C836 EXAM AND REVIEW UPDATED 2022/2023 CHAPTER 1 TO
chapter 6
first and most important step of operational security - ANSWER: identify our most
critical information assets
threat - ANSWER: something that has the potential to cause harm to us
vulnerabilities - ANSWER: weaknesses that can be used to harm us
ex: security controls not very rigorous that can allow one to easily change source
code
risk occurs when.. - ANSWER: when we have a matching threat and vulnerability
deterrent controls - ANSWER: designed to discourage those who might seek to
violate our security controls from doing so
deterrent examples - ANSWER: signs in public spaces that might indicate that video
monitoring is in place, violations for breaking the law..
detective - ANSWER: serve to detect and report undesirable events taking place
detective example - ANSWER: burglar alarms and physical intrusion detection
systems
preventive controls - ANSWER: used to physically prevent unauthorized entities from
breaching our physical security
physical security example - ANSWER: simple mechanical lock or high fences
(RAID) redundant arrays of inexpensive disks - ANSWER: used to ensure we do
Magnetic Media - ANSWER: Hard drives, floppy drives and tape drives
sensitive to magnetic fields
flash media - ANSWER: sturdy and resilient
optical media - ANSWER: CDs and DVDs
sensitive to temperature and even scratching that can render media unusable
physical controls - ANSWER: locks, fences, cameras, security guards, lighting
, more complex security measures, such as the use of iris scanners, mantraps, and
identification badges
administrative controls - ANSWER: background checks, periodic drug tests
main method of ensuring availability - ANSWER: backups like RAIDs
subnet - ANSWER: small network divided from a larger network
firewall - ANSWER: a mechanism for maintaining control over the traffic that flows
into and out of our network
packet filtering - ANSWER: looks at the contents of each packet in the traffic
individually and makes a gross determination, based on the source and destination
IP addresses, the port number, and the protocol being used, of whether the traffic
will be allowed to pass.
Since each packet is examined individually and not in concert with the rest of the
packets comprising the content of the traffic, it can be possible to slip attacks
through this type of firewall.
stateful packet inspection - ANSWER: like packet filtering but able to keep track of
traffic on a granular level
will only allow traffic through that is part of a new or already established connection
knows when the connection has been closed and further traffic should not
legitimately be present
deep packet inspection - ANSWER: capable of analyzing the actual content of the
traffic that is flowing through them
proxy servers - ANSWER: serve as a choke point in order to allow us to filter traffic
for attacks or undesirable content such as malware or traffic to Web sites hosting
adult content
DMZ (demilitarized zone) - ANSWER: layer of protection between the device, such as
our mail server, and the Internet, and between the rest of our network and the
device
Signature based IDses - ANSWER: They maintain a database of the signatures that
might signal a particular type of attack and compare incoming traffic to those
signatures
works well, except when we encounter an attack that is new, or has been specifically
constructed in order to not match existing attack signatures
chapter 6
first and most important step of operational security - ANSWER: identify our most
critical information assets
threat - ANSWER: something that has the potential to cause harm to us
vulnerabilities - ANSWER: weaknesses that can be used to harm us
ex: security controls not very rigorous that can allow one to easily change source
code
risk occurs when.. - ANSWER: when we have a matching threat and vulnerability
deterrent controls - ANSWER: designed to discourage those who might seek to
violate our security controls from doing so
deterrent examples - ANSWER: signs in public spaces that might indicate that video
monitoring is in place, violations for breaking the law..
detective - ANSWER: serve to detect and report undesirable events taking place
detective example - ANSWER: burglar alarms and physical intrusion detection
systems
preventive controls - ANSWER: used to physically prevent unauthorized entities from
breaching our physical security
physical security example - ANSWER: simple mechanical lock or high fences
(RAID) redundant arrays of inexpensive disks - ANSWER: used to ensure we do
Magnetic Media - ANSWER: Hard drives, floppy drives and tape drives
sensitive to magnetic fields
flash media - ANSWER: sturdy and resilient
optical media - ANSWER: CDs and DVDs
sensitive to temperature and even scratching that can render media unusable
physical controls - ANSWER: locks, fences, cameras, security guards, lighting
, more complex security measures, such as the use of iris scanners, mantraps, and
identification badges
administrative controls - ANSWER: background checks, periodic drug tests
main method of ensuring availability - ANSWER: backups like RAIDs
subnet - ANSWER: small network divided from a larger network
firewall - ANSWER: a mechanism for maintaining control over the traffic that flows
into and out of our network
packet filtering - ANSWER: looks at the contents of each packet in the traffic
individually and makes a gross determination, based on the source and destination
IP addresses, the port number, and the protocol being used, of whether the traffic
will be allowed to pass.
Since each packet is examined individually and not in concert with the rest of the
packets comprising the content of the traffic, it can be possible to slip attacks
through this type of firewall.
stateful packet inspection - ANSWER: like packet filtering but able to keep track of
traffic on a granular level
will only allow traffic through that is part of a new or already established connection
knows when the connection has been closed and further traffic should not
legitimately be present
deep packet inspection - ANSWER: capable of analyzing the actual content of the
traffic that is flowing through them
proxy servers - ANSWER: serve as a choke point in order to allow us to filter traffic
for attacks or undesirable content such as malware or traffic to Web sites hosting
adult content
DMZ (demilitarized zone) - ANSWER: layer of protection between the device, such as
our mail server, and the Internet, and between the rest of our network and the
device
Signature based IDses - ANSWER: They maintain a database of the signatures that
might signal a particular type of attack and compare incoming traffic to those
signatures
works well, except when we encounter an attack that is new, or has been specifically
constructed in order to not match existing attack signatures
