SANS SEC 301 UPDATED Exam
Questions and CORRECT Answers
Everyone can do everything they need to do and nothing more. Bradley Manning - WikiLeaks
Target - HVAC hack - CORRECT ANSWER - Principle of Least Privilege
The cornerstone of all security: Everyting done in security addresses one or more of these three
things
Confidentiality, Integrity, availability
Confidentiality - Only those who need to access something can; ties into principle of least
privilege
Integrity - data is edited correctly and by the right people. Failure ex.: Delta $5 tickets round trip
tickets to anywhere Delta flies/attach on pricing database
Availability - If you cannot use it, why do you have it? - CORRECT ANSWER - CIA
Triad
Pharmaceuticals and government, research - CORRECT ANSWER - Confidentiality
Financials maintained in part by confidentiality - CORRECT ANSWER - Integrity
eCommerce Ex. Amazon make $133,000/per minute thus denial of service is critical business
impact; power company need to keep lights on = availability issue - CORRECT
ANSWER - Availability
Authentication, Authorization, Accountability - CORRECT ANSWER - AAA
Detailed steps to make policy happen - CORRECT ANSWER - Procedure
Policy, Procedure and Training - CORRECT ANSWER - PPT
,Users must know what policies and procedures say to follow them. - CORRECT
ANSWER - Training
Broad general statement of management's intent to protect information - CORRECT
ANSWER - Policy
A security professional needs to be:
1/3 technologist
1/3 manager
1/3 lawyer
-Tkhis is the perfect summation of the career field.
-Technology supports security efforts
-Management decisions (and budgets) drive security
-Legal issues mandate security requirements - CORRECT ANSWER - Security by Thirds
Senior Mgmt:
-Has legal responsibility to protect the assets of the org:
That give him the ultimate responsibility for security
-Authority can be delegated - responsibility cannot be
Data owner - person or office with primary responsibility for data; owners determine
classification, protective measures and more
Data custodian - the person/group that implement the controls; make the decisions of the owner
happens
Users - use data; are also automatically data custodians - CORRECT ANSWER - Security
Roles and Responsiblities
safety of people - CORRECT ANSWER - Number 1 Goal of Security
years ago: teenagers
,today: we face organized crime and nation states
-well funded
-highly motivated
disgruntled insider: difficult to counter; tends to be subtle; often damaging or even devastating
Accidental insider: common; also tend to be subtle; in aggregate - even ore damaging
Outsider threat source - inside threat actor: a growing proble, the current most-common attack
vector
2014 - 47% of U. S. adults had private data compromised in a breach (NBC News)
FBI can prove it was North Korea that attacked Sony - CORRECT ANSWER - Nature of
the Threat
- CORRECT ANSWER - Security Policy
- CORRECT ANSWER - Separation of Duties
- CORRECT ANSWER - Acceptable Use Policy
verify identity; is Keith really Keith?
(1) Verifying the integrity of a transmitted message. See message integrity, e-mail authentication
and MAC.
(2) Verifying the identity of a user logging into a network. Passwords, digital certificates, smart
cards and biometrics can be used to prove the identity of the client to the network. Passwords and
digital certificates can also be used to identify the network to the client. The latter is important in
, wireless networks to ensure that the desired network is being accessed. See identity management,
identity metasystem, OpenID, human authentication, challenge/response, two-factor
authentication, password, digital signature, IP spoofing, biometrics and CAPTCHA.
Four Levels of Proof
There are four levels of proof that people are indeed who they say they are. None of them are
entirely foolproof, but in order of least to most secure, they are:
1 - What You Know
Passwords are - CORRECT ANSWER - Authentication
- CORRECT ANSWER - Biometric
Control what they are allowed to do. Although we know Keith is Keith, what can Keith do? -
CORRECT ANSWER - Authorization
- CORRECT ANSWER - Accountability
Harden, patch & monitor - CORRECT ANSWER - HPM
Monitor what has been done. Although we know Keith is Keith, what did Keith do? - CORRECT
ANSWER - Accountability
- CORRECT ANSWER - Awareness Training Programs
Prevent /defense as much as you can; detect for everything else; or if the preventive measures
fail, respond to what is detected
-Prevention is ideal
-detection is a must
Questions and CORRECT Answers
Everyone can do everything they need to do and nothing more. Bradley Manning - WikiLeaks
Target - HVAC hack - CORRECT ANSWER - Principle of Least Privilege
The cornerstone of all security: Everyting done in security addresses one or more of these three
things
Confidentiality, Integrity, availability
Confidentiality - Only those who need to access something can; ties into principle of least
privilege
Integrity - data is edited correctly and by the right people. Failure ex.: Delta $5 tickets round trip
tickets to anywhere Delta flies/attach on pricing database
Availability - If you cannot use it, why do you have it? - CORRECT ANSWER - CIA
Triad
Pharmaceuticals and government, research - CORRECT ANSWER - Confidentiality
Financials maintained in part by confidentiality - CORRECT ANSWER - Integrity
eCommerce Ex. Amazon make $133,000/per minute thus denial of service is critical business
impact; power company need to keep lights on = availability issue - CORRECT
ANSWER - Availability
Authentication, Authorization, Accountability - CORRECT ANSWER - AAA
Detailed steps to make policy happen - CORRECT ANSWER - Procedure
Policy, Procedure and Training - CORRECT ANSWER - PPT
,Users must know what policies and procedures say to follow them. - CORRECT
ANSWER - Training
Broad general statement of management's intent to protect information - CORRECT
ANSWER - Policy
A security professional needs to be:
1/3 technologist
1/3 manager
1/3 lawyer
-Tkhis is the perfect summation of the career field.
-Technology supports security efforts
-Management decisions (and budgets) drive security
-Legal issues mandate security requirements - CORRECT ANSWER - Security by Thirds
Senior Mgmt:
-Has legal responsibility to protect the assets of the org:
That give him the ultimate responsibility for security
-Authority can be delegated - responsibility cannot be
Data owner - person or office with primary responsibility for data; owners determine
classification, protective measures and more
Data custodian - the person/group that implement the controls; make the decisions of the owner
happens
Users - use data; are also automatically data custodians - CORRECT ANSWER - Security
Roles and Responsiblities
safety of people - CORRECT ANSWER - Number 1 Goal of Security
years ago: teenagers
,today: we face organized crime and nation states
-well funded
-highly motivated
disgruntled insider: difficult to counter; tends to be subtle; often damaging or even devastating
Accidental insider: common; also tend to be subtle; in aggregate - even ore damaging
Outsider threat source - inside threat actor: a growing proble, the current most-common attack
vector
2014 - 47% of U. S. adults had private data compromised in a breach (NBC News)
FBI can prove it was North Korea that attacked Sony - CORRECT ANSWER - Nature of
the Threat
- CORRECT ANSWER - Security Policy
- CORRECT ANSWER - Separation of Duties
- CORRECT ANSWER - Acceptable Use Policy
verify identity; is Keith really Keith?
(1) Verifying the integrity of a transmitted message. See message integrity, e-mail authentication
and MAC.
(2) Verifying the identity of a user logging into a network. Passwords, digital certificates, smart
cards and biometrics can be used to prove the identity of the client to the network. Passwords and
digital certificates can also be used to identify the network to the client. The latter is important in
, wireless networks to ensure that the desired network is being accessed. See identity management,
identity metasystem, OpenID, human authentication, challenge/response, two-factor
authentication, password, digital signature, IP spoofing, biometrics and CAPTCHA.
Four Levels of Proof
There are four levels of proof that people are indeed who they say they are. None of them are
entirely foolproof, but in order of least to most secure, they are:
1 - What You Know
Passwords are - CORRECT ANSWER - Authentication
- CORRECT ANSWER - Biometric
Control what they are allowed to do. Although we know Keith is Keith, what can Keith do? -
CORRECT ANSWER - Authorization
- CORRECT ANSWER - Accountability
Harden, patch & monitor - CORRECT ANSWER - HPM
Monitor what has been done. Although we know Keith is Keith, what did Keith do? - CORRECT
ANSWER - Accountability
- CORRECT ANSWER - Awareness Training Programs
Prevent /defense as much as you can; detect for everything else; or if the preventive measures
fail, respond to what is detected
-Prevention is ideal
-detection is a must
