GSEC 401.2 Defense In Depth
GSEC 401.2 Defense in Depth Exam
Guide 2024-2025 GRADED A
Inbound Network Traffic -Correct Answer ✔* Monitor Inbound network prevention
Outbound Network Traffic -Correct Answer ✔* Monitor Outbound network detection
* Majority of problems are outbound
defense in depth -Correct Answer ✔* Diversify to keep the vulnerabilities at a minimum
Risk (Formula) -Correct Answer ✔Threat x Vulnerability (to that threat)
Three TOP 20 Lists (Outbound Traffic) -Correct Answer ✔1) Number Connections
2) Length of Connections
3) Amount of Data
------------------------
(High false positives, but increase the accuracy of Vulnerabilities)
4a) Percent of Encrypted Traffic
4b) Destination IP Address
Risk Analysis Questions -Correct Answer ✔* Before a company spends a dollar of it's
money or a minute of its time; answer the 3 questions
-------------
1) What is the *Risk*
2) Is it the *Highest Priority* risk
3) *Cost Effective* way of reducing the risk
Top 5 List of Threats -Correct Answer ✔Critical Data and Process that support it
Likely Threats
Most likely Vulnerabilities
Questions for CEOs -Correct Answer ✔What are the things that worry you most?
What could cause you to be removed from the board?
What keeps you up at night?
Reduce Risk -Correct Answer ✔To reduce risk lets reduce Vulnerabilities
3 Goals of Security (CIA Triad) -Correct Answer ✔1) Confidentiality / Disclosure
2) Integrity / Alteration
3) Availability / Destruction
Confidentiality vs Disclosure -Correct Answer ✔Only shared among authorized persons
or organisations
GSEC 401.2 Defense In Depth
, GSEC 401.2 Defense In Depth
Integrity vs Alteration -Correct Answer ✔Authentic an complete.
Sufficient and Accurate
Trustworthy and reliable
Availability vs Destruction -Correct Answer ✔Accessible when needed by those who
need it
Network Visibility Tree -Correct Answer ✔* Breakdown by IP Address and Port
ex 10.0.0.X
/\
10.0.0.3 10.0.0.10
/|\/|\
23 110 5150 43 210 443
* Identify unnecessary use of ports
4 approaches to Defense In Depth -Correct Answer ✔1) Uniform Protection
2) Protected Enclaves
3) Information Centric
4) Threat Vector Analysis
Uniform Protection -Correct Answer ✔1) Most common approach to DiD
2) Firewall, VPN, Intrusion, Detection, Antivirus, Patching
3) All parts of the organization receive equal protection
4) Treats all the systems the same
Protected Enclaves -Correct Answer ✔1) Work groups that require additional protection
are segmented from the rest of the internal organization
2) Restricting access to critical segments
3) Internal Firewalls
4) VLANs and ACLs
Information Centric -Correct Answer ✔1) Identify critical assets and provide layered
protection
2) Data is accessed by applications
3) Applications reside on hosts
4) Hosts operate on networks
Vector-Oriented -Correct Answer ✔1) The threat requires a vector to cross the
vulnerability
2) Stop the ability of th threat to use the vector:
a) USB Thumb drives - Disable USB
b) Auto Answer Modems - Digital Phone PBX
GSEC 401.2 Defense In Depth
GSEC 401.2 Defense in Depth Exam
Guide 2024-2025 GRADED A
Inbound Network Traffic -Correct Answer ✔* Monitor Inbound network prevention
Outbound Network Traffic -Correct Answer ✔* Monitor Outbound network detection
* Majority of problems are outbound
defense in depth -Correct Answer ✔* Diversify to keep the vulnerabilities at a minimum
Risk (Formula) -Correct Answer ✔Threat x Vulnerability (to that threat)
Three TOP 20 Lists (Outbound Traffic) -Correct Answer ✔1) Number Connections
2) Length of Connections
3) Amount of Data
------------------------
(High false positives, but increase the accuracy of Vulnerabilities)
4a) Percent of Encrypted Traffic
4b) Destination IP Address
Risk Analysis Questions -Correct Answer ✔* Before a company spends a dollar of it's
money or a minute of its time; answer the 3 questions
-------------
1) What is the *Risk*
2) Is it the *Highest Priority* risk
3) *Cost Effective* way of reducing the risk
Top 5 List of Threats -Correct Answer ✔Critical Data and Process that support it
Likely Threats
Most likely Vulnerabilities
Questions for CEOs -Correct Answer ✔What are the things that worry you most?
What could cause you to be removed from the board?
What keeps you up at night?
Reduce Risk -Correct Answer ✔To reduce risk lets reduce Vulnerabilities
3 Goals of Security (CIA Triad) -Correct Answer ✔1) Confidentiality / Disclosure
2) Integrity / Alteration
3) Availability / Destruction
Confidentiality vs Disclosure -Correct Answer ✔Only shared among authorized persons
or organisations
GSEC 401.2 Defense In Depth
, GSEC 401.2 Defense In Depth
Integrity vs Alteration -Correct Answer ✔Authentic an complete.
Sufficient and Accurate
Trustworthy and reliable
Availability vs Destruction -Correct Answer ✔Accessible when needed by those who
need it
Network Visibility Tree -Correct Answer ✔* Breakdown by IP Address and Port
ex 10.0.0.X
/\
10.0.0.3 10.0.0.10
/|\/|\
23 110 5150 43 210 443
* Identify unnecessary use of ports
4 approaches to Defense In Depth -Correct Answer ✔1) Uniform Protection
2) Protected Enclaves
3) Information Centric
4) Threat Vector Analysis
Uniform Protection -Correct Answer ✔1) Most common approach to DiD
2) Firewall, VPN, Intrusion, Detection, Antivirus, Patching
3) All parts of the organization receive equal protection
4) Treats all the systems the same
Protected Enclaves -Correct Answer ✔1) Work groups that require additional protection
are segmented from the rest of the internal organization
2) Restricting access to critical segments
3) Internal Firewalls
4) VLANs and ACLs
Information Centric -Correct Answer ✔1) Identify critical assets and provide layered
protection
2) Data is accessed by applications
3) Applications reside on hosts
4) Hosts operate on networks
Vector-Oriented -Correct Answer ✔1) The threat requires a vector to cross the
vulnerability
2) Stop the ability of th threat to use the vector:
a) USB Thumb drives - Disable USB
b) Auto Answer Modems - Digital Phone PBX
GSEC 401.2 Defense In Depth
