Chapter 9 Implementing Controls to Protect Assests Flashcards

1
Q

Layered security (or defense in depth) employs multiple layers of security to protect against threats. Personnel constantly monitor, update, add to, and improve existing security controls.

A

Control diversity is the use of different security control types, such as technical controls, administrative controls, and physical controls.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Vendor diversity is the practice of implementing security controls from different vendors to increase security.

A

Physical security controls are controls you can physically touch. They often control entry and exit points, and include various types of locks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

An airgap is a physical security control that ensures that a computer or network is physically isolated from another computer or network.

A

Controlled areas such as data centers and server rooms should only have a single entrance and exit point. Door lock types include cipher locks, proximity cards, and biometrics.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

A proximity card can electronically unlock a door and helps prevent unauthorized personnel from entering a secure area. By themselves, proximity cards do not identify and authenticate users. Some systems combine proximity cards with PINs for identification and authentication.

A

Tailgating occurs when one user follows closely behind another user without using credentials. A mantrap can prevent tailgating.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Security guards are a preventive physical security control and they can prevent unauthorized personnel from entering a secure area. A benefit of guards is that they can recognize people and compare an individual’s picture ID for people they don’t recognize.

A

Cameras and closed-circuit television (CCTV) systems provide video surveillance. They provide reliable proof of a person’s identity and activity.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Fencing, lighting, and alarms are commonly implemented with motion detection systems for physical security. Infrared motion detection systems detect human activity based on the temperature.

A

Barricades provide stronger physical security than fences and attempt to deter attackers. Bollards are effective barricades that allow people through, but block vehicles.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Cable locks secure mobile computers such as laptop computers in a training lab. Server bays include locking cabinets or enclosures within a server room. Small devices can be stored in safes or locking office cabinets to prevent the theft of unused resources.

A

Asset management processes protect against vulnerabilities related to architecture and design weaknesses, system sprawl, and undocumented assets.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Heating, ventilation, and air conditioning (HVAC) systems control airflow for data centers and server rooms. Temperature controls protect systems from damage due to overheating.

A

Hot and cold aisles provide more efficient cooling of systems within a data center.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

EMI shielding prevents problems from EMI sources such as fluorescent lighting fixtures. It also prevents data loss in twisted-pair cables. A Faraday cage prevents signals from emanating beyond a room or enclosure.

A

A single point of failure is any component that can cause the entire system to fail if it fails.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

RAID disk subsystems provide fault tolerance and increase availability. RAID-1 (mirroring) uses two disks. RAID-5 uses three or more disks and can survive the failure of one disk. RAID-6 and RAID-10 use four or more disks and can survive the failure of two disks.

A

Load balancers spread the processing load over multiple servers. In an

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

active-active configuration, all servers are actively processing requests. In an active-passive configuration, at least one server is not active, but is instead monitoring activity ready to take over for a failed server. Software-based load balancers use a virtual IP.

A

Affinity scheduling sends client requests to the same server based on the client’s IP address. This is useful when clients need to access the same server for an entire online session. Round-robin scheduling sends requests to servers using a predefined order.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Backup strategies include full, full/ differential, full/ incremental, and snapshot strategies. A full backup strategy alone allows the quickest recovery time.

A

Full/ incremental backup strategies minimize the amount of time needed to perform daily backups.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Test restores verify the integrity of backups. A test restore of a full backup verifies a backup can be restored in its entirety.

A

Backups should be labeled to identify the contents. A copy of backups should be kept off-site.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

It’s important to consider the distance between the main site and the off-site location.

A

The data contained in the backups can have legal implications. If it includes Personally Identifiable Information (PII) or Protected Health Information (PHI), it must be protected according to governing laws.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

The location of the data backups affects the data sovereignty. If backups are stored in a different country, the data on the backups is now subject to the laws and regulations of that country.

A

A business impact analysis (BIA) is part of a business continuity plan (BCP) and it identifies mission-essential functions, critical systems, and vulnerable business processes that are essential to the organization’s success.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

The BIA identifies maximum downtimes for these systems and components. It considers various scenarios that can affect these systems and components, and the impact to life, property, safety, finance, and reputation from an incident.

A

A privacy threshold assessment identifies if a system processes data that exceeds the threshold for PII. If the system processes PII, a privacy impact assessment helps identify and reduce risks related to potential loss of the PII.

17
Q

A recovery time objective (RTO) identifies the maximum amount of time it should take to restore a system after an outage. The recovery point objective (RPO) refers to the amount of data you can afford to lose.

A

Mean time between failures (MTBF) identifies the average (the arithmetic mean) time between failures. The mean time to recover (MTTR) identifies the average (the arithmetic mean) time it takes to restore a failed system.

18
Q

Continuity of operations planning identifies alternate processing sites and alternate business practices. Recovery sites provide alternate locations for business functions after a major disaster.

A

A hot site includes everything needed to be operational within 60 minutes. It is the most effective recovery solution and the most expensive. A cold site has power and connectivity requirements and little else. It is the least expensive to maintain. Warm sites are a compromise between hot sites and cold sites.

19
Q

Periodic testing validates continuity of operations plans. Exercises validate the steps to restore individual systems, activate alternate sites, and document other actions within a plan. Tabletop exercises are discussion-based only. Functional exercises are hands-on exercises.

A

Scalability refers to the ability of a service to serve more clients without any decrease in performance. Availability ensures that systems are up and operational when needed.

20
Q

Load-balancing software distributes traffic equally among all the servers in the web farm, typically located in a DMZ.

A

Some load balancers simply send new requests to the servers in a round-robin fashion.

21
Q

Redundant array of inexpensive disks (RAID) subsystems provide fault tolerance for disks and increase the system availability.

A

RAID-6 is an extension of RAID-5, and it includes an additional parity block. A huge benefit is that the RAID-6 disk subsystem will continue to operate even if two disk drives fail. RAID-6 requires a minimum of four disks.