Chapter 7 - Security Operations Flashcards Preview

My Notes of CISSP CBK > Chapter 7 - Security Operations > Flashcards

Flashcards in Chapter 7 - Security Operations Deck (57)
Loading flashcards...
31

optical media

cd. dvd

32

solid state media

flash drive and memory cards

33

hard copy

paper, microfiche

34

original media

should be controlled thru a software librarian

35

inventory scans of installed software

should be conducted to identify unauthorized installations or license violations

36

IDS

maybe deployed out of band - will not affect processes or cause latency, but attacks will likely reach their intended target

37

IPS

in-line, cause some latency and slow down processes, but affected attacks will not likely reach their intended target

38

signature or pattern matching systems

matches known attacks

39

protocol anomaly based systems

network traffic confirms to the defined standard for that protocol

40

statistical anomaly based system

establish baseline, detect deviations

41

Security Event Information Management (SEIM)

provides common platform for log collection, collation, and analysis in real-time to allow for more effective and efficient response

42

containment strategy

need to preserve forensic evidence, availability of services, damage leaving affected component in place, time required for containment strategy to be efective, resources needed to contain

43

forensic evidence

obtain image of ram and hard drive, then determine how to mitigate

44

US COmputer Emergency Readiness Team (US-CERT)

Government agaencies must report breach of PII within an hour of discovery

45

configuration management

process of identifying and dcoumenting hardware components, software, and the associated settings

46

Fail-safe

focus on failing with a minimum of harm to personnel or systems

47

Fail-secure

focus on failing in a controlled manner to block access while the system is in an inconsistent state

48

NAS

simply store and serve files

49

SAN

block level storage

50

RAID 0

stripes across multiple disks without parity, fast reading, no redundancy

51

RAID 1

Creates two indentical drives - data mirroring

52

RAID 2

not used in practice - data spread across at bit level

53

RAID 3/4

Strioing and redundancy in form of parity drive - RAID 3 - byte level - more efficient, RAID 4 - block level - faster

54

RAID 5

Like RAID4 but parity is striped

55

RAID 6

2 sets of parity, allows for failure of 2 drives, less performance, not frequently used

56

Electronic vaulting

backing up system over network - separate location (vault site), sent in real time when implemented as a mirror

57

Journaling

provides redundancy for transactions