Defense-in-Depth
Define Vulnerabilities
A weakness in a system or its design that could be exploited by a threat actor
Define BYOD
1.Bring Your Own Device
2. A policy that enables employees to use their own mobile devices to access company systems, software, networks, or information
What are three access control security services?
Authorization, Accounting, Authentication
What is SecurityNewsWire?
A security news portal that aggregates the latest breaking news pertaining to alerts, exploits, and vulnerabilities.
What is the free service that is offered by the U.S. Department of Homeland Security?
AIS (Automated Indicator Sharing)
What is the Security Onion?
A common analogy used to describe a defense-in-depth approach
Name one security practices to help migrate BYOD vulnerabilities
Password protected access, Manually control wireless connectivity, Keep updated ,Back up data,Enable “Find my Device” and more
Which component of AAA is used to determine which resources a user can access and which operations the user is allowed to perform?
Authorization
What is the purpose of Cisco Cybersecurity Reports?
To provide an update on the state of security preparedness, expert analysis of top vulnerabilities, factors behind the explosion of attacks using adware, spam, and more.
What is a world leading threat intelligence team with a goal to help protect enterprise users, data, and infrastructure from active adversaries?
Talos
Define a Threat
Any potential danger to an asset
What component of a security policy explicitly defines the type of traffic allowed on a network and what users are allowed and not allowed to do?
Acceptable Use Policy
Which access control model is based on attributes of the object (resource) to be accessed, the subject (user) accessing the resource, and environmental factors regarding how the object is to be accessed, such as time of day?
Attribute-based
What is the primary function of (ISC2)?
to provide vendor neutral education products and career services
Which security operations platform integrates and enhances a range of security tools and threat intelligence?
HINT-🔥👁️
FireEye Helix
What is the Security Artichoke?
A analogy to show how the changes in the landscape of network as made things easier for hackers
Which areas must an IT security person understand in order to identify vulnerabilities on a network?
1.Hardware used by application
2.Important Application Used
Which access control model applies the strictest access control and is typically used in military or mission critical applications?
Mandatory
What is the primary function of SANS?
To maintain the Internet Storm Center(a popular internet early warning system)
What are three threat intelligence information sharing specifications?
STIX ,TAXII,CybOX
What device is usually the first line of defense in a defense-in-depth approach?
Edge Router
The security policy of an organization allows employees to connect to the office intranet from their homes. Which type of security policy is this?
Remote Access
A server log includes this entry: User student accessed host server ABC using Telnet yesterday for 10 minutes. What type of log entry is this?
Accounting
What does SANS stand for?
SysAdmin, Audit, Network, Security
What does TAXII stand for?
Trusted Automated Exchange of Indicator Information