Chapter 8
A friend approaches you at a personal social event and says he was unable to access a popular website at work, but other sites such as new sites seemed to work. Identify the most likely culprit
Content filters are used to limit specific types of content across the Web to users. A common use is to block sites that are not work related. They are used to limit items such as Google searches and other methods of accessing content determined to be inappropriate. Content filters typically rely upon a set of rules.
Identify three essential policies an enterprise should have to properly manage the human aspects of network security.
Essential policies an enterprise should have to properly manage the human aspects of network security include policies on personal e-mail, content filtering (web browsing behavior), and acceptable use.
Your manager asks you to help her understand some fundamental principles about device configuration. Identify three important principles about device configuration.
Important principles about device configuration are • Misconfigured devices are one of the more common security issues and can go completely unnoticed. • Many security controls depend upon a properly configured device to function properly. • Firewalls, content filters, and access points are all common systems with configurations that are critical for proper operation. • The misconfiguration issue is common enough that the NIST Risk Management Framework specifies that one must test controls once in place to ensure they actually do work as desired
Your friend in another department asks you to help him understand some fundamental principles about encryption and clear text. Identify three important principles about the risk incurred by unencrypted credentials and clear text.
Important principles about the risk incurred by unencrypted credentials and clear text include • It is important to protect the transfer of authorizing credentials between computer systems from unauthorized observation. • When information is sent between machines in cleartext or unencrypted form, the information being transmitted is subject to eavesdropping by any machine in the communication pathway. • The information is also subject to release in the event of an error that results in the credential information being persisted in a log or displayed on someone's screen. • To prevent credential disclosure to unauthorized parties, they should never be transmitted across cleartext forms of communication in unencrypted form
Identify the primary reason why personal e-mail presents risks to the corporation.
Personal e-mail presents at least three risks to a corporation in that it offers a data exfiltration pathway that is outside of corporate control, it can act as a path for malware to enter the network, and it can act as a path for malware to enter user machines.
Identify three reasons why poorly trained users present a significant security challenge.
Poorly trained users present a significant security challenge because personnel can violate policies because they don't understand why a policy exists or they lack situational awareness of how a policy is applied. It can also be the result of willful disobedience. Each of these can result in increased risk to the enterprise.
List three methods of controlling unauthorized software
Removing the user's ability to add software • Using whitelisting or freeze technologies to restrict what can run on a machine • Conducting regular audits to identify unauthorized software
Which of the following is a risk typically related to certificates? A. Failure to install a needed trust chain makes a key that should be trusted, untrusted. B. A chain of trust violation can always be "fixed" when the end user installs a certificate into the trust repository. C. Maintaining the repository of trusted certificates across an enterprise is a simple task. D. Accepting a trust chain that should not be trusted means accepting certificates in the past that should be trusted
[A.] Failure to install a needed trust chain makes a key that should be trusted, untrusted.
Which of the following is a valid principle relevant to logs and event anomalies? A. It's important to determine what to log and what not to log. B. You should gather and log as much information as you can. C. Context doesn't matter much when logging information D. Logs should be actively maintained and never be destroyed or overwritten.
[A.] It's important to determine what to log and what not to log.
What is the most likely reason for access violation errors? A. Intruders are trying to hide their footprints. B. The user is unauthorized and is either making a mistake or is attempting to get past security. C. A SIEM system will not identify access violations. D. An APT intrusion won't usually trigger access violations.
[B.] The user is unauthorized and is either making a mistake or is attempting to get past security.
Which of the following properly defines data exfiltration? A. A means for carrying public keys and vouching for their authenticity. B. Someone attempts to access a resource that they do not have permission to access. C. An attacker attempts to steal a copy of your data and export it from your system. D. Ensuring that the list of users and associated rights is complete and up to date.
[C.] An attacker attempts to steal a copy of your data and export it from your system.
Which of the following is true about firewalls? A. Firewalls are encrypted remote terminal connections. B. Over time, rulesets stabilize and become easier to maintain. C. Firewalls are network access policy enforcement devices that allow or block passage of packets based on a ruleset. D. Auditing firewall rules is a straightforward process.
[C.] Firewalls are network access policy enforcement devices that allow or block passage of packets based on a ruleset.
Which of the following is not true about insider threats? A. Segregation of duties can help manage insider threats. B. Ensuring that system admins do not have the ability to manipulate the logs on the systems they administer can mitigate the insider threat. C. The best defense against insider threats is a single strong layer of defense. D. Managing the malicious insider problem is a combination of people management through HR and separation of duties
[C.] The best defense against insider threats is a single strong layer of defense.
Which of the following is not a risk related to social media? A. An employee can inadvertently share confidential company information. B. Extreme viewpoints can present a legal liability to the company. C. Viable training programs can help mitigate social media risks. D. The use of social media can facilitate social engineering.
[C.] Viable training programs can help mitigate social media risks.
Which of the following is true about managing user permission issues? A. User rights and permissions reviews are not powerful security controls. B. Ensuring that user lists and associated rights are complete and current is a straightforward task with today's tools. C. Compensating controls are unnecessary. D. The strength of this control is highly dependent on it being kept current and properly maintained.
[D.] The strength of this control is highly dependent on it being kept current and properly maintained.