1 / 130

CISSP Review

CISSP Review. Seguridad en las operaciones Operations Security Francisco Villegas Landín, CISSP, ISSAP, CISA, CISM, BSA, FC-ITSM paco@protgt.com.mx. Esta presentación, en su formato y contenido, es propiedad intelectual de la Asociación Latinoamericana de Profesionales

loistaylor
Download Presentation

CISSP Review

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CISSP Review Seguridad en las operaciones Operations Security Francisco Villegas Landín, CISSP, ISSAP, CISA, CISM, BSA, FC-ITSM paco@protgt.com.mx

  2. Esta presentación, en su formato y contenido, es propiedad intelectual de la Asociación Latinoamericana de Profesionales en Seguridad Informática, A.C. Se entrega en medio electrónico a los participantes en el Programa de Preparación y Guía para Certificación en Seguridad Informática, CISSP, quienes han firmado el Código de Etica de (ISC)2. Los participantes pueden utilizar este material, siempre y cuando mencionen su origen en todas las páginas.

  3. La sesión Presentación – 10 Minutos (Nombre, Empresa, Puesto, Certificaciones que Ostenta) 4 horas Supuesto (leído el dominio y resolución de dudas) Análisis de Preguntas y Respuestas Ejercicios de examen (estrés). Break – 10:30 y 12:00 (5 minutos) Lectura entre todos, explicación resumida, preguntas y respuestas cruzadas. Autocalificación –

  4. La sesión Temas: 1.- 753-756 hasta terminar Mandatory vacations 2.- 756-758 Accountability hasta terminar clipping level 3.-758-759 Change Mgmt Control hasta terminar Ch Control Doc. 4.-760-763 Media Controls hasta I/O Control 5.-763-767 Electronic Mail Security hasta email Relaying 6*.-767- 774 Facsimil Sec. hasta Hack and Attack methods hasta 7.- 774-776 Superzapping hasta Session Hijacking 8.- 777-779 Password cracking hasta Backdoors 9.- 780-782 Penetration testing hasta Summary 10.-783-784 Quick tips (14-14)

  5. RECOMENDACIONES 1.- Buscar - Palabras claves, 2.- Palabras del Asunto, tema, capa de seguridad 3.- descarto (discernir) o selecciono dos opciones 4.- Analizo y Elimino las respuestas que no corresponden. 5.- Decido cuál es la mejor respuesta. Ojo - Barrera del Idioma. Algoritmo: 3 vueltas, 1ª. Respuesta a Preguntas que entiendo y conozco. (Marco) 2ª. Respuesta a preguntas que marque en la 1ª, y que tengo duda (Marco) 3ª. Respuesta a Preguntas que no entiendo y no tengo idea. (“aplicar el ave María”)

  6. Curricula Instructor Francisco Villegas Landín, CISSP,ISSAP, CISA,CISM, BSA, FC-ITSM • 18 Años de Experiencia (Sistemas, Desarrollo, Redes Voz/Datos/RF, Operaciones, Soporte, Servicio) • UNAM, Banamex, AICM, SEGOB, SNSP, INM, Selesta • Catedrático en UNAM, Instructor en ALAPSI • Asesor del C. Secretario de Gobernación • Miembro de Red e-Gobierno 2000 - 2001 • Miembro de DC-México • Miembro de Alapsi desde 2000 • Socio Fundador y Director General de PROTGT S.A. de C.V. • Otras Certificaciones: McAfee, Fortinet, Juniper

  7. Preguntas 1.- What it is the better meaning of the concept of Operations Security? A. Business operations security B. Computer operations security C. Business operations security supporting by IT D. Network, Operations Systems, Data Base, applications, environment security when is running in a secure and protected way. A. B. C. D. by the book (D), but in complete sense the better for me is (C), why? 753 beggining.

  8. Preguntas 2.- Then the better answers Operations Security is ? A. A project B. A process C. a reachment of the main board of directors D. the first one real activity to implement before other protection B. 753.- A project begins&finishes. A reachment is a milestone or goal. D) is confuse, because it doesn´t say anything about the operation security.

  9. Preguntas • 3.- Which of the following is the most evident operational Securty activity? • The implementation of Security strategy periodical followings to solve main problems with the Security Committe • The Security Change Control of an system • Monitoring the activity of the network, report and following the incidents and reaching the enhancement the security process. • The enhancing activities to modify and correct the malfunctions of the systems. (patches, vulnerabilities, etc). C.- 753.- All of these are necessary security activities and procedures, they just don’t all fall under the operations umbrella. Operations is about keeping production up and running in a healthy and secure manner.

  10. Preguntas • 4.- Which of the following is a Security Operation activity? • Networks and computing environments are envolving entities; just because they are secure one week does not mean that they are still secure three weeks later. • They keep up updated security policies and procedures and execute the stablished control and procedures as they are indicated. • The companies spend several thousands of dollars to pay the security tools. These ones will serve to implement the information protection controls (it’ll install properly configured firewall, intrusion detection systems and antivirus software). • To know what do ‘Due Diligence and Due care’ concepts mean? B.- All of the other facilitate the operations security but only one activity is the correct answer. Operations Security is about keeping production up and running in a healthy and secure manner.

  11. Preguntas • 5.-What is the difference between due care and due diligence? • Due care is the continual effort of ensuring that the right thing takes place, and due diligence is the continual effort to stay compliant to regulations. • Due care and due diligence are in contrast to the "prudent person" concept. • They mean the same thing. • Due diligence is investigating the risks, and due care is carrying out the • necessary steps to mitigate these risks. D. Due care and due diligence are legal terms that do not just pertain to security. Due diligence is going through the necessary steps to know what a company or individual's actual risks are, and due care is carrying out responsible actions to reduce those risks. These concepts correspond with the "prudent person" concept. AiO pg85

  12. Due Care Due diligence Assets

  13. Preguntas • 6.-Is a question of the continual effort of making sure that the correct policies, procedures, standards, and guidelines are in place and being followed? • An admistrative Management responsabilitiy • An important piece of the due care and due dilingence that companies need to perform. • CEO responsability. • CISO responsability. B.- Due Care and due diligence is a responsability for alltoghether.

  14. Preguntas • 7.-Is the most important issue of administrative Management? • The minute of the Security Committe meeting • The sign of the Corporative Security Policy • Define who is the responsabile for the Information Security (CISO)? • Separation of duties and job rotation D. Adminitrative Management looks mainly for the interaction of the personnel in Security Operation. Pag. 754

  15. Preguntas • 8.- In which one of the following documents is the assignment of individual roles and responsabilities MOST appropiately defined? • Security Policy • Enforcement guidelines • Acceptable use policy • Program manual C.- a) b) and d) are direct not no specific individual. But the acceptable use of policy is personalized and signed for each one of the involved individual.

  16. Preguntas • 9.-Which of the following best describes separation of duties and job rotation? • Separation of duties ensures that more than one employee knows how to perform the tasks of a position, and job rotation ensures that one person cannot perform a high-risk task alone. • Separation of duties ensures that one person cannot perform a high-risk task alone, and job rotation can uncover fraud and ensure that more than one person knows the tasks of a position. • They are the same thing with different titles. • They are administrative controls that enforce access control and protect the company's resources. B. 755.-Rotation of duties allows for a company to have more than one person trained in a position and can uncover fraudulent activities. Separation of duties is put into place to ensure that one entity cannot carry out a critical task alone.

  17. Preguntas • 10.-Which of the following controls require more than one person, operating in concert, to complete a task? • Least Privilege • Need to know • Collision • Separation of duties • D.- 754- Separation of duties includes each one of the others except collision. Collision is a distractor.

  18. Preguntas • 11.-What is the difference between least privilege and need-to-know? • A user should have least privilege that restricts her need-to-know. • A user should have a security clearance to access resources, a need-to-know about those resources, and least privilege to give her full control of all resources. • A user should have a need-to-know to access particular resources, and least privilege should be implemented to ensure she only accesses the resources she has a need-to-know. • They are two terms for the same issue. C. 755.- Users should only be able to access the resources they need to fulfill the duties of their positions. They also should only have the level of permissions and rights for those resources that is required to carry out the exact operations they need for their jobs and no more. This second concept is more granular than the first, but they have a symbiotic relationship.

  19. Preguntas • 12.-Why should employers make sure employees take their vacations (mandatory vacations)? • A. They have a legal obligation. • E. It is part of due diligence. • C. It is a way that fraud can be uncovered. • D. To ensure the employee does not get burnt out. C. 756.- Many times employees who are carrying out fraudulent activities do not take the vacation they have earned because they do not want anyone to find out what they have been doing. Forcing employees to take vacations means that someone else has to do that person's job and possibly uncover any misdeeds. (fechoría)

  20. Preguntas • 13.-What does Accountability better mean? • To enforce the individual responsibility for the access and use the IT • To be evidence for the forensic activities • To control the excesive priviliges • No one. A. 756.-Only D is no OK, because the three first compliant different aspects of the Accountability. Its meaning is a traceable activities of each person who access the systems. But its main objective is to enforce the individual responsibility. Answer A covers the others.

  21. Preguntas • 14.-What does Accountability mean? • It´s an liable act for an unauthorized access. • To Use the logs of the systems to locate a fraud • Is the analysis where the records of the actions are been executed by the users in order to know who, where, when, what, operations was made on the systems and its data. • Is a automated security data function for auditing needs. C.- 756.- To enforce individual responsability using company resources and be accountable for his actions.

  22. Preguntas • 15.-What action is not an accountability function reason? • Registering the activity of authority abuse using data not required for his job. • to locate a fraud • auditing the times not access for wrong password. • The logs of systems and applications to correlate the events. C.- 756.- No knows who is responsabile for the action.

  23. Preguntas • 16.-Which of one of these is not a monitoring action to maintain the current level of security and access? • Execute the monitor program and maintain it running. • Too many users have rights and privileges to sensitive or restricted data or resources • The users are accesing information and performing tasks which they don’t need for their job dutties • Repetitive mistakes are being made A.- pg. 757 the medium implementation no implies the activity.

  24. Preguntas • 17.-Which of the following is correct on the difference between Operational Assurance and Life cycle assurance? • Operational assurance concentrates on the architectures of the design of specifications, and clipping level configuration; life assurance concentrate to obtain the adequate level of protection. • Operational assurance pertains to how the product was developed and maintained and Life Cycle assurance concentrated in the features and functionality to continually obtain the necessary level of protection. • Operational and Life assurance are part of the evaluation process of the products. • They are synonimous and serve to evaluate the Security products. C.- 757.-The others answers are incorrect. Clipping is Life Cycle Assurance; b) are inverted; d) they are not synonimous.

  25. Preguntas • 18.-Where are the re activities not of operational assurance? • Clipping level, configuration management, covert channel analysis, unit and integration testing, trusted distribution. • Access control Mechanism, auditing and monitoring capabilities • Separation of privileged program code, covert channel analysis • Trusted recovery when the product experiences unespected circumstances. A. It concentrates on the architecture of the product, embedded features, and functionality that enable the customer to continually obtain the necessary level of protection when using the product. The Life Cycle is when the security is been designed, developed and implemented.

  26. Preguntas • 19.- What defines better the clipping level? • The alarms when are detected out of the baseline range. • The thresholds to program in the monitor tools. • Put the standards in a monitor program to avoid to alarm. • The records in security breaches. B. 757. Not all could be alarms and it could be used to the in range. It could be to avoid or not avoid alarms. It could be used to select records not in security breaches. (Clipping with violation concept related). The answer d) needs the criteria in parameters programmed to select the records with security breaches.

  27. Preguntas • 20.- What defines better in the security controls the degree of transparency? • The controls and mechanisms should have the same degree of transpaency to be effective. • Tthe less degree of transparency the better protection of attacking the security controls and mechanims. • IT permits to know too much to the user, about the controls and mechanisms. • The higher degree of transparency, the better protection of attacking the security controls and mechanims. B. pg. 758 See the NOTE. Transparency does not let the user know too much about the controls, which helps prevent him form figuring out how to coircumvent them.

  28. Preguntas • 21.- What defines better the Change Management Control? • Request for a change to take place, approval, documentation, tested, implementation an report of the changes. • Is a process integrated in SDLC to authorize the changes to pass to production processes and it is in the IT domain. • The backup plans to recover the problems caused by a change. • It is the process to avoid the incidents and problems. B. pg. 758 y 759 Is a process not for Security activities, but for IT process and domain. Security is included in these activities; and the process include the Request, Approval, documentation, Tested and Presented, Implementation and Report phases of the change.

  29. Preguntas • 22.-Program change controls must ensure that all changes are… • Audited to verify intent. • Tested to ensure correctness. • Implemented into production systems. • Within established performance criteria. B. 760.- Document of the change. Once the change is approved, it should be entered into a change log and the log should be updated as the process continues toward completion. Tested and presented. The change must be fully tested to uncover any unforeseen results. Depending on the severity of the change and the company’s organization, the change and implementation may need to be presented to a change control committee. This helps to show different sides to the purpose and outcome of the change and the possible ramifications.

  30. Preguntas • 23.- What documentation is not necesary to do? • New computers installed • New procedure to protect us versus the new virus • New regulations and requirements • Different configurations implemented B. 760.- It is necessary for future use, but it’s no necessary to have the several and continuous virus, they are every day. Additionally the systems have the documentation and logs when they are implemented.

  31. Preguntas • 24.- Why the Media Controls are important? • Because they are necessary to disaster recovery plans. • Because they always require a librarian in charge to control. • For future use. • The systems have the feedback issues in a secure way. D. pg. 760 They are important to protect the availability of the data recorded in media, managed with confidentiality and integrity ways.

  32. Preguntas • 25.- The Media Controls Environment should be … ? • Different that in the main site, depending on the specific place of the storage. • At least equal that in the main site where is created and used. • Maked, Logged, integrity verified. • Stored, safeguarded and transported securely B. pg. 760 The risk in the main site are the same that at the outplace of the storage.

  33. Preguntas • 26.- Why it is necesary to have data remanance and object reuse controls in media controls or dynamic memory controls? • To control the execution in multiprogramming environment. • To control the multiprocessing task. • To control the confidenciality information. • To reuse the information in a contingency event. C. pg. 761 Data left in before running which could be exploited by subsequent task.

  34. Preguntas • 27.- Which minimum data should be have the media controls? • The date of creation, the individual who created the file, retention period, and the volume name and version, the classification. • The date of creation, the individual who created the file, retention period, and the volume name and version, the ID of the file. • The date of creation, the individual who created the file, retention period, and the volume name and version, the ID of the file, the owner. • The date of creation, the individual who created the file, the encryption mode of the confidential of data, retention period, the label of sensitivity, the level of clasification of data, and the volume name and version. • pg. 761 The date of creation, the individual who created the file, retention period, and the volume name and version, the classification. • Para mí es B, yo prefiero the ID of the file.

  35. Preguntas 28.- Is a device that performs some coercive magnetic force that reduce the magnetic flux density of the storage media to zero? A. Purging device B. Erasing with zeroes all the magnetic face of media C. Degaussing device D. Destruction device C. pg. 761 See the NOTE: A device that performs degaussing generates a coercive magnetic force that reduce the magnetic flux density of the storage media to zero.

  36. Preguntas 29.- What does Media mean that they were sanitized? A. When data were violeted B. When data were logged C. When media is cleared of its contents D. When media were destroyed C. pg. 761 ‘To be sanitized’ means overwriting (zeroization), degaussing, and destruction.

  37. Preguntas 30.- If sensitive data is stored on CD-ROM and it is no longer needed, which would be the proper way of disposing of the data? A. Degaussing B. Physical destruction C. Purging D. Erasing, zeroization B. pg. 761 Degaussing, purging an zeroization it’s no usefulness, because CD-ROM is useful only for one time.

  38. Preguntas 31.- What is the best answer about the system controls concept? A. Are part of operating system that ensures the execution of certain privilege instructions to hardware devices or to request passed off to a process of higher privilege. B. Are privilege instructions of the application programs to execute the IO operations in the hardware. C. Is the operating system that permit direct access to hardware of lower privilege. D. Are the execution of a system when is in not stable and predictable manner. • pg. 761 are part of operating security, within the operating system itself. • It true but incomplete, not only IO operations, other issues of control. • Not permit • The main purpose of these system controls is to maintain the stability and predictable operation of the system.

  39. Preguntas • 32.- What is the better meaning of Trusted Recovery concept? • It is the test of Disaster Recovery plans. • It is the way to put on one system in a secure state, when crashes or freezes. • It is the way to put on one system, in operational mode. • They are the recovery of the execution program with the contingency plans when an application fails in an interface path. B. pg. 762 A is a distractor. C is incomplete because when the system is putting on at beggining is putting on in operational mode, too. D is other distractor, is recovery in other fashion; nothing to see here.

  40. Preguntas • 33.- What one of the following is not a operating system’s response as a type of failure? • System cold start • Program Interface to recover an interface file. • Emergency system restart • System reboot A. pg. 762 . System reboot after shutting down (TCB); Emergency system systems failure happens in an uncontrolled manner. TCB or media failure that could be caused by lower-privileged user processes attempting to access restricted memory segments; A system cold start take place when an unexpected TCB or media failure happens and the regular recovery procedure cannot recover the system.

  41. Preguntas • 34.- What is the better concept of Input and Output controls? • The input controls are mechanisms that are before the main process to control that the data were corrects and completes; the output control are data after the main process which should be managed in a secure manner. • Methods to control when the data in are incorrect, or there is a mistake when they are inputted or when the result are given as a result. • There are controls that control the information confidentiallity and its availability • Garbage in garbarge out controls. A. pg. 763 B is incomplete. C is incomplete, because the main purpose is the integrity of the data. D is incomplete, too.

  42. Preguntas • 35.- What is the meaning of the expression: Generally, the security, authenticity, and integrity of an e-mail message are not considered in day to day use. If not why the PGP, the PKI and digital signatures controls exist? • Because the email is to comunicate family and friends, business partners, coworkers and so on, is the integrated part of people´s lives. • Because users are more aware that attachments can carry viruses than of the fact that an email can be easily spoofed and its contents can be changed while in transmission. • Companies or people that regard security (confidentiality, authentication, and integrity) as one of their top priorities would implement an email protection application. • Because there are many of thousands of attacks and attackers. C. pg. 764 A, it is a distractor. B is a description of some effects. D is true but incomplete. It doesnot explain it.

  43. Preguntas • 36.- Which of the followings encryption public key scheme is between two point, non depending on the users intervention ? • PGP • Digital signatures • SSL • 3DES C. pg. 764 A depends on the user intervention at each operation. B & D are method but are independent of the user intervention.

  44. Preguntas 37. What is the purpose of SMTP? A. To enable users to decrypt mail messages from a server B. To enable users to view and modify mail messages from a server C. To transmit mail messages from the client to the mail server. D. To encrypt mail messages before being transmitted C. SimpleMail Transfer protocol (SMTP) is the protocol used to allow clients to send e-mail messages to each other. It allows different mail servers to exchange messages

  45. Preguntas • 38.- What is the service of SMTP simple Mail Transport Protocol? • It is the protocol which works in the applications layer. Provide secuencing and acknowledgment to ensure the email message arrive succesfully at its destination. • It is the protocol which works in the top of TCP layer. Provide secuencing and acknowledgment to ensure the email message arrive succesfully at its destination. • There is a client SMTP, its name in a UNIX client is Sendmail, and in the Windows environment its name is MS exchange, and with Novell, its name is Groupwise. • There is a server SMTP, its name in a UNIX client is Sendmail, and in the Windows environment its name is MS exchange, and with Novell, its name is Groupwise. B. pg. 765 A, SMTP not work in app layer. C and D are distractors, then don’t answer the question, they say the name of the SMTP program in different plataforms.

  46. Preguntas • 39.-There is a difference between POP (Post Office Protocol) and IMAP (Internet Message Access Protocol) protocols? • POP discharges the mails on the client mail, and IMAP may mantain the mail while the main client discharge it. IMAP has more functionality and capabilities. • The POP Post Office Protocol is an internet client mail portocol and IMAP is an internet server mail protocol. • Both are internet client mail protocols and POP stores and forwards email massages and works with SMTP to move messages between client servers. • Both are internet server mail protocols and POP stores and forwards email massages and works with SMTP to move messages between mail servers. A. pg. 766 B/C, POP and IMAP are internet mail server protocol. D, IMAP sotres and forward, not POP.

  47. Preguntas • 40.-What could be happen when the relay agent is not well configured? • Company’s mail server is used by another for spamming activity. • The mail server in the DMZ is always configure it not to use spam activity. • Many companies employ antivirus and content filtering to protect them for the spam activities. • Different types of mail servers cannot have spam activities. D. pg. 766 y 767

  48. Preguntas • 41.- Why the information when is transmitted should be protected with some secure fashion? • Because the information is confidential and important for the custodian • Because someone may make an intrusion in the transmitted line. • Because is a strategic information. • Because the availability in the other side of the line must be assured. D. pg. 767 / 769

  49. Preguntas • 42.-Which of the following is an example of a browsing attack? • Comparing the hashed value of an encrypted password with a password within a dictionary file. • Hijacking a session between two users. • Capturing keyboard as user types. • Looking through another persons files. • D.- A-Dictionary attack; b) Sesión Hijacking (secuestro).- La mayoría de los ataques engañan con direcciones falsas; la dirección dentro del Frame, no es suya. Ello hace difícil atrapar al hacker cuyo principal objetivo es engañar (spoof). ¿Cuál es el principal propósito del atacante? No ser descubierto. Además de estar en medio de usuarios sin ser descubierto (middle in the men). Con ello logran espiar en la conexión de TCP y luego secuestrarlo si lo desea.

  50. Preguntas • 43.-What is a supperzapping? • Browsing for residual information • A utility that can bypass usual access control mechanisms • A method controlling a computer system remotely • A program used to install a backdoor • B.- ditto,

More Related