Definitions

Question 1

Payment Card Industry Data Security Standard (PCI-DSS)

Answer 1

Applies to companies that process credit card payments

Question 2

HIPPA

Answer 2

applies to healthcare and patient records

Question 3

Federal Information Security Management Act (FISMA)

Answer 3

Security standards for many federal agencies in the US

Question 4

What does the CIA Triad consist of?

Answer 4

Confidentiality, Integrity, Availability

Question 5

What is Confidentiality?

Answer 5

Ability to protect our data from those who are not authorized to view it

Question 6

What is Integrity?

Answer 6

ability to prevent changing data in an unauthorized manner

Question 7

What is Availability?

Answer 7

ability to acecss data when we need it

Question 8

How does the CIA triad relate to security?

Answer 8

Allows us to discuss security measures in more detail

Question 9

What are the three addtional principals in the Parkerian Hexad?

Answer 9

Control, Authenticity, and Utility

Question 10

What is Control?

Answer 10

the physical possession of the media that data is stored on

Question 11

What is Authenticity

Answer 11

Whether the data is attributed to the right owner or creator

Question 12

What is Utility?

Answer 12

How useful the data is to you

Question 13

What are the four categories of attacks?

Answer 13

Interception, interruption, modification, and fabrication

Question 14

Which attacks affect the confidentiality of the CIA triad?

Answer 14

Interception

Question 15

Which attacks affect the integrity of the CIA triad?

Answer 15

Interruption, modification, fabrication

Question 16

Which attacks affect the availability of the CIA triad?

Answer 16

Interruption, modification, fabrication

Question 17

What is an interception attack?

Answer 17

allows unauthorized users to access data, applications or environments

Question 18

Are interception attacks primarily against confidentiality, integrity, or availability?

Answer 18

Primarily against confidentiality

Question 19

What is an example of an interception attack?

Answer 19

eavesdropping on a call or reading someone else’s emails

Question 20

What is an interruption attack?

Answer 20

makes your assets unusuable or unavailable to you on a temporary or permanent basis

Question 21

Are interruption attacks primarily against confidentiality, integrity, or availability

Answer 21

Primarily affect availability, but can affect integrity as well

Question 22

What is an example of a interruption attack?

Answer 22

a DoS attack on a mail server

Question 23

What is a Modification Attack?

Answer 23

it involves tampering with assets

Question 24

Are modification attacks primarily against confidentiality, integrity, or availability?

Answer 24

primarily on integrity, but could also affect availability.

Question 25

What is an example of a modification attack?

Answer 25

unauthorized access to a file and then altering the data

Question 26

What is a Fabrication Attack?

Answer 26

generating data, processes, communications, etc. in a system

Question 27

Are fabrication attacks primarily against confidentiality, integrity, or availability?

Answer 27

primarily affect integrity, but could affect availability as well

Question 28

What is data at rest?

Answer 28

data not in the process of being moved

Question 29

What is an example of data at rest?

Answer 29

hard drive or flash drive

Question 30

What is data at rest protected with?

Answer 30

encryption

Question 31

What is data in motion?

Answer 31

data that is moving from one place to another

Question 32

whats an example of data in motion?

Answer 32

sensitive data moving between your browser and the bank

Question 33

What is data in use?

Answer 33

data that is actively being accessed or modified

Question 34

What is data in use protected with?

Answer 34

permissions and authentication of users

Question 35

What is a threat?

Answer 35

something that has the potential to cause harm

Question 36

What is a vulnerability?

Answer 36

Weaknesses or holes that threats can exploit

Question 37

What is a risk?

Answer 37

the likelihood that something bad will happen

Question 38

What two things do you need in order for a risk to be possible?

Answer 38

a threat and a vulnerability

Question 39

What is impact?

Answer 39

determines risks based on the value of an Asset

Question 40

What does risk management do?

Answer 40

it compensates for risks in your environment

Question 41

What are the 5 processes for risk management?

Answer 41

Identify assets, Identify threats, Assess Vulnerabilities, Assess Risks, Mitigate Risks

Question 42

What does Identify assets mean?

Answer 42

Make an accurate determination of which assets are truly critical

Question 43

What does Identify Threats mean?

Answer 43

identifying the threats that might affect the critical assets

Question 44

What things do you need to be concerned with in the identify threats stage?

Answer 44

losing data
maintaining accurate data
keeping the system up and running

Question 45

What does assessing vulnerabilities mean?

Answer 45

Assessing the vulnerability in the context of potential threats

Question 46

What does assessing risks means?

Answer 46

making sure that there is both a threat and a vulnerability present

Question 47

What disqualifies a risk?

Answer 47

no vulnerability with matching threat or no threat with a matching vulnerability

Question 48

How do you mitigate risks?

Answer 48

by putting controls in place to account for each threat

Question 49

What are the three types of controls?

Answer 49

physical, logical, and administrative

Question 50

What do physical controls do?

Answer 50

protects the physical environment where the systems or data is stored

Question 51

What are some examples of physical controls?

Answer 51

fences, gates, locks

Question 52

What do logical controls do?

Answer 52

protects the systems, networks, and evironments that interact with the data

Question 53

what are examples of logical controls?

Answer 53

passwords, encyrptions, firewalls, IDS

Question 54

What do administrative controls do?

Answer 54

dictates how the users in the environment should behave

Question 55

What are some examples of adminstrative controls?

Answer 55

rules, laws, policies or guidelines

Question 56

What is an incident response?

Answer 56

Reactions based on documented incident response plans

Question 57

What’s important to do with these response plans?

Answer 57

should be reviewed regularly, tested, and practiced by those enacting them

Question 58

What are the four processes of the incident response plan?

Answer 58

Prepartion, detection and analysis, containment, eradication, recovery, and post-incident activity

Question 59

What happens during the preparation stage?

Answer 59

creating policies and procedures, training and education, developing and maintaining documentation

Question 60

What happens during the detection and analysis phase?

Answer 60

detects an issue, decide on whether its an incident, and repond appropriately

Question 61

what tools are used during the detection phase?

Answer 61

Intrusion detection system (IDS)
Antivirus software (AV)
firewall logs
proxy logs

Question 62

What happens during the analysis phase?

Answer 62

decides what contitutes an incident, evaluate criticality, contacting additonal resources if needed

Question 63

What does Containment mean?

Answer 63

ensuring the situation doesnt cause more damage

Question 64

What are examples of what to do for containment?

Answer 64

disconnecting the server, firewall rules in place, updating signatures on the IDS

Question 65

What does eradication mean?

Answer 65

removes the effect of the issue from the enviroment

Question 66

What are examples of what to do for eradication?

Answer 66

scanning other hosts for malware, examing logs on the server or network to remove malware

Question 67

What does recovery entail?

Answer 67

restoring devices or data from backup media, rebuilding systems, reloading applications

Question 68

What is the Post-Incident activity do?

Answer 68

determines exactly what happened, why, and prevention

Question 69

What is defense in depth?

Answer 69

multilayerd defense that will still be succesful should a defensive measure fail

Question 70

What are some layers you might have in place?

Answer 70

data, application, host, internal network ,and external network

Question 71

why is it important to have defenses at each layer?

Answer 71

makes it difficult for attackers to penetrate the network and directly attack assets

Question 72

What is the goal of defense in depth?

Answer 72

to notice an attack in progress and have time to prevent it

Question 73

How can you add complexity to the defensive model?

Answer 73

physical defenses, making policies, and user awareness/training

Question 74

What defenses would you use for the external layer?

Answer 74

DMZ, VPN, Logging

Question 75

What defenses would you use for the network perimeter?

Answer 75

Firewalls, Proxy servers, logging

Question 76

What defenses would you use for the internal network?

Answer 76

IDS, IPS, Logging, Auditing

Question 77

What defenses would you use for the Host?

Answer 77

Authentication, Anti-virus, Passwords, Hashing

Question 78

What defenses wold you use for the Application?

Answer 78

SSO, Content filtering, Data Validation

Question 79

What defenses would you use for Data?

Answer 79

Encryption, Access controls, backups

Question 80

What is penetration testing?

Answer 80

method of finding gaps in your security using attacks that an attacker would use