Risk Managment 8

Question 0

What are the three categories of security assessment

Answer 0

Risk
Threat
Vulnerability

Question 1

What is risk management

Answer 1

A cyclical process that includes four phases:
Identify and assess risks that exist in a system
Analyze the potential impact risks will have on a system
Formulate a strategy on how to respond to risks
Mitigate the impact of risks for future security

Question 2

Describe the risk security assessment

Answer 2

An evaluation of an organization, a portion of an organization, an information system, or system components to assess the security risk

Question 3

Describe the threat security assessment

Answer 3

An evaluation of known threats to an organization and the potential damage to business operations and systems.
An important element s determining the means by which an attacker can carry out a security attack or threat vector

Question 4

Describe the vulnerability security assessment

Answer 4

An evaluation used to find security weaknesses within an organization.

Question 5

Name and describe the types of risks

Answer 5

Natural. Related to weather. Ex earthquakes, wildfires etc

Man made. Residual occurrences of individual activity. Ex: arson, terrorist attacks, break-ins, theft, computing mistakes, information disclosure

System. Related to weaknesses within a network, service, application, or device. Ex: unsecured mobile devices, unstable virtualization environments, unsecured network devices etc

Question 6

Risk analysis is the security process used for assessing risk damages that can affect an organization. There are six phases in the risk analysis process.

Answer 6

1. Assess identification. Id the assets that require protection and determining the value of assets.
2. Vulnerability identification. Confirm where asset protection problems exist. Vulnerability scanning is a method used to determine weaknesses in systems.
3. Threat assessment. The threats that may take advantage of those vulnerability are determined.
4. Probability quantification. The likelihood that threats will exploit vulnerabilities
5. Impact analysis. The impact of recovering from damage and implementing preventive measures
6. Countermeasures determination. Countermeasures must not cost more the the expected loss caused by threats that exploit vulnerabilities.

Question 7

Components of risk analysis

Answer 7

Determine vulnerabilities that a threat can exploit
Determine The possibility of damage occurring
Determine The extent of potential damage

Question 8

Describe the three risk analysis methods.

Answer 8

Qualitative. Use descriptions to measure the amount and impact of risk. Scenario based.

Quantitative. Based on numeric values.

Semi-quantitative. Uses a description associated with a numeric value. Finds a middle ground between qualitative and quantitative.

Question 9

What is risk calculation

Answer 9

Focuses on financial and operational loss impact and locates threat exploitation indicators in an organization.
A formula that takes into account the worth of each asset, the potential impact of each risk, and the likelihood of each threat, and then weighs that against the costs of alleviating system vulnerabilities.
Used to determine the single loss expectancy SLE Or the annual loss expectancy ALE for each risk identified.
SLE represents the financial Loss expected from a specific adverse event
ALE value calculated by multiplying an SLE by its annual rate of occurrence ARO to determine the total cost of a risk on an annual basis

Question 10

What is a vulnerability table

Answer 10

A strategic tool for completing a vulnerability assessment. Allows for the identification of likely threats or vulnerabilities, record impact, and then prioritize mitigation efforts.

Question 11

What are the five risk response strategies

Answer 11

Avoidance
Transference 
Acceptance 
Mitigation
Deterrence

Question 12

Describe avoidance risk response strategy

Answer 12

Used to eliminate risk all together by eliminating the cause.

Question 13

Describe transference risk response strategy

Answer 13

Used to allocate the responsibility of risk to another agency or to a third party

Question 14

Describe acceptance risk response strategy

Answer 14

This is the acknowledgment and acceptance of the risk and consequences that come with it. Recognizing that the risk involved is not entirely avoidable.

Question 15

Describe mitigation risk response strategy

Answer 15

Protect against possible attacks and are implemented when the impact of a potential risk is substantial. May come in the form of active defenses like IDSs or cautionary measures like backing up at risk data

Question 16

Describe deterrence risk response strategy

Answer 16

Involves applying changes to the conditions to make it less enticing for an attacker to launch an attack. May include physical security like checkpoints outside and inside if the building.

Question 17

Risk can be mitigated by implementing the appropriate security controls. List the four major control types

Answer 17

Technical controls
Management controls
Operational controls
Loss controls

Question 18

Describe technical controls

Answer 18

Hardware or software installations that are implemented to monitor and prevent threats and attacks to computer systems and services. Like network firewall

Question 19

Describe management controls

Answer 19

Procedures implemented to monitor the adherence to organizational security policies. Specifically designed to control the operational efficiencies of a particular area and to monitor security policy compliance. Ex schedules security scans and audits

Question 20

Describe operational controls

Answer 20

Security measures implemented to safeguard all aspects of day to day operations, functions, and activities. Ex door locks and guards

Question 21

Describe loss controls

Answer 21

Or damage controls. Security measures implemented to protect key assets from being damaged. Includes reducing the chances of a loss occurring, and reducing the severity of a loss when one occurs. Ex fire extinguishers and sprinkler system.

Question 22

List the common techniques used to carry out security assessments

Answer 22

Review the baseline report
Perform code reviews
Determine attack surface 
Review the security architecture 
Review the security design

Question 23

Describe the vulnerability assessment technique of review the baseline report

Answer 23

A baseline report is a collection of security and configuration setting applied to a particular system or network in an organization. A benchmark to compare other systems in the network

Question 24

Describe the vulnerability assessment technique of perform code reviews

Answer 24

should be conducted regularly for all applications in development. May be manual or automated. Useful in identifying potential weaknesses in an application that may eventually lead to an attack if not corrected

Question 25

Describe the vulnerability assessment technique of determine attack surface

Answer 25

The combination of all points in a system or application that are exposed and available to attackers. By reducing the points you will be less vulnerable to possible attacks

Question 26

Describe the vulnerability assessment technique of review the security architecture

Answer 26

An evaluation of an organizations current security infrastructure model and measures. Regularly done to determine if current systems and critics assets are secured properly and if potential threats and vulnerabilities have been addresses.

Question 27

Describe the vulnerability assessment technique of review the security design

Answer 27

Complete before a security implementation is applied. Using the architectural review result, you can determine of the security solution will fulfill the needs of an organization

Question 28

List some software vulnerability assessment tools to use to asses your system.

Answer 28

Protocol analyzer. Passes traffic on a network and what it reveals about the protocols being used

Sniffer or packet analyzer. Capture and assess individual data packets sent over a network

Vulnerability scanner. Application to assess your systems, networks and applications for weaknesses

Port scanner. Asses the current state of all ports on your network and to detect potential open ports they may pose risks to your organization

Honeypot. Environment used to redirect suspicious activity away from legitimate network systems and onto an isolated system where you can monitor it safely

Question 29

Describe what a honeypot is and now to implement it

Answer 29

A security tool that lures attackers away from legitimate network resources while tracking their activities. They appear and act as legitimate components of the network but are actually secure lockboxes where security professionals can block intrusion and log activity
Can be software emulation programs, hardware decoys, or an entire dummy network known as a honeynet. Often Includes IDS to facilitate kni tori g and tracking intruders.

Question 30

Name the steps in the hacking process

Answer 30

Footprinting
Scanning
Enumerating
Attack

Question 31

Describe foot printing in the hacking process

Answer 31

Aka profiling. The attacker chooses a target and begins to gather as much information that is readily available. With basic tools (web browser & internet connection) an attacker can determine the IP address of a company’s DNS server. If not properly secured can provide a detailed map of an entire network infrastructure. They dumpster dive for PII. the names and titles of people in the organization enable attackers to use social engineering to gain private info.

Question 32

Describe the scanning step in the hacking process

Answer 32

Also called banner grabbing
Attackers scan an organizations infrastructure to see where vulnerabilities lie. The attacker may use a network mapping tool such as NMAP or perform ping sweep to determine which host IP addresses in the company’s IP address range are active. They scan the targets border routers, firewalls, web servers, and other systems directly connected to the Internet to see which services are listening in which ports and determine the os and manufacturers of each system. May war dial or war drive to get a way into the network

Question 33

Describe the third step enumerating in the hacking process

Answer 33

The attacker will try to gain access to resources. Can obtain this information through social engineering, network sniffing, dumpster diving, watching a user log in, or searching for credentials written down at user workstations. If they obtain a valid user name they begin the process of cracking the users password.

Question 34

Describe forth step, attacking, in the hacking process

Answer 34

The hacker attempts to cause damage or a service disruption or to steal or destroy sensitive information using hacking tools

Question 35

What are network mappers

Answer 35

Tools used to explore and gather network layout information from a network. Can be used to illustrate the physical connectivity of networks within an Organization and can provide detailed info on hardware, services, and traffic paths.

Question 36

What is ethical hacking

Answer 36

A planned and approved attempt made to penetrate the security defenses of a system in order to identify vulnerabilities.
A white hat assumes the mindset of an attacker to breach security using any and all tools and techniques an attacker might employ.

Question 37

What is a vulnerability scan

Answer 37

Uses passive tools and security utilities to identify and quantify vulnerabilities within a system but does not directly test the security creatures of that system.
May be credentialed. They implement credentials in order to ascertain vulnerabilities at the highest privilege levels
May be non-credentialed. They run without credentials to see what a hacker would see at w lower level.
Not as intrusive as pen test
Run the risk of producing false positives and negatives.

Question 38

What is penetration test

Answer 38

Or a pen test uses active tools and security utilities to evaluate security by simulating an attack on a system.
Will verify that a threat exists then will actively test and bypass security controls and will exploit vulnerabilities on the system.
Is less common and more intrusive
The risk is that the system may suffer actual damage because of the security breach

Question 39

Name the two types of vulnerability scans

Answer 39

General vulnerabilities scans. Scan for open ports

Application specific scans. A password crack against a particular os

Question 40

For a penetration test there are three different testing methods

Answer 40

Black box test. The tester is given no specific information about the structure of the system being tested.
Falls into the foot printing or scanning of the hacking phase

Grey box test. The tester has partial knowledge of internal structures and systems. Falls into the enumerating phase of the hacking process

White box test. The tester knows all about the aspects of the system and understands the function and design of the system. Conducted as a follow up to a black box test to fully evaluate flaws. Falls into the attacking phase of the hacking process

Question 41

What is security posture

Answer 41

The position an organization takes in securing all aspects of its business. Strong ones include an initial baseline configuration for the organization, continuous security monitoring methods and remediation techniques and strict mitigation and deterrent methods.

Question 42

What’s DLP

Answer 42

Data loss/leak prevention
A software solution that detects and prevents sensitive information in a system from being stolen. It actively monitors data in any state and detects any unauthorized attempts to destroy, move, or copy that data.
Protects outbound data.
Data exfiltration. The malicious transfer of data from one system to another.

Question 43

What is the difference between data loss and data leakages

Answer 43

Data that is leaked is transferred to unauthorized Parties but may still exist in its original form and location

Lost data is transferred to unauthorized parties and is no longer in its owners possession

Question 44

What are detection controls

Answer 44

Monitor a situation or activity and reacts to any irregular activities by bringing the issue to the attention of the admin.
Best employed when little or no threat exists and a warning of possible problems is sufficient. Ie surveillance camera.

Question 45

What are prevention controls

Answer 45

Monitors irregularities and react by blocking access completely thereby preventing damage to a system, building, or network.
Ie security guard to detect and prevent unauthorized access

Question 46

List the most effective techniques for risk mitigation strategies

Answer 46

Policies and procedures enforce conduct rules among employees
Auditing and reviews. Perform audits to assess the risk of a particular operation and to verity the current security controls are operating properly
Security controls. Proper implementation of the appropriate technical, management and operational controls
Change management. Mitigation of unintentional internal risks caused by inappropriate alterations to systems
Incident management. Deal with security incidents as they arise to mitigate the severity of damage

Question 47

List the common types of mitigation and deterrent techniques

Answer 47

Performance and system monitoring.

Monitoring system logs. On a set schedule monitor event logs, audit logs, security logs, access logs.

Manual bypassing of electronic controls. By authorized personnel to ensure that the area is secure

Hardening. Disable all unnecessary services, applications protected, password protect all accounts, disable unnecessary accounts, establish detection and prevention controls

Applying port security. Configuring port authentication 802.1x, disabling all unused ports

Reporting. Regular system reporting to manage and enhance system capabilities. Alarms, alerts and trends(snapshot of the system performance)

Implementing physical security. Fencing, door locks, surveillance cameras and guards.

Question 48

What are failsafe, failsecure and failopen

Answer 48

Different ways that systems can be designed to perform when those systems cease to operate or when certain conditions are met.

Failsafe to prevent harm in the event of failure
Failsecure to keep something secure in the event of a failure
Failopen allows access in the event of failure