Docsity
Docsity

Prepare for your exams
Prepare for your exams

Study with the several resources on Docsity


Earn points to download
Earn points to download

Earn points by helping other students or get them with a premium plan


Guidelines and tips
Guidelines and tips

SBOLC Security Fundamentals Exam Review 2024, Exams of Advanced Education

A comprehensive review of the sbolc security fundamentals exam for 2024. It covers a wide range of security-related topics, including acceptable use policies, business impact analysis, botnet attacks, change management, disaster recovery plans, business continuity plans, data loss prevention, domain hijacking, entry point security controls, hashing, hypervisors, kerberos v5, mandatory access control model, md5, nist risk management framework, password policies, public key infrastructure, qualitative and quantitative risk assessments, rootkits, roving security, script kiddies, virtual machine snapshots, vpn tunnel methods, and the differences between incremental and differential data backups. The document also covers organizational policies, port numbers, raid solutions, load balancing, uninterruptible power sources for high availability and redundancy, and the x.509 v3 digital certificate standard.

Typology: Exams

2023/2024

Available from 08/24/2024

Examproff
Examproff 🇺🇸

1

(1)

6K documents

1 / 7

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
SBOLC Security Fundamentals Exam
Review 2024
AUP - ANSWER-Acceptable Use Policy
-Defines the conditions in which company resources may be used
-Object-centric: authorization ground rules
BIA - ANSWER-Business Impact Analysis / Assessment
-Management tool that helps determine the financial impact of business or
organizational changes
-Going through an organization to determine financial impact of disruption or change
Botnet Attack - ANSWER--A network of compromised systems containing malware
which acts as a robot
-Take over multiple machines and allows you to communicate with the bots and exhaust
the victim of resources
Change Management - ANSWER--Policy that defines the formalized manners to
introduce transformations/change within the organization
-Documents and introduces change to the organization
-Change may introduce new risk
-Updates the baselines
Cold Site - ANSWER-Empty facility with established power, HVAC, and network
connectivity to the building
DAC Model - ANSWER-Discretionary Access Control Model
-Creator/owner decides access
-Network users have some flexibility regarding how information is accessed
-Vulnerable to social engineering attacks, example, Trojan horse attacks.
Data Controller - ANSWER-The person who controls the data being released
-Coud release data to a 3rd party and handles sensitive information internally
pf3
pf4
pf5

Partial preview of the text

Download SBOLC Security Fundamentals Exam Review 2024 and more Exams Advanced Education in PDF only on Docsity!

SBOLC Security Fundamentals Exam

Review 2024

AUP - ANSWER-Acceptable Use Policy -Defines the conditions in which company resources may be used -Object-centric: authorization ground rules BIA - ANSWER-Business Impact Analysis / Assessment -Management tool that helps determine the financial impact of business or organizational changes -Going through an organization to determine financial impact of disruption or change Botnet Attack - ANSWER--A network of compromised systems containing malware which acts as a robot -Take over multiple machines and allows you to communicate with the bots and exhaust the victim of resources Change Management - ANSWER--Policy that defines the formalized manners to introduce transformations/change within the organization -Documents and introduces change to the organization -Change may introduce new risk -Updates the baselines Cold Site - ANSWER-Empty facility with established power, HVAC, and network connectivity to the building DAC Model - ANSWER-Discretionary Access Control Model -Creator/owner decides access -Network users have some flexibility regarding how information is accessed -Vulnerable to social engineering attacks, example, Trojan horse attacks. Data Controller - ANSWER-The person who controls the data being released -Coud release data to a 3rd party and handles sensitive information internally

Difference between Disaster Recovery Plan (DRP) and Business Continuity Plan (BCP)

  • ANSWER-DRP: Immediately invoked after a disaster, prioritizing the restoration BCP: How to operate in a reduced state DLP - ANSWER-Data Loss Prevention -Security control that mitigates the accidental unauthorized disclosure of data -Examples: --Removing PII/PHI from emails --Preventing the use of removable media (USB blocking) --Preventing the uploading of sensitive company information to social media sites or untrusted cloud services Domain Hijacking - ANSWER--Unethical actor registers a web domain with a name very similar to a legitimate organization -comptia.org vs comtia.biz -Unethical actor changes the Top Level Domain (TLD: .com/.org/.biz/etc.) Entry Point Security Controls - ANSWER--Security cameras and CCTV -Object detection -Motion-sensitive -Alarms and sensors -Motion detection sensors -Noise sensors -Detect environmental changes -Temperature sensors -Moisture sensors -Proximity cards and readers Hash - ANSWER--A hash is a mathematical function that converts an input of arbitrary length into an encrypted output of a fixed length -Fixed link output (message digest) Hot Site - ANSWER-Warm site capabilities plus established computer, servers, and software Hypervisor - ANSWER--Software component that enforces the sandbox security model -Type 1 Hypervisor: Runs natively within the host's hardware (bare-metal)

-Most restrictive access control model -Nondiscretionary method for information access EX: Securiy clearance, labels, need to know MD5 - ANSWER--a hashing algorithm that results in a 128-bit output. -bit strength is 128 NIST RMF - ANSWER-National Institute of Standards and Technology Risk Management Framework Onboarding Process - ANSWER-Procedures for new employees -Signing of NDAs, AUPs, and signing for equipment Password Policy - ANSWER--Password complexity: entropy (upper case/lower case/special characters) -Password length -Password reuse (minimum password lifetime, maximum password lifetime, history) PKI - ANSWER-Public Key Infrastructure -the set of hardware, software, policies, processes, and procedures required to create, manage, distribute, use, store, and revoke digital certificates and public-keys. -overall framework Proprietary - ANSWER-Internal to an organization, gives you a competitive edge, a design concept you do not want leaked Qualitative Risk Assessment - ANSWER--Based on human opinion or judgement derived from interviews, surveys, benchmarking, scenario-based exercise lessons learned analysis, or cross-functional workshops -Advantages: Impact is easily understood by a large population of employees. Can provide rich information beyond financial impact, such as impact to perceived safety, health, or reputation -Disadvantages: Prone to inaccuracy or exaggeration. Limited usefulness towards cost- benefit analysis

Quantitative Risk Assessment - ANSWER--Requires numerical values or both impact and likelihood using data from a variety of sources -Can be used to support cost-benefit analysis calculations -Advantages: Supports cost-benefit analysis of risk response options. Allows computation of necessary capital to achieve business goals. -Disadvantages: Use of numbers may imply greater precision than what truly exists. Requires concrete units of measure that may cause obscure, or infrequent risk from being recognized. Reciprocal Site - ANSWER--Mutual agreement between partners. -Need a signed MOU Risk Register - ANSWER-A document identifying a list of vulnerabilities and deficiencies RMF - ANSWER-Risk Management Framework -Identifies risk in a 7 Step Model Rootkit - ANSWER--Malware that has the ability to embed itself deep within the OS -Hides from spyware blockers, the anti-virus program, and system utilities -Goal is to subvert the OS security kernel or a privileged, trusted service RoT - ANSWER-Root of Trust -Trustworthy hardware and trustworthy software promoting security to a higher system -A source that can always be trusted within a cryptographic system Roving Security / Guards - ANSWER--Security Guards -Robot Sentries -Drones -UAVs (Note: Dogs are NOT roving guards) RPO - ANSWER-Recovery Point Objective -The amount of acceptable data loss

What is the port for IMAP? - ANSWER-Port 143 What is the port for POP3? - ANSWER-Port 110 What ports does LDAP and LDAPS use? - ANSWER-LDAP: 389 LDAPS: 636 What supports High Availability and Redundancy? - ANSWER--RAID Solution -Load Balancing -UPD (Uninterruptible Power Source) Which RAID level has Block level striping and double distributed parity? - ANSWER- Which RAID level is strictly performance? - ANSWER-RAID 0 X.509 V3 - ANSWER-A digital certificate that contains an extension field that permits any number of additional fields to be added to the certificate.