Lesson 7: Explain Resiliency and Site Security Concepts

Question 1

Define a ‘acquisition/procurement’ policy

Answer 1

Policies and processes that ensure asset and service purchases and contracts are fully managed, secure, use authorized suppliers/vendors, and meet business goals.

Question 2

Define ‘total cost of ownership (TCO)’

Answer 2

The initial purchase price along with the ongoing costs of maintenance, updates, and potential security incidents associated with an asset.

Question 3

Define ‘Configuration management’

Answer 3

Ensures that each configurable element within an asset inventory has not diverged from its approved configuration.

Question 4

Define ‘Change control’

Answer 4

The process by which the need for change is recorded and approved.

Question 5

Define ‘change management’

Answer 5

The process through which changes to the configuration of information systems are implemented as part of the organization’s overall configuration management efforts.

Question 6

Define a ‘Service Asset’

Answer 6

Things, processes, or people that contribute to delivering an IT service.

Question 7

Define a ‘Configuration Item (CI)’

Answer 7

An asset that requires specific management procedures to be used to deliver the service.

Question 8

Define a ‘baseline configuration’

Answer 8

A list of settings that an asset, such as a server or application, must adhere to.

Question 9

Define a ‘Security Baseline’

Answer 9

Minimum set of security configuration settings a device or software must maintain to be considered adequately protected.

Question 10

Define a ‘configuration management system (CMS)’

Answer 10

The tools and databases used to collect, store, manage, update, and report information about CIs.

Question 11

Define ‘Data deduplication’

Answer 11

Data compression technique that identifies and eliminates redundant data.

Question 12

Define ‘On-site backups’

Answer 12

Backup that writes job data to media that is stored in the same physical location as the production system.

Question 13

Define ‘Off-site backups’

Answer 13

Backup that writes job data to media that is stored in a separate physical location to the production system.

Question 14

How can an organization identify potential issues in their data recovery process?

Answer 14

Testing backups/restore capabilities and making necessary improvements.

Question 15

Define a ‘Snapshot’

Answer 15

Image backup; Used to create the entire architectural instance/copy of an application, disk, or system at a specific point in time.

Question 16

What is the purpose of a snapshot?

Answer 16

It is used in backup processes to restore the system or disk of a particular device at a specific time.

Question 17

Define a ‘VM snapshot’

Answer 17

Capture the state of a virtual machine, including its memory, storage, and configuration settings.

Question 18

Define a ‘Filesystem snapshot’

Answer 18

Capture the state of a file system at a given moment, enabling users to recover accidentally deleted files or restore previous versions of files in case of data corruption.

Question 19

Define a ‘SAN snapshot’

Answer 19

taken at the block-level storage layer within a storage area network which capture the state of the entire storage volume.

Question 20

Define ‘Replication’

Answer 20

Creating and maintaining exact copies of data on different storage systems or locations.

Question 21

Define ‘Journaling’

Answer 21

A method used by file systems to record changes not yet made to the file system in an object called a journal before the file indexes are updated.

Question 22

Define ‘Sanitization’

Answer 22

Process of removing sensitive information from storage media to prevent unauthorized access or data breaches.

Question 23

Define ‘continuity of operations planning (COOP)’

Answer 23

Processes and procedures to ensure critical business functions can continue during and after a disruption.

Question 24

What is the purpose of continuity of operations planning (COOP)?

Answer 24

Minimize downtime, protect essential resources, and maintain business resilience.

Question 25

What are key components of continuity of operations planning (COOP)

Answer 25

Identifying critical business functions, establishing priorities, determining the resources needed to support these functions; Involves creating redundancy for IT systems and data.

Question 26

What is the difference between continuity of operations planning (COOP) and Business continuity planning (BCP)?

Answer 26

Continuity of operations is a component of the broader business continuity concept; COOP is primarily concerned with the immediate response and restoration of critical functions, while business continuity encompasses a more comprehensive approach to ensure the overall resilience and recovery of the entire organization.

Question 27

Define 'Capacity Planning'

Answer 27

Organizations assess their current and future resource requirements to ensure they can efficiently meet their business objectives to support anticipated growth or changes in demand.

Question 28

What are the variables/subjects that are taken into account when Capacity Planning?

Answer 28

Personnel, storage, computer hardware, software, and connection infrastructure resources.

Question 29

What might be taken into consideration when capacity planning for physical infrastructure?

Answer 29

Evaluating physical facilities to see if they can accommodate growth; Power, cooling, and connectivity.

Question 30

What metrics can an organization use to assist in capacity planning?

Answer 30

Trend analysis, simulation modeling, and benchmarking.

Question 31

Define 'Trend analysis' and its function

Answer 31

Examines historical data to identify patterns and trends in resource usage, demand, and performance to forecast future resource requirements by understanding past patterns.

Question 32

Define the purpose of 'Trend analysis'

Answer 32

Help identify potential bottlenecks or other areas that require attention.

Question 33

Define 'Simulation modeling' and its function

Answer 33

Leverages computer-based models to simulate real-world scenarios; Assess the impact of changes in demand, different resource allocation strategies, or system configurations.

Question 34

Define 'Benchmarking' and its function

Answer 34

A comparison of an organization's performance metrics against industry standards or best practices; A way to identify areas for improvement and establish performance targets.

Question 35

What is the ultimate goal of capacity planning?

Answer 35

Allows organizations to optimize resource allocation, reduce costs, and minimize the risk of downtime or performance issues.

Question 36

What are 'people' risks associated with capacity planning?

Answer 36

Insufficient staffing, skills gaps, lack of cross-training/succession planning, resistance to change, lack of employee engagement, or ineffective communication.

Question 37

Define 'High availability (HA) clustering'

Answer 37

Redundant systems that can automatically take over operations in case of a failure, minimizing downtime.

Question 38

What does creating a high availability environment involve?

Answer 38

Designing and implementing hardware components, servers, networking, datacenters, and physical locations for fault tolerance and redundancy.

Question 39

What physical components attribute to high availability systems?

Answer 39

Redundant hardware components, such as power supplies, hard drives, and network interfaces.

Question 40

How is availability measured?

Answer 40

Measured as an uptime value, or percentage; Can also be calculated as the time or percentage that a system is unavailable (downtime).

Question 41

What timeframe is used to describe high availability?

Answer 41

24x7 or 24x365 days

Question 42

How is fault tolerance achieved?

Answer 42

By provisioning redundancy for critical components and single points of failure.

Question 43

Define 'Failover'

Answer 43

A technique that ensures a redundant component, device, application, or site can quickly and efficiently take over the functionality of an asset that has failed.

Question 44

How does a load balancer provide failover capabilities?

Answer 44

Load balancer can detect when a server/site has gone down and redirect inbound traffic to other sites in the pool.

Question 45

Define a 'Hot site'

Answer 45

A fully configured alternate processing site that can be brought online either instantly or very quickly after a disaster.

Question 46

Define a 'Cold site'

Answer 46

A predetermined alternate location where a network can be rebuilt after a disaster.

Question 47

Define a 'Warm site'

Answer 47

An alternate processing location that is typically dormant but can be rapidly converted to a key operations site if needed.

Question 48

Define 'Geographic dispersion'

Answer 48

Processing and data storage resources are replicated between physically distant sites.

Question 49

What is the purpose of geographic dispersion?

Answer 49

To ensure that recovery sites are located far enough apart to minimize the impact of regional disasters.

Question 50

What are 3 ways to test high availability of a system/service?

Answer 50

1. Load testing 2. Failover testing 3. Monitor system testing

Question 51

Define 'load testing' and its purpose

Answer 51

Software tools to validate a system's performance under expected or peak loads and identify bottlenecks or scalability issues.

Question 52

Define 'failover testing'

Answer 52

Validating failover processes to ensure a seamless transition between primary and secondary infrastructure.

Question 53

Define 'Clustering'

Answer 53

A load balancing technique where a group of servers are configured as a unit and work together to provide network services.

Question 54

Define a 'Virtual IP' and its purpose/function

Answer 54

An IP address that is shared by nodes in a cluster/pool that allow a load balancer to direct traffic to the active servers in a pool without the use of multiple IPs.

Question 55

What protocol is used to implement a virtual IP address?

Answer 55

Common Address Redundancy Protocol (CARP)

Question 56

How does Common Address Redundancy Protocol (CARP) allow a group of nodes to share the same virtual IP?

Answer 56

The instances are configured with a private connection, on which each is identified by its "real" IP address, enabling the active node to "own" the virtual IP and respond to connections.

Question 57

How does the Common Address Redundancy Protocol (CARP) know which node in a pool is available to receive traffic?

Answer 57

The redundancy protocol also implements a heartbeat mechanism to allow failover to the passive node if the active one should suffer a fault.

Question 58

Define 'Active/passive clustering'

Answer 58

If one node is active, the other is passive.

Question 59

Define 'Active/active clustering'

Answer 59

Both nodes are processing connections concurrently.

Question 60

What is the biggest advantage of active/passive clustering?

Answer 60

Performance is not adversely affected during failover.

Question 61

Define 'Application clustering'

Answer 61

Allows servers in the cluster to communicate session information to one another for fault tolerance.

Question 62

What are forms of power redundancy?

Answer 62

1. Appliances with dual power supplies each connected to a different source 2. Power Distribution Units (PDUs) 3. Uninterruptible Power Supplies (UPSs) 4. Generators

Question 63

Define a 'power distribution unit (PDU)'

Answer 63

An advanced strip socket that provides filtered output voltage.

Question 64

What is the purpose of a power distribution unit (PDU)?

Answer 64

"Clean" the power signal; provide protection against spikes, surges, and under-voltage events; and integrate with uninterruptible power supplies (UPSs)

Question 65

Define a 'Uninterruptible Power Supply (UPS)' and its purpose

Answer 65

A battery-powered device that supplies AC power that an electronic device can use in the event of power failure.

Question 66

Define a 'Battery Backup' and its purpose

Answer 66

Provisioned at the component level for disk drives and RAID arrays to protect any read or write operations cached at the time of power loss.

Question 67

Define 'Platform diversity'

Answer 67

Concept in that refers to using multiple technologies, operating systems, and hardware or software components within an organization's infrastructure.

Question 68

What is the purpose of platform diversity?

Answer 68

By incorporating a variety of platforms, businesses can reduce the risk of a single vulnerability or attack affecting their entire infrastructure.

Question 69

Why is it good to implement platform diversity?

Answer 69

A diverse technology landscape makes it more challenging for threat actors to navigate, as they must be familiar with multiple platforms and exploit techniques.

Question 70

Why is it insecure to rely on a single vendor and not implement vendor diversity?

Answer 70

Can create a single point of failure; Entire infrastructure is as risk if a vulnerability is discovered in the vendor's products.

Question 71

What are the benefits to business function of implementing vendor diversity?

Answer 71

If a vendor stops doing business, goes bankrupt, or experiences a significant disruption, having alternatives helps maintain business continuity.

Question 72

Define 'Deception and disruption technologies'

Answer 72

Cybersecurity resilience tools and techniques to increase the cost of attack planning for the threat actor.

Question 73

Define a 'Honeypot' and its purpose

Answer 73

Decoy system that mimics real systems and applications designed to allow security teams to monitor attacker activity and gather information about their tactics and tools.

Question 74

Define a 'Honeynet'

Answer 74

A network of interconnected honeypots that simulate an entire network, providing a more extensive and realistic environment for attackers to engage with.

Question 75

Define a 'Honeyfile' and its purpose

Answer 75

Fake files that appear to contain sensitive information, used to detect attempts to access and steal data.

Question 76

Define 'Honeytoken' and its purpose

Answer 76

False credentials, login credentials, or other data types used to distract attackers, trigger alerts, and provide insight into attacker activity.

Question 77

Define a 'Disruption strategy' and its purpose

Answer 77

Aim is to raise the attack cost and tie up the adversary's resources.

Question 78

What are examples of 'disruption' strategies?

Answer 78

Configuring a web server with multiple decoy directories or dynamically generated pages to slow down scanning; Using a DNS sinkhole to route suspect traffic to a different network, such as a honeynet.

Question 79

Define a 'DNS sinkhole'

Answer 79

A temporary DNS record that redirects malicious traffic to a controlled IP address.

Question 80

Define a 'Tabletop Exercise'

Answer 80

A discussion of simulated emergency situations and security incidents.

Question 81

What is the purpose of a Tabletop Exercise

Answer 81

To help identify knowledge, communication, and coordination gaps, ultimately strengthening the organization's incident response capabilities.

Question 82

Define a 'Parallel Processing Test'

Answer 82

Running primary and backup systems simultaneously to validate the functionality and performance of backup systems without disrupting normal operations.

Question 83

Why is physical security important to cybersecurity?

Answer 83

Provides the first line of defense against physical access to an organization's critical assets.

Question 84

Describe authentication in physical security

Answer 84

Creates access lists and identifies mechanisms to allow approved persons through the barriers.

Question 85

Describe authorization in physical security

Answer 85

Creates barriers around a resource to control access through defined entry and exit points.

Question 86

Describe accounting in physical security

Answer 86

Records when entry/exit points are used and detects security breaches.

Question 87

Describe the concept of physical security through environmental design

Answer 87

Uses the built environment to enhance security and prevent crime.

Question 88

How is physical security through environmental design achieved?

Answer 88

Barricades; Entry/Exit points; Fencing; Lighting

Question 89

Define an 'Access Control Vestibule (Mantrap)'

Answer 89

A secure entry system with two gateways, only one of which is open at any one time.

Question 90

Define a 'physical access control system (PACS)'

Answer 90

A combination of hardware and software designed to control who can access specific locations within a building or site; Access cards, card readers, access control panels, and a centralized control network

Question 91

Define a 'circuit alarm/sensor'

Answer 91

Circuit-based alarm that sounds when the circuit is opened or closed, depending on the type of alarm.

Question 92

What is the most secure version of a circuit alarm?

Answer 92

A closed-circuit alarm is more secure because it cannot be defeated by cutting the circuit like an open-circuit alarm.