Enterprise Security and Resiliency

Question 1

What is configuration management?

Answer 1

The process of maintaining systems in a desired, consistent state. Document a baseline of a known good configuration.

Document configurations and attempts to prevent drifts

Several elements: Diagrams / Naming conventions / Baseline configs / IP address scheme

Question 2

What are the states of data?

Answer 2

Data in transit: data traversing a networking, protecting by segmentation, cryptography, hashing

Data at rest: data on nonvolatile storage, encryption.

Data in use: data in processing or non-persistent storage. OS security is important

Question 3

What is Data loss Prevention (DLP)?

Answer 3

A solution made up of many different applications, processes, procedures, technologies that work together to prevent sensitive data from leaving the network out notice.

DLP scan data and classify them to see what data is actually sensitive.

Question 3

What is a SSL/TLS inspection?

Answer 3

This is a security risk since of the encryption, we cannot inspect the payload.

This allows us to decrypt the traffic, inspect it and re-encrypted.

You are created your own on path “man in the middle” communication.

Question 4

What are the stages of alternate sites?

Answer 4

Hot Site - Fully equipped backup location ready in hours
People are the only thing missing to start up your business. Expensive

Cold Site - Space and utilities but no hardware
You have the space but nothing else. It is cheaper.

Warm Site - some hardware, but not ready to go.
You have a few things ready to go.

Question 5

Why is a load balancer beneficial for network redundancy?

Answer 5

Accepts incoming traffic and then distributes it to any backend system that is connected.

Should have multiple LBs to avoid a SPOF (single point of failure)

Question 6

Why is multiple gateways beneficial for network redundancy?

Answer 6

2 or more gateway for all entry and exit points for your LAN.

Protocols:
HSRP
VRRP

Question 7

Why is multiple ISP beneficial for network redundancy?

Answer 7

You have multiple entry and exit points just in case there is an issue with one of them.

Question 8

Why is multiple path beneficial for network redundancy?

Answer 8

You avoid a single point of failure - SPOF

Question 9

Why is multiple NIC beneficial for network redundancy?

Answer 9

You can potentially load balance (NIC teaming) the traffic to and from servers and you protect yourself from a SPOF on the servers and losing connectivity.

Question 10

What is RAID?

Answer 10

Redundant array of independent disk?

Question 11

What is Raid 0 used for?

Answer 11

to increase performance but offers no protection to data if drive is lost

Question 12

What is Raid 1 and Raid 5 used for?

Answer 12

to improve data redundancy.

Question 13

Explain incremental backup?

Answer 13

Backups up only the files that have been modified since last full back up or last incremental back up.

Quick to make, slow to restore since you have to do a restore of the full back up and each other incremental back afterward.

Question 14

Explain Differential backup ?

Answer 14

It backups up all the changes since last full back up.

Slower to make, quicker to restore.

You will need to have the full back and recent differential back up.

Question 15

Explain a snapshot backup?

Answer 15

Backs up the entire state of system including the contents of memory.

Question 16

Why is important of doing system diversity?

Answer 16

Multiple vendors reduces the risk of a single issue resulting in widespread CIA problems.

You will need to do a balancing act since more vendors require personnel that are trained.