The Study Notes and Theory corporate office is going through a lot of security hardening procedures, both physical and logical.

 

The front of the office will have bollards installed as a guiding pathway to the main entrance. The front gate will also require better illumination, for which 2 candle feet of power at a height of 8 feet will be installed.

 

The main office area will also be expanding with the addition of new employees which will require more Ethernet ports, desks, plenum space, and electrical outlets. Contractors will be hired to perform the construction of the new office space, and the installation of bollards and illumination fixtures.

 

The contractors will each be given unique credentials to connect to the guest wireless network. Users on the guest wireless network are segregated from the LAN, and are only allowed access to the Internet.

 

The security administrator will create the accounts for the contractors, but their permissions will be set by the project manager.

 

Stacy, the current receptionist, has been tasked to expand her role and take lead in making sure contractors are given their proper wireless credentials, are given a tour of the building, and relaying any messages they might have back to the project manager.

 

Which one of the following principles is NOT being practiced?

The CISO of Study Notes and Theory has issued a security policy for the Director and managers of the IT Department. Going forward, regularly maintained security logs must be available for third party auditors.

 

The company is going to begin the process of ISO 27001 certification, and security logs are a necessity in order to adhere to the ISO guidelines.  

 

The logs should include the IP addresses of the network devices, along with all the traffic that traverses them on a daily basis. Usernames, passwords, IP addresses, and encrypted secret keys must also be included in the security logs.  

 

The setup, security, and the transfer of network audit logs are also to be handled by different functional members of the company. The CISO wants an environment where logs are handled by different privileged levels of employees all the way up to the third-party auditors.

 

A server administrator will setup a Linux server to save the logs.   A network engineer will create SNMP and Syslog traffic to be routed to the log server from various network devices.

 

The network department manager will need to approve the work before it is completed.

 

The security engineer will make sure the SNMP and Syslog traffic are properly encrypted while the data is in motion to the log server.   The security department manager will need to make sure the engineer is implementing proper encryption methods and strength.  

 

Finally, the IT Director will be responsible for properly transferring the logs from the server, to the external auditors. The CISO will approve the IT Director’s work.  

 

What is the FIRST step to take before implementing the CISO’s new policy?

Naveed is the pre-sales engineer for Study Notes and Theory Corporation. Over the weekend he will be attending a security convention to show off the company’s new virtual SIEM software with the capability to correlate network logs.

 

 

Three potential clients have signed up for a live demonstration on their own network.

 

In the first client’s network, a small business, Naveed will be installing sensors on 2 routers and a high-availability firewall cluster. He will also need access to a log server in order to setup the logging functions. The small business has given Naveed access to these devices but as a user with limited access. He will be able to have write access to install the sensor, but everything else will be read-only access.

 

The second client, a defense contractor, has allowed Naveed to install sensors only on their lab environment as a means to demonstrate the SIEM capabilities. Naveed has agreed, but also convinced the company to allow him access to the Internet from the lab environment in order to show the SIEM software’s malware signature update function.

 

The third client, a doctor’s office, wants the correlation demonstration done on their legacy patient database servers. Naveed can have full access to the database as they do not have an Internet connection, are encrypted except for the SNMP and Syslogs, and if he signs a non-disclosure agreement. To demonstrate the software, Naveed will be using a remote VPN connection to login to all three environments.

 

Which access control measure would not provide the most adequate security to control Naveed’s access?

Joseph is the new data center supervisor of Study Notes and Theory working Monday to Friday from 9am-5pm, typical business hours. It is his job to make sure the hardware located at the off-site data center is operating at optimal performance.

 

To better acquaint himself with the rack at the data center, Joseph will be visiting the data center Tuesday afternoon for a tour. Luis and Michael, the data center engineers, have 24-hour access to the data center and will be escorting Joseph for the tour.

 

As they enter the data center, they are recorded on a surveillance camera. Then each person must first go through a mantrap one at a time. After that, security guards will be checking their IDs and having them sign-in to the front desk.

 

At the data center rack, both Luis and Michael have to insert their keycards at the same time in order to open the secure lock. Once inside, all three individuals have full root access to the console connections of the routers, switches, firewalls. However, only one monitor is available at a time to login to the Windows servers.

 

Which security control utilized in the above scenario provides the least amount of security?

Hannibal is the security administrator at Study Notes and Theory’s online store. Recently there have been 3 new resellers that have signed on to sell SNT’s products. Senior management has stated that these resellers need full access to all inventory databases throughout the company with the least amount of hassle to login and authenticate. All resellers should use a standard role-based account that limits their privileges to only view the inventory, without the ability to make any changes. All traffic from the resellers should also be monitored and logged.

 

Which of the following is not the best way to allow the resellers to access the database inventory?

Which of the following does NOT define the incorrect definition of the separation of duties concept in an information security
policy?

Malcolm is the CISO of a large payment processing organization. It is a rough time at the company as news broke out that hackers have ex-filtrated over 2,000 customer credit card numbers. Employees are in fear that the company may go bankrupt,
and are hastily looking for other jobs. There are an average of 3 employees a month who have been quitting their job at the company.

HR has been on a hiring spree to fill the vacant roles, and hiring an average of 2 employees a month. The IT department is under an increased amount of pressure to quickly turnaround the new hires with their appropriate access and work machines.
At the same time, the systems administrator also has to deactivate the previous employee accounts and credentials from their role-based group permissions.

 

Over the course of 3 months, new hire Becky from the accounting department was able to access HR’s recruiting database of resumes. She notified the systems administrator who aligned her back with her appropriate privileges. Furthermore, audit logs were found on web servers which showed new software developers making changes without proper change requests and during production time.

 

What is the issue faced by the organization and what is the counter-measure?

You're not just a CISSP on paper, you're also a savvy network security engineer. So it's no surprise that after your promotion to
Security Analyst dealing with strictly log analysis, the security engineers are still asking you for troubleshooting technical
issues.

 

It seems Jarrod from Sales has an issue where his machine located in the internal network, cannot access the web server in
the DMZ network. Jarrod can ping the web server, but when he tries to access it via HTTPS, the web page does not display.

 

After logging into the firewall, you see that there is no security policy for Jarrod’s traffic to be allowed to the web server,
which is why he is able to ping, but not see the actual webpage.
Over lunch, Jarrod asks if you can please implement an ACL on the firewall for his access to be allowed.

 

What is the FIRST issue to resolve in the scenario above?

Year: 2023

Location: Undisclosed

 

Six military fatigued soldiers are at their computer terminals clicking away as the glow from the monitor illuminates their face.

 

A stern looking officer strolls by the desks. "Status?" he asks.

 

Soldier 1: Three of our eight cipher programs penetrated through their firewall. The programs are currently hidden in a root
system file on a server.

 

Officer: Good. Let them stay hidden, we aren't in a hurry. Anything else?

 

Soldier 2: We are advising to begin the operation as soon as our human element within their office building provides the
signal. This will be our best window for maximum success against all their systems.

 

Officer: Let it be so. We aren't going to get funding for an operation like this again.

 

Failure is not an option.

 

What is going on in this scenario?