SecurityPlus Flashcards
In a high-security facility, guards are stationed at every entrance, and all visitors are logged and surveilled. Which type of control is primarily being utilized here?
Physical control
Physical control involves securing physical access to facilities, like guard stations and visitor logs, and is the primary control being utilized here.
A security manager at a software company is revising the SDLC process to include risk management strategies and compliance with legal requirements. Which category of controls is the manager focusing on?
Managerial controls
Managerial controls is the correct category because it encompasses decisions and management of risk, focusing on procedures, legal policies, and regulatory policies relevant to the software development lifecycle.
Following a data breach, your company revises its network security protocols and enhances its incident response procedures. Which type of control does this revision represent?
Corrective control
Corrective controls include actions taken to repair damage and enhance procedures post-incident, like the network security protocol revision and incident response enhancements in this scenario.
A retail company implements a new policy requiring all employees to undergo security awareness training annually. What type of control does this new policy exemplify?
Directive control
Directive controls involve guiding the operation and use of systems, like the mandatory security training policy.
Your company sets up a network of simulated vulnerable systems in an effort to trap and study potential attackers. What type of setup does this best describe?
Honeynet
A honeynet is a network or system with intentional vulnerabilities to divert attackers from real systems and analyze their behavior.
A global corporation with employees working remotely across different time zones decides to implement a policy where access to sensitive systems is granted based on the user’s role, time of access, and location. Which aspect of security does this approach primarily enhance?
Policy-driven access control
Policy-driven access control involves granting access based on predefined policies and information such as the user’s role, time, and location, which aligns with the corporation’s new policy.
You work in the IT department of a large international organization and are tasked with upgrading the authentication system to secure employee access to the company’s internal network better. Considering the increasing number of remote workers using various devices, which authentication model should you prioritize to enhance security without significantly impacting user convenience?
Utilizing multifactor authentication (MFA) for all employee access
Multifactor authentication (MFA) is the most suitable choice in this scenario, primarily because it significantly increases security by requiring users to provide two or more verification factors to gain access. This is particularly important given the diversity of devices and locations from which remote workers are accessing the internal network. MFA mitigates risks associated with compromised credentials, a common threat in remote work scenarios.
You were at a small regional bank that recently began receiving fraudulent claims that money was not correctly transferred to a designated bank account. Your institution implements a system ensuring that the authorship of a transaction cannot be denied or disputed once made. This measure primarily addresses which fundamental security concept?
Non-repudiation
Non-repudiation ensures that the authorship of a transaction cannot be denied, providing assurance of the origin and integrity of the data.
A tech company regularly updates just its network diagrams to reflect recent changes in its IT infrastructure, which is crucial for maintaining an accurate understanding of the network’s current state. What is this practice known as?
Updating diagrams
Updating diagrams specifically refers to revising network diagrams to include recent changes in IT infrastructure.
In a financial organization, the IT team is assigned specific computers, servers, and network equipment to manage. They are responsible for defining the security requirements and managing the risk profile of this equipment. Which of the following best describes this scenario?
Ownership
Ownership involves responsibility for specific assets, ensuring security, and managing risk profiles.
