Chapter 5

Question 1

What is ingress monitoring

Answer 1

surveillance and assessment of all inbound communications traffic and access attempts

Question 2

What is Egress monitoring

Answer 2

monitoring of all outbound network traffic, used to regulate data leaving the organization’s IT environment.

Question 3

Give an example of some devices that perform ingress monitoring

Answer 3

Firewalls
Gateways
Remote authentication servers
IDS/IPS tools
SIEM solutions
Anti-malware solutions

Question 4

Egress monitoring should be combined with DLP and deployed to what attack vectors for Data leak

Answer 4

Email (content and attachments)
Copy to portable media
File Transfer Protocol (FTP)
Posting to web pages/websites
Applications/application programming interfaces (APIs)

Question 5

What is an encryption system

Answer 5

is the set of hardware, software, algorithms, control parameters and operational methods that provide a set of encryption service

Question 6

Explain configuration management

Answer 6

a process and discipline used to ensure that the only changes made to a system are those that have been authorized and validated

Question 7

what are the components of configuration management

Answer 7

Identification
Baseline
Change Control
Verification and audit

Question 8

Define the identification of CM

Answer 8

Baseline identification of a system and all its components, interfaces and documentation.

Question 9

define the baseline component of CM

Answer 9

A security baseline is a minimum level of protection that can be used as a reference point. Baselines provide a way to ensure that updates to technology and architectures are subjected to the minimum understood and acceptable level of security requirements.

Question 10

define the Change Control component of CM

Answer 10

An update process for requesting changes to a baseline, by means of making changes to one or more components in that baseline. A review and approval process for all changes. This includes updates and patches.

Question 11

Define the Verification and Audit of CM

Answer 11

A regression and validation process, which may involve testing and analysis, to verify that nothing in the system was broken by a newly applied set of changes. An audit process can validate that the currently in-use baseline matches the sum total of its initial baseline plus all approved changes applied in sequence.

Question 12

What is the first step to security baselining

Answer 12

Take inventory of the assets you have and their compliance

Question 13

What is the second step to security baselining

Answer 13

The baseline is a total inventory of all the system’s components, hardware, software, data, administrative controls, documentation and user instructions

Question 14

Third step to security baselining

Answer 14

Ensure updating is in place with controls to validate backwards compatibility and forwards compatiiblity of updates. Also perform security review of assets to determine if things once considered secure are still, in fact, secure.

Question 15

Final step to security mgmt

Answer 15

Patch management mostly applies to software and hardware devices that are subject to regular modification. Orgs should test the patch before rolling it out across the organization.

Question 16

What are some common security policies

Answer 16

BYOD, Change MGMT, Privacy, AUP, Data Handling, password policy

Question 17

Describe Data handleing

Answer 17

Determines how data can be used in a company, who can see and use it. May be based on regulatory bases

Proper data classification also helps the organization comply with pertinent laws and regulations.

Question 18

Describe some common items in a AUP

Answer 18

Data access
System access
Data disclosure
Passwords
Data retention
Internet usage
Company device usage

Question 19

describe a privacy policy

Answer 19

A policy that describes how PII and PHI will be used within an environemnet in acordance with GDPR, HIPAA, PIPEDA)(CA)and other laws concerning this type of data

The organization should also create a public document that explains how private information is used, both internally and externally.

Question 20

What are the three steps in a change management policy

Answer 20

deciding to change, making the change, and confirming that the change has been correctly accomplished

Question 21

What is the first component to change mgmt

Answer 21

an RFC or request for change is submitted and documented

Question 22

What is the second step in CM

Answer 22

Evaluate RFCs for completeness.
Assignment to the proper change authorization process based on risk and organizational

practices, Stakeholder reviews, resource identification and allocation.

Appropriate approvals or rejections, and Documentation of approval or rejection.

Question 23

What activities are included in the third step of CM

Answer 23

Scheduling the change, Testing the change, Verifying the rollback procedures, Implementing the change, Evaluating the change for proper and effective operation, and Documenting the change in the production environment

Question 24

True or False? Business continuity planning is a reactive procedure that restores business operations after a disruption occurs

Answer 24

Business continuity planning is proactive preparation for restoring operations after disruption

Question 25

What is the risk associated with delaying resumption of full normal operations after a disaster?

Answer 25

Alternate operations are typically more costly than normal operations, in terms of impact to the organization; extended alternate operations could harm the organization as much as a disaster.

Question 26

When should a business continuity plan (BCP) be activated?

Answer 26

When senior management decides

A senior manager with the proper authority must initiate the BCP.