Security Controls Flashcards

1
Q

Auditing (security controls)

A

One time evaluation
vs monitoring which is on going

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Bollards

A

Vehicle barricades usually outside of government buildings

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Duress based alarm

A

Alarm that’s set off by a person when there is some kind of emergency

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Proximity alarms

A

RFID to tell when something moves

Like tagged clothing at a retail store

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Magnetometer

A

Metal detectors

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

5 types of door locks

A

Key
Mechanical (cipher lock) like at fast food
Electronic
Badge reader
Biometric

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Biometric scanner intrusiveness order
Least to most

A

Facial id
Fingerprint
Palm reader
Retina scan

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Access control vestibule

A

Metro turnstile access type thing

Can be a full cage also
(Prevent tailgating and piggybacking)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

3 types of badge readers

A

Magnet strip (old)
Smart card (new) like a credit card
RFID (new)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

3 types of equipment locks
(Not including Kensington locks)

A

Lockable rack cabinet
Chassis locks
Faceplate

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Least privilege principle

A

Things and people should always use as little permission possible

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Three role based access types

A

DAC (discretionary access control)
MAC (mandatory access control)
RBAC (role based access control)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Discretionary access control
(DAC)

A

Each owner decides rights and permissions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Mandatory access control
(MAC)

A

The computer system decides who gets access (military style)
-Unclassified
-Confidential
-Secret
-Top secret
Also uses “need to know”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Role-Based Access Control
(RBAC)

A

Group based permissions like in a domain
(Considered best practice)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Power users

A

Between a normal user and a admin

17
Q

Zero-trust framework
(4 parts)

A

reexamine default access controls

employ a variety of prevention techniques

Enable real time monitoring

Ensure zero trust aligns with security strategy

18
Q

Identification

A

Is provided by the user
Examples:
Usernames
Account number
Social security number

19
Q

Authentication

A

Validates identity

20
Q

Multi factor authentication 5 types
MFA

A

Knowledge - something you know
Ownership - something you have
Characteristic - something you are
Location - somewhere you are
Action - something you do

21
Q

TOTP

A

Time-based One Time Password

22
Q

HOTP
HMAC-based one time password

A

Hash based one time password

23
Q

In-band authentication

A

Uses the same device to do both authentications

Password on your phone and email on your phone

24
Q

Out of band authentication
OOB

A

Uses separate communication to send the OTP or PIN

25
Q

EMM

A

Enterprise mobility management

Management of corporate mobile devices
the policy’s and the tools

26
Q

MDM

A

mobile device management
The tools that control the devices

27
Q

6 MDM features

A

Application control
Passwords
MFA requirements
Token based access
Patch management
Remote wipe

28
Q

OU (Active Directory)

A

Oganizational unit

29
Q

Login scripts

A

On login:
Use to map network drives, permissions, open programs, and folder redirection