CISSP Domain 7

Question 1

Security Operations

Answer 1

Operations department responsibility
Administrative management responsibilities
Assurance levels
Configuration management
Physical security
Secure resource provisioning
Network and resource provisioning
Preventive measures
Patch management
Incident management
Recovery strategies
Disaster recovery
Business continuity planning and exercises
Liability
Investigations
Personal safety concerns

Question 2

Security Operations pertains to

Answer 2

everything that takes place to keep networks, computer systems, applications, and environments up and running in a secure and protected manner

Question 3

Security Operations also involves

Answer 3

detection, containment, eradication, and recovery required to ensure continuity of business operations

Question 4

Role of Operations Department

Answer 4

Continual effort to make sure the correct policies, procedures, standards, and guidelines are in place

Question 5

Separation of duties

Answer 5

helps prevent mistakes and minimize conflicts of interests.

Question 6

Job rotation

Answer 6

over time, more than one person fulfills the task of one position.

Question 7

Mandatory Vacations

Answer 7

an Administrative control

detect fraud

Question 8

Initial Program Load

Answer 8

Mainframe term for loading an OS kernel

Question 9

Configuration Management

Answer 9

process of establishing and maintaining effective system controls

Question 10

Input and Output controls

Answer 10

Data entered should be the correct format
Transactions should be atomic
Must be timestamped and logged

Question 11

Bastion Hosts

Answer 11

Locked down at entry of network

Question 12

2 main types of mechanical locks

Answer 12

Warded is basic padlock. Spring loaded bolt with a notch cut in it. Key fits the notch and slides the bolt from locked to unlocked position These are the cheapest

Tumbler has more pieces and parts than a ward lock. Key fits a cylinder pins are raised

Question 13

3 types of tumbler locks

Answer 13

pin tumbler most common tumbler lock. key has just the right grooves to put all spring loaded pins in the right position

wafer tumbler also called disk tumbler are small, round locks as on file cabinets Uses wafers, or flat disks instead of pins
lever tumbler

Question 14

Cipher locks

Answer 14

programmable locks are keyless and use keypads

Question 15

Fences

Answer 15

3 to 4 feet only deter casual trespassers
6 to 7 feet are too high to climb easily
8 foot deter more determined criminal

Question 16

PIDAS fencing

Answer 16

Perimeter Intrusion Detection and Assessment System

Type of fencing with sensors on the wire mesh of the fence.

Question 17

Gate classifications

Answer 17

Class 1 Residential
Class 2 Commercial
Class 3 Industrial
Class 4 Restricted access

Question 18

Bollards

Answer 18

Concrete pillars outside a building

Question 19

Mean Time Between Failures

Answer 19

How long is a piece of equipment expected to last.

Calculated by average time between failures.

Question 20

Mean Time to Fail MTTF

Answer 20

Life expectancy of a product

Question 21

Mean Time To Repair MTTR

Answer 21

amount of time to fix a failure and return to production

Question 22

Single Points of Failure

Answer 22

Firewalls, routers, network servers T1 lines, Hubs, switches, authentication servers

Question 23

RAID

Answer 23

Redundant array of Independent Disks

Redundancy and Speed

Question 24

Direct Access Storage Device

Answer 24

General Term for magnetic disk storage devices

Question 25

Massive Array of Inactive Disks

Answer 25

Carries out mostly write operations

Question 26

Redundant Array of Independent Tapes

Answer 26

Striped over multiple tape drives

Question 27

Rainbow Tables

Answer 27

All possible passwords in hashed formats

Question 28

Hierarchical Storage Management

Answer 28

Continuous backup functionality Dynamically manages storage and backup of files Faster media holds files used more often. Seldom used files are stored on slower devices

Question 29

Trivial File Transfer Protocol

Answer 29

Used to save configuration of network devices. | Is insecure

Question 30

Preventive Measures

Answer 30

``` Understand the Risk Use the right controls Use controls correctly Manage your configuration Assess your operation ```

Question 31

IPS IDS False Positive

Answer 31

detecting intrusions that are not intrusions

Question 32

IPS IDS False negatives

Answer 32

system incorrectly classifies as being Benign

Question 33

Baselining

Answer 33

Process of establishing normal patterns of behavior

Question 34

Patches are

Answer 34

software updates intended to remove a vulnerability or defect in software or provide new features or functionality.

Question 35

Sandboxing

Answer 35

isolates executing code from the operating systems

Question 36

Honeypots

Answer 36

device developed in order to deceive attackers into believing it is a real production system

Question 37

Honeynet

Answer 37

An entire network that is meant to be compromised

Question 38

7 phases of Incident Management

Answer 38

``` Detect Respond mitigate Report Recover Remediate Learn ```

Question 39

Event is

Answer 39

any occurrence that can be observed, verified, and documented

Question 40

Incident is

Answer 40

one or more related events that negatively affect the company and/or impact its security posture

Question 41

Cyber Kill Chain

Answer 41

1. Reconnaissance 2. Weaponization 3. Delivery 4. Exploitation 5. Installation 6 Command and control 7 Actions on the Objective

Question 42

Detection

Answer 42

Realize you have a problem

Question 43

Response

Answer 43

Determine appropriate action after detection

Question 44

Mitigation

Answer 44

after Detection and Response What happened and what will happen next Prevent or reduce further damage

Question 45

Reporting

Answer 45

After Detection, Response, and Mitigation ``` Summary Indicators Related Incidents Action Taken Chain of Custody Impact Assessment Identity and comments of incident handlers Next steps to be taken ```

Question 46

Recovery

Answer 46

After Detection, Response, Mitigation, and Reporting Return all systems to a known good state Gather evidence before recovery

Question 47

Remediation

Answer 47

After Detection, Response, Mitigation, Reporting and Recovery Ensure the attack is never successful again

Question 48

Learning

Answer 48

What happened What dd we learn How can we do it better next time Postmortem Analysis

Question 49

Recovery Time Objective

Answer 49

maximum time period within which a business process must be restored to a designated service level after a disaster Should be smaller than the MTD value

Question 50

Work Recovery Time WRT

Answer 50

remainder of MTD value after the RTO has passed

Question 51

Recovery Point Objective

Answer 51

is the acceptable a Amount of data loss measured in time

Question 52

Hot site

Answer 52

facility that is leased or rented and is fully configured to operate withing a few hours Equipment and software must be completely compatible Must not cause any negative interoperability issues. Most expensive of the three types of offsite facilities

Question 53

Warm Site

Answer 53

Leased or rented facility that is usually partially configured with some equipment, such as HVAC, and foundational infrastructure components, but not he actual computers Equipment may need to be procured, delivered, and configured.

Question 54

Cold Site

Answer 54

Leased or rented facility that supplies basic environment, electrical, wiring, air conditioning, plumbing and flooring Is an empty data center.

Question 55

Service Bureau

Answer 55

a company that has additional space and capacity to provide applications and services such as a call center.

Question 56

Tertiary Site

Answer 56

a secondary backup site

Question 57

Reciprocal agreement

Answer 57

with another company to host infrastructure

Question 58

Redundant sites

Answer 58

mirrored sites two sites completely synchronized ICS2 differentiates between a hot leased site and a redundant company owned site

Question 59

Rolling Hot Site

Answer 59

Large truck is turned into a data processing or work area

Question 60

Backups can be

Answer 60

Full, differential, incremental, or a combo

Question 61

Archive bit

Answer 61

file systems keep track of what files have been modified by setting an archive bit. If a file is modified or created, the file system sets the archive bit to 1

Question 62

Full backup

Answer 62

During a full backup the archive bit is cleared Most companies do a full backup with a differential or incremental backup

Question 63

Differential backup

Answer 63

backs up files that have been modified since the last full backup When restored, the full backup is done first, then differential is put on top of it. Differential does not change the archive bit

Question 64

Incremental backup

Answer 64

all files modified since last full or incremental backup. Archive bit is cleared. To restore and incremental backup, restore the full then every incremental backup

Question 65

Disk shadowing

Answer 65

similar to disk mirroring Fault tolerant solution by duplicating hardware and maintaining more than one copy of information

Question 66

Disk duplexing

Answer 66

more than one disk controller If on disk controller fails, the other is ready and available

Question 67

Electronic vaulting

Answer 67

makes copies of files as they are modified and periodically transmits them to an offsite backup site Carried out in batches rather than real time Method of transferring bulk information to offsite facilities

Question 68

Remote Journaling

Answer 68

method of transmitting data offsite but only includes moving journal or transaction logs to the offsite facility Actual files are not moved Remote is real time Remote vaulting is in batches

Question 69

High Availability

Answer 69

combination of technologies and processes that work together to ensure some specific thing is always up and running