General Security Concepts

Question 1

Name four control categories

Answer 1

1. Technical controls
2. Managerial controls
3. Operational controls
4. Physical controls

Question 2

Which control type is a relatively weak one and why?

Answer 2

• Directive control types
• It’s relatively weak because you basically just ask someone to follow the rules or to do or not do something

Question 3

Name 6 control types

Answer 3

1. Preventive controls (förebyggande)
2. Deterrent controls (avskräckande)
3. Detective controls (varning)
4. Corrective controls (Korrigerande)
5. Compensating controls (kompenserande)
6. Directive controls (direktiv)

Question 4

Explain operational controls

Answer 4

Operational controls is a control category and are controls implemented by people instead of systems, for example: awareness programs

Question 5

Explain managerial controls

Answer 5

Managerial controls is a control category and are administrative controls like security policies. Also known as Governance in the term GRC

Question 6

Explain technical controls

Answer 6

Technical crontrols is a control category and are controls implemented using systems, for example firewalls or anti-virus

Question 7

What are preventive control types?

Answer 7

Preventive control types prevents something bad happening before it happens

Question 8

What are detective control types?

Answer 8

Detective control types identifies/detect if something bad happens but does not necessarily prevent it

Question 9

What are deterrent control types?

Answer 9

Deterrent control types “scares” someone to not do bad things due to the consequences

Question 10

What are corrective control types?

Answer 10

Corrective control types corrects the problem and is applied after something bad has happened

Question 11

What are compensating control types?

Answer 11

Compensating control types are used when existing controls aren’t enough

Question 12

What are directive control types?

Answer 12

When you direct a subject towards security compliance, basically when you ask someone to do or not do something

Question 13

When you collect and review a system log, what category and type of control is that?

Answer 13

Category: Technical
Type: Detective

Question 14

When you restore a system with backup after an ransomware attack, what category and type of control is that?

Answer 14

Category: Technical
Type: Corrective

Question 15

If you put up warning signs with consequences if you enter a specific room without permission, what category and type of control is that?

Answer 15

Category: Physical
Type: Deterrent

Question 16

What is the CIA Triad and what do the letters stand for?

Answer 16

• The CIA Triad is the fundamentals of security
• C = Confidentiality
• I = Integrity
• A = Availability

Question 17

Name 3 technical controls that you can apply to ensure the information is confidential

Answer 17

1. Encryption
2. Access controls
3. Two-factor authentication

Question 18

Name 3 technical controls that you can apply to ensure that the information has not been compromised (integrity)

Answer 18

1. Hashing
2. Digital signatures
3. Certificates

Question 19

Name 3 technical controls that you can apply to ensure that the information is available when needed

Answer 19

1. Redundancy
2. Fault tolerance
3. Patching

Question 20

What is Non-repudiation?

Answer 20

Non-repudiation is the assurance that someone cannot deny the validity of something - it provides proof of the origin and integrity of data (confirmes who sent it and that it has not been modified on the way)

Question 21

What is a hash?

Answer 21

Hashing is the process of transforming any given key or string of characters into another value, usually represented by a shorter, fixed-length value or key.

A hash function generates new values accordning to a mathematical hashing algorithm. To prevent the conversion of a hash back into the original key or string, a good hash always uses a one-way hashing algorithm.

Question 22

Which key do you encrypt with?

Answer 22

The private key

Question 23

Which key do you decrypt with?

Answer 23

The public key

Question 24

What is proof of integrity and proof of origin?

Answer 24

• Proof of integrity proves that data has not been modified
• Proof of origin proves the source of the data

Question 25

What do the different A:s in AAA framework stand for and what do the different A:s mean?

Answer 25

1. Authentication - Proves that you are who you say you are, using a password for example 2. Authorization - What accesses you have based on your identification and authentication 3. Accounting - What recources are beeing used (login time, data sent and received, logout time - for example)

Question 26

How can you authenticate a device?

Answer 26

You use a digitally signed certificate on the device

Question 27

What is Certificate Authority (CA)?

Answer 27

A device or software that is responsable for managing all the certificates in the environment

Question 28

What is used to validate the certificate on a device?

Answer 28

The CA's (Certificate Authoriy's) digital signature

Question 29

Why is it important to use an authorization model?

Answer 29

If you don't use an authorization model it's hard to keep control (why does a specific authorization exist?) and it does not scale well if there are a large number of users. By creating groups the authorizations are esier to understand and control and it supports any number of users or resources

Question 30

What is a Gap analysis?

Answer 30

An analysis that defines the gap between where you are and where you want to be

Question 31

Name two frameworks that can be used to set a security baseline

Answer 31

1. NIST Special Publication 800-171 Revision 2 2. ISO/IEC 27001

Question 32

What is Zero trust, easily explained?

Answer 32

Zero trust is a holistic approach to network security where everything must be verified - nothing is inherently trusted.

Question 33

Name 7 different physical security controls

Answer 33

1. Barricades 2. Access control vestibules 3. Fencing 4. Video surveillance 5. Guards and access badges 6. Lighting 7. Sensors

Question 34

Why does more light mean better physical security?

Answer 34

- Attackers avoid the light - Easier to see what is happening when lit - Non infrared cameras can see better

Question 35

What is a honeypot?

Answer 35

A honeypot is a network-attached, controlled and safe environment, set up as a decoy to lure cyber attackers into the trap

Question 36

What is a honeynet?

Answer 36

A honeynet is a bigger network of more than one honeypot that looks more like real infrastructure to the attacker

Question 37

What is a honeyfile?

Answer 37

Honeyfiles are baits inside of a honeynet, for example a file named "passwords.txt"

Question 38

Why is it important to have a change approval process?

Answer 38

To avoid downtime, confusion and misstakes

Question 39

Why should you have a test environment where you can test changes before making any changes in the production environment?

Answer 39

To be able to test and confirm that the change goes well and also to be able to test the backout plan/rollback

Question 40

Name 3 things to consider when choosing a maintenace window for applying a change

Answer 40

1. Not doing it during the workday - if possible 2. Overnight is often a better choice 3. Also consider the time of year

Question 41

Describe a good change approval process (8 steps)

Answer 41

1. Use request forms 2. Detemine the purpose of the change 3. Identify the scope of the change 4. Choose a date and time for the change 5. Determine affected systems and the impact 6. Analyze the risks 7. Get approval for the change 8. Get end-users acceptance after the change is complete