GCGA Ch. 1 Mastering Security Basics

Question 1

Security Control Categories

Answer 1

Technical, Managerial, Operational, Physical

Question 2

Security Control Types

Answer 2

Preventive, Deterrent, Detective, Corrective, Compensating, Directive

Question 3

Access Controls

Answer 3

Controlling who accesses data is how you ensure confidentiality (C) in the CIA triad. Identification, authentication, and authorization are the 3 core identity and access management activities that help ensure only authorized personnel can access data.

Question 4

Confidentiality

Answer 4

Keeping data secret from all but those authorized to access it. This is accomplished by encryption, identification, authentication, and authorization.

Question 5

Managerial Controls

Answer 5

Primarily administrative in function. They are typically documented in an organization’s security policy and focus on managing risk.

Question 6

Operational Controls

Answer 6

Help ensure that the day-to-day operations of an organization comply with the security policy. People implement them.

Question 7

Physical Controls

Answer 7

Impact the physical world, such as locks on doors, fences, security guards, and other objects that you can physically touch.

Question 8

Preventive Controls

Answer 8

Attempt to prevent an incident from occurring

Question 9

Detective Controls

Answer 9

Attempt to detect incidents after they have occurred

Question 10

Corrective Controls

Answer 10

Attempt to restore normal operations after an incident occurs

Question 11

Deterrent Controls

Answer 11

Attempt to discourage individuals from causing an incident

Question 12

Compensating Controls

Answer 12

Alternative controls used when a primary control is not feasible

Question 13

Directive Controls

Answer 13

Provide instruction to individuals on how they should handle security- related situations that arise

Question 14

Encryption

Answer 14

Scrambling data to make it unreadable to unauthorized personnel

Question 15

Examples of technical controls

Answer 15

Encryption, antivirus software, Intrusion Detection Systems (IDSs), Intrusion Prevention Systems (IPSs), firewalls, least privilege principle

Question 16

Examples of managerial controls

Answer 16

Risk assessments, vulnerability assessments

Question 17

Examples of operational controls

Answer 17

Awareness and training, configuration management, media protection

Question 18

Examples of physical controls

Answer 18

Barricades, bollards, access control vestibules, lighting, signs, fences, sensors

Question 19

Examples of preventive controls

Answer 19

Hardening (defense-in-depth, layered security, disabling unnecessary ports & services), training (vs social engineers), security guards, account disablement process (ensures employee account is disabled after employee leaves org), IPS

Question 20

Examples of detective controls

Answer 20

Log monitoring, SIEM, IDS, security audit (ex. account audit to make sure personnel/technical

Question 21

Examples of corrective controls

Answer 21

Backups and system recovery, incident handling processes

Question 22

Examples of deterrent controls

Answer 22

Warning signs, login banners

Question 23

Examples of compensating controls

Answer 23

Time-based one-time password (temporarily, instead of a smart card)

Question 24

Examples of directive controls

Answer 24

Policies, standards, procedures, and guidelines, change management

Question 25

Least privilege principle

Answer 25

specifies that individuals or processes are granted only the privileges they need to perform their assigned tasks or functions, but no more. Privileges are a combination of rights and permissions

Question 26

Confidentiality

Answer 26

ensures that data is only viewable by authorized users. Encryption is the best choice to provide confidentiality. Access controls also protect the confidentiality of data.

Question 27

Integrity

Answer 27

provides assurances that data has not been modified, tampered with, or corrupted through unauthorized or unintended changes. Data can be a message, a file, or data within a database. Hashing is a common method of ensuring integrity.

Question 28

Availability

Answer 28

ensures that data and services are available when needed. A common goal is to remove single points of failure. Fault tolerance methods and redundancies are commonly added to support high availability.

Question 29

Scale up vs scale out

Answer 29

Systems scale up by adding additional hardware resources such as memory, processing power, bandwidth capability, and/or drive space. Systems scale out by adding additional nodes or servers. They can scale down or scale in by removing these resources.

Question 30

Scalability

Answer 30

the ability of a system to handle increased workload either by scaling up or by scaling out. This is done manually by administrators.

Question 31

Elasticity

Answer 31

the ability of a system to handle the increased workload by dynamically adding or removing resources as the need arises. Cloud resources typically have elasticity capabilities allowing them to adapt to this increased and decreased demand automatically.

Question 32

Resiliency methods

Answer 32

help systems heal themselves or recover from faults with minimal downtime.

Question 33

Balancing resource availability with security constraints

Answer 33

Organizations balance resource availability with security constraints. Security professionals may want to apply security controls everywhere without considering the cost. However, executives have a responsibility to minimize costs without sacrificing security.

Question 34

Risk

Answer 34

the possibility of a threat exploiting a vulnerability and resulting in a loss.

Question 35

Threat

Answer 35

any circumstance or event that has the potential to compromise confidentiality, integrity, or availability.

Question 36

Vulnerability

Answer 36

a weakness. It can be a weakness in the hardware, software, configuration, or users operating the system.

Question 37

Risk mitigation

Answer 37

reduces risk by reducing the chances that a threat will exploit a vulnerability or reduce the risk’s impact. Security controls reduce risks. For example, antivirus software is a security control that reduces the risk of virus infection. One of the core jobs of security professionals is selecting an effective set of security controls to manage different types of risk.

Question 38

Four security control categories

Answer 38

managerial, operational, technical, and physical.

Question 39

Managerial controls

Answer 39

primarily administrative and include items such as risk and vulnerability assessments.

Question 40

Operational controls

Answer 40

focused on the day-to-day operations of an organization. They help ensure an organization is complying with its overall security plan. Some examples include security awareness and training, configuration management, and change management.

Question 41

Technical controls

Answer 41

use technology to reduce vulnerabilities. Encryption, antivirus software, IDSs, firewalls, and the principle of least privilege are technical controls.

Question 42

Physical controls

Answer 42

any controls that you can physically touch. Some examples are bollards and other barricades, access control vestibules (sometimes called mantraps), lighting, fences, and signs.

Question 43

Six control types

Answer 43

preventive, deterrent, detective, corrective, compensating, and directive.

Question 44

Preventive controls

Answer 44

attempt to prevent security incidents. Examples include system hardening, user training, guards, change management, and account disablement processes.

Question 45

Detective controls

Answer 45

attempt to detect when a vulnerability has been exploited. Examples include log monitoring, security information and event management (SIEM) systems, trend analysis, video surveillance systems, and motion detection systems.

Question 46

Deterrent controls

Answer 46

attempt to prevent incidents by discouraging threats. Examples include locks and guards. Note that these can also be described as preventive controls. The primary difference is that they try to discourage people from trying to exploit a weakness.

Question 47

Corrective controls

Answer 47

attempt to reverse the impact of an incident or problem after it has occurred. Examples include backups, system recovery plans, and incident handling processes.

Question 48

Compensating controls

Answer 48

alternative controls used when it isn’t feasible or possible to use the primary control. Directive controls provide instruction to individuals on how they should handle security-related situations that arise.

Question 49

Windows logs

Answer 49

Windows includes several logs that you can view with the Windows Event Viewer. The Security log functions as a security log, an audit log, and an access log. Windows records events related to the operating system in the System log. Some applications record events in the Application log.

Question 50

Linux logs

Answer 50

Linux systems store log information in text files contained in the /var/log directory. The /var/log/syslog and/or /var/log/messages files contain general system messages. The /var/log/secure file records authentication and authorization events.

Question 51

Network logs

Answer 51

important sources of information about network activity. Common sources of network logs include firewalls, intrusion detection systems (IDS), intrusion prevention systems (IPS), and packet captures.

Question 52

OS Log Files

Answer 52

Many applications store log records in operating system log files, while others maintain their own logs. Web servers commonly store records of every request that they receive and process.

Question 53

Metadata

Answer 53

Some applications track and store metadata about the data that they process. Common examples of metadata include email headers and image metadata.

Question 54

SIEM

Answer 54

Security information and event management (SIEM) systems provide a centralized solution for collecting, analyzing, and managing data from multiple sources.

Question 55

Syslog protocol

Answer 55

specifies a log entry format and the details on how to transport log entries. You can deploy a centralized syslog server to collect syslog entries from a variety of devices in the network.