Skip to content

Chapter 16 Managing Security Operations

Domain 2, 3, 7 & 8

Written Lab

  1. Define the difference between need to know and the least privilege principle.

    Need to know focuses on permissions and the ability to access information, whereas the least privilege principle focuses on privileges. Privileges include both rights and permissions. Both limit the access of users and subjects to only what they need. Following these principles prevents and limits the scope of security incidents.

  2. Describe the purpose of monitoring the assignment and usage of special privileges.

    Monitoring the assignment of special privileges detects when individuals are granted higher privileges, such as when they are added to an administrator account. It can detect when unauthorized entities are granted higher privileges. Monitoring the usage of special privileges detects when entities are using higher privileges, such as creating unauthorized accounts, accessing or deleting logs, and creating automated tasks. This monitoring can detect potential malicious insiders and remote attackers.

  3. List the three primary cloud-based service models and identify the level of maintenance provided by the cloud service provider in each of the models.

    • Software as a service (SaaS)

    • Platform as a service (PaaS)

    • Infrastructure as a service (IaaS)

    The cloud service providers provides the most maintenance and security services with SaaS, less with PaaS, and the least with IaaS.

  4. Explain how change management processes help prevent outages.

    Change management processes help prevent outages by ensuring that proposed changes are reviewed and tested before being deployed. They also ensure that changes are documented.