Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Security + > Chapter 9 - Implementing Controls to Protect Assets > Flashcards

Chapter 9 - Implementing Controls to Protect Assets Flashcards

1
Q

Air gap

A

A physical security control that ensures that a computer or network is physically isolated from another computer or network.

EX: ensuring a computer is not connected to any other system in the network.

Classified networks are often separated from unclassified networks to ensure that classified networks are not accessible by other internal networks or the internet.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Faraday cage

A

Typically a room that prevents radio frequency (RF) signals from entering into or emanating beyond a room. Includes electrical features that reach the boundary of the room to be reflected back.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Malicious USB

A

A malicious USB cable has an embedded wifi controller capable of receiving commands from nearby wireless devices such as a smartphone. If an attacker connects to a malicious USB cable he can send commands to the computer.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Malicious flash drive

A

Includes malware configured to infect a computer when the drive is plugged in.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Redundancy

A

Adds duplication to critical system components and provides fault tolerance. If a critical system has a fault, the duplication allows the service to continue as if the fault never occured, ie a system with fault tolerance can suffer a fault but tolerate it and continue to operate.

Organizations often add redundancies to eliminate single points of failure:
- Disk redundancies using RAID
-NIC redundancy with NIC teaming
-Server redundancies by adding load balancers
-Power redundancies by adding generators or a UPS
-Site redundancies by adding hot, cold, or warm sites

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

SPOF

A

Single point of failure, a component within a system that can cause the entire system to fail if the component fails.

When designing redundancies an organization will examine different components to determine if they are a spof, and if so take steps to provide redundancy or fault tolerance, with the goal of increasing the reliability and availability of the system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

RAID

A

Redundant Array of Inexpensive Disks

Provides fault tolerance for hard drives and is a relatively inexpensive way to add fault tolerance to a system and increase data availability.

If a server uses a single drive, the system will crash if the single drive fails

Even if a disk fails, most RAID subsystems can tolerate the failure and the system will continue to operate. There are various RAID levels.

Any system has four primary resources: processor, memory, disk, and the network interface. Of these, disk is slowest and most susceptible to failure, which is why network admins often upgrade disk subsystems to improve their performance and redundancy.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

RAID-0

A

Also called striping. It actually does not provide any redundancy or fault tolerance. It includes 2 or more physical disks. Files stored on RAID-O array are spread across each of the disks.

-Main benefit of RAID-0 is increased read and write performance since a file is spread across multiple physical disks, the different part of the file can be read from or written to each of the disks simultaneously.

-If you have three 500GB drives in a RAID-0, you have 1,500GB (1.5 TB) of storage space.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

RAID-1

A

Also called mirroring, RAID-1 uses two disks. Data written to one disk is also written to the other disk. If one of the disks fails, the other disk still has all the data, so the system can continue to operate without any data loss.
–> If you mirror all the drives in a system you can actually lose half of the drives and continue to operate.

-You can aid additional disk controllers to a RAID-1 configuration to remove the disk controller as a SPOF. In this configuration, each of the disks has its own disk controller - adding a second disk controller to a mirror is called disc duplexing.

-If you have two 500 GB drives using RAID-1 mirroring, you have 500GB of storage space, since the other 500GB is dedicated to the fault tolerant, mirrored volume.

NOTE: RAID-2, RAID-3, and RAID-4 are rarely used.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

RAID-5

A

RAID-5 is three or more disks that are striped together, similar to RAID-0. However, the equivalent of one drive includes parity information. This parity information is striped across each of the drives in a RAID-5 and provides fault tolerance.

If one of the drives fails, the disk subsystem can read the remaining drives’ information and re-create the original data. If two of then drives fail in a RAID-5, the data is lost.

-Offers a balance between performance and fault tolerance. Minimum of 3 disks

-Can survive the failure of one disk, but if two drives fail, the data is lost.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Data striping

A

Data striping involves dividing the data into blocks and distributing these blocks across multiple disks in the RAID array. Each disk contains a portion of the data, and by spreading the data across multiple disks, RAID-5 can improve read and write performance.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Parity information

A

Parity information is an additional piece of data calculated from the corresponding blocks of data on the other disks in the array. It is used for error detection and data recovery in case of disk failure.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

RAID-6

A

RAID-6 is an extension of RAID-5, with the big difference being that it uses an additional parity block and requires an additional disk, so a minimum of 4 disks.

-The huge benefit of a RAID-6 subsystem is that it will continue to operate even if two disk drives fail.

-Requires a minimum of 4 disks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

RAID-10ch

A

RAID-10 configuration combines the features of mirroring (RAID-1) and striping (RAID-0). It is sometimes called RAID 1+0, and there are variations like RAID-01 or RAID-0+1.

The minimum number of drives in RAID-10 is 4. When adding more drives, you add two more (or multiples of 2, such as 4/6/8etc).

If you have four 500GB drives in a RAID-10 system, you have 1TB of usable storage.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

High availability

A

Refers to a system or service that needs to remain operational with almost zero downtime. It is possible to achieve 99.999% uptime (called 5 9s) by implementing redundancy and fault tolerance methods, but 5 9s is expensive.

If the potential cost of an outage is high then the cost of redundant technologies is justified, ie on an ecommerce store that generates lots of revenue by the minute.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Load Balancer

A

A load balancer can be hardware or software.

A hardware load balancer accepts traffic and directs it to servers based on factors such as processor utilization and the number of current connections to the server.

A software based load balancer using software running on each of the servers to balance the load.

Load balancing provides scalability and availability and increases the overall processing power of a service by sharing the load among multiple servers.

Scalability = the ability of a service to serve more clients without any decrease in performance.

Some load balancers use different scheduling methods and will send new requests round robin to its server farm while others detect the load on the individual servers and send new clients to the least used server.

Source IP address affinity scheduling ensures clients are redirected to the same server for an entire session, and provides session persistence.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Active/active vs. active/passive

A

An active/active load balancer can optimize and distribute data loads across multiple computers or multiple networks.

EXAMPLE: if an organization hosts a popular website, it can use multiple servers hosting the same website in a web farm. Load balancing distributes traffic equally among all the servers in the web farm, typically located in a DMZ.

____

In an active/passive configuration, one server is active, and the other server is inactive. If the active server fails, the inactive server takes over.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

NIC Teaming

A

NIC Teaming allows you to group two or more physical network adapters into a single software-based virtual network adapter, providing increased performance because the NIC team handles all the individual NIC bandwidths as if the NIC team is a single physical network adapter.

Additionally, the NIC team uses load-balancing algorithms to distribute traffic equally among the NICs.

NIC teaming also eliminates any physical NIC as a SPOF. If one NIC in the NIC team fails, the software detects the failure and logically removes the team’s failed NIC.

19
Q

Power Redundancies

A

-UPS -Uninterruptible Power Supplies. Provides short term power and can protect against power fluctuations.

-Dual supply - a second/redundant power supply that can power a device if the primary power supply fails. Usually hot swappable.

-Generators - provide long-term power during extended outages such as disasters

-Managed power distribution units - PDUs are commonly used within the racks in data centers to power the devices, similar to how a power strip delivers power via multiple outlets. Managed PDUs monitor the quality of power such as voltage/current/consumption and report these measurements to a central monitoring console, along admins to monitor power within a data center from a single application.

20
Q

Backup media

A

-Disc

-NAS (Network attached storage): a dedicated computer used for file storage and accessible on a network. Can have multiple drives and often runs a stripped-down version of Linux for simplicity and to reduce costs.

-SAN (storage area network): provides block-level data storage via a full network. Organizations use SANs to provide high speed access to disk arrays or tape libraries. Can also be used for real-time replication of data - not always hardware, can use standard network protocols such as TCP and IP

-Cloud

21
Q

Offline backups

A

Use traditional backup media within a network such as tapes, local disks, drives in a NAS, and even backup targets within a SAN. Provide an organization an easy access to backups, better control of the backup media, and relatively fast backup and restore capabilities.

BUT it can fail, be destroyed or even stolen.

22
Q

Online backups

A

Stored within the cloud, often accessible via internet. Even if a natural disaster destroys all offline backups, they remain available in the cloud. CSPs also automatically encrypt data preventing unauthorized access to backups.

DATABASES:

Online database backup is a hot backup meaning it backs up the database when it is operational and captures changes as they are occurring.

Offline database backup is a cold backup or backup performed while the database is online, like a local backup.

23
Q

Full backup

A

Backs up all data specified in the backup, for example, several folders on the D: drive. If you specify these folders in the backup program, it will backup all the data in these folders.

*Though possible to do a full backup on a daily basis, it is rare in most production environments due to TIME (hours, can interfere with operations and system maintenance) and MONEY (need to be stored on some type of media, doing them every day requires more media which can be cost prohibitive).

Most organizations combine full backups with differential or incremental backups.

*A full backup is easiest and quickest to restore. You only need to restore the single full backup, and you’re done.

24
Q

Differential backup

A

Differential backups start with a full backup, and capture all the data that has changed since the last full backup.

Example:
Sunday: Full Backup
Monday: Differential Backup (Captures changes since Sunday)
Tuesday: Differential Backup (Captures changes since Sunday)
Wednesday: Differential Backup (Captures changes since Sunday)
Thursday: Differential Backup (Captures changes since Sunday)
Friday: Differential Backup (Captures changes since Sunday)
Saturday: Differential Backup (Captures changes since Sunday)

In this scenario, each differential backup captures all changes made since the last full backup, regardless of any previous differential backups. While each differential backup may take longer than an incremental backup, restoring data typically requires accessing only the full backup and the most recent differential backup.

Differential backups optimize for speed to recover data since they simplify the restoration process by requiring access to only the full backup and the most recent differential backup, compared to potentially multiple incremental backups.

25
Q

Incremental Backup

A

Incremental backups capture only the data that has changed since the last backup, whether it’s a full backup or another incremental backup.

Example:
Sunday: Full Backup
Monday: Incremental Backup (Captures changes since Sunday)
Tuesday: Incremental Backup (Captures changes since Monday)
Wednesday: Incremental Backup (Captures changes since Tuesday)
Thursday: Incremental Backup (Captures changes since Wednesday)
Friday: Incremental Backup (Captures changes since Thursday)
Saturday: Incremental Backup (Captures changes since Friday)

In this scenario, each incremental backup only stores the changes made since the previous backup, reducing the amount of data and time required for each backup. However, restoring data may require accessing multiple incremental backups and the full backup.

Incremental backups optimize for speed to complete backups since they capture only the changes made since the last backup, reducing the backup time and storage space required.

26
Q

Snapshot backup

A

Also called an image backup, this captures the data at a moment in time. Commonly used with VMs, but many backup utilities can perform snapshot backups on data.

Admins often take snapshots of a VM before a risky operation such as an update. If the update causes problems it’s easy to revert the VM to the state it was in before the update.

27
Q

Copy backup

A

Copies files to backup media, ie USB disc drives

28
Q

Testing backupsid

A

The only way to validate a backup is to perform a test restore, which is just restoring the data from a backup and verifying its integrity.

29
Q

BCP

A

Business Continuity Plan, a plan to ensure that critical business operations continue and an organization can survive an outage.

This plan includes disaster recovery elements that provide the steps used to return critical functions to operation after an outage.

30
Q

BIA

A

Business Impact Analysis. An important part of a BCP, this helps an organization identify critical systems and components that are essential to the organization’s success.

Also helps identify vulnerable business processes, which are the processes that support mission-essential functions.

Also identifies maximum downtime limits for these systems and components, various scenarios that can impact these systems and components, and the potential losses from an incident.

31
Q

Mission-essential functions

A

The activities that must continue or be restored quickly after a disaster.

32
Q

RTO

A

RTO (Recovery Time Objective):

  • RTO refers to the targeted duration within which a business process or system must be restored after a disruption (such as a system failure or outage) to avoid significant consequences.
  • It represents the maximum acceptable downtime tolerated by an organization for a particular system or process.
  • RTO is often expressed in hours or days and is determined based on business requirements, regulatory compliance, and operational considerations.
33
Q

RPO

A

RPO (Recovery Point Objective):

  • RPO refers to the maximum tolerable amount of data loss that an organization can afford during a disruption before it adversely affects business operations.
  • It represents the point in time to which data must be recovered in order to resume normal operations without significant consequences.
  • RPO is typically measured in units of time (e.g., minutes, hours) and indicates the acceptable amount of data that can be lost due to a disruption.
34
Q

MTTR

A

MTTR (Mean Time to Recover/Repair):

  • MTTR measures the average time it takes to restore a failed system, service, or component to full functionality after an incident or failure occurs.
  • It includes the time required to detect the failure, diagnose the root cause, perform necessary repairs or recovery actions, and verify that the system is functioning correctly.
  • MTTR is often expressed in hours or minutes and is an important metric for assessing system reliability and operational efficiency.
35
Q

MTBF

A

MTBF (Mean Time Between Failures):

  • MTBF measures the average time elapsed between consecutive failures of a system, component, or device during normal operation.
  • It indicates the expected reliability of a system and is calculated as the total operational time divided by the number of failures observed over that period.
  • MTBF is typically expressed in units of time (e.g., hours, days) and provides insights into the reliability and robustness of a system or component.

MTBF provides a measure of a system’s reliability and would provide an estimate of how often the systems will experience outages. MTTR refers to the time it takes to restore a system.

36
Q

COOP

A

Continuity of Operations Planning, focuses on restoring mission-essential functions at a recovery site after a critical outage, such as a hurricane that prevents the company from operating in the primary location.

The org can continue to operate the mission-essential functions at an alternate location that management previously identified as the recovery site.

Failover = the process of moving mission-essential functions to the alternate site.

37
Q

Recovery site and site resiliency

A

A recovery site is an alternative processing site that an organization uses for site resiliency, an alternate site that can take over after a disaster.

3 types of recovery sites: hot, warm, and cold sites.

38
Q

Hot site

A

A type of recovery site that would be up and operational 24/7 and would be able to take over functionality from the primary site quickly after a primary site failure.

Includes all equipment, software and communication capabilities of the primary site, and all the data would be up to date, with copies of backup tapes also stored offsite at the hot site location.

*Often just another active business location that has the capacity to assume operations during a disaster, such as a financial institution with offices in 2 cities where one office offers non-critical support services but contains the resources necessary to assume the functions of the primary office.

HOT SITE = SHORTEST RECOVERY TIME COMPARED TO WARM AND COLD, but also most expensive

39
Q

Cold site

A

A cold siter requires power and connectivity but not much else, usually just needs a roof, electricity, running water and internet.

Organization brings in all the equipment, software, and data to the site when it activates it. Think of the army transforming fields into operational sites with tents, cables, antennas etc.

Cheapest to maintain but most difficult to test.

40
Q

Warm site

A

Hot sites are too expensive and cold sites take too long to configure for full operation, but a warm site provides a compromise that an organization can tailor to meet their needs.

EXAMPLE: an organization can place all the necessary hardware at the warm site location but not include up to date data. In a disaster, the org can copy the data to the warm site and take over operations.

Other options are mobile and mirrored.*

41
Q

DRP

A

Disaster Recovery Plan identifies how to recover critical systems and data after a disaster, often informed by a BIA. Has a hierarchical list of critical systems to restore:

  1. Activate the DRP
  2. Implement contingencies.
  3. Recover critical systems.
  4. Test recovered systems
  5. After-action report
42
Q

Testing Plans with Exercises

A

BCPs and DRPs include testing to validate that the plan works as desired and will often include testing redundancies and backups.

TABLETOP/DESKTOP EXERCISE is discussion-based where a coordinator gathers a classroom and leads them through hypothetical scenarios such as a cyberattack or natural disaster

WALKTHROUGHS are workshops or orientation seminars that train team members on their roles and responsibilities, usually done before a tabletop exercise, informing the creation of the tabletop exercise plan.

SIMULATIONS are functional exercises that allow personnel to test the plans in a simulated operational environment.

Testing plans commonly include:
-Backups
-Server restoration
-Server redundancy
-Site resiliency

43
Q

Disk Multipath

A

Multipath I/O (input/output) is another fault tolerance method for disks that uses a separate data transfer path to and from the storage hardware. If one path fails, the second path handles the transfer. If both paths are operational, it provides increased performance.

Can be complex. One method of implementing multipath I/O is via a storage area network (SAN) using Fibre Channel. Setting up a SAN with a fibre channel is both complex and expensive.

Security + (13 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions