Introduction to Cyber Security

Questions and Answers

What is a characteristic of synchronous replication?

It synchronizes both locations in real time and requires high bandwidth. (correct)

It is bandwidth conservative and does not require a constant connection.

It updates the backup data location periodically.

It can be utilized over long distances without latency issues.

Which incident response phase involves preparing for potential incidents?

Containment and Eradication

Preparation (correct)

Post-Incident Follow-Up

Detection and Analysis

Which type of replication is least demanding in terms of bandwidth?

Point-in-time Replication (correct)

Synchronous Replication

Asynchronous Replication

Real-time Replication

What is the primary role of a Computer Security Incident Response Team (CSIRT)?

To manage responses to incidents.

What does resiliency in a system primarily aim to achieve?

Create tolerance to failure.

During which incident response phase is the incident discovered?

Detection and Analysis

What is a key difference between synchronous and asynchronous replication?

Asynchronous replication does not require real-time synchronization.

What is the main focus of the post-incident follow-up phase in incident response?

Investigating the cause of the incident.

What is the primary function of an Intrusion Detection System (IDS)?

To monitor the traffic on a network

Which of the following accurately describes Intrusion Prevention Systems (IPS)?

They function in inline mode to address issues immediately.

What is the main purpose of Advanced Threat Intelligence?

To help predict and detect cyberattacks

Natural disasters include which of the following events?

Hurricanes and earthquakes

Which type of disaster is characterized by human intervention and includes events like vandalism?

Human-caused disasters

What is emphasized as essential in Business Continuity Planning?

Having plans that ensure operation despite unforeseen events

Which of the following is NOT considered a type of natural disaster?

Vandalism

The functionality of NetFlow is primarily used for what purpose?

Providing statistics on packet flow through Cisco devices

What is considered a threat to high availability?

Severe weather events

Which principle is NOT part of the high availability design?

Data Encryption

What is the primary goal of high availability systems?

Ensuring uninterrupted access to data and services

What type of classification system should be applied to resources?

Asset classification system

Which of the following is a component of asset management?

Asset classification

What does asset standardization involve?

Specifying acceptable IT assets

What role does the CVE dictionary serve in threat identification?

It offers common vulnerabilities and exposure information.

Which of the following is part of a comprehensive asset inventory?

All hardware systems and applications

What is the primary goal of business continuity controls?

To maintain operations and recover quickly

Which of the following is NOT a step in business continuity best practices?

Exclusively backing up data

What does the concept of 'five nines' refer to?

A high availability standard allowing for minimal downtime

Why is documenting configurations important for business continuity?

To trace issues in disaster recovery procedures

What is the primary purpose of the Spanning Tree Protocol (STP)?

To ensure loop-free redundancy in network paths

What does the term 'first-hop redundancy' refer to?

The ability to automatically switch to a backup router if the main one fails

Which practice helps ensure that critical systems can be restored quickly?

Devising methods to quickly bring back critical systems

What should organizations do to adapt to chaotic situations during a disaster?

Write procedures to maintain functionality

Which of the following protocols provides both load balancing and redundancy?

Gateway Load Balancing Protocol (GLBP)

What is a critical component of identifying during the business continuity planning process?

Prioritizing critical systems and processes

What occurs when redundant paths in a network are established without implementing Spanning Tree Protocol (STP)?

Potential loops in the network

Which of the following statements about router redundancy is FALSE?

Router redundancy requires only one backup router

How can understanding dependencies for applications and processes aid in business continuity?

It allows for a clearer understanding of risk management

Which advantage does Virtual Router Redundancy Protocol (VRRP) provide?

One router acts as master and others as backups

What is the main function of a default gateway in a network?

To provide access to other networks or the Internet

Why might an organization consider implementing location redundancy?

To protect against failures at a single site

What does the term 'Five Nines' refer to in the context of high availability?

Systems are available 99.999% of the time.

Which of the following is NOT a measure to ensure high availability?

Allow for downtime maintenance

Which industry is likely to require high availability to maintain customer trust due to continuous trading?

Finance

What is the maximum amount of unplanned downtime allowed per year to achieve Five Nines availability?

5.26 minutes

How does incident response planning contribute to high availability?

It prepares organizations to react quickly to incidents.

Which environment is cited as needing high availability for providing around-the-clock care for patients?

Healthcare Facilities

What does designing for reliability involve in terms of high availability?

Building components that fail less frequently.

Why might sustaining Five Nines availability be considered too costly for some industries?

Resources for redundancy and reliability are limited.

Study Notes

Introduction to Cyber Security

• Introduction to Cyber Security
• Prepared by Dr. Mohamed Saeid Shalaby
• Date 2024

The Five Nines Concept

• Five nines mean systems and services are available 99.999% of the time
• Downtime is less than 5.26 minutes per year
• High availability refers to a system or component that operates continuously
• Ways to ensure high availability:
  • Eliminate single points of failure
  • Design for reliability
  • Detect failures as they occur

High Availability

• Explains the concept of high availability
• Explains how measures are used to improve availability
• Describes how an incident response plan improves high availability
• Describes how disaster recovery planning plays a role in implementing high availability

Measures to Improve Availability

• Asset Management

  • An organization needs to know its hardware and software assets to protect them.
  • Asset management involves a complete inventory of hardware and software
  • All components subject to security risks must be accounted for
    • Hardware systems
    • Operating systems
    • Hardware network devices
    • Network device operating Systems
    • Software applications
    • Firmware
    • Language runtime environments
    • Individual libraries
  • Organizations can use automated solutions to manage assets

• Asset Management (Cont.)

  • Asset classification - assigns all resources into groups based on common characteristics
  • Asset standardization - part of an IT asset management system, specifies acceptable IT assets that meet objectives
  • Threat identification - CVE dictionary identifies vulnerabilities and exposures
  • Risk Analysis - analyzes dangers to assets of an organization. Asset identification helps protect assets
  • Mitigation - reduces severity and likelihood of losses with technical controls such as authentication systems, file permissions, and firewalls

• Defense in Depth

  • Defense in depth helps organizations stay ahead of cybercriminals. Layered approaches provide multiple protection layers that work together
  • Limiting access to data and resources reduces the likelihood of threats
  • Diversity of controls and procedures at different layers prevents compromising the entire system
  • Obscuring information protects data from cybercriminals
  • Simplicity is crucial; too much complexity can lead to misconfigurations and failure

• Redundancy

  • Identifies and addresses single points of failures (SPOF) in hardware, processes, data, or essential utilities.
  • Modifies critical operations to not rely on a single element
  • Builds redundant components into critical operations to handle failures
  • N+1 redundancy means a system has at least one backup component in case a component fails

• Provides an example using a car (4 tires + spare)

• Redundant Array of Independent Disks (RAID) combines disks to improve performance and provide redundancy, spreads data across multiple disks for data recovery if a single disk fails - Parity, Striping, Mirroring ( RAID data storage methods )

  • Spanning Tree Protocol (STP) is a network protocol for redundancy, which prevents loops on a network when switches interconnect via multiple paths.
  • It ensures that redundant physical links are loop-free. STP intentionally blocks paths that would cause a loop.

• Redundancy (Cont.)

  • Router redundancy - involves installing backup routers and dynamic recovery from router malfunctions
    • Hot Standby Router Protocol (HSRP), Virtual Router Redundancy Protocol (VRRP), and Gateway Load Balancing Protocol (GLBP)
    • Provide high network availability and first-hop routing redundancy when a router fails

• Location Redundancy

  • Organizations may require location redundancy depending on needs
  • Methods of location redundancy
    • Synchronous - high bandwidth and close locations for real-time synchronization
    • Asynchronous Replication - less bandwidth, less real-time synchronization with locations further apart
    • Point-in-time Replication - periodic updates to backup data locations, which is the most network-friendly approach since it does not need a continuous connection

• System Resilience

  • Resiliency defines the methods and configurations used to make a system or network tolerate failures, beyond just adding redundancy.
  • Analyzing and understanding business needs

• Incident Response Phases

  • Preparation - planning for potential incidents
  • Detection and Analysis - discovering the incident
  • Containment and Eradication - limiting the effects and resolving the incident
  • Post Incident Follow-up - understanding the incident and its root cause

• Incident Response Technologies

  • Network Admission Control (NAC) - authorization for users with compliant systems
  • Intrusion Detection Systems (IDS) - passively monitor network traffic
  • Intrusion Prevention Systems - active monitoring of network problems
  • NetFlow and IPFIX - gathering packet statistics to help identify traffic
  • Advanced Threat Intelligence - helps detect attacks

• Disaster Recovery

  • Types of Disasters
    • Natural Disasters - geologica, meteorological, health, etc
    • Human-caused Disasters - labor, social, political, materials, etc

• Disaster Recovery Planning (Cont.)

  • Need for Business Continuity: Maintaining business operations during disasters
  • Business Continuity Considerations: Includes documenting configurations, establishing alternate communication channels, providing power, identifying dependencies, and understanding manual task performance

• Disaster Recovery Techniques (Cont.)

  • Business Continuity Best Practices: A guide to establishing business continuity plans

Description

This quiz covers key concepts in Cyber Security, focusing on the 'Five Nines' concept which emphasizes system availability. Understanding high availability and the measures to enhance it, such as incident response and disaster recovery plans, is crucial for maintaining cybersecurity. Prepare to test your knowledge on these fundamental topics!