Security+ Lesson 1
A multinational company manages a large amount of valuable intellectual property (IP) data, plus personal data for its customers and account holders. What type of business unit can be used to manage such important and complex security requirements?
A security operations center (SOC)
How does accounting provide non-repudiation?
A user's actions are logged on the system. Each user is associated with a unique computer account. As long as the user's authentication is secure and the logging system is tamperproof, they cannot deny having performed the action.
An engineer for a small company is trying to explain the importance of security to the company's owner. The owner feels the company does not need permissions added to the shared drive containing highly sensitive information. What security concept means that information can only be read by people who have been explicitly authorized to access it? A.Confidentiality B.Integrity C.Availability D.Recovery
A. Confidentiality With confidentiality, integrity, and availability, also known as the CIA Triad, confidentiality means that only people with explicit authorization to access the information can read it. This type of authority involves setting permissions for files and folders.
After a server outage due to a security breach, a company has taken several steps to recover from the incident. They have restored critical data from the latest backups and applied urgent security patches to address the exploited vulnerabilities. The security team has updated the incident response plan to incorporate lessons learned from the breach. What category of security control functional type BEST describes the function of these recent implementations? A.Corrective B.Preventive C.Detective D.Operational
A. Corrective Corrective controls eliminate or reduce the impact of a security policy violation. A corrective control occurs after an attack. In this scenario, these actions aim to directly address the damage caused by the outage and improve the recovery process.
A medium-sized mechanical engineering firm wants to better define the account creation process during the onboarding of new hires. It is looking to ensure that the new hires have the right programs, file permissions, and security controls completed ahead of time through automation. What modern access control implementation would aid the company's account creation process? A.IAM B.LDAP C.CISO D.CTO
A. IAM The company typically implements modern access control as an identity and access management (IAM) system. The company would want to implement an IAM system to ensure the proper creation of accounts and their associated permissions
After a company hires a new chief information security officer (CISO), the chief executive officer (CEO) requests the CISO to hire staff for the new team. The purview of the team will be for monitoring and protecting critical information assets throughout the company. What BEST describes the location of this new team within the structure of the company? A.SOC B.NOC C.Help desk D.MSP
A. SOC A Security Operations Center (SOC) is the team responsible for security-related activities within a company.
What process within an access control framework is responsible for logging actions performed by subjects?
Accounting
What is the difference between authorization and authentication?
Authorization means granting the account that has been configured for the user on the computer system the right to make use of a resource. Authorization manages the privileges granted on the resource. Authentication protects the validity of the user account by testing that the person accessing that account is who they say they are.
What component of modern access controls determines what rights a user should have on each resource? A.Authentication B.Authorization C.Identification D.Accounting
B. Authorization Authorization refers to determining what rights users should have on each resource and enforcing those rights. Authorization may involve permissions, individually, group, or role-based.
A newly hired chief information security officer (CISO) is implementing the National Institute of Standards and Technology (NIST) Cybersecurity Framework. What first function would help the CISO better develop the company's security policies, such as acceptable use policy (AUP), and build out recommendations for security controls? A.Protect B.Identify C.Detect D.Respond
B. Identify The identify function in the National Institute of Standards and Technology's Cybersecurity Framework refers to developing security policies and capabilities. The CISO preparing policies and controls would fall under the identify function.
A newly hired chief information security officer (CISO) met with the human resources (HR) department to discuss how to better manage the company's access to sensitive information. In what way does this meeting fall under the responsibility of the new CISO? A.Monitoring audit logs B.Reviewing user permissions C.Documenting access controls D.Managing security-related incident response
B. Reviewing user permissions Working with human resources to ensure the proper user permissions for their given role falls under the security aspect of the chief information security officer.
An information technology manager conducted an audit of the company's support tickets. The manager noticed a trend with the tickets, where the majority were for new computer setups. What security control function would the manager's implementation of a new standard operating procedure have? A.Compensating B.Deterrent C.Directive D.Corrective
C. Directive A directive control enforces a rule of behavior, such as a policy, best practice standard, or standard operating procedure (SOP).
After restoring a file from a backup, the owner of a small company wants to better understand the purpose of permissions. A particular situation occurred, and even though there are permissions on the shared drive, why does the company still not know who deleted the file? The engineer explained that enabling file auditing would help pinpoint all changes to the shared drive and who made them. How would this help prevent the lack of knowing who changed the files? A.Confidentiality B.Non-remediation C.Non-repudiation D.Availability
C. Non-repudiation
What are the properties of a secure information processing system?
Confidentiality, integrity, and availability (and non-repudiation)
An information technology (IT) department is growing to a size where there is a need for a new group to manage security. The chief executive officer (CEO) wants to hire a new executive officer for the role and split it into its own department, separate from the IT department. The CEO should hire for which position? A.CIO B.CTO C.CEO D.CISO
D. CISO The chief information security officer (CISO) is the title of the individual responsible for managing security teams or departments within a company.
After implementing the National Institute of Standards and Technology (NIST) Cybersecurity Framework, the chief information security officer (CISO) is assessing the company's security posture to identify deficiencies from the framework's recommendations. What process can the CISO run to get a better sense of what the company needs to improve upon? A.Implement business continuity plan B.Penetration test C.Implement disaster recovery plan D.Gap analysis
D. Gap analysis The CISO would be preparing a gap analysis report. This report will show the defects in the company's current security posture against the NIST Cybersecurity Framework (or any other baseline security framework).
After a recent server outage, the company discovered that an employee accidentally unplugged the power cable from the server while grabbing some office supplies from the nearby shelf. What security control did the company lack that led to the server outage? A.Managerial B.Technical C.Operational D.Physical
D. Physical Physical controls such as alarms, gateways, locks, lighting, and security cameras deter and detect access to premises.
A business is expanding rapidly , and the owner is worried about tensions between its established IT and programming divisions. What type of security business unit or function could help to resolve these issues?
Development and operations (DevOps) is a cultural shift within an organization to encourage more collaboration between developers and systems administrators. DevSecOps embeds the security function within these teams as well.
A company provides a statement of deviations from framework best practices to a regulator. What process has the company performed?
Gap analysis
You have implemented a secure web gateway that blocks access to a social networking site. How would you categorize this type of security control?
It is a technical type of control (implemented in software) and acts as a preventive measure.
A company has installed motion-activated floodlighting on the grounds around its premises. What class and function is this security control?
It would be classed as a physical control, and its function is both detecting and deterring.
What term is used to describe the property of a secure network where a sender cannot deny having sent a message?
Non-repudiation
A firewall appliance intercepts a packet that violates policy. It automatically updates its access control list to block all further packets from the source IP. What TWO functions did the security control perform?
Preventive and corrective
If a security control is described as operational and compensating, what can you determine about its nature and function?
The control is enforced by a person rather than a technical system, and the control has been developed to replicate the functionality of a primary control, as required by a security standard.
