Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CompTIA Security SY0-701 > Domain 1 Chapter 1 > Flashcards

Domain 1 Chapter 1 Flashcards

1
Q

Security Controls

A

Security risks are out there
– Many different categories and types to consider
* Assets are also varied
– Data, physical property, computer systems
* Prevent security events, minimize the impact,
and limit the damage
– Security controls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Control Categories

A
  • Technical controls
    – Controls implemented using systems
    – Operating system controls
    – Firewalls, anti-virus
  • Managerial controls
    – Administrative controls associated with security design
    and implementation
    – Security policies, standard operating procedures
  • Operational controls
    – Controls implemented by people instead of systems
    – Security guards, awareness programs
  • Physical controls
    – Limit physical access
    – Guard shack
    – Fences, locks
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Preventive control type

A

Preventive
Prevent the problem from ocurring in the first place
– Block access to a resource
– You shall not pass
* Prevent access
– Firewall rules
– Follow security policy
– Guard shack checks all identification
– Enable door locks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Deterrent control types

A
  • Deterrent
    – Discourage an intrusion attempt
    – Does not directly prevent access
  • Make an attacker think twice
    – Application splash screens
    – Threat of demotion
    – Front reception desk
    – Posted warning signs
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Detective Control Type

A
  • Detective
    – Identify and log an intrusion attempt
    – May not prevent access
  • Find the issue
    – Collect and review system logs
    – Review login reports
    – Regularly patrol the property
    – Enable motion detectors
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Corrective Control Type

A

Corrective
– Apply a control after an event has been detected
– Reverse the impact of an event
– Continue operating with minimal downtime
* Correct the problem
– Restoring from backups can mitigate a ransomware
infection
– Create policies for reporting security issues
– Contact law enforcement to manage criminal activity
– Use a fire extinguisher

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Compensating Control Type

A

Control using other means
– Existing controls aren’t sufficient
– May be temporary
* Prevent the exploitation of a weakness
– Firewall blocks a specific application instead of
patching the app
– Implement a separation of duties
– Require simultaneous guard duties
– Generator used after power outage

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Directive Control Type

A
  • Directive
    – Direct a subject towards security compliance
    – A relatively weak security control
  • Do this, please
    – Store all sensitive files in a protected folder
    – Create compliance policies and procedures
    – Train users on proper security policy
    – Post a sign for “Authorized Personnel Only”
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q
A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly

CompTIA Security SY0-701 (2 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions