Chapter 11

Question 1

What are Security Policies?

Answer 1

• Written documents that out line the security plans within a company.
• administration control to reduce and manage risks

Question 2

What are Personnel Policies?

Answer 2

Policies that relate to issues around staff and their behaviors, expectations, and the consequences if they do not follow.

Question 3

What’s is the Acceptable Use Policy?

Answer 3

• AUP (Acronym)
• Policy that determines how users will use the computers, network, and other company resources.

Question 4

What is the Privacy Policy?

Answer 4

The Privacy Policy clarifies the company’s stance on whether or not user activity on a company device will be private. Can be apart of the AUP. Users usually have to sign.

Question 5

What are Mandatory Vacation?

Answer 5

Personnel policy that force users to take leave from work. Also used to help identify and deter if there is potential theft or fraud.

Question 6

What is Separation of Duties?

Answer 6

Personnel policy used to keep one employee or entity from having too much access which can increase the potential of fraud, theft, errors, and or system failures.

Question 7

What is Least Privilege?

Answer 7

Personnel policy which states that a user should only have the rights, access, and permissions to perform their job and nothing more.

Question 8

What is Job Rotation?

Answer 8

Job Rotation is a Personnel policy which requires employees to change positions within a set time period. Period can be reoccurring. Used to identify fraudulent activity.

Question 9

What is a Clean Desk Space policy?

Answer 9

Personnel policy that requires users to keep their work spaces organized and clean. Used to prevent data loss and undisclosure from easy accessed to files and devices out in the open.

Question 10

What is the Background Check?

Answer 10

Personnel Policy that require the company to do a history check on current and potential employees. Can include, criminal history, Online/Social media history, and or financial history to name a few.

Question 11

What is onboarding / off boarding?

Answer 11

Onboarding is the process of bringing a employee into a company and providing them access to all the required company resources.

Off-boarding is the process a employee follows to exit a company. Disabling and or Deleting their accounts to restrict access to resources and returning their equipment to the company.

Question 12

What is an NDA?

Answer 12

• (Non-Disclosure Agreement)
• an agreement between two or more parties that requirement them to not use it share proprietary information with an unauthorized person or entity.

Question 13

What is Social Media Analysis?

Answer 13

When a company reviews the online activity of a current or future potential employee.

Question 14

What is the Supply Chain?

Answer 14

All the elements required to produce and sell products and or services.

Question 15

What is Vendor Diversity

Answer 15

When a company reduces risk by using more than one vendor of the same Supplies or service in case a vendor is no longer able to provide said supply or service. This policy may also limit the amount of access vendors have to an orgs’ network.

Question 16

What is EOL and EOSL?

Answer 16

End of Life (EOL) is basically the shelf life of a product, i.eg the product will no longer be sold.

End of Service Life (EOSL) indicates when a vendor will no longer provide support to the org. This may include patch or software support.

Question 17

What is an SLA?

Answer 17

A Service Level Agreement (SLA) outlines the terms, services, and performance expectations a vendor agrees to when working with an org.

Question 18

What is an MOU

Answer 18

A Memorandum of Understanding (MOU) is a less formal SLA that outlines the intent of two or more entities to work together to obtain a common goal.

Question 19

What is a BPA?

Answer 19

A Business Partnership Agreement is a document that outlines the relationship between business partners, including the obligations towards the partnership. It also identifies shares of profit and losses.

Question 20

What is an MSA?

Answer 20

A Measurement System Analysis (MSA) evaluates the processes and tools used to make measurements. The accuracy of the tool is dependent on the consistency of its results.

Question 21

What are the elements of the Incident Response Process?

Answer 21

Preparation, identification, containment, eradication, recovery, and lesson learned.

Question 22

What is SOAR, and what is its main benefit?

Answer 22

SOAR - Security Orchestration, Automation, and Response. These are tools that work together on a platform to automatically detect and respond to suspicious low-level activity. As an automated tool, it frees up administration time to focus on greater threats.

Question 23

What is the difference between a Playbook and a Runbook?

Answer 23

Playbook - provides guidelines or steps in document form to address an incident response.

Runbook - uses the technical know-how to implement the steps provided by the Playbook.

In football, the Playbook is used by coaches to call the play, the Runbook would be the actual players that carry out the plays in real-time.

Question 24

What is a Chain of Custody and how are Tags used?

Answer 24

A chain of custody is a document that establishes the proper handling of collected evidence from a security incident. This specifically includes, the initial use of tagging (stickers or identifier markers used to identify an article of evidence) and identifying the personnel who have been in possession of the evidence, its location while in use, and its storage location. All of this is done to ensure evidence that makes it to court is admissible.

Question 25

What is a Legal Hold?

Answer 25

A Legal Hold is a court order directive instructing an org to preserve or retain data is associated with a legal proceeding. Org’s data retention policy comes into play as it identifies how long an org holds on to its data.

Question 26

How are Event Logs used in Digital Forensics?

Answer 26

Event logs are used to recreate the events that occurred before the incident, during, and after. They also identify when something, where, accounts used, etc.

Question 27

What are GMT and UTC?

Answer 27

Greenwich Main Time (GMT) and Coordinated Universal Time (UTC) are used to address time offset in logs. GMT and UTC are based on the clock at the Royal Observatory. Logs that are in GMT or UTC do not need to be converted to address offset. If time is kept in other time zones such as EST, PTC, or EDT (Eastern Daylight Time), these time logs will have to be converted to GMT OR UTC for standardization.

Question 28

What is a Right to Audit Clause?

Answer 28

A clause added in a contract which allows an org to audit its cloud provider to ensure services are provided as agreed on and to sure regulations is being followed.

Question 29

What is Regulatory Jurisdiction?

Answer 29

Regulatory Jurisdiction outlines the regulations that must be complied with depending on where a company’s data and resources are located. This includes data and resources in the cloud.

Question 30

Data Breach Notification Laws

Answer 30

Data Breach Notification helps to ensure that organization alert affected personnel of an authorized leak of their data. In the US these laws normally outline within 45 days that affected parties are to be notified. They also outline penalties and fees if not adhered to.

Question 31

What is the order of volatility?

Answer 31

The order of volatility specifies in which order data much be retrieved based on their location. In order of most to least volatile: Cache > RAM> Swap or Pagefile (extension of the RAM that is saved to the system disk and is rebuilt on every boot) > Disk > Attached external Memory (thumb drive) > Network (includes servers, shared folders).

Question 32

What are forensic artifacts?

Answer 32

Forensic artifacts are pieces of data that normal users are unaware of but a skilled forensic analysis can find and extract.

Some examples:
Web history - page visited and searches
Recycle Bin - Viewing content of deleted files and the metadata of those files
Windows error reporting - provides insight into what programs were running during a crash
Remote desktop protocol cache - provides insight into if an attacker moves laterally through the network or when they are connecting to a system from a server

Question 33

What is the dd command?

Answer 33

The dd command is available in Linux and kali Linux systems. The dd command is an imaging tool. The dd command can also be installed in windows.

Question 34

What is Kali Linux Volatility Framework?

Answer 34

The volatility framework is a collection of open-source tools in Kali Linux that is used to extract memory contents and digital artifacts.

Question 35

What is memdump?

Answer 35

Memdump (short for memory dumper), it can dump the memory of a system or RAM into a terminal or a dumpfile which helps developers and or forensic analysts determine what occurred at or caused a system crash.

Memdump is a part of the Kali Linux Volatility Framework.

Question 36

What is WinHex?

Answer 36

WinHex is a windows based proprietary tool. It is a window-based hexadecimal editor used for evidence gathering, data analysis, editing, recovery of data, and data removal. it can work with data on ALL drives.

Question 37

What is FTK imager?

Answer 37

FTK imager which stands for Forensic Tool Kit Imager allows for the creation of disk images, either as a single file or multiple files. After the image is created it allows for the viewing and analysis of the data within the image.

Question 38

What is Autopsy?

Answer 38

Autopsy is a graphical user interface (GUI) digital platform. This platform allows users to add command line utilities from The Sleuth Kit (TSK), which includes command line utilities from both Windows and Linux. These utilities are used to analyze data on Windows, Linux, and some Appl OS.

Question 39

What is provenance and what tools are used to establish it?

Answer 39

Provenance is the tracing of something back to its origin. Hashing and checksums are tools used to verify that an analyzed copy of data is the same as the original.

Question 40

Why is Bandwidth monitoring important in Cyber forensics?

Answer 40

By comparing network packets captured at different times forensic investigators can determine changes in network traffic.

Question 41

What is eDiscovery?

Answer 41

eDiscovery is the process of identifying and collecting electronically stored data of any kind, including social media entries, voice mails, website data, as well as the data’s meta data.

Question 42

What is strategic intelligence in digital forensics?

Answer 42

Strategic intelligence in digital forensics is the process of collecting data, processing it, and analyzing it to create long-term cyber security goals.

Question 43

What is Private Data classification in IT security?

Answer 43

Data about an individual that should be kept private, such as PII or health information.

Question 44

What is Confidential Data classification in IT security?

Answer 44

Information that an organization intends to keep secret among a certain group of people within the organization. Like salary data (accounting department).

Question 45

What is Proprietary Data classification in IT security?

Answer 45

Data owned by an individual,m a group, or an organization. This would include patents, trade secrets, software algorithms, designs, etc.

Question 46

What is the Sarbanes-Oxley Act (SOX)?

Answer 46

SOX requires executives within an organization to ensure accurate financial reporting is conducted and that regular auditing of this information is carried out to maintain compliance with the act.

Question 47

What is the Gramm-Leach-Bliley Act (GLBA)?

Answer 47

Also known as the financial service modernization act, the GLBA requires financial institutions to provide the consumer with a privacy notice explaining what information they collect and how it is used.

Question 48

What is the General Data Protection Regulation (GDPR)?

Answer 48

The GDPR is an EU directive that mandates the protection of privacy data for individuals living in the EU regardless of where the organization is located. GDPR also requires privacy notices to be placed on websites.

Question 49

What is critical data?

Answer 49

Critical data is any data that is crucial to the success of a mission within an organization, this includes its overarching goals or specific objectives.

Question 50

What is data minimization?

Answer 50

Data minimization is a principle requiring orgs to limit the information they collect and use from their consumers

Question 51

What is data Masking?

Answer 51

Data masking is the process of altering data to hide the original content.

Question 52

What is anonymization?

Answer 52

Anonymization is the process of removing all PII from the data so that the data can be utilized without directly identifying the individual.

Question 53

What is pseudo-anonymization?

Answer 53

Pseudo-anonymization replaces PII within the data with other data or artificial identifiers. Pseudo-anonymization can be undone if individuals get their hands on both the original data and the matching pseudonyms.

Question 54

What is data tokenization?

Answer 54

Data tokenization replaces sensitive data elements with a Token. Tokenization systems often hold both the original data and its representative token. Tokens are used at terminals rather than sensitive data.

Question 55

What is data sanitization?

Answer 55

Data sanitization methods ensure that data is removed or destroyed from any device, or area before it is disposed of.

Question 56

What is file shredding?

Answer 56

File shredding is a data sanitization method that removes all remnants of a file by overwriting the space where the file is located with 1s and 0s.

Question 57

What is wiping?

Answer 57

Wiping is a data sanitization method that removes all remnants of data on a disk by repeatedly overwriting the data with 1s and 0s.

Question 58

What is pulverizing?

Answer 58

Pulverizing is the physical process of physically destroying media to sanitize it.

Question 59

What is degaussing?

Answer 59

Degaussing is a very powerful electronic magnet that when disks are passed through it renders the data on the disk unreadable.

Question 60

What are some responsibilities of the Data owner?

Answer 60

Ensuring that data is classified correctly and ensuring that the data is labeled to match the classification. Also, ensuring adequate security controls

Question 61

What are some responsibilities of the data controller?

Answer 61

In many case the data controller is the same as the data owner. The controller decides why and how personal data should be processed.

Question 62

What are some responsibilities of the data processor?

Answer 62

A data processor is any entity that uses and manipulates the data on behalf of the data controller. At times this may be a third-party provider (such as payroll) or an in-house department.

Question 63

What are some responsibilities of the data custodian/steward?

Answer 63

A data custodian AKA data steward is responsible for day-to-day tasks such as backing up data, storage, and implementing business rules. This person would likely be a database administrator (DBA).

Question 64

What are some responsibilities of the Data Protection Officer?

Answer 64

The DPO is a rule identified in the GDPR. This individual is responsible for ensuring the organization is complying with all relevant laws. They also need to act as an independent advocate for customer data.