Chapter 15-17 Forensics, Policies/Standards/Compliance, Risk Management Flashcards

1
Q

Order of Volatility

A
  1. CPU cache and registers
  2. Routing Table, ARP cache, process table, kernal stats
  3. System Memory - RAM
  4. Temporary files and swap space
  5. Data on the hard disk/remote logs
  6. Backups
  7. Cache file
  8. RAM
  9. Page file
  10. Hard drive
  11. Network drive
  12. remote storage/backups
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is dd?

A

dd is a Linux command line tool that allows you to create images for forensic purposes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is FTK Imager?

A

FTK imager is a free tool for creating forensic images

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is memdump?

A

Memdump is a linux command line tool used for capturing memory

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is WinHex?

A

WinHex is a disk editing tool that can acquire disks in a raw format

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is Autopsy?

A

Autopsy is the only “forensic suite” on the exam, it is open source and has broad capabilities

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

How can you validate a forensic copy?

A

create hashes of both the original and the copy, then compare the hash.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Policies
Standards
Procedures
Guidelines

A

Policies are high level statements of management intent, usually BROAD statements
Standards provide mandatory requirements describing how an organization will carry out policies
Procedures are detailed step by step processes that individuals and organizations must follow
Guidelines provide best practices and recommendations related to a concept, technology, or task

Guidelines are the only one that is not mandatory

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What are the PCI DSS compensating control criteria?

A
  1. intent and rigor
  2. similar level of defense
  3. above and beyond the original control
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is least privilege and privilege creep

A

The concept of least privilege is that no employee should have more privileges than absolutely necessary to do their job

Privilege creep is when an employee changes positions in the company and accumulates privileges without them being revoked from the last position

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is separation of duties

A

for extremely sensitive job functions where two different tasks combined have significant sensitivity such as accounting. Two person control should be used

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is job rotation

A

takes employees with sensitive roles and moves them periodically to other positions within the company, making fraud difficult. Mandatory vacations serve the same purpose.

Clean desk policies are designed to protect confidentiality

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is an MSA

A

Master service agreements provide umbrella contract for work that the vendor does with an organization over an extended period of time often with detailed security and privacy requirements

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is a SLA

A

service level agreement specifies the conditions of service that will be provided

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is an MOU

A

memorandum of understanding documents aspects of the relationship

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is a BPA

A

Business Partnership Agreement exists when two organizations do business together in a partnership

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What is EOL/EOSL

A

end of life/ end of service life

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What is HIPAA and PCI DSS

A

industry data protection standards for healthcare and payment card

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

what is GDPR

A

General Data Protection Regulation implements security and privacy requirements for personal info of EU residents worldwide.

20
Q

what is AUP

A

acceptable use policy

21
Q

what is the NIST CSF and its 5 elements

what is NIST RMF

A
cyber security framework, 
Identify
Protect
Detect
Respond
Recover

Risk management framework

22
Q

What is the ISO

A

international organization for standardization for best practices for cyber security and privacy

23
Q

what is ISO 27001

A

information security standards

24
Q

what is ISO 27002

A

information security standards like 27001, but goes beyond control objectives and describes actual controls

25
what is ISO 27701
standard guidance for managing PRIVACY controls
26
What is ISO 31000
Risk management guidelines
27
What is the difference between an audit and assessment
Audits are formal, assessments usually aren't. Audits are often performed by 3rd party companies, assessments are usually requested by the company itself.
28
What is SOC 2
SOC 2 assesses the organizations security and privacy controls
29
What is SOC type 1 vs 2
SOC type 1 assesses the design of security processes at a specific point in time SOC type 2 assesses how effective these controls are over time
30
What is "risk" the combination of?
Threat and Vulnerability
31
what is Quantitative vs Qualitative risk?
quantitative risk is numerically calculable | qualitative is subjective judgements for risks difficult to quantify
32
What is AV in quantitative risk assessment
asset value is the dollar amount of an asset.
33
What is ARO in quantitative risk assessment
annualized rate of occurrence is the frequency at which the risk is likely to occur
34
What is EF in quantitative risk assessment
exposure factor determines the amount of damage that will occur
35
What is SLE in quantitative risk assessment
Single loss expectancy is the financial damage each time the risk materializes
36
What is ALE in quantitative risk assessment?
annual loss expectancy is the amount of damage expected from a risk each year
37
Risk management strategies
Risk Mitigation - reducing probability and magnitude of a risk Risk Avoidance - changing business practices to eliminate the potential that a risk will materialize (typically has impact on productivity) Risk Transference - shifts the impact from the organization to another entity like an insurance company Risk Acceptance - taking no other RM strategy, just facing the risk.
38
Presenting risk management to senior leadership
A risk matrix or risk heat map is far more effective in communicating risk to senior leadership than the risk register, which is a lengthy, detailed document.
39
What is RTO
recovery time objective is the amount of time an organization can tolerate a system being down
40
What is RPO
recovery point objective is the amount of data the organization can tolerate losing
41
what is MTTR
mean time to repair is the average system restoration time after a failure
42
What is MTBF
Mean time between failures is a measure of system reliability
43
Government Data Types
Top Secret Secret Confidential Unclassified
44
Business Data Types
Highly Sensitive Sensitive Internal Public
45
COMPTIA data classification levels
``` Public Private Sensitive Confidential Critical Proprietary ```
46
Data Roles
Data Controller - determine the reasons for processing personal information Data Steward - individuals who carry out the intent of the data controller Data Custodians - does not have controller or steward responsibility, but is responsible for secure safe keeping of information Data Processor - service providers that process personal information on behalf of the data controller GDPR formalizes the chief privacy officer, calls it DPO data protection officer.