Security+ Test Study (4.5 - 5.6) Flashcards

Question 1

Q

What is URL scanning?

Answer

A

Universal Resource Locator Scanning: Allowing or restricting websites based upon the site’s URL. Usually managed by URL category rather than individual URLs.

Question 2

Q

What is an agent based content filter?

Answer

A

To check if a device is in compliance, a software agent is usually installed onto a device before it is given out. It’s then always on and checking to see if the device is within compliance. Agent devices continuously have to be updated and are usually managed from a single console, but the local agent makes the filtering decisions.

Question 3

Q

What is a proxy content filter?

Answer

A

A user makes a request for a web page, and the request travels through a proxy. The proxy asks the internet for the web page, and the internet gives the web page to the proxy. The proxy then decides whether or not to give the web page to the user based upon the filtering rules set up inside of it.

Question 4

Q

What are block rules?

Answer

A

Rules that allow or deny websites or website categories. You can make your block rules be specific (by URL) or by general category (Educational, Gambling, Government, etc).

Question 5

Q

In terms of web filtering, what is reputation?

Answer

A

Content filters sometimes block or allow URLs based upon the website’s “reputation”, or the perceived risk of what accessing that site would be.

Question 6

Q

What is DNS filtering?

Answer

A

Allowing or blocking websites based upon their IP address.

Question 7

Q

What is active directory?

Answer

A

A database of everything on the network. Computers, user accounts, printers, file shares, etc.

Question 8

Q

What is group policy?

Answer

A

Security policies (what users and computers can and can’t do) set up in Active Directory.

Question 9

Q

What is SELinux?

Answer

A

Security Enhanced Linux. Allows a Linux administrator to assign least privilege to users.

Question 10

Q

In terms of securing protocols, what is protocol selection?

Answer

A

Use secure protocols that utilize encryption if at all possible. Don’t compromise on this.

Question 11

Q

In terms of securing protocols, what is port selection?

Answer

A

Use secure ports for your networking. HTTPS over HTTP, port 443 over port 80, for example.

Question 12

Q

What is transport method?

Answer

A

You may want to encrypt all of your traffic regardless of whether your ports and protocols are encrypting it or not. You can do this by utilizing a VPN concentrator at your endpoint, or using WPA3 on your wireless network.

Question 13

Q

What is DMARC?

Answer

A

Domain-Based Message Authentication Reporting and Conformance. An extension of SPF and DKIM. If a message sent to a third-party using DKIM or SPF does not properly validate, DMARC can give the receiver the option of what to do with these invalidated messages (Accept all, send to spam, or reject mail). Also added to DNS as a TXT record. Can be queried and reports can be made to see what type of messages you’re getting.

Question 14

Q

What is DKIM?

Answer

A

Domain Keys Identified Mail. Allowing your mail server to automatically digitally sign emails going out to a third-party. Validated from a TXT record in your DNS.

Question 15

Q

What is SPF?

Answer

A

Sender Policy Framework. A protocol that defines which email servers are authorized to send mail on the users behalf. Mail domain is added to your DNS as a TXT record.

Question 16

Q

What is a mail gateway?

Answer

A

A device within a screened subnet that blocks emails at the gateway and evaluates the source of inbound email messages. Device can be on-site or cloud based.

Question 17

Q

What is FIM?

Answer

A

File Integrity Monitoring. Some files should never change. FIMs check and make sure the files that shouldn’t be changing aren’t changing. Windows has one built in called SFC (system file checker). Linux has one called Tripwire.

Question 18

Q

What is DLP?

Answer

A

Data Loss Prevention. Looks for and stops running data you don’t want running on your network. If someone sends their social security number over the network, DLP stops it. Also prohibits USB access and blocks sensitive information in inbound and outbound emails, if you set it up that way.

Question 19

Q

What is an endpoint?

Answer

A

The device used by the user.

Question 20

Q

What is the edge?

Answer

A

Where the inside of the network meets the outside (the internet). Where firewalls are usually placed.

Question 21

Q

What is NAC?

Answer

A

Network Access Control. Rules put in place that limit a device’s access to certain types of data, either someone on the outside trying to get in, or someone inside trying to get out. Rules based on user, group, location, application, etc. Think ACLs.

Question 22

Q

What is a posture assessment?

Answer

A

An assessment that’s performed on a user’s own personal device and given a health check to see if it’s clean before connecting it to the network.

Question 23

Q

What is EDR?

Answer

A

Endpoint Detection and Response. A lightweight endpoint agent that’s like an antivirus on steroids. It takes a look at things like behavioral analysis, machine learning, and process monitoring, in addition to bad signatures and analyzes all of these things to see if they’re potential threats. Responses to threats are automated.

Question 24

Q

What is XDR?

Answer

A

Extended Detection and Response. EDR but it’s an Ascended Sayian.

Question 25

Q

What are user behavior analytics?

Answer

A

A large amount of correlated user activity data observed by XDR and used to build a baseline for what “normally” happens on the network, so that outlying activity stands out and can be stopped.

Question 26

Q

What is IAM?

Answer

A

Identity and Access Management. Giving the right permissions to the right people at the right time.

Question 27

Q

What is provisioning and deprovisioning user accounts?

Answer

A

Creating, moving and disabling (or deleting) an account in either AD or some other Access Control software. Usually happens during onboarding and offboarding.

Question 28

Q

What are permission assignment and implications?

Answer

A

Making sure everyone in your organization gets just enough to do their job and nothing more. Everyone is limited in some way.

Question 29

Q

What is identity proofing?

Answer

A

Verifying that a user is who they actually say they are. Putting in a password, answering security questions, etc.

Question 30

Q

What is SSO?

Answer

A

Single sign-on. The process where you login one time to the network and then you have access from that point forward. No need to login again. Windows and ClassLink is this. Once you login you have access to your stuff.

Question 31

Q

What is LDAP?

Answer

A

Lightweight Directory Access Protocol. Protocol used for reading and writing directories over an IP network.

Question 32

Q

What is OAuth?

Answer

A

Open Authorization. Mobile friendly authentication. An authentication framework that determines what resources a user will be able to access once they login (usually with a gmail account or something similar).

Question 33

Q

What is SAML?

Answer

A

Security Assertions Markup Language. The authentication of a user to a third-party database. You don’t keep track of the users logging in, they do. A user attempts to access a resource server, the server sends a SAML request to the authentication server and redirects the user to the authentication server. The user logs in, and the authentication server sends a SAML token to the user, allowing them access to the resource server.

Question 34

Q

What is federation?

Answer

A

Allows network access without using a local authentication database, for example, logging into something using your third-party facebook or twitter account instead of making a completely new account to login with.

Question 35

Q

What is interoperability?

Answer

A

Looking at all of the different login possibilities and deciding which is best and which ones can communicate with your authentication server.

Question 36

Q

What is authorization?

Answer

A

The process of ensuring only authorized rights are exercised for users.

Question 37

Q

What is least privilege?

Answer

A

Setting the rights and permissions of users to the bare minimum of what they can do on a device in your network to prevent possible exploits.

Question 38

Q

What is MAC?

Answer

A

Mandatory Access Control. MAC assigns a label to each resource a user needs access to and the administrator of the MAC gets to decide who gets access to what based on the label.

Question 39

Q

What is DAC?

Answer

A

Discretionary Access Control. The user who creates the data has control over who can access it. Not based upon a label or an administrator assigning rights, it’s up to the creator of the data.

Question 40

Q

What is role-based access control?

Answer

A

Access control based upon the role a user has in an organization. A Manager group has different rights and permissions than a Director group or a Team Lead group.

Question 41

Q

What is rule-based access control?

Answer

A

The System Administrator makes and sets the rules for how each user functions within the organization. Rules are made by the Admin and then assigned to a user or group.

Question 42

Q

What is attribute-based access control?

Answer

A

Complex rule sets that determine whether certain types of data are accessible or not. Takes into account user IP addresses, time of day, desired action, user’s relationship with data, etc. to determine if access will be granted.

Question 43

Q

What are time-of-day restrictions?

Answer

A

Access is restricted based upon time of day…duh.

Question 44

Q

What are biometrics?

Answer

A

Mathematical representation of your fingerprint, voice print, iris scan, etc.

Question 45

Q

What is a hard authentication token?

Answer

A

A random set of numbers generated on a separate device that allows access.

Question 46

Q

What is a soft authentication token?

Answer

A

A random set of numbers generated on the software of the device you’re trying to access.

Question 47

Q

What are security keys?

Answer

A

A USB flash drive that contains login information allowing you access on a device.

Question 48

Q

What are the four multifactor authentication factors?

Answer

A

Something you know
Something you have
Something you are
Somewhere you are

Question 49

Q

What is “Something you know”?

Answer

A

Like a password or a secret phrase, PIN number or pattern. Very common.

Question 50

Q

What is “Something you have”?

Answer

A

Like a smart card, phone, USB security key, or hardware/software token.

Question 51

Q

What is “Something you are”?

Answer

A

Biometrics.

Question 52

Q

What is “Somewhere you are”?

Answer

A

A login allowed or denied based upon where the login took place. Could be based on IP address or GPS location services.

Question 53

Q

What are the password best practices?

Answer

A

Length: The longer your password, the harder it is to brute-force.
Complexity: The more special characters you use, the harder it is to brute-force.
Reuse: Sometimes a password manager will remember that you’ve used a password before, and won’t let you reuse it again until you’ve changed it to something else first.
Expiration: A password has become too old and needs to be recreated into something else.
Age: How long since the password was modified. After it reaches a threshold, it expires, and you have to make a new one.

Question 54

Q

What are password managers?

Answer

A

Software that keeps track of your current passwords, and old passwords. Built into browsers and OSs.

Question 55

Q

What does it mean to be passwordless?

Answer

A

Not using a password to login. Instead, using things like security keys and facial recognition.

Question 56

Q

How do just-in-time permissions work?

Answer

A

Granting admin access for a limited time on a specific set of time sensitive credentials.

Question 57

Q

What is password vaulting?

Answer

A

Primary credentials are stored in a password vault, and the vault controls who gets access to credentials.

Question 58

Q

What are ephemeral credentials?

Answer

A

Temporary credentials that allow admin access for only a limited amount of time.

Question 59

Q

What is scripting?

Answer

A

The automation of functions that would normally have to be performed manually. It’s fast, can do mundane tasks, saves time, and enforces baselines. It can be set up with standard infrastructure configurations that can set up default configurations for routers and switches. Can automatically scale your infrastructure.

Question 60

Q

What are the seven steps to the incident response process?

Answer

A

Preparation
Detection
Analysis
Containment
Eradication
Recovery
Lessons Learned

Question 61

Q

In terms of the incident response process, what is preparation?

Answer

A

Having a list of resources, policies and procedures, communication methods and contact information of people who need to know about the incident. Have a “go bag” that contains hardware and software ready to address any type of incident. Have a clean OS image ready to go in case the worst happens.

Question 62

Q

In terms of the incident response process, what is detection?

Answer

A

Know how to look for incidents when they occur and don’t get distracted by possible false positives.

Question 63

Q

In terms of the incident response process, what is analysis?

Answer

A

Comparing a baseline of your monitoring logs to the incident when it occurs.

Question 64

Q

In terms of the incident response process, what is containment?

Answer

A

Stopping the attack as quickly as possible by isolating it.

Answer 65

A

Getting rid of the attack.

Answer 66

A

Getting things back to normal. Replacing software, re-imaging, disabling compromised accounts, fixing vulnerabilities, recovering the OS, etc.

Answer 67

A

Understand what happened and make sure it doesn’t happen again. Ask yourself if your plans worked or if they need revision. Did your monitoring systems work?

Answer 68

A

You can better prepare to handle an incident through a tabletop exercise or running a simulation. Remember to use the well-defined rules of engagement before simulating a test.

Answer 69

A

Determining the ultimate cause of an incident. Asking, “Why did this happen?” or “What was the first domino to fall in this chain of incidents?” Gathering of facts to draw a reasonable conclusion.

Answer 70

A

Finding the attacker before they find you. Upgrading your defenses so that threats can be caught before they get in.

Answer 71

A

Collecting data when a security event occurs, and using that data for future use.

Answer 72

A

A type of data acquisition request that is usually initiated by a lawyer, informing you of what type of data needs to be stored and how much needs to be available. Usually stored in an ESI (Electronically Stored Information) repository.

Answer 73

A

Information must maintain its unmodified status for the duration of its necessary use, thus a process is in place to see who has access to the information. Hashes and digital signatures allow us to know how the data has been stored and whether or not it has been tampered with.

Answer 74

A

The gathering of data and how it is obtained, via disk, RAM, firmware, OS files, etc. Data could be on multiple systems that need to be accessed.

Answer 75

A

Documenting how the data was acquired and stored.

Answer 76

A

How the data acquired is stored, isolated, and protected.

Answer 77

A

Electronic Discovery. The process of collecting, preparing, reviewing, interpreting and producing electronic documents to be utilized by a third-party. Think of the audits for GoGuardian requested at Alvord.

Answer 78

A

Detailed security-related information, including blocked and allowed traffic flows, exploit attempts, blocked URL categories, and DNS sinkhole traffic.

Answer 79

A

Traffic flows through a firewall. Usually contains source and destination IPs, port numbers, and what the firewall does with this traffic. NGFW log the applications used, URL filtering categories, and anomalies and suspicious data.

Answer 80

A

Log files specific to an application. You can find this in the application log in Event Viewer in Windows.

Answer 81

A

Log files specific to devices that are endpoints, such as phones, laptops, tablets, desktops, and servers.

Answer 82

A

The log files specific to the OS that are associated with security events. Good at finding disabled services and brute-force attacks. Lots of data here, so be sure to filter it.

Answer 83

A

Log files specific to IPSs and IDSs. They contain information about predefined vulnerabilities, such as known OS vulnerabilities and generic security events.

Answer 84

A

Log files from APs, switches, and routers.

Answer 85

A

Data that describes other data sources, so, for example, in a picture taken on your phone, you can pull up all sorts of data about the picture, such as when and where it was taken and how large it is, things like that.

Answer 86

A

Show you if your devices are lacking security controls like no firewall, no anti-virus, and no anti-spyware, misconfigurations, and vulnerabilities.

Answer 87

A

Reports automatically compiled by a SIEM or a third-party program reading a SIEM that tells you about events and vulnerabilities on your network.

Answer 88

A

Real-time summaries of statuses on a single screen (GoGuardian Admin Dashboard). Shows only the most important data.

Answer 89

A

Using a utility like Wireshark to get details on packets sent across your network. Detailed information about traffic flows at the packet level. Everything is captured.

Answer 90

A

What rules are you following to provide CIA (Confidentiality, Integrity, and Availability)? Answers to broad questions like, what data storage requirements do you have to follow and what are your security event procedures? Also, answers to smaller, more detailed security questions like, what’s the appropriate wi-fi usage and what’s required for remote access? Answers to what and why.

Answer 91

A

The big list of all security-related policies, and a centralized resource for all the processes. Usually compliance requirements, not opinions. Contains detailed security procedures, and a list of roles and responsibilities.

Answer 92

A

Acceptable Use Policy. A policy that describes what a user can and cannot do with company assets, those being internet use, phones, computers, mobile devices, etc. Limits legal liability for the organization.

Answer 93

A

What to do when the devices and systems you use every day just stops working. How you continue on with business as planned without having your primary technology up and running.

Answer 94

A

What to do if a disaster happens. Very comprehensive.

Answer 95

A

Incident response plan. What to do if there is an IT specific breach of the network. An incident response team may be necessary in the response.

Answer 96

A

Software Development Lifecycle. Moving through the idea phase of developing software, all the way to the successful launch of an application. There’s the waterfall method and the agile method.

Answer 97

A

Change management includes the frequency (how often changes are made), duration (the time frame in which changes can be made), installation process (the time it takes for the actual change to be implemented), and fallback procedures (to employ in case something goes wrong during the change) of a change being made on the network.

Answer 98

A

A formal definition for using security technologies and processes. Everyone understands the expectations, and complete documentation of this reduces security risk.

Answer 99

A

Your organization should have a standard definition of what makes a good, complex password, and should have documentation that everyone knows about and follows. Acceptable authentication methods should be defined in this documentation as well, along with the policies for password resets.

Answer 100

A

Your organization should have a standard definition of how the organization accesses data, who can access it, what can they access, what time can they access, and under which circumstances. It should detail whether discretionary access is allowed or not. How users get access and how access is removed.

Answer 101

A

Your organization should have a standard definition of rules and policies regarding physical security controls, such as doors and building access. It should detail how users are granted physical access (whether they’re employees or visitors).

Answer 102

A

Your organization should have a standard definition of what and how data should be encrypted. How passwords are stored, what hashing algorithm is used, and the minimum amount of encryption required at all of data’s different states.

Answer 103

A

The Change Management procedure is: Determine the scope of the change, Analyze the risk associated with the change, Create a plan, Get end-user approval, Present the proposal to the change control board, Have a back out plan if the change doesn’t work, and Document the changes.

Answer 104

A

A policy that describes how a user comes onboard the network and how they leave the network. Accounts are created (or disabled) for them, documents are signed, they’re provided with (or give back) company technology, etc.

Answer 105

A

Conditional steps to follow in the case of a particular event. For example, a checklist of what happens if, say, there’s a data breach, or you need to recover a device from ransomware. Can sometimes be implemented into a SOAR platform (Security Orchestration, Automation, and Response), and automated.

Answer 106

A

Technology is always changing, and because of that, processes and procedures have to change also. For example, you might at some point need to update your security posture and have tighter change control, or update your playbooks.

Answer 107

A

Boards, committees, and government entities?

Answer 108

A

A panel of specialists that set the tasks or series of requirements for a committee to follow. Usually very broad objectives.

Answer 109

A

Subject-matter experts that consider the input from a board and work on putting the next steps together to meet particular goals and objectives set by the board. Once completed, they present what they’ve done to the board.

Answer 110

A

Government employees that meet publicly that attempt to move forward with objectives while being concerned with legal issues, administrative requirements, and political issues.

Answer 111

A

Centralized governance is located in one location with a group of decision makers. Decentralized governance spreads the decision-making process around to other individuals or locations.

Answer 112

A

The common, foundational security practices and mandates done by every organization, including logging, data storage, data protection, and retention.

Answer 113

A

The processes and procedures for holding data required for legal proceedings, reporting illegal activities, and mandates for the timely reporting of security breaches.

Answer 114

A

The security processes and procedures for specific industry requirements, depending on what that industry is. For example, the security procedures for maintaining electrical power and public utilities.

Answer 115

A

Local/regional, national, and global.

Answer 116

A

The person who is broadly responsible for data being stored and is accountable for specific data, for example, a VP of sales owns the customer relationship data, a treasurer owns the financial information of a company, etc.

Answer 117

A

The person who manages the purposes and means by which the data is processed. Manages how the data will be used, for example, the payroll department defines payroll amounts and timeframes.

Answer 118

A

The person who processes and uses the data on behalf of the data controller. Often a third-party or different group, for example, a payroll company that processes and stores employee information.

Answer 119

A

The person responsible for data accuracy, privacy, and security. Works directly with the data.

Answer 120

A

Broadly looking at security and understanding potential risks. Allows an organization to identify where risks might be and be able to address them before they become a much larger problem.

Answer 121

A

Ad hoc
Recurring
One-time
Continuous

Answer 122

A

A risk assessment designed to look at only one specific threat.

Answer 123

A

A risk assessment repeatedly done on a standard schedule.

Answer 124

A

A risk assessment specifically designed to assess a one-time project.

Answer 125

A

A risk assessment of a continuous process such as change control.

Answer 126

A

Looks at different risk factors and the criteria for each of the risk factors in broad terms.

Answer 127

A

A statistical measurement of how exactly risky something is based upon data.

Answer 128

A

Single Loss Expectancy. The monetary loss received if one single event occurs. AV x EF = SLE

Answer 129

A

Annualized Loss Expectancy. The monetary loss received over the course of a year. ARO x SLE = ALE

Answer 130

A

Annualized Rate of Occurrence. How often a risk will occur in a single year.

Answer 131

A

Asset Value. The value or importance of a particular asset to an organization.

Answer 132

A

A quantitative measurement of risk (a statistical measurement based upon historical data).

Answer 133

A

A qualitative measurement of risk (is it rare, possible, almost certain, etc.)

Answer 134

A

The percentage of the value of an asset lost due to an incident.

Answer 135

A

List of considerations for a company, including life, property, safety, and finance.

Answer 136

A

A document that identifies the risk associated with each step of a project, and offers possible solutions to those risks.

Answer 137

A

The individual risks listed out on the Risk Register.

Answer 138

A

The person responsible for managing the key risk indicators on the risk register.

Answer 139

A

The balance of time and money spent by the risk owner to manage the key risk indicators on the risk register.

Answer 140

A

A broad description of risk-taking deemed acceptable. The amount of accepted risk before taking any action to reduce that risk. For example, the government set the speed limit to 55 mph. This limit is deemed an acceptable balance between safety and convenience.

Answer 141

A

An acceptable variance (usually larger) from the risk appetite. For example, drivers are ticketed for going over the speed limit, but it’s usually for going 20 mph over and not 5 mph over. The tolerance is larger than the appetite.

Answer 142

A

Transfer
Accept
Avoid
Mitigate

Answer 143

A

Move the risk to another party, or buy some cybersecurity insurance, for example.

Answer 144

A

The company takes the risk and accepts the responsibility for that risk.

Answer 145

A

The company takes the risk, and they exempt their existing policies by doing so.

Answer 146

A

The company takes the risk, and even though they’re taking the risk, their policies for whatever they’re accepting are still valid. For example, not accepting a bad patch to software even though policies say you need to.

Answer 147

A

A company says nope and stops participating in risky activity.

Answer 148

A

A company attempting to decrease a risk level.

Answer 149

A

A formal document that identifies the risks of a project so that the company knows what they’re getting into.

Answer 150

A

Recovery Time Objective. The amount of time it takes to get your systems up and running to a particular service level.

Answer 151

A

Recovery Point Objective: How much data needs to be available to adequately say we’re back up and running.

Answer 152

A

Mean Time To Repair. Basically, the average time required to fix a particular problem.

Answer 153

A

Mean Time Between Failures. The average time between one outage or break and the next.

Answer 154

A

Analyzing how good, trustworthy, reliable, and safe a vendor is so your company may utilize them.

Answer 155

A

Simulating an attack to exploit vulnerabilities.

Answer 156

A

A legal agreement to have the option to perform a security audit on a third-party vendor at any time.

Answer 157

A

The security details summarized by a different third-party performing an audit on the security details between you and a third-party vendor.

Answer 158

A

Bringing in an expert or team of experts from outside of your company to evaluate security and provide recommendations.

Answer 159

A

A security analysis of the entire system involved in creating a product within the supply chain. An understanding of this entire chain and tweaking it in case there are any weaknesses.

Answer 160

A

Investigating a company before doing business with them.

Answer 161

A

Something that compromises the judgment on either side of the business relationship.

Answer 162

A

Service Level Agreement. An agreement between customers and service providers that details the terms for services provided. Includes things like uptime, response time, etc. It keeps everyone on the same page.

Answer 163

A

Memorandum of Agreement. The step above an MOU. Both sides conditionally agree to the objectives lined out and can be considered a legal document, but doesn’t have to contain all of the legal language.

Answer 164

A

Memorandum of Understanding. An informal letter of intent that outlines the basic services provided to a customer. Similar to an SLA, but not signed and less formal. MOUs can lead to SLAs.

Answer 165

A

Master Service Agreement. A legal contract that sets the terms between both organizations, and sets up a framework to be used to add additional work to the contract in the future.

Answer 166

A

Work Order (or Statement of Work). Specific list of items to be completed used in conjunction with the MSA that details the scope of the job, the location, acceptance criteria, etc.

Answer 167

A

Non-disclosure Agreement. A confidential agreement between parties containing information that is not disclosed. If you know what’s in the NDA, you can’t talk about it with people outside of the agreement. Always formal and signed, but can either be unilateral or bilateral.

Answer 168

A

Business Partners Agreement. A document outlining that you’re going into business with another company. Describes the financial contract, what owners have what stake in what parts of the business, and who is making what business decisions.

Answer 169

A

Ongoing management of the vendor relationship after a contract is signed. “I’m watching you, Wzouski!”

Answer 170

A

A part of due diligence and ongoing vendor monitoring by getting answers directly from the vendor by asking them a series of security related questions.

Answer 171

A

An important document used during a pen test that defines the pen test’s parameters and what’s going to be simulated in the attack.

Answer 172

A

An organization performing their own internal compliance, where they monitor and report on organizational compliance efforts. Headed by a CCO. This information is used to provide details to customers or potential investors.

Answer 173

A

A third-party comes to your organization and evaluates your compliance with the rules.

Answer 174

A

Fines, sanctions, reputational damage, loss of license, and contractual impacts.

Answer 175

A

Ensuring compliance in day-to-day operations through various methods. Can be performed internally, externally and (in large companies) automatically.

Answer 176

A

A duty to act honestly and in good faith. Investigating and verifying if things are in compliance. Due diligence is you checking yourself, due care is a third party checking on you.

Answer 177

A

Someone signing off that the compliance is in good standing. Also the guy responsible if documentation is incorrect.

Answer 178

A

Any information relating to an identified or identifiable natural person with personal data. BarrYou.

Answer 179

A

The person who is broadly responsible for data being stored and is accountable for specific data, for example, a VP of sales owns the customer relationship data, a treasurer owns the financial information of a company, etc.

Answer 180

A

The person who manages the purposes and means by which the data is processed. Manages how the data will be used, for example, the payroll department defines payroll amounts and timeframes.

Answer 181

A

The person who processes and uses the data on behalf of the data controller. Often a third-party or different group, for example, a payroll company that processes and stores employee information.

Answer 182

A

Specific data that your organization stores and an inventory of that data (a listing of all managed data).

Answer 183

A

The user having the power, control, and decision of where their data goes and can request the removal of that data from search engines if they so choose.

Answer 184

A

Someone signing off that the compliance is in good standing. Also the guy responsible if documentation is incorrect.

Answer 185

A

Following the rules and regulations set up. Duh.

Answer 186

A

A committee of people that oversees risk management activities. They determine whether audits start or not.

Answer 187

A

Having the organization perform their own checks, and then consolidating the self-assessments into ongoing reports.

Answer 188

A

Audits done by a third-party.

Answer 189

A

An independent third-party performing an audit based upon an individual organization’s regulations and frequency requirements.

Answer 190

A

Hands-on researching in which records are viewed, reports are compiled, and details are gathered. (Leo Bloom).

Answer 191

A

The third-party’s results of the examination (“You could make more money with a flop than with a hit”)

Answer 192

A

An audit performed by an external third-party that has no connection to the organization

Answer 193

A

Making a device’s OS operate the way you want it to by physically modifying it, so lock your stuff up. A physical pen test is literally someone trying to physically gain access to your stuff.

Answer 194

A

A pen test where your systems are attacked and vulnerabilities are looked for to exploit (The Red Team).

Answer 195

A

A pen test where a group (The Blue Team) attempts to identify pen test attacks in real-time and tries to prevent unauthorized access.

Answer 196

A

Red Vs Blue going together.

Answer 197

A

Full disclosure. The pen test attacker is given all of the information about the systems before the test begins.

Answer 198

A

Partial disclosure. The pen test attacker is given only some information about the systems before the test begins. Focused on only certain systems.

Answer 199

A

Blind. The pen test attacker is given no information about the systems before the test begins.

Answer 200

A

Information needed before an attack that is gathered by learning as much as you can from open sources. Social media, websites, online forums, and social engineering, for example.

Answer 201

A

Information needed before an attack that is gathered by going into the devices and systems themselves. Ping scans, port scans, DNS queries, etc. for example.

Answer 202

A

Evidence of modifying host files, uploading sensitive files, replacing core OS files, logins from other countries, increased data transfers, etc.

Answer 203

A

Someone in your organization attacking you. Defend against it by adding multiple approvals for critical processes, monitor your files and systems as much as possible, and make it difficult for anyone to make an unauthorized change.

Answer 204

A

Have guidance and training provided for members of your organization and third-parties through various means, including policy handbooks, and training on situational awareness.
Maintain password management.
Don’t leave cords and USBs laying around.
Alert your people to social engineering.
Let your people know what data attackers are looking for (operational security).
Don’t let anyone other than the specified person access their systems if they’re working from home.

Answer 205

A

Testing your team by sending out a phishing test and recording the results.

Brainscape's Knowledge GenomeTM

Security+ Test Study (4.5 - 5.6) Flashcards

Brainscape's Knowledge Genome^TM