Uploaded by Kaleb

Security + Chapter 1 SEC - 601 packt pub

Chapter 1 Review
Security + SY0-601 Chapter 1 Review
What are the three components of the CIA triad?
Why might an inactive CCTV camera be placed on the outside wall of a building?
What does confidentiality mean?
How can you control access of personnel to a data center?
What is the purpose of an air gap?
Name three main control categories.
Name three physical controls.
Following an incident, what type of control will be used when researching how the incident
How do you know whether the integrity of your data is intact?
What is a corrective control?
What type of control is it when you change the firewall rules?
What is used to log in to a system that works in conjunction with a PIN?
What is the name of the person who looks after classified data? Who gives people access to the
classified data?
When you use a DAC model for access, who determines who gains access to the data?
What is least privilege?
What access is granted by the Linux file permission of 764?
The sales team is allowed to log in to the company system between 9 a.m. and 10 p.m. What
type of access control is being used?
Two people from the finance team are only allowed to authorize the payment of checks. What
type of access control are they using?
What is the purpose of the defense in-depth model?
When someone leaves the company, what is the first thing you should do with their user
What do US companies that host websites in the US have to comply with if customers are based
in Poland?
How can a company discover that its suppliers are using inferior products?
What is one of the most important factors between someone being arrested and their
appearance before the judge in court?
Can you explain what the purpose of the CLOUD Act and COPOA is?
What is Stage C of Cloud Forensic Process 26?
Chapter 1 Review
1) Integrity (where the data uses hashing), Availability (where the data is available like a Backup),
Confidentiality (where the data is encrypted)
2) Defense in Depth: An inactive CCTV camera could be used to scare away criminals
3) Prevents the disclosure of data to unauthorized people so that only authorized people have
access to the data. This is known as a need-to-know basis. Only those who should know the
contents should be given access. Like medical history which is only available to your doctor.
Encrypting data is the best way to keep it confidential and there are two types of encryptions
known as symmetric and asymmetric. Symmetric is one key while Asymmetric uses two keys a
private and public.
4) You can control access to the Data Center by having Mantraps or Turnstiles
5) The purpose of an air gap is to prevent data theft by isolating a machine without any internet
access with the only way to insert or remove data would be by using a USB drive or CD ROM.
6) Managerial, Operational and Technical
7) Any of the Following 3;
Lighting, cameras, robot sentries, fences, gate signage, industrial camouflage, security guards,
badges, key management, proximity card, tokens, biometric locks, electronic locks, burglar
alarms, smoke detectors, internal protection, conduits, HVAC, cable locks, airgap, laptop safe,
USB data blocker, vault, and Faraday cage
8) Detective Control
9) Hashing provides data integrity; the hash is measured before and after accessing data if the
values match the file has integrity.
10) Actions you take to recover from an incident
11) Technical Controls, Firewall rules are designed to mitigate risks
12) A smart card, CAC card or a PIV card
13) In a MAC model, Custodian stores and manages, Admin grants access
Chapter 1 Review
14) In a DAC environment Data Owner decides who has access
15) Where you give someone limited access so they can perform their job. Also Known as need to
16) Linux Permission 764 gives;
Owner: Read, write, and execute Group: Read and write All other users: Read
17) Rule-Based Access Control (Access is applied to everyone)
18) Role-Based Access Control (Subset of dept is carrying out certain duties)
19) Defense in Depth is the concept of protecting company data with a series of protective layers so
if one layer fails another layer will be in its place to thwart an attack.
Intruder Perspective
20) Disable the account and change the password
21) All websites in the US that have consumers from the EU have to abide by General Data Protection
Regulation (GDPR)
22) Right to Audit Clauses allow an auditor to visit the premises without a notice and perform an
inspection to verify compliance.
23) Chain of Custody must be kept; chain of custody is a record of who has collected evidence and
provides a log of who has handled it. The original data must be kept intact and must have no breaks in
the chain.
24) CLOUD Act created in 2018 allows the US to have access to evidence from other countries for an FBI
investigation. In 2019, the Overseas Protection Act (COPOA) was created which allows the UK to seek
data stored overseas as part of a criminal investigation.
Chapter 1 Review
25) Verify the type of technology behind the cloud