SBOLC Security Fundamentals EXAM
QUESTIONS AND ANSWERS
NIST - ANSWER>>National Institute of Standards and Technology
What is the NIST Risk Management Framework (RMF)? - ANSWER>>-
Overall framework for the U.S. federal government to manage
organizational risk throughout the system development life cycle
-Focuses on security control selection, deployment, and auditing
using a seven-step model
-Includes certification and accreditation
Clean Desk Policy - ANSWER>>Secure sensitive items when not in use
Principle of least privilege management - ANSWER>>Just what you
need to do your job
Mandatory vacations - ANSWER>>-best way to uncover fraud
-part of onboarding procedures
Job Rotation (rotation of duties) - ANSWER>>-Identify or uncover
fraud
-Cross training / Experience for employees
Separation of Duties - ANSWER>>Partitions responsibilities to
minimize abuse or fraud
,Hiring and Termination Policy Elements - ANSWER>>-Background
checks
-Social media analysis
-Onboarding procedures (NDA/AUP/Sign for equipment)
-Offboarding procedures (NDA/Return of equipment)
-Exit interview
-Non-disclosure Agreement (NDA)
AUP - ANSWER>>Acceptable Use Policy
EOL - ANSWER>>End of Life
EOS - ANSWER>>End of Service
MOA - ANSWER>>Memorandum of Agreement
-A legally binding written document between multiple parties on a
project detailing how they will work together to achieve
agreed-upon goals and objectives.
MOU - ANSWER>>Memorandum of Understanding
-A less formal agreement of mutual goals between two or more
organizations with a focus on partitioning of responsibilities
BPA - ANSWER>>Business Partners Agreement
-A written agreement defining the general relationship between
,business partners with a focus on financial matters
Information Lifecycle Model - ANSWER>>-Creation
-Processing
-Dissemination
-Usage
-Storage
-Disposal
Generic Information Classifications - ANSWER>>-Low
-Medium
-High
Military Information Classifications - ANSWER>>-Unclassified
-Confidential
-Secret
-Top Secret
Business Information Classifications - ANSWER>>-Public
-Private
-Proprietary
-Confidential
Types of Protected Information - ANSWER>>-Personally Identifiable
Information (PII)
-Personal/Protected Health Information (PHI)
-Financial Information
-Government Data
, -Customer Data
Risk Management - ANSWER>>The process of identifying, monitoring,
and reducing risk to an acceptable level.
Risk Analysis - ANSWER>>-Threat (the potential to cause harm to an
asset)
-Vulnerability (a flaw or hole in the security posture)
-Exploit (a method or technique used to manipulate a faw)
-Safeguard (a mitigation security control)
Risk Management Strategies - ANSWER>>-Acceptance: Have an
established plan of action
-Avoidance: Removing the activity that creates risk
-Transference: Offloading the risk to an external party
-Mitigation: Reducing risk by installing security control, safeguard, or
countermeasures
Types of RIsk - ANSWER>>-Externally-Derived Risk
-Internally-Derived Risk
-Legacy Systems
-Multiparty Involvement
QUESTIONS AND ANSWERS
NIST - ANSWER>>National Institute of Standards and Technology
What is the NIST Risk Management Framework (RMF)? - ANSWER>>-
Overall framework for the U.S. federal government to manage
organizational risk throughout the system development life cycle
-Focuses on security control selection, deployment, and auditing
using a seven-step model
-Includes certification and accreditation
Clean Desk Policy - ANSWER>>Secure sensitive items when not in use
Principle of least privilege management - ANSWER>>Just what you
need to do your job
Mandatory vacations - ANSWER>>-best way to uncover fraud
-part of onboarding procedures
Job Rotation (rotation of duties) - ANSWER>>-Identify or uncover
fraud
-Cross training / Experience for employees
Separation of Duties - ANSWER>>Partitions responsibilities to
minimize abuse or fraud
,Hiring and Termination Policy Elements - ANSWER>>-Background
checks
-Social media analysis
-Onboarding procedures (NDA/AUP/Sign for equipment)
-Offboarding procedures (NDA/Return of equipment)
-Exit interview
-Non-disclosure Agreement (NDA)
AUP - ANSWER>>Acceptable Use Policy
EOL - ANSWER>>End of Life
EOS - ANSWER>>End of Service
MOA - ANSWER>>Memorandum of Agreement
-A legally binding written document between multiple parties on a
project detailing how they will work together to achieve
agreed-upon goals and objectives.
MOU - ANSWER>>Memorandum of Understanding
-A less formal agreement of mutual goals between two or more
organizations with a focus on partitioning of responsibilities
BPA - ANSWER>>Business Partners Agreement
-A written agreement defining the general relationship between
,business partners with a focus on financial matters
Information Lifecycle Model - ANSWER>>-Creation
-Processing
-Dissemination
-Usage
-Storage
-Disposal
Generic Information Classifications - ANSWER>>-Low
-Medium
-High
Military Information Classifications - ANSWER>>-Unclassified
-Confidential
-Secret
-Top Secret
Business Information Classifications - ANSWER>>-Public
-Private
-Proprietary
-Confidential
Types of Protected Information - ANSWER>>-Personally Identifiable
Information (PII)
-Personal/Protected Health Information (PHI)
-Financial Information
-Government Data
, -Customer Data
Risk Management - ANSWER>>The process of identifying, monitoring,
and reducing risk to an acceptable level.
Risk Analysis - ANSWER>>-Threat (the potential to cause harm to an
asset)
-Vulnerability (a flaw or hole in the security posture)
-Exploit (a method or technique used to manipulate a faw)
-Safeguard (a mitigation security control)
Risk Management Strategies - ANSWER>>-Acceptance: Have an
established plan of action
-Avoidance: Removing the activity that creates risk
-Transference: Offloading the risk to an external party
-Mitigation: Reducing risk by installing security control, safeguard, or
countermeasures
Types of RIsk - ANSWER>>-Externally-Derived Risk
-Internally-Derived Risk
-Legacy Systems
-Multiparty Involvement
