Exam Objectives 2.5
Explain the purpose of mitigation techniques used to secure the enterprise.
- Segmentation: Dividing networks into smaller segments
- Access control: Regulatomg user access to sensitive resources:
- Access control list (ACL): Digital gatekeeper with a guest list, filtering authorized access
- Permissions: Digital keys, granting entry or locking users from resources
- Application allow list: Allow trusted software, blocks untrusted applications
- Isolation: Separates and protects critical assets
- Patching: Regular updates to fix software vulnerabilities
- Encryption: Secures data by making it unreadable to unauthorized parties
- Monitoring: Dynamically identifies and addresses security threats
- Least privilege: Users and processes get only essential permissions
- Configuration enforcement: Maintains systems per security standards
- Decommissioning: Identifies and retires unneeded assets
- Hardening techniques: Strengthen host security against...