General Security Concepts

Questions and Answers

A company installs a new locking cabinet in the computer room to hold extra flash drives and other supplies. What type of security control is being configured?

• Deterrent
• Preventive (correct)
• Compensating
• Containment

A crypto exchange company is revising its security policies and concentrating on implementing effective operational security controls. What is the company's security manager MOST likely to recommend?

• A tool that assesses potential security risks
• The placement of security cameras around the premises
• The enforcement of a strict password policy (correct)
• Enforce biometric controls on computing devices

A company discovers employees are accessing unmonitored streaming websites, creating potential malware or virus risks. What control can a network administrator implement to protect the system and restrict access to unapproved sites?

• Technical (correct)
• Operational
• Detective
• Restorative

After an unauthorized access incident over the weekend, the IT department wants to deter similar incidents. Which security control should they implement?

Placing visible signs indicating surveillance and severe penalties for unauthorized entry (A)

The security manager at a financial technology company wants to enforce a control that enhances user behavior to mitigate cybersecurity risks. What type of control should the analyst recommend?

The analyst should recommend the enforcement of a strict password policy. (B)

An organization changes its security posture after a breach to enhance encryption where direct elimination isn't possible. What type of control is observed?

Compensating (D)

A user obtains a USB flash drive from a storage closet without authorization and notices a warning sign indicating camera use. What is the objective of the sign?

Deterrent (A)

An IT security manager wants to increase the generation of alerts for suspected attacks in the network infrastructure. Which control is a suitable illustration of this type?

Implementing an intrusion detection system (C)

A CSO considers implementing technical controls over physical controls. Which option is a technical control?

Setting up a network intrusion detection system (C)

The chief security officer (CSO) wants to implement additional detective security controls. Which of the following would BEST represent this type of control?

Installation of surveillance cameras (D)

After a cyber-attack, an organization uses a monitoring solution that automatically restarts services after detecting a system crash. What type of functional security control does this represent?

Restorative (A)

An organization uses deception to capture attacker techniques. What deception technology allows security teams to monitor attacker activity and gather tactic information?

Honeypot (A)

To increase the physical security of a secured location, an organization deploys motion detection sensors throughout the grounds and building. What type of sensor uses this technology?

Infrared sensor (C)

A security analyst wants to ensure individual privileges align with their role. What primary tool should the analyst implement?

Policy enforcement point (D)

An organization seeks to enhance its security posture by utilizing a system that dynamically adjusts user access rights based on behavior or other contextual factors. What concept should the organization plan to implement?

Adaptive identity (D)

After a recent breach attempt, a military command has tasked a security analyst with reinforcing access points. What are the benefits associated with using bollards? (Select the three best choices.)

They can be either fixed or retractable obstacles. (B), They are generally short vertical posts made of steel or concrete. (C), They can be nonobvious and appear as sculptures or as building design elements. (D)

An IT department implements a security model for verifying user identities, determining access rights, and monitoring activities. Which concept is MOST appropriate?

AAA (A)

A company transmits data across a network, ensuring the non-repudiation security principle. What is the key benefit this provides to both the sender and the recipient of the data?

Neither party can deny the authenticity of the data. (C)

A network engineer is working on the part of a network that decides how to send traffic over the network based on network-level routing tables. The engineer is working on what part of the network?

Control plane (C)

A software application firm is strengthening its cyber defense by incorporating deception technologies into its framework. How can the utilization of a honeynet benefit the software application firm's strategy?

It uses a network of decoy systems to simulate an entire network to capture attackers' tactics and tools. (B)

Flashcards

Preventive Control

Physically or logically restricts unauthorized access. Examples: passwords, door locks.

Compensating Control

Actively restores functionality via alternative methods like backups.

Deterrent Control

Discourages an attacker psychologically; doesn't physically prevent access. Example: Warning sign

Operational Control

Actions adhering to security policies and procedures.

Technical Control

Hardware or software mechanisms to protect assets; Examples: firewalls, antivirus.

Detective Control

Identifies when incidents or vulnerabilities have occurred. Example: Auditing and monitoring.

Corrective Control

Responds to incidents, fixes them, and prevents recurrence. Example: Antivirus software.

Compensating Controls

Measures to mitigate risk that can't be directly eliminated. Example: Enhanced encryption.

Intrusion Detection System (IDS)

Monitors network traffic and analyzes for intrusions.

Surveillance Cameras

Acts as detective mechanisms, identifies unauthorized access or activities.

Honeypot

Mimics real systems to monitor attacker activity and tactics.

Adaptive Identity

Dynamically adjusts user access rights based on context.

Non-Repudiation

Ensures data originated and was received; neither party can deny it.

AAA

Verifies a user's identity, determines access rights, and monitors activity.

Gap Analysis

Assesses differences to determine if requirements are met.

Threat Scope Reduction

Minimizes attack vectors and surfaces.

Standard Operating Procedures (SOPs)

Outlines routine operations/changes and provides detailed instructions.

Tokenization

Replaces database field with a randomly generated token.

Secure Enclave

Isolates sensitive operations and protects critical data.

Hashing

Generates unique hash values for data integrity protection.

Study Notes

General Security Concepts

Security Control Types

• Preventive controls restrict unauthorized access, like system passwords and physical door locks
• Compensating controls restore system functionality using alternative methods, like backups, instead of preventing attacks
• Deterrent controls discourage attacks psychologically, such as warning signs

Operational Security Controls

• Strict password policies are examples of operational controls implemented by people adhering to security policies
• Managerial controls oversee info systems and help evaluate/select other security controls
• Technical controls involve hardware/software (e.g., biometric devices)
• Physical controls deter and detect access to premises and hardware

Technical Security Controls

• Technical security includes items like antivirus, firewalls, and intrusion detection systems
• Operational controls pertain to tangible items that prevent/detect unauthorized physical access
• Detective controls identify incidents/vulnerabilities, such as auditing and monitoring
• Ive controls respond to incidents and prevent recurrence, as seen with antivirus software

Deterrence

• Physical controls, like visible signs indicating penalties, deter unauthorized entry by setting consequences
• Network-connected smoke detectors serve to detect fire hazards, not deter unauthorized access
• Reflective window film enhances privacy but doesn't deter unauthorized access
• Key control systems for office desks secure individual workstations rather than deterring server room access

User Behavior and Cybersecurity Risk

• Enforcing a strict password policy is an operational control that enhances user behavior to mitigate cybersecurity risks
• Tools assessing security risks fall under managerial controls
• Biometric security devices are technical controls
• Security cameras are physical controls

Compensating Controls

• These mitigate risks when vulnerabilities can't be directly eliminated, using measures like enhanced encryption.
• Technical controls involve operating systems, software, and security appliances (ACLs, IPS)
• Administrative controls dictate behavior through policies and guidelines
• Detective controls identify intrusions, exemplified by security cameras

Deterrent Controls

• Deterrent controls discourage, not physically prevent, access; warning signs are examples
• Preventive controls physically restrict access; passwords and door locks are examples
• Detective controls identify and record intrusions; security cameras are examples
• Ive control responds to incidents

Intrusion Detection

• Intrusion detection systems (IDS) are detective controls that monitor network traffic for malicious activity
• Strong passwords are preventive controls
• Firewalls are preventive controls
• Updated AV is mainly preventive

Technical Controls

• Setting up a network intrusion detection system is a technical control
• Risk identification tools are managerial controls
• Employee cybersecurity training is an operational control
• Building access control systems are physical controls

Detective Security Controls

• Surveillance cameras act as detective mechanisms
• Access control is preventive
• Biometric authentication is preventive
• Regular backups are ive

Functional Security Controls

• ive controls respond to incidents and prevent recurrence, like antivirus software
• Compensating controls restore functionality via backups
• Technical controls involve operating systems, software, and security appliances
• Managerial security controls shape behavior through policies

Deception Technology

• Honeypots mimic real systems to monitor attacker activity and gather tactics
• Honeytokens contain false credentials to distract attackers and trigger alerts
• Honeyfiles are fake files that bait attackers
• Honeynets simulate entire networks

Physical Security

• Infrared sensors detect changes in heat patterns caused by moving objects for motion detection
• Pressure sensors need to apply weight
• Microwave sensors need infrared to operate
• Ultrasonic emits sounds and measures time for waves to hit object

Privileges and Roles

• Policy enforcement points enforce access decisions and are key in authorization models
• Non-repudiation doesn't align privileges with roles
• Authentication doesn't specifically match privileges to roles
• Zero trust (never trusting anyone) does not focus on access based on roles

Adaptive Identity

• It dynamically adjust access based on various factors
• Authenticating confirms identity
• Policy-driven controls access with policies
• Authorization determines access to recourses

Reinforcing Access Points

• Bollards are short steel/concrete posts
• Bollards can be either fixed or retractable
• Can be nonobvious or appear as design elements

Security Models

• Authentication, authorization, and accounting (AAA) verifies identities/access/activity
• Zero Trust has elements of AAA
• Role-based (RBAC) is within AAA in the authorization component
• Policy-engine includes identities and more

Authenticating Systems

• Authenticating confirms identity
• Single factor doesn't cover need for network
• Non-Repudiation involves assuring authenticity
• While Role Based is management it does not confirm the authenticity

Data Transmission

• Non-repudiation ensures verified sender and receiver, preventing denial of authenticity
• Adaptive identity is access control, not origin origin and receipt

Network Security

• Not trusting everything and AAA do not ensure non-repudiation

System Allowance

• Policy-driven access uses set policy
• While crucial Autho models are genies
• While broader authentication and AAA does not enforce
• AAA verifies and tracks

Data Validity

• Non repudiation is making sure valid data is send
• Where AAA is broad network protection
• Other models also do not ensure validity

Control Plane

• Determines the path of data
• Data is the user data that travels
• A router sends info based on the destination IP

Networked Devices

• A switch connects devices in a network through data

Honeynets

• Simulate an entire network and capture attack data

Decoy Systems

• Honeypot mimic specs and collect info

Gaps

• Are determined by assessing performance v requirements

Integrity

• Authenticating people only does CIA triad
• So the integrity is not confirmed

Threats

• Is minimized by minimizing possible attack

Test Results

• Is ensured and tested before hand over processes

Implementable Processes

• SOPs outline routine
• And give detailed guidelines

Security

• Use version control to track networks and code
• Implementing prevents comprehensive
• Reverting can intro new vulns
• Using only makes it incomplete

Security Operation

• Can use Allowlists and Denylists to ensure operation
• Other methods have their own jobs but do not ensure that quality

Dependencies

• Analysts need to analyze ties between services
• Other wise there will be system error

Customer Policy

• Need to focus on a compliance policy
• All the other policies will have issues
• Or wont make sense

Implemate

• Ownership is an implementation that follows guide lines

Cybersecurity

• To reduce coded and not up to standards codes utilize automation
• Not working is to not ensure and test
• Ignorance with security risk will ensure an issue
• All these things will cause an issue if not worked on

New Update

• An impact assessment defines and assess the potential implications before updates

Crypto

• A security analyst should make sure that certificate authorities effectively verify the authenticity

Token

• US institutions reduce risk with tokens the user can have

Admin Duties

• They streamline certificate processes on numerous subdomains

Public Private System

• Public encrypts and Private Decrypts and sigs
• The role is in a switch where public is digital and private is crypto
• This has many problems

Security Measures

• Enhanced security can occur with a protected enclave
• Firewall does networking

Digital Signatures

• Longer lengths make for stronger signatures
• Shorter are easier on the systems

Hashing and Protecting

• Specific algorithms are unique to values

Hashing Algorithms

• Help give means to values and verify them

Exfiltration

• Security over info is stegno- hidden docs

Admin Communications

• New polices require keys held with party for recovery

Computer Protection

• Cryptoprocesses ensure the right requirements are met