Home > Articles > Security Principles

Security Principles

Contents

  1. "Do I Know This Already?" Quiz
  2. Foundation Topics
  3. Exam Preparation Tasks

Chapter Description

In this sample chapter from CCNA Cyber Ops SECFND #210-250 Official Cert Guide, explore principles of the defense-in-depth strategy, risk assessments, and more.

This chapter covers the following topics:

  • Describe the principles of the defense-in-depth strategy.

  • What are threats, vulnerabilities, and exploits?

  • Describe Confidentiality, Integrity, and Availability.

  • Describe risk and risk analysis.

  • Define what personally identifiable information (PII) and protected health information (PHI) are.

  • What are the principles of least privilege and separation of duties?

  • What are security operation centers (SOCs)?

  • Describe cyber forensics.

This chapter covers the principles of the defense-in-depth strategy and compares and contrasts the concepts of risk, threats, vulnerabilities, and exploits. This chapter also defines what are threat actors, run book automation (RBA), chain of custody (evidentiary), reverse engineering, sliding window anomaly detection, Personally Identifiable Information (PII), Protected Health Information (PHI), as well as what is the principle of least privilege, and how to perform separation of duties. It also covers concepts of risk scoring, risk weighting, risk reduction, and how to perform overall risk assessments.

“Do I Know This Already?” Quiz

The “Do I Know This Already?” quiz helps you identify your strengths and deficiencies in this chapter’s topics. The 11-question quiz, derived from the major sections in the “Foundation Topics” portion of the chapter, helps you determine how to spend your limited study time. You can find the answers in Appendix A Answers to the “Do I Know This Already?” Quizzes and Q&A Questions.

Table 3-1 outlines the major topics discussed in this chapter and the “Do I Know This Already?” quiz questions that correspond to those topics.

Table 3-1 “Do I Know This Already?” Foundation Topics Section-to-Question Mapping

Foundation Topics Section

Questions Covered in This Section

The Principles of the Defense-in-Depth Strategy

1–2

What Are Threats, Vulnerabilities, and Exploits?

3–6

Risk and Risk Analysis

7

Personally Identifiable Information and Protected Health Information

8

Principle of Least Privilege and Separation of Duties

9

Security Operation Centers

10

Forensics

11

  1. What is one of the primary benefits of a defense-in-depth strategy?

    1. You can deploy advanced malware protection to detect and block advanced persistent threats.

    2. You can configure firewall failover in a scalable way.

    3. Even if a single control (such as a firewall or IPS) fails, other controls can still protect your environment and assets.

    4. You can configure intrusion prevention systems (IPSs) with custom signatures and auto-tuning to be more effective in the network.

  2. Which of the following planes is important to understand for defense in depth?

    1. Management plane

    2. Failover plane

    3. Control plane

    4. Clustering

    5. User/data plane

    6. Services plane

  3. Which of the following are examples of vulnerabilities?

    1. Advanced threats

    2. CVSS

    3. SQL injection

    4. Command injection

    5. Cross-site scripting (XSS)

    6. Cross-site request forgery (CSRF)

  4. What is the Common Vulnerabilities and Exposures (CVE)?

    1. An identifier of threats

    2. A standard to score vulnerabilities

    3. A standard maintained by OASIS

    4. A standard for identifying vulnerabilities to make it easier to share data across tools, vulnerability repositories, and security services

  5. Which of the following is true when describing threat intelligence?

    1. Threat intelligence’s primary purpose is to make money by exploiting threats.

    2. Threat intelligence’s primary purpose is to inform business decisions regarding the risks and implications associated with threats.

    3. With threat intelligence, threat actors can become more efficient to carry out attacks.

    4. Threat intelligence is too difficult to obtain.

  6. Which of the following is an open source feed for threat data?

    1. Cyber Squad ThreatConnect

    2. BAE Detica CyberReveal

    3. MITRE CRITs

    4. Cisco AMP Threat Grid

  7. What is the Common Vulnerability Scoring System (CVSS)?

    1. A scoring system for exploits.

    2. A tool to automatically mitigate vulnerabilities.

    3. A scoring method that conveys vulnerability severity and helps determine the urgency and priority of response.

    4. A vulnerability-mitigation risk analysis tool.

  8. Which of the following are examples of personally identifiable information (PII)?

    1. Social security number

    2. Biological or personal characteristics, such as an image of distinguishing features, fingerprints, x-rays, voice signature, retina scan, and geometry of the face

    3. CVE

    4. Date of birth

  9. Which of the following statements are true about the principle of least privilege?

    1. Principle of least privilege and separation of duties can be considered to be the same thing.

    2. The principle of least privilege states that all users—whether they are individual contributors, managers, directors, or executives—should be granted only the level of privilege they need to do their job, and no more.

    3. Programs or processes running on a system should have the capabilities they need to “get their job done,” but no root access to the system.

    4. The principle of least privilege only applies to people.

  10. What is a runbook?

    1. A runbook is a collection of processes running on a system.

    2. A runbook is a configuration guide for network security devices.

    3. A runbook is a collection of best practices for configuring access control lists on a firewall and other network infrastructure devices.

    4. A runbook is a collection of procedures and operations performed by system administrators, security professionals, or network operators.

  11. Chain of custody is the way you document and preserve evidence from the time you started the cyber forensics investigation to the time the evidence is presented at court. Which of the following is important when handling evidence?

    1. Documentation about how and when the evidence was collected

    2. Documentation about how evidence was transported

    3. Documentation about who had access to the evidence and how it was accessed

    4. Documentation about the CVSS score of a given CVE

2. Foundation Topics | Next Section

There are currently no related articles. Please check back later.