SBOLC Security Fundamentals Exam
Review 2024
AUP - ANSWER-Acceptable Use Policy
-Defines the conditions in which company resources may be used
-Object-centric: authorization ground rules
BIA - ANSWER-Business Impact Analysis / Assessment
-Management tool that helps determine the financial impact of business or
organizational changes
-Going through an organization to determine financial impact of disruption or change
Botnet Attack - ANSWER--A network of compromised systems containing malware
which acts as a robot
-Take over multiple machines and allows you to communicate with the bots and exhaust
the victim of resources
Change Management - ANSWER--Policy that defines the formalized manners to
introduce transformations/change within the organization
-Documents and introduces change to the organization
-Change may introduce new risk
-Updates the baselines
Cold Site - ANSWER-Empty facility with established power, HVAC, and network
connectivity to the building
DAC Model - ANSWER-Discretionary Access Control Model
-Creator/owner decides access
-Network users have some flexibility regarding how information is accessed
-Vulnerable to social engineering attacks, example, Trojan horse attacks.
Data Controller - ANSWER-The person who controls the data being released
-Coud release data to a 3rd party and handles sensitive information internally
, Difference between Disaster Recovery Plan (DRP) and Business Continuity Plan (BCP)
- ANSWER-DRP: Immediately invoked after a disaster, prioritizing the restoration
BCP: How to operate in a reduced state
DLP - ANSWER-Data Loss Prevention
-Security control that mitigates the accidental unauthorized disclosure of data
-Examples:
--Removing PII/PHI from emails
--Preventing the use of removable media (USB blocking)
--Preventing the uploading of sensitive company information to social media sites or
untrusted cloud services
Domain Hijacking - ANSWER--Unethical actor registers a web domain with a name very
similar to a legitimate organization
-comptia.org vs comtia.biz
-Unethical actor changes the Top Level Domain (TLD: .com/.org/.biz/etc.)
Entry Point Security Controls - ANSWER--Security cameras and CCTV
-Object detection
-Motion-sensitive
-Alarms and sensors
-Motion detection sensors
-Noise sensors
-Detect environmental changes
-Temperature sensors
-Moisture sensors
-Proximity cards and readers
Hash - ANSWER--A hash is a mathematical function that converts an input of arbitrary
length into an encrypted output of a fixed length
-Fixed link output (message digest)
Hot Site - ANSWER-Warm site capabilities plus established computer, servers, and
software
Hypervisor - ANSWER--Software component that enforces the sandbox security model
-Type 1 Hypervisor: Runs natively within the host's hardware (bare-metal)
Review 2024
AUP - ANSWER-Acceptable Use Policy
-Defines the conditions in which company resources may be used
-Object-centric: authorization ground rules
BIA - ANSWER-Business Impact Analysis / Assessment
-Management tool that helps determine the financial impact of business or
organizational changes
-Going through an organization to determine financial impact of disruption or change
Botnet Attack - ANSWER--A network of compromised systems containing malware
which acts as a robot
-Take over multiple machines and allows you to communicate with the bots and exhaust
the victim of resources
Change Management - ANSWER--Policy that defines the formalized manners to
introduce transformations/change within the organization
-Documents and introduces change to the organization
-Change may introduce new risk
-Updates the baselines
Cold Site - ANSWER-Empty facility with established power, HVAC, and network
connectivity to the building
DAC Model - ANSWER-Discretionary Access Control Model
-Creator/owner decides access
-Network users have some flexibility regarding how information is accessed
-Vulnerable to social engineering attacks, example, Trojan horse attacks.
Data Controller - ANSWER-The person who controls the data being released
-Coud release data to a 3rd party and handles sensitive information internally
, Difference between Disaster Recovery Plan (DRP) and Business Continuity Plan (BCP)
- ANSWER-DRP: Immediately invoked after a disaster, prioritizing the restoration
BCP: How to operate in a reduced state
DLP - ANSWER-Data Loss Prevention
-Security control that mitigates the accidental unauthorized disclosure of data
-Examples:
--Removing PII/PHI from emails
--Preventing the use of removable media (USB blocking)
--Preventing the uploading of sensitive company information to social media sites or
untrusted cloud services
Domain Hijacking - ANSWER--Unethical actor registers a web domain with a name very
similar to a legitimate organization
-comptia.org vs comtia.biz
-Unethical actor changes the Top Level Domain (TLD: .com/.org/.biz/etc.)
Entry Point Security Controls - ANSWER--Security cameras and CCTV
-Object detection
-Motion-sensitive
-Alarms and sensors
-Motion detection sensors
-Noise sensors
-Detect environmental changes
-Temperature sensors
-Moisture sensors
-Proximity cards and readers
Hash - ANSWER--A hash is a mathematical function that converts an input of arbitrary
length into an encrypted output of a fixed length
-Fixed link output (message digest)
Hot Site - ANSWER-Warm site capabilities plus established computer, servers, and
software
Hypervisor - ANSWER--Software component that enforces the sandbox security model
-Type 1 Hypervisor: Runs natively within the host's hardware (bare-metal)
