General Security Concepts Flashcards

1
Q

Name four control categories

A
  1. Technical controls
  2. Managerial controls
  3. Operational controls
  4. Physical controls
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which control type is a relatively weak one and why?

A
  • Directive control types
  • It’s relatively weak because you basically just ask someone to follow the rules or to do or not do something
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Name 6 control types

A
  1. Preventive controls (förebyggande)
  2. Deterrent controls (avskräckande)
  3. Detective controls (varning)
  4. Corrective controls (Korrigerande)
  5. Compensating controls (kompenserande)
  6. Directive controls (direktiv)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Explain operational controls

A

Operational controls is a control category and are controls implemented by people instead of systems, for example: awareness programs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Explain managerial controls

A

Managerial controls is a control category and are administrative controls like security policies. Also known as Governance in the term GRC

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Explain technical controls

A

Technical crontrols is a control category and are controls implemented using systems, for example firewalls or anti-virus

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are preventive control types?

A

Preventive control types prevents something bad happening before it happens

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What are detective control types?

A

Detective control types identifies/detect if something bad happens but does not necessarily prevent it

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What are deterrent control types?

A

Deterrent control types “scares” someone to not do bad things due to the consequences

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What are corrective control types?

A

Corrective control types corrects the problem and is applied after something bad has happened

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What are compensating control types?

A

Compensating control types are used when existing controls aren’t enough

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What are directive control types?

A

When you direct a subject towards security compliance, basically when you ask someone to do or not do something

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

When you collect and review a system log, what category and type of control is that?

A

Category: Technical
Type: Detective

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

When you restore a system with backup after an ransomware attack, what category and type of control is that?

A

Category: Technical
Type: Corrective

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

If you put up warning signs with consequences if you enter a specific room without permission, what category and type of control is that?

A

Category: Physical
Type: Deterrent

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is the CIA Triad and what do the letters stand for?

A
  • The CIA Triad is the fundamentals of security
  • C = Confidentiality
  • I = Integrity
  • A = Availability
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Name 3 technical controls that you can apply to ensure the information is confidential

A
  1. Encryption
  2. Access controls
  3. Two-factor authentication
18
Q

Name 3 technical controls that you can apply to ensure that the information has not been compromised (integrity)

A
  1. Hashing
  2. Digital signatures
  3. Certificates
19
Q

Name 3 technical controls that you can apply to ensure that the information is available when needed

A
  1. Redundancy
  2. Fault tolerance
  3. Patching
20
Q

What is Non-repudiation?

A

Non-repudiation is the assurance that someone cannot deny the validity of something - it provides proof of the origin and integrity of data (confirmes who sent it and that it has not been modified on the way)

21
Q

What is a hash?

A

Hashing is the process of transforming any given key or string of characters into another value, usually represented by a shorter, fixed-length value or key.

A hash function generates new values accordning to a mathematical hashing algorithm. To prevent the conversion of a hash back into the original key or string, a good hash always uses a one-way hashing algorithm.

22
Q

Which key do you encrypt with?

A

The private key

23
Q

Which key do you decrypt with?

A

The public key

24
Q

What is proof of integrity and proof of origin?

A
  • Proof of integrity proves that data has not been modified
  • Proof of origin proves the source of the data
25
Q

What do the different A:s in AAA framework stand for and what do the different A:s mean?

A
  1. Authentication - Proves that you are who you say you are, using a password for example
  2. Authorization - What accesses you have based on your identification and authentication
  3. Accounting - What recources are beeing used (login time, data sent and received, logout time - for example)
26
Q

How can you authenticate a device?

A

You use a digitally signed certificate on the device

27
Q

What is Certificate Authority (CA)?

A

A device or software that is responsable for managing all the certificates in the environment

28
Q

What is used to validate the certificate on a device?

A

The CA’s (Certificate Authoriy’s) digital signature

29
Q

Why is it important to use an authorization model?

A

If you don’t use an authorization model it’s hard to keep control (why does a specific authorization exist?) and it does not scale well if there are a large number of users.
By creating groups the authorizations are esier to understand and control and it supports any number of users or resources

30
Q

What is a Gap analysis?

A

An analysis that defines the gap between where you are and where you want to be

31
Q

Name two frameworks that can be used to set a security baseline

A
  1. NIST Special Publication 800-171 Revision 2
  2. ISO/IEC 27001
32
Q

What is Zero trust, easily explained?

A

Zero trust is a holistic approach to network security where everything must be verified - nothing is inherently trusted.

33
Q

Name 7 different physical security controls

A
  1. Barricades
  2. Access control vestibules
  3. Fencing
  4. Video surveillance
  5. Guards and access badges
  6. Lighting
  7. Sensors
34
Q

Why does more light mean better physical security?

A
  • Attackers avoid the light
  • Easier to see what is happening when lit
  • Non infrared cameras can see better
35
Q

What is a honeypot?

A

A honeypot is a network-attached, controlled and safe environment, set up as a decoy to lure cyber attackers into the trap

36
Q

What is a honeynet?

A

A honeynet is a bigger network of more than one honeypot that looks more like real infrastructure to the attacker

37
Q

What is a honeyfile?

A

Honeyfiles are baits inside of a honeynet, for example a file named “passwords.txt”

38
Q

Why is it important to have a change approval process?

A

To avoid downtime, confusion and misstakes

39
Q

Why should you have a test environment where you can test changes before making any changes in the production environment?

A

To be able to test and confirm that the change goes well and also to be able to test the backout plan/rollback

40
Q

Name 3 things to consider when choosing a maintenace window for applying a change

A
  1. Not doing it during the workday - if possible
  2. Overnight is often a better choice
  3. Also consider the time of year
41
Q

Describe a good change approval process (8 steps)

A
  1. Use request forms
  2. Detemine the purpose of the change
  3. Identify the scope of the change
  4. Choose a date and time for the change
  5. Determine affected systems and the impact
  6. Analyze the risks
  7. Get approval for the change
  8. Get end-users acceptance after the change is complete
42
Q
A