Cybersecurity Essentials chapter 2, SKA Module 10 Defense in Depth, State of Data, Access Control;CIA

Goals

What is identified by the first dimension of the cybersecurity cube?

Confidentiality, Integrity and Availability

What are the three foundational principles of the cybersecurity domain? (Choose three.)

confidentiality

What principle prevents the disclosure of information to unauthorized people, resources, and processes?

authorization

authentication

What are two methods that ensure confidentiality?

PII

classified

business

What are three types of sensitive information?

Authentication, authorization, accounting

What are three access control security services? (Choose three.)

Authorization

What service determines which resources a user can access along with the operations that a user can perform?

hashing, data consistency checks

Which two methods help to ensure data integrity?

SHA

MD5

What are two common hash functions? (Choose two.)

equipment maintenance

up-to-date operating systems

system backups

What three methods help to ensure system availability?

eliminate single points of failure

detect failures as they occur

provide for reliable crossover

What three design principles help to ensure high availability?

NAS

What name is given to a storage device connected to a network?

in-transit

in-process

at rest

What are the three states of data?

Encryption

authentication

tokenization

What are methods that ensure confidentiality?

Backup

What name is given to any changes to the original data such as users manually modifying data, programs processing and changing data, and equipment failures?

gives security staff the backing of management

is not legally binding

defines legal consequences of violations

What three tasks are accomplished by a comprehensive security policy?

urgency

intimidation

What are two of the tactics used by a social engineer to obtain personal information from an unsuspecting target?

SHA-256

You have been asked to implement a data integrity program to protect data files that need to be electronically downloaded by the sales staff. You have decided to use the strongest hashing algorithm available on your systems for protection of sensitive, unclassified data. Which hash algorithm would you select?

HMAC

A VPN will be used within the organization to give remote users secure access to the corporate network. What does IPsec use to authenticate the origin of every packet to provide data integrity checking?

System resiliency

Being able to maintain availability during disruptive events describes which of the principles of high availability?

Asset Standardization

What is it called when an organization only installs applications that meet its guidelines, and administrators increase security by eliminating all other applications?

RAID

Which technology would you implement to provide high availability and redundancy on local servers for data storage?

identification and authentication policies

An essential part of a security policy

Updates cannot be circumvented.

Administrators can approve or deny patches.

Updates can be forced on systems immediately.

A user is proposing the purchase of a patch management solution for a company. The user wants to give reasons why the company should spend money on a solution. What benefits does patch management provide?

Password Policy

A series of Group Policy settings that determine password security requirements, such as length, complexity, and age.

Baseline

A user is asked to analyze the current state of a computer operating system. What should the user compare the current operating system against to identify potential vulnerabilities?

AUP (Acceptable Use Policy)

Defines what action employees may or may not preform on company equipment, including computers, phones, printers, and even the network itself. This policy defines the handling of passwords, e-mail, and many other issues.

VPN

The company has many users who telecommute. A solution needs to be found so a secure communication channel can be established between the remote location of users and the company. What is a good solution for this situation?

SSH (Secure Shell)

An administrator of a small data center wants a flexible, secure method of remotely connecting to servers.Which protocol would be best to use?

DNS

Which service will resolve a specific web address into an IP address of the destination web server?

SAN

network based storage system connected to high speed interfaces, allowing for improved performance;ability to connect multiple servers to a centralized disk storage

unauthorized access

data loss

What are two potential threats to applications? (Choose two.)

laws governing the data

As a security professional, there is a possibility to have access to sensitive data and assets. What is one item a security professional should understand in order to make informed ethical decisions?

PCI DSS

A breach occurs in a company that processes credit card information. Which industry specific law governs credit card data protection?

GLBA

As part of HR policy in a company, an individual may opt-out of having information shared with any third party other than the employer. Which law protects the privacy of personal shared information?

CFAA

If a person knowingly accesses a government computer without permission, what federal act laws would the person be subject to?

FERPA

A school administrator is concerned with the disclosure of student information due to a breach. Under which act is student information protected?

confidential business information

national security and foreign policy information

law enforcement records that implicate one of a set of enumerated concerns

What are three disclosure exemptions that pertain to the FOIA?

Vulnerability Scanner

A security professional is asked to perform an analysis of the current state of a company network. What tool would the security professional use to scan the network only for security risks?

DAS

Type of storage most vulnerable to malicious attacks

RAID, NAS and SAN

Types of network storage which are secure but complicated to set up;Data at Rest

three methods used to verify identity

something you know

something you have

something you are

Privacy laws

protect you from an organization that may want to share your information

Sneaker Net

Uses removable media to physically move data from one computer to another

Tasks of a Comprehensive Security Plan

sets rules for expected behavior

defines legal consequences of violations

gives security staff the backing of management

Design Principles which insure high availability

detect failures as they occur

provide for reliable crossover

eliminate single points of failure

Lil Nas X

Old Town Road

Ice Spice

has a duet with Tay on the Midnights Album

Mrs. Edris' favorite band

Radiohead and the National

3 MULTIPLE CHOICE OPTIONS

Input, Output, Modification

Ways to control Data in Process

Sneaker net;wireless;wired

Challenges to Data in Transit

Protecting Data confidentiality

implement VPNs, SSL, IPsec and encrypting of data

Protecting Data Availability

Mutual authentication;backups;cloud storage

malicious code

one of the possible causes of corrupt data

incorrect use of data delimiters;improperly configured printers

an example of "outputed" data corruption