Chapter 1: Review Questions

Question 1

What are the three components of the CIA triad?

Answer 1

1. Confidentiality
2. Integrity
3. Availability

Question 2

Why might a CCTV camera be situated outside a building without any film inside?

Answer 2

If anyone outside your premise is aware that they may be on camera, then this will prevent them from breaking in. Even if there is no film inside; they don’t know that.

Question 3

What does Confidentiality mean?

Answer 3

Confidentiality prohibits the disclosure of data to unauthorized individuals.

Question 4

How can we control access of personnel to a data center?

Answer 4

A mantrap would be the best for allowing one person in at a time.

Question 5

What is the purpose of an air gap?

Answer 5

It’s a computer with no cable or wireless access to ensure that data can’t be extracted from it via a network connection. The only way to get data would be through a USB or a CD.

Question 6

Name three main control categories.

Answer 6

The three main control categories are managerial, operational, and technical.

Question 7

Name three physical controls.

Answer 7

Signage, fencing, cameras, robot sentries, lighting, armed guards.

Question 8

Following an incident, what type of control will be used when researching how the incident happened?

Answer 8

Detective Controls

Question 9

How do I know whether the integrity of my data is intact?

Answer 9

Hashing is used to confirm the integrity of the data to see if any changes were made.

Question 10

What is a corrective control?

Answer 10

These are actions you take to recover from an incident.

Question 11

What type of control is it when you have to change the firewall rules?

Answer 11

Technical controls are implemented by the IT team to reduce the risk of an attack.

Question 12

What is used to log into a system that works in conjunction with a PIN?

Answer 12

A smart card, PIV card, CAC card

Question 13

What is the name of the person who looks after classified data and who is the person that gives people access to the classified data?

Answer 13

The custodian is the person who looks after the classified data and the security administrator is the person who gives access to classified data once clearance has been given.

Question 14

When you use a DAC model for access, who determines who gains access to the data?

Answer 14

Data Creator/Owner

Question 15

What is least privilege?

Answer 15

This is where you give someone the bare minimum needed to perform their job: this is also a need-to-know basis.

Question 16

What is the Linux permission of 764? What access does it give you?

Answer 16

The permission is owner has read, write, and execute capabilities, group has read and write capabilities, and user has just read capabilities.

Question 17

The sales team are allowed to log in 5 to the company system between 9a.m. and 10p.m. What type of access control is being used?

Answer 17

Rule-Based Access Control (RBAC)

Question 18

Two people from the finance team are only allowed to authorize the payment of checks; what type of access control are they using?

Answer 18

Role-Based Access Control (RBAC)

Question 19

What is the purpose of the defense in depth model?

Answer 19

It is a concept of protecting a company’s data in a multilayer type of defense in that, if one of the layers were to fail, the other layers are there to defend against an attack.

Question 20

When someone leaves the company, what is the first thing we should do with their account?

Answer 20

Disable their account to prevent further use of it.

Question 21

What do US companies that host websites in the US have to comply with if customers are based in Poland?

Answer 21

General Data Protection Regulation (GDPR)

Question 22

How can a company discover that their suppliers are using inferior products?

Answer 22

By using the right-to-audit clauses so an auditor can visit a premise without notice and inspect to see if the contractors are complying under the contract.

Question 23

Can you explain what the purpose of the CLOUD Act and COPOA is?

Answer 23

For Cloud storage.The ability for the US and UK to have an agreement to give law enforcements in each country faster access to data held by providers. EX: US needing data from the UK as a criminal did malicious stuff on a UK website and database.

Question 24

Can you explain what the purpose of the CLOUD Act and COPOA is?

Answer 24

For Cloud storage. The ability for the US and UK to have an agreement to give law enforcements in each country faster access to data held by providers. EX: US needing data from the UK as a criminal did malicious stuff on a UK website and database.