Introduction to Cyber Security

Questions and Answers

What is a characteristic of synchronous replication?

• It synchronizes both locations in real time and requires high bandwidth. (correct)
• It is bandwidth conservative and does not require a constant connection.
• It updates the backup data location periodically.
• It can be utilized over long distances without latency issues.

Which incident response phase involves preparing for potential incidents?

• Containment and Eradication
• Preparation (correct)
• Post-Incident Follow-Up
• Detection and Analysis

Which type of replication is least demanding in terms of bandwidth?

• Point-in-time Replication (correct)
• Synchronous Replication
• Asynchronous Replication
• Real-time Replication

What is the primary role of a Computer Security Incident Response Team (CSIRT)?

To manage responses to incidents. (A)

What does resiliency in a system primarily aim to achieve?

Create tolerance to failure. (A)

During which incident response phase is the incident discovered?

Detection and Analysis (D)

What is a key difference between synchronous and asynchronous replication?

Asynchronous replication does not require real-time synchronization. (D)

What is the main focus of the post-incident follow-up phase in incident response?

Investigating the cause of the incident. (D)

What is the primary function of an Intrusion Detection System (IDS)?

To monitor the traffic on a network (D)

Which of the following accurately describes Intrusion Prevention Systems (IPS)?

They function in inline mode to address issues immediately. (B)

What is the main purpose of Advanced Threat Intelligence?

To help predict and detect cyberattacks (B)

Natural disasters include which of the following events?

Hurricanes and earthquakes (C)

Which type of disaster is characterized by human intervention and includes events like vandalism?

Human-caused disasters (A)

What is emphasized as essential in Business Continuity Planning?

Having plans that ensure operation despite unforeseen events (D)

Which of the following is NOT considered a type of natural disaster?

Vandalism (B)

The functionality of NetFlow is primarily used for what purpose?

Providing statistics on packet flow through Cisco devices (D)

What is considered a threat to high availability?

Severe weather events (C)

Which principle is NOT part of the high availability design?

Data Encryption (A)

What is the primary goal of high availability systems?

Ensuring uninterrupted access to data and services (D)

What type of classification system should be applied to resources?

Asset classification system (C)

Which of the following is a component of asset management?

Asset classification (D)

What does asset standardization involve?

Specifying acceptable IT assets (B)

What role does the CVE dictionary serve in threat identification?

It offers common vulnerabilities and exposure information. (C)

Which of the following is part of a comprehensive asset inventory?

All hardware systems and applications (C)

What is the primary goal of business continuity controls?

To maintain operations and recover quickly (A)

Which of the following is NOT a step in business continuity best practices?

Exclusively backing up data (B)

What does the concept of 'five nines' refer to?

A high availability standard allowing for minimal downtime (B)

Why is documenting configurations important for business continuity?

To trace issues in disaster recovery procedures (D)

What is the primary purpose of the Spanning Tree Protocol (STP)?

To ensure loop-free redundancy in network paths (D)

What does the term 'first-hop redundancy' refer to?

The ability to automatically switch to a backup router if the main one fails (B)

Which practice helps ensure that critical systems can be restored quickly?

Devising methods to quickly bring back critical systems (A)

What should organizations do to adapt to chaotic situations during a disaster?

Write procedures to maintain functionality (A)

Which of the following protocols provides both load balancing and redundancy?

Gateway Load Balancing Protocol (GLBP) (B)

What is a critical component of identifying during the business continuity planning process?

Prioritizing critical systems and processes (D)

What occurs when redundant paths in a network are established without implementing Spanning Tree Protocol (STP)?

Potential loops in the network (C)

Which of the following statements about router redundancy is FALSE?

Router redundancy requires only one backup router (D)

How can understanding dependencies for applications and processes aid in business continuity?

It allows for a clearer understanding of risk management (C)

Which advantage does Virtual Router Redundancy Protocol (VRRP) provide?

One router acts as master and others as backups (C)

What is the main function of a default gateway in a network?

To provide access to other networks or the Internet (B)

Why might an organization consider implementing location redundancy?

To protect against failures at a single site (D)

What does the term 'Five Nines' refer to in the context of high availability?

Systems are available 99.999% of the time. (A)

Which of the following is NOT a measure to ensure high availability?

Allow for downtime maintenance (B)

Which industry is likely to require high availability to maintain customer trust due to continuous trading?

Finance (A)

What is the maximum amount of unplanned downtime allowed per year to achieve Five Nines availability?

5.26 minutes (B)

How does incident response planning contribute to high availability?

It prepares organizations to react quickly to incidents. (C)

Which environment is cited as needing high availability for providing around-the-clock care for patients?

Healthcare Facilities (A)

What does designing for reliability involve in terms of high availability?

Building components that fail less frequently. (C)

Why might sustaining Five Nines availability be considered too costly for some industries?

Resources for redundancy and reliability are limited. (C)

Flashcards

Five Nines

Systems and services are available 99.999% of the time, meaning downtime is less than 5.26 minutes per year.

High Availability

A system or component operating continuously for an extended period.

Single Point of Failure

A component or system where if it fails, the entire system stops working.

Reliability Design

Building systems to maximize their uptime by proactively preventing failures and improving resilience.

Failure Detection

Identifying system failures or problems promptly to avoid larger issues.

Finance Industry

An industry where high availability is vital for continuous trading, compliance, and financial trust.

Healthcare Facilities

Essential services in healthcare that require sustained uptime for patient care.

Retail Industry

Industries that rely on continuous supply chains to provide products to customers.

Threats to High Availability

Anything that can disrupt the continuous operation of a system and cause downtime, ranging from application failures to natural disasters.

Single Point of Failure (SPOF)

A component or system whose failure would cause the entire system to fail.

System Resiliency

The ability of a system to withstand disruptions and recover quickly from failures.

Fault Tolerance

The ability of a system to continue operating even if some components fail.

Asset Management for High Availability

Keeping track of all your hardware, software, and network devices to ensure they are protected and managed effectively.

Asset Classification

Organizing all your IT resources into groups based on their importance and security needs.

Asset Standardization

Setting specific standards for the types of IT assets allowed in your organization to maintain consistency and security.

Threat Identification

Identifying potential vulnerabilities and risks that could threaten your system's availability.

Spanning Tree Protocol (STP)

A network protocol that prevents loops by blocking redundant paths, ensuring only one logical path between destinations.

Default Gateway

The router that provides devices access to the rest of the network or the Internet.

First-Hop Redundancy

The ability of a network to recover from a default gateway router failure.

Hot Standby Router Protocol (HSRP)

Provides first-hop routing redundancy by maintaining a standby router ready to take over.

Virtual Router Redundancy Protocol (VRRP)

A protocol where a group of routers work together, with one designated as the master and others as backups, providing redundancy for virtual routers.

Gateway Load Balancing Protocol (GLBP)

Offers first-hop redundancy and load balancing between redundant router groups, protecting data traffic from failures.

Location Redundancy

Having geographically separate locations for critical systems or data to ensure uninterrupted operation.

Compliant System

A system that meets all the organization's security policy requirements.

Intrusion Detection System (IDS)

A passive system that monitors network traffic for suspicious activity.

Intrusion Prevention System (IPS)

An active system that can detect and block attacks in real-time.

NetFlow and IPFIX

Technologies that provide detailed statistics on network traffic, helping identify patterns and anomalies.

Disaster Recovery Planning

Creating plans to ensure business continuity and recover from disruptive events.

Types of Disasters

Events that can disrupt operations, including natural and human-caused incidents.

Business Continuity Planning

A set of procedures and strategies to keep operations running during and after a disaster.

Need for Business Continuity

It's essential to have plans in place because disasters can't always be prevented.

Business Continuity Policy

A document outlining how to develop and implement a business continuity plan, including assigning roles and responsibilities for disaster recovery.

Critical Systems and Processes

Identifying the most important systems and processes that are crucial for business operations and prioritizing their recovery.

Vulnerability, Threat & Risk Assessment

Identifying potential weaknesses, dangers, and calculating the likelihood and impact of disruptions.

Control Measures and Countermeasures

Implementing safeguards and strategies to mitigate or minimize risks to critical systems and processes.

Rapid System Recovery Methods

Having strategies and procedures in place to bring back critical systems quickly after an incident.

Procedures for Chaotic States

Developing clear instructions and steps to keep the organization functioning in a crisis or emergency situation.

Business Continuity Plan Testing

Regularly simulating real-world scenarios to test the plan's effectiveness and identify areas for improvement.

Business Continuity Plan Updates

Keeping the plan current with changes in technology, business processes, and threats.

Synchronous Replication

A location redundancy method where changes are mirrored in real-time to both locations, requiring high bandwidth and proximity for minimal latency.

Asynchronous Replication

A location redundancy method where changes are applied close to real-time, requiring less bandwidth and allowing locations to be farther apart due to reduced latency sensitivity.

Point-in-Time Replication

A location redundancy method where updates are applied periodically, minimizing bandwidth usage by not requiring a constant connection.

What are the Incident Response Phases?

Incident response consists of four phases: Preparation, Detection and Analysis, Containment and Eradication, and Recovery, and Post-Incident Follow-Up.

What is Network Admission Control (NAC)?

Network Admission Control allows authorized users with compliant systems to access the network, enhancing security and incident response.

What is System Resilience?

The ability of a system or network to withstand failures and disruptions.

What is the purpose of a CSIRT?

A Computer Security Incident Response Team (CSIRT) is responsible for managing and responding to security incidents within an organization.

What is the difference between redundancy and resiliency?

While redundancy adds backup systems for fault tolerance, resiliency encompasses a broader approach, including proactive measures to prevent failures and ensuring quick recovery.

Study Notes

Introduction to Cyber Security

• Introduction to Cyber Security
• Prepared by Dr. Mohamed Saeid Shalaby
• Date 2024

The Five Nines Concept

• Five nines mean systems and services are available 99.999% of the time
• Downtime is less than 5.26 minutes per year
• High availability refers to a system or component that operates continuously
• Ways to ensure high availability:
  • Eliminate single points of failure
  • Design for reliability
  • Detect failures as they occur

High Availability

• Explains the concept of high availability
• Explains how measures are used to improve availability
• Describes how an incident response plan improves high availability
• Describes how disaster recovery planning plays a role in implementing high availability

Measures to Improve Availability

• Asset Management

  • An organization needs to know its hardware and software assets to protect them.
  • Asset management involves a complete inventory of hardware and software
  • All components subject to security risks must be accounted for
    • Hardware systems
    • Operating systems
    • Hardware network devices
    • Network device operating Systems
    • Software applications
    • Firmware
    • Language runtime environments
    • Individual libraries
  • Organizations can use automated solutions to manage assets

• Asset Management (Cont.)

  • Asset classification - assigns all resources into groups based on common characteristics
  • Asset standardization - part of an IT asset management system, specifies acceptable IT assets that meet objectives
  • Threat identification - CVE dictionary identifies vulnerabilities and exposures
  • Risk Analysis - analyzes dangers to assets of an organization. Asset identification helps protect assets
  • Mitigation - reduces severity and likelihood of losses with technical controls such as authentication systems, file permissions, and firewalls

• Defense in Depth

  • Defense in depth helps organizations stay ahead of cybercriminals. Layered approaches provide multiple protection layers that work together
  • Limiting access to data and resources reduces the likelihood of threats
  • Diversity of controls and procedures at different layers prevents compromising the entire system
  • Obscuring information protects data from cybercriminals
  • Simplicity is crucial; too much complexity can lead to misconfigurations and failure

• Redundancy

  • Identifies and addresses single points of failures (SPOF) in hardware, processes, data, or essential utilities.
  • Modifies critical operations to not rely on a single element
  • Builds redundant components into critical operations to handle failures
  • N+1 redundancy means a system has at least one backup component in case a component fails

• Provides an example using a car (4 tires + spare)

• Redundant Array of Independent Disks (RAID) combines disks to improve performance and provide redundancy, spreads data across multiple disks for data recovery if a single disk fails - Parity, Striping, Mirroring ( RAID data storage methods )

  • Spanning Tree Protocol (STP) is a network protocol for redundancy, which prevents loops on a network when switches interconnect via multiple paths.
  • It ensures that redundant physical links are loop-free. STP intentionally blocks paths that would cause a loop.

• Redundancy (Cont.)

  • Router redundancy - involves installing backup routers and dynamic recovery from router malfunctions
    • Hot Standby Router Protocol (HSRP), Virtual Router Redundancy Protocol (VRRP), and Gateway Load Balancing Protocol (GLBP)
    • Provide high network availability and first-hop routing redundancy when a router fails

• Location Redundancy

  • Organizations may require location redundancy depending on needs
  • Methods of location redundancy
    • Synchronous - high bandwidth and close locations for real-time synchronization
    • Asynchronous Replication - less bandwidth, less real-time synchronization with locations further apart
    • Point-in-time Replication - periodic updates to backup data locations, which is the most network-friendly approach since it does not need a continuous connection

• System Resilience

  • Resiliency defines the methods and configurations used to make a system or network tolerate failures, beyond just adding redundancy.
  • Analyzing and understanding business needs

• Incident Response Phases

  • Preparation - planning for potential incidents
  • Detection and Analysis - discovering the incident
  • Containment and Eradication - limiting the effects and resolving the incident
  • Post Incident Follow-up - understanding the incident and its root cause

• Incident Response Technologies

  • Network Admission Control (NAC) - authorization for users with compliant systems
  • Intrusion Detection Systems (IDS) - passively monitor network traffic
  • Intrusion Prevention Systems - active monitoring of network problems
  • NetFlow and IPFIX - gathering packet statistics to help identify traffic
  • Advanced Threat Intelligence - helps detect attacks

• Disaster Recovery

  • Types of Disasters
    • Natural Disasters - geologica, meteorological, health, etc
    • Human-caused Disasters - labor, social, political, materials, etc

• Disaster Recovery Planning (Cont.)

  • Need for Business Continuity: Maintaining business operations during disasters
  • Business Continuity Considerations: Includes documenting configurations, establishing alternate communication channels, providing power, identifying dependencies, and understanding manual task performance

• Disaster Recovery Techniques (Cont.)

  • Business Continuity Best Practices: A guide to establishing business continuity plans

Description

This quiz covers key concepts in Cyber Security, focusing on the 'Five Nines' concept which emphasizes system availability. Understanding high availability and the measures to enhance it, such as incident response and disaster recovery plans, is crucial for maintaining cybersecurity. Prepare to test your knowledge on these fundamental topics!