Cs205 mid term question

No. 01: What is Cyber Security?

Precautions taken to guard against unauthorized access to data (in electronic form) or
information Systems connected to the internet

Q No 02: Information security by SANS define

Ans: Protecting information and information systems from unauthorized access, use, disclosure,
disruption, modification, or destruction.

Q No .03: Three pillars of information security Implemention:

People

Process

- Technology

Q No.04: Three pillars of information securit (CIA)

Confidentiality: keeping information secret

- Integrity: keeping information in its original form

- Availability: keeping information and information systems available for use

Q No 05: Transformation model layers

Ans:

1. Security hardening

2. Vulnerability management

3. Security engineering

4. Security governance

Five step

Q No. 06: Write any five steps in information security programu

Ans- Assessing security risks and gaps

Implementing security controls

Monitoring, measurement, & analysis

Management reviews and internal audit

Accreditation/testing
Q No. 07: Who Are The Players in Information Security?

Government

Industry & sectors

International organizations

Professional associations

Academic and research organizations

Vendor and supplier

Q No. 08: Ssh protocols versions names

Description:

SSH supports 2 different and incompatible protocols:

SSH1 and SSH2.

SSH1 was

the original protocol & was subject to security issues. SSH2 is more advanced and secure.

Q No. 09: What is a disaster?

- Any significant event that causes disruption of information technology processing facilities,
thus affecting the operations of the business.

Q No. 10: What is disaster recovery (DR)?

- DR is an area of security that allows an organization to maintain or quickly resume mission

critical (IT) functions following a disaster

Q No. 11: Types of security testing:

Vulnerability assessment (VA)

- Penetration testing (PT)

Other security tests through various automated tools

Code review (initiated in test environment

Q No 12: Topic no 118: What Are The Steps In VM Lifecycle?

VM Steps: Calso see their detail

1. Analyze assets

- 1. Examine assets to scan - Gather details on IP subnet - Look at potential issues with network
traffic
- Inform asset owners and relevant department heads

2. Prepare scanner

Set scanner parameters - Select type of scan - Look at credentials-based scan - Explore and
research plug-ins - Do a test run - Coordinate with asset owner

3. Run vulnerability scan

Run the automated scan - Monitor network performance degradation issues - Generate report

4. Assess results

- Evaluate results - Prioritize according to the risk level - Collate results for asset owners
Communicate the results and remediation timelines

5. Patch systems

Research vulnerabilities - Evaluate fixes and remediation method - Test the patches and fixes -
Apply patches/fixes - Monitor results

6. Verify (re-scan)

Re-scan to confirm that the vulnerability scanner gives a positive report - Collate results of
vulnerability scan - Report findings

Q No 13: What are some of the common vulnerability scanners?

Open VAS

Nessus

Qualys

Rapid7

Q No 14: Free tool offered. By Qualys (IMP)

Browser check,

SSL

Q No 15: Qualys Free Scan

1. Vulnerability

-2. OWASP

-3. Patch Tuesday

-4. SCAP

Q No 16: Which team have primary ownership

Ans: Information security team

Question no 17 : which team tests the patches in environment ?

Ans IT ops team

Q No 18: Info security Governance initial Block.

Initial

Policy

Responsibility

Recourse and priority

Periodic review

Intermediate

Change management

SOP,S

Awareness Monitoring

Mature
Risk management

Internal audit

Incident management

Question No 19: Info sec Governance Block arrange them. (Aise table ho ga usko arrange kerma
ho ga vad ker lo initail intermdiate and mature blocks k Name) sari vad kaut lain intial inter

and maure

Answer:

Intermediate (Darmiyani
Initial (Shuruati Stage) Mature (Pukhta Stage)
Stage)

No formal policy Defined policies Policies regularly reviewed & improved

Continuous monitoring and

Ad-hoc security practices Documented procedures
improvement

Minimal risk awareness Periodic risk assessments Integrated risk management

Assigned roles &

Limited accountability Strong leadership & accountability
responsibilities

No security metrics Basic metrics collected Advanced metrics driving decisions

Reactive incident Proactive & tested incident

Formal incident response plan
response management

Q No 20: Question: Which kind of vulnerability scanner used code-based vulnerabilities and
configuration-based vulnerabilities (as enumerated by the Common Configuration Enumeration
Project)

Ans: Use a SCAP-validated vulnerability scanner

Q No 22: What type of assets do not have a CIS/DISA STIG.

Ans: Software applications (ASP.NET, PHP, Other)

Other applications such as asterisk deployments

Q No 23: Typical security tools used in an enterprise:

Enterprise antivirus

MS Active Directory (AD)

Vulnerability manager

Logs management

Network & performance monitoring

Automated backups

Q No 24: Topic No 25: Major Components: Enterprise IT Network

Edge router

NGN FW
DMZ:

IPS & N-DLP

Distribution switch

Data center switch & FW

Access switch

NAC

Q No 25: Types of activities for security engineering:

FW granular access lists

Building an effective DMZ architecture

Segregating the network with VLANS

Adding a security tool such as SIEM, FW, DLP, NAC, etc

App-DB encryption

Question no 26 Comparison of CIS Vs DISA

Answer
 DISA (Defense Information Systems
Aspect CIS (Center for Internet Security)
Agency)

Defense Information Systems

Full Name Center for Internet Security
Agency

Affiliation Independent Non-Profit Organization U.S. Department of Defense (DoD)

Development of best practices and Provides IT and cybersecurity

Primary Focus
benchmarks for securing IT systems support for the U.S. military

Security STIGs (Security Technical

CIS Benchmarks
Benchmarks Implementation Guides)

Improve cybersecurity posture for all Enforce strict security compliance

Purpose
sectors (govt, private, education) for DoD systems

Generally easier to implement and More complex and highly detailed,

Ease of Use
user-friendly designed for DoD environments

Widely used by private companies,

Strictly used by DoD and
Use Cases educational institutions, and
contractors handling sensitive data
governments

High-assurance level, mandated for

Compliance Level Good baseline for general security
military and defense systems

Documentation Clear, community-supported, practical Extensive, detailed, compliance-

Style guidelines driven documents

Tools available for configuration checks Tools like SCAP Compliance Checker
Tool Support
(CIS-CAT) (SCC) and ACAS

Community Developed collaboratively with global Developed internally by DISA for

Involvement IT community government use

QN 27: CIS benchmark in profile applicability

- Profile applicability (ASA 8.X, ASA 9.X)

Description

Rationale

- Audit

Remediation

Default value

References

Q No 28: Disa STIG component/content names

STIG content:

General information (title)

Discussion

Check content

Fix text

-CCI (References)

Q No 29: Steps in Security engineering: (Repeated)

Assess risk profile

Research security solutions

Design security architecture

Implement security controls & solutions

- Test and validate security posture

Q No 30: Security transformation project:

Security transformation project time line:

-Project initiation: 2 Mths

-Layer 1: security hardening of IT assets (6 Mths)

Layer 2: VM (1 Mth)

-Layer 3: security engineering (1 Mth)

-Layer 4: Governance & ISO cert. (3 Mths

CCI (Control Correlation Identifier) (for Mcqz only. CCi stands for?)
Q No 31: OWASP Software Assurance Maturity Model (SAMM) Governance Phase!

Strategy & Metrics

Education & Guidance

- Policy & Compliance

OWASP Software Assurance Maturity Model (SAMM) Construction Phases

- Security Requirements

Threat Assessment

Secure Architecture

Q No 32: What is business continuity? (BC.)

Business Continuity (BC) is the capability of the org to continue delivery of products or services
at acceptable predefined levels following a disruptive incident

Q No 33: How web and email can secured against malware and attacks in enterprise

To secure web and email in an enterprise, implement antivirus software, firewalls, and intrusion
detection systems. Train employees on security best practices, use email encryption, update
software, employ MFA, monitor traffic, backup data, and conduct security assessments.
Q No 34: Software security flow?

Software security flow refers to the systematic process of identifying, assessing, and mitigating
security risks and vulnerabilities in software applications, following a structured approach to
ensure the development of secure and robust software systems.

Q No 35: Bangladesh Bank SWIFT Hack - Feb 2016: Hackers used SWIFT credentials of
Bangladesh Central

Bank employees to send more than three dozen fraudulent money transfer requests.

Requests sent to the Federal Reserve Bank of New York asking the bank to transfer millions of
the Bangladesh Bank's funds to bank accounts in the Philippines, Sri Lanka and other parts of
Asia.

USD 81 million stolen

Total impact could have been USD 1 billion

Recover 19 Million

Not claim: 81 million

Q No 36. Topic No 198 How To Build Effective Info Sec Governance? (imp Repasted)

Key success factors: (see also minor detail of all these 06 points)
- Leadership

Strategy

Structure

Reporting

Project management

- Culture

Q No 37: Who implements the security controls?

Under the Security Transformation Model, security controls are implemented by the IT teams

QNo 38: Who conducts security validation?

- Security controls are validated by the Information Security team or by a third party consultant
following the principle of segregation of duty

Q No 39: Why do we need to validate security controls?

- To check the completeness of the controls

-To check the correctness of the controls

- As an overall assurance