Weiter geht es mit Principles of Security, ob es auch eine Wiederholung wird? (Ja, ziemlich sicher!)
Task 1 Introduction
Wie immer, eine kurze Einleitung ohne Fragen.
Task 2 The CIA Triad
Frage 1:
What element of the CIA triad ensures that data cannot be altered by unauthorised people?
Antwort 1:
Integrity
Frage 2:
What element of the CIA triad ensures that data is available?
Antwort 2:
Availability
Frage 3:
What element of the CIA triad ensures that data is only accessed by authorised people?
Antwort 3:
Confidentiality
Task 3 Principles of Privileges
Frage 1:
What does the acronym „PIM“ stand for?
Antwort 1:
Privileged Identity Management
Frage 2:
What does the acronym „PAM“ stand for?
Antwort 2:
Privileged Access Management
Frage 3:
If you wanted to manage the privileges a system access role had, what methodology would you use?
Antwort 3:
PAM
Frage 4:
If you wanted to create a system role that is based on a users role/responsibilities with an organisation, what methodology is this?
Antwort 4:
PIM
Task 4 Security Models Continued
Frage 1:
What is the name of the model that uses the rule „can’t read up, can read down“?
Antwort 1:
The Bell-La Padula Model
Frage 2:
What is the name of the model that uses the rule „can read up, can’t read down“?
Antwort 2:
The Biba Model
Frage 3:
If you were a military, what security model would you use?
Antwort 3:
The Bell-La Padula Model
Frage 4:
If you were a software developer, what security model would the company perhaps use?
Antwort 4:
The Biba Model
Task 5 Threat Modelling & Incident Response
Frage 1:
What model outlines „Spoofing“?
Antwort 1:
STRIDE
Frage 2:
What does the acronym „IR“ stand for?
Antwort 2:
Incident Response
Frage 3:
You are tasked with adding some measures to an application to improve the integrity of data, what STRIDE principle is this?
Antwort 3:
Tampering
Frage 4:
An attacker has penetrated your organisation’s security and stolen data. It is your task to return the organisation to business as usual. What incident response stage is this?
Antwort 4:
Recovery
Faiererweise muss ich sagen, dass doch einige neue Themen dabei waren und man etwas gelernt hat!