SYO-701

Question 1

Technical controls (category)

Answer 1

implemented using a system
IT security controls
eg: firewall, anti-virus

Question 2

Managerial Controls (category)

Answer 2

policies and procedures
admin stuff
SOPs
on-boarding policy, demotion, review login reports, separation of duties

Question 3

Operational controls (category)

Answer 3

implemented by people instead of systems
guard shack, require multiple guard, awareness training

Question 4

physical controls (category)

Answer 4

door lock, warning sign, power generator

Question 5

preventive control type

Answer 5

block access to a resource
firewall rules
door locks
on-boarding policy

Question 6

deterrent control type

Answer 6

discourage attacks
warning banner
posted warning signs
threat of demotion

Question 7

Detective control type

Answer 7

identify intrusion attempts
audit log monitoring
motion detectors

Question 8

Corrective control type

Answer 8

Apply a control after an event has been detected to reverse impact of event
Continue operations with minimal downtime
Ransomware recovery using backups
use law enforcement to manage criminal activity
fire extinguishers

Question 9

compensating control type

Answer 9

control using other means
existing controls aren’t sufficient
may be a temporary control

use a temporary firewall rule to block an application while waiting for a security patch
implement separation of duties
generator used after a power outage

Question 10

Directive control type

Answer 10

direct a subject towards compliance
this is a weak security control

tell people to store sensitive files in a protected folder
train users on security policy
Create compliance policies and procedures
security policy training

Question 11

Zero Trust

Answer 11

Authenticate to each device or process on the network, not just a VPN or firewall.
Everything must be verified, nothing inherently trusted

Question 12

Data plane

Answer 12

zero trust plane of operation
process frames packet and network data
movement of data across network
Switch ports, NAT, processsing, forwarding, trunking

Question 13

Control plane

Answer 13

zero trust plane of operation
manage actions of the data plane
network decision making and traffic management
routing tables, NAT tables, IP address configs

Question 14

Adaptive Identity

Answer 14

zero trust
Consider the source and the requested resources
Multiple risk indicators with relationship to the organization
If user is in China, considered higher risk
Find out how risky the login is.

Question 15

(zero trust) Threat Scope reduction

Answer 15

zero trust
decrease number of possible entry points

Question 16

policy-driven access control (zero trust)

Answer 16

zero trust
Make authentication requirements stronger based on Adaptive Identity.
combine adaptive identity with a predefined set of rules

Question 17

PEP

Answer 17

zero trust
Policy Enforcement Point
everything must be validated via the PEP
Subjects and systems must be vallidated through Policy Enforcment Point
PEP is a gatekeeper for allowing or blocking traffic to resources
Can be multiple devices working together.
Works on the Data plane

Question 18

PDP

Answer 18

zero trust
Policy Decision Point
gets forwareded requests from the PEP
decides whether traffic should be allowed or not
makes a process for authentication
Works on the control plane

Question 19

Policy Engine - zero trust

Answer 19

zero trust
Part of the PDP
evaluate each access decision based on policy
grant, deny or revoke access

Question 20

Policy Administrator - zero trust

Answer 20

Part of the PDP
Generate access tokens
the PA creates or shuts down a communication based on decisions from the Policy Engine
Tells the PEP to allow or disallow access

Question 21

TPM

Answer 21

trusted platform module
specification for cryptography hardware
cryptography process like random number generator, key generators
unique keys burned in during manufacturing
versatile memory to store keys, hardware config info
securely store bitlocker keys
password protected against dictionary attacks

Question 22

HSM

Answer 22

hardware security module
used in large environments
- a rack server
securely stoer thousands of keys
high-end cryptographic hardware used to perform crypto functios
key backup
- secure storage for keys
cryptographic accelerators
- GPU for performing crypto functions

Question 23

secure enclave

Answer 23

protected area in hardware for secrets
- implemented as a hardware processor
- isolated from main processor
- many different technologies and names
extensive security features
- has its own boot ROM
- has its own boot process
- true random number generator
- real-time memory encryption
- root crypto keys
- AES encryption

Question 24

block chain

Answer 24

distributed ledger
everyone on blockchain tracks the ledger
tracks transaction and sends it everyone
can be used to track progress of parts on an assembly line

block of transactions
secure hash is calcuated from previous blocks of transaction data
hash is added to the new block of verified transactions
chain of hashes
new calculated block is distributed to everyone

if any blocks are altered, all the following hashes in the chain are recalcuated
is the altered chain doesn’t match other chains on network, it will be rejected

Question 25

OCSP stapling

Answer 25

During the TLS/SSL handshake, the server sends the digitally signed OCSP verification with the certificate message to the client. OCSP stapling improves the client experience by: * Reducing the time it takes to establish a connection * Ensuring the browser gets the same response performance for the certificate status as it does for the website content * Addressing privacy concerns by removing the need for the CA to receive revocation requests directly from the client

Question 26

UTM

Answer 26

unified threat management aka all in one security device aka web security gateway URL filtering, content inspection malware inspecion spam filter CSU/DSU (LAN to WAN connection) routing and switching firewall IDS/IPS badwidth shaper for QoS VPN server

Question 27

SD-WAN

Answer 27

Software defined networking in a wide area network WAN built for cloud cloud based app communicate directly to the cloud dynamic network connects on-site users directly to cloud applications

Question 28

SASE

Answer 28

Secure Access Service Edge VPN for cloud services SASE servers located on the cloud, near the apps SASE client installed on devices

Question 29

BYOD

Answer 29

bring your own device BYOT bring your own technology employee owned devices difficult to secure

Question 30

BYOT

Answer 30

bring your own technology employee owned devices

Question 31

COPE

Answer 31

corporate owned personally enabled devices organization owned device used for both personal and corporate stuff

Question 32

CYOD

Answer 32

a subset of COPE device choose your own device choose apple or android

Question 33

MIC

Answer 33

message integrity check wireless security make sure data is the same as sent provides data integrity

Question 34

GCMP

Answer 34

galois counter mode protocol wifi protocol works with WPA3 secure hashes with AES

Question 35

SAE

Answer 35

Simultaneous Authentication of Equals wifi security protocol Variant of diffie-helmen key exchange everyone uses a different session key, even if everyone has the same preshared key handshake and mutual authentication process is changed create a shared session key without sending key across network

Question 36

EAP

Answer 36

extensible authentication protocol many ways to authentication integrates with 802.1x works with WiFi

Question 37

enumeration

Answer 37

part of asset management record all parts of an asset CPU. mem, keyboard, mouse, etc

Question 38

CVSS

Answer 38

common vulnerability scoring system uses NVD

Question 39

NVD

Answer 39

national vulnerabilit database nvd.nist.gov vulns with a score of 10 are most critical 0 score is least critical scores change with CVSS version

Question 40

CVE

Answer 40

Common vulnerabilities and exposures vulnerability database

Question 41

exposure factor

Answer 41

loss of value or business activity due to vulnerability if a vuln takes down half of the business, exposure factor is 50%

Question 42

SPF

Answer 42

sender policy framework email security add a TXT record in DNS SPF - configure a list of all servers authorized to send emails

Question 43

DKIM

Answer 43

domain key identified mail mail server digitally signs all outgoing mail public key is in the DKIM TXT record users can validate that the messages are legit with DKIM public key

Question 44

DMARC

Answer 44

domain based message authentication, reporting and comformance extension of SPF and DKIM handle emails that aren't validated using SPF and DKIM write policy to a DNS TXT record possible policy action on unvalidated email: - accept all, - send to spam, - quarantine - reject email can send compliance reports to the email admin

Question 45

MAC

Answer 45

Mandatory Access Control OS limits operations on an object every object is labeled - eg: confidential, secret admin of the system decides which person can access which labels eg: SELinux file types and user restrictions

Question 46

DAC

Answer 46

Discrectionary Access Control similar to unix chmod owner of data controls who can access it flexible access control weak security, because it depends on users to have good security

Question 47

RBAC

Answer 47

role based access control each user has a role in the organization admin provides access based on user's role in windows, use AD Groups to provide role-based access control

Question 48

rule-based access control

Answer 48

system enforced rules rules created by admin, not users object ACLs, similar to linux file ACLs eg: a lab worker can only access a file between 9 AM and 5 PM.

Question 49

attribute based access control

Answer 49

users can have complex relationships to applications and data next generation authorization model evaluate multiple parameters - resource info, IP addr, time of day, desired action, relationship to the data

Question 50

JIT permissions

Answer 50

Just in time permissions short term admin permissions a breached user account doesn't have admin access user requests admin permissions from a clearinghouse primary credentials are stored in a password vault, and never doled out each user gets a different short term set of admin credentials to use when user is finished, short term credentials are deleted.

Question 51

cases for automation

Answer 51

user onboarding and offboarding guard rails - automated validation on configs - limit admin mistakes security groups - assign or remove users from AD groups ticket creation - automate turning user emails into helpdesk tickets escalation - correct helpdesk issues before involving a human - if helpdesk cannot fix it, automatically escalate to security enable and disable services as needed CI/CD Continuous integration and continuous deployment use APIs with automation

Question 52

incident lifecycle (in order)

Answer 52

PDACERL preparation detection analysis containment, eradication, recovery lessons learned

Question 53

chain of custody

Answer 53

used in digital forensics control evidence - maintain integrity of data log who access data have hashes and digital signatures of data to maintain data integrity label and catalog everything - digitally tag all items for ongoing documentation - seal and store data

Question 54

Data owner

Answer 54

accountable for a specific data VP of sales owns the customer relationship data treasurer owns financial informatio

Question 55

data controller

Answer 55

manage the purposes and means by which personal data is processed eg: payroll department defines payroll amounts and pay time

Question 56

data processor

Answer 56

processes data on behalf of the data controller often a third-party or different group eg: payroll company sends the paychecks

Question 57

data custodian/steward

Answer 57

responsible for data accuracy, privacy and security attach sensitivity labels to data make sure data complies with laws implement security controls grant users access to data

Question 58

Qualitative risk assessment

Answer 58

Risk assessment identify significant risk factors ask opinions about the significance display visually with traffic light grid or similar method

Question 59

ARO

Answer 59

annualized rate of occurence

Question 60

AV

Answer 60

asset value value of an asset to the organization includes cost of th asset, effect on company sales

Question 61

EF

Answer 61

exposure factor percentage of the value lost due to an incident

Question 62

SLE

Answer 62

single loss expenctancy monetary loss if a single event occurs. SLE = AV * EF eg: 1 laptop stolen - SLE = 1000 * 1 = 1000

Question 63

ALE

Answer 63

annualized loss expectency annualize loss per year ALE = ARO * SLE eg: seven laptops stolen per years - ALE = 7 * 1000

Question 64

risk likelihood

Answer 64

qualitative measurement of risk eg: rare, possible, almost certain eg: high, medium, low

Question 65

risk probability

Answer 65

quantitative measurement of risk eg: statistical measurement based on historical performance numbers

Question 66

risk appetite posture

Answer 66

qualitative description for readiness to take risk eg: conservative, neutral, expansionary

Question 67

risk tolerance

Answer 67

an acceptable variance from the risk appetite usually larger than risk appetite eg: you can drive 5 mph over speed limit before you get a ticket

Question 68

risk register

Answer 68

every project has a plan, but also a risk - identify and document risk associated with each step of a project - document solutions to the risk

Question 69

risk reporting

Answer 69

formal document - identify risk - detailed information for each risk created for senior management - make decisions regarding resources, budgeting, additional security tasks includes critical and emerging risks - the most important considerations

Question 70

SLA

Answer 70

service level agreement minimum terms for services provided uptime, down response time, etc commonly used between customers and providers

Question 71

MOU

Answer 71

memorandum of understanding informal contract between two organizations confidentiality agreements very broad, not detailed

Question 72

MOA

Answer 72

memorandum of agreement one step above an MOU more detailed than an MOU, but still fairly broad not a contract may not contain legally enforcable promises

Question 73

MSA

Answer 73

master service agreement legal contract and agreement of terms broad framework to cover future transactions covers many detailed negotiations foundation for future services

Question 74

WO

Answer 74

work order aka SOW - statement of work extends an MSA specific list of items to be completed Details the scope of the job, location and deliverables

Question 75

NDA

Answer 75

non-disclosure agreement confidentiality agreement between parties protect data, so companies can discuss trade secrets unilateral - one way NDA bilateral - two way NDA multilateral - many way NDA, for multiple companies

Question 76

BPA

Answer 76

business partners agreement two people going into business together make an agreement has owner's stake has financial contract who makes the decisions? prepare for contingencies

Question 77

GLBA

Answer 77

gramm-leach-bliley act of 1999 requires disclosure of privacy info from banks

Question 78

SOX

Answer 78

sarbanes-oxley act public accounting reform and investor protection act of 2002

Question 79

due diligence

Answer 79

monitor compliance make sure that the company is acting in good faith to do compliance implies a third party is doing due diligence

Question 80

due care

Answer 80

monitor compliance make sure that the company is acting in good faith to do compliance implies the company itself is doing due care

Question 81

attestation (compliance monitoring)

Answer 81

someone must sign off on formal compliance docs ultimately responsible if the docs are incorrect

Question 82

EDR

Answer 82

Endpoint Detection and Response host endpoint security client more advanced than signature detection behavioral analysis, machine learning and process monitoring lightweight agent on the endpoint detects threats investigate the threat root cause analysis respond to threats

Question 83

XDR

Answer 83

eXtended Detection and Response enhanced version of EDR improved missed detection, false positives and long investigation times analyses data from many different endpoints to make conclusions adds network-based detection correlate endpoint, network and cloud data to find threats

Question 84

XDR behavior analytics

Answer 84

user behavior analytics watch users, hosts, network traffic, data repositories, etc make a baseline of normal activity watch for any unusual activity