Play It Safe: Manage Security Risks

Question 1

Security Posture

Answer 1

An organizations ability to manage its defense of critical assets and data, and react to change

Question 2

Security And Risk Management

Answer 2

Focused on defining security goals and objectives, risk mitigation, compliance, business continuity, and legal regulations

Question 3

Risk Mitigation

Answer 3

The process of having the right procedures and rules in place to quickly reduce the impact of a risk like a breach

Question 4

Compliance

Answer 4

The primary method used to develop an organizations internal security policies, regulatory requirements, and independent standards

Question 5

Business Continuity

Answer 5

An organizations ability to maintain their everyday productivity by establishing risk disaster recovery plans

Question 6

Asset Security

Answer 6

Focused on securing digital and physical assets. Related to the storage, maintenance, retention and destruction of data

Question 7

Security Architecture And Engineering

Answer 7

Focused on optimizing data security by ensuring effective tools, systems, and processes are in place to protect an organizations assets and data

Question 8

Shared Responsibility

Answer 8

All individuals within an organization take an active role in lowering risk and maintaining both physical and virtual security. Associated with Security Architecture and Engineering

Question 9

Communication And Network Security

Answer 9

Focused on managing and securing physical networks

Question 10

Identity And Access Management (IAM)

Answer 10

Focused on access and authorization to keep data secure, by making sure users follow established policies to control and manage assets

Question 11

Components Of IAM

Answer 11

Identification, authentication, authorization, accountability

Question 12

Identification

Answer 12

User verifies who they are by providing username, access card, or biometric data

Question 13

Authentication

Answer 13

Verification process to prove a person’s identity by password or PIN

Question 14

Authorization

Answer 14

Takes place after a user’s identity has been confirmed

Question 15

Accountability

Answer 15

Monitoring or recording users actions like log-in attempts

Question 16

Security Assessment And Testing

Answer 16

Focused on conducting security control testing, collecting and analyzing data, and conducting security audits to monitor for risks, threats and vulnerabilities

Question 17

Security Operations

Answer 17

Focused on conducting investigations and implementing preventative measures

Question 18

Software Development Security

Answer 18

Focused on using secure coding practices

Question 19

Secure Coding Practices

Answer 19

Recommended guidelines that are used to create secure applications and services

Question 20

Software Development Lifecycle

Answer 20

An efficient process used by teams to quickly build software products and features

Question 21

Information Security (InfoSec)

Answer 21

A set of processes established to secure information

Question 22

InfoSec Design Processes

Answer 22

Indecent response, vulnerability management, application security, cloud security, and infrastructure security

Question 23

Security Architecture And Engineering Design Principles

Answer 23

Threat modeling, least privilege, defense in depth, fail securely, separation of duties, keep it simple, zero trust and trust but verify

Question 24

Threat

Answer 24

Any circumstance or event that can negatively impact assets

Question 25

Risk

Answer 25

Anything that can impact the CIA of an asset

Question 26

Low- Risk Asset

Answer 26

Information that would not harm the organizations reputation or ongoing operations, and would not cause financial damage if compromised. Ex- website content or published research data

Question 27

Medium- Risk Asset

Answer 27

Information that’s not available to the public and may cause some damage to the organizations finances, reputation, or ongoing operations. Ex- early release of company’s quarterly earnings

Question 28

High- Risk Asset

Answer 28

Information protected by regulations or laws, which if compromised, would have a severe negative impact on an organizations finances, ongoing operations, or reputation. Ex- leaked assets with SPII, PII or intellectual property

Question 29

Vulnerability

Answer 29

A weakness that can be exploited by a threat

Question 30

Layers Of The Web

Answer 30

Surface Web, Deep Web, and Dark Web

Question 31

Surface Web

Answer 31

Generally used for browsing and shopping

Question 32

Deep Web

Answer 32

Requires authorization to access. Ex- workplace intranet

Question 33

Dark Web

Answer 33

Only accessed by certain software, generally used by criminals

Question 34

NIST Risk Management Framework (RMF)

Answer 34

Prepare, categorize, select, implement, assess, authorize, and monitor

Question 35

RMF Step 1: Prepare

Answer 35

Activities that are necessary to manage security and privacy risks before a breach occurs

Question 36

RMF Step 2: Categorize

Answer 36

Used to develop risk management processes and tasks

Question 37

RMF Step 3: Select

Answer 37

Choose, customize, and capture documentation of the controls that protect an organization

Question 38

RMF Step 4: Implement

Answer 38

Implement security and privacy plans for the organization

Question 39

RMF Step 5: Assess

Answer 39

Determine if established controls are implemented correctly

Question 40

RMF Step 6: Authorize

Answer 40

Being accountable for the security and privacy risks that may exist in an organization

Question 41

RMF Step 7: Monitor

Answer 41

Be aware of how systems are operating

Question 42

Common Strategies To Manage Risks

Answer 42

Acceptance, avoidance, transference, and mitigation

Question 43

Multiparty Risk

Answer 43

Outsourcing work to third-party vendors can give them access to intellectual property such as trade secrets, software design and inventions

Question 44

Ciphertext

Answer 44

Raw encoded message that is unreadable to humans and computers

Question 45

Cyber Threat Framework (CSF)

Answer 45

Developed by the US Government to provide “a common language for describing and communicating information about cyber threat activity”

Question 46

Physical Controls

Answer 46

Gates, fences and locks, security guards, CCTV, surveillance cameras, motion detectors, access cards or badges

Question 47

Technical Controls

Answer 47

Firewalls, MFA, Anti-virus Software

Question 48

Administrative Controls

Answer 48

Separation of duties, authorization, asset classification

Question 49

CSF Core Functions

Answer 49

Identify, protect, detect, respond, recover

Question 50

NIST S.P. 800-53

Answer 50

A unified framework for protecting the security of information systems within the federal government

Question 51

Identify

Answer 51

The management of cybersecurity risk and its effect on an organizations people and assets.

Question 52

Protect

Answer 52

The strategy used to protect an organization through the implementation of policies, procedures, training, and tools that help mitigate cybersecurity threats

Question 53

Detect

Answer 53

Identifying potential security incidents and improving monitoring capabilities to increase the speed and efficiency of detections

Question 54

Respond

Answer 54

Making sure that the proper procedures are used to contain, neutralize, and analyze security incidents and implement improvements to the security process

Question 55

Recover

Answer 55

The process of returning affected systems back to normal operation

Question 56

OWASP

Answer 56

Open web applications security project / open worldwide application security project

Question 57

OWASP Security Principles

Answer 57

Minimize attack surface area, principle of least privilege, defense in depth, separation of duties, keep it simple, fix security issues correctly

Question 58

Attack Vectors

Answer 58

Pathways attackers use to penetrate security defenses. Ex- phishing emails, weak passwords

Question 59

Fix Security Issues Correctly

Answer 59

Identify the root cause, contain the impact, identify vulnerabilities, and conduct tests to ensure that remediation is successful

Question 60

Additional OWASP Security Principles

Answer 60

Establish secure defaults, fail securely, don’t trust services, avoid security by obscurity

Question 61

Purposes Of Internal Security Audits

Answer 61

Identify organizational risk, assess controls, correct compliance issues

Question 62

Common Elements Of Internal Audits

Answer 62

Establishing the scope and goals, conducting a risk assessment, completing a controls assessment, assessing compliance, communicating results

Question 63

Audit Questions

Answer 63

What is the audit meant to achieve, which assets are most at risk, are current controls sufficient to protect those assets, what controls and compliance regulations need to be implemented

Question 64

Common Log Sources

Answer 64

Firewall log, network log, server log

Question 65

Firewall Log

Answer 65

A record of attempted or established connections for incoming traffic from the internet

Question 66

Network Log

Answer 66

A record of all computers and devices that enter and leave the network

Question 67

Server Log

Answer 67

A record of events related to services, such as websites, emails, or file shares

Question 68

Metrics

Answer 68

Key technical attributes, such as response time, availability, and failure rate, which are used to assess the performance of a software application

Question 69

Security Orchestration, Automation, and Response (SOAR)

Answer 69

A collection of applications, tools, and workflows that uses automation to respond to security events

Question 70

Different Types Of SIEM Tools

Answer 70

Self hosted, cloud hosted, hybrid

Question 71

Self Hosted SIEM Tools

Answer 71

Require organizations to install, operate, and maintain the tool using their own physical infrastructure such as server capacity.

Question 72

Cloud Hosted SIEM Tools

Answer 72

Are maintained and managed by the SIEM providers, making them accessible through the internet

Question 73

Hybrid SIEM Tools

Answer 73

A combination of self hosted and cloud hosted SIEM Tools

Question 74

Splunk

Answer 74

A data analysis platform

Question 75

Splunk Enterprise

Answer 75

A self hosted tool used to retain, analyze, and search an organizations log data to provide security information and alerts in real time

Question 76

Splunk Cloud

Answer 76

A cloud hosted tool used to collect, search, and monitor log data

Question 77

Chronicle

Answer 77

A cloud native tool designed to retain, analyze, and search data (Google)

Question 78

Open Source Tools

Answer 78

Often free to use and can be user friendly. Provides users with software that is built by the public in a collaborative way, which can result in software being more secure

Question 79

Proprietary Tools

Answer 79

Developed and owned by a person or company, and users typically pay a fee for usage and training

Question 80

Linux

Answer 80

An open source operating system

Question 81

Suricata

Answer 81

An open source network analysis and threat detection software

Question 82

Incident Response Playbook Phases

Answer 82

Preparation, detection and analysis, containment, eradication and recovery, post incident activity, coordination