Domaine 4 : Opérations de sécurité Flashcards
What is the Principle of Least Privilege?
Users are granted only the permissions necessary to perform their job functions
This principle minimizes potential damage from malicious activities or accidental misuse.
What does Discretionary Access Control (DAC) entail?
Resource owners determine access permissions.
DAC is common in standard operating systems.
What is Mandatory Access Control (MAC)?
Access decisions are based on fixed policies and classifications.
MAC is often used in environments requiring high security.
Define Role-Based Access Control (RBAC).
Permissions are assigned based on user roles within an organization.
RBAC simplifies management by grouping users with similar access needs.
What is Rule-Based Access Control?
Access is determined by system-enforced rules set by administrators.
Examples include time-based restrictions or specific browser requirements.
Describe Attribute-Based Access Control (ABAC).
Access decisions are based on attributes (e.g., user, resource, environment).
ABAC allows for more granular and context-aware access control.
What are Time-of-Day Restrictions?
Access can be limited to specific times or days.
This enhances security by restricting access during non-business hours.
Why is continuous monitoring important in security?
It is vital for detecting unauthorized activities and potential threats.
Continuous monitoring helps in maintaining the integrity and security of systems and data.
What types of sources should logs be collected from?
Logs should be collected from:
* Firewalls
* Servers
* Applications
Collecting logs from various sources allows for comprehensive analysis.
What is the purpose of analyzing logs in security monitoring?
To identify anomalies or suspicious activities.
Analyzing logs is crucial for proactive threat detection.
What does SIEM stand for?
Security Information and Event Management.
SIEM systems play a key role in security monitoring.
What is the function of a SIEM system?
It aggregates and correlates data from multiple sources and provides real-time analysis and alerts for security incidents.
SIEM systems are essential for effective security incident management.
What are baselines used for in security monitoring?
To define normal behavior patterns for systems and networks.
Baselines help in detecting deviations that may indicate security issues.
What is the purpose of alerting mechanisms in security monitoring?
To notify administrators of potential threats and ensure alerts are actionable while reducing false positives.
Effective alerting mechanisms are crucial for timely incident response.
What should regular auditing and review processes assess?
The effectiveness of security controls.
Periodic audits help in identifying areas for improvement in security monitoring strategies.
Fill in the blank: SIEM systems provide ________ analysis and alerts for security incidents.
real-time
Why are logs important in system monitoring?
Logs are essential for monitoring system activities, detecting anomalies, and supporting forensic investigations
Logs provide a chronological record of events, aiding in identifying security incidents.
What do system logs record?
Operating system events, such as startups, shutdowns, and errors
System logs provide insights into the overall health and status of the operating system.
What do application logs capture?
Events specific to applications, including user activities and errors
Application logs are crucial for troubleshooting application-specific issues.
What types of events do security logs track?
Security-related events like login attempts and access control changes
Security logs are vital for identifying potential security breaches.
What is the purpose of audit logs?
Provide a trail of user activities for compliance and auditing purposes
Audit logs help organizations maintain accountability and meet regulatory requirements.
What is centralized logging?
Aggregate logs from various sources into a centralized system for easier analysis
Centralized logging facilitates a unified view of log data across different systems.
What is the importance of regular monitoring of logs?
Continuously monitor logs to detect unusual activities promptly
Regular monitoring helps in early detection of potential security threats.
What should retention policies for logs establish?
How long logs should be retained based on regulatory requirements
Retention policies ensure compliance with legal and organizational standards.
Why is secure storage of logs crucial?
To prevent unauthorized access or tampering
Secure storage protects the integrity and confidentiality of log data.
What tools can be used for analyzing log data?
Automated tools and Security Information and Event Management (SIEM) systems
SIEM systems help in correlating events and identifying security threats efficiently.
What can be identified through analyzing log data?
Patterns and correlations that may indicate security threats
Analyzing log data is essential for proactive security measures.
