Apply basic security operations concepts

Address personnel safety and security issues

Securely configure resources

Implement resource protection

Cloud hosting services

Conduct configuration management CM

Manage patches and mitigate vulnerabilities

Understand the difference between need-to-know and the principle of least privilege. Need-to-know and the principle of least privilege are two standard IT security principles followed in a secure network environment. The principles of need-to-know and least privilege restrict access to data and systems so that users and other subjects only have access to what they need. This limited access helps prevent security incidents and helps limit the impact of an incident if it occurs. If an organization does not adhere to these principles, security incidents will cause greater damage to the organization.

Understand segregation of duties and job rotation. Segregation of duties is a basic security principle that ensures that no single person has access to critical functions or critical system elements. Through job rotation, employees can be rotated to different jobs, or tasks can be assigned to different employees. Collusion is when multiple people work together to perform some unauthorized or illegal act. In the absence of collusion, these strategies can prevent fraud by limiting individual behavior.

Understand the importance of monitoring privileged operations. Although privileged users are trusted, they may abuse their privileges. Therefore, it is necessary to monitor the allocation and use of all privileges. The purpose of monitoring privileged operations is to ensure that trusted employees do not abuse granted privileges. Because attackers often use privileges when attacking, monitoring privileged operations can also detect some attacks. Advanced privilege management limits the time a user has advanced privileges.

Understand service level agreements. The organization enters into service level agreements with external entities such as suppliers. An SLA specifies performance expectations, such as maximum downtime. SLAs often include penalty clauses in case the supplier fails to meet expectations.

Pay attention to personnel safety. Duress systems enable guards to sound the alarm in emergencies, and emergency management plans help organizations prepare for disasters. Employees need to be aware of the risks when traveling, especially when traveling to a different country. Security training and awareness programs ensure employees understand these risks and ways to mitigate them.

Understand security configuration concepts. Secure configuration of resources includes ensuring that resources are deployed in a secure manner and maintained in a secure manner throughout their lifecycle. Asset management tracks tangible assets (hardware and software) and intangible assets (such as patents, trademarks, company goodwill, and copyrights)

Learn how to manage and protect media. Media management technology tracks the media that holds sensitive data. Media is protected throughout its life and destroyed when no longer needed.

Understand the difference between SaaS, PaaS and IaaS. The Software as a Service (SaaS) model provides full-featured applications that are typically accessed via the Web. The Platform as a Service (PaaS) model provides users with computing infrastructure, including hardware, production systems, and operational environment. The Infrastructure as a Service (IaaS) model provides basic computing resources such as servers, storage, and network resources.

Identify security issues in cloud hosting services. Cloud hosting services include cloud storage or any resources accessed through the cloud. Storing data in the cloud increases risk, so additional measures may be needed to protect the data, depending on the value of the data.

When leasing a cloud-based service, it’s important to understand who is responsible for maintenance and security. Cloud service providers offer minimal maintenance and security in the LaaS model.

Interpret configuration and change control management. Business disruptions and many other incidents can be prevented with an effective configuration and change management plan. Configuration management ensures that systems adopt similar configurations and that system configurations are known and recordable. Baselining ensures that deployed systems have the same baseline or the same launch point, while mirroring is a general baseline technique. Change management helps prevent unauthorized changes, thereby reducing business disruption and preventing security compromises. The change management process defines the request, approval, testing and recording of changes. Version control uses a tag or numbering system to track changes to software versions.

Understand patch management. Patch management ensures that systems are kept up to date with current patches. It should be recognized that an effective patch management plan includes patch evaluation, testing, approval and deployment. Additionally, system audits will verify that approved patches have been deployed to the system. Patch management is often combined with change and configuration management to ensure that documentation content reflects changes. Without an effective patch management plan, organizations often experience outages and incidents caused by known problems that could have been prevented.

Explain vulnerability management. Vulnerability management includes routine vulnerability scanning and periodic vulnerability assessments. Vulnerability scanners can detect known security holes and vulnerabilities, such as unpatched or weak passwords. Vulnerability management can generate reports that point out vulnerabilities in the system and provide an effective check on the patch management plan. Vulnerability assessment involves not only technical scanning but also review and auditing of vulnerability detection

Which security principle addresses knowledge and possession of sensitive information as an aspect of the profession? A. Principle of least privilege B. Segregation of duties C. Know according to need D. On-demand basis

The organization ensures that users are only given access to the data required to perform specific work tasks, what users need to follow in principle? A. Principle of least privilege B. Segregation of duties C. Know according to need D.Job rotation

What is the concept of granting users only the rights and permissions they need to complete their job responsibilities? A. Know according to need B. Mandatory leave C. Principle of least privilege D. Service Level Agreement (SLA)

Need-to-know refers to the requirement to access and possess data to perform specific work tasks The principle of least privilege is ineffective in IT security, including rights and permissions

Large organizations using Microsoft domains want to limit how long users have elevated privileges. Which of the following security operations concepts supports this goal? A. Principle of least privilege B. Segregation of duties C. Know according to need D. Privileged account management

Administrator is assigning database permissions. What is the default access level that administrators should grant new users to the organization? A. Read B.Modify C. full access D. No access rights

You want to use the principle of least privilege when creating new accounts in your software development department. Which of the following should you do? A. Create each account with only the rights and permissions the employee needs to perform their job. B. Grant each account full rights and permissions to the software development department server. C. Create an account without any rights and permissions. D. Add the account to the local Administrators group on the new employee's computer.

Your organization has divided the high-level audit function into separate work tasks and then assigned these tasks to three administrators. No one administrator can perform all tasks. What safety principle does this approach describe? A. Job rotation B. Mandatory vacation C.Separation of duties D.Principle of least privilege

Financial institutions typically have employees change positions every six months. What security principles are they adopting? A. Job rotation B. Segregation of duties C. Mandatory vacation D.Principle of least privilege

Which of the following is the primary reason organizations implement furlough policies? A. Rotate job responsibilities B. Detect fraud C. Improve employee productivity D. Reduce employee stress

Your organization has contracted with a third-party provider to host cloud-based servers. Management expects to be able to fine third-party providers if they do not meet their contractual responsibilities related to uptime and downtime. Which of the following measures is the best option to meet this requirement? A.MOU B.ISA C. SLA D.SED

Which of the following cloud service models provides the organization with the most control and requires the organization to perform all maintenance of operating systems and applications? A. Infrastructure as a Service (laas) B. Platform as a Service (Paas) C. Software as a Service (Saas) D.Public

Which of the following cloud service models allows users to access email through a web browser? A. Infrastructure as a Service (laaS) B. Platform as a Service (Paas) C. Software as a Service (SaaS) D.Public

IT departments often use images when deploying new systems. Which of the following options is the main benefit of using mirrors? A. Provide a baseline for configuration management B. Improve patch management response time C. Reduce vulnerabilities of unpatched systems D. Provide change documentation

A server administrator recently modified the server's configuration to improve performance. Unfortunately, when the automation script is run once a week, changes cause the server to restart. After several hours of troubleshooting, it was finally determined that the problem was not with the script, but with the handover. What measures can be taken to prevent this from happening? A. Vulnerability Management B. Patch management C.Change Management D. Block all scripts

Which of the following steps would be included in the change management process? (Choose three) A. If a change will improve performance, implement it immediately B. Request a change C. Create a rollback plan for the change D. Record changes

A new CIO learned that the organization lacked a change management plan. The CIO insisted that the change management plan be implemented immediately. Which of the following options is the primary goal of a change management program? A. Personnel safety B. Allow rollback of changes C. Ensure changes do not reduce security D. Audit privileged access

Systems within an organization are configured to receive and update patches automatically. After receiving the patch, 55 of the systems automatically rebooted and booted with a stop error. Which of the following measures would prevent this problem without sacrificing security? A. Disable settings for automatically applying patches B. Implement a patch management process to approve all patches C. Ensure that the system regularly reviews patches D. Implement a patch management process and test patches before deploying them

Security administrators want to verify that existing systems have the latest patches. Which of the following options is the best way to ensure that your system has the required patches? A. Patch management system B. Patch Scanner C. Penetration tester D. Fuzz tester

Your organization's servers were recently attacked, causing business disruption. You need to check your system for known issues that an attacker could exploit to attack other systems on your network. Which of the following is the best option to meet this requirement? A. Version tracking B. Vulnerability Scanner C. Security audit D. Security review

Which of the following processes is most likely to list all security risks within a system? A. Configuration management B. Patch management C. Hardware asset list D. Vulnerability scanning