Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

2. Technologies and Tools > 2.4 Analyze and interpret output from security technologies > Flashcards

2.4 Analyze and interpret output from security technologies Flashcards

1
Q

HIDS/HIPS

A

A type of Intrusion Detection System (IDS) that monitors a computer system for unexpected behavior or drastic changes to the system’s state.
HIDS/HIDS produce similar output/logs is similar to anti-malware scanners.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Antivirus scanner

A

Detects and removes virus infections, worms, trojans, rootkits, adware, spyware, DoS tools.
Output is displayed as an alert, and may be tagged with a CME (Common Malware Enumeration)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

File integrity check

A

When software is installed from a legitimate source, the OS package manager checks the signature or fingerprint of each executable file and notifies the user if there is a problem.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Host-based firewall

A

Unlike a network firewall, a host-based firewall will usually displays an alert to the user when a program is blocked, allowing the user to override the block rule or add an accept rule.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Application whitelisting

A

Means nothing can run if it is not on the approved whitelist.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Removable media control

A

An alert will be displayed to the user if a device is blocked by the security policy.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Advanced malware tools

A

Ex. Sysinternals.

  • Look for unrecognized process names
  • Look for processes with no icon, version info, description, or company name
  • Examine processes hosted by the service host executable and determine whether they have a valid parent/child relationship with the principal Windows processes.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

UTM

A

(Unified Threat Management) a system that centralizes various security controls - firewalls, anti-malware, network intrusion prevention, spam filtering, content inspection.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

DLP

A

(Data loss/leak prevention) A software that detects and prevents sensitive information in a system or network from being stolen or otherwise falling into the wrong hands.
Data remediation mechanisms:
- Alert only
- Block
- Quarantine
- Tombstone - file is quarantined and replaced with one describing the policy violation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Data execution prevention

A

Prevent overflow attacks. May prevent applications from running if they don’t support DEP technologies.

Whitelist & Blacklist

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Web application firewall

A

Designed to protect software running on web servers and their backend databases from code injection and DoS attacks.
Output is written to a log, which you can inspect and determine what is a threat.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

2. Technologies and Tools (5 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions