Section 1: Understanding Security Fundamentals

Question 1

What are the three components of the CIA triad?

Answer 1

Confidentiality (where the data is encrypted)
Integrity (where the data uses hashing)
Availability (where the data is available, for example, by restoring data from a backup)

Question 2

Why might an inactive CCTV camera be placed on the outside wall of a building?

Answer 2

An inactive CCTV camera could be used as a deterrent since criminals would not know that it is inactive.

Question 3

What does confidentiality mean?

Answer 3

Preventing other people from viewing the data; the best way to keep data confidential is to encrypt it.

Question 4

How can you control access of personnel to a data center?

Answer 4

Install a mantrap.

Question 5

What is the purpose of an air gap?

Answer 5

Prevent data theft by removing physical connections between the device and network. The only way to remove data from an air-gapped machine is with removable media like a USB drive.

Question 6

Name three main control categories.

Answer 6

Managerial, Operational, Technical

Question 7

Name three physical controls.

Answer 7

Lighting
Cameras
Robot sentries
Fences
Gate signage
Industrial camouflage
Security guards
Badges
Key management
Proximity card
Tokens
Biometric locks
Electronic locks
Burglar alarms
Smoke detectors
Internal protection
Conduits
HVAC
Cable locks
Airgap
Laptop safe
USB data blocker
Vault
Faraday cage

Question 8

Following an incident, what type of control will be used when researching how the incident happened?

Answer 8

Detective controls, wherein all evidence is gathered and analyzed.

Question 9

How do you know whether the integrity of your data is intact?

Answer 9

Hashing provides data integrity; the hash value is measured before and after accessing data. If the values match, it has integrity.

Question 10

What is a corrective control?

Answer 10

The actions you take to recover from an incident. You may have to restore data from a backup.

Question 11

What type of control is it when you change the firewall rules?

Answer 11

Technical control.

Question 12

What is used to log in to a system that works in conjunction with a PIN?

Answer 12

Smart card
CAC card
PIV card

Question 13

What is the name of the person who looks after classified data? Who gives people access to the classified data?

Answer 13

The custodian stores and manages the data. The administrator grants access to the data.

Question 14

When you use a DAC model for access, who determines who gains access to the data?

Answer 14

The data owner decides who has access to the data.

Question 15

What is least privilege?

Answer 15

The process of giving an employee minimal permissions to perform their jobs.

Question 16

What access is granted by the Linux file permission of 764?

Answer 16

Owner: Read, Write, Execute
Group: Read, Write
Other: Read

Question 17

The sales team is allowed to log in to the company system between 9am and 10pm. What type of access control is being used?

Answer 17

Rule-based access control. The access is applied to the whole department.

Question 18

Two people from the finance team are only allowed to authorize the payment of checks. What type of access control are they using?

Answer 18

Role-based access control; where a subset of a department is carryout out a subset of duties.

Question 19

What is the purpose of the defense in-depth model?

Answer 19

To protect data and resources. If the outer layer fails, the next layer should perform the protection. Many layers need to be broken through before gaining access to the data or resource.

Question 20

When someone leaves the company, what is the first thing you should do with their user account?

Answer 20

Disable the account and reset the password so it cannot be used.

Question 21

What do US companies that host websites in the US have to comply with if customers are based in Poland?

Answer 21

The EU GDPR states that if a website that is hosted by someone in the US is accessed by someone from within the EU, that website needs to be GDPR compliant.

Question 22

How can a company discover that its suppliers are using inferior products?

Answer 22

If a company puts a right to audit clause into a contract, it gives them the right to audit the supplier at any time. The company can then look at the company records and check the quality of the products and materials being used.

Question 23

What is one of the most important factors between someone being arrested and their appearance before the judge in court?

Answer 23

Chain of custody: a record of who has collected the evidence and provides a log of who has handled the data. The original data must be intact, and there must not be any break in the chain.

Question 24

Can you explain what the purpose of the CLOUD Act and COPOA is?

Answer 24

CLOUD Act (US): right to obtain evidence from other countries for an FBI investigation.
COPOA (UK): right to seek data stored overseas and give their law enforcement faster access to evidence held by providers

Question 25

What is Stage C of Cloud Forensic Process 26?

Answer 25

Ascertain the type of technology behind the cloud.