aware that they may be on camera, then this will prevent them from breaking in. Even if there is no film inside; they don’t know that.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What does Confidentiality mean?

A

Confidentiality prohibits the disclosure of data to unauthorized individuals.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

How can we control access of personnel to a data center?

A

A mantrap would be the best for allowing one person in at a time.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is the purpose of an air gap?

A

It’s a computer with no cable or wireless access to ensure that data can’t be extracted from it via a network connection. The only way to get data would be through a USB or a CD.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Name three main control categories.

A

The three main control categories are managerial, operational, and technical.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Name three physical controls.

A

Signage, fencing, cameras, robot sentries, lighting, armed guards.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Following an incident, what type of control will be used when researching how the incident happened?

A

Detective Controls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

How do I know whether the integrity of my data is intact?

A

Hashing is used to confirm the integrity of the data to see if any changes were made.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is a corrective control?

A

These are actions you take to recover from an incident.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What type of control is it when you have to change the firewall rules?

A

Technical controls are implemented by the IT team to reduce the risk of an attack.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is used to log into a system that works in conjunction with a PIN?

A

A smart card, PIV card, CAC card

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is the name of the person who looks after classified data and who is the person that gives people access to the classified data?

A

The custodian is the person who looks after the classified data and the security administrator is the person who gives access to classified data once clearance has been given.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

When you use a DAC model for access, who determines who gains access to the data?

A

Data Creator/Owner

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is least privilege?

A

This is where you give someone the bare minimum needed to perform their job: this is also a need-to-know basis.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is the Linux permission of 764? What access does it give you?

A

The permission is owner has read, write, and execute capabilities, group has read and write capabilities, and user has just read capabilities.

17
Q

The sales team are allowed to log in 5 to the company system between 9a.m. and 10p.m. What type of access control is being used?

A

Rule-Based Access Control (RBAC)

18
Q

Two people from the finance team are only allowed to authorize the payment of checks; what type of access control are they using?

A

Role-Based Access Control (RBAC)

19
Q

What is the purpose of the defense in depth model?

A

It is a concept of protecting a company’s data in a multilayer type of defense in that, if one of the layers were to fail, the other layers are there to defend against an attack.

20
Q

When someone leaves the company, what is the first thing we should do with their account?

A

Disable their account to prevent further use of it.

21
Q

What do US companies that host websites in the US have to comply with if customers are based in Poland?

A

General Data Protection Regulation (GDPR)

22
Q

How can a company discover that their suppliers are using inferior products?

A

By using the right-to-audit clauses so an auditor can visit a premise without notice and inspect to see if the contractors are complying under the contract.

23
Q

Can you explain what the purpose of the CLOUD Act and COPOA is?

A

For Cloud storage.The ability for the US and UK to have an agreement to give law enforcements in each country faster access to data held by providers. EX: US needing data from the UK as a criminal did malicious stuff on a UK website and database.

24
Q

Can you explain what the purpose of the CLOUD Act and COPOA is?

A

For Cloud storage. The ability for the US and UK to have an agreement to give law enforcements in each country faster access to data held by providers. EX: US needing data from the UK as a criminal did malicious stuff on a UK website and database.