Messer exam 1 Flashcards
fencing
the process of** isolating a node of a computer cluster or protecting shared resources** when a node appears to be malfunctioning.
Authentication token
piece of information that verifies the identity of a user to a website, server, or anyone requesting verification of the user’s identity.
Biometrics
the process of using electronic devices to identify people by recording and analyzing their unique physical or behavioral characteristics. used to access door
Lighting
for outside building
Security guard
protect lobby
Access badge
used for door entrance
Access control vestibule
also known as a mantrap, is a physical access control system that creates a space between two sets of interlocking doors. used in lobby
operational
are often implemented by people instead of systems.
Security guards and awareness programs are examples of an operational control
managerial
are **administrative controls associated with security design **
and implementation. ```
A set of policies and procedures would be an example of a
managerial control
Physical
are used to** limit physical access**.
Badge readers, fences, and guard shacksare categorized as physical controls
Technical
are implemented using systems. Operating system controls,
firewalls, and automated processes are considered technical controls.
Something you have
During the login process, ```
your phone receives a
text message with a one-time passcode
~~~
something you know
PIN
something you are
bio metrics–fingerprint
somewhere you are
Your login will not work unless you are
connected to the VPN
Passive reconnaissance
**gathering as much information from
open sources such as social media, corporate websites, and business **
organizations
Vulnerability scanning
Some active reconnaissance tests will query systems directly to see if a
vulnerability currently exists
Supply chain analysis
will examine the security associated with a
supplier, and the analysis will not provide any information regarding a
company’s own servers and data
Regulatory audit
A regulatory audit is a detailed security analysis based on existing laws or
private guidelines. A regulatory audit commonly requires access to internal
systems and data
**DMARC ****(Domain-based Message Authentication Reporting and Conformance)**
specifies the disposition of spam emails. The legitimate
owner of the originating email domain can choose to have these messages
accepted, sent to a spam folder, or rejected
SPF (Sender Policy Framework)
is
a list of all authorized mail servers for a specific domain. All legitimate emails would be sent from one of the
servers listed in the SPF configuration
NAC (Network Access Control)
is a way to limit network access to only
authorized users. NAC is not commonly used to manage the transfer of
email messages.
DKIM (Domain Keys Identified Mail)
provides a way to validate all
digitally signed messages from a specific email server. DKIM does not
determine how the receiving server categorizes these digitally signed
messages
Root cause analysis
The goal of a root cause analysis is to explain the ultimate cause of an
incident. Once the cause is known, it becomes easier to protect against
similar attacks in the future
E-discovery
relates to the collection, preparation, review, interpretation,
and production of electronic documents.
E-discovery itself is not involved
with the research and determination of an attack’s root cause
Risk appetite
describes the amount of risk an organization is willing to
take before taking any action to reduce that risk.
Risk appetite is not part
of a root cause analysis
Data subject
describes any information relating to an identified or
identifiable natural person,
especially when describing or managing private
information about the subject
Automation
Automation ensures that compliance checks can be performed on a
regular basis without the need for human
intervention
Maintenance window
describes the scheduling associated with the
change control process
. Systems and services generally have limited
availability during a maintenance window
Attestation and acknowledgment
With compliance, the process of attestation and acknowledgment
is the
final verification of the formal compliance documentation
External audit
can be a valuable tool
for verifying the compliance process,but an automated alert from a monitoring system would not be
part of an external audit
Obfuscated
describes the modification of data to make something
understandable into something very difficult to understand.
Data in use
describes information actively processing in the memory of a
system, such as system RAM, CPU registers, or CPU cache.
Regulated
Reports and information created for governmental use are regulated by
laws regarding the disclosure of certain types of data.
Federation
allow members of one organization to authenticate
using the credentials of another organization
EAP (Extensible Authentication Protocol)
**is an authentication framework **
commonly associated with network access control.
MTBF (Mean Time Between Failures)
is a prediction of how often a
repairable system will fail
RTO (Recovery Time Objectives
define a timeframe needed to restore a
particular service level
MTTR (Mean Time to Restore)
is the amount of time it takes to repair a
component
RPO (Recovery Point Objective)
describes the minimum data or
operational state required to categorize a system as recovered.
MOA (Memorandum of Agreement)
partner
is a formal document where
both sides agree to a broad set of goals and objectives associated with the
partnership.
SLA (Service Level Agreement)
is commonly provided as a formal
contract between two parties that documents the minimum terms for
services provided.
SOW (Statement of Work)
is a detailed list of items to be completed
as part of overall project deliverables
NDA (Non-Disclosure Agreement)
is a confidentiality agreement
between parties. This question did not mention any requirement for
privacy or confidentiality.
More information
Integrity
refers to the trustworthiness of data.
Confidentiality
describes the privacy of data
Availability
y describes the ability of an authorized user to access data
Race condition
occurs when two processes occur at similar times, and
usually with unexpected results.
Memory injection
is commonly used by malicious software to add code
to the memory of an existing process.
Malicious update
occurs when a software patch installs unwanted or
unauthorized code
Deterrent
A deterrent control does not directly stop an attack, but it may discourage
an action.
Preventive control
A preventive control physically limits access to a device or area
Corrective control
A corrective control can actively work to mitigate any damage
Detective control
may not prevent access, but it can identify and record
any intrusion attempts
Compensating
doesn’t prevent an attack, but it does
restore from an attack using other means
Directive
is relatively weak control which relies on security
compliance from the end users.
Continuity of operations
Continuity of operations planning ensures that the
business will continue to operate when these issues occur.
Platform diversity
Using different operating systems and platforms can help mitigate issues
associated with a single OS
Cold site
has space and power, and likely connectivity, but will require that systems and data be put in place to be used
Warm sites
have systems, connectivity, and power but do not have the live or current data to immediately take over operations
hot site
can immediately take over operations
Tabletop exercise
A tabletop exercise usually consists of a meeting where members of a
recovery team or disaster recovery talk through a disaster scenario.
Bollards
barricades are often used on the exterior of a facility to
prevent access to motorized vehicles and channel people through a specific
access location.
Pressure sensors
are commonly used on doors or windows to detect
movement in those devices.
Record-level encryption
is commonly used with databases to encrypt
individual columns within the database. This would store some
information in the database as plaintext and other information as
encrypted data
Full-disk encryption
ensures that all data on a storage drive is protected
Asymmetric encryption
uses a public and private key pair to encrypt data.
Key escrow
describes the storage and management of decryption keys by
a third-party
Journaling
writes data to a temporary journal before writing the
information to the database. If power is lost, the system can recover the
last transaction from the journal when power is restored
Off-site backups
can be used to recover a corrupted database, but this does
not minimize or prevent database corruption from occurring
Replication
is used to create a duplicate copy of data.
MDM (Mobile Device Manager)
provides a centralized management
system for all mobile devices. From this central console, security
administrators can set policies for many different types of mobile devices.
Segmentation
describes the separation of user data from company data,
but the implementation all policies is managed by the MDM
COPE (Corporately Owned and Personally Enabled)
commonly purchased by the corporation and allows the use of the mobile
device for both business and personal use.
False negative
A false negative is a result that fails to detect an issue when one
actually exists
Exploit
is an attack against a vulnerability.
Compensating controls
are used to mitigate a vulnerability when an
optimal security response may not be available.
For example, if a company
can’t deploy a patch for a vulnerability, they can revoke or limit application
access until a patch is provided
Escalation
Automation can recognize security events and escalate a security-related
ticket to the incident response team without any additional human
interaction.
Guard rails
are used by application developers to provide a set of
automated validations to user input and behavior.
Guard rails are not used
by the help desk team
Continuous integration
provides an automated method
of constantly developing, testing, and deploying code.
Resource provisioning
can be automated during the on-boarding and
off-boarding process to quickly create or remove rights and permissions.
Resource provisioning is not commonly part of the automation associated
with security event notification.
A33