CyberSecurity Fundamentals Prep Quiz

System hardening refers to the process of securing a computer system by reducing its vulnerabilities and minimizing potential attack surfaces. The principle of least privilege ensures that users and processes are only granted the minimum level of access necessary to perform their tasks, reducing the risk of unauthorized access or malicious activities. Access control, on the other hand, involves the implementation of mechanisms to regulate and manage user access to resources within a system. By combining the principles of least privilege and access control, system hardening can effectively enhance security and protect against potential threats.

Redundancy ensures that there are multiple copies of the information or systems in place, so that if one fails, there are backups available to maintain availability. Backups involve regularly creating copies of data or systems in case of loss or damage, allowing for the restoration of information and maintaining availability. Access controls restrict and manage user access to information, ensuring that only authorized individuals can access it, thereby protecting its availability. Therefore, the combination of redundancy, backups, and access controls is effective in safeguarding the availability of information.

The NIST (National Institute of Standards and Technology) framework for improving critical infrastructure cybersecurity identifies several key functions that are crucial for the protection of digital assets. Among the options given:
Protect: This function involves implementing the appropriate safeguards to ensure delivery of critical infrastructure services.
Recover: This function focuses on developing and implementing the appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity event.
Identify: This function assists in developing an organizational understanding to manage cybersecurity risk to systems, assets, data, and capabilities.
These three—Protect, Recover, and Identify—are considered key functions in the NIST framework for effectively managing and protecting digital assets. "Encrypt" is a subset of the Protect function but not a separate key function in the NIST framework, and "Investigate" typically falls under the Respond function, specifically post-incident activities.

Ethernet is a protocol that operates at the Data Link layer of the OSI Model. This layer is responsible for the reliable transfer of data between directly connected network devices. Ethernet provides a set of rules for how data should be formatted, addressed, transmitted, and received over a network. It defines the physical and logical connections between devices and handles error detection and correction. Therefore, Ethernet is closely associated with the Data Link layer of the OSI Model.

The functional areas of network management, as defined by ISO, include accounting management, fault management, performance management, and security management. These areas are crucial for effectively managing and maintaining a network. Accounting management involves tracking network usage and costs. Fault management focuses on identifying and resolving network issues. Performance management involves monitoring and optimizing network performance. Security management deals with protecting the network from unauthorized access and ensuring data confidentiality. Firewall management, although important for network security, is not specifically mentioned as a functional area of network management according to ISO.

Section 1

Containment is the element of an incident response plan that involves obtaining and preserving evidence. During this phase, the focus is on isolating the affected systems or network segments to prevent further damage and to preserve the evidence for forensic analysis. Containment measures may include disconnecting affected devices from the network, disabling compromised accounts, or implementing firewalls and access controls. By containing the incident, organizations can minimize the impact and gather crucial evidence to understand the nature of the attack and take appropriate actions for eradication and recovery.

NIST defines an incident as a "violation or imminent threat of violation of computer security policies, acceptable use policies, or standard security practices." This means that an incident refers to any breach or potential breach of security protocols or policies in place. It could involve unauthorized access, data breaches, or any other form of security violation.