Items I need to Study

Question 1

BCP

Answer 1

Business continuity Plan - Proactive

Question 2

BIA

Answer 2

Business impact Analysis - define RPO, RTO and other metrics. This is used to chose a BCP

Question 3

RPO

Answer 3

Recovery Point Objective - Defines a business goal for system restoration and acceptable data loss

Question 4

DRP

Answer 4

Disaster Recovery Plan - plan for business continuity in the event of a disaster. (think physically moved)

Question 5

When in disaster recovery which system is restored first (most or least critical)

Answer 5

Most critical

Question 6

When in disaster restoration which system is restored first? (most least critical)

Answer 6

Least Critical

Question 7

What is OSI Model

Answer 7

7. Application
8. Presentation
9. Session
10. Transport
11. Network
12. Data link
13. Physical

Question 8

Please Do Not Throw Sausage Pizza Away

Answer 8

OSI Model remembrance for

7. Application
8. Presentation
9. Session
10. Transport
11. Network
12. Data link
13. Physical

Question 9

TCP/IP Model

Answer 9

4. Process/Application Layer
5. Host-to-Host/Transport Layer
6. Internet Layer
7. Network Access/Link Layer

Question 10

TCP/IP Model Explained

Answer 10

1. Network Access Layer –
   This layer corresponds to the combination of Data Link Layer and Physical Layer of the OSI model. It looks out for hardware addressing and the protocols present in this layer allows for the physical transmission of data.
   We just talked about ARP being a protocol of Internet layer, but there is a conflict about declaring it as a protocol of Internet Layer or Network access layer. It is described as residing in layer 3, being encapsulated by layer 2 protocols.
2. Internet Layer –
   This layer parallels the functions of OSI’s Network layer. It defines the protocols which are responsible for logical transmission of data over the entire network. The main protocols residing at this layer are :

IP – stands for Internet Protocol and it is responsible for delivering packets from the source host to the destination host by looking at the IP addresses in the packet headers. IP has 2 versions:
IPv4 and IPv6. IPv4 is the one that most of the websites are using currently. But IPv6 is growing as the number of IPv4 addresses are limited in number when compared to the number of users.
ICMP – stands for Internet Control Message Protocol. It is encapsulated within IP datagrams and is responsible for providing hosts with information about network problems.
ARP – stands for Address Resolution Protocol. Its job is to find the hardware address of a host from a known IP address. ARP has several types: Reverse ARP, Proxy ARP, Gratuitous ARP and Inverse ARP.
3. Host-to-Host Layer –
This layer is analogous to the transport layer of the OSI model. It is responsible for end-to-end communication and error-free delivery of data. It shields the upper-layer applications from the complexities of data. The two main protocols present in this layer are :

Transmission Control Protocol (TCP) – It is known to provide reliable and error-free communication between end systems. It performs sequencing and segmentation of data. It also has acknowledgment feature and controls the flow of the data through flow control mechanism. It is a very effective protocol but has a lot of overhead due to such features. Increased overhead leads to increased cost.
User Datagram Protocol (UDP) – On the other hand does not provide any such features. It is the go-to protocol if your application does not require reliable transport as it is very cost-effective. Unlike TCP, which is connection-oriented protocol, UDP is connectionless.
4. Application Layer –
This layer performs the functions of top three layers of the OSI model: Application, Presentation and Session Layer. It is responsible for node-to-node communication and controls user-interface specifications. Some of the protocols present in this layer are: HTTP, HTTPS, FTP, TFTP, Telnet, SSH, SMTP, SNMP, NTP, DNS, DHCP, NFS, X Window, LPD. Have a look at Protocols in Application Layer for some information about these protocols. Protocols other than those present in the linked article are :

HTTP and HTTPS – HTTP stands for Hypertext transfer protocol. It is used by the World Wide Web to manage communications between web browsers and servers. HTTPS stands for HTTP-Secure. It is a combination of HTTP with SSL(Secure Socket Layer). It is efficient in cases where the browser need to fill out forms, sign in, authenticate and carry out bank transactions.
SSH – SSH stands for Secure Shell. It is a terminal emulations software similar to Telnet. The reason SSH is more preferred is because of its ability to maintain the encrypted connection. It sets up a secure session over a TCP/IP connection.
NTP – NTP stands for Network Time Protocol. It is used to synchronize the clocks on our computer to one standard time source. It is very useful in situations like bank transactions. Assume the following situation without the presence of NTP. Suppose you carry out a transaction, where your computer reads the time at 2:30 PM while the server records it at 2:28 PM. The server can crash very badly if it’s out of sync.

Question 11

Incident Response According to SANS

Answer 11

1. Preparation
2. Identification
3. Containment
4. Eradication
5. Recovery
6. Follow up/Lessons Learned

Question 12

Common Criteria For Evaluations

Answer 12

EAL1: Functionally Tested

1. 2 EAL2: Structurally Tested
2. 3 EAL3: Methodically Tested and Checked
3. 4 EAL4: Methodically Designed, Tested and Reviewed
4. 5 EAL5: Semiformally Designed and Tested
5. 6 EAL6: Semiformally Verified Design and Tested
6. 7 EAL7: Formally Verified Design and Tested

Question 13

What document covers Common Criteria (EAL)

Answer 13

ISO 15408

http://www.qnx.com/download/feature.html?programid=19317

Question 14

ARO

Answer 14

Annualized Rate of Occurrence - Probability in a single year

Question 15

SLE

Answer 15

Single Loss Expectancy - Expected Monetary Loss every time a risk happens

Question 16

ALE

Answer 16

Annualized loss expectancy - expected monetary loss that can be expected for an asset due to a risk over a year

Question 17

equation for SLE

Answer 17

SLE =AV*EF

Question 18

equation for ALE

Answer 18

ALE = ARO*SLE

Question 19

Qualitative risk analysis

Answer 19

easy, lower cost, snap shot to categorize risk (graph, low, med,high)

Question 20

Four Risk Responses

Answer 20

1. Avoidance
2. Transference
3. Acceptance
4. Mitigation

• left over risk from this is residual risk to accept

Question 21

Control Types

Answer 21

Physical, Administrative, Technical/logical

Question 22

Primary Control methods (before incident

Answer 22

Directive, preventative, deterrent

Question 23

Primary Controls methods (after incident)

Answer 23

Detective, corrective, recovery

Question 24

What is CPTED

Answer 24

CPTED’s goal is to prevent crime by designing a physical environment that positively influences human behavior. The theory is based on four principles: natural access control, natural surveillance, territoriality, and maintenance

Question 25

four principles of CPTED

Answer 25

Natural access control
Natural Surveillance
Territoriality
Maintenance

Question 26

Retention Policy

Answer 26

A Set of guidelines that a company follows to determine how long it should keep certain records including email and web pages.

Question 27

Data Remanence Concerns

Answer 27

Residual physical information or erased by some other process

Question 28

Types to prevent Data Remanence

Answer 28

Clear - writing over drives (places 1’s and 0’s over this)

Purge - (sanitize, the drive i.e. degaussing)

Destruction - Destroy physical harddrive.

Question 29

Rotation of Duty/Job Rotation

Answer 29

Job Rotation - Main benefit Reduces Collusion. side benefit, cross training

Question 30

User Access Reviews

Answer 30

Should conduct at least once a year

This helps prevent privilege’s-creep

Question 31

Other names for Privilege creep

Answer 31

Access Aggregation

Rights-creep

Question 32

Due Diligence VS Due Care

Answer 32

Due Care - is the care that is reasonably person would exercise under the circumstances

- standard for determining legal duty
- Reactive (SIEM, fire alarm, breach, wet floor)

Due Diligence - doing your job proactively to ensure

- Proactive Setup of all systems
- Assurance to setup and provide proper protections
- Doing homework

Question 33

Types of Agreements

Answer 33

SLA - Service level agreement - Strict legal agreement of understanding

MOU - Memorandum of Understanding - loose agreement between two parties to work together (gentlemen’s agreement)

OLA - Organizational level agreement, within a company.

ISA - Interconnection Security Agreement - connection agreement between organizations

NDA - Non-Disclosure agreement