Domain 5 Flashcards
What is Security Operations?
The day-to-day activities and procedures used to protect an organization’s information assets.
What is Security Monitoring?
The process of continuously observing systems and networks to detect potential security incidents.
What is an Incident?
An event that has or could negatively impact the confidentiality, integrity, or availability of information.
What is an Event?
Any observable occurrence in a system or network.
What is Physical Security?
Measures designed to prevent unauthorized physical access to facilities, equipment, and resources.
What is Environmental Security?
Protecting information systems from natural or environmental hazards such as fire, flood, or extreme temperatures.
What is Social Engineering?
The use of deception to manipulate individuals into divulging confidential or personal information.
What is Insider Threat?
A threat originating from within the organization by trusted individuals.
What is Tailgating?
An unauthorized person gaining physical access to a secure area by following an authorized person.
What is Piggybacking?
Allowing someone to enter a secure area by holding the door open for them, often knowingly.
What is a Security Operations Center (SOC)?
A centralized team that monitors, detects, responds to, and mitigates security threats.
What is Change Management?
The process of controlling changes to systems and networks to minimize risks.
What is Configuration Management?
Maintaining system configurations in a secure and consistent state to prevent unauthorized changes.
What is a Security Incident Report?
A document detailing the events, impacts, and responses related to a security incident.
What is Data Loss Prevention (DLP)?
Technologies and processes used to prevent unauthorized access, transfer, or leakage of sensitive information.
What is Mobile Device Management (MDM)?
A system used to secure, monitor, and manage mobile devices accessing enterprise resources.
What is Encryption at Rest?
Protecting stored data by encrypting it on the storage device.
What is Encryption in Transit?
Protecting data while it is being transmitted across networks.
What is Log Management?
Collecting, storing, and analyzing logs to support security monitoring and incident investigation.
What is the Purpose of Monitoring Alerts?
To notify security teams of potential threats or suspicious activities.
What is Data Retention Policy?
A policy that defines how long data must be stored and how it should be disposed of.
What is Chain of Custody in security operations?
Maintaining documented control over evidence to preserve its integrity for legal proceedings.
What is Redundancy in security operations?
Using duplicate systems or components to ensure continued operations if one part fails.
What is High Availability (HA)?
Designing systems to remain operational with minimal downtime, even during component failures.
What is Disaster Recovery Testing?
Validating that recovery procedures work as expected in a real-world or simulated event.
What is a Security Posture?
The overall security status of an organization’s software, networks, services, and information.
What is a Vulnerability Management Program?
A continuous process to identify, classify, remediate, and mitigate vulnerabilities.
What is a False Positive in security monitoring?
An alert that incorrectly indicates the presence of a threat.
What is a False Negative in security monitoring?
A missed detection where a real threat goes unnoticed.
What is Penetration Testing?
Simulated cyberattacks against systems to identify and exploit vulnerabilities.
What is Risk Mitigation?
Taking actions to reduce the likelihood or impact of a risk.
What is the Principle of Least Functionality?
Systems should be configured to provide only essential capabilities.
What is Data Disposal?
The process of securely removing data when it is no longer needed.
What is a Secure Area?
A physical space protected by security controls to restrict access.
What is a Mantrap?
A physical security control that uses two interlocking doors to restrict access to secure areas.
What is Sensitive Data?
Information that must be protected due to legal, regulatory, or ethical requirements.
What is Monitoring Baseline?
A standard level of activity used to detect abnormal behavior in systems.
What is Log Aggregation?
Combining logs from multiple sources into a centralized system for analysis.
What is Patch Management?
The process of applying updates to software to fix security vulnerabilities.
What is the Goal of Physical Access Controls?
To prevent unauthorized individuals from accessing secure environments.
What is a Backup Policy?
Guidelines that define how and when data backups are performed and managed.
What is Business Continuity in operations?
Maintaining business functions or quickly resuming them after a disruption.
What is Escalation in Incident Response?
Raising an incident to a higher level of authority or expertise when necessary.
What is the purpose of Environmental Controls?
To protect systems and equipment from environmental hazards.
What is Secure Disposal of Media?
Safely destroying or wiping storage media to prevent data recovery.
What is CCTV in security?
Closed-circuit television used for surveillance and monitoring physical spaces.
What is an Access Log?
A record of who accessed a system or facility and when.
What is a Panic Button in security?
A device that quickly alerts security personnel during emergencies.
What are examples of Environmental Security threats?
Fire, flood, power outages, temperature extremes.
Why is Redundancy important in operations?
To ensure continuous service even when components fail.
How can a SOC improve security posture?
By providing continuous monitoring, detection, and response to threats.
What does DLP protect against?
Unauthorized access, transmission, or leakage of sensitive data.
How does Change Management help security?
By ensuring changes are reviewed and approved, reducing the risk of vulnerabilities.
What is an example of Social Engineering?
A phishing email tricking an employee into revealing their password.
How can mobile device management (MDM) enhance security?
By enforcing security policies like encryption and remote wipe on mobile devices.
What is the risk of poor data disposal practices?
Sensitive information could be recovered and exploited.
How do encryption at rest and encryption in transit differ?
Encryption at rest protects stored data; encryption in transit protects data being transmitted.
How can backup policies support business continuity?
By ensuring critical data is recoverable after an incident.
Why is log management important for incident response?
Logs provide critical evidence and context for understanding incidents.
How do false positives and false negatives affect security monitoring?
False positives waste time; false negatives allow real threats to go undetected.
Why are secure areas and mantraps used in facilities?
To strictly control and monitor who accesses sensitive physical spaces.
How does vulnerability management improve security operations?
By proactively addressing known weaknesses before attackers exploit them.
What is the importance of an After Action Report?
To analyze incident response efforts and improve future preparedness.
How does environmental monitoring support operational security?
By detecting hazards like smoke, water leaks, or temperature extremes early.
