Chapter 9 - Controls and Countermeasures Flashcards

1
Q

What are the 3 factors to be considered when performing a Cost Benefit Analysis?

A
  1. Initial Cost
  2. Implementation Cost
  3. Compatibility Cost
    - The cost to the end user should they be affected by the security control implemented
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Countermeasures typically serve one of three goals, what are they?

A

Detective
- Detects threats when they occur such as IDS

Preventative
- prevents threats from happening such as fences or physical security controls

Corrective
- Failover sites/clusters should primary control fail such as firewall going down

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are directive controls?

A

Directive controls are controls that are required to be implemented by a higher power/authority.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are the three different ways controls can be implemented?

A

Administrative Controls
- Written security policy and acceptable uses cases that employees are made aware of

Technical Controls
- Controls that have been implemented through technical means such as hardware/software
- disabling unused ports, whitelisting etc.

Physical Controls
- Physical security such as gates, barriers, fences etc.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is a Policy?

A

A policy is a high-level authoritative document to provide guidance to members of staff.

A security policy will provide a high-level overview of what is to be expected from employees within an organization.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is a Standard?

A

Standards are typically defined by common standardised practice/consensus within an industry.

TLS is the industry standard instead of SSL.

Standards are not authoritative but certainly shapes a company’s policy.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are Procedures?

A

Procedures are specific steps an individual must follow when conducting an action that is accompanied with a procedure.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What are Guidelines?

A

Guidelines are suggestive recommendations, not authoritative or mandatory.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is a Business Continuity Plan (BCP)?

A

A BCP helps and organization prepare for emergencies that can interrupt function/mission of the business.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is a Business Impact Analysis (BIA)?

A

A BIA is conducted to determine the critical functions that are required for a business to operate.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is a Disaster Recovery Plan?

A

A DRP identifies the necessary steps/resources required to recover critical systems and functions in the event of a disaster.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is the main purpose of a Change and Configuration management process?

A

Change & Configuration management processes prevents any form of unintended, undocumented changes that could cause an outage.

Change & Configuration management makes it easy to track any changes that could have lead to an outage after the fact.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What are the steps involved in the patch management process?

A
  1. Evaluate Patch
    - Determine which systems are in scope for the patch
  2. Patch Testing
    - Patch is tested on a small number of machines prior to wide roll out
  3. Apply the Patch
    - Patches can be automated through the use of SSCM or some other patching automation software
  4. Auditing the Patch
    - SSCM can provide a list of machines that have successfully received/failed the patch installation
  5. Document the Patch
    - The installation of the patch is documented for audit, compliance and logging reasons.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is System Centre Configuration Management (SSCM)?

A

SSCM is a server application from Microsoft that can implement patches automatically across an entire estate.

SSCM can also verify successful/failed installation of patches.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What are Failover Clusters?

A

A Failover Cluster ensures service continuity by providing redundancy.

Two-Node cluster is a simple example where service is transferred to Node 2 should Node 1 fail.

This failover is automatic.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What are the two different types of load balancing?

A

Round Robin Distribution
- Req 1 = server 1
- Req 2 = server 2

Source Address Affinity
- Sessions that require connection to the same server such as transactions.

17
Q

What is a Full Back Up?

A

A Full Back Up backs up the entire data set at predefined intervals.

Works well for small data sets but can be cumbersome on larger data sets.

18
Q

What is Full/Incremental Back up?

A

Full Incremental Back up backs up data based on what has changed since the last back up.

A full back up is taken in the beginning of a cycle and from then on, backs up data only on what has been changed.

19
Q

What is Full/Differential Back up?

A

No Full back up at the beginning of a cycle, instead only backs up changes made to the data.

20
Q

What is Image Based Backup?

A

An Image Based backup is when images of a system is taken as back up so that it can be reverted or replicated to a last known good state.

Full image back ups are typically taken prior to a significant change and outage is expected.

21
Q

What is BYOD?

A

Bring Your Own Device

22
Q

What is CYOD?

A

Choose Your Own Device
- user chooses from an approved list of devices

23
Q

What is COPE?

A

Corporate owned, personally enabled
- What work does now