SYO-701

Question 1

Technical controls (category)

Answer 1

implemented using a system
IT security controls
eg: firewall, anti-virus

Question 2

Managerial Controls (category)

Answer 2

policies and procedures
admin stuff
SOPs
on-boarding policy, demotion, review login reports, separation of duties

Question 3

Operational controls (category)

Answer 3

implemented by people instead of systems
guard shack, require multiple guard, awareness training

Question 4

physical controls (category)

Answer 4

door lock, warning sign, power generator

Question 5

preventive control type

Answer 5

block access to a resource
firewall rules
door locks
on-boarding policy

Question 6

deterrent control type

Answer 6

discourage attacks
warning banner
posted warning signs
threat of demotion

Question 7

Detective control type

Answer 7

identify intrusion attempts
audit log monitoring
motion detectors

Question 8

Corrective control type

Answer 8

Apply a control after an event has been detected to reverse impact of event
Continue operations with minimal downtime
Ransomware recovery using backups
use law enforcement to manage criminal activity
fire extinguishers

Question 9

compensating control type

Answer 9

control using other means
existing controls aren’t sufficient
may be a temporary control

use a temporary firewall rule to block an application while waiting for a security patch
implement separation of duties
generator used after a power outage

Question 10

Directive control type

Answer 10

direct a subject towards compliance
this is a weak security control

tell people to store sensitive files in a protected folder
train users on security policy
Create compliance policies and procedures
security policy training

Question 11

Zero Trust

Answer 11

Authenticate to each device or process on the network, not just a VPN or firewall.
Everything must be verified, nothing inherently trusted

Question 12

Data plane

Answer 12

zero trust plane of operation
process frames packet and network data
movement of data across network
Switch ports, NAT, processsing, forwarding, trunking

Question 13

Control plane

Answer 13

zero trust plane of operation
manage actions of the data plane
network decision making and traffic management
routing tables, NAT tables, IP address configs

Question 14

Adaptive Identity

Answer 14

zero trust
Consider the source and the requested resources
Multiple risk indicators with relationship to the organization
If user is in China, considered higher risk
Find out how risky the login is.

Question 15

(zero trust) Threat Scope reduction

Answer 15

zero trust
decrease number of possible entry points

Question 16

policy-driven access control (zero trust)

Answer 16

zero trust
Make authentication requirements stronger based on Adaptive Identity.
combine adaptive identity with a predefined set of rules

Question 17

PEP

Answer 17

zero trust
Policy Enforcement Point
everything must be validated via the PEP
Subjects and systems must be vallidated through Policy Enforcment Point
PEP is a gatekeeper for allowing or blocking traffic to resources
Can be multiple devices working together.
Works on the Data plane

Question 18

PDP

Answer 18

zero trust
Policy Decision Point
gets forwareded requests from the PEP
decides whether traffic should be allowed or not
makes a process for authentication
Works on the control plane

Question 19

Policy Engine - zero trust

Answer 19

zero trust
Part of the PDP
evaluate each access decision based on policy
grant, deny or revoke access

Question 20

Policy Administrator - zero trust

Answer 20

Part of the PDP
Generate access tokens
the PA creates or shuts down a communication based on decisions from the Policy Engine
Tells the PEP to allow or disallow access

Question 21

TPM

Answer 21

trusted platform module
specification for cryptography hardware
cryptography process like random number generator, key generators
unique keys burned in during manufacturing
versatile memory to store keys, hardware config info
securely store bitlocker keys
password protected against dictionary attacks

Question 22

HSM

Answer 22

hardware security module
used in large environments
- a rack server
securely stoer thousands of keys
high-end cryptographic hardware used to perform crypto functios
key backup
- secure storage for keys
cryptographic accelerators
- GPU for performing crypto functions

Question 23

secure enclave

Answer 23

protected area in hardware for secrets
- implemented as a hardware processor
- isolated from main processor
- many different technologies and names
extensive security features
- has its own boot ROM
- has its own boot process
- true random number generator
- real-time memory encryption
- root crypto keys
- AES encryption

Question 24

block chain

Answer 24

distributed ledger
everyone on blockchain tracks the ledger
tracks transaction and sends it everyone
can be used to track progress of parts on an assembly line

block of transactions
secure hash is calcuated from previous blocks of transaction data
hash is added to the new block of verified transactions
chain of hashes
new calculated block is distributed to everyone

if any blocks are altered, all the following hashes in the chain are recalcuated
is the altered chain doesn’t match other chains on network, it will be rejected

Question 25

OCSP stapling

Answer 25

During the TLS/SSL handshake, the server sends the digitally signed OCSP verification with the certificate message to the client.

OCSP stapling improves the client experience by:
* Reducing the time it takes to establish a connection
* Ensuring the browser gets the same response performance for the certificate status as it does for the website content
* Addressing privacy concerns by removing the need for the CA to receive revocation requests directly from the client

Question 26

UTM

Answer 26

unified threat management
aka all in one security device
aka web security gateway
URL filtering, content inspection
malware inspecion
spam filter
CSU/DSU (LAN to WAN connection)
routing and switching
firewall
IDS/IPS
badwidth shaper for QoS
VPN server

Question 27

SD-WAN

Answer 27

Software defined networking in a wide area network
WAN built for cloud
cloud based app communicate directly to the cloud
dynamic network connects on-site users directly to cloud applications

Question 28

SASE

Answer 28

Secure Access Service Edge
VPN for cloud services
SASE servers located on the cloud, near the apps
SASE client installed on devices

Question 29

BYOD

Answer 29

bring your own device
BYOT
bring your own technology
employee owned devices
difficult to secure

Question 30

BYOT

Answer 30

bring your own technology
employee owned devices

Question 31

COPE

Answer 31

corporate owned personally enabled devices
organization owned device
used for both personal and corporate stuff

Question 32

CYOD

Answer 32

a subset of COPE device
choose your own device
choose apple or android

Question 33

MIC

Answer 33

message integrity check
wireless security
make sure data is the same as sent
provides data integrity

Question 34

GCMP

Answer 34

galois counter mode protocol
wifi protocol
works with WPA3
secure hashes with AES

Question 35

SAE

Answer 35

Simultaneous Authentication of Equals
wifi security protocol
Variant of diffie-helmen key exchange
everyone uses a different session key, even if everyone has the same preshared key
handshake and mutual authentication process is changed
create a shared session key without sending key across network

Question 36

EAP

Answer 36

extensible authentication protocol
many ways to authentication
integrates with 802.1x
works with WiFi

Question 37

enumeration

Answer 37

part of asset management
record all parts of an asset
CPU. mem, keyboard, mouse, etc

Question 38

CVSS

Answer 38

common vulnerability scoring system
uses NVD

Question 39

NVD

Answer 39

national vulnerabilit database
nvd.nist.gov
vulns with a score of 10 are most critical
0 score is least critical
scores change with CVSS version

Question 40

CVE

Answer 40

Common vulnerabilities and exposures
vulnerability database

Question 41

exposure factor

Answer 41

loss of value or business activity due to vulnerability
if a vuln takes down half of the business, exposure factor is 50%

Question 42

SPF

Answer 42

sender policy framework
email security
add a TXT record in DNS
SPF - configure a list of all servers authorized to send emails

Question 43

DKIM

Answer 43

domain key identified mail
mail server digitally signs all outgoing mail
public key is in the DKIM TXT record
users can validate that the messages are legit with DKIM public key

Question 44

DMARC

Answer 44

domain based message authentication, reporting and comformance
extension of SPF and DKIM
handle emails that aren’t validated using SPF and DKIM
write policy to a DNS TXT record
possible policy action on unvalidated email:
- accept all,
- send to spam,
- quarantine
- reject email
can send compliance reports to the email admin

Question 45

MAC

Answer 45

Mandatory Access Control
OS limits operations on an object
every object is labeled
- eg: confidential, secret
admin of the system decides which person can access which labels
eg: SELinux file types and user restrictions

Question 46

DAC

Answer 46

Discrectionary Access Control
similar to unix chmod
owner of data controls who can access it
flexible access control
weak security, because it depends on users to have good security

Question 47

RBAC

Answer 47

role based access control
each user has a role in the organization
admin provides access based on user’s role
in windows, use AD Groups to provide role-based access control

Question 48

rule-based access control

Answer 48

system enforced rules
rules created by admin, not users
object ACLs, similar to linux file ACLs
eg: a lab worker can only access a file between 9 AM and 5 PM.

Question 49

attribute based access control

Answer 49

users can have complex relationships to applications and data
next generation authorization model
evaluate multiple parameters
- resource info, IP addr, time of day, desired action, relationship to the data

Question 50

JIT permissions

Answer 50

Just in time permissions
short term admin permissions
a breached user account doesn’t have admin access
user requests admin permissions from a clearinghouse
primary credentials are stored in a password vault, and never doled out
each user gets a different short term set of admin credentials to use
when user is finished, short term credentials are deleted.

Question 51

cases for automation

Answer 51

user onboarding and offboarding
guard rails
- automated validation on configs
- limit admin mistakes
security groups
- assign or remove users from AD groups
ticket creation
- automate turning user emails into helpdesk tickets
escalation
- correct helpdesk issues before involving a human
- if helpdesk cannot fix it, automatically escalate to security
enable and disable services as needed
CI/CD Continuous integration and continuous deployment
use APIs with automation

Question 52

incident lifecycle (in order)

Answer 52

PDACERL
preparation
detection
analysis
containment,
eradication,
recovery
lessons learned

Question 53

chain of custody

Answer 53

used in digital forensics
control evidence
- maintain integrity of data
log who access data
have hashes and digital signatures of data to maintain data integrity
label and catalog everything
- digitally tag all items for ongoing documentation
- seal and store data

Question 54

Data owner

Answer 54

accountable for a specific data
VP of sales owns the customer relationship data
treasurer owns financial informatio

Question 55

data controller

Answer 55

manage the purposes and means by which personal data is processed
eg: payroll department defines payroll amounts and pay time

Question 56

data processor

Answer 56

processes data on behalf of the data controller
often a third-party or different group
eg: payroll company sends the paychecks

Question 57

data custodian/steward

Answer 57

responsible for data accuracy, privacy and security
attach sensitivity labels to data
make sure data complies with laws
implement security controls
grant users access to data

Question 58

Qualitative risk assessment

Answer 58

Risk assessment
identify significant risk factors
ask opinions about the significance
display visually with traffic light grid or similar method

Question 59

ARO

Answer 59

annualized rate of occurence

Question 60

AV

Answer 60

asset value
value of an asset to the organization
includes cost of th asset, effect on company sales

Question 61

EF

Answer 61

exposure factor
percentage of the value lost due to an incident

Question 62

SLE

Answer 62

single loss expenctancy
monetary loss if a single event occurs.
SLE = AV * EF
eg: 1 laptop stolen
- SLE = 1000 * 1 = 1000

Question 63

ALE

Answer 63

annualized loss expectency
annualize loss per year
ALE = ARO * SLE
eg: seven laptops stolen per years
- ALE = 7 * 1000

Question 64

risk likelihood

Answer 64

qualitative measurement of risk
eg: rare, possible, almost certain
eg: high, medium, low

Question 65

risk probability

Answer 65

quantitative measurement of risk
eg: statistical measurement
based on historical performance
numbers

Question 66

risk appetite posture

Answer 66

qualitative description for readiness to take risk
eg: conservative, neutral, expansionary

Question 67

risk tolerance

Answer 67

an acceptable variance from the risk appetite
usually larger than risk appetite
eg: you can drive 5 mph over speed limit before you get a ticket

Question 68

risk register

Answer 68

every project has a plan, but also a risk
- identify and document risk associated with each step of a project
- document solutions to the risk

Question 69

risk reporting

Answer 69

formal document
- identify risk
- detailed information for each risk
created for senior management
- make decisions regarding resources, budgeting, additional security tasks
includes critical and emerging risks
- the most important considerations

Question 70

SLA

Answer 70

service level agreement
minimum terms for services provided
uptime, down response time, etc
commonly used between customers and providers

Question 71

MOU

Answer 71

memorandum of understanding
informal contract between two organizations
confidentiality agreements
very broad, not detailed

Question 72

MOA

Answer 72

memorandum of agreement
one step above an MOU
more detailed than an MOU, but still fairly broad
not a contract
may not contain legally enforcable promises

Question 73

MSA

Answer 73

master service agreement
legal contract and agreement of terms
broad framework to cover future transactions
covers many detailed negotiations
foundation for future services

Question 74

WO

Answer 74

work order
aka SOW - statement of work
extends an MSA
specific list of items to be completed
Details the scope of the job, location and deliverables

Question 75

NDA

Answer 75

non-disclosure agreement
confidentiality agreement between parties
protect data, so companies can discuss trade secrets
unilateral - one way NDA
bilateral - two way NDA
multilateral - many way NDA, for multiple companies

Question 76

BPA

Answer 76

business partners agreement
two people going into business together make an agreement
has owner’s stake
has financial contract
who makes the decisions?
prepare for contingencies

Question 77

GLBA

Answer 77

gramm-leach-bliley act of 1999
requires disclosure of privacy info from banks

Question 78

SOX

Answer 78

sarbanes-oxley act
public accounting reform and investor protection act of 2002

Question 79

due diligence

Answer 79

monitor compliance
make sure that the company is acting in good faith to do compliance
implies a third party is doing due diligence

Question 80

due care

Answer 80

monitor compliance
make sure that the company is acting in good faith to do compliance
implies the company itself is doing due care

Question 81

attestation (compliance monitoring)

Answer 81

someone must sign off on formal compliance docs
ultimately responsible if the docs are incorrect

Question 82

EDR

Answer 82

Endpoint Detection and Response
host endpoint security client
more advanced than signature detection
behavioral analysis, machine learning and process monitoring
lightweight agent on the endpoint
detects threats
investigate the threat
root cause analysis
respond to threats

Question 83

XDR

Answer 83

eXtended Detection and Response
enhanced version of EDR
improved missed detection, false positives and long investigation times
analyses data from many different endpoints to make conclusions
adds network-based detection
correlate endpoint, network and cloud data to find threats

Question 84

XDR behavior analytics

Answer 84

user behavior analytics
watch users, hosts, network traffic, data repositories, etc
make a baseline of normal activity
watch for any unusual activity