Security Operations Flashcards Preview

CISSP > Security Operations > Flashcards

Flashcards in Security Operations Deck (88)
Loading flashcards...
1

The concept that no single individual has complete authority or control of a critical system is known by which term?

Separation of duties

2

What 3 advantages does separation of duties provide?

- Reduces opportunities for fraud or abuse
- Reduces mistakes
- Reduces dependence on individuals

3

The concept involving regularly transferring key personnel into different positions or departments within an organisation is otherwise known as what?

Job rotation

4

What are 3 advantages of job rotation?

- Reduces opportunities for fraud or abuse
- Eliminate single points of failure
- Promote professional growth

5

What are 4 advantages of mandatory vacations?

- provides opportunity to uncover fraud or abuse
- Reduce individual stress, thus reducing the potential for mistakes or coercion by others
- Discover inefficient process with another individual performs role in their absence.
- Reveal single points of failure and opportunities for job rotation and separation of duties/responsibilities

6

What is the concept of "Need-to-know"?

- states that only people with a valid to need to know certain information in order to perform their job functions, should have access to that information.
- user must have relevant security clearance

7

What is the principle of "Least Privilege"?

persons should have the capability to perform only the tasks that are required to perform their primary jobs and nothing more.

8

What is the difference between the concepts of "Need-to-know" and "Least Privilege"?

"Need to know" is concerned with access control whereas "Least privilege" is concerned with functionality.

9

How can the "accumulation or privileges" occur?

When an employee moves to another role within the same organisation, but previous access rights are not revoked.

10

What is the main benefit of server virtualisation?

Reduces single point of failure as a virtual server can be replicated or moved from one physical server to another.

11

What things should be considered for systems regarding single points of failure?

- Redundant Power Supplies
- Multiple Power Supplies
- Cooling Fans
- RAID (Hot swappable)
- Can the system be clustered or virtualised?
- Can data be replicated to another system in real time?

12

What things should be considered for networks regarding single points of failure?

- Do routers/ firewalls failover automatically and do they fail-back?
- Do routers have multiple paths available to network destinations?
- Do you have multiple service providers and do they share the same point of presence (POP)?
- What happens if the connection to your telecommunications provider's central office is cut?
- Do your multiple telecoms providers networks go through the same telecoms hotel?

13

What is a telecoms hotel?

The facility that houses equipment belonging to many different telecoms providers

14

What things should be considered for processes regarding single points of failure?

- Do your personnel security policies and practices create single points of failure? ie you might have separation of duties, but not rotation of duties.
- Do you have contingency processes in place in case a primary system, process or person is unavailable?

15

4 key elements of handling sensitive information:

- Marking
- Handling
- Storage and Backup
- Destruction

16

When a system failure occurs, in which type of environment may access be lost?

Fail-soft or fail-closed

17

When a system failure occurs, in which type of environment will access be open to all?

Fail-open

18

When a system crash occurs, what term is used to describe the system when access has been restored?

Fail-back

19

What term is used to describe strategic and tactical errors that an organisation can face whether by performing an action or failure to perform an action?

Errors & Omissions (E&O)

20

What is Errors & Omissions liability otherwise known as in legal terms?

Professional Liability

21

What term is used to describe software that typically damages or disables, takes control of, or steals information from a computer system?

Malware

22

Name 9 common types of malware:

- Adware
- Backdoors
- Bootkits
- Logic Bombs
- Rootkits
- Spyware
- Trojan Horses
- Viruses
- Worms

23

Which type of malware uses pop-up advertising programs?

Adware

24

Which type of malware uses malicious code that allows an attacker to bypass normal authentication to allow an attacker to gain access to a compromised system?

Backdoor

25

Which type of malware is a kernel mode variant of a rootkit, commonly used to attack computers that are attacked by full disk encryption?

Bootkits

26

Which type of malware used malicious code that is activated when a specific condition is met, such as a particular date or event?

Logic Bomb

27

Which type of malware used malicious code to provide privileged (root level) access to a machine?

Root-kit

28

Which type of malware uses malicious software that collects information without a users knowledge and/or interferes with the operation of a computer by redirecting them to a web browser or installing additional malware?

Spy-ware

29

Which type of malware uses malicious software that masquerades as a legitimate program?

Trojan Horse

30

Which type of malware uses malicious code that requires a user to perform a specific action to become active such as clicking an executable, attachment or link to become active?

Virus