Domain 1.1-1.2

Question 1

whats purpose of security controls

Answer 1

Prevent security events, minimize the impact, and limit the damage

Question 1

control categories

Answer 1

technical
managerial
operational
physical

Question 2

technical controls

Answer 2

controls implemented by systems. Fire wall, anti-virus

Question 3

managerial controls

Answer 3

adminstrative controls associated with security design and implementation

security policies and standard operating procedures

Question 4

operational controls

Answer 4

controls implemented by people instead of systems

example: security guards, employee training

Question 5

physical controls

Answer 5

limit physical access

ex: guard shack, fences, locks, badge readers

Question 6

first 3 control types

Answer 6

1. Preventive control type- you shall not pass think about how it applieds to each category of control TMOP.
2. Deterrent- Discourage an intrusion attempt, does not directly prevent access
3. Detective- Identify and log an intrusion attempt, may not prevent access.

Question 7

second 3 control types

Answer 7

4. Corrective- Apply a control after an event has been detected, reverse the impact of an event, continue operating with minimal downtime.
5. Compensating (temporary fixes)- control using other means because existing controls aren’t sufficient
6. Directive- direct a subject towards security compliance. This is the weakest security control because it leaves decision in the hands of the subject.

Question 8

non-repudiation

Answer 8

provides proof of the origin, authenticity and integrity of data

can’t deny what youve said, no taking it back.
uses digital signature to verify proof of origin. digital signature adds to non-repudiation

Question 9

AAA

Answer 9

Authentication- prove you are who you say you are

Authorization- determines your access rights. what info do you have the right to see

Accounting- Resources used: login time, data sent received etc

Question 10

how to authenticate Systems

Answer 10

you authenticate a system by putting a digitally signed certificate on the device.

Question 11

CA

Answer 11

certificate authority, organizations usually maintain their own so they can digitally sign.

Question 12

What does no authorization model mean?

Answer 12

you have to give access to each individual every time they need access to resources

Question 13

Authorization models

Answer 13

defining by roles.
Add Abstraction- clear relationship between the user and resource. Give rights to the role not an individual then assign people to those roles.

Question 14

Gap analysis

Answer 14

Where you are vs where you want to be. Needs a lot of research usually.

Question 15

planes of operations

Answer 15

data plane- part of device performing security process

control plane- manages data plane, defines policies and rules

Question 16

Adaptive identity

Answer 16

apply security controls based on multiple sources. such as where request is coming from

Question 17

threat scope reduction

Answer 17

decrease the # of entry points

Question 18

policy driven access control

Answer 18

combine adaptive identity with predefined set of rules

Question 19

policy administrator

Answer 19

talks to PEP. Tells PEP to allow or deny access. Generate access tokens or credentials

Question 20

policy engine

Answer 20

evaluates each access decision based on policy and other info sources

Question 21

policy enforcement point (PEP)

Answer 21

gatekeeper, all traffic has to pass through PEP

Question 22

Policy decision point (PDP)

Answer 22

process of making and authentication decision

Question 23

implicit trust zone

Answer 23

there is trusted and untrusted zones. If someone is coming from untrusted to internal they wouldnt be allowed.
If they come from trusted to internal they would be implicitly allowed or implied.

Question 24

subject/system

Answer 24

end users/ applications, non human entities

Question 25

bollard

Answer 25

Question 26

fencing

Answer 26

a fence around the area

Question 27

lighting

Answer 27

add more light no darkness

Question 28

sensors

Answer 28

infared- detects infared radiation in light and dark (good for motion detection)
pressure- detects pressure change
microwave-detects movement across large areas
ultrasonic- send signal and receive reflected sound waves, good for motion detection

Question 29

cctv

Answer 29

closed circuit tv for video surveillance

Question 30

honeyfile

Answer 30

file with fake info. alert is sent if file is accessed

Question 31

honeytokens

Answer 31

allow administrators to identify who it was stolen from or how it was leaked