Podcast
Questions and Answers
What is a privacy screen used for?
What is a privacy screen used for?
Which type of lock could use biometric data for security?
Which type of lock could use biometric data for security?
What is the primary function of port locks?
What is the primary function of port locks?
For securing a laptop to a table, which lock would be most appropriate?
For securing a laptop to a table, which lock would be most appropriate?
Signup and view all the answers
In a corporate environment, what purpose would a server lock serve?
In a corporate environment, what purpose would a server lock serve?
Signup and view all the answers
Which method should be used to prevent unauthorized access to the internal components of a desktop computer?
Which method should be used to prevent unauthorized access to the internal components of a desktop computer?
Signup and view all the answers
Which security measure is most suitable for preventing laptop theft?
Which security measure is most suitable for preventing laptop theft?
Signup and view all the answers
What is a primary function of using a computer case lock and key for a desktop?
What is a primary function of using a computer case lock and key for a desktop?
Signup and view all the answers
In terms of physical security, which device is specifically designed to secure a laptop to a fixed object?
In terms of physical security, which device is specifically designed to secure a laptop to a fixed object?
Signup and view all the answers
How can you prevent unauthorized access to the internal components of a desktop computer?
How can you prevent unauthorized access to the internal components of a desktop computer?
Signup and view all the answers
Which type of security device in the image is noted as tamper-evident?
Which type of security device in the image is noted as tamper-evident?
Signup and view all the answers
What is indicated by the serial number 200000 in the image?
What is indicated by the serial number 200000 in the image?
Signup and view all the answers
Which device in the image can only be used once?
Which device in the image can only be used once?
Signup and view all the answers
Which of the following devices in the image is NOT specifically labeled?
Which of the following devices in the image is NOT specifically labeled?
Signup and view all the answers
What is the primary material characteristic of the wire loop seal mentioned in the image?
What is the primary material characteristic of the wire loop seal mentioned in the image?
Signup and view all the answers
What is an important feature of a mantrap?
What is an important feature of a mantrap?
Signup and view all the answers
What might a security guard maintain to control entry?
What might a security guard maintain to control entry?
Signup and view all the answers
Which of the following is NOT a characteristic of a mantrap?
Which of the following is NOT a characteristic of a mantrap?
Signup and view all the answers
Why might engraving ID information into a theft-prevention plate be effective?
Why might engraving ID information into a theft-prevention plate be effective?
Signup and view all the answers
What might be required when using a mantrap?
What might be required when using a mantrap?
Signup and view all the answers
What is the main function of antivirus/anti-malware software?
What is the main function of antivirus/anti-malware software?
Signup and view all the answers
What is the purpose of email filtering?
What is the purpose of email filtering?
Signup and view all the answers
What is one function of Data Loss Prevention (DLP) software?
What is one function of Data Loss Prevention (DLP) software?
Signup and view all the answers
Why should you only download software from trusted sources?
Why should you only download software from trusted sources?
Signup and view all the answers
What do Access Control Lists (ACL) do?
What do Access Control Lists (ACL) do?
Signup and view all the answers
What is the purpose of port security on a switch?
What is the purpose of port security on a switch?
Signup and view all the answers
How does MAC address filtering enhance network security?
How does MAC address filtering enhance network security?
Signup and view all the answers
What type of security measure could you use to control data transmission over a remote connection?
What type of security measure could you use to control data transmission over a remote connection?
Signup and view all the answers
Which security measure involves specifying the number of MAC addresses acceptable on a switch port?
Which security measure involves specifying the number of MAC addresses acceptable on a switch port?
Signup and view all the answers
Which feature safeguards communication between a user's device and a private network?
Which feature safeguards communication between a user's device and a private network?
Signup and view all the answers
Which of the following tools does Mobile Device Management (MDM) software provide?
Which of the following tools does Mobile Device Management (MDM) software provide?
Signup and view all the answers
Which of the following is included as an MDM policy?
Which of the following is included as an MDM policy?
Signup and view all the answers
What capability does MDM software offer for data security on mobile devices?
What capability does MDM software offer for data security on mobile devices?
Signup and view all the answers
What is one of the data protection measures required by MDM policies?
What is one of the data protection measures required by MDM policies?
Signup and view all the answers
Which of these is NOT typically an MDM policy?
Which of these is NOT typically an MDM policy?
Signup and view all the answers
Which of the following is a part of enforcing a password policy?
Which of the following is a part of enforcing a password policy?
Signup and view all the answers
Which factor in multifactor authentication refers to something the user knows?
Which factor in multifactor authentication refers to something the user knows?
Signup and view all the answers
What does two-factor authentication (2FA) usually combine?
What does two-factor authentication (2FA) usually combine?
Signup and view all the answers
Which method increases authentication security by using biometric data?
Which method increases authentication security by using biometric data?
Signup and view all the answers
What is an example of something the user possesses in multifactor authentication?
What is an example of something the user possesses in multifactor authentication?
Signup and view all the answers
Which of the following is a characteristic of a smart card used as a hardware security token?
Which of the following is a characteristic of a smart card used as a hardware security token?
Signup and view all the answers
What is the primary function of a digital certificate in software security tokens?
What is the primary function of a digital certificate in software security tokens?
Signup and view all the answers
Who assigns digital certificates?
Who assigns digital certificates?
Signup and view all the answers
Which of the following is NOT a type of hardware security token?
Which of the following is NOT a type of hardware security token?
Signup and view all the answers
Which device typically stores a software token?
Which device typically stores a software token?
Signup and view all the answers
What does AAA stand for in the context of network security?
What does AAA stand for in the context of network security?
Signup and view all the answers
Which protocol is specifically designed for the centralized management of network authentication services?
Which protocol is specifically designed for the centralized management of network authentication services?
Signup and view all the answers
Which of the following is not a function typically associated with TACACS+?
Which of the following is not a function typically associated with TACACS+?
Signup and view all the answers
What is the primary purpose of the accounting function in AAA?
What is the primary purpose of the accounting function in AAA?
Signup and view all the answers
Which solution among the following is considered a popular choice for providing AAA services in large networks?
Which solution among the following is considered a popular choice for providing AAA services in large networks?
Signup and view all the answers
Which of the following encryption methods is used by RADIUS?
Which of the following encryption methods is used by RADIUS?
Signup and view all the answers
What is the primary use of TACACS+?
What is the primary use of TACACS+?
Signup and view all the answers
Which characteristic differentiates RADIUS and TACACS+ in terms of protocol?
Which characteristic differentiates RADIUS and TACACS+ in terms of protocol?
Signup and view all the answers
Which network types are supported by both RADIUS and TACACS+?
Which network types are supported by both RADIUS and TACACS+?
Signup and view all the answers
What protocol does RADIUS rely on for transmission across corporate networks?
What protocol does RADIUS rely on for transmission across corporate networks?
Signup and view all the answers
Which of the following describes the encryption used by TACACS+?
Which of the following describes the encryption used by TACACS+?
Signup and view all the answers
What does an Acceptable Use Policy (AUP) document explain?
What does an Acceptable Use Policy (AUP) document explain?
Signup and view all the answers
Which action should users take to prevent shoulder surfing?
Which action should users take to prevent shoulder surfing?
Signup and view all the answers
What should a user do every time they step away from their workstation?
What should a user do every time they step away from their workstation?
Signup and view all the answers
What does tailgating refer to in a security context?
What does tailgating refer to in a security context?
Signup and view all the answers
Which of the following is a key security measure for password management?
Which of the following is a key security measure for password management?
Signup and view all the answers
Which type of phishing appears to come from companies you already do business with?
Which type of phishing appears to come from companies you already do business with?
Signup and view all the answers
What does spoofing involve?
What does spoofing involve?
Signup and view all the answers
What does phishing typically aim to achieve?
What does phishing typically aim to achieve?
Signup and view all the answers
How might a hacker use dumpster diving?
How might a hacker use dumpster diving?
Signup and view all the answers
Which manipulation technique involves sending a general scam email asking for personal data?
Which manipulation technique involves sending a general scam email asking for personal data?
Signup and view all the answers
Which of the following websites can help debunk a virus hoax?
Which of the following websites can help debunk a virus hoax?
Signup and view all the answers
What should you do to protect your laptop when traveling?
What should you do to protect your laptop when traveling?
Signup and view all the answers
Which measure should you take to secure your laptop at work?
Which measure should you take to secure your laptop at work?
Signup and view all the answers
Which rule is crucial for safeguarding your laptop in an unlocked car?
Which rule is crucial for safeguarding your laptop in an unlocked car?
Signup and view all the answers
Which site is known for investigating urban legends including virus hoaxes?
Which site is known for investigating urban legends including virus hoaxes?
Signup and view all the answers
What is the primary characteristic of malicious software?
What is the primary characteristic of malicious software?
Signup and view all the answers
Which of the following best describes grayware?
Which of the following best describes grayware?
Signup and view all the answers
Which of the following is NOT true about malicious software?
Which of the following is NOT true about malicious software?
Signup and view all the answers
How does grayware typically differ from malware?
How does grayware typically differ from malware?
Signup and view all the answers
What is a common characteristic shared by both malicious software and grayware?
What is a common characteristic shared by both malicious software and grayware?
Signup and view all the answers
Which program can replicate itself by attaching to other programs?
Which program can replicate itself by attaching to other programs?
Signup and view all the answers
What is the primary function of spyware?
What is the primary function of spyware?
Signup and view all the answers
Which of the following is an example of spyware?
Which of the following is an example of spyware?
Signup and view all the answers
Which type of malware is characterized by its ability to overload networks?
Which type of malware is characterized by its ability to overload networks?
Signup and view all the answers
What makes a worm different from a virus?
What makes a worm different from a virus?
Signup and view all the answers
Which malware substitutes itself for a legitimate program?
Which malware substitutes itself for a legitimate program?
Signup and view all the answers
Which type of malware can hide in the boot manager?
Which type of malware can hide in the boot manager?
Signup and view all the answers
What does ransomware do to a computer system?
What does ransomware do to a computer system?
Signup and view all the answers
Which of the following can hijack internal Windows components to mask information?
Which of the following can hijack internal Windows components to mask information?
Signup and view all the answers
What distinctive feature do trojans have compared to other types of malware?
What distinctive feature do trojans have compared to other types of malware?
Signup and view all the answers
In which mode can a rootkit intercept data from Task Manager and Explorer?
In which mode can a rootkit intercept data from Task Manager and Explorer?
Signup and view all the answers
Which component is resistant to user-mode rootkit interception?
Which component is resistant to user-mode rootkit interception?
Signup and view all the answers
What can a kernel-mode rootkit intercept?
What can a kernel-mode rootkit intercept?
Signup and view all the answers
Which of the following is NOT a target of rootkit data interception?
Which of the following is NOT a target of rootkit data interception?
Signup and view all the answers
What does Figure 8-13 illustrate about rootkits?
What does Figure 8-13 illustrate about rootkits?
Signup and view all the answers
What is the primary characteristic of a zero-day attack?
What is the primary characteristic of a zero-day attack?
Signup and view all the answers
Which attack involves intercepting and potentially altering communications between two parties?
Which attack involves intercepting and potentially altering communications between two parties?
Signup and view all the answers
What does a DoS attack primarily aim to do?
What does a DoS attack primarily aim to do?
Signup and view all the answers
When does a hacker typically take advantage of a recently reported software security gap?
When does a hacker typically take advantage of a recently reported software security gap?
Signup and view all the answers
Which attack involves multiple computers to achieve its purpose?
Which attack involves multiple computers to achieve its purpose?
Signup and view all the answers
What is the primary purpose of a zombie computer in a cyber attack?
What is the primary purpose of a zombie computer in a cyber attack?
Signup and view all the answers
What distinguishes a botnet from a single zombie computer?
What distinguishes a botnet from a single zombie computer?
Signup and view all the answers
What technique relies on trying words from a dictionary to crack a password?
What technique relies on trying words from a dictionary to crack a password?
Signup and view all the answers
What do rainbow tables contain that aids in password cracking?
What do rainbow tables contain that aids in password cracking?
Signup and view all the answers
Which of the following best describes a rainbow table attack?
Which of the following best describes a rainbow table attack?
Signup and view all the answers
Which product is designed to scan devices for noncompliance?
Which product is designed to scan devices for noncompliance?
Signup and view all the answers
What is a common reason for scanning BYOD and corporate-owned devices?
What is a common reason for scanning BYOD and corporate-owned devices?
Signup and view all the answers
Which of the following violates security best practices?
Which of the following violates security best practices?
Signup and view all the answers
Who needs techniques in place to routinely scan devices for noncompliance?
Who needs techniques in place to routinely scan devices for noncompliance?
Signup and view all the answers
What does System Center Configuration Manager primarily address?
What does System Center Configuration Manager primarily address?
Signup and view all the answers
Which of the following is a common symptom of malware affecting system performance?
Which of the following is a common symptom of malware affecting system performance?
Signup and view all the answers
What might suggest the presence of rogue antivirus software on a computer?
What might suggest the presence of rogue antivirus software on a computer?
Signup and view all the answers
Which of these issues can indicate problems with digital certificates due to malware?
Which of these issues can indicate problems with digital certificates due to malware?
Signup and view all the answers
Which symptom is likely associated with problems updating anti-malware software?
Which symptom is likely associated with problems updating anti-malware software?
Signup and view all the answers
What does browser redirection typically signal about a computer's security status?
What does browser redirection typically signal about a computer's security status?
Signup and view all the answers
What does the Action Center indicate about the status of Windows Defender?
What does the Action Center indicate about the status of Windows Defender?
Signup and view all the answers
What is the first step to take if an infected computer is connected to a wired or wireless network?
What is the first step to take if an infected computer is connected to a wired or wireless network?
Signup and view all the answers
What must be done before cleaning up an infected system?
What must be done before cleaning up an infected system?
Signup and view all the answers
When downloading anti-malware software for an infected computer, what should you do with the other computers?
When downloading anti-malware software for an infected computer, what should you do with the other computers?
Signup and view all the answers
Which network state is necessary for a quarantined computer?
Which network state is necessary for a quarantined computer?
Signup and view all the answers
Why is it necessary to boot into Safe Mode with Networking after connecting to the ISP to download anti-malware software?
Why is it necessary to boot into Safe Mode with Networking after connecting to the ISP to download anti-malware software?
Signup and view all the answers
Why is it necessary to turn off System Protection when removing malware?
Why is it necessary to turn off System Protection when removing malware?
Signup and view all the answers
What is a significant consequence of turning off System Protection?
What is a significant consequence of turning off System Protection?
Signup and view all the answers
Where do some types of malware hide their program files which renders anti-malware software ineffective if System Protection is on?
Where do some types of malware hide their program files which renders anti-malware software ineffective if System Protection is on?
Signup and view all the answers
What steps should be followed to turn off System Protection?
What steps should be followed to turn off System Protection?
Signup and view all the answers
What could happen if you don’t turn off System Protection while running anti-malware software?
What could happen if you don’t turn off System Protection while running anti-malware software?
Signup and view all the answers
What should you check before selecting anti-malware software?
What should you check before selecting anti-malware software?
Signup and view all the answers
Which condition may prevent a computer from booting if infected?
Which condition may prevent a computer from booting if infected?
Signup and view all the answers
What environment should you launch into if an infected computer will not boot?
What environment should you launch into if an infected computer will not boot?
Signup and view all the answers
Which process should be used in Windows Recovery Environment to repair a system that will not boot?
Which process should be used in Windows Recovery Environment to repair a system that will not boot?
Signup and view all the answers
Which of the following might be a reason an infected computer will not boot?
Which of the following might be a reason an infected computer will not boot?
Signup and view all the answers
What should you do after updating anti-malware software?
What should you do after updating anti-malware software?
Signup and view all the answers
Which method can be used to run anti-malware software if the computer system is severely infected and unstable?
Which method can be used to run anti-malware software if the computer system is severely infected and unstable?
Signup and view all the answers
What is one method to perform an anti-malware scan before the operating system boots?
What is one method to perform an anti-malware scan before the operating system boots?
Signup and view all the answers
Why would you run more than one anti-malware scan with different software?
Why would you run more than one anti-malware scan with different software?
Signup and view all the answers
Which method allows you to run anti-malware software from a clean environment and avoid further infection?
Which method allows you to run anti-malware software from a clean environment and avoid further infection?
Signup and view all the answers
Which task should be performed to address issues that appear when a system starts?
Which task should be performed to address issues that appear when a system starts?
Signup and view all the answers
Why is it necessary to research malware types and program files after an infection?
Why is it necessary to research malware types and program files after an infection?
Signup and view all the answers
Which of the following actions would help in removing remnants of malware from the Windows registry?
Which of the following actions would help in removing remnants of malware from the Windows registry?
Signup and view all the answers
What might you do to ensure browsers are free from malicious extensions and software?
What might you do to ensure browsers are free from malicious extensions and software?
Signup and view all the answers
Which step involves actively removing unwanted and malicious software components left on a system?
Which step involves actively removing unwanted and malicious software components left on a system?
Signup and view all the answers
What is essential for keeping a system clean from malware?
What is essential for keeping a system clean from malware?
Signup and view all the answers
Which practice ensures your system is safeguarded from unauthorized access?
Which practice ensures your system is safeguarded from unauthorized access?
Signup and view all the answers
Why is it important to use a software firewall?
Why is it important to use a software firewall?
Signup and view all the answers
What should you do to maintain a clean system after removing malware?
What should you do to maintain a clean system after removing malware?
Signup and view all the answers
Which action is a best practice to protect a system against malware?
Which action is a best practice to protect a system against malware?
Signup and view all the answers
When should you turn System Protection back on?
When should you turn System Protection back on?
Signup and view all the answers
What is the purpose of creating a restore point?
What is the purpose of creating a restore point?
Signup and view all the answers
Which of the following is essential before creating a restore point?
Which of the following is essential before creating a restore point?
Signup and view all the answers
What could happen if System Protection is not turned on after cleaning the system?
What could happen if System Protection is not turned on after cleaning the system?
Signup and view all the answers
How often should a restore point ideally be created?
How often should a restore point ideally be created?
Signup and view all the answers
What should you educate the user about to keep the system free from malware?
What should you educate the user about to keep the system free from malware?
Signup and view all the answers
Despite all security measures, what risk still remains that users should be aware of?
Despite all security measures, what risk still remains that users should be aware of?
Signup and view all the answers
Why is user education essential in malware prevention?
Why is user education essential in malware prevention?
Signup and view all the answers
What is a Trojan and why is it dangerous?
What is a Trojan and why is it dangerous?
Signup and view all the answers
What is one crucial aspect of maintaining a secure system environment?
What is one crucial aspect of maintaining a secure system environment?
Signup and view all the answers
Why do IT departments rely on good documentation and security policies?
Why do IT departments rely on good documentation and security policies?
Signup and view all the answers
Which of the following is not mentioned as part of the chapter covering best practices for documentation and security policies?
Which of the following is not mentioned as part of the chapter covering best practices for documentation and security policies?
Signup and view all the answers
What is one of the key areas covered in the chapter about best practices for documentation and security policies?
What is one of the key areas covered in the chapter about best practices for documentation and security policies?
Signup and view all the answers
For what purpose do IT departments use good security policies?
For what purpose do IT departments use good security policies?
Signup and view all the answers
Which of the following is a fundamental aspect of good documentation for IT departments?
Which of the following is a fundamental aspect of good documentation for IT departments?
Signup and view all the answers
What might a knowledge base include?
What might a knowledge base include?
Signup and view all the answers
What is the primary purpose of inventory management in network documentation?
What is the primary purpose of inventory management in network documentation?
Signup and view all the answers
Which feature might be used in inventory management to help with asset tracking?
Which feature might be used in inventory management to help with asset tracking?
Signup and view all the answers
Which type of documentation would include a map of a network topology?
Which type of documentation would include a map of a network topology?
Signup and view all the answers
What might be included in a knowledge base for a product?
What might be included in a knowledge base for a product?
Signup and view all the answers
What is a key responsibility of a change manager?
What is a key responsibility of a change manager?
Signup and view all the answers
How is change management integrated with project management?
How is change management integrated with project management?
Signup and view all the answers
What ensures that people affected by a project can transition smoothly to the end result?
What ensures that people affected by a project can transition smoothly to the end result?
Signup and view all the answers
Which of the following is NOT a task likely to be managed by a change manager?
Which of the following is NOT a task likely to be managed by a change manager?
Signup and view all the answers
Which statement about change management is accurate?
Which statement about change management is accurate?
Signup and view all the answers
What is the initial step in the general flow of change management?
What is the initial step in the general flow of change management?
Signup and view all the answers
Which component is NOT included in the documented change plans?
Which component is NOT included in the documented change plans?
Signup and view all the answers
At what stage is the Request for Comments (RFC) sought?
At what stage is the Request for Comments (RFC) sought?
Signup and view all the answers
What does the CAB stand for in change management?
What does the CAB stand for in change management?
Signup and view all the answers
What criteria is used to determine if a change was successful?
What criteria is used to determine if a change was successful?
Signup and view all the answers
What is one of the primary goals of documented business processes?
What is one of the primary goals of documented business processes?
Signup and view all the answers
Which of the following best describes the purpose of a change request process?
Which of the following best describes the purpose of a change request process?
Signup and view all the answers
When are complex changes often submitted to a change advisory board (CAB)?
When are complex changes often submitted to a change advisory board (CAB)?
Signup and view all the answers
Which of the following is NOT a typical desired business goal of documented business processes?
Which of the following is NOT a typical desired business goal of documented business processes?
Signup and view all the answers
What does a change request process typically specify?
What does a change request process typically specify?
Signup and view all the answers
Which of the following is NOT typically included in the scope of a change plan?
Which of the following is NOT typically included in the scope of a change plan?
Signup and view all the answers
In change management, what is the primary purpose of risk analysis?
In change management, what is the primary purpose of risk analysis?
Signup and view all the answers
Which of the following aspects is included in the change plan to measure its success?
Which of the following aspects is included in the change plan to measure its success?
Signup and view all the answers
Which characteristic best defines the scope of change in a change plan?
Which characteristic best defines the scope of change in a change plan?
Signup and view all the answers
What does the process of risk analysis primarily seek to achieve in change management?
What does the process of risk analysis primarily seek to achieve in change management?
Signup and view all the answers
Which of the following statements accurately describes change documentation in smaller organizations?
Which of the following statements accurately describes change documentation in smaller organizations?
Signup and view all the answers
What is a common practice in documenting change plans?
What is a common practice in documenting change plans?
Signup and view all the answers
Why might large organizations prefer software like Alloy Software for change management?
Why might large organizations prefer software like Alloy Software for change management?
Signup and view all the answers
Which of the following is NOT a characteristic of change documentation mentioned?
Which of the following is NOT a characteristic of change documentation mentioned?
Signup and view all the answers
What is a distinguishing factor between how large and small organizations document changes?
What is a distinguishing factor between how large and small organizations document changes?
Signup and view all the answers
Which type of regulated data specifically deals with health information?
Which type of regulated data specifically deals with health information?
Signup and view all the answers
What does GDPR stand for and which region does it apply to?
What does GDPR stand for and which region does it apply to?
Signup and view all the answers
Which of the following best describes regulatory and compliance policies?
Which of the following best describes regulatory and compliance policies?
Signup and view all the answers
What type of information is protected under PCI standards?
What type of information is protected under PCI standards?
Signup and view all the answers
What is considered PII in the context of data regulation?
What is considered PII in the context of data regulation?
Signup and view all the answers
Which type of regulated data focuses on protecting personal identity?
Which type of regulated data focuses on protecting personal identity?
Signup and view all the answers
What is the main purpose of GDPR?
What is the main purpose of GDPR?
Signup and view all the answers
Which of the following is considered regulated data under Payment Card Industry standards?
Which of the following is considered regulated data under Payment Card Industry standards?
Signup and view all the answers
Which type of information is protected under PHI?
Which type of information is protected under PHI?
Signup and view all the answers
Regulatory and compliance policies are applicable to which of the following?
Regulatory and compliance policies are applicable to which of the following?
Signup and view all the answers
Who holds the right to copy a piece of work, as mentioned in the content?
Who holds the right to copy a piece of work, as mentioned in the content?
Signup and view all the answers
What document states your rights to use or copy software when you install it?
What document states your rights to use or copy software when you install it?
Signup and view all the answers
What is the consequence of making unauthorized copies of original software?
What is the consequence of making unauthorized copies of original software?
Signup and view all the answers
What does a commercial license grant the user?
What does a commercial license grant the user?
Signup and view all the answers
Who can transfer the right to copy a work to others?
Who can transfer the right to copy a work to others?
Signup and view all the answers
What is considered an incident in a corporate environment?
What is considered an incident in a corporate environment?
Signup and view all the answers
Which activity is part of the first response duties for prohibited content and activities?
Which activity is part of the first response duties for prohibited content and activities?
Signup and view all the answers
What is NOT included in the first response duties following an incident?
What is NOT included in the first response duties following an incident?
Signup and view all the answers
Which of the following steps helps in preserving evidence during an incident response?
Which of the following steps helps in preserving evidence during an incident response?
Signup and view all the answers
What does incident documentation involve?
What does incident documentation involve?
Signup and view all the answers
What is the primary purpose of using a degausser?
What is the primary purpose of using a degausser?
Signup and view all the answers
Which method is specifically recommended for sanitizing solid-state devices?
Which method is specifically recommended for sanitizing solid-state devices?
Signup and view all the answers
Which of the following methods is used to destroy printed documents?
Which of the following methods is used to destroy printed documents?
Signup and view all the answers
What does physically destroying the storage media achieve?
What does physically destroying the storage media achieve?
Signup and view all the answers
Which method should NOT be used for sanitizing magnetic storage devices?
Which method should NOT be used for sanitizing magnetic storage devices?
Signup and view all the answers
Which security method is used to prevent unauthorized physical access to a server?
Which security method is used to prevent unauthorized physical access to a server?
Signup and view all the answers
Which of the following is a logical security control to restrict network access?
Which of the following is a logical security control to restrict network access?
Signup and view all the answers
What additional user authentication method can be used in large networks other than a Windows password?
What additional user authentication method can be used in large networks other than a Windows password?
Signup and view all the answers
Which AAA service is used for centralized management of network authentication?
Which AAA service is used for centralized management of network authentication?
Signup and view all the answers
Which security measure helps in protecting a laptop when traveling?
Which security measure helps in protecting a laptop when traveling?
Signup and view all the answers
Which of the following is a symptom of malware?
Which of the following is a symptom of malware?
Signup and view all the answers
What should be done first when cleaning up an infected system?
What should be done first when cleaning up an infected system?
Signup and view all the answers
Which type of malware involves using a large number of compromised devices to overwhelm a target?
Which type of malware involves using a large number of compromised devices to overwhelm a target?
Signup and view all the answers
What is an example of security documentation?
What is an example of security documentation?
Signup and view all the answers
What should be done after remediating the system in the malware clean-up process?
What should be done after remediating the system in the malware clean-up process?
Signup and view all the answers
Which of the following is NOT considered a type of malware?
Which of the following is NOT considered a type of malware?
Signup and view all the answers
What is the purpose of a chain-of-custody document?
What is the purpose of a chain-of-custody document?
Signup and view all the answers
Which tool is NOT mentioned for data destruction?
Which tool is NOT mentioned for data destruction?
Signup and view all the answers
What type of data may be protected by regulatory and compliance policies?
What type of data may be protected by regulatory and compliance policies?
Signup and view all the answers
What type of certificate might a professional data destruction service provide?
What type of certificate might a professional data destruction service provide?
Signup and view all the answers
Which of the following is NOT a method for destroying data?
Which of the following is NOT a method for destroying data?
Signup and view all the answers
Study Notes
Best Practices for Physical Security
- Privileged data should be stored in a locked environment to maintain confidentiality.
- Door and safe locking options include:
- Keyed locks
- Combination locks
- Biometric locks
- Server locks or cable locks can be used to secure devices holding sensitive corporate data to prevent theft or tampering.
- Cable locks, also known as Kensington locks, can be used to physically secure laptops or computers to tables or immovable objects.
Securing Devices and Ports
- Server locks are commonly used on computers that store corporate data to restrict unauthorized access.
- Port locks can be used to restrict physical access to exposed ports on devices, preventing unauthorized connections.
Protecting Displayed Data
- Privacy screens can be fitted over displays to prevent sensitive information from being read from a wide angle, maintaining confidentiality.
Physical Security Best Practices
- Private data should be stored in locked areas or containers, such as safes or locked rooms
- Door locks and safes can be secured using keyed locks, combination locks, or biometric locks
Securing Devices
- Server locks are used to secure computers that hold corporate data
- Cable locks or Kensington locks can be used to secure laptops or computers to tables, preventing theft or tampering
- Computer cases can be locked with a computer case lock and key to prevent intrusion
Port Security
- Port locks can be used to restrict physical access to exposed ports
Display Security
- Privacy screens can be used to prevent screens from being read from a wide angle
Physical Security Devices
- Reusable port locks are available for securing computer ports
- Wire loop seals are tamper-evident and can only be used once
- Types of security devices for computer ports include:
- RJ-45 locks
- PAD locks
- USB locks
- Wire loop seals
- A wire loop seal may have a unique serial number, such as 200000, for identification purposes
Physical Security Best Practices
- Install a theft-prevention plate to deter theft and identify stolen equipment
- Embed the plate into the case or engrave ID information into it for maximum security
Access Control Measures
- Implement a mantrap with a security guard for enhanced access control
- A mantrap consists of two doors on either end of a small entryway
- The first door must close before the second door can open to prevent unauthorized access
- Separate forms of ID might be required for each door to add an extra layer of security
- A security guard may maintain an entry control roster, which is a list of authorized personnel
Logical Security Measures
- Antivirus/anti-malware software monitors devices for harmful activity to data or resources.
- Email filtering blocks suspicious messages based on databases of known scams, spammers, and malware.
- Data loss prevention (DLP) software protects against corporate data leakage.
Access Control
- Access control lists (ACL) regulate access to resources for users, devices, or programs.
- Trusted software sources ensure software downloads come from reputable publishers and providers.
Software-Based Security Measures
- Port Security: controls which devices can use any port or a specific port on the switch
- MAC Address Filtering: specifies the number of MAC addresses a port can accept or provides a whitelist of MAC addresses the switch will accept
Virtual Private Network (VPN)
- Data Protection: encrypts data over a remote connection to a private network
Software-Based Security Measures
- Mobile device management (MDM) software provides tools for:
- Tracking mobile devices
- Managing data on mobile devices
- MDM policies include:
- Enforcement of security policies
- Requirements for data encryption
- Capabilities for remote wipe
User Authentication
- Increasing authentication security can be done using methods beyond a Windows password.
- Enforcing a password policy involves setting rules that define:
- Minimum password length
- Complexity requirements
- Frequency of password resets
Multifactor Authentication
- Enforcing multifactor authentication enhances security by requiring two or more factors.
- In two-factor authentication (2FA), the two factors typically involve:
- Something the user knows (e.g., Windows password)
- Something the user possesses (e.g., a smart card or token)
- Something the user does (e.g., typing a certain way)
- Something the user is (e.g., biometric data, such as a fingerprint)
Hardware Security Tokens
- Two types of hardware security tokens exist: smart cards and key fobs.
- Smart cards have an embedded microprocessor installed on the card, typically under a small gold plate.
- Key fobs are another type of hardware security token.
Software Security Tokens
- Software security tokens can be stored as an app or digital certificate on a computing device.
- Software token apps are installed on smartphones or other computing devices.
- A digital certificate is like a digital signature that verifies a person or entity's identity.
- Digital certificates are assigned by a Certificate Authority (CA) that has confirmed the individual's or entity's identity.
User Authentication
- AAA (Authentication, Authorization, and Accounting) are three fundamental security measures used to secure network access.
AAA Services
- RADIUS (Remote Access Dial-In User Service) is a popular solution for providing AAA services in large networks.
- TACACS+ (Terminal Access Controller Access Control System Plus) is another widely used solution for providing AAA services in large networks.
User Authentication Characteristics
- RADIUS is primarily used for end-user network access, whereas TACACS+ is intended for Cisco network device administrative access.
- RADIUS encrypts only user passwords, whereas TACACS+ encrypts every message.
- RADIUS uses UDP, a protocol that does not guarantee transmission over the corporate network, whereas TACACS+ uses TCP, which guarantees transmissions.
- Both RADIUS and TACACS+ support various network connections, including wireless, wired, and VPN.
User Education
- Acceptable Use Policy (AUP) is a document outlining permitted and prohibited actions on a corporate network.
Security Measures for Users
- Password Security:
- Never share passwords with anyone
- Avoid storing passwords on computers
- Use unique passwords for each system
- Physical Security:
- Prevent shoulder surfing by being aware of onlookers trying to peek at your monitor screen
- Lock down your workstation every time you leave it unattended
- Access Control:
- Be cautious of tailgating, where an unauthorized person follows an employee through a secured entrance
- Avoid letting others continue to use your Windows session after you've finished
Hacker Techniques
- Hackers may engage in dumpster diving, which involves searching for sensitive information in someone's trash.
- Phishing is a type of identity theft where an email scammer tricks victims into responding with personal data.
- Spear phishing is a targeted hoax email that appears to come from a company the victim already does business with.
- Spoofing involves creating a fake email and website that mimic the real thing, making it difficult to distinguish from legitimate sources.
- Malicious emails may contain links that lead to malicious scripts, which can compromise security.
Debunking Email Hoaxes and Virus Hoaxes
- Use reputable websites to verify the authenticity of emails and viruses, such as snopes.com, securelist.com, and virusbtn.com, to avoid falling prey to hoaxes.
Laptop Security When Traveling
- Always be aware of your laptop's location to prevent theft or loss.
- Avoid leaving your laptop in an unlocked car, as it can be an easy target for thieves.
- When at work, ensure your laptop is secure by locking it in a safe place or using a laptop cable lock to secure it to your desk.
Malicious Software
- Malicious software, also known as malware, refers to any unwanted program that has the intention to cause harm.
- Malware is transmitted to a computer without the user's knowledge or consent.
Grayware
- Grayware is a type of unwanted program that is annoying and unwanted.
- Grayware may or may not intend to cause harm, but it is still unwanted on a computer.
Malware Types
- Viruses: malicious programs that replicate by attaching themselves to other programs, including applications, macros, Windows system files, or boot loader programs.
Spyware Characteristics
- Spyware monitors user activity and collects personal information without consent.
- Keyloggers are a type of spyware that tracks every keystroke, allowing hackers to steal sensitive data like identities and credit card numbers.
Worms
- Worms are self-replicating malware that spread throughout networks or the internet without requiring a host program.
- Worms can cause network overloads by creating excessive traffic.
Types of Malware
- Trojans are standalone malware that don't require a host program to function.
- Trojans disguise themselves as legitimate programs, often spread through web downloads or phishing email attachments.
Rootkits
- Rootkits load before the Operating System (OS) boots up, making them difficult to detect.
- Rootkits can conceal themselves in boot managers, boot loader programs, or kernel mode device drivers.
- They can hide folders containing software they've installed, as well as hijack internal Windows components to manipulate information displayed to users.
Ransomware
- Ransomware is a type of malware that holds a computer system hostage until a ransom is paid.
Rootkit Locations
- User-mode processes, such as Task Manager and Explorer, are vulnerable to user-mode rootkit interception.
- Kernel-mode processes are susceptible to kernel-mode rootkit interception.
- Rootkits can also target files stored on the hard drive.
Rootkit Modes
- Rootkits can operate in user mode or kernel mode.
- The mode of operation determines the level of access and control the rootkit has over the system.
Types of Cyber Attacks
- A zero-day attack occurs when a hacker exploits a previously unknown security vulnerability in software, before the developer becomes aware of it and can release a patch.
- In a zero-day attack, the hacker takes advantage of a newly discovered gap in software security before users can apply patches, leaving them vulnerable to attack.
Man-in-the-Middle Attacks
- A man-in-the-middle attack involves an attacker intercepting communication between two parties, allowing them to read and/or alter the content of messages.
Denial of Service (DoS) Attacks
- A denial of service (DoS) attack involves overwhelming a computer or network with requests or traffic, preventing it from accepting new connections.
- A distributed denial-of-service (DDoS) attack is a type of DoS attack that involves multiple computers working together to overwhelm a system.
Types of Cyber Threats
- A zombie is a compromised computer that is remotely controlled by a hacker to perform malicious tasks, often running repetitive software in the background without the owner's knowledge.
- A botnet is a network of zombie computers that can be controlled remotely by an attacker to launch large-scale cyber attacks.
Password Cracking Techniques
- Dictionary Attack: a method used to crack passwords by systematically trying words found in a dictionary, often used to crack weak or commonly used passwords.
- Rainbow Tables: a precomputed table of plaintext passwords and their corresponding password hashes, used to reverse-engineer passwords from their hashed values, making it easier to crack passwords.
Threats to Security
- Noncompliant systems and security best practice violations pose a significant threat
- These threats can be found in both Bring Your Own Device (BYOD) and corporate-owned devices
Identifying Noncompliant Systems
- System administrators need techniques to regularly scan devices for noncompliance
- The goal is to identify systems that violate security best practices
Tools for Identifying Noncompliant Systems
- System Center Configuration Manager is a product designed to scan devices for noncompliance
- This product is offered by Microsoft
Malware Symptoms
- Malware presence is suspected if a system displays pop-up ads and browser redirection
- Rogue antivirus software may be installed, posing as legitimate security software
- System performance issues, such as slow performance or lockups, can indicate malware activity
- Connectivity problems, including internet connection failures, application crashes, and failed OS updates, may be caused by malware
- System and application log errors can be a sign of malware infection
- File management issues, including problems accessing or modifying files, can be a symptom of malware
- Email problems, such as undelivered or disappeared emails, may be caused by malware
- Failure to update anti-malware software can be a sign of malware blocking security updates
- Invalid digital certificates can be a sign of malware tampering with system security
Identifying Malware Symptoms through Action Center
- Action Center monitors Security, Network firewall, Windows Updates, and Virus protection to help identify malware symptoms.
Action Center Warnings
- Security warning: Windows detects the absence of antispyware software, prompting the user to install one online to protect the PC.
- Note: Avoid running multiple antivirus apps simultaneously to prevent conflicts; disable Windows Defender if using another antivirus software.
- Optional: Turn off notifications about spyware and unwanted software.
Current System Status
- Network firewall: Windows Firewall is actively protecting the PC.
- Windows Updates: Automatic installation of updates is enabled.
- Virus protection: POKeeper Antivirus is currently running, but may be a rogue software.
Quarantining an Infected System
- Immediately disconnect an infected computer from the network by removing the wired cable or turning off the wireless adapter
- A quarantined computer is isolated from the regular network to prevent the spread of malware
Downloading Anti-Malware Software
- When downloading anti-malware software, disconnect all other computers from the network
- Connect the infected computer directly to the Internet Service Provider (ISP)
- Boot the infected computer into Safe Mode with Networking to download the software
Backing Up Data
- Before cleaning the infected system, back up important data to an external media to prevent data loss
Disabling System Restore to Remove Malware
- Malware can hide in restore points in the System Volume Information folder, which is protected by System Protection.
- System Protection prevents anti-malware software from cleaning the protected folder.
- Turning off System Protection allows anti-malware software to clean the System Volume Information folder and remove malware.
- However, turning off System Protection results in the loss of all existing restore points.
- To disable System Protection, go to Control Panel, open the System window, and click on System protection.
Remediating the Infected System
- Research anti-malware software by reading reviews and checking reliable websites that rate them
When an Infected Computer Won't Boot
- Possible causes of the infection include the boot manager, boot loader, or kernel mode drivers being infected or damaged
- Solution: Launch the computer into Windows Recovery Environment (Windows RE) to repair the system
- In Windows RE, use the Startup Repair process to fix the system
Remediating the Infected System
- Update and run anti-malware software already installed on the infected system to perform a full scan
- Alternatively, run anti-malware software from a networked computer to scan the infected system
- Install and run anti-malware software directly on the infected computer to detect and remove malware
- Install and run anti-malware software in safe mode to prevent malware from interfering with the scan
- Run an anti-malware scan before Windows boot to detect and remove malware before the operating system loads
- Run multiple scans of anti-malware software to increase the chances of detecting and removing all malware
Remediating the Infected System
- Respond to startup errors after malware removal to ensure system stability
- Research malware types and associated program files to identify malicious components
- Delete infected files to prevent further damage
- Clean the registry to remove malware-defined entries and values
- Clean up browsers by removing malicious extensions and add-ons
- Uninstall unwanted programs that may be malicious or vulnerable to infection
Protecting the System
- To maintain a clean system, three essential best practices must be followed:
System Protection Measures
- Use anti-malware software to detect and remove malware
- Enable a software firewall to block unauthorized access
- Keep Windows updates current to ensure the system remains protected with latest security patches
Physical Security and Access Controls
- Best practices for physical security:
- Keep sensitive data under lock and key
- Use door locks, safe options (keyed locks, combination locks, biometric locks), server locks, cable locks, and port locks
- Secure laptops and computers to tables
- Use privacy screens to prevent screen reading from wide angles
- Use computer case locks and key for desktops to prevent intrusion
- Use cable lock systems for laptops to prevent theft
- Install theft-prevention plates and engrave ID information into the case
- Implement mantraps and security guards to control access
User Education
- Acceptable Use Policy (AUP): explains what users can and cannot do on the corporate network
- Important security measures for users:
- Never give out passwords or store them on computers
- Avoid using the same password on multiple systems
- Be aware of shoulder surfing and tailgating
- Lock down workstations when stepping away
Logical Security and Access Controls
- Software-based security measures:
- Antivirus/anti-malware: monitors devices for harmful activity
- Email filtering: filters out suspicious messages
- Data Loss Prevention (DLP) software: protects against corporate data leaks
- Trusted software sources: only download software from trusted publishers
- Access Control Lists (ACL): control access to resources
- Port security and MAC address filtering: control device access to ports
- Virtual Private Networks (VPN): encrypt data over remote connections
User Authentication
- Methods to increase authentication security:
- Enforce password policies: set minimum length, complexity, and reset frequency
- Enforce multifactor authentication: combine what users know, possess, do, or are
- Hardware Security Tokens:
- Smart cards and key fobs
- Software Security Tokens:
- Security token apps and digital certificates
- Authentication Services:
- RADIUS and TACACS+: provide AAA services for networks
Dealing with Malicious Software
- Malicious Software (malware): programs that mean harm and are transmitted to computers without user knowledge
- Grayware: annoying and unwanted programs that might or might not intend harm
Types of Malware
- Viruses: programs that replicate by attaching themselves to other programs
- Spyware: programs that spy on users and collect personal information
- Worms: programs that copy themselves throughout networks or the internet without a host program
- Trojans: programs that substitute themselves for legitimate programs
- Rootkits: programs that load before the OS boot is complete and hide folders and software
- Ransomware: programs that hold computer systems hostage until payment is made
- Zero-day attacks: exploiting unknown software security gaps
- Man-in-the-middle attacks: intercepting communication between two parties
- Denial of Service (DoS) attacks: overwhelming computers or networks with requests or traffic
Protecting Systems
- Best practices to protect systems against malware:
- Use anti-malware software
- Use a software firewall
- Keep Windows updates current
- System Protection: turn it back on after cleaning a system and create a restore point
Identifying and Researching Malware Symptoms
- Warning signs of malware:
- Pop-up ads and browser redirection
- Rogue antivirus software
- Slow performance or lockups
- Internet connectivity issues
- System and application log errors
- File problems
- Email problems
- Problems updating anti-malware software
- Invalid digital certificates
Quarantining an Infected System
- Disconnect the infected system from the network and internet
- Quarantine the system to prevent it from using the regular network
- Download anti-malware software in Safe Mode with Networking
- Back up data to another media before cleaning up the infected system
Disabling System Restore
- Turn off System Protection to clean up malware in the System Volume Information folder
- Be aware that all restore points will be lost
- To turn off System Protection, go to Control Panel, open the System window, and click System protection
Remediation Steps
- Read reviews and check reliable websites before selecting anti-malware software
- Update and run anti-malware software already installed
- Run anti-malware software from a networked computer
- Install and run anti-malware software on the infected computer
- Install and run anti-malware software in Safe Mode
- Run an anti-malware scan before Windows boot
- Run more than one scan of anti-malware software
Educating the End User
- Educate users on tips to keep the system free from malware
- Importance of user awareness: even with security measures in place, users can still compromise system security by downloading and executing Trojans that install more malware
Importance of Documentation and Security Policies
- IT departments rely on good documentation and security policies to set expectations and standards for security in the entire organization.
Coverage of the Chapter
- This chapter covers three main areas:
- Different types of documentation
- Various security policies
- Expectations from an IT technician
Types of Documentation
- A knowledge base is a collection of articles that provide information about a network, product, or service, and can include text, images, or video.
- Inventory management documentation involves tracking and recording inventory, including end-user devices, network devices, IP addresses, software licenses, and related licenses.
- Hardware inventory tracking often uses asset tags and theft-prevention plates with barcodes that can be easily read by laser scanners.
Network Topology
- Network topology refers to the pattern in which devices on a network are connected to each other.
- Network topology diagrams provide a visual map of this pattern, illustrating how devices are connected.
Change Management
- Change occurs when a project is implemented, and effective change management enables a smooth transition for those affected
- Change management is closely integrated with project management, often involving the same teams
- Key responsibilities of a change manager include:
- Defining the impact of new software on people
- Overseeing communication, scheduling, training, and support
Change Management Process
- The purpose of change is the first step in the change management process
- An initial change request is submitted, which triggers the change management process
- The Change Advisory Board (CAB) reviews and approves the change request
Change Planning
- Documented change plans include business needs, scope, risk analysis, and back-out plans
- Change plans consider potential risks and have a contingency plan in place
Stakeholder Feedback
- A Request for Comments (RFC) is issued to gather feedback from stakeholders
- Stakeholder input is sought to ensure that the change meets business needs
Change Implementation
- Once approved, the change is implemented
- The implementation process is monitored to ensure it meets the planned objectives
Change Evaluation
- The success of the change is evaluated based on:
- Whether the purpose of the change has been fulfilled
- End-user acceptance
- Timeliness (on time)
- Budget adherence (on budget)
Change Closure
- A close report is compiled to document the outcome of the change
Documented Business Processes
- Documented business processes are sets of related activities that lead to a specific business goal.
- Examples of business goals include:
- Achieving an efficient and cost-effective service
- Ensuring excellent customer satisfaction
- Producing a superior product
Change Management
- A change request process is used to formally submit proposed changes.
- A change request should clearly state what needs to be changed.
- Complex changes are often reviewed by a change advisory board (CAB).
Change Plan and Scope
- A change plan outlines the scope of change, including key components and how they will be addressed.
- The scope of change defines the skill sets, tasks, and activities required to carry out the change.
- It identifies the individuals or departments participating in the change.
- The change plan measures the success of change and determines when it is completed.
Risk Analysis
- Change involves risk, and risk analysis aims to identify potential problems before they arise.
- Risk analysis helps prevent surprises and crisis situations during the change process.
Documenting Changes
- It is essential to document everything related to changes in the change management process
- Change plans are documented and regularly updated throughout the entire process
- Large organizations often utilize change management software to document changes
- Alloy Software is an example of change management software used by large organizations
Documenting Changes in Small Organizations
- Smaller organizations may not use change management software
- Instead, smaller organizations may manually document changes using tools such as MS Word or Excel
Regulatory and Compliance Policies
- Certain types of data are protected by special government regulations, known as regulated data.
- Industries must comply with various regulations, policies, and laws, collectively referred to as regulatory and compliance policies.
Types of Regulated Data
- Personal Identity: protected by PII (Personally Identifiable Information) regulations.
- Health Information: protected by PHI (Protected Health Information) regulations.
- Credit Card Data: regulated by PCI (Payment Card Industry) standards.
- EU Citizens' Data: protected by GDPR (General Data Protection Regulation), implemented in the European Union (EU) in 2018.
Regulatory and Compliance Policies
- Certain types of data are protected by special government regulations, known as regulated data.
- Industries must comply with various regulations, policies, and laws, collectively referred to as regulatory and compliance policies.
Types of Regulated Data
- Personal Identity: protected by PII (Personally Identifiable Information) regulations.
- Health Information: protected by PHI (Protected Health Information) regulations.
- Credit Card Data: regulated by PCI (Payment Card Industry) standards.
- EU Citizens' Data: protected by GDPR (General Data Protection Regulation), implemented in the European Union (EU) in 2018.
Software Licensing
- A commercial license grants the right to use software, but the buyer does not legally own it
- Copyright, the right to copy the work, belongs to the creator or those to whom the creator transfers this right
End User License Agreement (EULA)
- EULA outlines the rights to use or copy software, agreed to during software installation
Software Piracy
- Making unauthorized copies of original software violates the Federal Copyright Act of 1976
Incident Response for Prohibited Content and Activities
- An incident occurs when an employee or individual negatively impacts safety, corporate resources, violates the code of conduct, or commits a crime.
- First response duties after an incident include:
- Identifying the incident and following proper channels
- Preserving relevant data and devices
- Documenting the incident thoroughly
Data Destruction and Disposal
- Destroying printed documents and sanitizing storage devices is crucial for data security
Methods for Destroying Storage Media
- Overwriting data on a drive makes data recovery impossible
- Using a Secure Erase utility is effective for solid-state devices
- Physically destroying storage media ensures complete data elimination
- Degausser exposes magnetic hard drives and tape drives to a strong electromagnetic field, erasing data completely
- Shredding is a physical destruction method for storage media
- Secure data-destruction services provide professional data destruction solutions
Physical Security Measures
- Locked doors and server locks prevent unauthorized physical access to equipment
- Cable locks secure devices to a fixed object, reducing the risk of theft
- Port locks restrict access to specific ports on a device
- Privacy filters limit the viewing angle of a screen to prevent shoulder surfing
- Theft-prevention plates make it difficult to remove devices from a fixed location
- Mantraps control access to a secure area by trapping individuals in a small room until their identity is verified
- Security guards provide an additional layer of physical security
Logical Security Measures
- Anti-malware software detects and removes malicious code
- VPN connections encrypt data transmitted over the internet
- Email filtering blocks unwanted or malicious emails
- Qualifying software distributors ensure software is legitimate and trustworthy
- Access control lists (ACLs) restrict access to resources based on user identity
- MAC address filtering controls access to a network based on device MAC addresses
- Mobile device management (MDM) manages and secures mobile devices
User Authentication and Authorization
- Additional user authentication methods include password policies and multifactor authentication
- Multifactor authentication uses hardware or software tokens to provide an additional layer of security
- AAA (authenticating, authorizing, and accounting) services manage access to network resources
- RADIUS (Remote Authentication Dial-In User Service) and TACACS+ are AAA protocols
General Security Best Practices
- Educating users about social engineering prevents phishing and other attacks
- Protecting laptops when traveling includes using privacy filters, cable locks, and keeping devices close
Malware
- Malware types include viruses, spyware, keyloggers, worms, trojans, rootkits, ransomware, zero-day attacks, man-in-the-middle attacks, DoS attacks, DDoS attacks, zombies, botnets, and dictionary attacks.
Malware Symptoms
- Malware symptoms include:
- Unwanted pop-up ads
- Slow system performance
- Error messages and logs
- File errors
- Email problems
- Invalid digital certificates
Cleaning Up an Infected System
- Identify common malware symptoms
- Quarantine the infected system to prevent further infection
- Disable System Restore to prevent malware from hiding
- Remediate the system by removing malware
- Protect the system with scheduled scans and updates
- Enable System Protection and create a restore point
- Educate the end user on malware prevention and response
Security Documentation
- Types of security documentation include:
- Ticketing software for documenting customer service
- Knowledge base for recording solutions
- Acceptable use policies for outlining user responsibilities
- Password policies for secure authentication
- Inventory management for tracking system components
- Network topology diagrams for visualizing system architecture
- Documentation for change management to track system modifications
Data Protection
- Regulatory and compliance policies safeguard regulated data, including:
- PII (Personally Identifiable Information)
- PHI (Protected Health Information)
- PCI (Payment Card Industry) data
- GDPR (General Data Protection Regulation) data
- These data types are regulated by governmental agencies
Software Licensing
- Commercial software can be licensed in two ways:
- Personal license
- Enterprise license
Data Destruction and Evidence Management
- A chain-of-custody document provides a paper trail of evidence in criminal cases
- Data destruction methods include:
- Physical destruction using a paper shredder, drill, or hammer
- Digital destruction using low-level format, zero-fill utility, or degausser
- Incineration
- Professional data destruction services may provide a certificate of destruction for legal purposes
Studying That Suits You
Use AI to generate personalized quizzes and flashcards to suit your learning preferences.
Related Documents
Description
Learn about the best practices for physical security, including locking options and secure devices to prevent theft and tampering.