Domain 5: Protection of Information Assets Flashcards
In regards to the security baseline, what should the auditor first ensure?
The IS auditor should ensure the sufficiency of the baseline to address the security requirements of the organisation. Other aspects can be determined after.
What are the four types of power failure?
Blackout, Brownout, “sags, spikes and surges” and Electromagnetic interference
What is a brownout?
Where power has severely reduced voltage. Can strain devices and lead to permanent device damage.
What is the purpose of surge and spike devices?
Surge and Spike devices help to protect against high-voltage power bursts.
What are sags, spikes and surges?
Sag is a rapid decrease in voltage level. Surge and Spike is a rapid increase in voltage level
What is the most effective control to protect against short-term reduction in power?
A power line conditioner
What is a wet-based sprinkler?
A sprinkler where water remains in the system piping, considered more effective and reliable but is at risk of water damage if pipes leak.
What is a dry pipe sprinkler?
Dry pipe sprinklers rely on a pump to send the water into the system. This is less effective and reliable but does not have the risk of water leaks.
What is a Halon system?
Halon gas starves the fire by removing oxygen from the air, because of this - all humans should be evacuated prior to releasing halon gas.
What are two alternatives to Halon gas?
FM-200 is one alternative and is the most commonly use fire suppression gas. Argonite is another alternative.
What is the most effective control to protect against the long-term unavailability of electrical power?
An alternative power supply
What is the most effective control to protect against high-voltage power burst?
A surge device
What is the risk of carbon dioxide and Halon gas?
Suffocation in a closed room as both reduce oxygen in the atmosphere
What is the most effective control when dealing with site visitors?
Escorting visitors
What is the safest gas to be used as a fire extinguisher?
FM-2000
What is the greatest concern for an IS auditor reviewing the fire safety arrangements?
The use of a carbon dioxide based fire extinguisher in a human accessed room
What is Mandatory Access Control? (MAC)
Control rules are goverened by an approved policy.
What is Discretionary Access Control? (DAC)
Control access can be activated or modified by the data owner as per their discretion
What are the 4 steps for implementing logical access?
- Prepare inventory of resources, 2. Classify the resources, 3. Labelling of resources and 4. Create an access control list
What is Degaussing? (demagnetizing)
It is a process used to erase or destroy magnetic information stored on magnetic media such as hard drives, floppy disks, magnetic tapes, and credit cards.
What are the three authentication factors that can be used for granting access?
Something you know (password), something you have (one-time password) and something you are (biometrics)
What is non repudiation?
Protection against an individual who falsely denies having performed a certain action
Why is considering security and performance parameters most important when reviewing system controls?
As it helps to ensure that the objectives are alligned with the business objectives
What is a good method to prevent unauthrosied access to critical databases?
Blocking access after a specificed number of failed logins. This is preventive solution rather than detective
What is the greatest risk for SSO?
Greater impact of password leakage as only password is used to access many services. Enable 2/MFA.
What is False Acceptance Rate? (FAR)
The rate of acceptance of a false person. For example, if biometrics allows access to an unauthroised person, this is false acceptance.
What is False rejection rate? (FRR)
The rate of rejection of the correct person. For example, if biometrics rejects an authorised person, this is false rejection.
What is Cross error rate (CER) otherwise known as equal error rate (EER)?
This is the rate that FAR and FRR are equal. A biometric system with the lowest CER or EER is the most effective system.
What is a biometric replay attack?
A replay attack is where an attacker makes use of residual biometric characteristics (fingerprints left on a device) to gain access.
What is a biometric mimic attack?
A mimic attack is where an attacker tries to reproduce a fake biometric feature of a genuine user in order to gain access.
What are the stages in the biometric life cycle?
Enrollment, storage, verification, identification and termination process
What is the OSI layer model?
Physical, Data Link, Network, Transport, Session, Presentation and Application
What is PD NT SPA
Please do not throw sausage pizza away
What is attenuation?
Attenuation is the loss or weakening of a signal transmission.
Which is the most secure transmission mediums (cable)?
Fibre optic
Which OSI layer is primarily concerned with the reliability of data transfer between systems?
Transport layer
What is a defense-in-depth security arrangement?
This concept includes the use of multiple security mechanisms that support and complement each other.`
What are 4 types of firewall?
Packet filtering, stateful inspection, circuit-level and application level
What are the types of firewall implementation?
Dual homed firewall, screened host firewall and screened subnet firewall or DMZ
What is a packet filtering router?
A router that operates at the network layer which tracks IP addresses and port numbers of both source and destination addresses. It will take action per defined rules.
What is stateful inspection firewall?
A stateful firewall monitors and tracks the destination of each packet that is being sent from the internal network.
What is a circuit-level firewall?
A circuit-level firewall operates at the session layer. It facilitates secure communication between two network entities, such as a client and a server, by validating and controlling the establishment of TCP.
What is an application level firewall?
It operates at the application layer and controls applications such as FTP and http.
What is a bastion host?
A bastion host, also known as a jump box or a hardened server, is a highly secure and fortified server that is strategically placed on a network’s perimeter to protect other resources within the network. It acts as a gateway or entry point for accessing and managing internal systems and resources from external networks, such as the internet.
What are the characteristics of a dual-homed firewall?
A packet filtering router facing the internet and connects to the bastion hosts NIC1. NIC2 of the bastion host links to the internal network
What is the aim of a Session Border Controller (SBC)?
Protect VoIP sessions from DDOS attacks. Prevent toll fraud. Encrypt signals and provide QoS.
What is symmetric encryption?
Where a single key is used to encrypt and decrypt data.
What is asymmetric encryption?
Where two keys are used. One for encryption and one for decryption.
What is required in encryption when the objective is confidentiality?
Encrypting with the receiver’s public key and the full message is encrypted.
What is required in encryption when the objective is authentication/non-repudiation?
Encrypting with the sender’s private key and encrypting the hash of the message
What is required in encryption when the objective is integrity?
Encrypting with the sender’s private key and encrypting the hash of the message
What is required in encryption when the objective is confidentiality and authentication?
Using the receiver’s public key to encrypt the message and then using the sender’s private key to encrypt the hash of the message.
What is required in encryption when the objective is confidentiality, integrity and authentication?
Using the receiver’s public key to encrypt the message and then using the sender’s private key to encrypt the hash of the message.
For asymmetric encryption, how can message confidentiality be ensured?
Using a public key for encryption and using a private key for decryption
In public key encryption, how can the sender of the message be authenticated?
Using the sender’s private key to encrypt the hash of the message and using the sender’s public key to decrypt it. The same applies for integrity.
What is the most efficient use of PKI?
Using both symmetric and asymmetric methods
What is a digital certificate?
A digital certificate is an electronic document used to prove the ownership of a public key.
What is a certifying authority (CA)?
An entity that issues digital certificates
What is a registration authority (RA)?
An entity that verifies user requests for digital signatures
What is a certification revocation list (CRL)?
A CRL is a list of digital certificates that have been revoked and terminated by the CA prior to their expirary date and should no longer be trusted.
What is a certification practice statement (CPS)?
A CPS is a document that states the practices and processes for the issuing and managemtn of digital certificates by the CA.
What is PKI?
It is a set of roles, policies and procedures for the issuance, maintenance and revocation of public key certificates
What is a hypervisor?
Software and hardware used to create virutal resources
Accountability for the maintenance of appropriate security measures over information assets resides with whom?
Data owners
A company is considering upgrading its existing virtual private network (VPN) to support voice-over IP (VoIP) communications via tunneling. What should be PRIMARILY addressed?
Reliability and QoS.
What is the advantage of validated digital signatures for an email application?
Helps to detect spam.
Why is exposing Electromagnetic emissions from a terminal a cpncern?
Provides information to an unathorised user.
What is web of trust?
Web of trust is a key distribution method suitable for communication in a small group
What is forward error control?
Forward error control involves transmitting additional redundant information with each character or frame to facilitate detection and correction of errors
What is the goal of a web site certificate?
authentication of the web site that will be surfed
How can Confidentiality of the data transmitted in a wireless LAN best be protected?
