Module 11: Storage Infrastructure Security (Introduction to Information Security + Key Security Threats)

Question 1

What are the goals of information security?

Answer 1

confidentiality
integrity
availability
accountability

Question 2

What is Governance, Risk and Compliance (GRC)?

Answer 2

term encompassing processes that help an organization to ensure that their acts are ethically correct and in accordance with internal/external policies

Question 3

What is governance?

Answer 3

determines the purpose and strategy by which companies are directed/managed

Question 4

What is risk management?

Answer 4

systematic process of assessing assets and creating risk profile for information around the business

Question 5

What is compliance?

Answer 5

act of adhering to and demonstrating adherence to external laws

Question 6

What are the key approaches for GRC teams to reach their CIAA goals?

Answer 6

authentication
authorization
auditing

Question 7

What is authentication?

Answer 7

process to ensure that users or assets are who they claim to be

Question 8

What is single factor authentication?

Answer 8

involves the use of only one factor such as a password

Question 9

What is multi factor authentication?

Answer 9

uses more than one factor to authenticate user

Question 10

What is authorization?

Answer 10

process of determining whether and in which manager someone is allowed to access a particular service

Question 11

What is auditing?

Answer 11

refers to the logging of all transactions for the purpose of assessing the effectiveness of security mechanisms

Question 12

What are the 3 storage security domains?

Answer 12

application access
management access
backup/replication/archive

Question 13

What is the application access domain?

Answer 13

may include only those apps that access the data through the file system or database interface

Question 14

What is the management access domain?

Answer 14

includes management access to storage and interconnecting devices and to the data residing on the devices

Question 15

What is the backup access domain?

Answer 15

primarily accessed by storage admins who configure and manage the environment

Question 16

What is denial of service?

Answer 16

prevents legitimate users from accessing resources or services

Question 17

What is a malicious insider?

Answer 17

orgs current or former employee who has had authorized access to an organizations data center

Question 18

What is a man in the middle attack?

Answer 18

another way to hack user’s credentials - attacker eavesdropes on the network channel between two sites

Question 19

What is IPSec?

Answer 19

suite of algorithms/procedures for securing IP communications by authenticating/encrypting packets

Question 20

What is account hijacking?

Answer 20

scenario where an attacker gains access to an admins account

Question 21

What is phishing?

Answer 21

social engineering attack that is used to deceive devices

Question 22

What does the hacker use in a account hijacking attack?

Answer 22

keystroke logging malware

Question 23

What is a fileless attack?

Answer 23

low observable characteristics (LOC) attacks that avoid detection by most security solutions

Question 24

How do fileless attacks work?

Answer 24

not based on new files and don’t install new software on target machine

goes straight to memory never touches the hard drive