Security+ Lesson 1 Practice
What is the difference between authorization and authentication?
-Authorization means granting the account that has been configured for the user on the computer system the right to make use of a resource (manages privileges granted on the resource) -Authentication protects the validity of the user account by testing that the person accessing that account is who they say they are
A multinational company manages a large amount of valuable intellectual property (IP) data, plus personal data for its customers and account holders. What type of business unit can be used to manage such important and complex security requirements?
A security operations center (SOC)
How does accounting provide non-repudiation?
A user's actions are logged on the system. Each user is associated with a unique computer account. As long as the user's authentication is secure and the logging system is tamper-proof, they cannot deny having performed the action.
What process within an access control framework logs actions performed by subjects?
Accounting
What component of modern access controls determines what rights subjects should have on each resource?
Authorization. Authorization refers to determining what rights subjects should have on each resource and enforcing those rights. Authorization may involve permissions, individually, group, or role-based.
An information technology (IT) department is growing to a size where there is a need for a new group to manage security. The chief executive officer (CEO) wants to hire a new executive officer for the role and split it into its own department, separate from the IT department. The CEO should hire for which position?
Chief Information Security Officer (CISO). Internal responsibility for security
What are the properties of a secure information processing system?
Confidentiality, integrity, and availability (and non-repudiation)
An engineer for a small company is trying to explain the importance of security to the company's owner. The owner feels the company does not need permissions added to the shared drive. What security concept should the engineer detail for the owner of the company to ensure the security of the shared drive?
Confidentiality. Confidentiality means that only people with explicit authorization to access the information can read it. This type of authority involves setting permissions for files and folders.
After a server outage due to a security breach, a company has taken several steps to recover from the incident. They have restored critical data from the latest backups and applied urgent security patches to address the exploited vulnerabilities. The security team has updated the incident response plan to incorporate lessons learned from the breach. What category of security control BEST describes the function of these recent implementations?
Corrective (Eliminates or reduces impact of security policy violation. Used after an attack)
A business is expanding rapidly, and the owner is worried about tensions between its established IT and programming divisions. What type of security business unit or function could help to resolve these issues?
Development and operations (DevOps) is a cultural shift within an organization to encourage more collaboration between developers and systems administrators. DevsecOps embeds the security function within these teams as well.
An information technology manager conducted an audit of the company's support tickets. The manager noticed a trend with the tickets, where the majority were for new computer setups. What security control function would the manager's implementation of a new standard operating procedure have?
Directive (Enforces a rule of behavior, such as a policy, best practice standard, or standard operating procedure (SOP).
A company provides a statement of deviations from framework best practices to a regulator. What process has the company performed?
Gap Analysis
After implementing the National Institute of Standards and Technology (NIST) Cybersecurity Framework, the chief information security officer (CISO) is assessing the company's security posture to identify deficiencies from the framework's recommendations. What process can the CISO run to get a better sense of what the company needs to improve upon?
Gap Analysis
A newly hired chief information security officer (CISO) is implementing the National Institute of Standards and Technology (NIST) Cybersecurity Framework. What first function would help the CISO better develop the company's security policies, such as acceptable use policy (AUP), and build out recommendations for security controls?
Identify. The identify function in the National Institute of Standards and Technology's Cybersecurity Framework refers to developing security policies and capabilities. The CISO preparing policies and controls would fall under the identify function.
What term is used to describe the property is a secure network where a sender cannot deny having sent a message?
Non-repudiation
After restoring a file from a backup, the owner of a small company wants to understand better the purpose of permissions. A particular situation occurred, and even though there are permissions on the shared drive, why does the company still not know who deleted the file? The engineer explained that enabling file auditing would help pinpoint all changes to the shared drive and who made them. How would this help prevent the lack of knowing who changed the files?
Non-repudiation means a person cannot deny doing something, such as creating, modifying, or sending a resource. For the company, this would mean enabling file auditing on its file share.
After a recent server outage, the company discovered that an employee accidentally unplugged the power cable from the server while grabbing some office supplies from the nearby shelf. What security control did the company lack that led to the server outage?
Physical
A company has installed motion-activated floodlighting on the grounds around its premises. What class and function is this security control?
Physical control and its function is both detecting and deterring
A firewall appliance intercepts a packet that violates policy. It automatically updates its access control list to block all further packets from the source IP. What TWO functions did the security control perform?
Preventive (Acts to eliminate or reduce likelihood that an attack can succeed. Operates before attack can take place) and Corrective (Eliminates or reduces impact of security policy violation. Used after an attack)
A newly hired chief information security officer (CISO) met with the human resources (HR) department to discuss how to better manage the company's access to sensitive information. In what way does this meeting fall under the responsibility of the new CISO?
Reviewing User Permissions
After a company hires a new chief information security officer (CISO), the chief executive officer (CEO) requests the CISO to hire staff for the new team. The purview of the team will be for monitoring and protecting critical information assets throughout the company. What BEST describes the location of this new team within the structure of the company?
Security Operations Center (SOC) Location where security professionals monitor and protect critical information, assets across other business functions, such as finance, operations, sales/marketing, and so on. SOCs can be difficult to establish, maintain, and finance, they are usually employed by larger corporations, like a government agency or a healthcare company.
You have implemented a secure web gateway that blocks access to a social networking site. How would you categorize this type of security control?
Technical type of control (implemented in software) and acts as a preventive measure.
A medium-sized mechanical engineering firm wants to better define the account creation process during the onboarding of new hires. It is looking to ensure that the new hires have the right programs, file permissions, and security controls completed ahead of time through automation. What modern access control implementation would aid the company's account creation process?
The company typically implements modern access control as an identity and access management (IAM) system. The company would want to implement an IAM system to ensure the proper creation of accounts and their associated permissions.
If a security control is described as operational and compensating, what can you determine about its nature and function?
The control is enforced by a person rather than a technical system, and the control has been developed to replicate the functionality of a primary control, as required by a security standard.
