Chapter 1 Security Fundamentals

Question 1

What are the three components of the CIA triad?

Answer 1

The three components of the CIA triad are confidentiality (where the data is encrypted), integrity (where the data uses hashing), and availability (where the data is available, for example, by restoring data from a backup).

Question 2

Why might an inactive CCTV camera be placed on the outside wall of a building?

Answer 2

An inactive CCTV camera could be used as a deterrent since criminals would not know that it is inactive.

Question 3

What does confidentiality mean?

Answer 3

Confidentiality means preventing other people from viewing the data; the best way to keep data confidential is to encrypt it.

Question 4

How can you control access of personnel to a data center?

Answer 4

The best way to control entry into a data center is to install a mantrap

Question 5

What is the purpose of an air gap?

Answer 5

The purpose of an air gap is to prevent data theft by removing physical connections between the device and network. The only way to insert or remove data from an air-gapped machine is with removable media like a USB drive

Question 6

Name three main control categories.

Answer 6

The three control categories are managerial, operational, and technical.

Question 7

Name three physical controls.

Answer 7

Any three of the following physical controls will apply: Lighting, cameras, robot sentries, fences, gate signage, industrial camouflage, security guards, badges, key management, proximity card, tokens, biometric locks, electronic locks, burglar alarms, smoke detectors, internal protection, conduits, HVAC, cable locks, airgap, laptop safe, USB data blocker, vault, and Faraday cage.

Question 8

Following an incident, what type of control will be used when researching how the incident happened?

Answer 8

Researching an incident requires detective controls wherein all the evidence is gathered and analyzed.

Question 9

How do you know whether the integrity of your data is intact?

Answer 9

Hashing provides data integrity where the hash value is measured before and after accessing data. If the values match, it has integrity.

Question 10

What is a corrective control?

Answer 10

Corrective controls are the actions you take to recover from an incident. You may have to restore data from a backup.

Question 11

What type of control is it when you change the firewall rules?

Answer 11

Firewall rules are designed to mitigate risk. They are technical controls

Question 12

What is used to log in to a system that works in conjunction with a PIN?

Answer 12

A smart card, a CAC card, or a PIV card are all used in conjunction with a PIN.

Question 13

What is the name of the person who looks after classified data? Who gives people access to the classified data?

Answer 13

In a MAC model, the custodian stores and manages the data. The administrator grants access to the data.

Question 14

When you use a DAC model for access, who determines who gains access to the data?

Answer 14

In a DAC environment, the data owner decides who has access to the data.

Question 15

What is least privilege?

Answer 15

Least privilege is the process of giving an employee minimal permissions to perform their job.

Question 16

What access is granted by the Linux file permission of 764?

Answer 16

The Linux permission of 764 gives the owner read, write, and execute access, the group read and write access, and other (users) read access.

Question 17

The sales team is allowed to log in to the company system between 9 a.m. and 10
p.m. What type of access control is being used?

Answer 17

This is called rule-based access control. The access is applied to the whole department

Question 18

Two people from the finance team are only allowed to authorize the payment of checks. What type of access control are they using?

Answer 18

The two people from finance are using role-based access control where a subset of a department is carrying out a subset of duties

Question 19

What is the purpose of the defense in-depth model?

Answer 19

The defense-in-depth model has multiple layers, the purpose of which is to protect data and resources. If the outer layer fails, then the next layer should perform the protection. Many layers need to be broken through before gaining access to the data or resource

Question 20

When someone leaves the company, what is the first thing you should do with their user account?

Answer 20

When someone leaves the company, you should disable the account and reset the password so that it cannot be used.

Question 21

What do US companies that host websites in the US have to comply with if customers are based in Poland?

Answer 21

The EU GDPR states that if a website that is hosted by someone in the US is accessed by someone from within the EU (which includes Poland), that website needs to be GDPR-compliant.

Question 22

How can a company discover that its suppliers are using inferior products?

Answer 22

If a company puts a right to audit clause into a contract, it gives them the right to audit the supplier at any time. This way, the company can look at the company records and check the quality of the products and materials being used.

Question 23

What is one of the most important factors between someone being arrested and their appearance before the judge in court?

Answer 23

Chain of custody is a record of who has collected the evidence and provides a log of who has handled the data. The original data must be intact, and there must not be any break in the chain.

Question 24

Can you explain what the purpose of the CLOUD Act and COPOA is?

Answer 24

The US released The CLOUD Act so that they could obtain evidence from other countries for an FBI investigation. The UK government released the COPOA act to seek data stored overseas and give their law enforcement faster access to evidence held by providers

Question 25

What is Stage C of Cloud Forensic Process 26?

Answer 25

In Stage C of Cloud Forensic Process 26, you ascertain the type of technology behind the cloud.