CompTIA Updated CAS-005 Exam Questions and Answers by simon

To determine how the acquisition of Company B will impact the attack surface, the following steps are crucial:

A. Documenting third-party connections used by Company B: Understanding all external connections is essential for assessing potential entry points for attackers and ensuring that these connections are secure.

E. Performing an architectural review of Company B's network: This review will identify vulnerabilities and assess the security posture of the acquired company's network, providing a comprehensive understanding of the new attack surface.

These actions will provide a clear picture of the security implications of the acquisition and help in developing a plan to mitigate any identified risks.

References:

CompTIA SecurityX Study Guide: Emphasizes the importance of understanding third-party connections and conducting architectural reviews during acquisitions.

NIST Special Publication 800-37, "Guide for Applying the Risk Management Framework to Federal Information Systems": Recommends comprehensive reviews and documentation of third-party connections.

"Mergers, Acquisitions, and Other Restructuring Activities" by Donald DePamphilis: Discusses the importance of security assessments during acquisitions.

D. STIX (Structured Threat Information eXpression): STIX is a standardized language for representing threat information in a structured and machine-readable format. It facilitates the sharing of threat intelligence by ensuring that data is consistent and can be easily understood by all parties involved.

E. TAXII (Trusted Automated eXchange of Indicator Information): TAXII is a transport mechanism that enables the sharing of cyber threat information over a secure and trusted network. It works in conjunction with STIX to automate the exchange of threat intelligence among organizations.

Other options:

A. CWPP (Cloud Workload Protection Platform): This focuses on securing cloud workloads and is not directly related to threat intelligence sharing.

B. YARA: YARA is used for malware research and identifying patterns in files, but it is not a platform for sharing threat intelligence.

C. ATT&CK: This is a knowledge base of adversary tactics and techniques but does not facilitate the sharing of threat intelligence data.

F. JTAG: JTAG is a standard for testing and debugging integrated circuits, not related to threat intelligence.

References:

CompTIA Security+ Study Guide

"STIX and TAXII: The Backbone of Threat Intelligence Sharing" by MITRE

NIST SP 800-150, "Guide to Cyber Threat Information Sharing"

The technique that best addresses the issue of insider threats from employees who have individual access to encrypted material is key splitting. Here’s why:

Key Splitting: Key splitting involves dividing a cryptographic key into multiple parts and distributing these parts among different individuals or systems. This ensures that no single individual has complete access to the key, thereby mitigating the risk of insider threats.

Increased Security: By requiring multiple parties to combine their key parts to access encrypted material, key splitting provides an additional layer of security. This approach is particularly useful in environments where sensitive data needs to be protected from unauthorized access by insiders.

Compliance and Best Practices: Key splitting aligns with best practices and regulatory requirements for handling sensitive information, ensuring that access is tightly controlled and monitored.

References:

CompTIA Security+ SY0-601 Study Guide by Mike Chapple and David Seidl

NIST Special Publication 800-57: Recommendation for Key Management

ISO/IEC 27002:2013: Information Technology - Security Techniques - Code of Practice for Information Security Controls

By employing key splitting, organizations can effectively reduce the risk of insider threats and enhance the overall security of encrypted material.

Implementing digital signatures ensures the integrity and authenticity of software binaries. When a binary is digitally signed, any tampering with the file (e.g., replacing it with a malicious version) would invalidate the signature. This allows systems to verify the origin and integrity of binaries before execution, preventing the execution of unauthorized or compromised binaries.

A. Improving patching processes: While important, this does not directly address the issue of verifying the integrity of binaries.

B. Implementing digital signatures: This ensures that only valid, untampered binaries are executed, preventing attackers from substituting legitimate binaries with malicious ones.

C. Performing manual updates via USB ports: This is not practical and does not scale well, especially in large environments.

D. Allowing only files from internal sources: This reduces the risk but does not provide a mechanism to verify the integrity of binaries.

References:

CompTIA Security+ Study Guide

NIST SP 800-57, "Recommendation for Key Management"

OWASP (Open Web Application Security Project) guidelines on code signing