CISSP (Domain 7 - Operations Security) Flashcards

1
Q

Operational Assurance

A

Achieved by performing daily tasks and evaluating their effectiveness through testing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

4 Steps to Operational Assurance

PI/PE/AH/TR

A
  • Protect Information
    +CIA
    +Balance (Functional Vs. Secure)
    +Enforce Compliance
  • Privileged Entities (Administrators)
  • Control Access to Hardware
    +Logical
    +Physical
  • Trusted Recovery
    +Bring up security controls first
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

10 Administrative Controls

DC/DD/SD/JR/MV/NK/LP/AL/SC/HF

A
  • Due Care
  • Due Diligence
  • Separation of duties
  • Job rotation
  • Mandatory vacations
  • Need-to-know
  • Least privilege
  • Invokes authorization levels
  • Management software configuration
  • Personnel hiring and firing
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Service Level Agreement (SLA)

A

The unit of time a vendor will repair a faulty product

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Mean Time Between Failure (MTBF)

A
  • Expected lifetime of component

- Used to calculate risk of utility failure

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Mean Time To Repair (MTTR)

A

Amount of time to get device back into production

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Redundant Array of Inexpensive Disks (RAID)

A

Technology used for redundancy and performance improvement

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

RAID Levels

A
  • *Level 0: Striping, written to all drives, no fault tolerance, high performance
  • *Level 1: Mirroring
  • Level 2: Data striping over all drives at the bit level
  • Level 3 Byte level parity
  • Level 4: Byte level parity
  • *Level 5: Interleave parity - data and parity over all disks
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

2 Advantages of RAID 5

A
  • If one drive fails you still have access to all the data, reconstruction can occur on new drive
  • New drive will be rebuilt with parity data (Based on XOR
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

4 Backup Types

A
  • Full backup
  • Incremental backup
  • Differential backup
  • Copy backup
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Full Backup

A
  • Archive Bit is reset after backup (all bits)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Incremental Backup

A
  • Backs up files that have been modified since last backup

- Archive bit is reset (takes 1 and set to 0)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Differential Backup

A
  • Backs up files that have been modified since last full backup
  • Archive bit is not reset (makes copies of archive bit)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Copy Backup

A
  • Archive bit is not reset

- Use before upgrades/system maintenance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Network-Based IDS

A
  • Monitors traffic on a network segment
  • Computer or network device with NIC in promiscuous mode
  • Sensors communication with central management console
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Host-base IDS

A
  • Small agent program that resides on individual computers

- Detects suspicious activity on one system, not network segment

17
Q

3 IDS Components with Examples

S/AE/MC

A
  • Sensors: Collect raw data and reports data
  • Analysis engine: Analyzes for malicious software, reports
  • Management console: Alerted about intrusion
18
Q

Signature Based IDS

A

Contains a database of signatures that continually have to be updated. Cant identify new attacks

19
Q

Behavior Based IDS

A

Maintains a profile of normal behavior for a better defense against new attacks. Creates many false positives

20
Q
Pattern Matching (Analysis Engine Method)
(RB/SB/KB)
A
  • Rule-based intrusion detection
  • Signature-based intrusion detection
  • Knowledge-based intrusion detection
21
Q
Profile Comparison (Analysis Engine Method)
(SB/AB/BB)
A
  • Statistically-based intrusion detection
  • Anomaly-based intrusion detection
  • Behavior-based intrusion detection
22
Q

5 IDS Response Options

A
  • Page or e-mail administrator
  • Log event
  • Send reset packets to the attacker’s connections
  • Change a firewall or router ACL to block an IP address or range
  • Reconfigure router or firewall to block protocol being used for attack
23
Q

5 IDS Issues

A
  • May not be able to process all packets on large networks (missing packets)
  • Cant analyze encrypted data
  • Switch-based networks make it harder to pick up traffic
  • A lot of false alarms
  • Not an answer to all security issues
24
Q

Honeypot

A

Loophole added to system on purpose to trap intruders

25
Q

3 Basic Requirements to Penetration Testing

A
  • Defined goal, clearly documented
  • Limited timeline outlined
  • Approved by senior management
26
Q

Purpose of configuration management

A

Identifying, controlling, accounting for and auditing changes made to the baseline TCB