Security Controls 2 Flashcards

1
Q

What is hardening?

A

Hardening involves securing systems, networks, or devices by reducing their attack surface and minimizing vulnerabilities. It typically includes steps such as disabling unnecessary services, applying security patches, configuring strong access controls, and implementing least privilege principles.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is a Intrusion Prevention System (IPS)?

A

An Intrusion Prevention System (IPS) is a network security technology that actively monitors network traffic, detects malicious activity based on known attack patterns, and takes immediate action to block or prevent potential threats from entering a system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

How does an (IPS) differ from an Intrusion Detection System (IDS)?

A

IDS only detects threats, while IPS prevents threats.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is a intrusion detection system (IDS)?

A

An intrusion detection system (IDS) is a cybersecurity tool that monitors a network for suspicious activity. It can be a device or software application.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is SIEM (Security Information and Event Management)?

A

Security Information and Event Management (SIEM) is a comprehensive approach to cybersecurity that involves collecting, analyzing, and correlating data from various sources within an organization’s IT infrastructure to detect and respond to security threats. They provide real-time monitoring, alerting, and incident response capabilities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is the purpose of preventive controls?

A

Preventive controls aim to thwart or minimize the likelihood of security incidents or attacks before they happen by reducing vulnerabilities or deterring potential threats.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is the purpose of detective controls?

A

Detective controls aim to identify, detect, or uncover security incidents or breaches that have already occurred within an organization’s systems or networks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What are some examples of detective controls?

A

SIEM, (IDS), security audits, trend analysis, log monitoring, video surveillance, motion detection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What are some examples of preventative controls?

A

Hardening, firewalls, security awareness training, encrypting, antivirus software

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is the purpose of corrective controls?

A

Corrective controls are security measures implemented to mitigate the impact of security incidents or breaches after they have occurred.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What are some examples of corrective controls?

A

Vulnerability patching, backups and system recovery

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is the primary purpose of a backup in a cybersecurity?

A

Protecting data against loss or corruption

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is the purpose of deterrent controls?

A

Deterrent controls are security measures designed to discourage potential attackers or intruders by increasing the effort, risk, or cost associated with unauthorized access or deliberate attacks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What are some examples of deterrent controls?

A

Cable locks, hardware locks, video surveillance, security guards

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is the purpose of directive controls?

A

Directive controls are security measures that provide guidance, instructions, and policies to ensure that security requirements and best practices are followed across an organization. They set the framework for security compliance.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What are some examples of directive controls?

A

Security policies, compliance standards, training and awareness

17
Q

What is the purpose of compensating controls?

A

Compensating controls serve as alternative measures to address security requirements or mitigate risks when implementing the primary or ideal security measure is impractical or unfeasible.

18
Q

What are some examples of compensating controls?

A

Time-based One Time-Password (TOTP), compensating control (Partial Encryption or Segmentation)

19
Q

What is a risk assessment?

A

Risk assessments identify, analyze, and prioritize potential risks and threats that could impact an organization’s assets, operations, or objectives. They evaluate the likelihood of threats exploiting vulnerabilities and assess the potential impact on the organization.

20
Q

What is a vulnerability assessment?

A

Vulnerability assessments involve scanning systems, networks, or applications to identify and analyze potential weaknesses or vulnerabilities that could be exploited by attackers. They aim to discover security flaws or misconfigurations.

21
Q

What is penetration testing?

A

Penetration testing, often referred to as ethical hacking, involves simulating real-world attacks to test the security of systems, networks, or applications. It aims to exploit vulnerabilities in a controlled manner to assess the effectiveness of security controls and defenses.