Chapter 9 Implementing Controls to Protect Assests

Question 1

Layered security (or defense in depth) employs multiple layers of security to protect against threats. Personnel constantly monitor, update, add to, and improve existing security controls.

Answer 1

Control diversity is the use of different security control types, such as technical controls, administrative controls, and physical controls.

Question 2

Vendor diversity is the practice of implementing security controls from different vendors to increase security.

Answer 2

Physical security controls are controls you can physically touch. They often control entry and exit points, and include various types of locks.

Question 3

An airgap is a physical security control that ensures that a computer or network is physically isolated from another computer or network.

Answer 3

Controlled areas such as data centers and server rooms should only have a single entrance and exit point. Door lock types include cipher locks, proximity cards, and biometrics.

Question 4

A proximity card can electronically unlock a door and helps prevent unauthorized personnel from entering a secure area. By themselves, proximity cards do not identify and authenticate users. Some systems combine proximity cards with PINs for identification and authentication.

Answer 4

Tailgating occurs when one user follows closely behind another user without using credentials. A mantrap can prevent tailgating.

Question 5

Security guards are a preventive physical security control and they can prevent unauthorized personnel from entering a secure area. A benefit of guards is that they can recognize people and compare an individual’s picture ID for people they don’t recognize.

Answer 5

Cameras and closed-circuit television (CCTV) systems provide video surveillance. They provide reliable proof of a person’s identity and activity.

Question 6

Fencing, lighting, and alarms are commonly implemented with motion detection systems for physical security. Infrared motion detection systems detect human activity based on the temperature.

Answer 6

Barricades provide stronger physical security than fences and attempt to deter attackers. Bollards are effective barricades that allow people through, but block vehicles.

Question 7

Cable locks secure mobile computers such as laptop computers in a training lab. Server bays include locking cabinets or enclosures within a server room. Small devices can be stored in safes or locking office cabinets to prevent the theft of unused resources.

Answer 7

Asset management processes protect against vulnerabilities related to architecture and design weaknesses, system sprawl, and undocumented assets.

Question 8

Heating, ventilation, and air conditioning (HVAC) systems control airflow for data centers and server rooms. Temperature controls protect systems from damage due to overheating.

Answer 8

Hot and cold aisles provide more efficient cooling of systems within a data center.

Question 9

EMI shielding prevents problems from EMI sources such as fluorescent lighting fixtures. It also prevents data loss in twisted-pair cables. A Faraday cage prevents signals from emanating beyond a room or enclosure.

Answer 9

A single point of failure is any component that can cause the entire system to fail if it fails.

Question 10

RAID disk subsystems provide fault tolerance and increase availability. RAID-1 (mirroring) uses two disks. RAID-5 uses three or more disks and can survive the failure of one disk. RAID-6 and RAID-10 use four or more disks and can survive the failure of two disks.

Answer 10

Load balancers spread the processing load over multiple servers. In an

Question 11

active-active configuration, all servers are actively processing requests. In an active-passive configuration, at least one server is not active, but is instead monitoring activity ready to take over for a failed server. Software-based load balancers use a virtual IP.

Answer 11

Affinity scheduling sends client requests to the same server based on the client’s IP address. This is useful when clients need to access the same server for an entire online session. Round-robin scheduling sends requests to servers using a predefined order.

Question 12

Backup strategies include full, full/ differential, full/ incremental, and snapshot strategies. A full backup strategy alone allows the quickest recovery time.

Answer 12

Full/ incremental backup strategies minimize the amount of time needed to perform daily backups.

Question 13

Test restores verify the integrity of backups. A test restore of a full backup verifies a backup can be restored in its entirety.

Answer 13

Backups should be labeled to identify the contents. A copy of backups should be kept off-site.

Question 14

It’s important to consider the distance between the main site and the off-site location.

Answer 14

The data contained in the backups can have legal implications. If it includes Personally Identifiable Information (PII) or Protected Health Information (PHI), it must be protected according to governing laws.

Question 15

The location of the data backups affects the data sovereignty. If backups are stored in a different country, the data on the backups is now subject to the laws and regulations of that country.

Answer 15

A business impact analysis (BIA) is part of a business continuity plan (BCP) and it identifies mission-essential functions, critical systems, and vulnerable business processes that are essential to the organization’s success.

Question 16

The BIA identifies maximum downtimes for these systems and components. It considers various scenarios that can affect these systems and components, and the impact to life, property, safety, finance, and reputation from an incident.

Answer 16

A privacy threshold assessment identifies if a system processes data that exceeds the threshold for PII. If the system processes PII, a privacy impact assessment helps identify and reduce risks related to potential loss of the PII.

Question 17

A recovery time objective (RTO) identifies the maximum amount of time it should take to restore a system after an outage. The recovery point objective (RPO) refers to the amount of data you can afford to lose.

Answer 17

Mean time between failures (MTBF) identifies the average (the arithmetic mean) time between failures. The mean time to recover (MTTR) identifies the average (the arithmetic mean) time it takes to restore a failed system.

Question 18

Continuity of operations planning identifies alternate processing sites and alternate business practices. Recovery sites provide alternate locations for business functions after a major disaster.

Answer 18

A hot site includes everything needed to be operational within 60 minutes. It is the most effective recovery solution and the most expensive. A cold site has power and connectivity requirements and little else. It is the least expensive to maintain. Warm sites are a compromise between hot sites and cold sites.

Question 19

Periodic testing validates continuity of operations plans. Exercises validate the steps to restore individual systems, activate alternate sites, and document other actions within a plan. Tabletop exercises are discussion-based only. Functional exercises are hands-on exercises.

Answer 19

Scalability refers to the ability of a service to serve more clients without any decrease in performance. Availability ensures that systems are up and operational when needed.

Question 20

Load-balancing software distributes traffic equally among all the servers in the web farm, typically located in a DMZ.

Answer 20

Some load balancers simply send new requests to the servers in a round-robin fashion.

Question 21

Redundant array of inexpensive disks (RAID) subsystems provide fault tolerance for disks and increase the system availability.

Answer 21

RAID-6 is an extension of RAID-5, and it includes an additional parity block. A huge benefit is that the RAID-6 disk subsystem will continue to operate even if two disk drives fail. RAID-6 requires a minimum of four disks.