Security Operations

Question 1

What types of controls should facilities housing sensitive info implement?

Answer 1

Facilities that house systems that process sensitive information should have physical access controls to limit access to authorized personnel only.

Question 2

How should clipping levels be implemented?

Answer 2

Clipping levels should be implemented to establish a baseline of user activity and acceptable errors.

Question 3

What should be implemented to prevent collision?

Answer 3

Separation of responsibilities and duties should be in place so that if fraud takes place, it requires collusion.

Question 4

How should change control and configuration mgmt be implemented?

Answer 4

Change control and configuration management should be put in place so changes are approved, documented, tested, and properly implemented.

Question 5

What activities are included in change management?

Answer 5

Activities that involve change management include requesting a change, approving a change, documenting a change, testing a change, implementing a change, and reporting to management.

Question 6

What are key aspects of operational security?

Answer 6

The key aspects of operational security include resource protection, change control, hardware and software controls, trusted system recovery, separation of duties, and least privilege.

Question 7

What does least privilege ensure?

Answer 7

Least privilege ensures that users, administrators, and others accessing a system have access only to the objects they absolutely require to complete their job.

Question 8

What are responsibilities of operation department?

Answer 8

The operations department is responsible for any unusual or unexplained occurrences, unscheduled initial program loads, and deviations from standards.

Question 9

Startup and Shutdown procedures

Answer 9

Standards need to be established that indicate the proper startup and shutdown sequence, error handling, and restoration procedures.

Question 10

What is always the more important to protect than facilities and assets?

Answer 10

Some physical security controls may conflict with the safety of people. These issues need to be addressed; human life is always more important than protecting a facility or the assets it contains.

Question 11

What are proximity identification devices?

Answer 11

Proximity identification devices can be user-activated (action needs to be taken by a user) or system sensing (no action needs to be taken by the user).

A transponder is a proximity identification device that does not require action by the user. The reader transmits signals to the device, and the device responds with an access code.

Question 12

What are the benefits of exterior fencing?

Answer 12

Exterior fencing can be costly and unsightly, but can provide crowd control and help control access to the facility.

Question 13

How should interior partitions be implemented?

Answer 13

If interior partitions do not go all the way up to the true ceiling, an intruder can remove a ceiling tile and climb over the partition into a critical portion of the facility.

Question 14

List intrusion detection devices?

Answer 14

Intrusion detection devices include motion detectors, CCTVs, vibration sensors, and electromechanical devices.

Question 15

What are the benefits of CCTV?

Answer 15

CCTV enables one person to monitor a large area, but should be coupled with alerting functions to ensure proper response.

Question 16

What are the benefits of Security Guards?

Answer 16

Security guards are expensive but provide flexibility in response to security breaches and can deter intruders from attempting an attack.

Question 17

What is a whitelist?

Answer 17

A whitelist is a set of known-good resources such as IP addresses, domain names, or applications.

Question 18

What is patch management?

Answer 18

Patch management is the process for identifying, acquiring, installing, and verifying patches for products and systems.

Question 19

What is a reciprocal agreement?

Answer 19

A reciprocal agreement is one in which a company promises another company it can move in and share space if it experiences a disaster, and vice versa. Reciprocal agreements are very tricky to implement and may be unenforceable. However, they offer a relatively cheap offsite option and are sometimes the only choice.

Question 20

What is Recovery Time Objective (RTO)?

Answer 20

Recovery time objective (RTO) is the maximum time period within which a business process must be restored to a designated service level after a disaster to avoid unacceptable consequences.

Question 21

What is Recovery Point Objective (RPO)?

Answer 21

Recovery point objective (RPO) is the acceptable amount of data loss measured in time.

Question 22

What is Mean time between failures (MTBF)?

Answer 22

Mean time between failures (MTBF) is the predicted amount of time between inherent failures of a system during operation.

Question 23

What is high availability?

Answer 23

High availability refers to a system, component, or environment that is continuously operationaal

High availability for disaster-recovery needs is often a combination of technologies and processes that include backups, redundancy, fault tolerance, clustering, and load balancing.

Question 24

how is data recovery and restoration carried out?

Answer 24

Data recovery and restoration are often carried out through vaulting, backups, and replication technologies.

Question 25

What org units should be return first to the site after a disaster?

Answer 25

When returning to the original site after a disaster, the least critical organizational units should go back first.

Question 26

What is the COOP?

Answer 26

COOP focuses on restoring an organization’s (usually a headquarters element) essential functions at an alternate site and performing those functions for up to 30 days before returning to normal operations. This term is commonly used by the U.S. government to denote BCP.

Question 27

what is the most important part of BCP?

Answer 27

An important part of the business continuity plan is to communicate its requirements and procedures to all employees.

Question 28

Elements of negligence?``

Answer 28

Elements of negligence include not fulfilling a legally recognized obligation, failure to conform to a standard of care that results in injury or damage, and proximate

Question 29

What happens if an org does not practice due care?

Answer 29

If a company does not practice due care in its efforts to protect itself from computer crime, it can be found to be negligent and legally liable for damages.

Question 30

What’s the primary reason for chain of custody of evidence?

Answer 30

The primary reason for the chain of custody of evidence is to ensure that it will be admissible in court by showing it was properly controlled and handled before being presented in court.

Question 31

What is required of evidence to be admissible in court?

Answer 31

To be admissible in court, business records have to be made and collected in the normal course of business, not specially generated for a case in court. Business records can easily be hearsay if there is no firsthand proof of their accuracy and reliability.

Question 32

What the life cycle of evidence?

Answer 32

The life cycle of evidence includes the identification and collection of the evidence, and its storage, preservation, transportation, presentation in court, and return to the owner.

Question 33

What important to consider when looking for suspects?

Answer 33

When looking for suspects, it is important to consider the motive, opportunity, and means (MOM).

Question 34

What are the char. of evidence?

Answer 34

For evidence to be admissible in court, it needs to be relevant, complete, sufficient, and reliable to the case at hand.

Evidence must be legally permissible, meaning it was seized legally and the chain of custody was not broken.

Question 35

Due care and Due Diligence

Answer 35

Due care and due diligence are legal terms that do not just pertain to security. Due diligence involves going through the necessary steps to know what a company’s or individual’s actual risks are, whereas due care involves carrying out responsible actions to reduce those risks. These concepts correspond with the “prudent person” concept.

Question 36

Benefit of rotation of duties?

Answer 36

Rotation of duties enables a company to have more than one person trained in a position and can uncover fraudulent activities. Separation of duties is put into place to ensure that one entity cannot carry out a critical task alone.

Question 37

What are results of improper or no data validation?

Answer 37

There should be controls in place to make sure the data input into a system and the results generated are in the proper format and have expected values. Improper data being put into an application or system could cause bad output and security issues, such as buffer overflows.

Question 38

How is need to know implemented?

Answer 38

Users should be able to access only the resources they need to fulfill the duties of their positions. They also should only have the level of permissions and rights for those resources that are required to carry out the exact operations they need for their jobs, and no more. This second concept is more granular than the first, but they have a symbiotic relationship.

Question 39

What is depth of field in CCTV?

Answer 39

The depth of field refers to the portion of the environment that is in focus when shown on the monitor. The depth of field varies depending upon the size of the lens opening, the distance of the object being focused on, and the focal length of the lens.

The depth of field increases as the size of the lens opening decreases, the subject distance increases, or the focal length of the lens decreases. So if you want to cover a large area and not focus on specific items, it is best to use a wide-angle lens and a small lens opening.

Question 40

What are manual iris lenses?

Answer 40

Manual iris lenses have a ring around the CCTV lens that can be manually turned and controlled. A lens that has a manual iris would be used in an area that has fixed lighting, since the iris cannot self-adjust to changes of light.

An auto iris lens should be used in environments where the light changes, such as an outdoor setting. As the environment brightens, this is sensed by the iris, which automatically adjusts itself. Security personnel will configure the CCTV to have a specific fixed exposure value, which the iris is responsible for maintaining.

Question 41

What is a transponder and what does it do?

Answer 41

A transponder is a type of physical access control device that does not require the user to slide a card through a reader. The reader and card communicate directly. The card and reader have a receiver, transmitter, and battery. The reader sends signals to the card to request information. The card sends the reader an access code.

Question 42

What are the benefits of security guards?

Answer 42

Although many effective physical security mechanisms are on the market today, none can look at a situation, make a judgment about it, and decide what the next step should be. A security guard is employed when a company needs to have a countermeasure that can think and make decisions in different scenarios.

Question 43

What does the electrostatic do?

Answer 43

An electrostatic IDS creates an electrostatic field, which is just an electric field associated with static electric charges. The IDS creates a balanced electrostatic field between itself and the object being monitored. If an intruder comes within a certain range of the monitored object, there is capacitance change. The IDS can detect this change and sound an alarm.

Question 44

What are Cipher locks?

Answer 44

Cipher locks, also known as programmable locks, use keypads to control access into an area or facility. The lock can require a swipe card and a specific combination that’s entered into the keypad.

Question 45

What are tumbler locks?

Answer 45

The tumbler lock has more pieces and parts than a warded lock. The key fits into a cylinder, which raises the lock metal pieces to the correct height so the bolt can slide to the locked or unlocked position. A warded lock is easier to circumvent than a tumbler lock.

Question 46

What’s the focus of code reviews?

Answer 46

Code reviews are focused on finding and fixing defects in software that is undergoing development. It is not helpful in controlling which applications run on our computers.

Question 47

What are the steps for gathering and extracting evidence from a scene?

Answer 47

Several steps need to be followed when gathering and extracting evidence from a scene. Once a computer has been confiscated, the first thing the computer forensics team should do is make an image of the hard drive. The team will work from this image instead of the original hard drive so that the original stays in a pristine state and the evidence on the drive is not accidentally corrupted or modified.

Question 48

What’s required in order for evidence to be admissible in court?

Answer 48

For evidence to be admissible, it must be relevant, complete, sufficient, and reliable to the case. For evidence to be reliable, it must be consistent with fact and must not be based on opinion or be circumstantial.

Question 49

What are the concerns of honeypots and why should an org be careful how they implement honeypots?

Answer 49

Companies need to be very careful about the items they use to entice intruders and attackers, because this may be seen as entrapment by the court. It is best to get the legal department involved before implementing these items. Putting a honeypot in place is usually seen as the use of enticement tools.