Module 8: Remediation
Assessment
True/False
Indicate whether the statement is true or false.
____ 1. A device that looks for unusual behavior, such as odd protocols arriving at a server, is known as a signature-based IDS/IPS.
____ 2. Web-filtering based on creating a list of unauthorized sites that may not be accessed is called whitelisting.
Multiple Choice
Identify the choice that best completes the statement or answers the question.
____ 3. Purchasing cybersecurity insurance to cover losses in the event of a security breach is an example of risk _____________.
- a. Avoidance
- b. Mitigation
- c. Transference
- d. Acceptance
____ 4. Deciding to delay the implementation of a new system until all security vulnerabilities can be resolved is an example of risk _____________.
- a. Avoidance
- b. Mitigation
- c. Transference
- d. Acceptance
____ 5. Devices such as Intrusion Detection Systems (IDSs) are considered risk ___________ strategies as they reduce the impact of the event through early detection.
- a. Avoidance
- b. Mitigation
- c. Transference
- d. Acceptance
____ 6. George has determined that the impact to the business from an internal server hard disk crash would be $2,000, including three hours of time to rebuild the data from backups. Historically, server drives fail about once every three years. As an option, he could cluster the server (install a second server to act in tandem with the first server) at a cost of $5,000 for hardware and installation. Assume he has a three-year equipment life cycle so he would have to replace this equipment in three years. Which of the following makes the most sense as a risk strategy?
- a. Install the second server, as any downtime is bad.
- b. Accept the risk, as it is less expensive than the proposed control.
- c. Avoid using the server until hard drives become more reliable.
- d. Find a new job. He wasn’t hired to be an accountant.
____ 7. The Gramm-Leach-Bliley Act (GLBA) that established security and privacy safeguards on depositor accounts at financial institutions is an example of what type of security policy?
- a. Regulatory
- b. Advisory
- c. Informative
- d. Issue-specific
____ 8. A device that receives packets that need to be sent out to other networks is known as a/an ___________.
- a. Firewall
- b. IDS/IPS
- c. Router
- d. Switch
Completion
Complete each sentence.
- ________________________ risk is the amount of risk that remains after security controls have been applied.
Matching
Match the remediation technique/control to an appropriate category.
- A. Incident Response
- B. Personnel Security
- C. Physical and Environment Security
- D. System and Communication Protection
- E. Media ProtectionJ. Organizational Security
- F. System and Information Integrity
- G. Audit and Accountability
- H. Monitoring and Reviewing Control System Security Policy
- I. Access Control
____ 10. Developing a policy for removing access when an employee is terminated
____ 11. Encrypting all sensitive data in transit
____ 12. Implementing an IDS/IPS
____ 13. Installing an uninterruptible power supply (UPS)
____ 14. Enabling logging of all after-hours access
____ 15. Issuing smart cards to users to enable multi-factor authentication
____ 16. Developing a disaster recovery plan (DRP)
____ 17. Establishing a security officer who has oversight of the system
____ 18. Encrypting all backup data
____ 19. Compliance audit
Short Answer
- Discuss the difference between role-based security training and security awareness training. What recommendations would you make for how frequently these should occur?
- You’ve been asked to implement a firewall. Discuss best practices for configuring a firewall.
- Discuss the difference between a business network and an ICS network.
- Explain the importance of ensuring that firmware and operating system updates are digitally signed.