Domain 7: Security Operations Flashcards

Question

Cold site

Answer 1

A cold site is just a building with power raised floors and utilities. No devices are available. This is the cheapest of the three options but can take weeks to get up and operational.

Answer 2

Recovery time objective (RTO) is the maximum time period within which a business process must be restored to a designated service level after a disaster to avoid unacceptable consequences.

Answer 3

Recovery point objective (RPO) is the acceptable amount of data loss measured in time.

Answer 4

Mean time between failures (MTBF) is the predicted amount of time between inherent failures of a system during operation.

Answer 5

Mean time to repair (MTTR) is the estimated amount of time it will take to get a device fixed and back into production after its failure.

Answer 6

High availability refers to a system component or environment that is continuously operational.

Answer 7

High availability for disaster recovery is often a combination of technologies and processes that include: * Backups * Redundancy * Fault tolerance * Clustering * Load balancing

Answer 8

* Vaulting * Backups * Replication technologies

Answer 9

When returning to the original site after a disaster the least critical organizational units should go back first.

Answer 10

COOP focuses on restoring an organization’s (usually a headquarters element) essential functions at an alternate site and performing those functions for up to 30 days before returning to normal operations. This term is commonly used by the U.S. government to denote BCP.

Answer 11

Business interruption insurance covers the loss of income that an organization suffers after a disaster while it is in its recovery stage.

Answer 12

* Due diligence means you’re identifying and analyzing risks * Due care means you’re taking prudent actions day in and day out to mitigate them

Answer 13

Elements of negligence include: * Not fulfilling a legally recognized obligation * Failure to conform to a standard of care that results in injury or damage * Proximate causation

Answer 14

To ensure that it will be admissible in court by showing it was properly controlled and handled before being presented in court.

Answer 15

To be admissible in court business records have to be: * Made and collected in the normal course of business * Not specially generated for a case in court Business records can easily be hearsay if there is no firsthand proof of their accuracy and reliability.

Answer 16

The life cycle of evidence includes: * Identification * Collection * Storage * Preservation * Transportation

Answer 17

Motive Opportunity and Means (MOM)

Answer 18

For evidence to be admissible in court it needs to be: * Relevant * Complete * Sufficient

Answer 19

Evidence must be legally permissible meaning it was seized legally and the chain of custody was not broken.

Answer 20

Duress is the use of threats or violence against someone in order to force them to do something they don’t want to do or otherwise wouldn’t do.

Answer 21

Audio detectors simply monitor a room for any abnormal sound wave generation and trigger an alarm. Audio detectors are passive, in that they do not generate any fields or patterns as do wave pattern or capacitance detectors. This type of detection device generates a higher number of false alarms than the other two methods and should be used only in areas that have controlled ambient sound.

Answer 22

* Walls * Doors * Ceilings * Floors * Windows * Electrical requirements * Fire detection * Fire escapes * Walls: Must have acceptable fire rating from floor to ceiling. * Doors: If doors are electrical-powered, what state are they in if there is a power loss? An unlocked (or disengaged) state allows employees to exit and not be locked in. If a door lock defaults to open when power is disengaged, it is considered fail safe. If the lock defaults closed, it is considered fail secure. * Ceilings: Need to be waterproof and have an adequate fire rating. Additionally they must be reinforced to keep unauthorized personnel from accessing secure areas. * Floors: The following are the concerns about flooring: * Slab: If the floor is a concrete slab, the concerns are the physical weight it can bear (known as loading, which is commonly 150 pounds per square foot) and its fire rating. * Raised: The fire rating, its electrical conductivity (grounding against static buildup), and that it employs a nonconducting surface material are concerns of raised flooring in the data center. * Windows: Interior or exterior windows need to be fixed in place and must be shatterproof. Depending on placement, the windows might need to be either opaque or translucent. Alarms or sensors also might be needed. * Electrical requirements: Adequate power must be available for the right locations. Rooms that have servers or other heat-producing equipment need additional cooling to protect the equipment. HVAC systems should be tied to fire-suppression equipment. * Fire detection: Smoke detectors should be used to inform employees of danger. Sprinklers and detectors should be used to reduce the spread of fire. * Fire escapes: How will employees exit the facility if a fire occurs?

Answer 23

Capacitance detectors monitor an electrical field surrounding the object being monitored. Capacitance detectors are used for spot protection within a few inches of the object, rather than for overall room security monitoring as with wave detectors. Penetration of this field changes the electrical capacitance of the field enough to generate an alarm.

Answer 24

* Fraud * Rejected transactions * Erroneous transaction entered and rejected * Violation of integrity rules * Interference with operations * Denial of service * Production delays * Conversion to personal use * Unauthorized access/disclosure * Audit trail/system log corruption

Answer 25

* Perform initial program load * Start programs from console * Bypass label processing * Rename/relabel resources * Reset system * Set time and date * Reset passwords * Reassign ports and line

Answer 26

Accountability is a security principle that states that individuals must be able to be identified for their actions. In other words, accountability is a property that ensures that the actions of an entity can be traced to that entity. With accountability, violations or attempted violations can be traced to individuals who can be held responsible for their actions. Audit trails and logs support accountability. Accountability cannot be achieved when a single user ID is shared by multiple persons.

Answer 27

Fingerprint Palm Retina scans Iris scans Facial scans You can use any type of biometric authentication in conjunction with a lock. Examples include but are not limited to fingerprint, palm, retina, iris, or facial scans. These controls all rely on unique physiological traits to recognize and identify individuals.

Answer 28

Responsive area illumination takes place when an Intrusion Detection System (IDS) detects suspicious activities and turns on the lights within a specific area. When responsive area illumination is plugged into automated IDS products, there is a high likelihood of false alarms. Instead of continuously having to dispatch a security guard to check out these issues, a CCTV camera can be installed to scan the area for intruders.17

Answer 29

The annualized rate of occurrence (ARO) is the expected rate at which a threat is expected to occur. The ARO is the value that represents the estimated frequency of a specific threat taking place within a one-year timeframe. When estimating the ARO, 0.0 represents never and 1.0 represents at least once a year. A value higher than 1.0 represents multiple occurrences in a single year. If a physical break-in is expected to occur once every 10 years, the ARO would be 0.1.

Answer 30

An audit trail should include the following: * Date and time of the access attempt * Whether the attempt was successful * Where the access was granted (which door, for example) * Who attempted the access * Who modified the access privileges at the supervisor level

Answer 31

Wave pattern motion detectors generate a frequency wave pattern and send an alarm if the pattern is disturbed as it is reflected back to its receiver. These frequencies can be in the low, ultrasonic, or microwave range.20

Answer 32

* Hurricanes and typhoons * Tidal waves * Floods * Earthquakes * Tornados * Fire Hurricane and typhoons: Essentially sea-born storms. The effects on land include flooding, high winds, and tornadoes. Tidal waves: A wave that overcomes sea walls and other protective measures to flood coastal areas. Floods: The result of heavy rains or snow and ice melt where the ground cannot absorb the water. Earthquakes: Caused by the movement of the earth along fault lines under the ground. Major structure damage can occur as the result of an earthquake. Tornado: Violent storms where a rotating column of air forms and is capable of complete destruction of the ground buildings and infrastructures it encounters. Fire: Can be caused by man (arson) or nature (lightning) and is responsible for more loss of property and life than the other natural threats.

Answer 33

Place cameras at the perimeter to capture vehicles or personnel entering the site through common ingress and egress paths. You can also place cameras in areas where guards or other personnel have limited visibility due to geographic features.

Answer 34

* Criminal actions * Sabotage * Vandalism * War Criminal actions include the theft of company data or the illegal use of company assets. Sabotage is the surreptitious destruction of an asset with the intent of harming the organization’s mission. Vandalism refers to the damage or destruction of an asset, typically with personal motivations. War entails damage caused as the result of a political action that delivers kinetic effects against another entity.

Answer 35

Integrity refers to the state of the asset, and integrity means that there are no unauthorized changes, no matter what asset is discussed. Assets could include: * Data * Network configurations * Physical hardware configurations All types of assets need to have their integrity ensured. Data should not have any modifications made by unauthorized agents, but the same is true about other assets, too. For example, no organization would want a network engineer changing system configurations without being approved or validated. This unauthorized action would threaten the integrity of the system’s configuration. Similarly, no organization would like someone to come in and change out the network cables that connect the systems to centralized switches.

Answer 36

Logical and physical controls that would be employed in sensitive media handling include * Marking the media with appropriate labels * Limiting the access to only designated people * Storing in a secured place * Declassification and/or destruction of the media once it has been decided that it is no longer sensitive or required

Answer 37

The information classification process categorizes information so that appropriate controls can protect information against unauthorized disclosure, according to the organization’s sensitivity to its loss, disclosure, or lack of availability. Information classification is not limited to just information alone, but extends to all assets that must be protected depending on the required confidentiality, availability, and integrity levels of those assets. Management must define the classification levels that will be used in the organization. Data owners must properly classify data, which ensures that proper protection measures are in place according to the data sensitivity policy. The data custodian is the technical person who implements the controls on behalf of the data owner.

Answer 38

* Identify assets and their values * Identify vulnerabilities and threats * Quantify the probability and business impact of these potential threats * Provide an economic balance between the impact of the threat and the cost of the countermeasure Asset valuation is required by both quantitative and qualitative processes. Determining the value of an asset is a fundamental step in risk assessment and must be carefully considered. Qualitative risk assessment is scenario-driven and does not attempt to assign dollar values to components of the risk analysis. Absolute qualitative risk analysis is possible because it ranks the seriousness of threats and sensitivity of assets into grades or classes, such as low, medium, and high. Quantitative risk assessment attempts to assign a numeric value (that is, dollar values) to the assessment of potential loss. Provide an economic balance between the impact of the threat and the cost of the countermeasure: Safeguard selection is the process by which safeguards and countermeasures are researched and recommended.

Answer 39

Like the use of video cameras, motion detectors can provide coverage of areas not easily accessible by guards. Unlike cameras, a motion sensor will generate an alarm when motion is detected in the area of coverage. Motion detectors come in three categories: * Wave pattern * Proximity and capacitance * Audio amplification

Answer 40

Authorization is the collection of access rights and permissions granted to a user, program, or process. When an entity’s identity and authentication are established, authorization levels determine the extent of system rights that an entity can hold. Authorization is commonly not enforced to the necessary, granular level within organizations. The lack of detailed authorization commonly allows users too much access, which can lead to potentially devastating mistakes by the user or malicious activity.

Answer 41

* Visibility * Local considerations * Susceptibility to natural disasters * Transportation * Joint use * Emergency services * Utilities Visibility: What observation points exist to monitor the facility? These sites are important for the organization to control to provide complete visual coverage of the facility grounds, while denying the use of the same to potential adversaries. Local considerations: What is the crime rate of the area? Is the facility in a high-traffic area? Susceptibility to natural disasters: Does the site have any history of significant inclement weather (rains, snows, winds) or earthquakes? Transportation: Is the facility in a high-traffic area? Is it near an airport? Joint use: Do any other organizations have rights to an easement on the site? Emergency services: Where are the nearest medical, fire, and police services? Utilities: What are the types and availability of utilities?

Answer 42

* Passive * Field powered * Transponder A passive device, for example a picture ID, has no power requirement. A field-powered card transmits a signal for identification and uses power on the card. A transponder is a device that has the circuitry to respond to an interrogation that usually also provides power through radio waves to the card. Common types of cards include the following: * (Type of Card --- Description) * (Photo ID --- Facial photograph) * (Optical-coded --- Laser-burned lattice of digital dots) * (Electric circuit --- Printed on the card) * (Magnetic stripe --- Stripe of magnetic material) * (Magnetic strip --- Rows of copper strips) * (Passive electronic --- Electrically tuned circuitry read by) * (Active electronic --- Badge transmitting encoded electronics)

Answer 43

Problems and errors are continuously being found in software packages. Addressing the identified flaws in packages is a critical part of security management. Tracking the patches provided to the application is part of change control, which should go through a formal control process. Normally a risk-based decision is taken before deciding to apply a patch to the identified vulnerabilities to control the cost of providing the patches. Also, the order of patches can sometimes affect the outcome of the update.

Answer 44

Halon has chemicals (chlorofluorocarbons) that deplete the ozone and that concentrations greater than 10 percent are dangerous to people. Halon used on extremely hot fires degrades into toxic chemicals, which is even more dangerous to humans.

Answer 45

* Power * Equipment * Physical security As power outage, surge, spike, noise, etc., can damage computer systems, uninterrupted and regulated power is important for the system’s operation. As too cold or too hot temperatures, as well as low or high humidity, can ruin the expensive equipment, environment control is critical. To prevent unauthorized entry to the facility, physical security needs to be in place.

Answer 46

* Wide angle lens * Small lense opening The depth of field refers to the portion of the environment that is in focus when shown on the monitor. The depth of field varies depending upon the size of the lens opening, the distance of the object being focused on, and the focal length of the lens. The depth of field increases as the size of the lens opening decreases, the subject distance increases, or the focal length of the lens decreases. So if you want to cover a large area and not focus on specific items, it is best to use a wide-angle lens and a small lens opening.

Answer 47

* A manual iris lens should be used in environments with fixed lighting * Environments with changing lighting call for an auto iris lens Manual iris lenses have a ring around the CCTV lens that can be manually turned and controlled. A lens that has a manual iris would be used in an area that has fixed lighting, since the iris cannot self-adjust to changes of light. An auto iris lens should be used in environments where the light changes, such as an outdoor setting. As the environment brightens, this is sensed by the iris, which automatically adjusts itself. Security personnel will configure the CCTV to have a specific fixed exposure value, which the iris is responsible for maintaining.

Answer 48

To address all the common problems that can arise during systems operations, a contingency plan needs to be in place. A contingency plan identifies various types of anticipated threats and how to deal with them. The plan typically contains actions that need to be performed in response to various system components, power and environmental failures, data and voice communications failure, physical threats, production delays, and input/output errors in the systems.

Answer 49

Audit trails provide an accounting of all actions that occur at a facility. Whether the audit trail accounts for system logins or entry to the facility, proper accounting allows for the re-creation of a sequence of events if an intrusion or emergency occurs.

Answer 50

* Risk reduction * Risk transference * Risk acceptance * Risk rejection Risk reduction: Implement a countermeasure to alter or reduce the risk. Risk transference: Purchase insurance to transfer a portion or all the potential cost of a loss to a third party. Risk acceptance: Deal with risk by accepting the potential cost and loss if the risk occurs. Risk avoidance: Change the course of action so that risk does not exist anymore.

Answer 51

* Performing risk analysis and identifying the most serious risks * Determining the authorization levels and requirements for various roles * Examining the geographical conditions of the facility * Determining physical security controls requirements * Addressing environmental requirements * Setting up a command center to monitor disasters and interruptions

Answer 52

Biometrics is a physical security technique that verifies an individual’s identity by analyzing unique physical attributes such as fingerprints, hand geometry, and signature dynamics. A biometric system commonly identifies a user and a user-provided authentication component such as a password or PIN. When biometrics are used as a network control, they are commonly used with a username. In this case the username is the identification piece, and the biometric component is the authentication part. Biometrics can fulfill either identification or authentication services. Authentication is the testing or reconciliation of evidence of a user’s identity. It verifies the user’s identity and ensures that the users are who they say they are.

Answer 53

* Wet pipe * Dry pipe * Preaction * Deluge Wet pipe systems always contain water in the pipes and are usually discharged by temperature control level sensors. One disadvantage of wet pipe systems is that the water in the pipes may freeze in colder climates. Also, if there is a nozzle or pipe break, it can cause extensive water damage. These types of systems are also called closed head systems. In dry pipe systems, the water is not actually held in the pipes. The water is contained in a holding tank until it is released. The pipes hold pressurized air, which is reduced when a fire or smoke alarm is activated, allowing the water valve to be opened by the water pressure. Water is not allowed into the pipes that feed the sprinklers until an actual fire is detected. First, a heat or smoke sensor is activated; then the water fills the pipes leading to the sprinkler heads, the fire alarm sounds, the electric power supply is disconnected, and finally water is allowed to flow from the sprinklers. These pipes are the best choice for colder climates because the pipes will not freeze. Preaction systems are similar to dry pipe systems in that the water is not held in the pipes but is released when the pressurized air within the pipes is reduced. Once this happens, the pipes are filled with water, but it is not released right away. A thermal-fusible link on the sprinkler head has to melt before the water is released. The purpose of combining these two techniques is to give people more time to respond to false alarms or to small fires that can be handled by other means. Putting out a small fire with a handheld extinguisher is better than losing a lot of electrical equipment to water damage. These systems are usually used only in data processing environments rather than the whole building, because of the higher cost of these types of systems. A deluge system has its sprinkler heads wide open to allow a larger volume of water to be released in a shorter period. Because the water being released is in such large volumes, these systems are usually not used in data processing environments.

Answer 54

Dogs are a good form of detection and prevention; however, they have no ability to make decisions like that of a human guard. Additionally, the predictability of guard dogs is somewhat in question. For instance, a golden retriever is more likely to play with the intruder rather than attack them. And a Yorkie is useless.

Answer 55

Several EPA-approved options exist for current Halon systems, including: * FM-200 * NAF-S-III * CEA-410 * FE-13 * Water * Inergen * Argon * Argonite

Answer 56

Single loss expectancy (SLE) is the dollar figure assigned to a single event. It represents an organization’s loss from a single occurrence of a threat. It is derived from the following formula: * SLE = asset value ($) / exposure factor (EF) For example, an asset valued at $20,000 that is subjected to an exposure factor of 30 percent would yield an SLE of $6,000.

Answer 57

Data storage media is available in various capacities and sizes. Nowadays, many forms of media are highly portable. This portability is creating an opportunity for misuse of resources and data within the media. * Defining and rolling out organizational policies * Staff training * Prevention of unauthorized carrying of media * Limit access to backups and critical data to only authorized personnel * Access logging * Configuration management

Answer 58

An intrusion detection system (IDS) consists of monitors that track system activity against a preset criteria to identify any potentially unwanted intrusions in the system. An IDS set at a workstation or server level is called a host-based IDS. An IDS set for monitoring network traffic for any anomalies is called a network-based IDS. There are other types of IDS systems that look for unauthorized sharing and access of files. IDS provides near real-time warnings that need to be monitored to take necessary actions against the reported events.

Answer 59

CPTED is a discipline that outlines how the proper design of a physical environment can reduce crime by directly affecting human behavior. CPTED provides guidance in loss and crime prevention through proper facility construction and environmental components and procedures. The crux of CPTED is that the physical environment can be manipulated to create behavioral effects that will reduce crime and the fear of crime. It looks at the components that make up the relationship between humans and their environment.

Answer 60

Territorial reinforcement is a CPTED strategy that creates physical designs that emphasize or extend the company’s physical sphere of influence so legitimate users feel a sense of ownership of that space. Territorial reinforcement can be implemented through the use of walls, fences, landscaping, light fixtures, flags, clearly marked addresses, and decorative sidewalks. The goal of territorial reinforcement is to create a sense of a dedicated community.

Answer 61

Knowing the physical and logical components, and the security controls around those components, does not give information about the vulnerabilities that exist within those components and controls. Only through vulnerability scanning can all the vulnerabilities be identified. Vulnerabilities arise through absence of policies, errors, and omissions in configurations. Once the vulnerabilities are identified, risk around each of those vulnerabilities needs to be assessed to prioritize the actions that need to be taken.

Answer 62

Perimeter controls describe the devices and systems that control and observe access at the boundary of a site. Examples of perimeter controls are: * Fencing * Closed-circuit video surveillance systems

Answer 63

* Local * Central station * Proprietary * Auxiliary station A local alarm system is designed to alert at the local facility only and should be audible for at least 400 feet. A central station alarm notifies a central facility (guard room) of a possible intrusion. A proprietary system is similar to a central station except that the devices might not be monitored at the local site. An auxiliary alarm rings not only at the local facility, but also at another site (like a fire alarm).

Answer 64

* Confidentiality * Integrity * Availability All information security controls, safeguards, and security processes are subject to CIA principles. These three attributes of information represent the full spectrum of security concerns in an automated environment. They are applicable for any organization irrespective of its philosophical outlook on sharing information. Confidentiality: Making sure the information is accessible only to those authorized to have access to it. Integrity: Safeguarding the accuracy and completeness of all information and processing methods. Availability: Making sure that authorized users have access to information and associated assets when required

Answer 65

Audit results help the senior management of the organization be confident that all the required controls are in place. Any gaps identified during the audit will be addressed by the senior management based on the threat level and other discretionary parameters, such as the risk acceptance level of the organization.

Answer 66

When used on software, hardware, and other assets (such as network components), configuration management helps the organization identify and track the updates and movements of its assets. When proper configuration management is applied through inventories, necessary tracking and integrity can be achieved. Inventories may track assets’ information such as serial number, model and make, location, configuration, and tracking numbers assigned within the organization. In order for configuration management to succeed, it is vital to update these parameters whenever there is any change in any of their values.

Answer 67

Natural access control is the use of the environment to control access to entry points, such as using landscaping and bollards. An example of natural surveillance is the construction of pedestrian walkways so there is a clear line of sight of all the activities in the surroundings.

Answer 68

A fence 3 to 4 feet high will only deter casual trespassers. Effective protection from a fence is directly proportionate to its height. While a fence 3 to 4 feet high will deter only casual trespassers, a fence 6 to 7 feet high is too tall to easily climb, and a fence 8 feet high or taller should deter a determined intruder.

Answer 69

Bollards are short posts used to prevent vehicular access and to protect a building or people walking on a sidewalk from vehicles. Typically made of steel or concrete, bollards can also be used to direct foot traffic. Bollards can be static (like a barricade) or raise and lower to restrict traffic only when desired.

Answer 70

Owner, Custodian User Owner: Must classify data that he is responsible for protecting. The owner has the final organizational responsibility of data protection, and under the concept of due care, the owner might be liable for negligence because of the failure to protect this data Custodian: The custodian has day-to-day responsibility for protecting the data. The custodian implements and maintains the necessary security mechanisms to fulfill specific data classification levels. The data classification is by the data owner, not the data custodian User: The end users are people who routinely use the information as part of their job. They can also be considered consumers of the data. The users are responsible for protecting the data at their level, but they do not classify the data or maintain the security mechanisms as the data owner and data custodian do. For example, the users do not define the data as confidential and also cannot share confidential information with unauthorized users.

Answer 71

The two common types of UPSs are * Online systems * Standby systems An online system uses AC power to charge a bank of DC batteries. These batteries are held in reserve until power fails. At that time, a power inverter converts the DC voltage back to AC for the computer systems to use. These systems are good for short-term power outages. Standby UPS devices stay inactive until a power line fails. The system has sensors that detect a power failure, and the load is switched to the battery pack. The switch to the battery pack is what causes the small delay in electricity being provided. So an online UPS picks up the load much more quickly than a standby UPS, but costs more, of course.

Answer 72

* Administrative * Technical (or logical) * Physical Controls Administrative controls include the developing and publishing of policies, standards, procedures, and guidelines; risk management; the screening of personnel; conducting security-awareness training; and implementing change control procedures. Technical controls (also called logical controls) consist of implementing and maintaining access control mechanisms; password and resource management, identification and authentication methods; security devices; and the configuration of the infrastructure. Physical controls entail controlling individual access into the facility and different departments; locking systems and removing unnecessary floppy or CD-ROM drives; protecting the perimeter of the facility; monitoring for intrusion; some types of security devices (for example, CCTV); and environmental controls. Controls can be * Corrective * Detective * Preventive * Deterrent

Answer 73

Guards are: * Expensive * Require continual training * Are susceptible to be compromised * Might even steal company property Guards can provide one of the best security measures; they act as both detectors and preventers. However, guards are human and suffer from the drawbacks listed in the answer field above. The security guard should have clear and decisive tasks that she is expected to fulfill. The guard should be fully trained on the activities she is expected to perform and on the responses expected from her in various situations. She should also have a central control point to check in to, two-way radios to ensure proper communication, and the necessary access into areas she is responsible for protecting.

Answer 74

* Value * Age Value is the number one commonly used criteria for classifying. If the information is valuable to an organization or its competitors, it needs to be highly protected. As for age, the classification of the information may be lowered if the information’s value decreases over time. In the Department of Defense (DoD), some classified documents are automatically declassified after a predetermined time period has passed.There are certainly other criteria points when determining classification levels of data; these are just two examples.

Answer 75

A **threat** is any potential danger to information or systems. The threat is that someone, or something, will identify a specific vulnerability and use it against the company or individual, and a threat agent can be a person, a process, or a natural disaster. A **vulnerability** is a flaw or weakness in the system that can be exploited to violate an AIC (availability, integrity, confidentiality) principle. Vulnerability is a software, hardware, or procedural weakness that might provide an attacker with the open door he is looking for to enter a computer or network and have unauthorized access to resources within the environment. The entity that takes advantage of vulnerability is a **threat agent**, which can be * An intruder accessing the network through a port on the firewall * A process accessing data in a way that violates the security policy * A tornado wiping out a facility * An employee making an unintentional mistake that could expose confidential information or destroy a file’s integrity Vulnerability characterizes the absence or weakness of a safeguard that could be exploited. The vulnerability might be: * A service running on a server * Unpatched applications or operating system software * Unrestricted modem dial-in access * An open port on a firewall * Lax physical security that allows anyone to enter a server room * Unenforced password management on servers and workstations

Answer 76

RAID implementation type is defined by the number of disks used and the type of writing technique used. * RAID 0: Writes files in stripes across multiple disks without the use of parity information. This technique allows for fast reading and writing to disk. * RAID 1: This level duplicates all disk writes from one disk to another to create two identical drives. This technique is also known as data mirroring. * RAID 2: Data is spread across multiple disks at the bit level using this technique. Redundancy information is computed using a Hamming error correction code, which is the same technique used within hard drives and error-correcting memory modules. * RAID 3 and RAID 4: Data is striped across multiple disks in bytes for level 3 and blocks for level 4. Parity information is written to a dedicated disk. These levels provide redundancy and can tolerate the loss of any one drive in the array. * RAID 5: This level requires three or more drives to implement. Data and parity information is striped together across all drives. This level is the most popular and can tolerate the loss of any one drive. * RAID 6: This level extends the capabilities of RAID 5 by computing two sets of parity information. The dual parity distribution accommodates the failure of two drives. * RAID 10: This level is considered a multi-RAID level. It combines the characteristics of RAID 0 and RAID 1, which stripes data across mirrors. This level requires substantial storage capacity, but the benefits are excellent redundancy and overall performance. RAID 5

Answer 77

Well-informed and trained management, technical staff, other employees, and end-users will be reminded of the vulnerabilities and threats that are out there and possible risk-mitigation actions that can be taken to protect the organization and its valuable assets. By using a formalized process for security awareness training, management can establish a method that provides the organization with the best results for making sure security policies and procedures are presented to the right people in an organization. This way management can make sure everyone understands what a corporate security policy is, why having the security policy is important, and how it fits into the individual’s role in the organization.

Answer 78

The exposure factor (EF) represents the percentage of loss a realized threat can have on a certain asset. So, for example, if a data warehouse has the asset value of $150,000, it might be estimated that if a fire were to occur, 25 percent of the warehouse would be damaged (and not more, because of a sprinkler system and other fire controls, proximity of a firehouse, and so on). In this case, the EF is 25 percent and the SLE (single loss expectancy) would be $37,500. This figure is derived to be inserted into the ALE (annualized loss expectancy) equation.

Answer 79

Locks are considered delaying mechanisms because a person who is determined to get in can eventually disengage a lock in some manner if given enough time. Locks are an effective security measure. They come in a variety of strengths, sizes, and locking mechanisms, including combination, key, and biometric. Visibility shields should be present on combination locks to prevent disclosure of the combination.

Answer 80

The HVAC system should * Maintain the appropriate temperature and humidity levels * Provide closed-loop recirculating air conditioning * Provide positive pressurization and ventilation

Answer 81

The annualized loss expectancy (ALE) is the annual expected loss due to a given threat. Annualized loss expectancy (ALE) = single loss expectancy (SLE) / annualized rate of occurrence (ARO) For example, a threat with a dollar value of $50,000 (SLE) that is expected to happen only once in 100 years (ARO of 0.01) will result in an ALE of $500.

Answer 82

Following are nine classifications of electrical power disruptions: * Fault * Blackout * Sag * Brownout * Spike * Surge * Inrush * Noise * Transient A fault is a momentary power loss. A blackout is a complete loss of power. A sag is momentary low voltage. A brownout is prolonged low voltage. A spike is momentary high voltage. A surge is prolonged high voltage. Inrush is the initial surge of power when an electrical device is first turned on. Noise is a steady, interfering disturbance. Transient is a short duration of line noise disturbances.