Chapter 9: Implementing Controls to Protect Assets Flashcards
____ ____ (or defense in depth) employs multiple layers of security to protect against threats. Personnel constantly monitor, update, add to, and improve existing security controls.
Layered security
____ diversity is the use of different security control types, such as technical controls, administrative controls, and physical controls.
Control
____ diversity is the practice of implementing security controls from different vendors to increase security.
Vendor
____ security controls are controls you can physically touch. They often control entry and exit points, and include various types of locks.
Physical
An____ is a physical security control that ensures that a computer or network is physically isolated from another computer or network.
airgap
Controlled areas such as data centers and server rooms should only have a single ____ and ____ point. Door lock types include cipher locks, proximity cards, and biometrics.
entrance and exit
A ____ ____ can electronically unlock a door and helps prevent unauthorized personnel from entering a secure area. By themselves, they do not identify and authenticate users. Some systems combine them with PINs for identification and authentication.
proximity card
____ occurs when one user follows closely behind another user without using credentials.
Tailgating
A ____ can prevent tailgating.
mantrap
____ ____ are a preventive physical security control and they can prevent unauthorized personnel from entering a secure area. A benefit is that they can recognize people and compare an individual’s picture ID for people they don’t recognize.
Security guards
Cameras and ___-___ ___ ____ provide video surveillance. They provide reliable proof of a person’s identity and activity.
closed-circuit television (CCTV) systems
Fencing, lighting, and alarms are commonly implemented with motion detection systems for physical security. ____ motion detection systems detect human activity based on the temperature.
Infrared
____ provide stronger physical security than fences and attempt to deter attackers.
Barricades
_____ are effective barricades that allow people through, but block vehicles.
Bollards
____ ____ secure mobile computers such as laptop computers in a training lab.
Cable locks
____ ____ include locking cabinets or enclosures within a server room.
Server bays
____ ____processes protect against vulnerabilities related to architecture and design weaknesses, system sprawl, and undocumented assets.
Asset management
_____ ____ and ___ ______ systems control airflow for data centers and server rooms. Temperature controls protect systems from damage due to overheating.
Heating, ventilation, and air conditioning (HVAC)
___ and ____ aisles provide more efficient cooling of systems within a data center.
Hot and cold
___ ____ prevents problems from EMI sources such as
fluorescent lighting fixtures. It also prevents data loss in twisted-pair cables.
EMI shielding
A ____ ____ prevents signals from emanating beyond a room or enclosure.
Faraday cage
A ___ ____ __ ____ is any component that can cause the entire system to fail if it fails.
single point of failure
____ disk subsystems provide fault tolerance and increase availability. ____ (mirroring) uses two disks. ____ uses three or more disks and can survive the failure of one disk. ____ and ____ use four or more disks and can survive the failure of two disks.
RAID
RAID-1
RAID-5
RAID-6 and RAID-10
Load balancers spread the processing load over multiple servers. In an ____-____ configuration, all servers are actively processing requests. In an ____-____ configuration, at least one server is not active, but is instead monitoring activity ready to take over for a failed server. Software-based load balancers use a virtual IP.
active- active
active-passive
