Security Controls

Question 1

Technical Security Controls

Answer 1

> Sometimes called logical security controls
Executed by computer systems (instead of people)
Implemented with technology

Question 2

Examples of technical security controls

Answer 2

> Encryption
IDSs
Firewalls

Question 3

Characteristics of managerial security controls

Answer 3

> Also known as administrative controls
Focused on reducing the risk of security incidents
Documented in written policies

Question 4

Examples of managerial security controls

Answer 4

> Organizational security policies
Risk assessments
Security awareness training

Question 5

Operational Security Controls

Answer 5

> Focus on the day-to-day procedures of an organization.
Used to ensure that the equipment continues to work as specified
Primarily implemented and executed by people

Question 6

Examples of operational security controls

Answer 6

> Configuration management
Authentication Protocols
Patch management

Question 7

Examples of physical security controls

Answer 7

> Lightning
Access control vestibules
Fencing/Bollards/Barricades
Security guards

Question 8

Examples of PREVENTIVE security controls

Answer 8

Encryption, firewalls, AV software

Question 9

Examples of DETERRENT security controls

Answer 9

Warning signs, lighting, fencings/bollards

Question 10

Examples of DETECTIVE security controls

Answer 10

Log monitoring, security audits, CCTV, IDS, vulnerability scanning

Question 11

Examples of CORRCETIVE security controls

Answer 11

> Recovering data from backup copies
Applying software patches and updates to fix vulnerabilities
Developing and implementing IRPs to respond and recover from security incidents
Activating and executing DRPs to restore operations after major incidents.

Question 12

Examples of COMPENSATING security controls

Answer 12

Backup power systems, MFA, application sandboxing, and network segmentation

Question 13

Define DIRECTIVE security controls

Answer 13

Refers to the category of security controls that are implemented through policies and procedures. Examples are AUP (Acceptable Use Policy) and IRP (Incident Response Plan).

Question 14

Which term describes the basic principles of information security?

Answer 14

CIA (Confidentiality, Integrity, and Availability)

Question 15

In the AAA security architecture, what is the process of granting or denying access to resources?

Answer 15

Authorization

Question 16

In the AAA security architecture, the process of verifying the identity of a person or process is known as?

Answer 16

Authentication

Question 17

In the AAA security architecture, the process of tracking accessed services and logging resource consumption is called?

Answer 17

Accounting

Question 18

Name two solutions that provide the AAA functionality

Answer 18

> TACACS+
RADIUS

Question 19

In the context of the AAA framework, name common methods of authenticating people

Answer 19

Usernames and passwords, biometrics, MFA.

Question 20

In the context of the AAA framework, name common methods of authenticating devices

Answer 20

Digital certificates, IP address, and MAC address.