SANS GICSP (Study Questions for SANS GICSP ) CORRECTLY ANSWERED 2024
Access Control Models Answer - Information Flow
Non Interference
Confidentiality of Stored Information
- Bell-LaPadula (Mandatory Access Control) - Access Matrix (Read, Write or Execute or R/W/X)
- Take-Grant (Rights = Create, Revoke, Take and Grant
Integrity of Stored Information
- Biba Integrity Model (Bell-LaPadula upside down)
- Clark-Wilson
Mandatory Access Control (MAC) Answer - Permissions to objects are managed centrally by an administrator. Is an access policy determined by the system, rather than by the owner. Organizations use this in multilevel systems that process highly sensitive data such as classified govt or military.
Examples: 1) Rule-based, 2) Lattice Model
Discretionary Access Control (DAC) Answer - Is an access policy determined by the owner of a file (or other resource). The owner decides who's allowed access to a file and what privileges they have.
Role Based Access Control (RBAC) Answer - A method of implementing discretionary access controls in which access decisions are based on group membership, according to organization or functional roles.
LDAP - Lightweight Directory Access Protocol Answer - An Internet Protocol (IP) and
data storage model that supports authentication and directory functions. It is a remote access authentication protocol. Vendors = Microsoft Active Directory, CA eTrust Directory, Apache Directory Server, Novell eDirectory, IBM SecureWay and Tivoli Directory Server, Sun Directlry Server. OpenLDAP and tinyldap open source versions.
User Account Answer - Allows a user to authenticate to system services and be granted authorization to access them; however, authentication does not imply authorization.
Service Account Answer - Is an account that a service on your computer uses to run under and access resources. This should not be a user's personal account. Can also be an account that is used for a scheduled task (e.g., batch job account) or an account that is used in a script that is run outside of a specific user's context. (Ref GIAC White Paper)
Default Account Answer - System login account predefined in a manufactured system to permit initial access when system is first put into service. (pciscanner)
Guest Account Answer - For users who don't have a permanent account on your computer or domain. It allows people to use your computer without having access to personal files. Per MSFT cannot install software or hardware, change settings, or create a password. (MSFT)
Account expiration Answer - A time limit that is applied to the life of an account, so that it can be used only for a predetermined period of time. (MSFT)
Access Control List (ACL) Answer - List of subjects (including groups, machines, processes*) that are authorized to access a particular object. Typically, the types of access are read, write, execute, append, modify, delete and create. (Harris) (*NIST)
Access Reconciliation Answer - The action of making accounts consistent. A process
used to compare two sets of records to ensure the data are in agreement and are accurate.
Configuration Control Answer - Process of controlling modifications to hardware, firmware, software and documentation to protect the information system against improper modification prior to, during, and after system implementation. (NIST)
Baseline Configuration Answer - A set of specifications for a system that has been formally reviewed and agreed on at a given point in time, and which can be changed only through change control procedures. Used as a basis for future builds, releases, and/or changes. (NIST)
Baseline Answer - A process that identifies a consistent basis for an organization's security architecture, taking into account system-specific parameters, such as different operating systems. (Dummies)
A minimum level of security necessary throughout the organization (CISA)
Configuration Auditing Answer - Check that:
- Change was recorded correctly and work matched the Request for Change (RFC)
- Change had appropriate risk level
- Configuration items updated appropriately
- Documentation updated (CISCO)
WSUS - Windows Server Update Services Answer - Next version of automatic updates for internal use. Built into Windows Server 2003. Previously called Software Update Services (SUS) and Windows Update Services (WUS) but now obsolete.
(Day 3, Page 56-57) Attack - Man-in-the-Middle (MITM) Answer - A type of attack in which an attacker intercepts messages between two parties and forwards a modified version of the orginal message. (Dummies)
Attack - Spoofing Answer - Technique used to forge TCP/IP packet information or email header information. In network attacks it is used to gain access to systems by impersonating the IP address of a trusted host. In email the sender address is forged
to trick an email users into opening or responding to an email. (Dummies)
Attack - Social Engineering Answer - A low tech attack method that employs techniques such as dumpster diving and shoulder surfing. (Dummies) A practice of obtaining confidential information by manipulation of legitimate users (ISA)
Attack - Denial of Service (DoS) Answer - An attack on a system or network with the intention of making the system or network unavailable for use. (Dummies) In the context of ICS, can refer to loss of process function, not just loss of data communictions. (ISA)
Data Manipulation Answer - A process of altering register data so as to change output status, without altering the ladder program. (www.toolingu.com)
Attack - Session Hijacking Answer - Similar to Man in the Middle Attack, except that the attacker impersonates the intended recipient instead of modifying messages in transit. (Dummies)
Unauthorized Access Answer - - Occurs when user, legimate or unauthorized, accesses a resource that the user is not permitted to use. (FIPS 191)
- Viewing private accounts, messages, files or resources when one has not been given permission from the owner to do so. Viewing confidential information without permission or qualifications can result in legal action. (Business Dictionary)
Health, Safety and Environmental (HSE) Answer - Responsibility for protecting the health and safety of workers and surrounding community and maintaining high environmental stewardship. (ISA)
Safety - Process Hazard Analysis (PHA) (aka Process Hazard Evaluation) Answer - is a set of organized and systematic assessments of the potential hazards associated with an industrial process. Provides information to assist managers and employees in making decisions for improving safety and reducing the consequences of unwanted or unplanned releases of hazardous chemicals. (Wiki)
Safety - HAZOP - Hazard Operations - Hazard and Operability Study Answer - A Qualitative Technique.
Is a structured and systematic examination of a planned or existing process or operation in order to identify and evaluate problems that may represent risks to personnel or equipment, or prevent efficient operation. This technique was initially developed to analyze chemical process systems but has later been extended to
Access Control Models Answer - Information Flow
Non Interference
Confidentiality of Stored Information
- Bell-LaPadula (Mandatory Access Control) - Access Matrix (Read, Write or Execute or R/W/X)
- Take-Grant (Rights = Create, Revoke, Take and Grant
Integrity of Stored Information
- Biba Integrity Model (Bell-LaPadula upside down)
- Clark-Wilson
Mandatory Access Control (MAC) Answer - Permissions to objects are managed centrally by an administrator. Is an access policy determined by the system, rather than by the owner. Organizations use this in multilevel systems that process highly sensitive data such as classified govt or military.
Examples: 1) Rule-based, 2) Lattice Model
Discretionary Access Control (DAC) Answer - Is an access policy determined by the owner of a file (or other resource). The owner decides who's allowed access to a file and what privileges they have.
Role Based Access Control (RBAC) Answer - A method of implementing discretionary access controls in which access decisions are based on group membership, according to organization or functional roles.
LDAP - Lightweight Directory Access Protocol Answer - An Internet Protocol (IP) and
data storage model that supports authentication and directory functions. It is a remote access authentication protocol. Vendors = Microsoft Active Directory, CA eTrust Directory, Apache Directory Server, Novell eDirectory, IBM SecureWay and Tivoli Directory Server, Sun Directlry Server. OpenLDAP and tinyldap open source versions.
User Account Answer - Allows a user to authenticate to system services and be granted authorization to access them; however, authentication does not imply authorization.
Service Account Answer - Is an account that a service on your computer uses to run under and access resources. This should not be a user's personal account. Can also be an account that is used for a scheduled task (e.g., batch job account) or an account that is used in a script that is run outside of a specific user's context. (Ref GIAC White Paper)
Default Account Answer - System login account predefined in a manufactured system to permit initial access when system is first put into service. (pciscanner)
Guest Account Answer - For users who don't have a permanent account on your computer or domain. It allows people to use your computer without having access to personal files. Per MSFT cannot install software or hardware, change settings, or create a password. (MSFT)
Account expiration Answer - A time limit that is applied to the life of an account, so that it can be used only for a predetermined period of time. (MSFT)
Access Control List (ACL) Answer - List of subjects (including groups, machines, processes*) that are authorized to access a particular object. Typically, the types of access are read, write, execute, append, modify, delete and create. (Harris) (*NIST)
Access Reconciliation Answer - The action of making accounts consistent. A process
used to compare two sets of records to ensure the data are in agreement and are accurate.
Configuration Control Answer - Process of controlling modifications to hardware, firmware, software and documentation to protect the information system against improper modification prior to, during, and after system implementation. (NIST)
Baseline Configuration Answer - A set of specifications for a system that has been formally reviewed and agreed on at a given point in time, and which can be changed only through change control procedures. Used as a basis for future builds, releases, and/or changes. (NIST)
Baseline Answer - A process that identifies a consistent basis for an organization's security architecture, taking into account system-specific parameters, such as different operating systems. (Dummies)
A minimum level of security necessary throughout the organization (CISA)
Configuration Auditing Answer - Check that:
- Change was recorded correctly and work matched the Request for Change (RFC)
- Change had appropriate risk level
- Configuration items updated appropriately
- Documentation updated (CISCO)
WSUS - Windows Server Update Services Answer - Next version of automatic updates for internal use. Built into Windows Server 2003. Previously called Software Update Services (SUS) and Windows Update Services (WUS) but now obsolete.
(Day 3, Page 56-57) Attack - Man-in-the-Middle (MITM) Answer - A type of attack in which an attacker intercepts messages between two parties and forwards a modified version of the orginal message. (Dummies)
Attack - Spoofing Answer - Technique used to forge TCP/IP packet information or email header information. In network attacks it is used to gain access to systems by impersonating the IP address of a trusted host. In email the sender address is forged
to trick an email users into opening or responding to an email. (Dummies)
Attack - Social Engineering Answer - A low tech attack method that employs techniques such as dumpster diving and shoulder surfing. (Dummies) A practice of obtaining confidential information by manipulation of legitimate users (ISA)
Attack - Denial of Service (DoS) Answer - An attack on a system or network with the intention of making the system or network unavailable for use. (Dummies) In the context of ICS, can refer to loss of process function, not just loss of data communictions. (ISA)
Data Manipulation Answer - A process of altering register data so as to change output status, without altering the ladder program. (www.toolingu.com)
Attack - Session Hijacking Answer - Similar to Man in the Middle Attack, except that the attacker impersonates the intended recipient instead of modifying messages in transit. (Dummies)
Unauthorized Access Answer - - Occurs when user, legimate or unauthorized, accesses a resource that the user is not permitted to use. (FIPS 191)
- Viewing private accounts, messages, files or resources when one has not been given permission from the owner to do so. Viewing confidential information without permission or qualifications can result in legal action. (Business Dictionary)
Health, Safety and Environmental (HSE) Answer - Responsibility for protecting the health and safety of workers and surrounding community and maintaining high environmental stewardship. (ISA)
Safety - Process Hazard Analysis (PHA) (aka Process Hazard Evaluation) Answer - is a set of organized and systematic assessments of the potential hazards associated with an industrial process. Provides information to assist managers and employees in making decisions for improving safety and reducing the consequences of unwanted or unplanned releases of hazardous chemicals. (Wiki)
Safety - HAZOP - Hazard Operations - Hazard and Operability Study Answer - A Qualitative Technique.
Is a structured and systematic examination of a planned or existing process or operation in order to identify and evaluate problems that may represent risks to personnel or equipment, or prevent efficient operation. This technique was initially developed to analyze chemical process systems but has later been extended to
