What are the three properties of secure information? Answer- Confidentiality, Integrity,
and Availability
What does confidentiality mean in the context of the CIA Triad? Answer- means that
certain information should o
...
What are the three properties of secure information? Answer- Confidentiality, Integrity,
and Availability
What does confidentiality mean in the context of the CIA Triad? Answer- means that
certain information should only be known to certain people.
What does integrity mean in the context of the CIA Triad? Answer- means that the data
is stored and transferred as intended and that any modification is authorized.
What does availability mean in the context of the CIA Triad? Answer- means that
information is accessible to those authorized to view or modify it.
What is a fourth property of secure information that could be added to the CIA Triad?
Answer- Nonrepudiation
What is nonrepudiation? Answer- means that a subject cannot deny doing something,
such as creating, modifying, or sending a resource.
What are the five functions of cybersecurity according to the National Institute of
Standards and Technology (NIST)? Answer- Identify, Protect, Detect, Respond, and
Recover
What does 'Identify' mean in the context of cybersecurity functions according to the
NIST? Answer- develop security policies and capabilities. Evaluate risks, threats, and
vulnerabilities and recommend security controls to mitigate them.
What does 'protect' mean in the context of cybersecurity functions according to the
NIST? Answer- procure/develop, install, operate, and decommission IT hardware and
software assets with security as an embedded requirement of every stage of this
operations life cycle.
What does 'detect' mean in the context of cybersecurity functions according to the
NIST? Answer- perform ongoing, proactive monitoring to ensure that controls are
effective and capable of protecting against new types of threats.
What does 'respond' mean in the context of cybersecurity functions according to the
NIST? Answer- identify, analyze, contain, and eradicate threats to systems and data
security.
What does 'recover' mean in the context of cybersecurity functions according to the
NIST? Answer- implement cybersecurity resilience to restore systems and data if other
controls are unable to prevent attacks.
Information security professionals must be competent in the following areas Answer-
Participate in risk assessments and testing of security systems and make
recommendations.
Specify, source, install, and configure secure devices and software.
Set up and maintain document access control and user privilege profiles.
Monitor audit logs, review user privileges, and document access controls.
Manage security-related incident response and reporting.
Create and test business continuity and disaster recovery plans and procedures.
Participate in security training and education programs.
What is a security policy? Answer- A formalized statement that defines how security will
be implemented within an organization
Overall internal responsibility for security might be allocated to a dedicated department
such as a Answer- Director of Security, Chief Security Officer (CSO), or Chief
Information Security Officer (CISO).
What is a Security Operations Center (SOC)? Answer- a location where security
professionals monitor and protect critical information assets across other business
functions, such as finance, operations, sales/marketing, and so on. Because SOCs can
be difficult to establish, maintain, and finance, they are usually employed by larger
corporations, like a government agency or a healthcare company.
What is Development and Operations (DevOps)? Answer- a cultural shift within an
organization to encourage much more collaboration between developers and system
administrators. By creating a highly orchestrated environment, IT personnel and
developers can build, test, and release software faster and more reliably.
a single point-of-contact for the notification of security incidents should be handled by a
dedicated... Answer- cyber incident response team (CIRT)/computer security incident
response team (CSIRT)/computer emergency response team (CERT)
A multinational company manages a large amount of valuable intellectual property (IP)
data, plus personal data for its customers and account holders. What type of business
unit can be used to manage such important and complex security requirements?
Answer-
A business is expanding rapidly and the owner is worried about tensions between its
established IT and programming divisions. What type of security business unit or
function could help to resolve these issues? Answer-
What is a security control? Answer- is something designed to make give a system or
data asset the properties of confidentiality, integrity, availability, and non-repudiation.
What are the three broad categories of security controls? Answer- Technical,
Operational, Managerial
What entails a technical security control? Answer- the control is implemented as a
system (hardware, software, or firmware). For example, firewalls, antivirus software,
and OS access control models are technical controls. Technical controls may also be
described as logical controls.
What entails a managerial security control? Answer- the control gives oversight of the
information system. Examples could include risk identification or a tool allowing the
evaluation and selection of other security controls.
What entails an operational security control? Answer- the control is implemented
primarily by people rather than systems. For example, security guards and training
programs are operational controls rather than technical controls.
What are the categories of security controls according to their objective/function?
Answer- Preventative, Detective, Corrective, Physical, Deterrent, Compensating
What entails a 'Corrective Security Control'? Answer- the control acts to eliminate or
reduce the impact of an intrusion event. A corrective control is used after an attack. A
good example is a backup system that can restore data that was damaged during an
intrusion. Another example is a patch management system that acts to eliminate the
vulnerability exploited during the attack.
What entails a 'Deterrent Security Control? Answer- the control may not physically or
logically prevent access, but psychologically discourages an attacker from attempting
an intrusion. This could include signs and warnings of legal penalties against trespass
or intrusion.
What entails a 'Physical Security Control'? Answer- controls such as alarms, gateways,
locks, lighting, security cameras, and guards that deter and detect access to premises
and hardware are often classed separately.
What entails a 'Detective Security Control'? Answer- the control may not prevent or
deter access, but it will identify and record any attempted or successful intrusion. A
detective control operates during the progress of an attack. Logs provide one of the best
examples of detective-type controls.
What entails a 'Compensating Security Control'? Answer- the control serves as a
substitute for a principal control, as recommended by a security standard, and affords
the same (or better) level of protection but uses a different methodology or technology.
What entails a 'Protective Security Control'? Answer- the control acts to eliminate or
reduce the likelihood that an attack can succeed. A preventative control operates before
an attack can take place. Access control lists (ACL) configured on firewalls and file
system objects are preventative-type controls. Anti-malware software also acts as a
preventative control, by blocking processes identified as malicious from executing.
Directives and standard operating procedures (SOPs) can be thought of as
administrative versions of preventative controls.
What is a cybersecurity framework (CSF)? Answer- a list of activities and objectives
undertaken to mitigate risks. The use of a framework allows an organization to make an
objective statement of its current cybersecurity capabilities, identify a target level of
capability, and prioritize investments to achieve that target
You have implemented a secure web gateway that blocks access to a social networking
site. How would you categorize this type of security control? Answer-
A company has installed motion-activated floodlighting on the grounds around its
premises. What class and function is this security control? Answer-
A firewall appliance intercepts a packet that violates policy. It automatically updates its
Access Control List to block all further packets from the source IP. What TWO functions
is the security control performing? Answer-
If a security control is described as operational and compensating, what can you
determine about its nature and function? Answer-
If a company wants to ensure it is following best practice in choosing security controls,
what type of resource would provide guidance? Answer-
What is due diligence? Answer- a legal term meaning that responsible persons have not
been negligent in discharging their duties.
What is the Sarbanes-Oxley Act (SOX)? Answer- mandates the implementation of risk
assessments, internal controls, and audit procedures.
What is the Computer Security Act (1987)? Answer- requires federal agencies to
develop security policies for computer systems that process confidential information
What is the Federal Information Security Management Act (FISMA)? Answer-
introduced to govern the security of data processed by federal government agencies.
What is the General Data Protection Regulation (GDPR)? Answer- means that personal
data cannot be collected, processed, or retained without the individual's informed
consent.
What is informed consent? Answer- means that the data must be collected and
processed only for the stated purpose, and that purpose must be clearly described to
the user in plain language, not legalese.
What is the Center for Internet Security (CIS)? Answer- a not-for-profit organization
(founded partly by The SANS Institute). It publishes the well-known "The 20 CIS
Controls."
What is port 20-21? Answer- File Transfer Protocol (FTP)
What is port 22? Answer- Secure Shell (SSH), Secure Copy Protocol (SCP), Secure
File Transfer Protocol (SFTP)
What is port 23? Answer- Telnet
What is port 25? Answer- Simple Mail Transfer Protocol;l (SMTP)
What is port 49? Answer- TACACS (Terminal Access Controller Access Control System
What is port 53? Answer- Domain Name System (DNS)
What is port 67/68? Answer- Dynamic Host Configuration Protocol (DHCP)
What is port 69? Answer- Trivial File Transfer Protocol (TFTP)
What is port 80? Answer- Hypertext Transfer Protocol (HTTP)
What is port 88? Answer- Kerberos
What is port 443? Answer- Hypertext Transfer Protocol Secure (HTTPS) and Secure
Socket Layer Virtual Private Network (SSL VPN)
What is port 110? Answer- Post Office Protocol; Version 3 (POP3)
What is port 119? Answer- Network News Transfer Protocol (NNTP)
What is port 143? Answer- Internet Message Access Protocol Version 4 (IMAP4)
What is port 161? Answer- Simple Network Management Protocol (SNMP)
What is port 162? Answer- Simple Network Management Protocol Trap (SNMP Trap)
What is port 389? Answer- Lightweight Directory Access Protocol (LDAP)
What is port 500? Answer- ISAKMP (VPN)
What is port 514? Answer- Syslog
What is port 1701? Answer- Layer 2 Tunneling Protocol (L2TP)
What is port 1723? Answer- Point-to-Point Protocol (PPTP)
What is port 3389? Answer- Remote Desktop Protocol (RDP)
Vulnerability Answer- a weakness that could be triggered accidentally or exploited
intentionally to cause a security breach.
Threat Answer- the potential for someone or something to exploit a vulnerability and
breach security. A threat may be intentional or unintentional. The person or thing that
poses the threat is called athreat actor or threat agent. The path or tool used by a
malicious threat actor can be referred to as the attack vector.
Risk Answer- the likelihood and impact (or consequence) of a threat actor exploiting a
vulnerability.
Topology Discovery (Footprinting) Answer- scanning for hosts, IP ranges, and routes
between networks to map out the structure of the target network
ipconfig Answer- show the configuration assigned to network interface(s) in Windows,
including the hardware or media access control (MAC) address, IPv4 and IPv6
addresses, default gateway, and whether the address is static or assigned by DHCP. If
the address is DHCP-assigned, the output also shows the address of the DHCP server
that provided the lease.
ifconfig Answer- show the configuration assigned to network interface(s) in Linux.
ping Answer- probe a host on a particular IP address or host name using Internet
Control Message Protocol (ICMP). You can use ping with a simple script to perform a
sweep of all the IP addresses in a subnet.
arp Answer- display the local machine's Address Resolution Protocol (ARP) cache. The
ARP cache shows the MAC address of the interface associated with each IP address
the local host has communicated with recently. This can be useful if you are
investigating a suspected spoofing attack. For example, a sign of a man-in-the-middle
attack is where the MAC address of the default gateway IP listed in the cache is not the
legitimate router's MAC address.
route Answer- view and configure the host's local routing table. Most end systems use a
default route to forward all traffic for remote networks via a gateway router. If the host is
not a router, additional entries in the routing table could be suspicious.
tracert Answer- uses ICMP probes to report the round trip time (RTT) for hops between
the local host and a host on a remote network. tracert is the Windows version of the
tool.
traceroute Answer- performs route discovery from a Linux host. traceroute uses UDP
probes rather than ICMP, by default.
pathping Answer- provides statistics for latency and packet loss along a route over a
longer measuring period. pathping is a Windows tool; the equivalent on Linux is mtr.
red team Answer- performs the offensive role to try to infiltrate the target.
blue team Answer- performs the defensive role by operating monitoring and alerting
controls to detect and prevent the infiltration.
white team Answer- which sets the rules of engagement and monitors the exercise,
providing arbitration and guidance, if necessary
purple team Answer- the red and blue teams meet for regular debriefs while the
exercise is ongoing.
penetration testing Answer- uses authorized hacking techniques to discover exploitable
weaknesses in the target's security systems.
Examples of Active Reconnaissance Answer- social engineering, footprinting, OSINT,
War Driving, UAV
[Show More]
