Answers |Actual Complete Exam |Already Graded A+
1. Defense-in-
-•The National Security Agency's (NSA's) People, Technology,
Depth
and Oper-ations defense strategy
Strategies
• The 20 CIS controls
• The Department of Homeland Security / Department of
Defense
2. NSA's People,
§People, technology, and operational security must be
Technol-ogy, and
provided to en-sure end-to-end defense.
Operations Defense
§Availability, confidentiality, integrity, authentication, and
Strategy
nonrepudiation services are key parts of ability to protect
against, detect, react to, and recover from attacks.
§Strong defensive design, with multiple supporting layers that
cover both the individuals who use technology; the technology
itself; and how the daily operations that support, monitor, and
maintain them work
§
3. Basic CIS Controls -Inventory and control of hardware assets
-Inventory and control of software assets
continuous vulnerability management
-controlled use of admin privileges
-secure configuration of hardware and software on mobile
devices, lap-tops, workstations, and servers
maintenance, monitoring, and analysis of audit logs
4. Foundational CIS -email and web browser
Con-trols -malware defenses
-limitation and control of network ports, protocols, and services
-data recovery capabilities
-secure configuration of network devices such as firewalls, routers,
and switches
-boundary defense
-data protection
1/
62
, Cyberwarfare Exam 3 with all Correct & 100% Verified
Answers |Actual Complete Exam |Already Graded A+
-controlled access based on need to
know
2/
62
, Cyberwarfare Exam 3 with all Correct & 100% Verified
Answers |Actual Complete Exam |Already Graded A+
-wireless access control
-account monitoring and control
5. Organizational -Implement a Security Awareness and Training Program
CIS Controls -Application Software Security
-Incident Response and Management
-Penetration Tests and Red Team Exercises
6. The Department of §DoD Instruction 8500.01E is most recent DoD instruction
Homeland Security §Addresses cybersecurity
and Defense in §Does not mention defense in depth per se
Depth §Provides significant amount of information about how the
DoD expects cybersecurity to be implemented
§Includes many of same elements as NSA's People,
Technology, and Operations strategy and the CIS 20 controls
§
DoD Cybersecurity Discipline Implementation plan
•
7. The Department of focuseson four ar-eas:
Homeland Security -strong authentication
and Defense in -device hardening
Depth (Cont.) -reduce attack surface
-•Alignment to cybersecurity/computer network defense
service providers
§"Computer network defense" first used in the late 1990s
8. Computer Network §The Joint Task Force for Computer Network Defense was
De-fense and created in 1998 as part of U.S. Space Command.
Defense in Depth §One of the first highly visible uses of the term "CND"
§U.S. government grew CND into a complete discipline with
dedicated cyberwarfare support organizations.
§Organizations now implement a top-to-bottom CND strategy.
§
3/
62
, Cyberwarfare Exam 3 with all Correct & 100% Verified Answers |
Actual Complete Exam |Already Graded A+
9. Department of -host/desktop
the Navy CND -LAN
De- -WAN
fense-in-Depth -DON GIG
Strate-gy -DoD GIG
Categories
-neglecting layers
-system admins
10. Where and Why -attacking the user
De-fense in -changes in technology
Depth Fails
§Common mistake made in defense-in-depth strategies
occurs when defenders build strong outer layers of
firewalls and network defenses and then neglect the
11. Neglecting Layers: systems in the core of their defensive rings.
Get-ting Past the §Mistake may involve trusted individuals or systems, reliance
Shell on the security of software or hardware, or simply leaving
assets physically accessible
§Examples: 2011 RSA attack
12. RSA Attack
§Security systems require at least one trusted statt member
to adminis-trate them.
§This creates a target for attackers.
13. System Administra-
§System administrators are a dual threat:
tors: Trusted
§They could choose to become attackers themselves.
Attackers
§Their accounts and privileges are targets for attackers, even
if the ad-ministrators can be trusted.
§System administrator privileges are one of the most heavily
4/
62