Untitled

Questions and Answers

Which of the following scenarios BEST exemplifies the use of Identity and Access Management (IAM) in cloud security?

• Automatically encrypting all data stored within a cloud storage service.
• Granting a specific user access to only certain databases within a cloud environment, while restricting access to others. (correct)
• Creating a secure tunnel for data transmission between an on-premises server and a cloud-based application.
• Analyzing network traffic patterns to detect and prevent Distributed Denial of Service (DDoS) attacks.

A company wants to ensure that sensitive data stored in its cloud environment is protected from unauthorized access and potential leaks. Which cloud security solution would be MOST suitable for this purpose?

• Public Key Infrastructure (PKI).
• Data Loss Prevention (DLP). (correct)
• Security Information and Event Management (SIEM).
• Identity and Access Management (IAM).

An organization is experiencing a surge in security alerts from its cloud environment and needs a solution to automate threat detection and incident response. Which of the following would be MOST appropriate?

• Deploying a Security Information and Event Management (SIEM) system. (correct)
• Utilizing a Data Loss Prevention (DLP) solution to classify sensitive data.
• Implementing a Public Key Infrastructure (PKI) for encrypting data in transit.
• Enforcing multi-factor authentication using Identity and Access Management (IAM).

What PRIMARY function does Public Key Infrastructure (PKI) provide in cloud security?

Secure, encrypted information exchange through digital certificates. (B)

A company wants to implement a system that ensures that data transmitted between their cloud services and client applications remains confidential and uncompromised. Which security measure would BEST achieve this?

Utilize Public Key Infrastructure (PKI) to manage digital certificates. (A)

Which of the following is MOST directly protected by cloud security measures, regardless of specific responsibilities?

The physical networks including routers, cabling, and climate controls. (B)

Which component of the cloud infrastructure is PRIMARILY protected by physical security measures?

Data storage hard drives. (A)

An Intrusion Prevention System (IPS) primarily focuses on which of the following actions?

Identifying, reporting, and attempting to block or stop malicious network activity. (B)

How do firewalls enhance network security?

By monitoring and controlling network traffic based on a defined set of security rules. (D)

What is the main objective of application security measures?

To prevent the stealing or capturing of data or code within an application. (C)

Why are wireless networks often considered less secure than wired networks?

Wireless signals can extend beyond physical boundaries, potentially allowing unauthorized access. (C)

Which of the following is the MOST likely security concern for IT organizations allowing corporate applications on personal mobile devices?

Greater risk of data breaches and malware infections on unsecured personal devices. (C)

In an Infrastructure-as-a-Service (IaaS) model, which of the following responsibilities falls primarily under the client's domain?

Securing the operating system, applications, and data. (B)

Which cloud environment model involves a client sharing a provider's servers with other clients, similar to a co-working space?

Public cloud environment (B)

An organization requires full control over the configuration and setup of every element within their cloud environment. Which deployment model would best suit this requirement?

Private in-house cloud (C)

A company utilizes both a private third-party cloud for sensitive data and a public cloud for customer-facing applications. Which cloud environment are they using?

Hybrid cloud environment (D)

What is the primary distinction between a 'private third-party cloud environment' and a 'private in-house cloud environment'?

The physical location and management of the servers. (C)

A company decides to use cloud services from both Amazon Web Services (AWS) and Microsoft Azure. What type of cloud environment are they implementing?

Multi-cloud (C)

Which of the listed options below, correctly describes a primary function of cloud security measures?

To enable data recovery in case of data loss (B)

A hospital uses a public cloud for storing patient records. To comply with privacy regulations and ensure data security, which of the following measures should they prioritize?

Implementing encryption for data at rest and in transit. (C)

An e-commerce company experiences a data breach in their cloud storage. Which cloud security measure would be MOST helpful in mitigating the damage and ensuring business continuity?

Having a robust data recovery plan and backups. (B)

What is the primary risk associated with having multiple IoT devices linked within the same home network?

If one device is compromised, the malfunction can propagate to other devices. (C)

Which of the following is a limitation of some IoT devices that makes them vulnerable to security threats?

Limited processing capacity for complex security measures. (A)

Why is the manufacturing sector a prime target for cybercriminals?

High dependency on interconnected systems and supply chains. (B)

What is the main objective of industrial spying in the manufacturing sector?

To steal intellectual property or product designs. (C)

How do supply chain attacks typically target an organization?

By compromising suppliers or third-party vendors. (B)

What is the primary goal of a ransomware attack on critical systems?

To encrypt systems and demand a ransom for their restoration. (D)

Why is the financial sector a frequent target for cyberattacks?

It contains sensitive financial information and large amounts of money. (D)

What do fraudulent activities in the finance and insurance sectors typically involve?

Financial fraud, including identity theft and fraudulent transactions. (A)

How can insider threats pose a risk to the finance and insurance sectors?

Through negligence or malicious intent of individuals with access to sensitive information. (C)

What are cyber-physical attacks in the energy and utilities sector aimed at disrupting?

Power generation, distribution, or transmission. (C)

Why are endpoints, especially mobile and remote devices, a favorite target for adversaries?

They act as entry points for threats and malware. (C)

Which of the following is NOT typically a key component of endpoint security software?

Physical security measures such as device locks and security guards. (D)

What is the primary reason IoT security is necessary?

To assist in avoiding data breaches due to the lack of built-in security and unencrypted data transmission. (B)

Why wasn't security considered during the design phase of most IoT devices?

The focus was primarily on functionality and cost-effectiveness, leading to security being overlooked. (D)

What is the role of 'actionable threat forensics' in endpoint security?

To allow administrators to quickly isolate infections and understand the scope of a security incident. (B)

How does 'insider threat protection' safeguard an organization?

By safeguarding against unintentional and malicious actions from within the organization. (A)

What is the function of an 'email gateway' in endpoint security?

To block phishing and social engineering attempts targeting employees. (D)

Which of the following best describes the function of 'data classification' in endpoint security?

Categorizing data based on its sensitivity to apply appropriate security measures. (B)

What is the main goal of a centralized endpoint management platform?

To provide a single point of control for managing and securing all endpoints in an organization. (D)

How does endpoint, email, and disk encryption help in preventing data exfiltration?

By converting data into an unreadable format without the correct decryption key. (C)

Flashcards

IAM (Identity and Access Management)

Management and control of who has access to cloud and on-premises resources.

DLP (Data Loss Prevention)

Tools that automatically discover, classify, and de-identify regulated cloud data.

SIEM (Security Information and Event Management)

Automated monitoring, detection, and incident response to threats using AI/ML.

PKI (Public Key Infrastructure)

Framework for secure, encrypted information exchange using digital certificates.

Physical Networks

Routers, electrical power, cabling, climate controls, etc.

Data storage

Hard drives

Physical infrastructure

The hardware on which the cloud resides.

IaaS (Infrastructure-as-a-Service)

Cloud service model where providers offer hardware and remote connectivity, while clients manage everything above the operating system, including applications, data, and security.

Cloud Environments

Deployment models using one or more cloud services which share management responsibilities (including security) between clients and providers.

Public Cloud

A cloud environment where a client shares a provider's servers with other clients.

Private Third-Party Cloud

A cloud service providing a client with exclusive use of their own cloud.

Private In-House Cloud

A single-tenant cloud service operated from a company's own private data center.

Multi-Cloud

The use of two or more cloud services from separate providers.

Hybrid Cloud

A blend of private and public cloud services.

Cloud Security Goals

Data recovery and protection including malicious theft

Cloud Security

Guarding digital information stored in cloud computing environments to ensure confidentiality, integrity, and availability.

Endpoints

Entry points for threats, making them favorite targets for adversaries.

Machine-learning classification

Detects zero-day threats in near real-time using machine learning.

Advanced antimalware and antivirus protection

Protects against malware across different devices and operating systems.

Proactive web security

Ensures safe browsing practices while on the web.

Data classification and data loss prevention

Prevents sensitive data from being lost or stolen.

Integrated firewall

Blocks hostile network attacks.

Email gateway

Blocks phishing attempts.

Actionable threat forensics

Allows admins to promptly isolate infections.

Insider threat protection

Safeguards against unintentional and malicious actions from within.

IoT Security

Defends against cyberattacks on IoT devices and their networks.

Intrusion Prevention System (IPS)

A network security application that monitors network or system activities for malicious activity, reports it, and attempts to block or stop it.

IoT Ease-of-Use Disadvantage

The downside of easy IoT use: failure in one device can affect all linked devices at home due to security misconfigurations.

IoT Resource Constraints

IoT devices often lack the processing power for complex security measures like firewalls or antivirus.

Antivirus and Anti-malware Software

Network security that ensures malicious software (viruses, Trojans, worms) does not enter the network and jeopardize data.

Industrial Spying

Stealing a company's intellectual property, product designs, or manufacturing methods by competitors or nation-states.

Firewall Security

A network security device (hardware or software) that monitors traffic and accepts, rejects, or drops traffic based on security rules.

Supply Chain Attacks

Compromising suppliers or third-party vendors to gain access to a target organization's systems.

Application Security

Security measures at the application level to prevent data or code theft, including security during application design and protection techniques.

Ransomware (Manufacturing)

Encrypting critical systems and demanding payment for their restoration, leading to financial loss and production disruption.

Web Security

Solutions that manage internet usage, block website threats, prevent access to harmful sites, and protect the web gateway.

IoT Vulnerabilities (Manufacturing)

Exploiting vulnerabilities in Industrial IoT devices to disrupt operations or steal data.

Fraudulent Activities (Finance)

Financial fraud, including identity theft, account takeover, and fraudulent transactions.

Cyber Spying (Finance)

Stealing financial data, trade secrets, or customer information for competitive advantage.

Ransomware (Finance)

Bringing financial services to a standstill, incurring huge financial losses and reputational damage.

Cyber-Physical Attacks (Energy)

Attacks targeting IT and OT systems to disrupt power generation, distribution, or transmission grids.

Study Notes

• Computer security protects computers, data, networks, software, and hardware from unauthorized access, misuse, theft, and information loss.
• While the Internet offers many advantages, it also introduces risks like viruses, hacking, information theft, and system damage.

Three Key Objectives of Computer Security

• Confidentiality: Restricting information access and disclosure.
  • Data confidentiality assures private information is not disclosed to unauthorized individuals.
  • Privacy ensures individuals control the collection, storage, and disclosure of their information.
• Integrity: Guarding against improper information modification or destruction.
  • Data integrity ensures information and programs are changed only in an authorized manner.
  • System integrity ensures a system performs its intended function without unauthorized manipulation.
• Availability: Ensuring timely and reliable access to information, so systems work promptly and service is not denied to authorized users.

Types of Computer Security

• Cyber Security: Securing computers, devices, networks, programs, and systems from cyberattacks that occur when the system is connected to the Internet.
• Information Security: Protecting system information from theft, illegal use, and piracy, with the objectives of confidentiality, integrity, and availability.
• Application Security: Securing applications and data to prevent hacking, keeping databases safe and private.
• Network Security: Securing a network and protecting user information from hackers who steal data through sniffing, spoofing, and man-in-the-middle attacks.

Steps to Ensure Computer Security

• Keep the Operating System up to date to reduce the risk of malware and viruses.
• Use a secure network connection, avoiding public Wi-Fi's that are at risk of attacker interception.
• Install and update antivirus software, opting for paid versions for more security.
• Enable a firewall to prevent unauthorized access to/from a computer or private network.
• Use strong, unique passwords of at least 16 characters combining upper and lower case letters, numbers, and special characters, changing them regularly.
• Limit trust in others to avoid giving out personal information.
• Keep personal information hidden and avoid sharing with strangers on social media.
• Avoid downloading attachments from unknown e-mails, as they often contain malware.
• Purchase online from well-known websites to avoid fraud and card information theft.
• Learn about computer security and ethics to reduce cyber-crime.
• If attacked, immediately inform the cyber cell.
• Avoid pirated content, which often contains viruses, worms, or malware.

Application Security

• Application security is important for organizations handling customer data to mitigate data breach risks.
• Application security includes testing code, identifying vulnerabilities, and ensuring applications are free from security flaws.
• Application security can be implemented at various stages of the software development life cycle, from planning to deployment.
• Key features include:
  • Code review and vulnerability scanning
  • Use of secure coding practices
  • Implementation of secure authentication and authorization mechanisms
  • Regular security testing and update
• OWASP tracks the top 10 threats to web application security flaws.
• Different types of application security features include authentication, authorization, encryption, logging, and application security testing.
  • Authentication: Software procedures ensure only authorized users gain access, using username-password or multi-factor authentication.
  • Authorization: Validating that an authenticated user has permission to access and use the application.
  • Encryption: Security measures protect sensitive user data, especially in cloud-based applications.
  • Logging: Can help identify who got access to the data and how if there is a security breach in the application.
  • Application Security Testing: A necessary process to ensure that all of these security controls works properly.

Cloud Security

• Securing cloud computing becomes a major priority as organizations adopt it.
• A cloud security strategy includes solutions, controls, policies, and services to protect cloud deployments against attack.
• Cloud security protects data and systems hosted on cloud platforms like AWS, Microsoft Azure, and Google Cloud.
• Cloud security includes technical and administrative controls to secure stored data and the cloud infrastructure.
• Key features of cloud security:
  • Use of secure cloud configurations and virtual private networks
  • Implementation of identity and access management controls
  • Encryption of data at rest and in transit
  • Regular security audits and compliance checks
• Responsibilities in cloud security:
  • Infrastructure as a Service (IaaS): You secure data, applications, virtual network controls, operating system, and user access; the provider secures compute, storage, physical network, patching, and configuration.
  • Platform as a Service (PaaS): You secure your data, user access, and applications; the provider secures compute, storage, physical network, virtual network controls, and operating system.
  • Software as a Service (SaaS): You are responsible for securing your data and user access; the provider secures compute, storage, and the physical network.
• Types of cloud security solutions:
  • Identity and access management (IAM): Administering who has access to cloud-based and on-premises resources, allowing active monitoring and restriction of user interactions.
  • Data loss prevention (DLP): Gaining visibility into stored data and automatically discovering, classifying, and de-identifying regulated cloud data.
  • Security information and event management (SIEM): Offering automated monitoring, detection, and incident response to threats using AI and ML to analyze log data.
  • Public key infrastructure (PKI): Managing secure, encrypted information exchange using digital certificates and providing authentication services.
• The full scope of cloud security is designed to protect the following: physical networks, data storage, data servers, computer virtualization frameworks, operating systems, middleware, runtime environments, data, applications, and end-user hardware.
• Cloud service types are offered by third-party providers as modules used to create the cloud environment.
• Cloud environments are deployment models in which one or more cloud services create a system for the end-users and organizations.
• Currently used cloud environments include:
  • Public: multi-tenant services where clients share servers with other clients.
  • Private third-party: Cloud service that provides the client with exclusive use of their own cloud.
  • Private in-house: Single-tenant service servers operated from their own private data center.
  • Multi-cloud: Two or more cloud services from separate providers.
  • Hybrid: Blend of private third-party cloud and/or onsite private cloud data center with one or more public clouds.
• Cloud security measures enable data recovery and protect storage and networks against malicious data theft.
• Cloud security measures deter human error and reduce the impact of data compromise.
• Data security involves the technical end of threat prevention with tools and technologies to insert barriers.
  • Encryption scrambles data so it's only readable by someone with the encryption key.
  • Data transit protections like VPNs are also emphasized.
• Identity and access management (IAM) pertains to accessibility privileges offered to user accounts; access controls restrict both legitimate and malicious users.
• Governance focuses on policies for threat prevention, detection, and mitigation.
• Data retention (DR) and business continuity (BC) planning involve technical disaster recovery measures in case of data loss.
• Legal compliance revolves around protecting user privacy as set by legislative bodies.
• One approach is data masking, which obscures identity within data via encryption methods.

Data Security

• Data security is the process of safeguarding digital information to protect it from corruption, theft, or unauthorized access.
• Covers hardware, software, storage devices, user devices, access and administrative controls, & organizations' policies and procedures.
• Enhances visibility of a company's data and its usage through data masking, encryption, and redaction.
• Helps organizations streamline their auditing procedures and comply with stringent data regulations.
• Why data security is important:
  • Organizations are legally obliged to protect customer and user data from loss or theft.
  • Prevents reputational risk that accompanies data breach.
• Benefits of Data Security
  • Keeps your information safe
  • Helps keep your reputation clean
  • Gives you a competitive edge
  • Saves on support and development costs
• Best Practices for Ensuring Data Security And Privacy
  • Secure your information: manage access and encrypt your data
  • Prepare ahead of time for threats: test your system, educate employees, create an incident management plan, and create a data recovery plan
  • Delete data you are not using: reduce the chances of a hacker discovering it and using it for profit
• Types of Data Security
  • Encryption: Scrambles data using algorithms to hide its true meaning, which is crucial in the event of a data breach.
  • Data Erasure: Data Security management technique that permanently removes data from systems.
  • Data Masking: Hides data by obscuring and replacing specific letters or numbers, rendering the data useless if intercepted.
  • Data Resiliency: Mitigates accidental data destruction or loss through backups.

Endpoint Security

• Endpoint management refers to the monitoring, managing, and securing the endpoints in a network and applying policies to control the access to these endpoints.
• Secures endpoints from internal and external cyber threats.
• Unified endpoint management and security tool is a combination of Client Management Tool (CMT) and Enterprise Mobility Management (EMM).
• Organizations of all sizes are at risk from nation-states, hacktivists, organized crime, and malicious and accidental insider threats.
• Endpoint security is often seen as cybersecurity's frontline.
• Endpoint protection systems quickly detect, analyze, block, and contain attacks in progress.
• Key Components of Endpoint Security
  • Machine-learning classification to detect zero-day threats in near real time
  • Advanced antimalware and antivirus protection to protect, detect, and correct malware across multiple endpoint devices and operating systems
  • Proactive web security to ensure safe browsing on the web
  • Data classification and data loss prevention to prevent data loss and exfiltration
  • Integrated firewall to block hostile network attacks
  • Email gateway to block phishing and social engineering attempts targeting employees
  • Actionable threat forensics to allow administrators to quickly isolate infections
  • Insider threat protection to safeguard against unintentional and malicious actions
  • Centralized endpoint management platform to improve visibility and simplify and simplify operations
  • Endpoint, email and disk encryption to prevent data exfiltration

IOT Security

• IoT Security is based on a cybersecurity strategy to defend against cyberattacks on IoT devices and vulnerable networks.
• Security was not considered during the design of IoT devices.
• IoT security is a technology area to protect connected devices and networks in IoT
• Attacks are likely to occur to anything linked to the Internet at some time.
  • From the Internet of Things devices, Attackers may utilize remote access to steal data using strategies, including credential theft and vulnerability exploitation.
• Types of IoT Security
  • Network security safeguards the overall IoT network infrastructure. - Establish perimeter via firewalls and intrusion detection systems
    • Enforcing zero-trust architecture and continuous verification
      • Securing network communication by encrypting data and communications
  • Device Security Centers on protecting individual IoT devices:
    • Employing lightweight software to monitor device behavior and detect anomalies.
    • Firmware hardening via rigorous testing and updates. -Verifying the device's operating system before startup.
  • Data Security safeguards information generated and transmitted by IoT devices via:
    • Data encryption
    • Implement measures to protect sensitive information from unauthorized access.
    • Ensuring data accuracy and consistency through checksums and other techniques.
• Benefits for IoT Security
  • Network protection which identifies and prevents threats to the IoT as a whole
  • Privacy protection which shields user privacy from surveillance, theft, and device tracking
  • Scalability in that it can keep up with the expansion of various IoT environments
  • Devise protection that ensures lifetime operation by protecting devices from unauthorized access
• Cyberattacks continue due to the unusual way IoT devices are manufactured, emphasizing the need for security.
• Challenges
  • Lack of encryption across IoT devices raises security concerns
  • Security misconfigurations of devices create a malfunction
  • Devices often lack the processing capacity for security programs
• Industries Most Vulnerable to IoT Security Threats
  • Manufacturing dependencies: Manufacturing has become a target due to dependency on chain systems
    • Includes issues like stealing data and creating vulnerabilities that exploits and interrupts operations
  • Finance threats includes stealing financial data for competitive advantage - Includes cyber attacks disrupting services entailing huge loss
  • Potential threats in energies that disrupts power generation or transmission - Espionage and attacks on infrastructures cause operation disruptions
  • POS and data breaches makes Retail a more threatening industry
  • Cybercriminals stealing healthcare information and medical devices for vulnerabilities - Includes medical device vulnerabilities for data theft Public security sensitive to security threats that attack reputation
    • Cyber spying to cause disinformation and attacks

IoT Device Vulnerability

• Weak Passwords: IoT devices have weak default passwords that can be easily guessed
• Smart Speakers: Can be hacked through voice recordings
• Smart TVs: Vulnerable to malware, data breaches, and adware
• Data breaches for smartwatches and fitness trackers

Mobile Security

• Mobile device security keeps devices safe from cyber criminals and hackers, protecting private information.
• Protection is set together to prevent unauthorized users from accessing devices
• Mobile security protects data on devices, endpoints, and networking hardware
• How to secure mobile devices for your organization:
  • Being informed and educating one's self is one of the most effective way to defend against mobile threats
  • Use two-factor authentication and strong passwords to always make the extra effort to protect your data.
  • Encrypt is the best way to protect your data if your device is potentially lost
• Components:
  • Testing with automated services to pinpoint weakness
  • Connecting to public wifi safely
  • Installing apps from trusted providers and software

Network Security

• Network security is a broad phrase that protects data data companies through solutions that minimizes cyber threats
  • Network usage that has procedures, guidelines, and setups is general threat protection
  • Examples include protection and user password protection
• Security solutions protects various vulnerabilities of the computer systems
• Action has intended actions to network security
• Types of network security
  • Defined to protect from access
  • Program restricts losing essential data if compromise
  • Segmentation to allow appropriate individuals the device
  • Access to protect every user in order to keep out attackers
• This can be achieved by biometric systems that prevents unauthorized personnel
• Network security protects user behavior with complex attacks
• The most danger vector for security is email which restricts the amount of threatening message