Security Operations

Question 1

Data Security

Answer 1

set of practices aimed at protecting information important to the organization

Question 2

Data Lifecycle

Answer 2

refers to the series of changes data goes through in an organization and how the organization handles the data during each phase of its life.

Question 3

Create

Answer 3

when the data comes to exist within the organization.

Question 4

Store, Use, and Share

Answer 4

Data that is created and classified is placed into production, where it is
stored, used, and shared based on the organization’s security policies and
procedures and the appropriate security controls.

Question 5

Archive

Answer 5

When data is no longer needed in the production environment but needs to
be kept for future use (or due to legal requirements), it may need to be
archived.

Question 6

Destroy

Answer 6

data is no longer needed, the primary requirement is ensuring that
sensitive data cannot be recovered from the media it was stored on.

Question 7

Password Salting

Answer 7

passwords are often hashed when they are stored so that if a hacker were able to breach the system and access the password database, they only have access to the hashed password value (versus the plaintext password).

Question 8

Symmetric encryption

Answer 8

uses the same key for encryption and decryption. The sender and receiver of a message need to both have a copy of the same key in order to encrypt/decrypt the message.

Question 9

Asymmetric Encryption

Answer 9

uses two keys that are mathematically related: a public key and a private key

Question 10

Logging and Monitoring

Answer 10

Logging is the capturing and storing of events that occur for later analysis.

Monitoring is the examination of events and other activities.

Question 11

Logs

Answer 11

files that store information about various events that occur on a system

Question 12

System Hardening

Answer 12

practice of making these devices harder to attack by reducing the entry points an attacker can potentially use to compromise a system

Question 13

Change Management Policy

Answer 13

ensures IT resources are inventoried, configured, and documented in a consistent and repeatable manner. policy defines the requirements necessary to ensure that device configurations and documentation are maintained and modified using a consistent repeatable process.

Question 14

Data Handling Policy

Answer 14

set of rules for employees to follow when working with data.
classification and labels…sometimes called a data protection policy or
data classification and handling policy. It tends to be a broad policy that defines the requirements for how the organization manages and protects data throughout the data lifecycle from inception to destruction

Question 15

Password Policy

Answer 15

defines the requirements for password size and format, usage, and protection. The policy usually covers requirements for password
creation, changes to passwords, practices for protecting passwords such as secure storage and transmission, and use of passwords in applications.

Question 16

Acceptable Use Policy (AUP)

Answer 16

define how IT resources can and should be used by any and all types of users. The policy defines both acceptable and unacceptable
usage of IT resources. Typically, the AUP requires that IT resources are only used for official business purposes and not for personal use or for purposes not directly related to the official business of the organization.

Question 17

Bring Your Own Device (BYOD) Policy

Answer 17

policy is used by organizations that want to allow their employees to use their personally owned devices such as laptops or smartphones for official business purposes.

Question 18

Privacy Policy

Answer 18

It addresses the organization’s requirements for protecting privacy and privacy data. However, another kind of privacy policy is one that organizations publish on their website that tells visitors how the organization protects their privacy