Electronic Access Control Quiz

Questions and Answers

What is the primary defense against eavesdropping in electronic communication?

• Using passwords for access control
• Implementing encryption for data transmission (correct)
• Conducting regular security audits
• Implementing physical barriers to conversations

Which of the following best describes the goal of integrity protection?

• Maximizing the speed of data access
• Reducing data storage costs
• Ensuring only authorized changes to data are made (correct)
• Preventing data theft at all costs

What is the best defense against impersonation attacks?

• Installing firewalls at all network entry points
• Utilizing complex passwords
• Conducting user training and education (correct)
• Implementing biometric authentication systems

What attack involves capturing a legitimate user's session information to gain unauthorized access later?

Replay Attack (C)

Which principle is crucial for preventing unauthorized modifications by outsiders?

Principle of least privilege (B)

What must be satisfied in addition to proving identity to gain access to a system?

Access control confirming allowed permissions (A)

What does accounting in an access control system enable administrators to do?

Track user activity and reconstruct it from logs (B)

Which of the following correctly outlines the electronic access control process?

Identification, Authentication, Authorization, Accounting (A)

What form does authentication often take in the context of electronic access control?

Access control lists (ACL) specifying permissions (A)

Which of the following is included in the mechanisms for setting a password policy?

Password Length Requirements (C)

What is one potential concern when tracking user activity within an organization?

Ensuring compliance with legal and privacy policies (C)

In the identification stage of access control, what information does a user typically provide?

A username (D)

What is a key characteristic of digital access control systems compared to physical ones?

They can log different types of user activity (D)

Which of the following best describes the role of availability in an organization?

It assesses customer satisfaction based on service reliability. (B)

What is a common defense against Denial of Service (DoS) attacks?

Deployment of firewalls. (C)

Which of the following contributes to service outages?

Overcapacity due to increased demand. (D)

What defense can be used against power outages?

Utilizing redundant power sources. (D)

What is a consequence of hardware failures?

Disruption in access to information. (A)

What is the best defense against destruction of equipment due to large-scale disasters?

Implementing off-site backup data centers. (B)

Under what circumstance might an organization experience denial?

Systems being unreachable by users. (A)

What does the term non-repudiation refer to in security?

Assuring that users cannot deny their actions. (A)

Which of the following best describes the alteration risk in the DAD triad?

Modification of data from its original form. (B)

What is recommended to increase resilience against system failures?

Developing systems with built-in redundancy. (A)

What is the primary function of signatures in transactions?

To verify the identity of the purchaser. (C)

What does the term 'non-repudiation' refer to in e-commerce transactions?

The inability to deny a transaction after it has been completed. (A)

Which of the following is considered a biometric security control?

Facial recognition. (A)

In the context of access control, what does 'AAA' stand for?

Authentication, Authorization, Accounting. (B)

During which step of the access control process is a claim about identity made?

Identification. (B)

What is the role of authentication in an access control system?

To provide proof of claimed identity. (A)

What does the 'accounting' step in the AAA process refer to?

The tracking of user actions within the system. (B)

Why is strong evidence important in authentication?

To prevent unauthorized access. (A)

Which of these options is a characteristic of multi-factor authentication?

Requiring two or more verification methods. (D)

What is a digital signature's primary purpose?

To ensure non-repudiation in electronic documents. (B)

Which of the following describes the primary aim of Disaster Recovery (DR)?

To restore business operations as quickly as possible after disruptions. (B)

What is NOT a potential trigger for a Disaster Recovery Plan (DRP)?

Decrease in market share. (D)

During the initial response to a disaster, what is the main focus?

Containing damage and restoring immediate capabilities. (B)

Which metric indicates the maximum acceptable amount of data loss in time during a DR event?

Recovery Point Objective (RPO) (D)

Why is flexibility key during a disaster response?

It enables the organization to handle varying disaster types. (B)

In the assessment phase after a disaster, what is primarily evaluated?

The damage and functional recovery plans. (B)

What aspect of communication is vital for responders during disaster recovery?

Having secure and reliable means to communicate internally. (D)

Which of the following tasks occurs first after initiating a Disaster Recovery Plan?

Containing the damage and restoring immediate capabilities. (A)

What role do temporary jobs play during a Disaster Recovery process?

They allow organizations to adapt to immediate needs. (A)

Which of the following is an essential component of a Disaster Recovery Plan?

Training for disaster responsibilities in advance. (C)

Flashcards

Authorization

Proving your identity is not enough to access a system. You must also have the right permissions.

Accounting

Tracking user activity and actions within a system.

Authentication

The process of verifying a user's identity.

Identification

The initial step where a user declares their identity to a system.

Password Policy

A set of regulations governing how users create and manage their passwords.

Password Length

The minimum number of characters required for a password.

Password Complexity

Requirements for various character types (letters, numbers, symbols) within a password.

Password Expiration

The time frame before a user is required to change their password.

Data Integrity

Data remains unaltered and accurate. Ensures information is protected from unintended or unauthorized changes.

Unauthorized Modification

Attackers gain access to modify data in a way that violates security policies.

Impersonation

Attackers pretend to be someone else to convince a user to alter data.

Man-in-the-Middle (MITM) Attack

Attackers intercept network traffic between a user and a system, pretending to be the system.

Replay Attack

Attackers record legitimate login information and replay it later to gain access.

Disaster Recovery

A subset of business continuity actions that aim to return a business to normal operations as soon as feasible after an interruption.

Disaster Recovery Plans (DRPs)

Detailed plans that outline steps to recover from a disaster and get back to normal operations.

Initial Response

The initial actions taken after a disaster to contain damage and restore essential operations immediately.

Assessment Phase

The period after the immediate threat has passed where the focus is on assessing damage and implementing plans for a sustainable recovery.

DR Metrics

Metrics used to plan DR efforts, focusing on data loss and recovery time.

Recovery Point Objective (RPO)

The maximum acceptable amount of data loss measured in time.

Recovery Time Objective (RTO)

The maximum amount of time allowed for a business to recover from a disaster and resume operations.

Staffing Flexibility

Ensuring employees can perform different roles during a disaster.

Communication

Secure and reliable communication channels for DR teams and leadership.

Functional Recovery

The ability to quickly restore critical business functions during a disaster.

Digital Signature

An electronic signature that uses encryption to prove the authenticity and integrity of a digital document.

Access Control System

A system that controls access to resources. It involves identification, authentication, authorization, and accounting.

Signature Verification

The process of verifying that a user's signature is genuine, such as using a signature on a physical document.

Biometric Authentication

The process of verifying the identity of a user by using unique physical characteristics, such as fingerprints, facial scans, or iris patterns.

Multi-Factor Authentication (MFA)

A combination of multiple authentication factors, like a password and a one-time code, to increase security.

Non-Repudiation

The process of ensuring that an action performed by a user is actually performed by the claimed user and not someone else.

Denial of Service (DoS) Attack

An attack where an attacker sends a large amount of traffic to a system, overwhelming it and making it inaccessible to legitimate users.

Availability

A security mechanism that guarantees authorized users can access data, objects, and resources without interruption.

Firewall

A way to protect against DoS attacks by blocking illegitimate requests before they reach the target network.

Power Outage

A situation where a system is shut down or becomes inaccessible due to power loss, often triggered by unexpected events or high demand.

Backup Generator

A backup power source that provides electricity in case of a power outage, ensuring continued system operation.

Alteration

A security goal that aims to prevent unauthorized alteration of data or information.

Destruction/Denial

The inability to access a system or information due to its destruction or inaccessibility.

Redundancy

Using redundant systems or components to ensure that if one fails, another can take over, maintaining system availability.

Hardware Failure Resilience

A way to safeguard against hardware failures by building systems capable of handling device failures without disrupting access to information.

Study Notes

Domain 1: Security Principles

• Security Principles provides foundational knowledge for cybersecurity careers.
• Five objectives: information assurance concepts, risk management, security controls, ISC2 Code of Ethics, and governance.
• The average weight of this domain is 26%.
• Key concepts covered include Confidentiality, Integrity, and Availability (CIA Triad).
• Also covers Non-Repudiation, Authentication and Authorization.
• Information security involves protecting information systems from unauthorized access, use, disclosure, modification, or destruction to maintain Confidentiality, Integrity, and Availability.

Security Trio Explained

• Information security encompasses all forms of data protection.
• IT Security is focused on the technical aspects like hardware and software.
• Cybersecurity is the overall protection for systems, networks, and programs against all types of digital attacks.

Confidentiality

• Confidentiality is the secrecy of protected information.
• Cybercriminals often target confidentiality as it is the most common form of protection they want to compromise.
• Data breaches often stem from unauthorized access without proper authorization.
• Risks and defenses include snooping (enforcing clean desk policy), dumpster diving (using a paper shredder), eavesdropping (using encryption and rules regarding sensitive conversations), and social engineering (user training/education).

Integrity

• Integrity is the reliability and correctness of data.
• Data protection safeguards against unauthorized alterations.
• Cybercriminal activities could involve altering data to disrupt target operations.
• Integrity considerations include preventing modifications by outsiders, preventing unintended changes by authorized users, and maintaining data consistency.
• Risks and defenses include unauthorized modifications (following the principle of least privilege), impersonation (improving user training and education), man-in-the-middle attacks (implementing encryption, like TLS), and replay attacks (using similar techniques as for MITM).

Availability

• Availability focuses on timely and continuous access rights for authorized users.
• Business operations depend on system and data availability.
• Security measures must guarantee continuous access.
• Risks and defenses include Denial of Service (DoS) attacks (deploying firewalls, and partnering with ISPs), power outages (using redundant power sources and backup generators), hardware failures (implementing system redundancy), destruction of equipment (implementing backup data centers or remote locations), and service outages (designing resilient systems against errors and hardware failures).

DAD Triad

• When the goals of the CIA triad are not met, there is disclosure, alteration, or destruction.
• Disclosure is unauthorized access to information, often called a data breach.
• Alteration is changing data or information from its original form (encrypting/deleting).
• Destruction/Denial is causing a system to be unreachable by any user.

Non-Repudiation

• Non-repudiation is a security goal preventing someone from denying an action/truth.
• E-commerce transactions involve signatures and additional information for security to protect from denial of claims.
• Physical signatures and digital signatures are used to provide non-repudiation, along with biometric security (fingerprint, facial recognition) and video surveillance (CCTV).

Authentication and Authorization

• Authentication verifies user identity.
• Authorization determines user access rights/permissions.
• Accounting (or Accountability) tracks user activities.
• AAA (Authentication, Authorization, Accounting) often referred to.
• Access Control Systems (digital and password policies), Authentication Factors (knowledge, possession, and inheritance), and Multi-Factor Authentication are critical components of authentication and authorization.

Digital Access Control

• User identity primarily established through usernames.
• Password securely tied to usernames for authentication.
• Access Control Lists (ACLs) grant specific file system permissions based on user identity.
• Accounting involves user activity and web browsing to maintain a record of actions within the set boundaries.

Password Policies

• Password security requirements are created from different technical controls.
• Mechanisms include password length, complexity (upper/lowercase, numbers, and special characters), expiration, history (to prevent reuse), resets (quickly and privately), and reuse (limiting the reuse to enhance security across multiple networks).

Authentication Factors

• Three main types: Something you know (e.g. passwords, PINs), Something you have (e.g. tokens, smart cards), Something you are (e.g. biometrics like fingerprints).
• False Rejection Rate (FRR), and False Acceptance Rate (FAR) are crucial in biometric authentication to avoid misidentification.
• Crossover Error Rate (CER) is a good measure to optimize balance.

Privacy

• Privacy is a human right.
• Organizations are responsible for educating users and supporting privacy officials.
• Types of private information include PII (Personally Identifiable Information), PHI (Protected Health Information), and PCI (Payment Card Industry) information.
• Key areas of privacy concern include: Types of private information, Expectation of privacy, General Data Protection Regulation (GDPR), and Privacy Management Frameworks.

Security Governance Process

• Security governance defines strategies to oversee the organization.
• Security governance elements include plans, policies, standards, and procedures.
• Laws and regulations form the basis for the organization's security governance policies and practices.
• Examples discussed include GDPR and others.

Domain 2: Business Continuity Management

• BCM is the second domain of the ISC2 CC exam.
• Students learn the purpose, importance, and aspects of business continuity, disaster recovery, and incident response.

Business Continuity Planning

• BCP (business continuity planning) is a core responsibility of information security professionals.
• It involves activities to keep operations running during a crisis.
• BCP can be triggered by various hazards, including technological failure, human error, attacks (terrorism, hacking), and natural disasters like earthquakes and typhoons.
• This function supports the availability security objective.

Scope Definitions

• A concise scope is essential for managing BCM initiatives.
• It's critical upfront to clearly define which business processes will be covered by the plan, what types of systems need to be covered, and what risk controls should be considered.

Business Impact Analysis

• BIA assesses the potential impacts of risks to define mission-critical functions and supporting systems.
• Results help determine which controls to use and how much is appropriate based on tolerance.

Business Continuity Controls

• Security experts use tools and strategies for availability issues.
• Redundancy (and fault tolerance) is critical, ensuring a system can function despite failures in individual parts.
• Single Point of Failure (SPOF) analysis helps identify and remove SPOFs to enable system/process functionality despite a single part's failure.
• Another important control for BC is Personnel Succession Planning.

High Availability

• HA uses multiple systems to protect against failures.
• It’s crucial to have system redundancy to sustain operation. This could involve different locations or geographically redundant backups.
• Load balancing is a similar but different concept and involves distributing load among systems.

Fault Tolerance

• Fault Tolerance helps to avoid system failures from the start.
• Components such as power supply, storage media, and networking components are common failure points.
• FT controls help maintain operation even with simultaneous component failures.

Disaster Recovery Planning

• Disaster recovery (DR) is a subset of business continuity aiming for rapid return to normal/operational capacity and procedures.
• DR plans contain quick measures for temporary restoration of operations, and comprehensive actions to return to normal operation.
• Disruptions can be caused by natural disasters, technological failures, health emergencies and actions from other people or malicious actors.

Disaster Recovery Metrics

• Key metrics include Recovery Point Objective (RPO), Recovery Time Objective (RTO), Work Recovery Time (WRT), and Maximum Tolerable Downtime (MTD).
• RPO measures acceptable data loss; RTO measures acceptable downtime and WRT and MTD (defined by leadership) assess the maximal tolerable downtime.
• Recovery Service Levels (RSLs) provide an estimated percentage of availability during a disaster.

DR Testing

• Different types of DR testing ensure the effectiveness and preparedness to respond to disruptions.
• These include (but are not limited to) read-through, walk-through, simulation (theoretical exercises), parallel tests, and full interruption tests.

Incident Response Program

• Incident response (IR), involves all the activities leading up to establishing an incident response plan, creating/staffing an incident management team, creating an incident communications plan, and incident identification and response.

Incident Response Team

• The incident response team should include essential personnel and may involve experts outside the organization to address specific areas of needed expertise.
• Individuals are trained and assigned roles to engage in handling an incident.
• Procedures are put in place for incident notification and escalation, along with contact processes and designated protocols for communication.

Incident Communications Plan

• An effective incident communications plan is vital for all organizations and covers internal and external communications.
• Internal teams require efficient notification, while external communications often involve sensitive data and may need to be restricted to prevent unnecessary exposure.

Incident Identification

• Procedures help identify incidents, which could be via monitoring, employee reports, customer reports or reports from other organizations.
• Security data sources (IDS/IPS systems, Firewalls, and authentication systems) provide evidence of actions.
• SIEM (security information and event management system) technology facilitates these assessments, and systems can generate alerts for possible events.

Incident Response

• Incident response begins when a security professional recognizes an incident.
• The team immediately isolates the compromised system and/or systems involved.
• A wide range of activities are conducted to stop the incident and return to normal operation to minimize the damage or impacts of such an incident.