SEC401 Network Security Essentials 401.1 Questions & Answers Already Passed!!

3 Valid options for Data Protection - Answer-1. Content Discovery - tools that help discover sensitive information in storage 2. Volume Storage Encryption - Protect volumes from being snapshotted, cloned and exposure, protects volumes from being explored by cloud provider, and prevents volumes from being exposed by physical loss of drives. 3. Object Storage Encryption - Same as volume storage encryption plus allows user to to implement VPS (Virtual Private Storage). Volume Storage - Answer-This includes volumes attached to IaaS instances, typically as a virtual hard drive. Volumes often use data dispersion to support resilience and security. Object Storage - Answer-Objects (files) are stored with additional metadata (content type, redundancy required, creation date, etc.). These objects are accessible through APIs and potentially through a web user interface. (example: Dropbox). Types of Object Storage encryption - Answer-File/Folder Encryption, Client/Application Encryption, Proxy Encryption. Data Loss Prevention (DLP) - Answer-A product that, based on central policies, identify, monitor, and protect data at rest, in motion, and in use through deep content analysis. Some ways DLP is handled: 1. Data can be blocked 2. it can be allowed to proceed after the data has been appropriately encrypted Data Migration to the Cloud (detection) - How do you manage unapproved data being moved to cloud services? - Answer-2 steps to help manage unapproved data moving to cloud services: 1. Monitor Large internal data migrations with Database Activity Monitoring and File Activity Monitoring. 2. Monitor data moving to the cloud with URL filters and Data Loss Prevention tools. URL filtering allows you to monitor and prevent users connecting to cloud services.Database Activity Monitoring - Answer-Captures and record all SQL activity in real time or near real time, including database administrator activity, across multiple database platforms; and can generate alerts on policy violations. File Activity Monitoring - Answer-Monitor and record all activity within designated file repositories at the user level, generate alerts on policy violations. Data Dispersion - Answer-A technique that is commonly used to improve data security but without the use of encryption mechanisms. Capable of providing high availability and assurance for data stored in the cloud by means of data fragmentation. Data Fragmentation - Answer-a file is split into a specific number of fragments; all of these are sign and then distributed to a number of remote servers. The user then can reconstruct the file by accessing a certain number of arbitrarily chosen fragments. Barriers to developing full confidence in Security as a Service - Answer-Compliance Multi-tenancy Vendor Lock-in What measures do security as a service providers take to earn the trust of their customers? - Answer- 1. Strong security controls and system lockdown functions 2. Rigid physical security 3. Background checks on personnel Business Continuity Recommendations for Customers hiring Cloud Service Providers - Answer-1. Review contract of third-party commitments to maintain continuity o the provisioned service. 2. Review the third-party BC process 3. Conduct on site assessment 4. Ensure that they receive confirmation of any BCP/DR tests undertaken by the CSP. Disaster Recovery Recommendations for Customers hiring Cloud Service Providers - Answer-1. Do not depend on a single provider of services and have a DR plan in place that facilitates migration or failover should supplier fail. 2. IaaS providers should have a contractual agreements with multiple platform providers that have tools in place to rapidly restore systems in the event of loss.Attacks against cloud infrastructure - Answer-1. VM Traffic Sniffing -Undetectable by traditional monitoring solutions 2. Insecure Cryptography - Where are the Keys? 3. API Attacks - Application Program interface flaws 4. Shared Infrastructure - Lack of "air-gapped" systems 5. Hardware Flaws - spectre and meltdown 6. DoS - attacking the client, attacking the provider 7. Supply Chain Attacks - smaller budget, greater risk 8. Insider threat - Oldie but goodie Account Hijacking - Practice good security hygiene