lecture 3b

Question 1

What are the two broad areas into which cybersecurity incidents can be classified?

Answer 1

Weak account types and poor access control

Question 2

What should be required on all user accounts to prevent weak account types?

Answer 2

Strong authentication

Question 3

What should be routinely reviewed for security to prevent cybersecurity incidents?

Answer 3

User accounts

Question 4

Which types of accounts should be prohibited to avoid cybersecurity incidents?

Answer 4

Shared account Generic account Guest account

Question 5

What is access control?

Answer 5

Granting or denying approval to use specific resources

Question 6

What does physical access control consist of?

Answer 6

Fencing hardware door locks and mantraps

Question 7

What does technical access control consist of?

Answer 7

Technology restrictions that limit computer users from accessing data

Question 8

What is identification in access control concepts?

Answer 8

The process of recognising and distinguishing the user from any other user

Question 9

What is authentication?

Answer 9

Checking the credentials of a user

Question 10

What is authorization?

Answer 10

Granting permission to take action

Question 11

What does accounting record in access control?

Answer 11

Who accessed the network what resources they accessed and when they disconnected

Question 12

In access control terminology what is an object?

Answer 12

A specific resource like a file or hardware device

Question 13

In access control terminology what is a subject?

Answer 13

A user or process functioning on behalf of a user

Question 14

What is an operation in access control?

Answer 14

The action taken by the subject over an object like deleting a file

Question 15

What are access control schemes?

Answer 15

Standards that provide a predefined framework for hardware or software developers

Question 16

Name the five major access control schemes.

Answer 16

Discretionary Access Control Mandatory Access Control Role Based Access Control Rule Based Access Control Attribute-Based Access Control

Question 17

What is a key characteristic of Discretionary Access Control (DAC)?

Answer 17

It is the least restrictive scheme where owners have total control over their objects

Question 18

What is a weakness of DAC?

Answer 18

It relies on the end user to set proper security and permissions are inherited by executed programs

Question 19

What is Mandatory Access Control (MAC)?

Answer 19

The most restrictive access control model where users cannot set controls or distribute access

Question 20

What two key elements does MAC use?

Answer 20

Labels and Levels

Question 21

What access control model is called Non-Discretionary Access Control?

Answer 21

Role-Based Access Control (RBAC)

Question 22

How does RBAC assign permissions?

Answer 22

Based on the user’s job function assigned to roles

Question 23

What is Rule-Based Access Control?

Answer 23

Access is dynamically assigned based on rules defined by a custodian

Question 24

What kind of policies does Attribute-Based Access Control (ABAC) use?

Answer 24

Flexible policies combining object subject and environment attributes

Question 25

What is an Access Control List (ACL)?

Answer 25

A set of permissions attached to an object specifying which subjects may access it and operations allowed

Question 26

What is a limitation of ACLs?

Answer 26

Difficult to manage and inefficient in enterprise settings with many users and resources

Question 27

What is an Incident Response Plan (IRP)?

Answer 27

A set of written instructions for reacting to a security incident

Question 28

What are the six action steps in an incident response process?

Answer 28

Preparation Identification Containment Eradication Recovery Lessons learned

Question 29

Name three types of exercises to test an incident response plan.

Answer 29

Tabletop Walkthrough Simulation

Question 30

What are three common attack frameworks?

Answer 30

MITRE ATT&CK The Diamond Model of Intrusion Analysis Cyber Kill Chain

Question 31

What does SOAR stand for?

Answer 31

Security Orchestration Automation and Response

Question 32

What is a playbook in SOAR?

Answer 32

A linear checklist of manual steps needed to respond to incidents

Question 33

What is a runbook in SOAR?

Answer 33

A series of automated conditional steps in incident response

Question 34

What is containment in incident response?

Answer 34

Limiting the spread of the attack

Question 35

What is network segmentation based on?

Answer 35

The principle of zero trust

Question 36

Name some configuration changes to make after an incident.

Answer 36

Firewall rules Content URL filters Digital certificates Data loss prevention Mobile device management

Question 37

Why should cybersecurity incidents be investigated?

Answer 37

To pinpoint how the incident occurred and for regulatory compliance

Question 38

What types of log files are useful in incident investigation?

Answer 38

Security logs Network device logs System logs Application logs

Question 39

Name some log management challenges.

Answer 39

Multiple devices generating logs large volume of data different log formats

Question 40

What is digital forensics?

Answer 40

The application of science to search for computer evidence of cybercrime

Question 41

What are the five basic steps in forensics procedures?

Answer 41

Secure the crime scene Preserve the evidence Establish chain of custody Examine the evidence Enable recovery

Question 42

What does preserving evidence involve?

Answer 42

Ensuring digital evidence is not destroyed using sealed bags and tamper-evident seals

Question 43

What is chain of custody?

Answer 43

Documentation that evidence was maintained under strict control and not tampered with

Question 44

Why is an order of volatility important in examining evidence?

Answer 44

To preserve the most fragile data first

Question 45

What is a mirror image in digital forensics?

Answer 45

A backup copy of the system used for investigation while preserving the original

Question 46

Name two software tools used in digital forensics.

Answer 46

DD utility Memdump WinHex Autopsy

Question 47

What special considerations exist for cloud forensics?

Answer 47

Right-to-audit clauses delays in information from providers and jurisdictional legal issues

Question 48

What is one main function of an access control list?

Answer 48

To specify who can access an object and what operations are allowed

Question 49

What is the importance of a chain of custody?

Answer 49

It ensures evidence integrity and admissibility in court

Question 50

What is strategic intelligence in digital forensics?

Answer 50

Collection and analysis of intelligence for policy changes after an incident