Domaine 4 : Opérations de sécurité

Question 1

What is the Principle of Least Privilege?

Answer 1

Users are granted only the permissions necessary to perform their job functions

This principle minimizes potential damage from malicious activities or accidental misuse.

Question 2

What does Discretionary Access Control (DAC) entail?

Answer 2

Resource owners determine access permissions.

DAC is common in standard operating systems.

Question 3

What is Mandatory Access Control (MAC)?

Answer 3

Access decisions are based on fixed policies and classifications.

MAC is often used in environments requiring high security.

Question 4

Define Role-Based Access Control (RBAC).

Answer 4

Permissions are assigned based on user roles within an organization.

RBAC simplifies management by grouping users with similar access needs.

Question 5

What is Rule-Based Access Control?

Answer 5

Access is determined by system-enforced rules set by administrators.

Examples include time-based restrictions or specific browser requirements.

Question 6

Describe Attribute-Based Access Control (ABAC).

Answer 6

Access decisions are based on attributes (e.g., user, resource, environment).

ABAC allows for more granular and context-aware access control.

Question 7

What are Time-of-Day Restrictions?

Answer 7

Access can be limited to specific times or days.

This enhances security by restricting access during non-business hours.

Question 8

Why is continuous monitoring important in security?

Answer 8

It is vital for detecting unauthorized activities and potential threats.

Continuous monitoring helps in maintaining the integrity and security of systems and data.

Question 9

What types of sources should logs be collected from?

Answer 9

Logs should be collected from:
* Firewalls
* Servers
* Applications

Collecting logs from various sources allows for comprehensive analysis.

Question 10

What is the purpose of analyzing logs in security monitoring?

Answer 10

To identify anomalies or suspicious activities.

Analyzing logs is crucial for proactive threat detection.

Question 11

What does SIEM stand for?

Answer 11

Security Information and Event Management.

SIEM systems play a key role in security monitoring.

Question 12

What is the function of a SIEM system?

Answer 12

It aggregates and correlates data from multiple sources and provides real-time analysis and alerts for security incidents.

SIEM systems are essential for effective security incident management.

Question 13

What are baselines used for in security monitoring?

Answer 13

To define normal behavior patterns for systems and networks.

Baselines help in detecting deviations that may indicate security issues.

Question 14

What is the purpose of alerting mechanisms in security monitoring?

Answer 14

To notify administrators of potential threats and ensure alerts are actionable while reducing false positives.

Effective alerting mechanisms are crucial for timely incident response.

Question 15

What should regular auditing and review processes assess?

Answer 15

The effectiveness of security controls.

Periodic audits help in identifying areas for improvement in security monitoring strategies.

Question 16

Fill in the blank: SIEM systems provide ________ analysis and alerts for security incidents.

Answer 16

real-time

Question 17

Why are logs important in system monitoring?

Answer 17

Logs are essential for monitoring system activities, detecting anomalies, and supporting forensic investigations

Logs provide a chronological record of events, aiding in identifying security incidents.

Question 18

What do system logs record?

Answer 18

Operating system events, such as startups, shutdowns, and errors

System logs provide insights into the overall health and status of the operating system.

Question 19

What do application logs capture?

Answer 19

Events specific to applications, including user activities and errors

Application logs are crucial for troubleshooting application-specific issues.

Question 20

What types of events do security logs track?

Answer 20

Security-related events like login attempts and access control changes

Security logs are vital for identifying potential security breaches.

Question 21

What is the purpose of audit logs?

Answer 21

Provide a trail of user activities for compliance and auditing purposes

Audit logs help organizations maintain accountability and meet regulatory requirements.

Question 22

What is centralized logging?

Answer 22

Aggregate logs from various sources into a centralized system for easier analysis

Centralized logging facilitates a unified view of log data across different systems.

Question 23

What is the importance of regular monitoring of logs?

Answer 23

Continuously monitor logs to detect unusual activities promptly

Regular monitoring helps in early detection of potential security threats.

Question 24

What should retention policies for logs establish?

Answer 24

How long logs should be retained based on regulatory requirements

Retention policies ensure compliance with legal and organizational standards.

Question 25

Why is secure storage of logs crucial?

Answer 25

To prevent unauthorized access or tampering ## Footnote Secure storage protects the integrity and confidentiality of log data.

Question 26

What tools can be used for analyzing log data?

Answer 26

Automated tools and Security Information and Event Management (SIEM) systems ## Footnote SIEM systems help in correlating events and identifying security threats efficiently.

Question 27

What can be identified through analyzing log data?

Answer 27

Patterns and correlations that may indicate security threats ## Footnote Analyzing log data is essential for proactive security measures.