Chapter 1a

Question 1

Technical Controls

Answer 1

Controls implemented using systems; Operating system controls; Firewalls, anti-virus

Question 2

Managerial Controls

Answer 2

Standard operating procedures and policies that explain to people how best to manage their systems and data.

Question 3

Operational Controls

Answer 3

Controls that are implemented by people; Security guards, awareness programs

Question 4

Physical Controls

Answer 4

Limit physical access; Guard shack; Fences, locks; Badge readers

Question 5

Preventive Control Types

Answer 5

block access to a resource; ex: firewall rules, door locks, guards checking ID, etc

Question 6

Deterrent Control Type

Answer 6

Discourages intrusion attempts but does not prevent access.; Splash screen; Threat of demotion; Front reception desk; Posted warning signs

Question 7

Detective Control Type

Answer 7

Identifies and logs intrusion attempts but may not prevent access.; Collecting logs; Reviewing login reports; Patrolling the property; Enabling Motion Detectors

Question 8

Corrective Control Type

Answer 8

Applied after an event has been detected. Might reverse the impact of the event and allow for continued operations with minimal downtime.; Restoring from backups; Creating policies for reporting security issues; Contacting law enforcement to manage criminal activity; Using a fire extinguisher

Question 9

Compensating Control Type

Answer 9

Provides other means when other controls are not currently available. May be a temporary solution to prevent the exploitation of a weakness.; Firewall blocking an application while it is being patched; Separate duties and limiting scope of security concerns; Requiring multiple guards on duty at the same time; Using a generator during a power outage

Question 10

Directive Control Type

Answer 10

Directing a subject towards doing something more secure. Relatively weak. ‘Do this please’; Store all sensitive files in a protected folder; Create compliance policies and procedures; Train users on proper security policy; Authorized personnel only sign

Question 11

The CIA Triad

Answer 11

Confidentiality, Integrity, Availability

Question 12

Confidentiality

Answer 12

Prevent disclosure of information to unauthorized individuals or systems

Question 13

Integrity

Answer 13

Messages can’t be modified without detection

Question 14

Availability

Answer 14

Systems and networks must be up and running

Question 15

Encryption

Answer 15

A process of encoding messages to keep them secret, so only ‘authorized’ parties can read it.

Question 16

Access Controls

Answer 16

Controls that selectively restrict access to a resource

Question 17

Two Factor Authentication

Answer 17

Requires the user to provide two means of authentication, what the user knows (password) and what the user has (security token)

Question 18

Hashing

Answer 18

Map data of an arbitrary length to data of a fixed length

Question 19

Digital Signatures

Answer 19

A mathematical scheme to verify the integrity of data

Question 20

Certificates

Answer 20

Combine with a digital signature to verify an individual

Question 21

Non Repudiation

Answer 21

Provides proof of integrity, can be asserted to be genuine

Question 22

Hash

Answer 22

Represents data as a short string of text. If the data changes then the hash changes. Only tells you if data has been changed. Impossible to recover the original message from the hash. Also called a digest or fingerprint.

Question 23

AAA framework

Answer 23

Authentication, Authorization, and Accounting. A security framework that controls access to computer resources, enforces policies, and audits usage.

Question 24

Certificate Authority (CA)

Answer 24

An entity trusted by one or more users as an authority in a network that issues, revokes, and manages digital certificates.

Question 25

Authorization models

Answer 25

Allows organizations to give access rights to the appropriate users by adding an abstraction that creates a clear relationship between the user and resource. Groups users and gives them access to resources

Question 26

Gap Analysis

Answer 26

An extensive study used to determine current security levels compared to where we want them to be.

Question 27

Zero Trust

Answer 27

Security design paradigm where any request (host-to-host or container-to-container) must be authenticated before being allowed.

Question 28

Data Plane

Answer 28

The part of a device that is performing the actual security process

Question 29

Control Plane

Answer 29

Manages the actions of the data plane; Define policies and rules; Determines how packets should be forwarded; Routing tables, session tables, NAT tables

Question 30

Adaptive Identity

Answer 30

Relies on real-time validation that takes into account the user's behavior, device, location, and more

Question 31

Threat scope reduction

Answer 31

Decrease the number of possible entry points

Question 32

Policy driven access control

Answer 32

Combine the adaptive identity with a predefined set of rules

Question 33

Security Zones

Answer 33

Segregation of network resources into distinct zones based on security requirements and trust levels.

Question 34

Policy enforcement point (PEP)

Answer 34

A point where all communications on a network are subject to evaluation.

Question 35

Policy Engine

Answer 35

Cross-references the access request with its predefined policies

Question 36

Policy Administrator

Answer 36

Communicates with PEP to allow or disallow access

Question 37

Physical Security

Answer 37

Prevents physical access to a resource

Question 38

Access control Vestibule

Answer 38

A secure entry system with two gateways, only one of which is open at any one time.

Question 39

Two Person Integrity

Answer 39

No single person has access to a physical asset

Question 40

Honeypot

Answer 40

A security tool used to lure attackers away from the actual network components. Can be used to study the techniques that attackers are trying to use against you.

Question 41

Honey Net

Answer 41

A collection of honeypots used to present an attacker with an even more realistic attack environment.

Question 42

Honeyfiles

Answer 42

Files that appear important or look like they contain sensitive information. Can be used as an alert if the file is accessed, or can contain traceable data.

Question 43

HoneyTokens

Answer 43

Fake credentials that don't actually provide access to sensitive information.