Cybersecurity Principles and Best Practices

Questions and Answers

Which encryption method does the SSL protocol primarily utilize for the session key?

• Asymmetric encryption algorithm, using DES
• Asymmetric encryption algorithm, including DES
• Symmetric encryption algorithm, including DES, triple-DES (correct)
• Symmetric encryption algorithm, using RSA

What is the FIRST step in an optimal risk management methodology?

• Estimate potential damage from threats
• Identify critical information assets (correct)
• Analyze the impact of vulnerabilities
• Evaluate the probability of threats

Which biometric characteristic is considered to have the highest reliability?

• Eye (iris or retina) (correct)
• Hand geometry
• Writing
• Voice

What is a FUNDAMENTAL characteristic of a user awareness program?

Regularly reviewed against best practices (C)

Which statement about digital summary algorithms is correct?

MD4 is weaker than MD5 (C)

Which of the following is a feature of intrusion detection systems?

Collecting evidence of attack attempts (C)

Which protocol secures credit card payments in e-commerce?

SET (D)

What common feature do most hash functions used in security applications have?

Unique output for each unique input (B)

Which situation would likely increase the probability of fraud?

Application programmers have access to the development environment. (C)

What is the MAIN purpose of testing backup centers?

Ensure data integrity in the database. (D)

Who is responsible for developing the security policy?

The Security Committee. (B)

What does the MTO parameter define?

The maximum time until recovery of critical services post-disaster. (B)

How is the risk of a threat quantified?

The product of the probability of occurrence and the magnitude of the impact. (D)

What is the MOST important aspect of a security policy?

It should be derived from a prior risk assessment. (C)

What is the INITIAL step in establishing a security program?

Defining a security policy. (A)

What is the FUNDAMENTAL characteristic of hashing?

It is irreversible. (A)

What is the MAIN purpose for installing an intrusion detection system (IDS)?

Identify potential attacks on the internal network. (D)

What does creating a digital signature primarily achieve?

Verifies the message origin. (A)

Which situation indicates inadequate security controls in a production system?

Test libraries contain some real data. (B)

What distinguishes vulnerability assessment from penetration testing?

Vulnerability assessment identifies vulnerabilities, while penetration testing exploits them. (D)

What should a security manager prioritize when managing access control for program code documentation?

Review access logs to the code libraries. (A)

What is the primary role of a Certification Authority (CA)?

Confirm the identity of certificate holders. (D)

Which indicator suggests a failure in an organization's security information governance?

The security department struggles with staffing. (A)

How can the effectiveness of incident response procedures be primarily assessed?

Through an evaluation of past incident responses. (C)

Which of the following would NOT be part of a security policy?

Defining roles for each role (D)

What is the process of using interpersonal communication skills to gain unauthorized access to resources called?

Social engineering (A)

To provide protection for backups stored offsite, which of the following should be ensured?

Be protected against unauthorized access (D)

A dry pipe suppression system uses which of the following?

Water, but the water does not enter the pipes until a fire is detected (A)

Who should make the decision on whether a risk has been reduced to an acceptable level?

Organizational requirements (B)

What is the MAIN measure for the security of software and data in a data center?

Access controls (C)

Which property in database management systems ensures that a transaction either executes completely or does not execute at all?

Atomicity (D)

What does identifying risks and establishing their priorities allow project stakeholders to do?

Focus on areas of greatest impact (D)

Which factor is least critical when selecting an identification and authentication mechanism for an information system?

The organizational culture of security (A)

What aspect does the defined information security policy most significantly affect?

The entire organization including external users (D)

What does the parameter known as Annual Loss Expectancy (ALE) represent?

The potential annual loss due to an event multiplied by occurrence probability (C)

Which responsibility is NOT typically associated with a security administrator?

Approve the security policy (C)

Area managers are primarily tasked with which responsibility regarding the data they generate?

Classify data based on business value (D)

When determining retention periods for business information, which consideration should be the primary focus for the security manager?

Compliance with legal requirements (D)

Which feature is NOT typically associated with Single Sign-On (SSO) authentication mechanisms?

Increased password management difficulty (C)

What is a common misconception about the role of area managers regarding data security?

They have no say in data management decisions (B)

Who is primarily responsible for executing the disaster recovery plan?

The information security manager (B)

Why is it essential to analyze the situation after a denial of service attack?

To take preventive and/or corrective actions (A)

What is the primary objective of emergency actions following a disaster?

Preventing possible personal injuries (A)

In the context of business continuity, what does MTO refer to?

The maximum time an organization can sustain critical processes (A)

What does the paper test associated with a disaster recovery plan typically involve?

Testing the plan on critical business units (C)

When maintaining a warm site alternative center, which conditioning aspect is critical?

Air conditioning (D)

Which of the following is NOT an objective to pursue when defining a disaster recovery plan?

Increase recovery costs (A)

What should be a key focus when formulating a disaster recovery plan?

Reducing recovery time and costs (D)

Flashcards

How does SSL work?

The SSL protocol uses asymmetric encryption to encrypt the session key and a symmetric algorithm to encrypt the actual data.

What is the first step in risk management?

The first step in a risk management methodology should be to identify the critical information assets for the business.

Which physical characteristic is best for biometrics?

The eye, specifically the iris or retina, provides the most reliable physical characteristic for biometric systems due to its unique and complex patterns.

What defines a good user awareness program?

A user awareness program should be designed to cover all employees and undergo periodic reviews to ensure it aligns with current best practices.

Key lengths and security in hash functions

SHA1 uses a 160-bit key, and while it's more secure than MD4, it is not the most secure algorithm.

What does an intrusion detection system do?

Intrusion detection systems collect evidence of attack attempts, but they don't prevent attacks.

What protocol secures credit card payments?

The Secure Electronic Transaction (SET) protocol is used specifically for securing credit card payments in e-commerce.

Qualitative Approach

A qualitative approach focuses on understanding the nuances, meanings, and perspectives of a particular phenomenon. It involves exploring data through observation, interviews, and other methods to gain in-depth insights.

Application Programmer Changes to Production Programs

Changes made by application programmers directly to production programs increase the risk of unauthorized code injection or data manipulation, leading to fraud.

Testing Backup Centers

The primary purpose of testing backup centers is to ensure that they can successfully restore critical business operations in the case of a disaster.

Security Policy Responsibility

The Security Committee, typically composed of executives and security experts, is responsible for developing a comprehensive security policy that guides the organization's security practices.

MTO (Maximum Tolerable Outage)

MTO (Maximum Tolerable Outage) defines the maximum time an organization can be operating offsite and still achieve its business continuity objectives.

Threat Risk Calculation

The risk of a threat is calculated by multiplying the probability of the threat occurring by the severity of its impact if it does.

Security Policy Derivation

A security policy should be derived from a comprehensive risk assessment, identifying the organization's vulnerabilities and potential threats.

Initial Step in Security Program

Establishing a security policy is the initial and foundational step in developing a comprehensive security program. It provides a framework for all subsequent security activities.

What is a digital signature?

A digital signature is a cryptographic method used to verify the authenticity and integrity of a digital message, ensuring the sender's identity and preventing any unauthorized modifications.

What is Phishing?

Phishing is a type of social engineering attack where attackers disguise themselves as legitimate entities to deceive victims into revealing sensitive information, like passwords and credit card details.

What is the primary goal of an IDS?

The primary goal of an Intrusion Detection System (IDS) is to detect malicious activities or potential security threats within a network and alert administrators.

How does creating a digital signature ensure message integrity?

Creating a digital signature involves using a private key to encrypt a message digest, producing a unique code that verifies the message's origin and ensures its integrity.

What indicates inadequate security controls in a production system?

A production system with inadequate security controls might exhibit vulnerabilities such as allowing unauthorized access to sensitive data or lacking appropriate recovery mechanisms.

What is the difference between vulnerability assessment and penetration testing?

Vulnerability assessment identifies potential weaknesses in a system, while penetration testing actively exploits these vulnerabilities to understand the impact and potential consequences.

What is the role of a CA?

A Certification Authority (CA) acts as a trusted third party that verifies the identity of entities requesting digital certificates and issues certificates with corresponding public and private keys.

What could indicate a failure in security information governance?

A failure in security information governance can manifest in various ways, such as lacking clear security policies or having outdated security information.

What must a security policy identify?

A security policy must include information about the critical resources to be protected and how to protect them.

What is social engineering?

Social engineering is a way to gain unauthorized access to systems and data by manipulating people.

What does a dry pipe suppression system use?

A dry pipe suppression system uses water as a fire suppression agent, but only releases it when a fire is detected.

How does risk analysis help stakeholders?

Risk analysis helps prioritize risks based on their likelihood and impact, allowing organizations to focus on the most critical areas.

What is the MAIN security measure for software and data?

Access controls are the primary security measure for protecting software and data in a data center.

What is atomicity in database management?

Atomicity ensures that a database transaction is treated as a single unit, either completing entirely or not at all.

What is a security procedure?

Security procedures include defining the roles within an organization and the responsibilities associated with each role.

What should a risk analysis consider?

A risk analysis should consider both the probability of a loss and the severity of the loss, weighing both factors.

Disaster Recovery Plan

A documented plan outlining steps to restore critical business operations following a disaster, ensuring continuity.

Business Continuity Plan

A documented plan detailing how to maintain critical business processes in the event of a disruption, ensuring ongoing operations.

Maximum Tolerable Outage (MTO)

The maximum amount of time an organization can tolerate being offline before experiencing unacceptable consequences.

Disaster Recovery Plan Test

A procedure that simulates a disaster recovery plan using real-world scenarios and testing the effectiveness of recovery procedures.

Warm Site

A secure facility with basic infrastructure and connectivity, requiring some setup and equipment to become fully operational.

Hot Site

An alternative facility with fully operational equipment, ready for immediate use in case of a disaster.

Cold Site

A backup facility with minimal infrastructure, requiring significant time and resources to become operational.

Business Impact Analysis (BIA)

The process of analyzing the impact of a potential disaster and identifying critical business functions, assets, and recovery requirements.

What is ALE (Annual Loss Expectancy)?

This refers to how much financial loss you would expect if a specific event were to happen, calculated by multiplying the likely occurrence probability by the potential loss value.

What's the most likely task of a security administrator?

The security administrator is responsible for maintaining, enforcing, and ensuring the integrity of access rules, which control who can access what resources within the system.

Who does a security policy affect?

A crucial aspect of any information security policy is that it should be tailored to the specific needs and context of the organization, including its organizational structure, business processes, and sensitive information.

What is the main priority when setting information retention periods?

When deciding how long to keep information, you should prioritize legal and business requirements as they often dictate how long you need to retain data.

What's the biggest risk of using Single Sign-On (SSO)?

Single Sign-On (SSO) simplifies user access and management by allowing them to log in once and access multiple applications. However, a compromised SSO key would impact all connected applications.

What are the main considerations when selecting an authentication mechanism?

When selecting an authentication mechanism, you need to consider how complex it is to implement, how sensitive the information being protected is, and if it will be user-friendly. You should also think about false positives, which could lead to an incorrect rejection of a user.

What is the responsibility of area managers regarding data?

Data owners, usually area managers, hold the responsibility for classifying data based on its value and the potential impact of its compromise.

What is ROSI (Return on Security Investment)?

The Return on Security Investment (ROSI) is a metric used to assess the effectiveness of security investments. It compares the cost of security measures with the potential savings from preventing data breaches and disruptions.

Study Notes

Simulacro I - Preguntas

• Protocol SSL (Secure Sockets Layer): Provides security by encrypting data exchanged between server and client. It encrypts data using asymmetric algorithm (typically RSA) then encrypts the session key with a symmetric algorithm (DES, triple-DES, RC2, RC4, or IDEA).

• Optimal Risk Management Methodology: The first activity in a risk management methodology should be identifying critical business information assets.

• Biometric System Reliability: Hand geometry offers the highest reliability in biometric systems.

• User Awareness Program: A fundamental characteristic of a user awareness program is regular reviews and comparison with best practices in this area.

• Hash Algorithms (Digital Hash Functions): MD4 and MD5 are not as secure and use different key lengths compared to SHA1. SHA1 is the most secure algorithm, while MD4 is the least strong.

• Intrusion Detection System (IDS): A key characteristic of an IDS is collecting evidence about attack attempts.

• Secure Electronic Payment Protocol: The protocol used to secure credit card payments in e-commerce is Secure Sockets Layer (SSL).

• Backup Center Location: A backup center should be physically separated from the main data center and not subject to the same risks.

• Sectorial Guidelines for Risk Management: The main drawback to using sectorial guidelines and best practices is the possibility that the business will be over-protected from non-existent threats.

• Risk Assessment Process: Risk assessment is objective and not subjective, not based on mathematics, nor statistics.

• Acceptable Service Level (SLA): The acceptable service level (or standard) to which a business function or resource of business will be restored to an operational state within a set period of time.

• Disaster Recovery Team: The emergency operations team is the first to respond in the event of a disaster.

• Acceptable Risk Level: The acceptable risk level should be set by senior management.

• How to Determine a Data Transmission Risk: The best technique to determine how secure data transmitted is through encryption.

• Network Device Function: A router operates on layer 3 in the OSI model.

• Initial Step in Backup Design: In a backup strategy, the first step is to identify the data to be backed up.

• Risk Management Methodology Step: The initial step in a good risk management strategy is to determine the vulnerabilities present.

• Risk Criticality Measurement: The best way to determine the criticality of an application is to perform a business impact analysis.

• Incident History Analysis/Reporting: The incident history analysis demonstrates a trend and type of event, allowing for better decision making in risk management.

• Digital Signature Attribute: Non-repudiation is the attribute of a digital signature preventing the sender from later denying its creation.

• Business Impact Analysis ("BIA"): A "BIA" determines the impact on business if a business process or operation is disrupted, interrupted, or destroyed.

• Calculating Financial Losses: In a risk assessment, if financial losses are hard to calculate quantitatively, a qualitative approach should be used.

• Fraud Probability Factors: Implementing changes to production programs (versus test programs and development programs) likely increases the risk of fraud.

• Backup Center Purpose: The purpose of a backup center alternative is to act as a separate, independent backup location for data.

• Responsibility for Risk Assessments: The board of directors or senior management need to define the process for risk assessments and the overall risk posture of the organization.

• Risk Assessment Frequency: Risk assessment processes should be performed annually, or more frequently if there are significant changes to the organisation.

• Effect of an Incident on Business: Incident impacts should be analysed to determine the effect on the business and the level of recovery needed.

• Security Control Effectiveness: Access controls for temporary access to vendors should be based on service level agreements (SLAs).

• Business Impact Analysis Benefits: Business impact analysis ("BIA") improves the understanding of a business's vulnerabilities, thus improving a company's security posture.

• Determining Risk Levels: Determining levels of risks needs criteria (and is not solely subjective, nor statistical).

• Data Protection for Vendors: When providing access to vendors, create separate accounts with limited rights and expiry dates.

• Type of Analysis: Determining the best methodology for risk analysis is dependent on the business and resources available.

• Risk Management Methodology Applicability: Qualitative risk analysis is often appropriate for organisations that are highly volatile or undergoing rapid changes.

• Classification of Information: A company has a need to assign value and categorization to its information for effective management of risks and security.

• Risk Management: Determining the best way to manage risk is based on factors including available resources to complete a risk management program.

• Data Security Criteria: The primary reason for digital signatures is to ensure data integrity and prevent tampering or unauthorized changes.

• IDS Purpose: The primary purpose of an Intrusion Detection System (IDS) is to identify security weaknesses and potential threats in an organization's IT infrastructure in order to mitigate security risks; it often works in conjunction with other cybersecurity protections and mitigations.

• Secure Data Transfer: To assure safe transfer of data, when using public key cryptography, the encryption key should be public while the decryption key is private.

Description

This quiz covers essential concepts in cybersecurity, including encryption methods, risk management, biometric characteristics, and security policies. Test your knowledge on key principles that govern secure systems and the fundamental characteristics of security measures. Perfect for students and professionals in the cybersecurity field.