SEC+ Chapter 7

Question 1

What is Asset Tracking in cybersecurity?

Answer 1

The process of tracking critical systems, components, devices, and valuable objects in an inventory, and collecting and analyzing asset information for informed decision-making.

Question 2

What are the key tools and solutions for Asset Tracking?

Answer 2

Asset Management Software (e.g., Lansweeper, ManageEngine, SolarWinds), Asset Management Database (storing details like type, model, serial number, asset ID, location, user(s), value, service information), and Hardware Solutions (e.g., Barcodes, RFID tags for physical asset tracking).

Question 3

What are the types of assets in asset management?

Answer 3

Technical Assets: Require configuration (e.g., computers, servers).
Non-Technical Assets: No configuration required (e.g., furniture, buildings).

Question 4

What is Asset Assignment/Accounting?

Answer 4

Designating specific individuals or teams responsible for particular assets to establish accountability for asset security, maintenance, and management.

Question 5

What is Asset Classification and its benefits?

Answer 5

Categorizing assets based on criteria such as value, sensitivity, and criticality to the organization. Benefits include consistent application of security controls, prioritized maintenance, and appropriate budget allocation.

Question 6

What are the Monitoring/Asset Tracking Activities?

Answer 6

Inventory and Enumeration: Creating and maintaining a comprehensive list of all assets.

Tools and Techniques: Manual Inventory, Network Scanning (e.g., Nmap, Nessus, OpenVAS), Asset Management Software, Configuration Management Database (CMDB) (e.g., ServiceNow, BMC Remedy), Mobile Device Management (MDM) (e.g., Microsoft Intune, VMware Workspace ONE), and Cloud Asset Discovery tools (e.g., AWS Config, Azure Resource Graph, CloudAware, CloudCheckr).

Question 7

What is Asset Acquisition/Procurement and its importance in cybersecurity?

Answer 7

The process of selecting and purchasing hardware/software with strong security features (e.g., encryption, secure boot, regular updates/patches). Importance lies in ensuring secure infrastructure and reducing vulnerabilities.

Question 8

What are the considerations during Asset Acquisition/Procurement?

Answer 8

Integration: Seamless integration with existing security infrastructure (firewalls, IDS, SIEM).

Total Cost of Ownership (TCO): Includes initial purchase price, ongoing maintenance, updates, and potential security incident costs.

Question 9

What are the best practices for Asset Acquisition/Procurement?

Answer 9

Prioritize cybersecurity during acquisition and procurement.
Ensure compatibility with security tools and policies.
Assess vendor security practices and compliance with regulations.

Question 10

What are Asset Protection Concepts?

Answer 10

Safeguarding critical resources, information, and infrastructure from threats and unauthorized access. Key elements include Asset Identification, Standard Naming Conventions, Configuration Management, and Documentation.

Question 11

What is Asset Identification in asset protection?

Answer 11

Using barcodes, RFID tags, or identification numbers to uniquely identify assets.

Question 12

Why are Standard Naming Conventions important in asset management?

Answer 12

They provide consistent naming for hardware and digital assets, simplifying management and identification (e.g., Host and DNS names adhering to organizational standards).

Question 13

What is Configuration Management in asset protection?

Answer 13

Ensuring assets adhere to approved configurations through processes like change control and change management to prevent configuration drift. Frameworks like ITIL® are used for documenting and managing configurations.

Question 14

What are Configuration Items (CIs) in a CMDB?

Answer 14

Assets that require specific management, labeled and defined by their attributes and relationships within the Configuration Management Database.

Question 15

What is a Baseline Configuration?

Answer 15

The minimum security settings required for assets to ensure they are securely configured.

Question 16

What is a Configuration Management System (CMS)?

Answer 16

Tools and databases used for managing Configuration Items (CIs). Can range from spreadsheets for small networks to dedicated applications for large organizations.

Question 17

Why is Documentation important in asset management?

Answer 17

It supports testing processes and ensures clear communication by using diagrams to capture relationships and configurations.

Question 18

What is the role of Data Backups in asset management?

Answer 18

Ensuring the availability and integrity of critical data and systems by protecting against hardware failure, data corruption, and cyberattacks, and serving as a safety net for data recovery.

Question 19

What are the challenges of Data Backups in enterprise settings?

Answer 19

Scalability, performance, granularity and customization, compliance and security, and implementing effective disaster recovery plans.

Question 20

What are the critical capabilities for enterprise backup solutions?

Answer 20

Support for various environments (virtual, physical, cloud), data deduplication and compression, instant recovery and replication, ransomware protection and encryption, granular restore options, reporting, monitoring, and alerting, and integration with virtualization platforms, cloud providers, and storage systems.

Question 21

What is Snapshotting in asset management?

Answer 21

Capturing the state of a system at a specific point in time. Types include VM Snapshots (e.g., VMware vSphere, Microsoft Hyper-V), Filesystem Snapshots (e.g., ZFS, Btrfs), and SAN Snapshots (e.g., NetApp, Dell EMC). Benefits include rollback to previous states, quick recovery from failures, and data consistency.

Question 22

What is Replication in asset management?

Answer 22

Creating and maintaining exact copies of data on different storage systems or locations. Types include Synchronous Replication (immediate data copying for consistency) and Asynchronous Replication (delayed copying, more cost-effective). Use cases include database mirroring and disaster recovery.

Question 23

What is Journaling in asset management?

Answer 23

Recording changes to data in a dedicated log to track and revert changes and ensure data integrity. Examples include file system journaling (e.g., JFS, NTFS). Advanced methods include Remote Journaling, SAN Replication, and VM Replication.

Question 24

Why is Encrypting Backups important?

Answer 24

To protect data from unauthorized access or theft, ensure compliance with data protection regulations (e.g., GDPR, HIPAA), and secure sensitive data in backups (e.g., customer data, intellectual property).

Question 25

What are the methods for Encrypting Backups?

Answer 25

Encryption at Rest: Encrypting stored backup data.
Encryption in Transit: Encrypting data during backup transfer.

Question 26

What are the best practices for Encrypting Backups?

Answer 26

Use strong encryption algorithms.
Manage and protect encryption keys securely.
Regularly update encryption protocols to address vulnerabilities.

Question 27

What is Secure Data Destruction?

Answer 27

Preventing unauthorized access to sensitive data by eliminating it from storage media through methods like sanitization, data wiping, degaussing, and physical destruction.

Question 28

What are the methods for Secure Data Destruction?

Answer 28

Sanitization: Removing data using data wiping, degaussing, or encryption.

Techniques: Data wiping (overwriting data multiple times), degaussing (disrupting magnetic fields).

Destruction: Physical elimination (shredding, crushing, incinerating storage devices) or electronic elimination (overwriting data, degaussing).

Question 29

What is Certification in Secure Data Destruction?

Answer 29

Documentation verifying that data has been securely destroyed. It is important for ensuring compliance and providing evidence of due diligence. Best practices include using reputable third-party providers for certification.

Question 30

What is Asset Disposal in asset management?

Answer 30

The process of securely removing or destroying assets to prevent unauthorized access to sensitive data. Concepts include Sanitization, Destruction, and Certification. Best practices involve implementing policies for secure disposal of all asset types, ensuring compliance with regulatory requirements, and using standardized procedures for sanitization and destruction.

Question 31

How does Asset Disposal relate to Business Continuity?

Answer 31

Ensures that retired or repurposed assets do not become security liabilities, supporting the overall goal of maintaining operational integrity during and after disruptions.

Question 32

What is Capacity Planning in asset management?

Answer 32

Assessing current and future resource requirements to meet business objectives. Components include People (staffing levels, skills), Technology (hardware, software, network resources), and Infrastructure (facilities, power, cooling, connectivity). Methods include Trend Analysis, Simulation Modeling, and Benchmarking. Risks of poor capacity planning include underestimation (leading to downtime and security gaps) and overestimation (increasing costs and resource underutilization). Best practices involve balancing current and future needs, regularly reviewing and updating capacity plans, and employing monitoring, forecasting, and resource scaling techniques.

Question 33

What is Continuity of Operations (COOP)?

Answer 33

Ensuring an organization can maintain or quickly resume critical functions during and after a disruption. Key elements include identifying critical business functions, establishing priorities, resource allocation, redundancy for IT systems and data, alternative work arrangements, communication protocols, and testing and updating plans.

Question 34

What is the role of Backups in COOP?

Answer 34

Safeguard against data loss and enable system and data restoration during disruptions. Importance of testing backups includes verifying integrity and effectiveness, identifying issues or gaps, and ensuring compliance with regulatory requirements.

Question 35

What are the critical capabilities for enterprise backup solutions?

Answer 35

Support for virtual, physical, and cloud environments; data deduplication and compression; instant recovery and replication; ransomware protection and encryption; granular restore options; reporting, monitoring, and alerting tools; and integration with virtualization platforms, cloud providers, and storage systems.

Question 36

What is High Availability (HA) in redundancy strategies?

Answer 36

Ensuring systems remain operational and accessible with minimal downtime. Key components include redundant hardware (power supplies, hard drives, network interfaces), server clustering, networking redundancy, datacenter redundancy, and measuring availability through uptime percentages and Maximum Tolerable Downtime (MTD).

Question 37

What are the “Nines” in availability metrics?

Answer 37

Represent the percentage of uptime:
- Six Nines: 99.9999% (32 seconds annual downtime)
- Five Nines: 99.999% (5 minutes 15 seconds)
- Four Nines: 99.99% (52 minutes 34 seconds)
- Three Nines: 99.9% (8 hours 45 minutes 36 seconds)
- Two Nines: 99% (87 hours 36 minutes)

Question 38

What is Clustering in redundancy strategies?

Answer 38

Multiple redundant processing nodes sharing data and accepting connections to reduce downtime and enhance system reliability. Types include Active/Passive (one active node, one passive node for failover) and Active/Active (both nodes active, sharing the load and handling failover). Benefits include reduced downtime, seamless failover, and enhanced system reliability.

Question 39

What is Power Redundancy and its importance?

Answer 39

Ensuring continuous operation during power failures or electrical issues through components like dual power supplies, managed Power Distribution Units (PDUs), Uninterruptible Power Supplies (UPS), and generators. Best practices include sizing UPS appropriately, implementing transfer switches, and maintaining generators with regular testing and fuel management.

Question 40

What is Platform Diversity in redundancy strategies?

Answer 40

Using multiple technologies, operating systems, and hardware/software components to reduce single points of failure, limit the impact of vulnerabilities, and enhance resilience and security posture.

Question 41

What is Defense in Depth in redundancy strategies?

Answer 41

Implementing multiple layers of security controls to protect information and infrastructure. Layers include Perimeter Security (firewalls, IDS), Network Security (segmentation, access controls), Endpoint Security (antivirus, device hardening), Application Security (secure coding, patch management), User Security (MFA, security training), and Incident Response (preparedness and response planning).

Question 42

What are Multi-Cloud Strategies?

Answer 42

Leveraging multiple cloud service providers for redundancy and resilience. Benefits include cybersecurity through diversified risk, business resilience by ensuring operations continue if one provider experiences issues, access to varied features and services, vendor independence to avoid lock-in, and performance optimization by choosing best-fit services for specific workloads.

Question 43

What are Deception Technologies in redundancy strategies?

Answer 43

Tools and techniques that deceive attackers to detect and defend against attacks. Types include Honeypots, Honeynets, Honeyfiles, and Honeytokens. Benefits include detecting and monitoring attacks, gathering intelligence on attacker tactics and tools, and diverting attackers from real systems.

Question 44

What are Disruption Strategies in redundancy strategies?

Answer 44

Active defense techniques that increase the cost and complexity for attackers. Examples include Bogus DNS Entries, Decoy Directories, Port Triggering/Spoofing, and DNS Sinkholes. Benefits include raising attack costs, tying up adversary resources, and enhancing overall security posture by complicating attacker efforts.

Question 45

Why is Testing Resiliency important in redundancy strategies?

Answer 45

To ensure systems and response plans can handle real-world disruptions. Methods include Tabletop Exercises, Failover Tests, Simulations, and Parallel Processing Tests. Benefits include identifying vulnerabilities and weaknesses, improving incident response capabilities, and ensuring business continuity during actual disruptions.

Question 46

What is the role of Documentation in redundancy strategies?

Answer 46

Supports testing processes and ensures clear communication. Components include Test Plans, Test Scripts/Scenarios, Test Results, and Third-Party Assessments. Benefits include providing a common reference for stakeholders, facilitating effective communication and reporting, and ensuring compliance and continuous improvement.

Question 47

Why are Physical Security Controls important in cybersecurity?

Answer 47

They act as the first line of defense against physical access to critical assets, protecting physical components that house digital assets (e.g., servers, datacenters).

Question 48

What are examples of Physical Security Measures?

Answer 48

Access Control Mechanisms (biometric scanners, smart cards, key fobs), Surveillance Systems (video cameras, motion sensors, alarms), and Environmental Controls (backup power systems, redundant cooling systems, fire suppression systems).

Question 49

What are the fundamentals of Access Control in physical security?

Answer 49

Authentication: Creating access lists and identifying mechanisms to allow approved persons through barriers.

Authorization: Establishing barriers around resources to control access through defined entry and exit points.

Accounting: Recording usage of entry/exit points and detecting security breaches.

Question 50

How are Zones used in Physical Security?

Answer 50

Physical security is implemented by incorporating zones, each separated by barriers with their own security mechanisms controlling entry and exit points. Progression through each zone becomes increasingly restrictive to enhance security.

Question 51

What is Physical Security Through Environmental Design?

Answer 51

Using the built environment to enhance security and prevent crime by designing physical spaces, buildings, and landscapes with security features that are not obvious to deter and prevent unauthorized access. Applications include residential neighborhoods, commercial districts, schools, and public spaces.

Question 52

What are the benefits of Physical Security Through Environmental Design?

Answer 52

Enhances security naturally through design, deters criminal activity by making unauthorized access more difficult, promotes a sense of safety and well-being among users, and is cost-effective for improving security in new or existing structures.

Question 53

What are Barricades and their purpose in physical security?

Answer 53

Structures or barriers that prevent unauthorized access and channel people through defined entry and exit points. Examples include bollards and security posts to prevent vehicle-based attacks, and security gates with authentication mechanisms like biometric scanners or card readers.

Question 54

What is the purpose of Fencing in physical security?

Answer 54

To protect the exterior of a building by creating a physical barrier. Characteristics include transparency for visibility, robustness to prevent cutting or climbing (often using materials like steel or reinforced concrete), and security against climbing with features like razor wire.

Question 55

Why is Lighting important in physical security?

Answer 55

Enhances the perception of safety and security, acts as a deterrent by making intrusion more difficult, and facilitates surveillance by improving visibility for cameras and security personnel. Design considerations include overall light levels, targeted lighting of specific areas, and the use of motion-activated lights.

Question 56

What are Bollards and their functions in physical security?

Answer 56

Short vertical posts made of steel, concrete, or other durable materials. They protect pedestrians from vehicular traffic, prevent unauthorized vehicle access to sensitive areas, and provide perimeter security for critical infrastructure. Usage includes government buildings, airports, stadiums, store entrances, and public spaces.

Question 57

How can Existing Structures be adjusted to enhance physical security?

Answer 57

By securing zones (placing equipment rooms and critical areas deep within the building), designing demilitarized zones (positioning public access areas away from secure zones), using clear signage and warnings, implementing discreet entry points, minimizing traffic between zones, ensuring high visibility in public areas, and using one-way glass to prevent outsiders from viewing internal security mechanisms.

Question 58

What are Gateways and Locks in physical security?

Answer 58

Gateways: Securing entry points using secure, self-closing, and self-locking mechanisms to prevent unauthorized access.

Lock Types:
- Physical Locks: Conventional key-based locks, deadbolts, resistant to picking.

• Electronic Locks: PIN-based keypads, smart locks using magnetic swipe cards or proximity readers.
• Biometric Locks: Integrated with biometric scanners (fingerprint, retina) for enhanced security.

Question 59

What is an Access Control Vestibule (Mantrap)?

Answer 59

A security measure with two interlocking doors that allow only one person to pass through at a time. The first door opens after access is granted, and the second door only opens once the first door is securely closed. Benefits include preventing unauthorized access and tailgating, adding an additional layer of security in high-security environments.

Question 60

What are Cable Locks and their usage in physical security?

Answer 60

Locks that attach to a secure point on the device chassis to secure servers and other critical hardware to racks or desks, preventing theft or tampering. Examples include Kensington security slots and metal loops for cable attachment.

Question 61

What are Access Badges and their functionality in physical security?

Answer 61

Plastic cards embedded with magnetic strips, RFID chips, or NFC technology that replace physical keys for controlled access. They are swiped, tapped, or brought near a reader to grant access and are integrated with Physical Access Control Systems (PACS) for monitoring and logging. Features include displaying holder’s information and logging access activity for security audits and investigations.

Question 62

What roles do Security Guards play in physical security?

Answer 62

Monitor access points, verify identification, log entries, and deter intruders. Types include armed and unarmed guards. Benefits include acting as a visual deterrent and providing a proactive response to security incidents, while drawbacks include high cost and feasibility challenges for all areas requiring security clearance. Best practices include proper training and screening to ensure effectiveness and reliability.

Question 63

What are the benefits and drawbacks of Video Surveillance Systems?

Answer 63

Benefits: Cost-effective compared to guards, effective deterrent, and records movements and access.

Drawbacks: Longer response times and requires monitoring staff.

Question 64

What are Alarm Systems and their roles in physical security?

Answer 64

Detect and alert on potential threats or breaches, acting as both detective and deterrent controls. They are integrated with other security systems for enhanced effectiveness. Types of alarms include Circuit Alarms, Motion Detection Alarms, Noise Detection Alarms, Proximity Alarms, and Duress Alarms. Responses can be audible alarms to notify occupants or silent alarms to alert security personnel without alerting intruders.

Question 65

What are the different types of Sensors used in physical security?

Answer 65

Infrared Sensors: Detect changes in heat patterns caused by moving objects; used in motion detection.

Pressure Sensors: Detect weight changes when someone steps on a mat or floor; used in high-security areas.

Microwave Sensors: Emit microwave pulses and measure reflections from moving objects; used in combination with infrared sensors for enhanced accuracy.

Ultrasonic Sensors: Emit sound waves above human hearing range and measure return times after hitting objects; used in automated lighting systems and security monitoring.