Section 1: Understanding Security Fundamentals Flashcards
What are the three components of the CIA triad?
Confidentiality (where the data is encrypted)
Integrity (where the data uses hashing)
Availability (where the data is available, for example, by restoring data from a backup)
Why might an inactive CCTV camera be placed on the outside wall of a building?
An inactive CCTV camera could be used as a deterrent since criminals would not know that it is inactive.
What does confidentiality mean?
Preventing other people from viewing the data; the best way to keep data confidential is to encrypt it.
How can you control access of personnel to a data center?
Install a mantrap.
What is the purpose of an air gap?
Prevent data theft by removing physical connections between the device and network. The only way to remove data from an air-gapped machine is with removable media like a USB drive.
Name three main control categories.
Managerial, Operational, Technical
Name three physical controls.
Lighting
Cameras
Robot sentries
Fences
Gate signage
Industrial camouflage
Security guards
Badges
Key management
Proximity card
Tokens
Biometric locks
Electronic locks
Burglar alarms
Smoke detectors
Internal protection
Conduits
HVAC
Cable locks
Airgap
Laptop safe
USB data blocker
Vault
Faraday cage
Following an incident, what type of control will be used when researching how the incident happened?
Detective controls, wherein all evidence is gathered and analyzed.
How do you know whether the integrity of your data is intact?
Hashing provides data integrity; the hash value is measured before and after accessing data. If the values match, it has integrity.
What is a corrective control?
The actions you take to recover from an incident. You may have to restore data from a backup.
What type of control is it when you change the firewall rules?
Technical control.
What is used to log in to a system that works in conjunction with a PIN?
Smart card
CAC card
PIV card
What is the name of the person who looks after classified data? Who gives people access to the classified data?
The custodian stores and manages the data. The administrator grants access to the data.
When you use a DAC model for access, who determines who gains access to the data?
The data owner decides who has access to the data.
What is least privilege?
The process of giving an employee minimal permissions to perform their jobs.
What access is granted by the Linux file permission of 764?
Owner: Read, Write, Execute
Group: Read, Write
Other: Read
The sales team is allowed to log in to the company system between 9am and 10pm. What type of access control is being used?
Rule-based access control. The access is applied to the whole department.
Two people from the finance team are only allowed to authorize the payment of checks. What type of access control are they using?
Role-based access control; where a subset of a department is carryout out a subset of duties.
What is the purpose of the defense in-depth model?
To protect data and resources. If the outer layer fails, the next layer should perform the protection. Many layers need to be broken through before gaining access to the data or resource.
When someone leaves the company, what is the first thing you should do with their user account?
Disable the account and reset the password so it cannot be used.
What do US companies that host websites in the US have to comply with if customers are based in Poland?
The EU GDPR states that if a website that is hosted by someone in the US is accessed by someone from within the EU, that website needs to be GDPR compliant.
How can a company discover that its suppliers are using inferior products?
If a company puts a right to audit clause into a contract, it gives them the right to audit the supplier at any time. The company can then look at the company records and check the quality of the products and materials being used.
What is one of the most important factors between someone being arrested and their appearance before the judge in court?
Chain of custody: a record of who has collected the evidence and provides a log of who has handled the data. The original data must be intact, and there must not be any break in the chain.
Can you explain what the purpose of the CLOUD Act and COPOA is?
CLOUD Act (US): right to obtain evidence from other countries for an FBI investigation.
COPOA (UK): right to seek data stored overseas and give their law enforcement faster access to evidence held by providers
What is Stage C of Cloud Forensic Process 26?
Ascertain the type of technology behind the cloud.