1
SANS - SEC 301 and CCNA Learning
Set Test Bank Exam NEWEST
VERSION b WITH COMPLETE
QUESTIONS AND CORRECT
DETAILED ANSWERSLATEST UPDATE
Everyone can do everything they need to do and nothing more. Bradley Manning -
WikiLeaks Target - HVAC hack - ✔✔✔ANSW✔✔..Principle of Least Privilege
The cornerstone of all security: Everyting done in security addresses one or more of
these three things
Confidentiality, Integrity, availability
Confidentiality - Only those who need to access something can; ties into principle
of least privilege
Integrity - data is edited correctly and by the right people. Failure ex.: Delta $5
tickets round trip tickets to anywhere Delta flies/attach on pricing database
Availability - If you cannot use it, why do you have it? - ✔✔✔ANSW✔✔..CIA Triad
Pharmaceuticals and government, research - ✔✔✔ANSW✔✔..Confidentiality
Financials maintained in part by confidentiality - ✔✔✔ANSW✔✔..Integrity
eCommerce Ex. Amazon make $133,000/per minute thus denial of service is
critical business impact; power company need to keep lights on = availability issue
- ✔✔✔ANSW✔✔..Availability
Authentication, Authorization, Accountability - ✔✔✔ANSW✔✔..AAA
Detailed steps to make policy happen - ✔✔✔ANSW✔✔..Procedure
Policy, Procedure and Training - ✔✔✔ANSW✔✔..PPT
,2
Users must know what policies and procedures say to follow them. -
✔✔✔ANSW✔✔..Training
Broad general statement of management's intent to protect information -
✔✔✔ANSW✔✔..Policy
A security professional needs to be:
1/3 technologist
1/3 manager
1/3 lawyer
-Tkhis is the perfect summation of the career field.
-Technology supports security efforts
-Management decisions (and budgets) drive security
-Legal issues mandate security requirements - ✔✔✔ANSW✔✔..Security by Thirds
Senior Mgmt:
-Has legal responsibility to protect the assets of the org:
That give him the ultimate responsibility for security
-Authority can be delegated - responsibility cannot be
Data owner - person or office with primary responsibility for data; owners
determine classification, protective measures and more
Data custodian - the person/group that implement the controls; make the decisions
of the owner happens
Users - use data; are also automatically data custodians -
✔✔✔ANSW✔✔..Security Roles and Responsiblities
safety of people - ✔✔✔ANSW✔✔..Number 1 Goal of Security
years ago: teenagers
today: we face organized crime and nation states
-well funded
-highly motivated
disgruntled insider: difficult to counter; tends to be subtle; often damaging or even
devastating
,3
Accidental insider: common; also tend to be subtle; in aggregate - even ore
damaging
Outsider threat source - inside threat actor: a growing proble, the current most-
common attack vector
2014 - 47% of U. S. adults had private data compromised in a breach (NBC News)
FBI can prove it was North Korea that attacked Sony - ✔✔✔ANSW✔✔..Nature of
the Threat
- ✔✔✔ANSW✔✔..Security Policy
- ✔✔✔ANSW✔✔..Separation of Duties
- ✔✔✔ANSW✔✔..Acceptable Use Policy
verify identity; is Keith really Keith?
(1) Verifying the integrity of a transmitted message. See message integrity, e-mail
authentication and MAC.
(2) Verifying the identity of a user logging into a network. Passwords, digital
certificates, smart cards and biometrics can be used to prove the identity of the
client to the network. Passwords and digital certificates can also be used to identify
the network to the client. The latter is important in wireless networks to ensure that
the desired network is being accessed. See identity management, identity
metasystem, OpenID, human authentication, challenge/response, two-factor
authentication, password, digital signature, IP spoofing, biometrics and CAPTCHA.
Four Levels of Proof
There are four levels of proof that people are indeed who they say they are. None of
them are entirely foolproof, but in order of least to most secure, they are:
1 - What You Know
Passwords are - ✔✔✔ANSW✔✔..Authentication
- ✔✔✔ANSW✔✔..Biometric
, 4
Control what they are allowed to do. Although we know Keith is Keith, what can
Keith do? - ✔✔✔ANSW✔✔..Authorization
- ✔✔✔ANSW✔✔..Accountability
Harden, patch & monitor - ✔✔✔ANSW✔✔..HPM
Monitor what has been done. Although we know Keith is Keith, what did Keith do? -
✔✔✔ANSW✔✔..Accountability
- ✔✔✔ANSW✔✔..Awareness Training Programs
Prevent /defense as much as you can; detect for everything else; or if the preventive
measures fail, respond to what is detected
-Prevention is ideal
-detection is a must
-detection without response is useless -
✔✔✔ANSW✔✔..Prevent/Detect/Respond (PRD)
The protection of data, networks and computing power. The protection of data
(information security) is the most important. The protection of networks is
important to prevent loss of server resources as well as to protect the network from
being used for illegal purposes. The protection of computing power is relevant only
to expensive machines such as large supercomputers. -
✔✔✔ANSW✔✔..computer security
The protection of data against unauthorized access. Programs and data can be
secured by issuing passwords and digital certificates to authorized users. However,
passwords only validate that a correct number has been entered, not that it is the
actual person. Digital certificates and biometric techniques (fingerprints, eyes,
voice, etc.) provide a more secure method (see authentication). After a user has
been authenticated, sensitive data can be encrypted to prevent eavesdropping (see
cryptography).
Authorized Users Can Be the Most Dangerous
SANS - SEC 301 and CCNA Learning
Set Test Bank Exam NEWEST
VERSION b WITH COMPLETE
QUESTIONS AND CORRECT
DETAILED ANSWERSLATEST UPDATE
Everyone can do everything they need to do and nothing more. Bradley Manning -
WikiLeaks Target - HVAC hack - ✔✔✔ANSW✔✔..Principle of Least Privilege
The cornerstone of all security: Everyting done in security addresses one or more of
these three things
Confidentiality, Integrity, availability
Confidentiality - Only those who need to access something can; ties into principle
of least privilege
Integrity - data is edited correctly and by the right people. Failure ex.: Delta $5
tickets round trip tickets to anywhere Delta flies/attach on pricing database
Availability - If you cannot use it, why do you have it? - ✔✔✔ANSW✔✔..CIA Triad
Pharmaceuticals and government, research - ✔✔✔ANSW✔✔..Confidentiality
Financials maintained in part by confidentiality - ✔✔✔ANSW✔✔..Integrity
eCommerce Ex. Amazon make $133,000/per minute thus denial of service is
critical business impact; power company need to keep lights on = availability issue
- ✔✔✔ANSW✔✔..Availability
Authentication, Authorization, Accountability - ✔✔✔ANSW✔✔..AAA
Detailed steps to make policy happen - ✔✔✔ANSW✔✔..Procedure
Policy, Procedure and Training - ✔✔✔ANSW✔✔..PPT
,2
Users must know what policies and procedures say to follow them. -
✔✔✔ANSW✔✔..Training
Broad general statement of management's intent to protect information -
✔✔✔ANSW✔✔..Policy
A security professional needs to be:
1/3 technologist
1/3 manager
1/3 lawyer
-Tkhis is the perfect summation of the career field.
-Technology supports security efforts
-Management decisions (and budgets) drive security
-Legal issues mandate security requirements - ✔✔✔ANSW✔✔..Security by Thirds
Senior Mgmt:
-Has legal responsibility to protect the assets of the org:
That give him the ultimate responsibility for security
-Authority can be delegated - responsibility cannot be
Data owner - person or office with primary responsibility for data; owners
determine classification, protective measures and more
Data custodian - the person/group that implement the controls; make the decisions
of the owner happens
Users - use data; are also automatically data custodians -
✔✔✔ANSW✔✔..Security Roles and Responsiblities
safety of people - ✔✔✔ANSW✔✔..Number 1 Goal of Security
years ago: teenagers
today: we face organized crime and nation states
-well funded
-highly motivated
disgruntled insider: difficult to counter; tends to be subtle; often damaging or even
devastating
,3
Accidental insider: common; also tend to be subtle; in aggregate - even ore
damaging
Outsider threat source - inside threat actor: a growing proble, the current most-
common attack vector
2014 - 47% of U. S. adults had private data compromised in a breach (NBC News)
FBI can prove it was North Korea that attacked Sony - ✔✔✔ANSW✔✔..Nature of
the Threat
- ✔✔✔ANSW✔✔..Security Policy
- ✔✔✔ANSW✔✔..Separation of Duties
- ✔✔✔ANSW✔✔..Acceptable Use Policy
verify identity; is Keith really Keith?
(1) Verifying the integrity of a transmitted message. See message integrity, e-mail
authentication and MAC.
(2) Verifying the identity of a user logging into a network. Passwords, digital
certificates, smart cards and biometrics can be used to prove the identity of the
client to the network. Passwords and digital certificates can also be used to identify
the network to the client. The latter is important in wireless networks to ensure that
the desired network is being accessed. See identity management, identity
metasystem, OpenID, human authentication, challenge/response, two-factor
authentication, password, digital signature, IP spoofing, biometrics and CAPTCHA.
Four Levels of Proof
There are four levels of proof that people are indeed who they say they are. None of
them are entirely foolproof, but in order of least to most secure, they are:
1 - What You Know
Passwords are - ✔✔✔ANSW✔✔..Authentication
- ✔✔✔ANSW✔✔..Biometric
, 4
Control what they are allowed to do. Although we know Keith is Keith, what can
Keith do? - ✔✔✔ANSW✔✔..Authorization
- ✔✔✔ANSW✔✔..Accountability
Harden, patch & monitor - ✔✔✔ANSW✔✔..HPM
Monitor what has been done. Although we know Keith is Keith, what did Keith do? -
✔✔✔ANSW✔✔..Accountability
- ✔✔✔ANSW✔✔..Awareness Training Programs
Prevent /defense as much as you can; detect for everything else; or if the preventive
measures fail, respond to what is detected
-Prevention is ideal
-detection is a must
-detection without response is useless -
✔✔✔ANSW✔✔..Prevent/Detect/Respond (PRD)
The protection of data, networks and computing power. The protection of data
(information security) is the most important. The protection of networks is
important to prevent loss of server resources as well as to protect the network from
being used for illegal purposes. The protection of computing power is relevant only
to expensive machines such as large supercomputers. -
✔✔✔ANSW✔✔..computer security
The protection of data against unauthorized access. Programs and data can be
secured by issuing passwords and digital certificates to authorized users. However,
passwords only validate that a correct number has been entered, not that it is the
actual person. Digital certificates and biometric techniques (fingerprints, eyes,
voice, etc.) provide a more secure method (see authentication). After a user has
been authenticated, sensitive data can be encrypted to prevent eavesdropping (see
cryptography).
Authorized Users Can Be the Most Dangerous
