Phishing for Profits
A company has instituted a policy to prevent data leakage. The policy requires that any data stored on USB storage devices must be encrypted with at least 256-bit encryption.
Which principle that is part of the Parkerian hexad but not the CIA triad would be violated if one of these devices was stolen?
Possession
protects the privacy of their customers ' non - public personal information
Gramm-Leach-Biley Act (GLBA)
An organization notices unauthorized visitors following employees through a restricted doorway.
Which vulnerability should be addressed in the organization's security policy?
Tailgating
defines rules for government agencies contracting with cloud providers.
FedRAMP
Which security solution can an organization deploy to prevent unauthorized external access to its internal network?
Firewall
While visiting a country in the European Union, an American purchases an expensive bottle of perfume with a credit card.
What does the European Union Directive 95/46/EC regulation safeguard for the purchaser?
Personally Identifiable information (PII)
for trade companies to maintain accurate financial records and disclose financial information in a timely manner
Sarbanes-Oxley Act(SOX)
An organization employs a VPN to safeguard its information. Which security principle is protected by a VPN?
Data In Motion
A hospital allows its patients to pay by credit card.
Which set of regulations apply to the hospital's operations?
Hint: There are 2.
PCI DSS & HIPAA
An organization wants to minimize the impact of user credential theft by ensuring that only HR staff can access employee personal information.
Which security mechanism should it implement?
principle of least privilege
is a body first created in 1926 to set standards between nations.
ISO
A company developing and distributing open source applications realizes that attackers are copying the publicly available, open source code and inserting malware into the code.
Which type of cryptographic tool should the company use to protect the integrity of its open source applications?
Hashing
A company has an annual audit of installed software and data storage systems. During the audit, the auditor asks how the company's most critical data is used. This determination helps the auditor ensure that the proper defense mechanisms are in place to protect critical data. Which principle of the Parkerian hexad is the auditor addressing?
Utility
originally created in the early 1900s to develop standards for weights and measures and serve as a national laboratory. Over time, its mission has evolved to include promoting technology and innovation in the United States.
NIST
A petroleum company has a group of computers used to monitor flow of materials in the refining process. These computers are never connected to the Internet or other corporate network, and they host proprietary monitoring software which the company has registered as a trade secret.
Which type of security will be able to help protect its software against theft?
Physical
Which tool should an application developer use to help identify input validation vulnerabilities?
Fuzzers
This proactive process involves applying updates, disabling unnecessary services, configuring security settings, and using firewalls to protect an operating system from vulnerabilities. It’s your first line of defense after a server running an outdated OS is compromised by malware. What is this process?
OS Hardening
An attacker performs a buffer overflow attack on an organization's web server. The web server locks up and must be restarted to restore functionality.
Which part of the CIA triad is under attack?
Availability
A bank website accepts online loan applications. It requires applicants to review and sign a disclosure document explaining the organization's information sharing practices.
Which federal law protects consumer's financial information?
GLBA
A bank wants to ensure user interactions with the online banking website are confidential.
Which security solution should be implemented?
SSL/TLS
A set of symmetric block ciphers endorsed by the US government through NIST. Shares the same block modes that DES uses and also includes other modes such as XEX-based Tweaked CodeBook (TCB) mode
AES
A combination of DAC and MAC, primarily concerned with the confidentiality of the resource. Two security properties define how information can flow to and from the resource: the simple security property and the * property.
The Bell-LaPadula model
You are a cybersecurity analyst tasked with investigating a potential breach in your organization's network. The incident response team suspects that an attacker has exploited a vulnerability to gain unauthorized access. Your objectives are:
Given the tools below (Nessus, Wireshark, Burp Suite, Fuzzers, Honeypots, Nmap), explain which tool(s) you would prioritize for each objective and why.
1. Nessus
2.WireShark
3. Nmap
What two items are an indicator of which sets of compliance standards your company might fall under?
Industry & Data Type
Imagine you are working on a disaster response team, and a hurricane has just hit a major coastal city. Your task is to identify the most affected neighborhoods and prioritize areas for immediate relief efforts. You have access to satellite imagery, social media posts, emergency hotline call data, and weather forecasts.
What types of Intelligence is used in this scenario?
Hint: 3 Different Types of Intelligence is Used
GEOINT, SIGINT, OSINT