Managing Security 3

Question 0

Describe defense in depth

Answer 0

A tactic that leverages a layered approach to security used to plan personnel training, policy adoption, physical protection and other comprehensive strategies. An excellent fail safe.

Question 1

Describe layered security

Answer 1

securing systems and their data that incorporates many different venues of defense and implementing controls to mitigate each type of threat. Provides optimum protection for organization vulnerable to a wide variety of attacks

Question 2

What is data security

Answer 2

Refers to the security controls and measure taken to keep an organizations data safe and accessible and prevent unauthorized access. Must be applied at every level.

Question 3

Describe data security vulnerabilities.

Answer 3

Can include the increased use of cloud computing, lack of restricted physical access to data storage systems, and lack of user awareness.

Question 4

List some data storage methods

Answer 4

Traditional network servers. Referred to DAS direct attach storage
Network attached storage NAS. multiple hard dives
Storage area networks SAN dedicated networks providing block level storage
Cloud based storage. Service based storage hosted by a third party

Question 5

Name the data encryption methods

Answer 5

Full disk encryption 
Database encryption 
File encryption 
Mobile device encryption
Email encryption 
Voice encryption

Question 6

Explain hardware based encryption devices

Answer 6

Encryption, decryption, and access control are enforced by a cryptographic module called HSM. hardware security module.  
Does not allow the execution of external programs attempting to reset counters or access their memory

Question 7

Benefits of hardware based encryption

Answer 7

Prevents storage mapping from drive to file system
Prevents copying drive contents without the assigned HSM
self governed and not dependent on the OS
provides org proof that each machine is encrypted.

Question 8

List the types of hardware based encryption devices

Answer 8

TPM trusted platform module
HSM hardware security module
USB encryption
Hard drive encryption

Question 9

Trusted platform module TPM is

Answer 9

Hardware based encryption that can generate cryptographic keys securely and used to authenticate hardware for disc encryption and other encryption enabled application. Uses crypto processor to secure computing environment.

Question 10

HSM

Answer 10

Hardware Security Module

A cryptoprocessor device attached to severs and computers to provide digital key security

Question 11

USB encryption

Answer 11

Hardware based encryption implemented on USB devices

Question 12

Hard drive encryption

Answer 12

Hardware based encryption that is a full disk encryption method used to encrypt and protect data on the entire disk. Effective on mobile devices.

Question 13

List the three data states

Answer 13

At rest. Refers to data in storage
In transit. Refers to data moving across a network
In use. Data being generated, changed, erased or viewed at one network node.

Question 14

ACLs enable you to

Answer 14

Access Control Lists enable you to restrict access to resources. commonly implemented as MAC address filters on wireless routers and access points

Question 15

Big data refers to

Answer 15

Data collections so large and complex traditional database tools find it difficult to manage. Generally restrict authorized users visibility from seeing the data as a whole. Design to work only with trusted parties and integrate non repudiation

Question 16

Data policies might be created for

Answer 16

Wiping data
Disposing of data
Retention types of data to be retained
Storage

Question 17

What is application security

Answer 17

Ensures that the proper software is in place to protect applications from threat and vulnerabilities.
Applied to every phase of the software development process.

Question 18

Patch management is

Answer 18

The practice of monitoring for, obtaining, evaluating, testing, and deploying software patches and updates.

Question 19

List common application security methods.

Answer 19

Configuration baseline. Composed of the minimum security requirements needed for an application to be completed.

Application hardening. Used to configure default application to prevent security threats and vulnerabilities.

Patch management. System for third party software to ensure ever app is running the latest security requirements and updates

Question 20

What is input validation

Answer 20

Involves ensuring that the data entered into a field in an application is within acceptable bounds for the object that will receive the data.

Question 21

What is command injection

Answer 21

An attacker sends additional commands to an application through an unchecked input field
Exploits input validation vulnerabilities

Question 22

Client side validation

Answer 22

Involves performing all input validation and error recovery from within the browser using JavaScript, Asynchronous JavaScript and XML (AJAX), VBScript or HTML 5
Provides an enhanced user experience.

Question 23

Server side validation

Answer 23

Involves performing all input validations and error recovery at the server by using a script language such as Perl, PHP, or ASP.
Provides Enhanced security.

Question 24

Explain Error and exception handling

Answer 24

A strategy organization use to design and develop security measures that are targeted as possible errors in an application Prevents attackers from gathering and using sensitive data presented in an error

Question 25

What is XSS

Answer 25

Cross site scripting attack. Takes advantage of scripting and input validation vulnerabilities in an interactive website in two ways Stored attack. malicious code or links injected into a websites forums, databases or other data Reflected attack. Attacker poses as legitimate user and sends info to a web server in the form of s page request or form submission

Question 26

What is XSRF attack

Answer 26

Cross site request forgery attack take advantage of the trust established between an authorized user of a website and the website itself. Exploits a web browsers trust in unexpired browser cookies or when user select remember password option

Question 27

List some cross site attack prevention methods.

Answer 27

Restrict HTML hypertext markup language formatting in form fields Use input validation in all fields Limit expiration time for cookies Encrypt data communications between clients and severs Inform users not to use remember me options.

Question 28

What is fuzzing

Answer 28

A testing method used to identify security vulnerabilities in applications by sending random input and noting any failures. Performed in the final phases of the application development process.

Question 29

Name some web browser security features

Answer 29

Pop-up blocker Parental controls Automated updating Encryption Proxy support. HTTP, HTTPS, FTP, SOCKS, Gopher, RSTP rapid spanning tree protocol Web content. Enable disable JavaScript Advanced security. Remove cookies, web cache, history, offline website data, saved passwords, authenticated sessions.

Question 30

List some guidelines to ensure web browser security.

Answer 30

Harden host machine or device Install latest software and patches versions Configure security settings Disable scripting when appropriate Disable auto complete and password saving features Install anti-malware software

Question 31

A NoSQL database provides

Answer 31

Data storage and retrieval in a non-relational manner. Uses a variety of models to organize and group data. Supports the creation and maintenance of s global user profile. Suited for storing data from web applications.

Question 32

Are the NoSQL database models

Answer 32

Key value stores. Basic type of NoSQL database. Stored as attribute and associated value. Document stores. Document with standard XML coding Graph stores. Info about networks Column store. Info from very large datasets.

Question 33

For relational databases security measures include

Answer 33

Role based security configuration parameters Encrypted communications Access control for rows and fields User level permissions for stored procedures.

Question 34

Guidelines for managing application security

Answer 34

Establish security configuration baselines for applications Harden and implement max security measures for applications Patch management system for applications Input validation controls Implement combo of client side validation and server side validation Implement error and exception handling for on-house applications Protect against XSS and XSRF attacks Protect relational and NoSQL database and the applications they rely on

Question 35

NoSQL databases may or may not support

Answer 35

Authentication Authorization Data encryption

Question 36

Hardening is a general term for

Answer 36

Any security technique where the configuration of a system is altered to close vulnerabilities and protect the system against attacks. Must be balanced against access requirements

Question 37

List the operating System security settings

Answer 37

``` Managing running services Configuring the OS firewall Configuring Internet security options Managing all automatic updates and patches Enabling auditing and logging functions ```

Question 38

What is TCB

Answer 38

Trusted computing base. responsible for ensuring that the security policy is implemented and the system is secure

Question 39

How is TCB implemented

Answer 39

Implemented in the hardware through processor privileges In the firmware through driver and resource protection In the OSs isolation of resources and services from applications TOS Trusted Operating System

Question 40

What is a security baseline

Answer 40

A collection of security and configuration settings applied to a specific host

Question 41

Name the four types of software updates

Answer 41

Patch. Small unit of supplemental code Hot fix. Emergency patch Rollup. Collection of previously issued patches and hotfixes. Service pack. Comprehensive updates with new features

Question 42

Explain application blacklisting

Answer 42

list the applications to be denied system access and prevent them from being installed or run on the target system. Used in many antivirus and anti spam utilities as well as IDS intrusion detection system and IPS intrusion prevention systems

Question 43

Explain application whitelisting

Answer 43

Maintaining a list of approved application permitted to be installed or run on the target system. Ex of implicit deny.

Question 44

What does logging mean

Answer 44

Using an OS to record data about activity in a computer. Log files are usually stored as text tiles in known locations. Can rapidly consume large amounts of storage space.

Question 45

Security auditing is

Answer 45

The process of performing an organized assessment of the security strengths and weaknesses of a system. Can include reviewing log files, testing password strength, scanning the network for open ports or rogue servers, reviewing user and group permission, and reviewing the physical security related to the system

Question 46

Anti-malware software is

Answer 46

Protective software that scans systems and networks for known viruses, Trojans, worms and other malicious programs

Question 47

5 Types of anti-malware software

Answer 47

Antivirus software scans for known executable code Anti-spam scan for specific keywords Anti-spyware Pop-up blockers prevent transfer of unwanted code through automatic loading windows Host-based firewalls.

Question 48

Three types of windows firewall rules

Answer 48

Inbound rules. Defines action performed on data entering the system Outbound rules. Defines action performed on data going out of the system Connection security rules. Define the type of authentication needed to allow communication between systems

Question 49

Name the virtualization security techniques

Answer 49

Patch management system Least privilege Logging Secure design for components Snapshots Host availability host elasticity adapt to system change Sand boxing. isolate for security testing

Question 50

List hardware security controls

Answer 50

``` Proper logoff and shutdown procedures Approval of wireless devices Store and secure mobile devices properly Cable locks installed and used Strong password policy enforced. ```

Question 51

Describe non standard hosts

Answer 51

Hosts and devices with static environments SCADA systems. Supervisory control and data acquisitions. These are industrial control system Embedded software systems. Software not normally updated by IT dept. Game consoles, printers etc Mainframe computers. Bulk data processing computers Some mobile devices. Older Smartphones and tablets

Question 52

List some security controls for non standard hosts

Answer 52

Layered security including network segmentation and application firewalls Manual updates for older version of iOS and android Firmware version control for SCADA and embedded systems Wrappers. Enable legacy code wrapped in other data to operate in newer environments

Question 53

List some mobile device security controls

Answer 53

``` Use device management Enable screen lock Use strong password Configure device encryption Require remote wipe/lockout Enable GPS tracking Enforce access control Enforce application control Use asset tracking and inventory control Limit removable storage capabilities Implement storage segmentation Disable unused features ```

Question 54

Mobile application security controls

Answer 54

``` Encryption and key management Credential management Authentication and transitive trust Restrict Geo-tagging Application whitelisting ```

Question 55

List BYOD controls

Answer 55

Bring your own device controls to mitigate security issues Corporate policies and acceptable use policies On-boarding and off-boarding employees Data ownership and support ownership Patch management and antivirus management Consider architecture and infrastructure needs Forensics Privacy Control for on-board camera, microphone, and video use