Weak Points #3

Question 1

Rule-Based Access Control

Answer 1

An access control model in which access to resources is granted or denied depending on the contents of Access Control List (ACL) entries

Label-based access control that defines whether access should be granted or denied to objects by comparing the object label and the subject label

Question 2

ABAC Access Policy Properties

Answer 2

Subject (user or process requesting access)
Type of action (for example “read”, “write”, “execute”)
Resource type (medical record, bank account etc.)
Environment (contextual data, such as time of day or geolocation)

Question 3

MAC Characteristics

Answer 3

Users are not allowed to change access policies at their own discretion

Labels and clearance levels can only be applied and changed by an administrator

Every resource has a sensitivity label matching a clearance level assigned to a user

Question 4

PAM

Answer 4

Privileged Access Management:

A security solution that provides control over elevated (i.e. administrative type) accounts

Question 5

DER Characteristics

Answer 5

Encoded in binary format

.der and .cer file extension

Generally used for Java servers

Question 6

PEM Characteristics

Answer 6

Encoded in text (ASCII Base64) format

.pem .crt .cer .key file extensions

Generally used for Apache servers or similar configurations

Question 7

PFX & P12 Characteristics

Answer 7

Encoded in binary format

.pfx .p12 file extensions

Generally used for Windows servers

Question 8

P7B Characteristics

Answer 8

Encoded in text (ASCII Base64 format)

.p7b file extension

Generally used for Windows & Java Tomcat servers

Question 9

IPFIX

Answer 9

An IETF specification that defines how IP flow information is to be formatted and transferred from an exporter to a collector

Question 10

Order of Volatility

Answer 10

Cache memory -> RAM -> Swap/Pagefile -> Temporary files -> Disk files -> Archival media

Question 11

Operational Control Examples

Answer 11

Data backups
Configuration management
Awareness programs

Question 12

Preventative Control Examples

Answer 12

Security Guards
System hardening
Separation of duties

Question 13

Detective Control Examples

Answer 13

Log monitoring
Security audits
CCTV
IDS

Question 14

Corrective Control Examples

Answer 14

IPS
Backups & system recovery
Alternate site
Fire suppression system

Question 15

Compensating Control Examples

Answer 15

Backup power system
Sandboxing
Temporary port blocking
Temporary service disablement

Question 16

CIS (Simplified)

Answer 16

Center for Internet Security:

Configuration guidelines for hardening

Question 17

ISO/IEC 27001

Answer 17

Basic procedure for cybersecurity (international standard) - focused on establishing/maintaining info systems

Question 18

ISO/IEC 27002

Answer 18

International standard focused on information security controls
(to protect those systems)

Question 19

ISO/IEC 27701

Answer 19

Adding privacy to ISMS (privacy extension for ISO 27001)

Focuses on privacy data management

Question 20

ISO/IEC 31000

Answer 20

Attempt to create global risk management framework

A family of standards providing principles & guidelines for risk management

Question 21

SOC 2 Audits (SSAE 18)

Answer 21

System & Organization Controls:
Provides detailed information and assurance about a service organization’s security, availability, processing integrity, confidentiality and/or privacy controls, based on their compliance with the AICPA’s TSC (Trust Services Criteria)

Question 22

SOC 2 Audit Type I

Answer 22

Provides a snapshot of the organization’s control landscape in a specific point in time

Question 23

SOC 2 Audit Type II

Answer 23

Evaluates the effectiveness of controls over a period of time of at least six consecutive calendar months

Question 24

CSA

Answer 24

Cloud Security Alliance:

A nonprofit organization promoting best security practices related to cloud computing environments

Question 25

CSA: CCM

Answer 25

Cloud Security Alliance: Cloud Control Matrix Designed to provide fundamental security principles to guide cloud vendors and to assist prospective cloud customers in assessing the overall security risk of a cloud provider Cloud-specific security controls Controls are mapped to standards/best practices/regulations

Question 26

CSA: Reference Architecture

Answer 26

Gives us the outline of what we want & build roadmap to meet needs

Question 27

NIST RMF

Answer 27

Risk Management Framework: Integrates security/risk management into the system development life cycle Prepare, Categorize, Select, Implement, Assess, Authorize, Monitor

Question 28

NIST CSF

Answer 28

Cybersecurity Framework: Standards/best practices to help manage cybersecurity risks Identify, protect, detect, respond, recover

Question 29

USB OTG

Answer 29

USB On-the-Go: Allows USB devices (phones/tablets/etc) to act as a host, allowing other USB devices (flash drives/cameras/mouse/keyboard) to be attached to them. One is host, one is peripheral

Question 30

CCMP (Counter-mode/CBC-MAC Protocol)

Answer 30

Employs 128-bit keys and a 48-bit initialization vector that minimizes vulnerability to replay attacks The Counter Mode component provides data privacy The Cipher Block Chaining Message Authentication Code component provides data integrity and authentication

Question 31

NAT Gateway

Answer 31

Allows systems to connect to another network without being directly exposed to it

Question 32

Opal (FDE/SED)

Answer 32

A set of specifications for features of data storage devices that enhance their security Defines a way of encrypting the stored data so that an unauthorized person who gains possession of the device cannot see the data

Question 33

EDR

Answer 33

Endpoint Detection & Response: Monitor and collect activity data from endpoints that could indicate a threat Analyze this data to identify threat patterns Automatically respond to identified threats to remove or contain them, and notify security personnel Forensics and analysis tools to research identified threats and search for suspicious activities

Question 34

FISMA

Answer 34

Federal Information Security Management Act: A US federal law that defines a comprehensive framework to protect government information, operations, and assets against natural or human-made threats. Requires that government agencies and other organizations that operate systems on behalf of government agencies comply with security standards.

Question 35

PtH (Pass the Hash)

Answer 35

The process of harvesting an account's cached credentials when the user logs into a SSO system. (The cached credentials are in hash form)

Question 36

Heuristic vs. Behavioral Detection

Answer 36

``` Behavioral Detection (AKA: Statistical or Profile-based): The engine is trained to recognize baseline traffic or expected events associated with a user account or network device. Anything that deviates from this baseline (outside a defined level of tolerance) generates an alert ``` Heuristic Detection: Determines whether several observed data points constitute an indicator and whether related indicators make up an incident depending on a good understanding of the relationship between the observed indicators