11) Operating System Security Flashcards

1
Q

What type of OS hardening is the following action:

All user IDs are password protected and were changed when setting up the computer.

A

Alter default accounts

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What type of OS hardening is the following action:

Admin and Administrator usernames are changed

A

Alter default accounts

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What type of OS hardening is the following action:

Regular user IDs do not have the ability to install software.

A

Apply the principle of least privilege

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What type of OS hardening is the following action:

Never connect a new computer to the corporate network unless patches have already installed.

A

Perform updates

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What type of OS hardening is the following action:

Knowing what ports are open is useful to complete this hardening task.

A

Remove all unessential services

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What type of OS hardening is the following action:

The database server is stripped down except for mySQL.

A

Remove all unnecessary software

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What type of OS hardening is the following action:

The trail of significant OS events are placed on the hard drive.

A

Turn on logging and auditing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

(T/F) Executable space protection is a software technology implemented by operating systems to stop attacks using the same techniques used in malware.

A

False

Executable space protection requires two components to function: a hardware component and a software component. Both AMD and Intel CPU chips manufacturers support the hardware and many operating systems support the software required.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

This type of host-based software may communicate with the management device by sending regular beacons.

A

HIDS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

HIDS is a type of host-based software that may communicate with the management device by sending regular beacons. What does HIDS stand for?

A

Host intrusion detection system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What type of security tool is the following:

Metasploit

A

Exploit Framework

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What type of security tool is the following:

CANVAS

A

Exploit Framework

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What type of security tool is the following:

Nmap

A

Scanner

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What type of security tool is the following:

Nesus

A

Vulnerability Assessment Tool

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

The process of reducing the number of available avenues through which our operating system might be attacked.

A

Operating system hardening

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

The total of the areas through which our operating system might be attacked.

A

Attack surface

17
Q

A principle that states we should only allow a party the absolute minimum permission needed for it to carry out its function.

A

The principle of least privilege

18
Q

A particularly complex and impactful item of malware that targeted the SCADA systems that run various industrial processes; this piece of malware raised the bar for malware from largely being a virtual-based attack to actually being physically destructive.

19
Q

Stuxnet is a particularly complex and impactful item of malware that targeted the SCADA systems that run various industrial processes. What does SCADA stand for?

A

Supervisory Control and Data Acquisition

20
Q

A type of tool that uses signature matching or anomaly detection to detect malware threats, either in real-time or by performing scans of files and processes.

A

Anti-malware tool

21
Q

The process of anomaly detection used by anti-malware tools to detect malware without signatures.

A

Heuristics

22
Q

A hardware/software-based technology that prevents certain portions of the memory used by the operating system and applications from being used to execute code.

A

Executable space protection

23
Q

The act of inputting more data than an application is expecting from a particular input, creating the possibility of executing commands by specifically crafting the excess data.

A

Buffer overflow attack

24
Q

A security method that involves shifting the contents of memory around to make tampering difficult.

25
Q

An ASLR is a security method that involves shifting the contents of memory around to make tampering difficult. What does ASLR stand for?

A

Address space layout randomization

26
Q

This type of firewall generally contains a subset of the features on a large firewall application, but is often capable of similar packet filtering and stateful packet inspection activities.

A

Software firewall

27
Q

A system used to analyze the activities on or directed at the network interface of a particular host.

28
Q

A HIDS is a system used to analyze the activities on or directed at the network interface of a particular host. What does HIDS stand for?

A

Host intrusion detection system

29
Q

A type of tool that can detect various security flaws when examining hosts.

30
Q

A tool that is aimed specifically at the task of finding and reporting network services on hosts that have known vulnerabilites.

A

Vulnerability assessment tool

31
Q

A well-known vulnerability assessment tool (it also includes a port scanner)

32
Q

A group of tools that can include network mapping tools, sniffers, and exploits.

A

Exploit framework

33
Q

Small bits of software that take advantage of flaws in other software or applications in order to cause them to behave in ways that were not intended by their creators.

34
Q

The total of the available avenues through which our operating system might be attacked.

A

Attack surface

35
Q

What security strategy best protects an operating system from buffer overflow attacks?

a) Implement anti-malware tools
b) Apply software updates
c) Implement executable space protection
d) Install a host intrusion detection system

A

c) Implement executable space protection

36
Q

Which well-known tool is a scanner with a large and broad set of functionality?

a) Nmap
b) Hping3
c) NetStumbler
d) Metasploit
e) Stuxnet

37
Q

Which tool is a well-known vulnerability assessment tool that also includes a port scanner?

a) NetStumbler
b) Metasploit
c) Nessus
d) Immunity CANVAS

38
Q

Small bits of software that take advantage of flaws in other software or application to cause them to behave in ways that were not intended by their creators.