General Security 1 Flashcards

1
Q

Which Security Control Categories are there?

A
  • Technical
    Controls implemented using systems
    Automated mechanisms and Technology
    Firewall, Anti-Virus
  • Managerial
    Implemented by Manager / Administrator
    Security Controls, Standard operating procedures, Access Control, Incident response plan
  • Operational
    Implemented by people instead of systems
    Security Guards, Awareness Training
  • Physical
    Limiting physical access
    Fences, Guard Check, Walls, Badge Readers
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which Control Types are there?

A
  • Preventive
    Limitation of access to resource
    Firewall Rule, Fence, Badge
  • Deterrent
    Discourage Intrusion
    Warning signs, Front desk reception
  • Detective
    Identify and log an intrusion atempt
    Collect and review of system logs, login reports, patrol of property
  • Compensating
    Countermeasures to mitigate risk
    May be temporary
  • Directive
    Designed to establish desired outcome
    File storage policies, compliance policies, signs
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What describes non-repudiation?

A
  • The Integrity of Data
    Nothing has been changed
  • Proof of Origin
    Where does the Data comes from?

Can be achieved via:
Hashing
Digital Signature

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are Planes of Operation?

A
  • Splitting Network into Funtional Planes

Data Plane
* Everything related that helps processing data within Network
* Frames, packets, network data

Control Plane
* Manages Control of processed Data
* Defines Rules and Policies
* How packets should be forwarded
* Routing table, session tables, NAT table

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What are Security Zones?

A
  • Zones following different rule sets of access
  • Trusted, untrusted
  • internal, external
  • differentiated by departments
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

How to Evaluate or Control Security Controls?

A

Adaptive Identity
* Approach that can change and adjust how it verifies or recognises a persons identity based on different circumstances or behavior
* Multiple Risk indicators: Physical location, Type of connection, IP Address
* Result: Make authentication stronger if needed

Threat Scope Reduction
* Decrease possible entry points to a system

Policy driven Access Control
* Combination of adaptive Identity with predefined rules

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

How are Security Zones enforced?

A

Policy Enforcement Points (PEP)
* Gatekeeper of all traffic traversing the network
* Gathers all information of traffic

Policy Decision Point (PDP)
* Examines authentication provided by PEP and makes decision if communication should be allowed or not
Consists of:
Policy Engine
* Evaluates each accewss decision based on policy
* Grant, Evoke, Revoke
Policy Administrator
* Communicates with Policy Enforcement Point
* Generates tokens, credentials

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

How does a typical change approval process looks like?

A
  1. Complete Request form
  2. Determine Purpose of change
  3. Determine affected systems and impact
  4. Analyze Risks accociated with it
  5. Approval from change control board
  6. Get end-user acceptance after change is completed
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is ownership in change management?

A
  • Individuals or entity need to make a change, but they usually dont perform the actual change
  • Owner manages actual change
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is Impact Analysis?

A
  • Risk Value assignes to change
  • Also risks involved if change is not done
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is a Backout Plan?

A
  • Plan to revert back to original configuration
  • Should be planned before change is done
How well did you know this?
1
Not at all
2
3
4
5
Perfectly