Terms

Question 1

What is an organization’s Security Posture?

Answer 1

Security posture is an organization’s ability to manage its defense of critical assets and data and react to change

Question 2

Goals of the Security and Risk Management Domain

Answer 2

Security goals and objectives

Risk mitigation processes

Compliance

Business continuity plans

Legal regulations

Professional and organizational ethics

Question 3

What is Asset security?

Answer 3

Asset security involves managing the cybersecurity processes of organizational assets, including the storage, maintenance, retention, and destruction of physical and virtual data.

Question 3

What is the concept of shared responsibility?

Answer 3

Shared responsibility is part of the Security Architecture and Engineering domain. It means all individuals involved take an active role in lowering risk during the design of a security system

Question 4

What is the Security architecture and engineering Domain?

Answer 4

This domain focuses on managing data security. Ensuring effective tools, systems, and processes are in place helps protect an organization’s assets and data. Security architects and engineers create these processes.

Question 5

What is the Communication and network security Domain?

Answer 5

This domain focuses on managing and securing physical networks and wireless communications. This includes on-site, remote, and cloud communications.

Question 6

What is the Identity and access management Domain?

Answer 6

The identity and access management (IAM) domain focuses on keeping data secure. It does this by ensuring user identities are trusted and authenticated and that access to physical and logical assets is authorized. This helps prevent unauthorized users while allowing authorized users to perform their tasks.

Question 7

What is the principle of least privilege?

Answer 7

Identity and Access Management Domain uses what is referred to as the principle of least privilege, which is the concept of granting only the minimal access and authorization required to complete a task.

Question 8

What is the Security assessment and testing Domain?

Answer 8

The security assessment and testing domain focuses on identifying and mitigating risks, threats, and vulnerabilities.

Question 9

What are Security Assessments?

Answer 9

Security assessments help organizations determine whether their internal systems are secure or at risk.

Question 10

What is the Security operations Domain?

Answer 10

The security operations domain focuses on the investigation of a potential data breach and the implementation of preventative measures after a security incident has occurred

Question 11

What is the Software development security Domain?

Answer 11

The software development security domain is focused on using secure programming practices and guidelines to create secure applications. Having secure applications helps deliver secure and reliable services, which helps protect organizations and their users.

Question 12

What is an asset?

Answer 12

An asset is an item perceived as having value to an organization.

Question 13

What is a threat?

Answer 13

A threat is any circumstance or event that can negatively impact assets.

Question 14

What is a risk?

Answer 14

A risk is anything that can impact the confidentiality, integrity, or availability of an asset.

Question 15

What is a vulnerability?

Answer 15

A vulnerability is a weakness that can be exploited by a threat.

Question 16

What are the 3 key Impacts of Threats, Risks, and Vulnerabilities?

Answer 16

Financial
Identity theft
Reputation

Question 17

Elaborate on Step One of the RMF

Answer 17

Prepare refers to activities that are necessary to manage security and privacy risks before a breach occurs.

Question 17

What are the 3 layers of the Web?

Answer 17

They are the
Surface web - accessed by a normal browser and required nothing else.
Deep Web - requires Authorization to access such as an organization’s intranet.
Dark Web - Requires special software to access.

Question 18

What are the 7 steps of the Risk Management Framework?

Answer 18

prepare, categorize, select, implement, assess, authorize, and monitor.

Question 19

Elaborate on Step Two of the RMF

Answer 19

Step two is categorize, which is used to develop risk management processes and tasks.

Question 20

Elaborate on Step Three of the RMF

Answer 20

Step three is select. Select means to choose, customize, and capture documentation of the controls that protect an organization.

Question 21

Elaborate on Step Five of the RMF

Answer 21

Step five is - Assess. Assess means to determine if established controls are implemented correctly.

Question 22

Elaborate on Step Four of the RMF

Answer 22

Step four is to implement security and privacy plans for the organization.

Question 23

Elaborate on Step Seven of the RMF

Answer 23

Step seven is Monitor. Monitor means to be aware of how systems are operating.

Question 24

Elaborate on Step Six of the RMF

Answer 24

Step six is Authorize. Authorize means being accountable for the security and privacy risks that may exist in an organization.

Question 25

What are Security Frameworks?

Answer 25

Security frameworks are guidelines used for building plans to help mitigate risks and threats to data and privacy. Frameworks support organizations’ ability to adhere to compliance laws and regulations.

Question 26

What are Security Controls?

Answer 26

Security controls are safeguards designed to reduce specific security risks. Security controls are the measures organizations use to lower risk and threats to data and privacy.

Question 27

What is the CIA triad?

Answer 27

The CIA triad is a model that helps inform how organizations consider risk when setting up systems and security policies. It is made up of three elements that cybersecurity analysts and organizations work toward upholding: confidentiality, integrity, and availability. Maintaining an acceptable level of risk and ensuring systems and policies are designed with these elements in mind helps establish a successful security posture

Question 28

CIA triad - Confidentiality

Answer 28

Confidentiality is the idea that only authorized users can access specific assets or data.

Question 29

CIA triad - Integrity

Answer 29

Integrity is the idea that the data is verifiably correct, authentic, and reliable.

Question 30

CIA triad - Availability

Answer 30

Availability is the idea that data is accessible to those who are authorized to use it.

Question 30

What is the NIST Cybersecurity Framework?

Answer 30

The CSF is a voluntary framework that consists of standards, guidelines, and best practices to manage cybersecurity risk.

Question 31

What are the 5 steps of the NIST CSF?

Answer 31

identify, protect, detect, respond, and recover.

Question 32

Elaborate on the First step of the NIST CSF

Answer 32

The first core function is Identify, which is related to the management of cybersecurity risk and its effect on an organization’s people and assets.

Question 33

Elaborate on the Second step of the NIST CSF

Answer 33

The second core function is Protect, which is the strategy used to protect an organization through the implementation of policies, procedures, training, and tools that help mitigate cybersecurity threats.

Question 33

Elaborate on the Third step of the NIST CSF

Answer 33

The third core function is Detect, which means identifying potential security incidents and improving monitoring capabilities to increase the speed and efficiency of detections.

Question 34

What are OWASP Security Principles?

Answer 34

They are principles and guidelines that can be used, along with NIST frameworks and the CIA triad, to help security teams minimize threats and risks.

Question 34

Elaborate on the Fourth step of the NIST CSF

Answer 34

The fourth function is Respond, which means making sure that the proper procedures are used to contain, neutralize, and analyze security incidents, and implement improvements to the security process.

Question 35

Elaborate on the Fifth step of the NIST CSF

Answer 35

The fifth core function is Recover, which is the process of returning affected systems back to normal operation.

Question 36

Elaborate on OWASP First Security Principle

Answer 36

The first OWASP principle is to minimize the attack surface area. An attack surface refers to all the potential vulnerabilities that a threat actor could exploit, like attack vectors, which are pathways attackers use to penetrate security defenses.

Question 37

Elaborate on OWASP Second Security Principle

Answer 37

The second OWASP principle is the principle of least privilege means making sure that users have the least amount of access required to perform their everyday tasks

Question 38

Elaborate on OWASP Third Security Principle

Answer 38

The third OWASP principle is defense in depth. Defense in depth means that an organization should have multiple security controls that address risks and threats in different ways.

Question 39

Elaborate on OWASP Fourth Security Principle

Answer 39

The fourth principle is separation of duties, which can be used to prevent individuals from carrying out fraudulent or illegal activities. This principle means that no one should be given so many privileges that they can misuse the system.

Question 40

Elaborate on OWASP Fifth Security Principle

Answer 40

The fifth principle is Keep security simple. As the name suggests, when implementing security controls, unnecessarily complicated solutions should be avoided because they can become unmanageable.

Question 41

What is a Security Audit?

Answer 41

A security audit is a review of an organization’s security controls, policies, and procedures against a set of expectations.

Question 41

Elaborate on OWASP Sixth Security Principle

Answer 41

the sixth principle is to fix security issues correctly. When security incidents occur, identify the root cause, contain the impact, identify vulnerabilities, and conduct tests to ensure that remediation is successful.

Question 42

Elaborate on the First area of focus in a Security Audit

Answer 42

Identify the scope of the audit - List assets that will be assessed (e.g., firewalls are configured correctly, PII is secure, physical assets are locked, etc.)

Note how the audit will help the organization achieve its desired goals

Indicate how often an audit should be performed

Include an evaluation of organizational policies, protocols, and procedures to make sure they are working as intended and being implemented by employees

Question 43

Elaborate on the Second area of focus in a Security Audit

Answer 43

Complete a risk assessment.
A risk assessment is used to evaluate identified organizational risks related to budget, controls, internal processes, and external standards (i.e., regulations).

Question 43

Elaborate on the Third area of focus in a Security Audit

Answer 43

Conduct the audit.
When conducting an internal audit, you will assess the security of the identified assets listed in the audit scope.

Question 44

Elaborate on the Fourth area of focus in a Security Audit

Answer 44

Create a mitigation plan
A mitigation plan is a strategy established to lower the level of risk and potential costs, penalties, or other issues that can negatively affect the organization’s security posture.

Question 45

Elaborate on the Fifth area of focus in a Security Audit

Answer 45

Communicate results to stakeholders.
The end result of this process is providing a detailed report of findings, suggested improvements needed to lower the organization’s level of risk, and compliance regulations and standards the organization needs to adhere to.

Question 46

What is a SIEM tool?

Answer 46

A SIEM tool is an application that collects and analyzes log data to monitor critical activities in an organization.

Question 46

What’s a Cloud-Hosted SIEM tool?

Answer 46

Cloud-hosted SIEM tools are operated by vendors who are responsible for maintaining and managing the infrastructure required to use the tools. Cloud-hosted tools are simply accessed through the internet and are an ideal solution for organizations that don’t want to invest in creating and maintaining their own infrastructure.

Question 47

What are Open Source tools?

Answer 47

Open-source tools are often free to use and can be user-friendly. The objective of open-source tools is to provide users with software that is built by the public in a collaborative way, which can result in the software being more secure.

Question 48

What are Proprietary tools?

Answer 48

Proprietary tools are developed and owned by a person or company, and users typically pay a fee for usage and training. The owners of proprietary tools are the only ones who can access and modify the source code.

Question 49

What is an Operating System?

Answer 49

An operating system is the interface between computer hardware and the user. It’s used to communicate with the hardware of a computer and manage software applications.

Question 50

What is Linux?

Answer 50

Linux is an open-source operating system that is widely used. It allows you to tailor the operating system to your needs using a command-line interface.

Question 50

What is Splunk?

Answer 50

Splunk offers different SIEM tool options: Splunk® Enterprise and Splunk® Cloud. Both allow you to review an organization’s data on dashboards. This helps security professionals manage an organization’s internal infrastructure by collecting, searching, monitoring, and analyzing log data from multiple sources to obtain full visibility into an organization’s everyday operations.

Question 51

What is Splunk’s Security posture dashboard?

Answer 51

The security posture dashboard is designed for security operations centers (SOCs). It displays the last 24 hours of an organization’s notable security-related events and trends and allows security professionals to determine if security infrastructure and policies are performing as designed. Security analysts can use this dashboard to monitor and investigate potential threats in real-time, such as suspicious network activity originating from a specific IP address.

Question 52

What is Splunk’s Executive summary dashboard?

Answer 52

The executive summary dashboard analyzes and monitors the overall health of the organization over time. This helps security teams improve security measures that reduce risk. Security analysts might use this dashboard to provide high-level insights to stakeholders, such as generating a summary of security incidents and trends over a specific period of time.

Question 53

What’s Splunk’s Incident Review dashboard?

Answer 53

The incident review dashboard allows analysts to identify suspicious patterns that can occur in the event of an incident. It assists by highlighting higher-risk items that need immediate review by an analyst. This dashboard can be very helpful because it provides a visual timeline of the events leading up to an incident.

Question 54

What’s Splunk’s Risk analysis dashboard?

Answer 54

The risk analysis dashboard helps analysts identify risk for each risk object (e.g., a specific user, a computer, or an IP address). It shows changes in risk-related activity or behavior, such as a user logging in outside of normal working hours or unusually high network traffic from a specific computer. A security analyst might use this dashboard to analyze the potential impact of vulnerabilities in critical assets, which helps analysts prioritize their risk mitigation efforts.

Question 55

What is Chronicle?

Answer 55

Chronicle is a cloud-native SIEM tool from Google that retains, analyzes, and searches log data to identify potential security threats, risks, and vulnerabilities.

Question 56

What are SIEM Dashboards?

Answer 56

SIEM Dasdhboads use visual representations to provide security teams with quick and clear insights into the security posture of an organization.

Question 57

What are Metrics?

Answer 57

Metrics are key technical attributes such as response time, availability, and failure rate, which are used to assess the performance of a software application.

Question 58

What is a Log?

Answer 58

A log is a record of events that occur within an organization’s systems and networks.

Question 58

What are Security orchestration, automation, and response (SOAR)?

Answer 58

A collection of applications, tools, and workflows that use automation to respond to security events

Question 59

What is a Firewall Log?

Answer 59

A firewall log is a record of attempted or established connections for incoming traffic from the internet. It also includes outbound requests to the internet from within the network.

Question 60

What is a Network Log?

Answer 60

A network log is a record of all computers and devices that enter and leave the network. It also records connections between devices and services on the network.

Question 61

What is a Server Log?

Answer 61

a server log is a record of events related to services such as websites, emails, or file shares. It includes actions such as login, password, and username requests.

Question 62

What is a Playbook?

Answer 62

A playbook is a manual that provides details about any operational action. Essentially, a playbook provides a predefined and up-to-date list of steps to perform when responding to an incident.

Question 63

What is Incident Response?

Answer 63

Incident response is an organization’s quick attempt to identify an attack, contain the damage, and correct the effects of a security breach.

Question 64

Elaborate on the First Phase of an Incident Response Playbook

Answer 64

The first phase is preparation. Organizations must prepare to mitigate the likelihood, risk, and impact of a security incident by documenting procedures, establishing staffing plans, and educating users. Preparation sets the foundation for successful incident response.

Question 65

Elaborate on the Second Phase of an Incident Response Playbook

Answer 65

The second phase is detection and analysis. The objective of this phase is to detect and analyze events using defined processes and technology. Using appropriate tools and strategies during this phase helps security analysts determine whether a breach has occurred and analyze its possible magnitude.

Question 66

Elaborate on the Third Phase of an Incident Response Playbook

Answer 66

The third phase is containment. The goal of containment is to prevent further damage and reduce the immediate impact of a security incident. During this phase, security professionals take actions to contain an incident and minimize damage.

Question 67

Elaborate on the Fourth Phase of an Incident Response Playbook

Answer 67

The fourth phase in an incident response playbook is eradication and recovery. This phase involves the complete removal of an incident’s artifacts so that an organization can return to normal operations.

Question 68

Elaborate on the Fifth Phase of an Incident Response Playbook

Answer 68

The fifth phase is post-incident activity. This phase includes documenting the incident, informing organizational leadership, and applying lessons learned to ensure that an organization is better prepared to handle future incidents.

Question 69

Elaborate on the Sixth Phase of an Incident Response Playbook

Answer 69

The sixth and final phase in an incident response playbook is coordination. Coordination involves reporting incidents and sharing information, throughout the incident response process, based on the organization’s established standards.

Question 70

What is the purpose of a Playbook?

Answer 70

Playbooks are used by cybersecurity teams in the event of an incident. Playbooks help security teams respond to incidents by ensuring that a consistent list of actions is followed in a prescribed way, regardless of who is working on the case.

Question 70

What is SOAR?

Answer 70

SOAR is a piece of software used to automate repetitive tasks generated by tools such as a SIEM or managed detection and response (MDR).