Chapter 1: Understanding Security Fundamentals Flashcards

1
Q

A concept used that has multiple protective layers so that if one layer of protection goes down, other layers will be in place to guard against hacking a company’s data.

A

Defense in Depth

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Managers write these as sort of an organizational policies and procedures to help mitigate risks within companies.

A

Managerial Controls

Ex: Annual Risk Assessment,
Pentesting/vulnerability scanning.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Policies and procedures executed by personnel on a day-to-day basis.

A

Operational Controls

Ex: Annual Security Awareness Training, Change management, Business Continuity Plan

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Policies and procedures implemented by the IT Team to reduce the risk of breaches to cyber security

A

Technical Controls

Ex: Firewall Rules, Antivrus, Screen savers, Screen filters, IPS/IDS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

CCTV (Camera that captures crimes) and motion sensors

A

Deterrent Controls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Used when investigating an incident that has happened.

A

Detective Controls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Text files that record events that take place on devices like servers, desktops, and firewalls with details of what happened. Timestamps provide the time of attack. WORM helps to avoid tampering.

A

Log Files

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

The actions taken to correct and help guard against future attacks of the same nature.

A

Corrective Controls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Used when Primary controls are not available

A

Compensating Controls (Alternative or Secondary Controls)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Used to prevent any potential problems from occurring in the first place like a former employee getting onto a company server and tampering with data.

A

Preventative Controls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Consists of three main parts:

Identification, Authentication, and Authorization.

A

Access Controls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Examples include a smart card, Security Identifier, fingerprint reader

A

Identification

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Used to verify access. Examples include a PIN, or password.

A

Authentication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

This is the least amount of privilege given in order to have access to data needed to perform your job.

A

Authorization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Involves New Technology File System(NTFS) file permissions that give the bare minimum amount of privilege needed to perform your job.

A

Discretionary Access Control

Full Control
Modify
Read and Execute
List Folder Contents
Read
Write
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Access based on the label/level of the data.

Ex: Top Secret, Secret, Classified

A

Mandatory Access Control(MAC)

17
Q

A rule that only applies to the people in that department and no one else can have access to that data because the rule doesn’t apply to them.

A

Rule-Based Access Control (RBAC)

18
Q

Access is restricted based on an attribute in the account.

A

Attribute-Based Access Control

19
Q

Individuals may be put into groups that have certain privileges so that simplifies access.

A

Group-Based Access Control

20
Q
  1. Collection
  2. Examination
  3. Analysis
  4. Reporting
A

Forensic Cycle

21
Q

The data is looked at, then pulled from the media that it is on, and changed to a format that it can then be examined by forensic tools.

A

Collection

22
Q

Prior to being examined by a forensics tool, The data is hashed to ensure integrity so that once the investigation is over with, the data will have the same hash. This helps with it being used as evidence in court cases.

A

Examination

23
Q

data that is analyzed and formatted so that it can be used as evidence.

A

Analysis

24
Q

The evidence from the investigation is then used for a conviction.

A

Reporting

25
Q

All evidence is admissible only if it pertains to the case and does not violate any laws or statutes.

A

Admissibility

26
Q

Decisions have to be made to decide what evidence is the most perishable and needs to be secured first. We don’t stop the attack until we have secured the evidence and can identify the attack.

A

Order of Volatility

27
Q

Companies may be subpoenaed so that evidence can be collected, reviewed, and interpret files on hardware devices or other forms of storage.

A

E-Discovery

28
Q

Ensures that the evidence collected has not been tampered with or break the chain.

A

Chain of Custody

29
Q

Evidence presented to the court that has not been tampered with.

A

Provenance

30
Q

The process of protecting data that can be used as evidence.

A

Legal Hold

31
Q

Evidence that has a time offset associated with it so that a time sequence can be made in a case that is multinational.

A

Time Offset

32
Q

Evidence that is collected from multiple time zones will also be collected in a common time zone to establish time normalization.

A

Time Normalization

33
Q

A copy of the evidence is made so that it can be tampered with while the original data is intact and not tampered.

A

Forensics Copy

34
Q

System images are taken from laptops and desktops so that the original is left not tampered with and these copied images can be analyzed for criminal activity.

A

Capturing System Images

35
Q

Attackers can reverse engineer this code, so it is important that we compare the evidence to the current source code to see if it was tampered with.

A

Firmware

36
Q

If the evidence is from a machine, then a snapshot is taken for the investigation.

A

Snapshots

37
Q

Mobile devices can geotag the evidence of breached applications or viruses.

A

Screenshots

38
Q

System images and forensic copies are hashed at the beginning to compare to the end result hash to ensure integrity.

A

Hashing Forensic Evidence

39
Q

Mostly involving a web-based or remote attack, we want to first capture the volatile network traffic before we stop the attack. By doing this, we can get a great idea of where the attack originated from.

Logs also will help with time, what exactly was changed and give an overall grasp on the nature of the attack.

A

Network Traffic and Logs