COMPTIA SEC+ LESSON 1
A. IAM The company typically implements modern access control as an identity and access management (IAM) system. The company would want to implement an IAM system to ensure the proper creation of accounts and their associated permissions. Lightweight Directory Access Protocol (LDAP) would be one portion of a complete IAM system. Additionally, LDAP may not apply, depending on the infrastructure chosen. Chief information security officer (CISO) is the title of the person responsible for the management of security teams or departments within a company. The chief technology officer (CTO) is similar to the chief information officer (CIO) but focuses on the company's technology products rather than the products the company uses.
A medium-sized mechanical engineering firm wants to better define the account creation process during the onboarding of new hires. It is looking to ensure that the new hires have the right programs, file permissions, and security controls completed ahead of time through automation. What modern access control implementation would aid the company's account creation process? A. IAM B. LDAP C. CISO D. CTO
An engineer for a small company is trying to explain the importance of security to the company's owner. The owner feels the company does not need permissions added to the shared drive containing highly sensitive information. What security concept should the engineer detail for the owner of the company to ensure the security of the shared drive? A.Confidentiality B.Integrity C.Availability D.Recovery
A. Confidentiality With confidentiality, integrity, and availability, also known as the CIA Triad, confidentiality means that only people with explicit authorization to access the information can read it. This type of authority involves setting permissions for files and folders. Integrity refers to storing and transferring data as intended and authorized. Availability refers to information that is readily accessible to those authorized to view or modify it. Recovery is the last part of the National Institute of Standards and Technology's (NIST) Cyber Security Framework which refers to implementing cybersecurity resilience to restore systems and data if other controls cannot prevent attacks.
After a server outage due to a security breach, a company has taken several steps to recover from the incident. They have restored critical data from the latest backups and applied urgent security patches to address the exploited vulnerabilities. The security team has updated the incident response plan to incorporate lessons learned from the breach. What category of security control functional type BEST describes the function of these recent implementations? A.Corrective B.Preventive C.Detective D.Operational
A. Corrective Corrective controls eliminate or reduce the impact of a security policy violation. A corrective control occurs after an attack. In this scenario, these actions aim to directly address the damage caused by the outage and improve the recovery process. Preventive controls eliminate or reduce the likelihood that an attack can succeed. The company implements this control to avert a potential incident from occurring. Detective controls may not prevent or deter access, but they will identify and record an attempted or successful intrusion. A security camera would be a type of detective control. Operational controls involve people, such as hiring security guards and performing training programs.
After a company hires a new chief information security officer (CISO), the chief executive officer (CEO) requests the CISO to hire staff for the new team. The purview of the team will be for monitoring and protecting critical information assets throughout the company. What BEST describes the location of this new team within the structure of the company? A.SOC B.NOC C.Help desk D.MSP
A.SOC A Security Operations Center (SOC) is the team responsible for security-related activities within a company. A Network Operations Center (NOC) is the team responsible for the network and server infrastructure-related activities inside the company. A help desk or "Level One" support team handles a company's first line of ticket resolution. Depending on the company's size, they may also do some SOC or NOC-related activities. A managed service provider (MSP) is an outsourced information technology (IT) organization that handles some or all IT activities for a company, SOC, NOC, and help desk.
What component of modern access controls determines what rights subjects should have on each resource? A.Authentication B.Authorization C.Identification D.Accounting
B. Authorization Authorization refers to determining what rights subjects should have on each resource and enforcing those rights. Authorization may involve permissions, individually, group, or role-based. Authentication refers to proving that subjects are who or what they claim to be when attempting to access the resource. An authentication factor determines what sort of credential subjects can use. Identification refers to creating an account or ID that uniquely represents the user, device, or process on the network. Accounting refers to tracking the authorized usage of a resource or use of rights by a subject and alerting when detecting unauthorized usage.
A newly hired chief information security officer (CISO) is implementing the National Institute of Standards and Technology (NIST) Cybersecurity Framework. What first function would help the CISO better develop the company's security policies, such as acceptable use policy (AUP), and build out recommendations for security controls? A.Protect B.Identify C.Detect D.Respond
B. Identify The identify function in the National Institute of Standards and Technology's Cybersecurity Framework refers to developing security policies and capabilities. The CISO preparing policies and controls would fall under the identify function. The second function of the NIST Cybersecurity Framework is protect, referring to the procurement, development, or deployment of IT assets and how to defend them against malicious actors. The framework's third function is detect, which refers to ongoing, proactive monitoring to ensure that controls are effective and capable of protecting against new threats. The fourth function of the framework is respond or how a company would identify, analyze, contain, and eradicate threats to systems and data security.
An information technology manager conducted an audit of the company's support tickets. The manager noticed a trend with the tickets, where the majority were for new computer setups. What security control function would the manager's implementation of a new standard operating procedure have? A.Compensating B.Deterrent C.Directive D.Corrective
C. Directive A directive control enforces a rule of behavior, such as a policy, best practice standard, or standard operating procedure (SOP). Compensating controls are a substitute for a principal control, as recommended by a security standard, and afford the same (or better) level of protection. However, they use a different methodology or technology. Deterrent controls may not physically or logically prevent access, but they psychologically discourage an attacker from attempting an intrusion. Deterrent controls could include signs and warnings of legal penalties against trespass or intrusion. Corrective controls eliminate or reduce the impact of a security policy violation. A corrective control occurs after an attack.
91.7% complete Question A newly hired chief information security officer (CISO) met with the human resources (HR) department to discuss how to better manage the company's access to sensitive information. In what way does this meeting fall under the responsibility of the new CISO? A.Monitoring audit logs B.Reviewing user permissions C.Documenting access controls D.Managing security-related incident response
C. Documenting access controls Working with human resources to ensure the proper user permissions for their given role falls under the security aspect of the chief information security officer. While monitoring audit logs would fall under a security role, it would not necessarily occur with the HR group. However, the only exception would be if adverse employee actions were pending, but this does not apply here. Documenting access controls also fall under the CISO role but would likely not fall under a joint role with HR unless they manage badge access. However, the scenario does not mention badge access. Similarly, with monitoring audit logs, incident response would not necessarily involve HR unless it points to an internal threat actor.
66.7% complete Question After restoring a file from a backup, the owner of a small company wants to better understand the purpose of permissions. A particular situation occurred, and even though there are permissions on the shared drive, why does the company still not know who deleted the file? The engineer explained that enabling file auditing would help pinpoint all changes to the shared drive and who made them. How would this help prevent the lack of knowing who changed the files? A.Confidentiality B.Non-remediation C.Non-repudiation D.Availability
C. Non-repudiation Non-repudiation means a person cannot deny doing something, such as creating, modifying, or sending a resource. For the company, this would mean enabling file auditing on its file share. With confidentiality, integrity, and availability, also known as the CIA Triad, confidentiality means that only people with explicit authorization to access the information can read it. This type of authority involves setting permissions for files and folders. Non-remediation does not refer to a common term, practice, or concept in security but would describe the failure to implement proper fixes for issues or breaches. Availability refers to information that is readily accessible to those authorized to view or modify it.
An information technology (IT) department is growing to a size where there is a need for a new group to manage security. The chief executive officer (CEO) wants to hire a new executive officer for the role and split it into its own department, separate from the IT department. The CEO should hire for which position? A. CIO B. CTO C. CEO D. CISO
D. CISO The chief information security officer (CISO) is the title of the individual responsible for managing security teams or departments within a company. The chief information officer (CIO) is responsible for the company's equipment and infrastructure. The chief technology officer (CTO) is similar to the chief information officer (CIO) but focuses on the company's technology products rather than the products the company uses. The chief executive officer is the figurehead or visionary in charge of leading the company's executive staff. The current CEO would also manage the other C-Suite executives to ensure the company's mission statement is successful.
After implementing the National Institute of Standards and Technology (NIST) Cybersecurity Framework, the chief information security officer (CISO) is assessing the company's security posture to identify deficiencies from the framework's recommendations. What process can the CISO run to get a better sense of what the company needs to improve upon? A.Implement business continuity plan B.Penetration test C.Implement disaster recovery plan D.Gap analysis
D. Gap analysis. The CISO would be preparing a gap analysis report. This report will show the defects in the company's current security posture against the NIST Cybersecurity Framework (or any other baseline security framework). A business continuity plan would significantly improve security posture, but the CISO is verifying what currently exists, not what should exist. The CISO would not be performing a penetration test. However, this task may show up as a remediation step during a gap analysis report. Like penetration testing, implementing a disaster recovery plan would likely be a remediation step for any defects the CISO finds during the analysis.
After a recent server outage, the company discovered that an employee accidentally unplugged the power cable from the server while grabbing some office supplies from the nearby shelf. What security control did the company lack that led to the server outage? A.Managerial B.Technical C.Operational D.Physical
D. Physical Physical controls such as alarms, gateways, locks, lighting, and security cameras deter and detect access to premises. Managerial controls provide oversight of the information system. Examples could include risk identification or a tool allowing the evaluation and selection of other security controls. Technical controls are the implementation of a system, such as hardware, software, or firmware. For example, firewalls, antivirus software, and OS access control models are technical controls. For the server's security, segregating that equipment from normal employee access is important. Operational control involves people, such as hiring security guards and performing training programs.
