chapter 8 pc operating class
228 Questions
0 Views

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to lesson

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

What is a privacy screen used for?

  • To secure a server in a rack
  • To prevent screen reading from wide angles (correct)
  • To control access to network ports
  • To lock a laptop to a table
  • Which type of lock could use biometric data for security?

  • Biometric lock (correct)
  • Keyed lock
  • Kensington lock
  • Combination lock
  • What is the primary function of port locks?

  • To secure laptops to tables
  • To restrict access to exposed ports (correct)
  • To prevent unauthorized access to server data
  • To keep private data under lock and key
  • For securing a laptop to a table, which lock would be most appropriate?

    <p>Kensington lock</p> Signup and view all the answers

    In a corporate environment, what purpose would a server lock serve?

    <p>To hold corporate data securely</p> Signup and view all the answers

    Which method should be used to prevent unauthorized access to the internal components of a desktop computer?

    <p>Using a computer case lock and key</p> Signup and view all the answers

    Which security measure is most suitable for preventing laptop theft?

    <p>Using a cable lock system</p> Signup and view all the answers

    What is a primary function of using a computer case lock and key for a desktop?

    <p>To prevent unauthorized physical intrusion</p> Signup and view all the answers

    In terms of physical security, which device is specifically designed to secure a laptop to a fixed object?

    <p>Cable lock system</p> Signup and view all the answers

    How can you prevent unauthorized access to the internal components of a desktop computer?

    <p>Using a computer case lock and key</p> Signup and view all the answers

    Which type of security device in the image is noted as tamper-evident?

    <p>Wire loop seal</p> Signup and view all the answers

    What is indicated by the serial number 200000 in the image?

    <p>An identifier for the wire loop seal</p> Signup and view all the answers

    Which device in the image can only be used once?

    <p>Wire loop seal</p> Signup and view all the answers

    Which of the following devices in the image is NOT specifically labeled?

    <p>PAD</p> Signup and view all the answers

    What is the primary material characteristic of the wire loop seal mentioned in the image?

    <p>Tamper-evident</p> Signup and view all the answers

    What is an important feature of a mantrap?

    <p>First door must close before second door can open</p> Signup and view all the answers

    What might a security guard maintain to control entry?

    <p>An entry control roster</p> Signup and view all the answers

    Which of the following is NOT a characteristic of a mantrap?

    <p>Both doors can remain open simultaneously</p> Signup and view all the answers

    Why might engraving ID information into a theft-prevention plate be effective?

    <p>It deters unauthorized access by making ownership identifiable</p> Signup and view all the answers

    What might be required when using a mantrap?

    <p>Multiple forms of separate ID</p> Signup and view all the answers

    What is the main function of antivirus/anti-malware software?

    <p>To monitor a device for harmful activity</p> Signup and view all the answers

    What is the purpose of email filtering?

    <p>To filter out suspicious messages based on known databases</p> Signup and view all the answers

    What is one function of Data Loss Prevention (DLP) software?

    <p>To help protect against leaking corporate data</p> Signup and view all the answers

    Why should you only download software from trusted sources?

    <p>To avoid harmful or malicious software</p> Signup and view all the answers

    What do Access Control Lists (ACL) do?

    <p>Control access to particular resources</p> Signup and view all the answers

    What is the purpose of port security on a switch?

    <p>To limit the number of devices that can connect to a switch</p> Signup and view all the answers

    How does MAC address filtering enhance network security?

    <p>By providing a whitelist of allowed MAC addresses</p> Signup and view all the answers

    What type of security measure could you use to control data transmission over a remote connection?

    <p>VPN</p> Signup and view all the answers

    Which security measure involves specifying the number of MAC addresses acceptable on a switch port?

    <p>MAC address filtering</p> Signup and view all the answers

    Which feature safeguards communication between a user's device and a private network?

    <p>VPN</p> Signup and view all the answers

    Which of the following tools does Mobile Device Management (MDM) software provide?

    <p>Tracking mobile devices</p> Signup and view all the answers

    Which of the following is included as an MDM policy?

    <p>Security policy enforcement</p> Signup and view all the answers

    What capability does MDM software offer for data security on mobile devices?

    <p>Data erasure upon device theft</p> Signup and view all the answers

    What is one of the data protection measures required by MDM policies?

    <p>Data encryption requirements</p> Signup and view all the answers

    Which of these is NOT typically an MDM policy?

    <p>Administering web hosting services</p> Signup and view all the answers

    Which of the following is a part of enforcing a password policy?

    <p>Ensuring password reset frequency</p> Signup and view all the answers

    Which factor in multifactor authentication refers to something the user knows?

    <p>A password</p> Signup and view all the answers

    What does two-factor authentication (2FA) usually combine?

    <p>What the user knows and what the user possesses</p> Signup and view all the answers

    Which method increases authentication security by using biometric data?

    <p>Using two-factor authentication</p> Signup and view all the answers

    What is an example of something the user possesses in multifactor authentication?

    <p>A smart card</p> Signup and view all the answers

    Which of the following is a characteristic of a smart card used as a hardware security token?

    <p>Contains an embedded microprocessor</p> Signup and view all the answers

    What is the primary function of a digital certificate in software security tokens?

    <p>To act as a digital signature verifying identity</p> Signup and view all the answers

    Who assigns digital certificates?

    <p>Certificate Authority</p> Signup and view all the answers

    Which of the following is NOT a type of hardware security token?

    <p>Software token app</p> Signup and view all the answers

    Which device typically stores a software token?

    <p>Smartphone</p> Signup and view all the answers

    What does AAA stand for in the context of network security?

    <p>Authentication, Authorization, and Accounting</p> Signup and view all the answers

    Which protocol is specifically designed for the centralized management of network authentication services?

    <p>RADIUS</p> Signup and view all the answers

    Which of the following is not a function typically associated with TACACS+?

    <p>Data Encryption</p> Signup and view all the answers

    What is the primary purpose of the accounting function in AAA?

    <p>To track users' access and services used</p> Signup and view all the answers

    Which solution among the following is considered a popular choice for providing AAA services in large networks?

    <p>RADIUS</p> Signup and view all the answers

    Which of the following encryption methods is used by RADIUS?

    <p>Encrypts user passwords only</p> Signup and view all the answers

    What is the primary use of TACACS+?

    <p>Cisco network device administrative access</p> Signup and view all the answers

    Which characteristic differentiates RADIUS and TACACS+ in terms of protocol?

    <p>RADIUS uses UDP, TACACS+ uses TCP</p> Signup and view all the answers

    Which network types are supported by both RADIUS and TACACS+?

    <p>Wired and VPN</p> Signup and view all the answers

    What protocol does RADIUS rely on for transmission across corporate networks?

    <p>UDP</p> Signup and view all the answers

    Which of the following describes the encryption used by TACACS+?

    <p>Encrypts every message</p> Signup and view all the answers

    What does an Acceptable Use Policy (AUP) document explain?

    <p>What users can and cannot do on the corporate network</p> Signup and view all the answers

    Which action should users take to prevent shoulder surfing?

    <p>Be aware of their surroundings and shield their monitor screen</p> Signup and view all the answers

    What should a user do every time they step away from their workstation?

    <p>Lock down their workstation</p> Signup and view all the answers

    What does tailgating refer to in a security context?

    <p>Following an employee through a secured entrance without authorization</p> Signup and view all the answers

    Which of the following is a key security measure for password management?

    <p>Never give out passwords to anyone</p> Signup and view all the answers

    Which type of phishing appears to come from companies you already do business with?

    <p>Spear phishing</p> Signup and view all the answers

    What does spoofing involve?

    <p>Making both the email and the website look like the real thing</p> Signup and view all the answers

    What does phishing typically aim to achieve?

    <p>Getting users to give away personal data</p> Signup and view all the answers

    How might a hacker use dumpster diving?

    <p>By searching through trash for valuable information</p> Signup and view all the answers

    Which manipulation technique involves sending a general scam email asking for personal data?

    <p>Phishing</p> Signup and view all the answers

    Which of the following websites can help debunk a virus hoax?

    <p>all of the above</p> Signup and view all the answers

    What should you do to protect your laptop when traveling?

    <p>Always know where your laptop is</p> Signup and view all the answers

    Which measure should you take to secure your laptop at work?

    <p>Lock it in a secure place or use a laptop cable lock</p> Signup and view all the answers

    Which rule is crucial for safeguarding your laptop in an unlocked car?

    <p>Never leave a laptop in an unlocked car</p> Signup and view all the answers

    Which site is known for investigating urban legends including virus hoaxes?

    <p>snopes.com</p> Signup and view all the answers

    What is the primary characteristic of malicious software?

    <p>It means harm and is transmitted without the user's knowledge</p> Signup and view all the answers

    Which of the following best describes grayware?

    <p>A program that is annoying and unwanted but might not intend harm</p> Signup and view all the answers

    Which of the following is NOT true about malicious software?

    <p>It can be classified as grayware</p> Signup and view all the answers

    How does grayware typically differ from malware?

    <p>Grayware may or may not intend harm, whereas malware always intends harm</p> Signup and view all the answers

    What is a common characteristic shared by both malicious software and grayware?

    <p>Both are annoying and unwanted</p> Signup and view all the answers

    Which program can replicate itself by attaching to other programs?

    <p>Virus</p> Signup and view all the answers

    What is the primary function of spyware?

    <p>Spies on a user and collects personal information</p> Signup and view all the answers

    Which of the following is an example of spyware?

    <p>Keylogger</p> Signup and view all the answers

    Which type of malware is characterized by its ability to overload networks?

    <p>Worm</p> Signup and view all the answers

    What makes a worm different from a virus?

    <p>Worms spread without needing a host program</p> Signup and view all the answers

    Which malware substitutes itself for a legitimate program?

    <p>Trojans</p> Signup and view all the answers

    Which type of malware can hide in the boot manager?

    <p>Rootkits</p> Signup and view all the answers

    What does ransomware do to a computer system?

    <p>Holds the system hostage until a ransom is paid</p> Signup and view all the answers

    Which of the following can hijack internal Windows components to mask information?

    <p>Rootkits</p> Signup and view all the answers

    What distinctive feature do trojans have compared to other types of malware?

    <p>Does not need a host program to work</p> Signup and view all the answers

    In which mode can a rootkit intercept data from Task Manager and Explorer?

    <p>User-mode</p> Signup and view all the answers

    Which component is resistant to user-mode rootkit interception?

    <p>Kernel-mode processes</p> Signup and view all the answers

    What can a kernel-mode rootkit intercept?

    <p>Data from kernel-mode processes</p> Signup and view all the answers

    Which of the following is NOT a target of rootkit data interception?

    <p>Hardware components</p> Signup and view all the answers

    What does Figure 8-13 illustrate about rootkits?

    <p>Rootkits can run in both user mode and kernel mode.</p> Signup and view all the answers

    What is the primary characteristic of a zero-day attack?

    <p>It exploits a security hole unknown to the developer.</p> Signup and view all the answers

    Which attack involves intercepting and potentially altering communications between two parties?

    <p>Man-in-the-middle attack</p> Signup and view all the answers

    What does a DoS attack primarily aim to do?

    <p>Prevent new connections by overwhelming a system with traffic</p> Signup and view all the answers

    When does a hacker typically take advantage of a recently reported software security gap?

    <p>In a Zero-day attack</p> Signup and view all the answers

    Which attack involves multiple computers to achieve its purpose?

    <p>Distributed denial-of-service attack</p> Signup and view all the answers

    What is the primary purpose of a zombie computer in a cyber attack?

    <p>To run repetitive software in the background</p> Signup and view all the answers

    What distinguishes a botnet from a single zombie computer?

    <p>A botnet refers to an entire network of zombie computers</p> Signup and view all the answers

    What technique relies on trying words from a dictionary to crack a password?

    <p>Dictionary attack</p> Signup and view all the answers

    What do rainbow tables contain that aids in password cracking?

    <p>Encrypted password lists and corresponding plaintext passwords</p> Signup and view all the answers

    Which of the following best describes a rainbow table attack?

    <p>It matches precomputed hash values with their plaintext passwords</p> Signup and view all the answers

    Which product is designed to scan devices for noncompliance?

    <p>System Center Configuration Manager by Microsoft</p> Signup and view all the answers

    What is a common reason for scanning BYOD and corporate-owned devices?

    <p>To identify noncompliant systems</p> Signup and view all the answers

    Which of the following violates security best practices?

    <p>Noncompliant systems</p> Signup and view all the answers

    Who needs techniques in place to routinely scan devices for noncompliance?

    <p>System Administrators</p> Signup and view all the answers

    What does System Center Configuration Manager primarily address?

    <p>Device noncompliance</p> Signup and view all the answers

    Which of the following is a common symptom of malware affecting system performance?

    <p>Slow performance or lock ups</p> Signup and view all the answers

    What might suggest the presence of rogue antivirus software on a computer?

    <p>Rogue antivirus software</p> Signup and view all the answers

    Which of these issues can indicate problems with digital certificates due to malware?

    <p>Invalid digital certificates</p> Signup and view all the answers

    Which symptom is likely associated with problems updating anti-malware software?

    <p>Problems updating anti-malware software</p> Signup and view all the answers

    What does browser redirection typically signal about a computer's security status?

    <p>Malware is likely present</p> Signup and view all the answers

    What does the Action Center indicate about the status of Windows Defender?

    <p>Windows Defender has been disabled.</p> Signup and view all the answers

    What is the first step to take if an infected computer is connected to a wired or wireless network?

    <p>Disconnect the cable or turn off the wireless adapter</p> Signup and view all the answers

    What must be done before cleaning up an infected system?

    <p>Back up data to another media</p> Signup and view all the answers

    When downloading anti-malware software for an infected computer, what should you do with the other computers?

    <p>Disconnect them from the network</p> Signup and view all the answers

    Which network state is necessary for a quarantined computer?

    <p>Completely disconnected from the regular network</p> Signup and view all the answers

    Why is it necessary to boot into Safe Mode with Networking after connecting to the ISP to download anti-malware software?

    <p>It allows the system to operate with minimal resources and services</p> Signup and view all the answers

    Why is it necessary to turn off System Protection when removing malware?

    <p>Because it allows anti-malware software to access the System Volume Information folder</p> Signup and view all the answers

    What is a significant consequence of turning off System Protection?

    <p>Loss of all current system restore points</p> Signup and view all the answers

    Where do some types of malware hide their program files which renders anti-malware software ineffective if System Protection is on?

    <p>In the System Volume Information folder</p> Signup and view all the answers

    What steps should be followed to turn off System Protection?

    <p>Open Control Panel -&gt; System -&gt; System protection</p> Signup and view all the answers

    What could happen if you don’t turn off System Protection while running anti-malware software?

    <p>Anti-malware software won't be able to clean the System Volume Information folder</p> Signup and view all the answers

    What should you check before selecting anti-malware software?

    <p>Reviews and ratings from reliable websites</p> Signup and view all the answers

    Which condition may prevent a computer from booting if infected?

    <p>Infected or damaged boot manager, boot loader, or kernel mode drivers</p> Signup and view all the answers

    What environment should you launch into if an infected computer will not boot?

    <p>Windows Recovery Environment (Windows RE)</p> Signup and view all the answers

    Which process should be used in Windows Recovery Environment to repair a system that will not boot?

    <p>Startup Repair</p> Signup and view all the answers

    Which of the following might be a reason an infected computer will not boot?

    <p>Infected boot manager, boot loader, or kernel mode drivers</p> Signup and view all the answers

    What should you do after updating anti-malware software?

    <p>Run a full scan</p> Signup and view all the answers

    Which method can be used to run anti-malware software if the computer system is severely infected and unstable?

    <p>Install and run anti-malware software in safe mode</p> Signup and view all the answers

    What is one method to perform an anti-malware scan before the operating system boots?

    <p>Run an anti-malware scan from a bootable media</p> Signup and view all the answers

    Why would you run more than one anti-malware scan with different software?

    <p>To ensure all types of malware are detected</p> Signup and view all the answers

    Which method allows you to run anti-malware software from a clean environment and avoid further infection?

    <p>Run anti-malware software from a networked computer</p> Signup and view all the answers

    Which task should be performed to address issues that appear when a system starts?

    <p>Respond to any startup errors</p> Signup and view all the answers

    Why is it necessary to research malware types and program files after an infection?

    <p>To understand how the malware operates and eliminate it</p> Signup and view all the answers

    Which of the following actions would help in removing remnants of malware from the Windows registry?

    <p>Cleaning the registry</p> Signup and view all the answers

    What might you do to ensure browsers are free from malicious extensions and software?

    <p>Clean up browsers and uninstall unwanted programs</p> Signup and view all the answers

    Which step involves actively removing unwanted and malicious software components left on a system?

    <p>Delete files</p> Signup and view all the answers

    What is essential for keeping a system clean from malware?

    <p>Using anti-malware software</p> Signup and view all the answers

    Which practice ensures your system is safeguarded from unauthorized access?

    <p>Keeping Windows updates current</p> Signup and view all the answers

    Why is it important to use a software firewall?

    <p>It provides protection against malware</p> Signup and view all the answers

    What should you do to maintain a clean system after removing malware?

    <p>Schedule regular system scans</p> Signup and view all the answers

    Which action is a best practice to protect a system against malware?

    <p>Using anti-malware software</p> Signup and view all the answers

    When should you turn System Protection back on?

    <p>After the system is clean</p> Signup and view all the answers

    What is the purpose of creating a restore point?

    <p>To restore system settings to a specific point in time</p> Signup and view all the answers

    Which of the following is essential before creating a restore point?

    <p>Cleaning the system from malware or viruses</p> Signup and view all the answers

    What could happen if System Protection is not turned on after cleaning the system?

    <p>You will not be able to create new restore points</p> Signup and view all the answers

    How often should a restore point ideally be created?

    <p>Before installing new software</p> Signup and view all the answers

    What should you educate the user about to keep the system free from malware?

    <p>Tips on how to avoid downloading Trojans</p> Signup and view all the answers

    Despite all security measures, what risk still remains that users should be aware of?

    <p>Downloading and executing a Trojan</p> Signup and view all the answers

    Why is user education essential in malware prevention?

    <p>To teach them how to recognize and avoid malware, such as Trojans</p> Signup and view all the answers

    What is a Trojan and why is it dangerous?

    <p>Malware that disguises itself as legitimate software</p> Signup and view all the answers

    What is one crucial aspect of maintaining a secure system environment?

    <p>Regularly educating users on malware prevention</p> Signup and view all the answers

    Why do IT departments rely on good documentation and security policies?

    <p>To set expectations and standards for security in the entire organization</p> Signup and view all the answers

    Which of the following is not mentioned as part of the chapter covering best practices for documentation and security policies?

    <p>Methods for data encryption</p> Signup and view all the answers

    What is one of the key areas covered in the chapter about best practices for documentation and security policies?

    <p>Types of documentation</p> Signup and view all the answers

    For what purpose do IT departments use good security policies?

    <p>To set expectations and standards for security in the entire organization</p> Signup and view all the answers

    Which of the following is a fundamental aspect of good documentation for IT departments?

    <p>Setting expectations and standards for security</p> Signup and view all the answers

    What might a knowledge base include?

    <p>Articles containing text, images, or video</p> Signup and view all the answers

    What is the primary purpose of inventory management in network documentation?

    <p>To track end-user devices, IP addresses, and software licenses</p> Signup and view all the answers

    Which feature might be used in inventory management to help with asset tracking?

    <p>Asset tags and theft-prevention plates with barcodes</p> Signup and view all the answers

    Which type of documentation would include a map of a network topology?

    <p>Network topology diagrams</p> Signup and view all the answers

    What might be included in a knowledge base for a product?

    <p>A collection of informational articles and videos</p> Signup and view all the answers

    What is a key responsibility of a change manager?

    <p>Defining how new software will affect people</p> Signup and view all the answers

    How is change management integrated with project management?

    <p>It is closely integrated and often involves the same teams</p> Signup and view all the answers

    What ensures that people affected by a project can transition smoothly to the end result?

    <p>Well-managed change processes</p> Signup and view all the answers

    Which of the following is NOT a task likely to be managed by a change manager?

    <p>Developing new product features</p> Signup and view all the answers

    Which statement about change management is accurate?

    <p>It involves managing communication, scheduling, training, and support</p> Signup and view all the answers

    What is the initial step in the general flow of change management?

    <p>Purpose of change</p> Signup and view all the answers

    Which component is NOT included in the documented change plans?

    <p>End-user acceptance</p> Signup and view all the answers

    At what stage is the Request for Comments (RFC) sought?

    <p>After documented change plans</p> Signup and view all the answers

    What does the CAB stand for in change management?

    <p>Change Advisory Board</p> Signup and view all the answers

    What criteria is used to determine if a change was successful?

    <p>Purpose fulfilled, end-user acceptance, completed on time and within budget</p> Signup and view all the answers

    What is one of the primary goals of documented business processes?

    <p>Achieving an efficient and cost-effective service</p> Signup and view all the answers

    Which of the following best describes the purpose of a change request process?

    <p>To propose and formally submit necessary changes</p> Signup and view all the answers

    When are complex changes often submitted to a change advisory board (CAB)?

    <p>When they require high-level management approval</p> Signup and view all the answers

    Which of the following is NOT a typical desired business goal of documented business processes?

    <p>High employee turnover</p> Signup and view all the answers

    What does a change request process typically specify?

    <p>What needs to be changed</p> Signup and view all the answers

    Which of the following is NOT typically included in the scope of a change plan?

    <p>Amount of budget allocated for the change</p> Signup and view all the answers

    In change management, what is the primary purpose of risk analysis?

    <p>To identify potential problems and prevent surprises or crises</p> Signup and view all the answers

    Which of the following aspects is included in the change plan to measure its success?

    <p>How success is measured and the completion criteria</p> Signup and view all the answers

    Which characteristic best defines the scope of change in a change plan?

    <p>Key components of the change and their addressing methods</p> Signup and view all the answers

    What does the process of risk analysis primarily seek to achieve in change management?

    <p>Identifying potential problems</p> Signup and view all the answers

    Which of the following statements accurately describes change documentation in smaller organizations?

    <p>They may manually document changes using tools like MS Word or Excel</p> Signup and view all the answers

    What is a common practice in documenting change plans?

    <p>Updating change plans throughout the entire change management process</p> Signup and view all the answers

    Why might large organizations prefer software like Alloy Software for change management?

    <p>It automates and streamlines the documentation process</p> Signup and view all the answers

    Which of the following is NOT a characteristic of change documentation mentioned?

    <p>Documentation is done only at project completion</p> Signup and view all the answers

    What is a distinguishing factor between how large and small organizations document changes?

    <p>Large organizations often use specialized software, while small organizations may use basic tools like MS Word or Excel</p> Signup and view all the answers

    Which type of regulated data specifically deals with health information?

    <p>PHI</p> Signup and view all the answers

    What does GDPR stand for and which region does it apply to?

    <p>General Data Protection Regulation; European Union</p> Signup and view all the answers

    Which of the following best describes regulatory and compliance policies?

    <p>A collection of regulations, policies, and laws specific to each industry</p> Signup and view all the answers

    What type of information is protected under PCI standards?

    <p>Credit card data</p> Signup and view all the answers

    What is considered PII in the context of data regulation?

    <p>Personal identity information</p> Signup and view all the answers

    Which type of regulated data focuses on protecting personal identity?

    <p>PII (personally identifiable information)</p> Signup and view all the answers

    What is the main purpose of GDPR?

    <p>Ensuring data protection and privacy for individuals within the EU</p> Signup and view all the answers

    Which of the following is considered regulated data under Payment Card Industry standards?

    <p>Credit card numbers</p> Signup and view all the answers

    Which type of information is protected under PHI?

    <p>Medical records</p> Signup and view all the answers

    Regulatory and compliance policies are applicable to which of the following?

    <p>All industries</p> Signup and view all the answers

    Who holds the right to copy a piece of work, as mentioned in the content?

    <p>The creator of the work</p> Signup and view all the answers

    What document states your rights to use or copy software when you install it?

    <p>End User License Agreement (EULA)</p> Signup and view all the answers

    What is the consequence of making unauthorized copies of original software?

    <p>It is considered software piracy</p> Signup and view all the answers

    What does a commercial license grant the user?

    <p>The right to use the software</p> Signup and view all the answers

    Who can transfer the right to copy a work to others?

    <p>The creator of the work</p> Signup and view all the answers

    What is considered an incident in a corporate environment?

    <p>Negative impact on safety or corporate resources</p> Signup and view all the answers

    Which activity is part of the first response duties for prohibited content and activities?

    <p>Identify and go through proper channels</p> Signup and view all the answers

    What is NOT included in the first response duties following an incident?

    <p>Immediate media briefing</p> Signup and view all the answers

    Which of the following steps helps in preserving evidence during an incident response?

    <p>Preserve data and devices</p> Signup and view all the answers

    What does incident documentation involve?

    <p>Documenting the sequence of events</p> Signup and view all the answers

    What is the primary purpose of using a degausser?

    <p>To expose a storage device to a strong electromagnetic field</p> Signup and view all the answers

    Which method is specifically recommended for sanitizing solid-state devices?

    <p>Using a Secure Erase utility</p> Signup and view all the answers

    Which of the following methods is used to destroy printed documents?

    <p>Use a shredder</p> Signup and view all the answers

    What does physically destroying the storage media achieve?

    <p>It completely erases data by making the media unusable</p> Signup and view all the answers

    Which method should NOT be used for sanitizing magnetic storage devices?

    <p>Using a Secure Erase utility</p> Signup and view all the answers

    Which security method is used to prevent unauthorized physical access to a server?

    <p>A locked door</p> Signup and view all the answers

    Which of the following is a logical security control to restrict network access?

    <p>VPN connection</p> Signup and view all the answers

    What additional user authentication method can be used in large networks other than a Windows password?

    <p>Multifactor authentication</p> Signup and view all the answers

    Which AAA service is used for centralized management of network authentication?

    <p>RADIUS</p> Signup and view all the answers

    Which security measure helps in protecting a laptop when traveling?

    <p>Engraving ID information on a theft-prevention plate</p> Signup and view all the answers

    Which of the following is a symptom of malware?

    <p>You see pop-up ads frequently</p> Signup and view all the answers

    What should be done first when cleaning up an infected system?

    <p>Quarantine the infected system</p> Signup and view all the answers

    Which type of malware involves using a large number of compromised devices to overwhelm a target?

    <p>DDoS attacks</p> Signup and view all the answers

    What is an example of security documentation?

    <p>Acceptable use policy</p> Signup and view all the answers

    What should be done after remediating the system in the malware clean-up process?

    <p>Enable System Protection</p> Signup and view all the answers

    Which of the following is NOT considered a type of malware?

    <p>Adware</p> Signup and view all the answers

    What is the purpose of a chain-of-custody document?

    <p>To provide a paper trail of evidence in a criminal case</p> Signup and view all the answers

    Which tool is NOT mentioned for data destruction?

    <p>Flash drive</p> Signup and view all the answers

    What type of data may be protected by regulatory and compliance policies?

    <p>PII, PHI, PCI, and GDPR</p> Signup and view all the answers

    What type of certificate might a professional data destruction service provide?

    <p>Certificate of destruction</p> Signup and view all the answers

    Which of the following is NOT a method for destroying data?

    <p>Encryption</p> Signup and view all the answers

    Study Notes

    Best Practices for Physical Security

    • Privileged data should be stored in a locked environment to maintain confidentiality.
    • Door and safe locking options include:
    • Keyed locks
    • Combination locks
    • Biometric locks
    • Server locks or cable locks can be used to secure devices holding sensitive corporate data to prevent theft or tampering.
    • Cable locks, also known as Kensington locks, can be used to physically secure laptops or computers to tables or immovable objects.

    Securing Devices and Ports

    • Server locks are commonly used on computers that store corporate data to restrict unauthorized access.
    • Port locks can be used to restrict physical access to exposed ports on devices, preventing unauthorized connections.

    Protecting Displayed Data

    • Privacy screens can be fitted over displays to prevent sensitive information from being read from a wide angle, maintaining confidentiality.

    Physical Security Best Practices

    • Private data should be stored in locked areas or containers, such as safes or locked rooms
    • Door locks and safes can be secured using keyed locks, combination locks, or biometric locks

    Securing Devices

    • Server locks are used to secure computers that hold corporate data
    • Cable locks or Kensington locks can be used to secure laptops or computers to tables, preventing theft or tampering
    • Computer cases can be locked with a computer case lock and key to prevent intrusion

    Port Security

    • Port locks can be used to restrict physical access to exposed ports

    Display Security

    • Privacy screens can be used to prevent screens from being read from a wide angle

    Physical Security Devices

    • Reusable port locks are available for securing computer ports
    • Wire loop seals are tamper-evident and can only be used once
    • Types of security devices for computer ports include:
      • RJ-45 locks
      • PAD locks
      • USB locks
      • Wire loop seals
    • A wire loop seal may have a unique serial number, such as 200000, for identification purposes

    Physical Security Best Practices

    • Install a theft-prevention plate to deter theft and identify stolen equipment
      • Embed the plate into the case or engrave ID information into it for maximum security

    Access Control Measures

    • Implement a mantrap with a security guard for enhanced access control
      • A mantrap consists of two doors on either end of a small entryway
      • The first door must close before the second door can open to prevent unauthorized access
      • Separate forms of ID might be required for each door to add an extra layer of security
      • A security guard may maintain an entry control roster, which is a list of authorized personnel

    Logical Security Measures

    • Antivirus/anti-malware software monitors devices for harmful activity to data or resources.
    • Email filtering blocks suspicious messages based on databases of known scams, spammers, and malware.
    • Data loss prevention (DLP) software protects against corporate data leakage.

    Access Control

    • Access control lists (ACL) regulate access to resources for users, devices, or programs.
    • Trusted software sources ensure software downloads come from reputable publishers and providers.

    Software-Based Security Measures

    • Port Security: controls which devices can use any port or a specific port on the switch
    • MAC Address Filtering: specifies the number of MAC addresses a port can accept or provides a whitelist of MAC addresses the switch will accept

    Virtual Private Network (VPN)

    • Data Protection: encrypts data over a remote connection to a private network

    Software-Based Security Measures

    • Mobile device management (MDM) software provides tools for:
      • Tracking mobile devices
      • Managing data on mobile devices
    • MDM policies include:
      • Enforcement of security policies
      • Requirements for data encryption
      • Capabilities for remote wipe

    User Authentication

    • Increasing authentication security can be done using methods beyond a Windows password.
    • Enforcing a password policy involves setting rules that define:
      • Minimum password length
      • Complexity requirements
      • Frequency of password resets

    Multifactor Authentication

    • Enforcing multifactor authentication enhances security by requiring two or more factors.
    • In two-factor authentication (2FA), the two factors typically involve:
      • Something the user knows (e.g., Windows password)
      • Something the user possesses (e.g., a smart card or token)
      • Something the user does (e.g., typing a certain way)
      • Something the user is (e.g., biometric data, such as a fingerprint)

    Hardware Security Tokens

    • Two types of hardware security tokens exist: smart cards and key fobs.
    • Smart cards have an embedded microprocessor installed on the card, typically under a small gold plate.
    • Key fobs are another type of hardware security token.

    Software Security Tokens

    • Software security tokens can be stored as an app or digital certificate on a computing device.
    • Software token apps are installed on smartphones or other computing devices.
    • A digital certificate is like a digital signature that verifies a person or entity's identity.
    • Digital certificates are assigned by a Certificate Authority (CA) that has confirmed the individual's or entity's identity.

    User Authentication

    • AAA (Authentication, Authorization, and Accounting) are three fundamental security measures used to secure network access.

    AAA Services

    • RADIUS (Remote Access Dial-In User Service) is a popular solution for providing AAA services in large networks.
    • TACACS+ (Terminal Access Controller Access Control System Plus) is another widely used solution for providing AAA services in large networks.

    User Authentication Characteristics

    • RADIUS is primarily used for end-user network access, whereas TACACS+ is intended for Cisco network device administrative access.
    • RADIUS encrypts only user passwords, whereas TACACS+ encrypts every message.
    • RADIUS uses UDP, a protocol that does not guarantee transmission over the corporate network, whereas TACACS+ uses TCP, which guarantees transmissions.
    • Both RADIUS and TACACS+ support various network connections, including wireless, wired, and VPN.

    User Education

    • Acceptable Use Policy (AUP) is a document outlining permitted and prohibited actions on a corporate network.

    Security Measures for Users

    • Password Security:
      • Never share passwords with anyone
      • Avoid storing passwords on computers
      • Use unique passwords for each system
    • Physical Security:
      • Prevent shoulder surfing by being aware of onlookers trying to peek at your monitor screen
      • Lock down your workstation every time you leave it unattended
    • Access Control:
      • Be cautious of tailgating, where an unauthorized person follows an employee through a secured entrance
      • Avoid letting others continue to use your Windows session after you've finished

    Hacker Techniques

    • Hackers may engage in dumpster diving, which involves searching for sensitive information in someone's trash.
    • Phishing is a type of identity theft where an email scammer tricks victims into responding with personal data.
    • Spear phishing is a targeted hoax email that appears to come from a company the victim already does business with.
    • Spoofing involves creating a fake email and website that mimic the real thing, making it difficult to distinguish from legitimate sources.
    • Malicious emails may contain links that lead to malicious scripts, which can compromise security.

    Debunking Email Hoaxes and Virus Hoaxes

    • Use reputable websites to verify the authenticity of emails and viruses, such as snopes.com, securelist.com, and virusbtn.com, to avoid falling prey to hoaxes.

    Laptop Security When Traveling

    • Always be aware of your laptop's location to prevent theft or loss.
    • Avoid leaving your laptop in an unlocked car, as it can be an easy target for thieves.
    • When at work, ensure your laptop is secure by locking it in a safe place or using a laptop cable lock to secure it to your desk.

    Malicious Software

    • Malicious software, also known as malware, refers to any unwanted program that has the intention to cause harm.
    • Malware is transmitted to a computer without the user's knowledge or consent.

    Grayware

    • Grayware is a type of unwanted program that is annoying and unwanted.
    • Grayware may or may not intend to cause harm, but it is still unwanted on a computer.

    Malware Types

    • Viruses: malicious programs that replicate by attaching themselves to other programs, including applications, macros, Windows system files, or boot loader programs.

    Spyware Characteristics

    • Spyware monitors user activity and collects personal information without consent.
    • Keyloggers are a type of spyware that tracks every keystroke, allowing hackers to steal sensitive data like identities and credit card numbers.

    Worms

    • Worms are self-replicating malware that spread throughout networks or the internet without requiring a host program.
    • Worms can cause network overloads by creating excessive traffic.

    Types of Malware

    • Trojans are standalone malware that don't require a host program to function.
    • Trojans disguise themselves as legitimate programs, often spread through web downloads or phishing email attachments.

    Rootkits

    • Rootkits load before the Operating System (OS) boots up, making them difficult to detect.
    • Rootkits can conceal themselves in boot managers, boot loader programs, or kernel mode device drivers.
    • They can hide folders containing software they've installed, as well as hijack internal Windows components to manipulate information displayed to users.

    Ransomware

    • Ransomware is a type of malware that holds a computer system hostage until a ransom is paid.

    Rootkit Locations

    • User-mode processes, such as Task Manager and Explorer, are vulnerable to user-mode rootkit interception.
    • Kernel-mode processes are susceptible to kernel-mode rootkit interception.
    • Rootkits can also target files stored on the hard drive.

    Rootkit Modes

    • Rootkits can operate in user mode or kernel mode.
    • The mode of operation determines the level of access and control the rootkit has over the system.

    Types of Cyber Attacks

    • A zero-day attack occurs when a hacker exploits a previously unknown security vulnerability in software, before the developer becomes aware of it and can release a patch.
    • In a zero-day attack, the hacker takes advantage of a newly discovered gap in software security before users can apply patches, leaving them vulnerable to attack.

    Man-in-the-Middle Attacks

    • A man-in-the-middle attack involves an attacker intercepting communication between two parties, allowing them to read and/or alter the content of messages.

    Denial of Service (DoS) Attacks

    • A denial of service (DoS) attack involves overwhelming a computer or network with requests or traffic, preventing it from accepting new connections.
    • A distributed denial-of-service (DDoS) attack is a type of DoS attack that involves multiple computers working together to overwhelm a system.

    Types of Cyber Threats

    • A zombie is a compromised computer that is remotely controlled by a hacker to perform malicious tasks, often running repetitive software in the background without the owner's knowledge.
    • A botnet is a network of zombie computers that can be controlled remotely by an attacker to launch large-scale cyber attacks.

    Password Cracking Techniques

    • Dictionary Attack: a method used to crack passwords by systematically trying words found in a dictionary, often used to crack weak or commonly used passwords.
    • Rainbow Tables: a precomputed table of plaintext passwords and their corresponding password hashes, used to reverse-engineer passwords from their hashed values, making it easier to crack passwords.

    Threats to Security

    • Noncompliant systems and security best practice violations pose a significant threat
    • These threats can be found in both Bring Your Own Device (BYOD) and corporate-owned devices

    Identifying Noncompliant Systems

    • System administrators need techniques to regularly scan devices for noncompliance
    • The goal is to identify systems that violate security best practices

    Tools for Identifying Noncompliant Systems

    • System Center Configuration Manager is a product designed to scan devices for noncompliance
    • This product is offered by Microsoft

    Malware Symptoms

    • Malware presence is suspected if a system displays pop-up ads and browser redirection
    • Rogue antivirus software may be installed, posing as legitimate security software
    • System performance issues, such as slow performance or lockups, can indicate malware activity
    • Connectivity problems, including internet connection failures, application crashes, and failed OS updates, may be caused by malware
    • System and application log errors can be a sign of malware infection
    • File management issues, including problems accessing or modifying files, can be a symptom of malware
    • Email problems, such as undelivered or disappeared emails, may be caused by malware
    • Failure to update anti-malware software can be a sign of malware blocking security updates
    • Invalid digital certificates can be a sign of malware tampering with system security

    Identifying Malware Symptoms through Action Center

    • Action Center monitors Security, Network firewall, Windows Updates, and Virus protection to help identify malware symptoms.

    Action Center Warnings

    • Security warning: Windows detects the absence of antispyware software, prompting the user to install one online to protect the PC.
    • Note: Avoid running multiple antivirus apps simultaneously to prevent conflicts; disable Windows Defender if using another antivirus software.
    • Optional: Turn off notifications about spyware and unwanted software.

    Current System Status

    • Network firewall: Windows Firewall is actively protecting the PC.
    • Windows Updates: Automatic installation of updates is enabled.
    • Virus protection: POKeeper Antivirus is currently running, but may be a rogue software.

    Quarantining an Infected System

    • Immediately disconnect an infected computer from the network by removing the wired cable or turning off the wireless adapter
    • A quarantined computer is isolated from the regular network to prevent the spread of malware

    Downloading Anti-Malware Software

    • When downloading anti-malware software, disconnect all other computers from the network
    • Connect the infected computer directly to the Internet Service Provider (ISP)
    • Boot the infected computer into Safe Mode with Networking to download the software

    Backing Up Data

    • Before cleaning the infected system, back up important data to an external media to prevent data loss

    Disabling System Restore to Remove Malware

    • Malware can hide in restore points in the System Volume Information folder, which is protected by System Protection.
    • System Protection prevents anti-malware software from cleaning the protected folder.
    • Turning off System Protection allows anti-malware software to clean the System Volume Information folder and remove malware.
    • However, turning off System Protection results in the loss of all existing restore points.
    • To disable System Protection, go to Control Panel, open the System window, and click on System protection.

    Remediating the Infected System

    • Research anti-malware software by reading reviews and checking reliable websites that rate them

    When an Infected Computer Won't Boot

    • Possible causes of the infection include the boot manager, boot loader, or kernel mode drivers being infected or damaged
    • Solution: Launch the computer into Windows Recovery Environment (Windows RE) to repair the system
    • In Windows RE, use the Startup Repair process to fix the system

    Remediating the Infected System

    • Update and run anti-malware software already installed on the infected system to perform a full scan
    • Alternatively, run anti-malware software from a networked computer to scan the infected system
    • Install and run anti-malware software directly on the infected computer to detect and remove malware
    • Install and run anti-malware software in safe mode to prevent malware from interfering with the scan
    • Run an anti-malware scan before Windows boot to detect and remove malware before the operating system loads
    • Run multiple scans of anti-malware software to increase the chances of detecting and removing all malware

    Remediating the Infected System

    • Respond to startup errors after malware removal to ensure system stability
    • Research malware types and associated program files to identify malicious components
    • Delete infected files to prevent further damage
    • Clean the registry to remove malware-defined entries and values
    • Clean up browsers by removing malicious extensions and add-ons
    • Uninstall unwanted programs that may be malicious or vulnerable to infection

    Protecting the System

    • To maintain a clean system, three essential best practices must be followed:

    System Protection Measures

    • Use anti-malware software to detect and remove malware
    • Enable a software firewall to block unauthorized access
    • Keep Windows updates current to ensure the system remains protected with latest security patches

    Physical Security and Access Controls

    • Best practices for physical security:
      • Keep sensitive data under lock and key
      • Use door locks, safe options (keyed locks, combination locks, biometric locks), server locks, cable locks, and port locks
      • Secure laptops and computers to tables
      • Use privacy screens to prevent screen reading from wide angles
    • Use computer case locks and key for desktops to prevent intrusion
    • Use cable lock systems for laptops to prevent theft
    • Install theft-prevention plates and engrave ID information into the case
    • Implement mantraps and security guards to control access

    User Education

    • Acceptable Use Policy (AUP): explains what users can and cannot do on the corporate network
    • Important security measures for users:
      • Never give out passwords or store them on computers
      • Avoid using the same password on multiple systems
      • Be aware of shoulder surfing and tailgating
      • Lock down workstations when stepping away

    Logical Security and Access Controls

    • Software-based security measures:
      • Antivirus/anti-malware: monitors devices for harmful activity
      • Email filtering: filters out suspicious messages
      • Data Loss Prevention (DLP) software: protects against corporate data leaks
      • Trusted software sources: only download software from trusted publishers
      • Access Control Lists (ACL): control access to resources
      • Port security and MAC address filtering: control device access to ports
      • Virtual Private Networks (VPN): encrypt data over remote connections

    User Authentication

    • Methods to increase authentication security:
      • Enforce password policies: set minimum length, complexity, and reset frequency
      • Enforce multifactor authentication: combine what users know, possess, do, or are
    • Hardware Security Tokens:
      • Smart cards and key fobs
    • Software Security Tokens:
      • Security token apps and digital certificates
    • Authentication Services:
      • RADIUS and TACACS+: provide AAA services for networks

    Dealing with Malicious Software

    • Malicious Software (malware): programs that mean harm and are transmitted to computers without user knowledge
    • Grayware: annoying and unwanted programs that might or might not intend harm

    Types of Malware

    • Viruses: programs that replicate by attaching themselves to other programs
    • Spyware: programs that spy on users and collect personal information
    • Worms: programs that copy themselves throughout networks or the internet without a host program
    • Trojans: programs that substitute themselves for legitimate programs
    • Rootkits: programs that load before the OS boot is complete and hide folders and software
    • Ransomware: programs that hold computer systems hostage until payment is made
    • Zero-day attacks: exploiting unknown software security gaps
    • Man-in-the-middle attacks: intercepting communication between two parties
    • Denial of Service (DoS) attacks: overwhelming computers or networks with requests or traffic

    Protecting Systems

    • Best practices to protect systems against malware:
      • Use anti-malware software
      • Use a software firewall
      • Keep Windows updates current
    • System Protection: turn it back on after cleaning a system and create a restore point

    Identifying and Researching Malware Symptoms

    • Warning signs of malware:
      • Pop-up ads and browser redirection
      • Rogue antivirus software
      • Slow performance or lockups
      • Internet connectivity issues
      • System and application log errors
      • File problems
      • Email problems
      • Problems updating anti-malware software
      • Invalid digital certificates

    Quarantining an Infected System

    • Disconnect the infected system from the network and internet
    • Quarantine the system to prevent it from using the regular network
    • Download anti-malware software in Safe Mode with Networking
    • Back up data to another media before cleaning up the infected system

    Disabling System Restore

    • Turn off System Protection to clean up malware in the System Volume Information folder
    • Be aware that all restore points will be lost
    • To turn off System Protection, go to Control Panel, open the System window, and click System protection

    Remediation Steps

    • Read reviews and check reliable websites before selecting anti-malware software
    • Update and run anti-malware software already installed
    • Run anti-malware software from a networked computer
    • Install and run anti-malware software on the infected computer
    • Install and run anti-malware software in Safe Mode
    • Run an anti-malware scan before Windows boot
    • Run more than one scan of anti-malware software

    Educating the End User

    • Educate users on tips to keep the system free from malware
    • Importance of user awareness: even with security measures in place, users can still compromise system security by downloading and executing Trojans that install more malware

    Importance of Documentation and Security Policies

    • IT departments rely on good documentation and security policies to set expectations and standards for security in the entire organization.

    Coverage of the Chapter

    • This chapter covers three main areas:
      • Different types of documentation
      • Various security policies
      • Expectations from an IT technician

    Types of Documentation

    • A knowledge base is a collection of articles that provide information about a network, product, or service, and can include text, images, or video.
    • Inventory management documentation involves tracking and recording inventory, including end-user devices, network devices, IP addresses, software licenses, and related licenses.
    • Hardware inventory tracking often uses asset tags and theft-prevention plates with barcodes that can be easily read by laser scanners.

    Network Topology

    • Network topology refers to the pattern in which devices on a network are connected to each other.
    • Network topology diagrams provide a visual map of this pattern, illustrating how devices are connected.

    Change Management

    • Change occurs when a project is implemented, and effective change management enables a smooth transition for those affected
    • Change management is closely integrated with project management, often involving the same teams
    • Key responsibilities of a change manager include:
      • Defining the impact of new software on people
      • Overseeing communication, scheduling, training, and support

    Change Management Process

    • The purpose of change is the first step in the change management process
    • An initial change request is submitted, which triggers the change management process
    • The Change Advisory Board (CAB) reviews and approves the change request

    Change Planning

    • Documented change plans include business needs, scope, risk analysis, and back-out plans
    • Change plans consider potential risks and have a contingency plan in place

    Stakeholder Feedback

    • A Request for Comments (RFC) is issued to gather feedback from stakeholders
    • Stakeholder input is sought to ensure that the change meets business needs

    Change Implementation

    • Once approved, the change is implemented
    • The implementation process is monitored to ensure it meets the planned objectives

    Change Evaluation

    • The success of the change is evaluated based on:
      • Whether the purpose of the change has been fulfilled
      • End-user acceptance
      • Timeliness (on time)
      • Budget adherence (on budget)

    Change Closure

    • A close report is compiled to document the outcome of the change

    Documented Business Processes

    • Documented business processes are sets of related activities that lead to a specific business goal.
    • Examples of business goals include:
      • Achieving an efficient and cost-effective service
      • Ensuring excellent customer satisfaction
      • Producing a superior product

    Change Management

    • A change request process is used to formally submit proposed changes.
    • A change request should clearly state what needs to be changed.
    • Complex changes are often reviewed by a change advisory board (CAB).

    Change Plan and Scope

    • A change plan outlines the scope of change, including key components and how they will be addressed.
    • The scope of change defines the skill sets, tasks, and activities required to carry out the change.
    • It identifies the individuals or departments participating in the change.
    • The change plan measures the success of change and determines when it is completed.

    Risk Analysis

    • Change involves risk, and risk analysis aims to identify potential problems before they arise.
    • Risk analysis helps prevent surprises and crisis situations during the change process.

    Documenting Changes

    • It is essential to document everything related to changes in the change management process
    • Change plans are documented and regularly updated throughout the entire process
    • Large organizations often utilize change management software to document changes
    • Alloy Software is an example of change management software used by large organizations

    Documenting Changes in Small Organizations

    • Smaller organizations may not use change management software
    • Instead, smaller organizations may manually document changes using tools such as MS Word or Excel

    Regulatory and Compliance Policies

    • Certain types of data are protected by special government regulations, known as regulated data.
    • Industries must comply with various regulations, policies, and laws, collectively referred to as regulatory and compliance policies.

    Types of Regulated Data

    • Personal Identity: protected by PII (Personally Identifiable Information) regulations.
    • Health Information: protected by PHI (Protected Health Information) regulations.
    • Credit Card Data: regulated by PCI (Payment Card Industry) standards.
    • EU Citizens' Data: protected by GDPR (General Data Protection Regulation), implemented in the European Union (EU) in 2018.

    Regulatory and Compliance Policies

    • Certain types of data are protected by special government regulations, known as regulated data.
    • Industries must comply with various regulations, policies, and laws, collectively referred to as regulatory and compliance policies.

    Types of Regulated Data

    • Personal Identity: protected by PII (Personally Identifiable Information) regulations.
    • Health Information: protected by PHI (Protected Health Information) regulations.
    • Credit Card Data: regulated by PCI (Payment Card Industry) standards.
    • EU Citizens' Data: protected by GDPR (General Data Protection Regulation), implemented in the European Union (EU) in 2018.

    Software Licensing

    • A commercial license grants the right to use software, but the buyer does not legally own it
    • Copyright, the right to copy the work, belongs to the creator or those to whom the creator transfers this right

    End User License Agreement (EULA)

    • EULA outlines the rights to use or copy software, agreed to during software installation

    Software Piracy

    • Making unauthorized copies of original software violates the Federal Copyright Act of 1976

    Incident Response for Prohibited Content and Activities

    • An incident occurs when an employee or individual negatively impacts safety, corporate resources, violates the code of conduct, or commits a crime.
    • First response duties after an incident include:
      • Identifying the incident and following proper channels
      • Preserving relevant data and devices
      • Documenting the incident thoroughly

    Data Destruction and Disposal

    • Destroying printed documents and sanitizing storage devices is crucial for data security

    Methods for Destroying Storage Media

    • Overwriting data on a drive makes data recovery impossible
    • Using a Secure Erase utility is effective for solid-state devices
    • Physically destroying storage media ensures complete data elimination
    • Degausser exposes magnetic hard drives and tape drives to a strong electromagnetic field, erasing data completely
    • Shredding is a physical destruction method for storage media
    • Secure data-destruction services provide professional data destruction solutions

    Physical Security Measures

    • Locked doors and server locks prevent unauthorized physical access to equipment
    • Cable locks secure devices to a fixed object, reducing the risk of theft
    • Port locks restrict access to specific ports on a device
    • Privacy filters limit the viewing angle of a screen to prevent shoulder surfing
    • Theft-prevention plates make it difficult to remove devices from a fixed location
    • Mantraps control access to a secure area by trapping individuals in a small room until their identity is verified
    • Security guards provide an additional layer of physical security

    Logical Security Measures

    • Anti-malware software detects and removes malicious code
    • VPN connections encrypt data transmitted over the internet
    • Email filtering blocks unwanted or malicious emails
    • Qualifying software distributors ensure software is legitimate and trustworthy
    • Access control lists (ACLs) restrict access to resources based on user identity
    • MAC address filtering controls access to a network based on device MAC addresses
    • Mobile device management (MDM) manages and secures mobile devices

    User Authentication and Authorization

    • Additional user authentication methods include password policies and multifactor authentication
    • Multifactor authentication uses hardware or software tokens to provide an additional layer of security
    • AAA (authenticating, authorizing, and accounting) services manage access to network resources
    • RADIUS (Remote Authentication Dial-In User Service) and TACACS+ are AAA protocols

    General Security Best Practices

    • Educating users about social engineering prevents phishing and other attacks
    • Protecting laptops when traveling includes using privacy filters, cable locks, and keeping devices close

    Malware

    • Malware types include viruses, spyware, keyloggers, worms, trojans, rootkits, ransomware, zero-day attacks, man-in-the-middle attacks, DoS attacks, DDoS attacks, zombies, botnets, and dictionary attacks.

    Malware Symptoms

    • Malware symptoms include:
      • Unwanted pop-up ads
      • Slow system performance
      • Error messages and logs
      • File errors
      • Email problems
      • Invalid digital certificates

    Cleaning Up an Infected System

    • Identify common malware symptoms
    • Quarantine the infected system to prevent further infection
    • Disable System Restore to prevent malware from hiding
    • Remediate the system by removing malware
    • Protect the system with scheduled scans and updates
    • Enable System Protection and create a restore point
    • Educate the end user on malware prevention and response

    Security Documentation

    • Types of security documentation include:
      • Ticketing software for documenting customer service
      • Knowledge base for recording solutions
      • Acceptable use policies for outlining user responsibilities
      • Password policies for secure authentication
      • Inventory management for tracking system components
      • Network topology diagrams for visualizing system architecture
      • Documentation for change management to track system modifications

    Data Protection

    • Regulatory and compliance policies safeguard regulated data, including:
      • PII (Personally Identifiable Information)
      • PHI (Protected Health Information)
      • PCI (Payment Card Industry) data
      • GDPR (General Data Protection Regulation) data
    • These data types are regulated by governmental agencies

    Software Licensing

    • Commercial software can be licensed in two ways:
      • Personal license
      • Enterprise license

    Data Destruction and Evidence Management

    • A chain-of-custody document provides a paper trail of evidence in criminal cases
    • Data destruction methods include:
      • Physical destruction using a paper shredder, drill, or hammer
      • Digital destruction using low-level format, zero-fill utility, or degausser
      • Incineration
    • Professional data destruction services may provide a certificate of destruction for legal purposes

    Studying That Suits You

    Use AI to generate personalized quizzes and flashcards to suit your learning preferences.

    Quiz Team

    Related Documents

    Capture.PNG
    Capture.PNG
    Capture.PNG
    Capture.PNG
    Capture.PNG
    Capture.PNG
    Capture.PNG
    Capture.PNG
    Capture.PNG
    Capture.PNG
    Capture.PNG
    Capture.PNG
    Capture.PNG
    Capture.PNG
    Capture.PNG
    Capture.PNG
    Capture.PNG
    Capture.PNG
    Capture.PNG
    Capture.PNG
    Capture.PNG
    Capture.PNG
    Capture.PNG
    Capture.PNG
    Capture.PNG
    Capture.PNG
    Capture.PNG
    Capture.PNG
    Capture.PNG
    Capture.PNG
    Capture.PNG
    Capture.PNG
    Capture.PNG
    Capture.PNG
    Capture.PNG
    Capture.PNG
    Capture.PNG
    Capture.PNG
    Capture.PNG
    Capture.PNG
    Capture.PNG
    Capture.PNG
    Capture.PNG
    Capture.PNG
    Capture.PNG

    Description

    Learn about the best practices for physical security, including locking options and secure devices to prevent theft and tampering.

    More Like This

    Use Quizgecko on...
    Browser
    Browser