Chapter 11 - Security Operations

Question 1

Due Care vs Due Diligence

Answer 1

Due Care is keeping things maintained and due diligence is “look before you leap”

Question 2

Security Accountability

Answer 2

Checking audit logs and enabling audit logs

Question 3

Clipping Level

Answer 3

How many errors trigger an action or discipline

Question 4

Operational Assurance

Answer 4

Ensure the product architecture and features are implemented securely

Question 5

Life-Cycle Assurance

Answer 5

Ensure design, testing and configuration management is in place

Question 6

What to look out for?

Answer 6

Unusual Occurrences
Deviation from Standard
Asset Management

Question 7

IO Controls

Answer 7

Transactions should be timestamped and recorded
Input Validation
Output should only reach intended requester

Question 8

System Hardening

Answer 8

Lock that door, configure a password, SSL enable.. etc

Question 9

Licensing

Answer 9

Business Software Assurance (BSA) will get you if you dont license and pirate corporate software

Question 10

Acceptable Use Policy

Answer 10

This is used to control what users can install and use on the technology the company provides

Question 11

Change Control

Answer 11

Used to document system changes

Question 12

Sanitized data

Answer 12

Contents deleted

Question 13

Purging data

Answer 13

Contents deleted, and zeroization or degaussing occurs on the media

Question 14

Data Remanence

Answer 14

Residual data left over after sanitizing or purging

Question 15

Object Reuse

Answer 15

Giving a hard drive away to your grandma

Question 16

MTBF

Answer 16

Mean time between failures is the estimated lifetime of equipment calculated by the vendor

Question 17

MTTR

Answer 17

Mean time to repair is how long a broken device takes to repair

Question 18

MAID

Answer 18

Massive array of inactive disks meant as a write mostly disk array

Question 19

RAIT

Answer 19

Redundant array of independent tape - the economical write mostly data array, which is to tape and set/forget

Question 20

Clustering vs Grid Compute

Answer 20

In Grid compute the nodes do not trust each other and work independently toward the common goal, cluster has cross talk between nodes, grid does not.

Question 21

Hierarchical storage management

Answer 21

Multitier backup storage, Disk, Tape, and Optical

Question 22

Mainframe

Answer 22

Differs from PC compute by having more processors in key places, like at the disk, network, and peripherals

Question 23

Supercomputer

Answer 23

Like a mainframe, but tuned and dialed in to parallelize a specific function (like an algorithm)

Question 24

Operators

Answer 24

Name used on the exam for mainframe operators

Question 25

Facsimile Security

Answer 25

Fax encryption can be used to bulk encrypt fax server communication

Question 26

OS fingerprinting

Answer 26

Tapping computers to find out the OS based of certain pattern responses.

Question 27

Port knocking

Answer 27

Setup of two ports, one for service and one for opening the service in a session. Knock port should log verbosely.

Question 28

LOKI

Answer 28

ICMP header communication

Question 29

Mail Bombing

Answer 29

Overloading a mail system

Question 30

Ping of Death

Answer 30

Oversized ICMP attack

Question 31

Slamming and Cramming

Answer 31

Changing service providers without you knowing and inserting bogus charges

Question 32

Vulnerability Guidelines

Answer 32

Must have management consent
Personnel testing (social engineering)
Physical testing (can I push the power button)
System/Networking test (can I digitally get to it)

Question 33

Penetration Testing

Answer 33

Actually attempting various attacks to uncover vulnerabilities

Question 34

Get out of jail card

Answer 34

You need a document to protect you from prosecution and a contact to protect you. Contracts help.

Question 35

What are the levels of knowledge assessment?

Answer 35

Zero, partial, and full knowledge assessments

Question 36

Blind vs Double Blind

Answer 36

Blind - Public knowledge only

Double Blind - Security staff doesnt know either