Comptia Security+ Flashcards
How would you describe File Integrity Monitoring (FIM)
🛡️ File Integrity Monitoring (FIM) is a security measure that helps identify and prevent data tampering within the enterprise. FIM systems monitor files and directories for any unauthorized changes, modifications, or tampering. When changes are detected, alerts or notifications are generated, allowing security teams to investigate and respond to potential security incidents.
FIM is particularly useful for detecting unauthorized changes to critical system files, configurations, and sensitive data. It helps maintain the integrity of important files and ensures that they remain in their original state, protecting against unauthorized access or manipulation.
How would you describe Online Certificate Status Protocol (OCSP) ?
🛡️ OCSP (Online Certificate Status Protocol) is a protocol used to check the revocation status of digital certificates. When a certificate vendor notifies a company that certificates may need to be updated, it often implies that there could be a revocation or expiration issue with the certificates. OCSP allows the security administrator to check the real-time status of the certificates by querying the issuing Certificate Authority (CA) or an OCSP responder to verify whether the certificates are still valid.
How would you describe S/MIME ?
🛡️ S/MIME (Secure/Multipurpose Internet Mail Extensions) is a technology that provides end-to-end encryption for email messages. When S/MIME is implemented, email messages are encrypted while at rest on the email server, making it difficult for an attacker to access the content even if they gain unauthorized access to the mail servers. Therefore, implementing S/MIME to encrypt the emails at rest would be the best option to prevent email contents from being released in case of another breach.
How would you describe HSM ?
🛡️ An HSM is a dedicated hardware device that provides a secure environment for cryptographic operations and key management. It is designed to be tamper-resistant, physically hardened, and provides strong protection for sensitive cryptographic material and keys. HSMs are often used in environments where secure and reliable key management is essential, such as in banking, financial institutions, or other critical systems where data confidentiality and integrity are paramount.
How would you describe Perfect Forward Secrecy (PFS) ?
🛡️ Perfect Forward Secrecy (PFS), also called forward secrecy (FS), refers to an encryption system that changes the keys used to encrypt and decrypt information frequently and automatically. This ongoing process ensures that even if the most recent key is hacked, a minimal amount of sensitive data is exposed.
With PFS, a unique session key is generated for each session or communication, and the private key is used only to sign and exchange the session key. This means that even if an attacker gains access to the private key, they cannot use it to decrypt past sessions or communications.
How would you describe Microservices?
🛡️ Microservices: Microservices architecture involves breaking down a large, monolithic application into smaller, independent services or modules that can be developed, deployed, and scaled independently. This approach enhances modularity, agility, and maintainability of the application, making it easier to manage and upgrade individual components without affecting the entire system. It aligns with the systems administrator’s recommendation to break down the application into unique, independent modules.
How would you describe MSSP?
🛡️ MSSP (Managed Security Service Provider) to efficiently operate the on-premises network and security infrastructure with a reduced team. An MSSP provides outsourced monitoring and management of security devices and systems.
By hiring an MSSP, the administrator can leverage their expertise and resources to handle security operations, such as managed firewall, intrusion detection, virtual private network, vulnerability scanning, and anti-viral services. MSSPs can also provide specialized cybersecurity skills, such as cloud security, identity, or compliance knowledge, and help prevent breaches through automated incident response
How would you describe RTO ?
🛡️ RTO (Recovery Time Objective) = Max time allowed to recover, start running again
RPO (Recovery Point Objective) = Max data (points) that you can afford to lose
🛡️ RTO (Recovery Time Objective): is a measure that defines the maximum allowable downtime for a system or service. It represents the time within which a system must be recovered and become operational again after an incident. In the given scenario, the 60-minute expectation of having the critical system available again falls under RTO. RTO specifies the organization’s recovery goals for system availability.
How would you describe RPO?
🛡️ The point in time when an organization will recover data in the event of an outage is identified by the Recovery Point Objective (RPO).
RPO is a metric that represents the maximum amount of data loss that an organization is willing to accept in the event of an outage. It specifies the point in time to which an organization must recover its data in order to resume business operations with acceptable data loss. For example, if an organization's RPO is 4 hours, then in the event of an outage, the organization must be able to recover its data to a point no more than 4 hours prior to the outage. This means that any data created or modified within the last 4 hours may be lost in the event of an outage.
How would you describe ISO 31 000 ?
🛡️ ISO 31000 The ISO 31000 Risk Management framework is an international standard that provides businesses with guidelines and principles for risk management from the International Organization for Standardization. Regulatory compliance initiatives are usually specific to a particular country and applicable to certain sized businesses or businesses in specific industries. However, ISO 31000 is designed to be used in organizations of any size. Its concepts work equally well in the public and the private sector, in large or small businesses and nonprofit organizations.
How would you describe VDI ?
> 🛡️ *VDI is a technology that allows users to access a virtualized desktop environment hosted on a centralized server. It provides a secure method of centrally managing infrastructure because all virtual desktops are hosted and managed from a centralized location, making it easier to apply security policies and updates uniformly. VDI also reduces the need to constantly replace aging end-user machines since the virtual desktops can be accessed from various devices, including older machines with less processing power and resources. Users can access their virtual desktops from different devices without the need for extensive hardware upgrades.
Additionally, VDI provides a consistent user desktop experience since users are interacting with a standardized virtual desktop environment that remains consistent across different devices. This allows for a seamless user experience regardless of the device they use to access their virtual desktop. In summary, VDI is the best option that meets the requirements of providing centralized management of infrastructure, reducing the need to replace aging end-user machines, and providing a consistent user desktop experience.* >
How would you describe DPO ?
> 🛡️ A data protection officer (DPO) is an enterprise security leadership role required by the General Data Protection Regulation (GDPR). Data protection officers are responsible for overseeing a company’s data protection strategy and its implementation to ensure compliance with GDPR requirements. The Data Protection Officer (DPO) is responsible for ensuring that an organization complies with data protection laws and regulations. This includes protecting the personal information collected by the organization. The DPO is responsible for developing and implementing policies and procedures related to data protection, conducting privacy impact assessments, monitoring data handling practices, and ensuring compliance with data protection regulations such as the General Data Protection Regulation (GDPR) in the European Union.
How would you describe Transit Gateway ?
> 🛡️ A transit gateway is a networking component that can be used to consolidate and forward inbound internet traffic to multiple cloud environments through a single firewall. It acts as a hub to connect multiple Virtual Private Clouds (VPCs) or cloud environments within the same cloud service provider or across different cloud service providers. The transit gateway allows organizations to centralize their network traffic and security controls for efficient management and security monitoring.
How would you describe data custodian?
> 🛡️ A data custodian is a person or entity responsible for the storage, protection, and management of data assets. They are tasked with implementing and maintaining the necessary security controls to ensure the confidentiality, integrity, and availability of the data. In this case, the security engineer is responsible for applying encryption to the data on the hard disk, which falls under the role of a data custodian. They are entrusted with safeguarding the data and implementing the necessary security measures to protect it from unauthorized access or disclosure.A data custodian ensures:Access to the data is authorized and controlled
Data stewards are identified for each data set
Technical processes sustain data integrity
Processes exist for data quality issue resolution in partnership with data stewards
Technical controls safeguard data
Data added to data sets are consistent with the common data model
Versions of master data are maintained along with the history of changes
Change management practices are applied in maintenance of the database
Data content and changes can be audited
How would you describe DNS sinkhole ?
🛡️ A DNS (Domain Name System) sinkhole is a technique used to redirect malicious or unwanted traffic to a non-existent or controlled destination. By redirecting the traffic to a sinkhole, organizations can effectively contain the spread of the attack by preventing the malicious traffic from reaching its intended targets. When an attack is rapidly spreading and affecting multiple organizations, a DNS sinkhole can be deployed at a network level to block access to malicious domains or IP addresses associated with the attack. This prevents infected systems from establishing connections with the attacker’s infrastructure, effectively containing the attack and limiting its impact on other organizations.
