Chapter 1 Lesson 2 Part 2

Question 1

What are corrective measures?

Answer 1

Measures implemented to respond to and correct the effect of an incident or security breach

Corrective measures aim to minimize damage caused by security incidents.

Question 2

What is an example of a corrective measure?

Answer 2

Backups and disaster recovery plans

These involve duplicating important files in a secure location for recovery purposes.

Question 3

What is an Incident Response Plan?

Answer 3

A team swiftly responding to an emergency, including steps to contain, investigate, mitigate, and recover systems

This plan is crucial for effective incident management.

Question 4

What does software patching entail?

Answer 4

Fixing a leaky roof before it causes more damage; keeping software up to date to close potential entry points for attackers

This is a key corrective control.

Question 5

What are compensating controls?

Answer 5

Measures put in place to add an extra layer of protection when primary controls may be insufficient

They help mitigate risks when primary security measures fail.

Question 6

What is an example of a compensating control?

Answer 6

Manual Security Reviews

These involve human experts analyzing for suspicious behavior that automated systems may have missed.

Question 7

What is the purpose of increased user training as a compensating control?

Answer 7

Educates users on best practices to understand security policies, which can increase overall security

Training is essential for user awareness and threat recognition.

Question 8

What does Multi-Factor Authentication provide?

Answer 8

An extra layer of security by adding a second layer of security

This method enhances the authentication process.

Question 9

What are directive measures?

Answer 9

Measures that provide guidance and set expectations for security among an organization

These help establish a security framework within the organization.

Question 10

What is a security policy?

Answer 10

A rulebook and playbook for maintaining a secure environment, including guidelines and best practices

Security policies are foundational for organizational security.

Question 11

What role do training materials and awareness campaigns play in security?

Answer 11

They train users on recognizing phishing emails and understanding the importance of strong passwords

These campaigns are vital for user education.

Question 12

What is the purpose of risk assessment and compliance audits?

Answer 12

Periodic health checks to ensure compliance with security regulations and standards

They help identify vulnerabilities and ensure adherence to best practices.