Professer Messer Practice Tests Flash Cards

Security Controls Non-repudiation AAA Zero Trust Gap Analysis Physical security Deception and Disruption Change Management Technical Change Management Public Key Infrastructure Encrypting Data Key Exchange Encryption Technologies Obfuscation Hashing and Digital Signatures Blockchain Technology Certificates

1
Q

Directive

A

Directive control types are guidelines offered to help direct a subject towards security compliance. Training users on the proper storage of sensitive files would be an example of a directive control.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Compensating

A

A compensating control can’t prevent an attack, but it can provide an alternative when an attack occurs. For example, a compensating control would include the re-imaging of a compromised server.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Deterrent

A

A deterrent discourages an intrusion attempt, but it doesn’t directly prevent the access. An application splash screen or posted warning sign would be categorized as a deterrent.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Data owner

A

The data owner is accountable for specific data, so this person is often a senior officer of the organization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Data controller

A

A data controller manages the processing of the data. For example, a payroll department would be a data controller, and a payroll servicing company would be the data processor.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Data steward

A

The data steward manages access rights to the data. In this example, the IT team would be the data steward.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Data processor

A

The data processor is often a third-party that processes data on behalf of the data controller.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

OSINT

A

OSINT (Open Source Intelligence) describes the process of obtaining information from open sources such as social media sites, corporate websites, online forums, and other publicly available locations.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Exfiltration

A

Exfiltration describes the theft of data by an attacker.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Active reconnaissance

A

Active reconnaissance would show some evidence of data gathering.
For example, performing a ping scan or DNS query wouldn’t exploit a vulnerability, but it would show that someone was gathering information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Escalation scripting

A

Scripting and automation can provide methods to automate or orchestrate the escalation response when a security issue is detected.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Log aggregation

A

Log aggregation provides a method of centralizing evidence and log files for reporting and future analysis. The aggregated log does not inherently provide a response to a security event.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Vulnerability scan

A

A vulnerability scan will identify any known vulnerabilities that may be associated with a system. However, a vulnerability scan will not identify real-time infections or automate the response.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Due care

A

Due care describes a duty to act honestly and in good faith. Due diligence is often associated with third-party activities, and due care tends to refer to internal activities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Statement of work

A

A statement of work is often used during a professional services engagement to detail a list of specific tasks to complete. In this example, all of the work is part of an internal audit and does not include any mention of third-party professional services.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Acceptance

A

Risk acceptance is a business decision that places the responsibility of the risky activity on the organization itself.

17
Q

Mitigation

A

If the organization was to purchase additional backup facilities and update their backup processes to include offline backup storage, they would be mitigating the risk of a ransomware infection.

18
Q

Transference

A

Purchasing insurance to cover a risky activity is a common method of transferring risk from the organization to the insurance company.

19
Q

Risk-avoidance

A

To avoid the risk of ransomware, the organization would need to completely disconnect from the Internet and disable all methods that ransomware might use to infect a system. This risk response technique would most likely not apply to ransomware.

20
Q

SCAP

A

The SCAP (Security Content Automation Protocol) is used as a common protocol across multiple security tools. SCAP is not used to provide an encrypted tunnel between two locations.

21
Q

Exposure factor

A

An exposure factor describes a loss of value to the organization. For example, a network throughput issue might limit access to half of the users, creating a 50% exposure factor. A completely disabled service would calculated as a 100% exposure factor.

22
Q

Risk tolerance

A

Risk tolerance describes the amount of risk that would be acceptable to an organization. For example, an organization may tolerate the risk involved with a delay so that patches can be tested prior to deployment.

23
Q

Environmental variables

A

An environmental variable is considered when prioritizing patches and security responses. For example, a device in the production network environment will probably have priority over the devices in a test lab environment.

24
Q

ICS

A

ICS (Industrial Control Systems) devices are large industrial systems and usually involve manufacturing equipment or power generation equipment. A time clock would not be categorized as an ICS.

25
Q

NetFlow logs

A

NetFlow information can provide a summary of network traffic, application usage, and details of network conversations. The NetFlow logs will show all conversations from this device to any others in the network.

26
Q

Embedded system

A

An embedded system often does not provide access to the OS and may not provide a method of upgrading the system firmware.

27
Q

TPM

A

TPM (Trusted Platform Module) is part of a computer’s motherboard, and it’s specifically designed to assist and protect with cryptographic functions. Full disk encryption (FDE) can use the burned-in TPM keys to verify the local device hasn’t changed, and there are security features in the TPM to prevent brute-force or dictionary attacks against the full disk encryption login credentials.

28
Q

Incident Response Plan

A

Preparation - The preparation phase includes all of the work prior to the incident. This may include collecting hardware, installing software, gathering documentation, and managing incident response policies.
Detection - The detection phase includes any method of identifying and determining an incident may be actively occurring. This process also includes identifying a legitimate threat and not a false positive.
Analysis - The analysis phase provides detailed evidence for a security incident. Alarms, alerts, reports, and other feedback can be categorized as analysis.
Containment - Once an incident has been identified, it’s important to prevent the potential spread of any malicious code.
Eradication - Removing any malicious software and patching any vulnerabilities would be part of the eradication process.
Recovery -The recovery phase often includes rebuilding systems and replacing any compromised data.
Lessons learned - After the event is over, it’s useful to document the process and discuss how the incident response process could be more efficient if a similar event occurs in the future.

29
Q
A