ch1

Question 1

what is a FER?

Answer 1

False error rate

Question 2

define availability

Answer 2

Availability ensures that systems are up and operational when needed and often addresses single points of failure. You can increase availability by adding fault tolerance and redundancies, such as RAID, failover clusters, backups, and generators.

Question 3

define security control

Answer 3

measures taken to mitigate risk from a threat to services, IT critical system, etc. It is also important to know that every security control belongs to a category and a type defined by CompTIA.

Question 4

define integrity

Answer 4

integrity ensures that data has not changed. this includes verifying that data has not been tampered with, modified, or corrupted.

Question 5

describe least privilege principle

Answer 5

it is the practice of giving the least amount of permissions or access rights necessary for the person to do their job. it is an example of a technical control. technical control is a category of security controls

Question 6

describe what OAuth is

Answer 6

open standard for authorization.

Question 7

give examples of technical controls

Answer 7

anti-virus, encryption, firewalls, least privilege principle, intrusion detection systems, intrusion prevention systems,

Question 8

how are managerial and operational controls related?

Answer 8

managerial controls are administrative in nature and documented in an organization’s security policies. operational controls relate to day to day operations of an organization and meant to comply with the documented security policies. operational controls are implemented by personel.

Question 9

name the 4 types of authentication factors

Answer 9

1. something you know i.e. password, pin
2. something you have i.e. security token, or phone
3. something you are i.e. biometric attribute
4. somewhere you are - typically this fourth factor is not used as an authentication factor by itself.

Question 10

name the technique used to ensure data integrity

Answer 10

hashing, e.g. using hashing algorithms such as md5 or sha

Question 11

what account types are there in the context of account management?

Answer 11

1. Personnel or end-user accounts. Most accounts are for regular users or the personnel working in the organizations. Administrators create these accounts and then assign appropriate privileges based on the user’s job responsibilities. It’s common to assign a basic credential policy that applies to all personnel. This could be a password policy defining things like the minimum password length, password history, and account lockout policies, as defined earlier in this chapter.
2. Administrator and root accounts. Administrator and root accounts are privileged accounts that have additional rights and privileges beyond what a regular user has. As an example, someone with administrator privileges on a Windows computer has full control over the Windows computer. Linux systems have a root account, which grants additional privileges, similar to an administrator account on Windows systems. Credential policies require stronger authentication methods for these privileged accounts, such as multifactor authentication. Additionally, privileged access management techniques (described in the next section) apply additional controls to protect these accounts.
3. Service accounts. Some applications and services need to run under the context of an account, and a service account fills this need. As an example, SQL Server is a database application that runs on a server, and it needs access to resources on the server and the network. Administrators create a regular user account, name it something like sqlservice, assign it appropriate privileges, and configure SQL Server to use this account. Note that this is like a regular end-user account. The only difference is that it’s used by the service or application, not an end user. Credential policies may require long, complex passwords for these accounts, but they should not expire. If the password expires, the account can no longer log on, and the service or application will stop.
4. Device accounts. Computers and other devices also have accounts though it isn’t always apparent. As an example, Microsoft Active Directory only allows users to log on to computers joined to the domain. These computers have computer accounts and Active Directory manages their passwords.
5. Third-party accounts. Third-party accounts are accounts from external entities that have access to a network. As an example, many organizations use security applications that have administrative access to a network. These should have strong credential policies in place with strong password policies enforced at a minimum.
6. Guest accounts. Windows operating systems include a Guest account. These are useful if you want to grant someone limited access to a computer or network without creating a new account. For example, imagine an organization contracts with a temp agency to have someone do data entry. The agency may send a different person every day. Enabling the Guest account for this person would be simpler than creating a new account every day. Administrators commonly disable the Guest account and only enable it in special situations. Shared and generic account/credentials. An organization can create a regular user account that temporary workers will share.
7. Shared accounts are discouraged for normal work. However, if a temp agency is sending someone different every day, a shared account may provide a better solution than a guest account because access can be tailored for the shared account. Basic credential policies apply to shared and generic accounts.

Question 12

what are sensitivity labels?

Answer 12

these are labels used in a MAC scheme and each label includes security information which can include: classification level, compartment/category
example
Classification Level: “Top Secret”
Compartment/Category: “Nuclear Power Plant”
Sensitivity Label: “Top Secret – Nuclear Power Plant”

Question 13

what are the 3 goals of cybersecurity?

Answer 13

1. confidentiality
2. availability
3. integrity

Question 14

what are the authorization models covered by security+?

Answer 14

role based access control - this model is used to determine what users are allowed access to depending on the role assigned to them

rule based access control - this model is used by routers and firewalls to determine what web or https requests are allowed to go through depending on rules defined by the router or firewall

discretionary access control AKA DAC- this model is used by operating systems to determine what level of access users have to objects depending on DACL. access is controlled by the owner of the object.

mandatory access control AKA MAC - most commonly used by OS’s i.e. SELinux to control access to files and resources for users. it is based on matching sensitivity labels between the subject and object. access is centrally controlled by administrators.

attribute based access control AKA ABAC

Question 15

what are the types of strong authentication factors recognized by CompTIA?

Answer 15

1. something you know: password, pin, security questions
2. something you have: smart card, keyfob, smartphone, usb drive
3. something you are: biometrics i.e. fingerprint scan, face recognition, voice recognition

Question 16

what are time base logins?

Answer 16

users can only log on to computers during specific times. If a user tries to log on to a system outside the restricted time, the system denies access to the user.

Question 17

what is a 3rd party account in context of account management?

Answer 17

Third-Party Account:

Ownership: A third-party account is typically created and managed by an external organization or service provider, not by the organization or individual using the system. This type of account is associated with an external entity that has been granted access to a system or service.

Purpose: Third-party accounts are used when external vendors, contractors, or service providers need access to a system or network to perform specific tasks, such as support, maintenance, or integration with another service. These accounts are used to facilitate collaboration or service delivery between organizations.

Access Level: The access level for third-party accounts is usually defined very carefully, often limited to what is necessary for the third party to perform their duties. This might include access to certain systems, data, or tools, but with strict controls to protect the organization’s security and privacy.

Management: Third-party accounts are often subject to more stringent monitoring and auditing. They may have special agreements, such as non-disclosure agreements (NDAs) or service level agreements (SLAs), outlining how the account should be used.

Question 18

what is a CER?

Answer 18

crossover error rate - A lower CER indicates that the biometric system is more accurate.

Question 19

what is a federated identity?

Answer 19

A federated identity is an identity that is recognized and trusted across multiple domains or organizations through a federated identity management system (FIM). The FIM links user identities across different systems, allowing users to access various services and resources with a single set of credentials, enabling Single Sign-On (SSO) and streamlining the authentication process across multiple platforms.

Question 20

what is a guest account in the context of account management?

Answer 20

Guest Account:

Purpose: A guest account is typically used for temporary access by individuals who do not have a regular or long-term need to access the system. It’s often used for visitors or external users who need limited access for a short duration.

Access Level: Guest accounts generally have very limited permissions. They are restricted to basic functions, often without the ability to modify system settings or access sensitive data.

Duration: Access through a guest account is usually temporary, and the account may have time-based restrictions, expiring after a certain period or after a specific use.

Personalization: Guest accounts usually do not retain personal settings, data, or files after the session ends, ensuring that the next guest starts with a clean slate.

Question 21

what is a MAC in context of authentication?

Answer 21

message authentication code: it is a code derived from a message to provide data integrity

Question 22

what is a MAC in context of physical machine property?

Answer 22

Media Access Control is a physical address assigned to a machine’s network interface card.

Question 23

what is an attestation?

Answer 23

Formal process for reviewing user permissions. In an attestation process, managers formally review each user’s permissions and certify that those permissions are necessary to carry out the user’s job responsibilities.

Question 24

what is an FAR?

Answer 24

False acceptance rate - it is a measure of the accuracy of a biometric identification system or device.

Question 25

what is confidentiality?

Answer 25

enforcement of access to data by only authorized users

Question 26

what is DAC?

Answer 26

Discretionary Access Control (DAC) is a type of access control system where the owner of a resource (like a file or folder) has the discretion to decide who can access it and what they can do with it. This is in contrast to other models where access is determined by a central authority.

Question 27

what is DACL?

Answer 27

Discretionary Access Control List (DACL) is a specific implementation of DAC. It’s essentially the list of rules (the ACL) that the owner sets up to control access to their resources.

Question 28

what is elasticity?

Answer 28

automatically adding or removing servers as needed based on demand.

Question 29

what is horizontal scaling?

Answer 29

it is increasing capacity by increasing number of machines.

Question 30

what is LDAP?

Answer 30

LDAP (Lightweight Directory Access Protocol) is a protocol that facilitates access to information about users, network resources, and other organizational data. It is commonly used in enterprise directory services, such as Microsoft Active Directory or OpenLDAP, to manage and retrieve this information efficiently.

Question 31

what is MAC scheme?

Answer 31

The mandatory access control (MAC) scheme uses labels (sometimes referred to as sensitivity labels or security labels) to determine access. Security administrators assign labels to both subjects (users) and objects (files or folders). When the labels match, the system can grant a subject access to an object. When the labels don’t match, the access scheme blocks access.

Question 32

what is PAM?

Answer 32

Priviledged Access Management - allows an organization to apply more stringent security controls over accounts with elevated privileges, such as administrator or root-level accounts. PAM implements the concept of just-in-time permissions. In other words, administrators don’t have administrative privileges until they need them. When they need them, their account sends a request for the elevated privileges.

Question 33

what is SAML?

Answer 33

SAML (Security Assertion Markup Language) is an open standard that allows identity providers (IdPs) to pass authorization credentials to service providers (SPs). It's widely used for Single Sign-On (SSO) solutions, enabling users to authenticate with one central identity provider and then access multiple applications or services without needing to log in again for each one.

Question 34

What is SIEM?

Answer 34

SIEM stands for Security Information and Event Management. It is a comprehensive solution that provides real-time analysis of security alerts generated by applications and network hardware. SIEM systems aggregate and analyze activity from various sources within an IT infrastructure, including network devices, servers, domain controllers, and other security systems. based on this https://www.youtube.com/watch?v=9RfsRn7m7OE youtube video I'll add the following: Besides gathering logs from different systems it also analyzes those logs using AI to generate any alerts or high fidelity alerts. By high fidelity it is meant alerts that are valid and are not false positives.

Question 35

what is the ABAC scheme?

Answer 35

Attribute-Based Access Control (ABAC): Dynamic and Contextual: ABAC uses attributes (characteristics) of the user, the resource, and the environment to make access decisions. These attributes can include the user’s role, location, time of access, the sensitivity of the data, and more. Granular Control: ABAC allows for more granular and flexible control compared to MAC or DAC, making decisions based on a wide range of factors rather than just a simple owner or classification. Example: A healthcare system where a doctor’s access to patient records is determined not just by their role (doctor) but also by the patient’s status, the doctor’s location, the time of day, and the specific data they are trying to access. from chatgpt: me: abac seems a little like rule based access control ChatGPT said: You're right; Attribute-Based Access Control (ABAC) does share some similarities with Rule-Based Access Control (RBAC), but they are distinct in how they function. Rule-Based Access Control (RBAC): Rule-Based: In RBAC, access is granted or denied based on a set of rules defined by the system administrators. These rules are typically static and based on roles or other predefined conditions. Simple Conditions: The rules in RBAC are generally straightforward, such as "Users in the HR department can access employee records" or "Managers can approve leave requests." Less Dynamic: RBAC tends to be less flexible because the rules are often fixed and don't account for multiple attributes or context. Attribute-Based Access Control (ABAC): Attribute-Based: ABAC goes beyond simple roles and rules by considering a wide range of attributes. These can include user attributes (like role, department), resource attributes (like file type, sensitivity), and environmental attributes (like time of access, location). Dynamic and Contextual: ABAC is much more dynamic, allowing access decisions to be made based on the combination of attributes at the time of access. This allows for more complex and contextual access control. Example of Complexity: A rule in ABAC could be "Allow access to medical records if the user is a doctor, the patient has consented, the access is during working hours, and the user is physically at the hospital."

Question 36

what is the best way to protect confidentiality of data?

Answer 36

use of encryption

Question 37

what is the meaning of scalability?

Answer 37

the ability to increase capacity of a system or service to meet new demand on top of existing demand.

Question 38

what is vertical scaling?

Answer 38

increasing the capacity of an existing system or service by adding resources to the system.

Question 39

where are log files on linux systems stored?

Answer 39

/var/log

Question 40

where is the MAC scheme used?

Answer 40

SELinux which was specifically designed to implement this type of access control. From the textbook: Security-enhanced Linux (SELinux) is one of the few operating systems using the mandatory access control scheme. It was created to demonstrate how the MAC scheme can be added to an operating system.

Question 41

name the 3 roles SAML defines and describe each

Answer 41

principal - this is the user who is logging in. identity provider - this is the web site where the user logs in and provides their credentials. service provider - this is the web site the user wants to access the resources or services of.

Question 42

name the control types identified by CompTIA

Answer 42

1. preventive - control meant to prevent a security incident/attack before it happens. 2. deterent - control meant to deter an attack before it happens. 3. corrective - control meant to restore normal operation after a security incident has happened. 4. detective - control meant to detect security incidents after they have occurred. 5. compensating - are alternative controls meant to be used when the primary control is too expensive or otherwise not feasible. 6. directive - controls meant to instruct personnel on courses of action to address security risks.

Question 43

name the security control categories identified by CompTIA

Answer 43

1. technical 2. operational 3. managerial 4. physical

Question 44

what is HMAC?

Answer 44

Hash-based Message Authentication Code - used in HOTP security tokens

Question 45

what is HOTP?

Answer 45

HMAC-based One Time Password used in security tokens

Question 46

what is TOTP?

Answer 46

Time-based One Time Password used in security tokens

Question 47

describe 2 vulnerabilities with 2 step authenticating using SMS

Answer 47

1. if your phone is stolen the thief would be able to see the pin even if the screen is locked 2. the phone can be high jacked such that the SMS can be re routed to their own phone.

Question 48

what is a push notification?

Answer 48

a notification sent to a user's device such as a smart phone from a web site where they have registered the phone so that the user can later prove that they are the one's accessing the web site.