1
Q
What are physical security controls?
A
Physical security controls are measures designed to protect the overall IT infrastructure by complementing logical security features.
2
Q
What do logical security features include?
A
Logical security features include permissions, firewall rules, and data encryption, which are not physical devices.
3
Q
What do physical security controls help prevent?
A
They help prevent unauthorized access, tampering, or theft of hardware or sensitive data.
4
Q
What are the layers of physical security controls?
A
Physical security controls are typically layered into perimeter, facility, and device-level controls.
5
Q
What is an access control vestibule?
A
An access control vestibule, or mantrap, is a two-door system requiring authentication at each point to prevent tailgating and piggybacking.
6
Q
What are some examples of access control methods?
A
Access control methods include mechanical and electronic door locks, PIN pads, card-based locks, and biometric systems.
7
Q
What is the purpose of fencing in perimeter security?
A
Fencing helps to deter unauthorized entry and define boundaries.
8
Q
What is a bollard?
A
A bollard is a physical barrier to stop vehicle-based threats, often placed near data centers and main entrances.
9
Q
What are badge readers used for?
A
Badge readers scan access cards and can log entry times and trigger alerts for unauthorized scans.
10
Q
What types of biometric authentication are there?
A
Biometric authentication includes:
- fingerprint
- retina, palm
- facial recognition
11
Q
What are some surveillance techniques used in physical security?
A
- closed-circuit TV systems (CCTV)
- motion sensors, and alarms
12
Q
What is the benefit of integrating surveillance with logical access control systems?
A
Integration creates an audit trail, allowing for review of access.
13
Q
What is a best practice for physical security implementation?
A
Performing regular risk assessments to identify vulnerabilities is a best practice.
14
Q
What is logical security in IT environments?
A
Logical security focuses on controlling digital access to systems, networks, and data, complementing physical security by protecting against both remote and internal threats.
15
Q
What are the core components of logical security implementation?
A
The core components include:
- authentication mechanisms
- authorization policies
- access control tools
16
Q
What is multi-factor authentication?
A
Multi-factor Authentication (MFA) enhances security by requiring more than one means of identifying yourself, typically a combination of something you know, have, and are.
17
Q
What are common elements of multi-factor authentication?
A
Common elements include:
password (something you know)
a smartphone or token (something you have)
biometrics (something you are)
18
Q
How does multi-factor authentication improve security?
A
It makes it more difficult for intruders to gain access, as they would need to compromise at least two factors.
19
Q
What are examples of multi-factor authentication tools?
A
Examples include Microsoft Authenticator, Google Authenticator, and codes sent via text message.
20
Q
What is zero trust architecture?
A
Zero-trust Architecture is based on continuous authentication and authorization, implementing least privilege access and micro-segmentation of network resources.
21
Q
What does least privilege access entail?
A
Least privilege access means granting only the minimum level of access necessary to perform a task.
22
Q
What are identity-aware firewalls?
A
Identity-aware firewalls are aware of both the port/protocol and the identity attempting to gain access.
23
Q
What are conditional access policies?
A
Conditional access policies evaluate specific conditions during access attempts, such as network location or device health.
24
Q
What is an Access Control List (ACL)?
A
An ACL specifies identities and their corresponding levels of access, implemented for file systems and network devices.
25
What is single sign-on (SSO)?
***Single Sign-on*** *allows users to authenticate once and access multiple systems without needing separate logins*.
26
How does single sign-on reduce password fatigue?
*It minimizes the need for multiple passwords, reducing help desk calls and centralizing access control.*
27
What protocols are used for implementing single sign-on?
Protocols include:
* SAML
* OAuth2
* OpenID Connect
28
What is the principle of least privilege?
The ***principle of least privilege*** minimizes user and service abilities to only what is necessary for their duties.
29
What is Privileged Identity Management (PIM)?
***(PIM)*** *manages privileged accounts, allowing temporary elevation of privileges for sensitive roles*.
30
What is just-in-time access?
***Just-in-time access*** *allows users to elevate their privileges to administrative for a limited time*.
31
How can you access Windows Defender settings?
You can access Windows Defender settings from ***Settings > Privacy & Security > Windows Security***
32
What does the Virus & Threat Protection page display?
*It displays current threats, a Quick Scan button, and links for Scan options, Allowed threats, and Protection history*.
33
What types of scans can you configure in Windows Defender?
You can configure ***Quick scan, Full scan, Custom scan***, and Microsoft Defender Antivirus (offline scan).
34
What is the purpose of a Quick scan?
A ***Quick Scan*** checks folders where threats are commonly found and is faster but less thorough.
35
What does a Full scan do?
A ***Full Scan*** checks all files and running programs on your hard disk and may take longer than one hour.
36
What is a Custom scan used for?
A ***Custom Scan*** allows you to specify which files and locations you want to check.
37
What is the purpose of an offline scan?
An ***offline scan*** helps *remove difficult-to-remove malicious software by restarting your device and scanning before the operating system loads.*
38
What are Allowed threats in Windows Defender?
Allowed threats are identified threats that you have permitted to run on your system.
39
How can you check for updates in Windows Defender?
You can check for updates under ***Virus & Threat Protection Updates > Protection updates***.
40
How do you access the Windows Defender Firewall?
You can access it by clicking on the ***Start > Type firewall > select with Advanced Security.***
41
What options are available in the Windows Defender Firewall with Advanced Security?
Options include:
* Inbound Rules | Outbound Rules
* Connection Security Rules
* Monitoring
42
What is a common example of a firewall rule?
*A common example is the Remote Desktop-User Mode rule, which allows incoming remote desktop connection requests*.
43
How do you create a new inbound firewall rule?
*Right-click on Inbound rules, choose New Rule, and follow the wizard to specify the type and settings*.
44
What do you need to specify when creating a new inbound rule?
*You need to specify the pathway to the executable application or the port that it uses.*
45
What profiles can you choose when creating a firewall rule?
Choose:
* Domain
* Private
* Public profiles
46
What is the Local Group Policy Editor used for?
*It is used to access **advanced configuration options for Windows settings**, including Defender Antivirus and Remote Desktop*.
47
Where can you find Microsoft Defender Antivirus settings in the Group Policy Editor?
You can find it under ***Local Computer Policy > Computer Configuration > Administrative Templates > Windows Components***
48
What is the purpose of the Group Policy Editor?
*It allows access to advanced configuration options that are typically not available through the standard interface*.
49
What are wireless security protocols used for?
They provide ***encrypted communications*** between local devices and wireless routers, or access points to protect data from being captured or intercepted.
50
What is WEP and why should it be avoided?
***Wired Equivalency Protocol (WEP)*** is not considered secure by today's standards.
51
What security protocols should be used today?
Wi-Fi Protected Access ver2 ***(WPA2)***
or
***WPA3*** (ver3)
52
What encryption standard does WPA2 use?
WPA2 uses ***AES*** (***Advanced Encryption Standard***) for protecting data.
53
What is the key length for WPA2 and WPA3?
WPA2 uses a ***128-bit*** encryption key
WPA3 uses a ***256-bit*** key.
54
What is RADIUS?
Remote Authentication Dial-In User Service ***(RADIUS)*** provides ***centralized authentication*** *for wireless and VPN (remote access) connections*.
## Footnote
Open-source enterprise AAA server protocol
55
What is the purpose of RADIUS in wireless networks?
It forwards all authentication requests to a ***RADIUS server***, which performs the authentication.
56
What does TACACS+ stand for?
***Terminal Access Controller Access Control System Plus*** (*TACACS+*)
57
How does TACACS+ differ from RADIUS?
***TACACS+*** *separates authentication, authorization, and accounting into distinct processes, making it more secure but complex.*
58
What is the Kerberos protocol used for?
***Kerberos*** is an authentication protocol that uses tickets and time-stamped keys to allow secure communication on a network domain
## Footnote
Used for verifying identities and providing Single-Sign-On (SSO) capabilities in enterprise environments.
59
What is a Ticket Granting Ticket in Kerberos?
It is used to provide access to resources and relies on time synchronization for validity.
60
What are some best practices for wireless security?
* Use WPA3 or WPA2 with AES
* Disable WPS
* Use a strong pre-shared key (PSK)
* Change default SSID and admin credentials
61
What is WPS and why should it be disabled?
*WPS allows automatic connections but can transmit credentials that may be intercepted and is vulnerable to brute-force attacks*.
62
What is MAC address filtering?
*It restricts access to Wi-Fi routers by creating a list of acceptable MAC addresses, disallowing any device not listed*.
63
What is a threat in the IT world?
A ***threat*** is *any potential danger that can exploit any kind of weakness in a system.*
64
What is a vulnerability in the IT context?
A ***vulnerability*** is *an actual weakness in software, hardware, or processes*.
65
Can you give an example of a threat in a retail environment?
A threat could be any customer who is intent on stealing something.
66
What is a vulnerability in the context of security cameras in a store?
A vulnerability might be that the cameras don't cover 100% of the environment, creating a blind spot.
67
What can happen if a vulnerability is exploited?
Exploiting a vulnerability can lead to a ***security breach***.
68
What are common types of threats?
Common threat types include:
* Phishing
* Denial-of-Service (DoS)
* Distributed Denial-of-Service (DDoS) attacks
69
What is phishing?
***Phishing*** is an attempt to bait someone into revealing sensitive information.
70
What is a DoS attack?
A ***DoS attack*** is when a single system tries to overwhelm a target and bring it down.
71
What is a DDoS attack?
A ***DDoS attack*** uses multiple systems to attack a centralized target.
72
What is a brute force attack?
A ***brute force*** attack attempts to obtain passwords by trying multiple different options repeatedly.
73
What is an evil twin attack?
An ***evil twin attack*** involves creating a rogue wireless network with the same name as a legitimate one.
74
What is an on-path attack?
An ***on-path attack*** is when an attacker positions themselves between two communicating devices.
75
What is a zero-day exploit?
A ***zero-day exploit*** is an attack that isn't yet known by any security software.
76
What are unpatched systems?
Unpatched systems are vulnerabilities that still exist because the necessary updates have not been applied.
77
What are insider threats?
***Insider threats*** come from individuals within an organization, making them harder to defend against.
78
What are supply chain attacks?
***Supply chain attacks*** occur through software, hardware, or vendors associated with a target.
79
What is a mitigation strategy for security?
Keep systems patched and updated, implement network segmentation and firewalls, and train users to spot phishing.
80
What does the principle of least privilege mean?
The principle of least privilege means granting users the minimum level of access required to perform their tasks.
81
What is the general approach to preventing malware infections?
The general approach is to detect infections or intrusions, block them from happening, and recover if they succeed.
82
What does a layered defense in security prevention entail?
A layered defense requires multiple tools and strategies to provide adequate protection for your environment and devices.
83
What software-based tools are recommended for security prevention?
Recommended tools include antivirus software, endpoint detection and response applications, and user behavior training.
84
What is the purpose of antivirus software?
***Antivirus software*** is meant to *detect known virus signatures and respond accordingly.*
85
How do endpoint detection and response (EDR) applications differ from antivirus software?
***EDR applications monitor behavior for threats*** rather than relying solely on known signatures.
86
What is a rootkit?
A ***rootkit*** is a *type of malware that can access the system at the kernel level, allowing it to perform tasks like disabling antivirus software*.
87
Can you name some example solutions for anti-malware and EDR applications?
Examples include:
* Microsoft Defender
* CrowdStrike
* Malwarebytes
88
What should users be educated on to avoid malware?
Users should be trained to recognize suspicious emails, social engineering tactics, and report anomalies immediately.
89
Why implement simulated phishing awareness exercises?
Simulated phishing exercises help train users to distinguish between legitimate and malicious emails.
90
What should you do immediately if you suspect a system is infected?
Disconnect the system from the network and run a full malware scan.
91
What steps can be taken if malware infection persists?
You may need to use the Recovery Environment or a bootable antivirus tool, or reinstall the operating system.
92
What is the purpose of monitoring logs for anomaly detection?
***Monitoring logs*** *helps identify any anomalies that could indicate malware presence.*
93
What is AppLocker used for in Windows environments?
***AppLocker*** is a *utility that determines which applications can be run on a device.*
94
Why should AutoRun be disabled for removable drives?
*Disabling AutoRun prevents automatic execution of malware when a device is plugged in.*
95
What can be restricted to enhance security?
Installation privileges for users can be restricted to prevent unauthorized software installations.
96
What is Privileged Access Management (PAM)?
***PAM*** is a *logical approach to managing privileged identities, allowing for temporary elevation of privileges only when necessary*.
97
Why is PAM important?
*PAM reduces the risk of compromised administrative accounts by enforcing controls over account privileges and monitoring activities*.
98
What is the common practice for administrative users regarding account management?
Administrative users often maintain two accounts: one standard user account and one fully administrative account for specific tasks.
99
What is Just-in-Time Access in PAM?
***Just-in-Time Access*** *allows temporary elevation of administrative privileges when needed, with a specified time frame for access.*
100
What must users provide when requesting elevated privileges?
Users must provide a justification for the elevation, which is logged for review, and specify a time frame for how long the privileges are needed.
101
What is the relationship between PAM and identity management?
PAM is not a standalone feature; it works in conjunction with*** Identity and Access Management*** (IAM) tools.
102
What is Microsoft's specific implementation of PAM?
Microsoft refers to its implementation of PAM as Privileged Identity Management (PIM).
103
What are key features of Just-in-Time Access?
Key features include:
* time-limited assignments
* approval requirements for elevated access
* logging of all elevated session activities
104
What are some best practices for managing privileged access?
Best practices include:
* enforcing Just-in-Time access
* rotating credentials frequently
* conducting regular audits
* combining PAM with other security tools
105
What are some examples of identity and access management services?
Examples include:
* Okta
* Azure Active Directory (Entra ID)
* Google Identity and Access Management
106
What is a rogue device?
A ***rogue device*** is *any device connected to your network that shouldn't be. It can be an innocent mistake or an intentional placement to bypass firewalls.*
107
What is an Evil Twin?
An Evil Twin is a separate network created within the range of a legitimate network, using a matching SSID to trick users into connecting.
108
How can users be tricked by an Evil Twin?
Users may be prompted for a password and unknowingly provide their credentials, which the attacker can capture.
109
What are signs of a potential Evil Twin?
Signs include unexpected SSIDs, duplicate network names, or devices connecting automatically without user approval.
110
What tools can security professionals use for wireless intrusion detection?
Tools include:
* Wireshark
* Enterprise wireless Intrusion Detection and Prevention Solutions (IDS/IPS)
111
Why might detection be preferred over prevention in some environments?
*Detection allows for monitoring without blocking legitimate devices, which is important in dynamic environments with many legitimate connections*.
112
What are some best practices for wireless intrusion prevention?
Best practices include:
* segmenting networks
* using strong security protocols
* changing default SSIDs
* performing regular audits
* keeping firmware updated
113
What should be included in a response strategy for intrusions?
Response strategies should include isolating affected devices, logging incidents, alerting users, rotating encryption keys, and reviewing security measures.
114
What is Data Loss Prevention (DLP)?
***DLP*** is a *means to prevent unauthorized access or transmission of sensitive data*.
115
What does data loss refer to in the context of DLP?
Data loss refers to losing data from a security perspective, such as unauthorized transmission of sensitive information.
116
What types of data does DLP focus on?
DLP focuses on all sensitive data, including data in use, data in motion, and data at rest.
117
What are sensitive information types in DLP?
*Sensitive information types include credit card numbers, Social Security numbers, and any Personally Identifiable Information (PII).*
118
What are some risk vectors for data transfer?
Risk vectors include:
* USB devices,
* Cloud storage (i.e., Dropbox, OneDrive)
* Email attachments
119
What preventative actions can be taken to secure data?
Preventative actions include disabling USB ports, enforcing encryption, and logging data transfers.
120
What role does identity and access management (IAM) play in DLP?
***IAM*** *ensures that only appropriate users have access to sensitive information, reducing the chance of data loss*.
121
What is the difference between authentication and authorization?
***Authentication*** verifies identity, while authorization determines permissions after identity is confirmed.
122
What is role-based access control?
***Role-based access*** control assigns predefined abilities based on user roles.
123
What is zero trust architecture?
***Zero-trust architecture*** assumes no request for resource access is granted without authentication and authorization.
A+ Core 2
flashcards
Decks in class (19)
# Cards
-
Windows OS fundamentals & editions Day161
-
Windows Configurations & Tools Day262
-
Acronyms172
-
Windows Settings & Networking Day258
-
Windows OS Troubleshooting Day270
-
Malware, Social Engineering & Removal Steps Day3100
-
Day3 Takeaways80
-
Day4 Takeaways64
-
Day5 Takeaways13
-
Day6 Takeaways22
-
Day7 Takeaways54
-
macOS & Linux Essentials Day889
-
Physical & Logical Security123
-
Safety, Environmental, Policy & Communication62
-
Mobile Device Security & Data Destruction135
-
Workstation Backup & Recovery34
-
Mobile OS & App Troubleshooting113
-
Scripting Fundamentals and Automation78
-
Remote Access and AI Basics110
