2.5

Question 1

Mitigation and Security for Legacy Systems

Answer 1

hardening, patching, configuration enforcement, decommissioning isolation and segmentation

Question 2

Securing Bluetooth Devices

Answer 2

Turn off bluetooth when not in use
set devices to non discoverable mode by default
regularly update firmware so security patches are up to date
only pair with trusted devices
use a unique passkey or pin during pairing
be cautious of unsolicited connection requests
use encryption for sensitive data transfers

Question 3

securing Mobile devices

Answer 3

MDM Mobile device management
- includes patching, config management and best practice enforcement like disabling sideloading, detecting jailbreaking/rooting and enforcing vpn use

Question 4

Securing OS Zero Day vulnerability

Answer 4

frequent system and software updates

Question 5

Securing OS Misconfiguration vulnerability

Answer 5

conduct periodic audits and reviews to identify and mitigate vulnerabilities due to misconfigurations

Question 6

Securing OS Data exfiltration vulnerability

Answer 6

protect with encryption for data at rest and endpoint protection tools to monitor and restrict unauthorized data transfers

Question 7

Securing OS Malicious Updates vulnerability

Answer 7

maintain app allow lists, verify authenticity with digital signatures and hashes, source updates from trusted vendors

Question 8

Hardening

Answer 8

process of enhancing system app or network security

Question 9

What default configurations should be changed in relation to hardening?

Answer 9

default passwords
preset authentication details
should immediately be changes
rotate every 90 days
rely on password manager
unneeded ports and protocols
audit ports that are enabled
close unneeded ports
look for secure versions of protocols and use those
extra open ports
may be open by default
use the more secure ports and close insecure ones

Question 10

How can you restrict apps in the hardening process?

Answer 10

Least functionality - involves configuring system with only essential apps and services, un-needed apps should be restricted
managing software
- keep software up to date
- large networks should require preventive measures to control excessive installations
create secure baselines
- secure baseline images are used for new computers
- baselines include the os and minimum required apps
preventing unauthorized software
app allowlisting and blocklisting are used to control which apps can run on a workstation
- only apps on the approved list are allowed to run
- all other apps are blocked from running
app blocklisting
- apps placed on blocklist are prevented from running
centralized management
-microsoft AD domain controllers allow centralized management of lists

Question 11

TOS

Answer 11

Trusted OS
an OS that is designed to provide a secure computing environment by enforcing stringent security policies that usually rely on mandatory
SELinux is an example of a trusted OS so is Trsusted Solarisaccess controls
include mandatory access control
security auditing
role based access control (SELinus)

Question 12

EAL

Answer 12

Evaluation Assurance Level
a predefined security standard and cert from the common criteria for IT security evaluation
EA1 lowest
EA7 highest level of assurance

Question 13

Mandatory Access Controls

Answer 13

access permissions are determined by a policy defined by the system admin and enforced by the OS. Its controlled at the kernel level and is often used for high security orgs like for the government or millitary

Question 14

Hotfix

Answer 14

a software patch that solves a security issue and should be applied immediately after being tested in a lab environment

Question 15

Update

Answer 15

provides a system with additional functionality but it doesnt usually provide any security patching. they often introduce new vulnerabilities

Question 16

Service Pack

Answer 16

includes all the hotfixes and updates since the release of the OS

Question 17

Patch Management

Answer 17

planning testing implementing and auditing of software patches

Question 18

Patch Planning

Answer 18

creating policies procedures and systems to track and verify patch compatibility

Question 19

Patch Rings

Answer 19

implementing patches one group at a time

Question 20

Patch auditing

Answer 20

scanning network to ensure patch was installed correctly

Question 21

Group Policies

Answer 21

a set ofr ules and policies that can be applied to users or computer accounts within an OS
can be accesses by entering gpedit in the run prompt
each policy acts as a security template applying rules like password complexity, acct lockout policies, software restrictions and app restrictions

Question 22

Security Templates

Answer 22

a group of policies that can be loaded through one procedure

Question 23

GPO

Answer 23

group policy objective
used to harden the OS and establish secure baselines
its like a secutity template in windows to apply settings across devices on a network

Question 24

Baselining

Answer 24

a process of measuring changes in the network hardware of software environment
helps establish what is normal for the org and identify deviations

Question 25

SELinux

Answer 25

Security enhanced linux
provides an additional layer of security for linux distros
enforces mandatory access control
enabled info to be classified and protected
enhances file system security

Question 26

MAC

Answer 26

mandatory access control
restricts access to system resources based on subject clearance and object labels

Question 27

SELinux Context based permissions

Answer 27

permission schemes that consider various properties to determine whether to grant or deny access to a user
two main types that use MAC
SELinux and App Armor

Question 28

DAC

Answer 28

discretionary access control
allows object owners to directly control access using tools like chown and chomos
selinux uses mac not dac

Question 29

Three main contexts in selinux

Answer 29

user context (defines which users have access to an object)
role context
type context - essential for fine grained access control most critical

Question 30

Optional context

Answer 30

level context
describes the sensitivity level of a file directory or process

Question 31

SELinux Modes

Answer 31

disabled turns off selinux relying on default dac for access control
enabled
permissive enabled selinux but does not enforce policies

Question 32

SELinux Policy Types

Answer 32

Targeted - only specific processes are confined to a domain while others are unconfined
strict policies - every subject and object operates under mac but its more complex to setup. most secure
MLS policy implements a more stringent security model based on the Bell-LaPadula model, which focuses on maintaining data confidentiality by controlling read and write access based on security levels.

Question 33

Data Encryption Levels

Answer 33

Full disk
partition
volume
file level
database
record

Question 34

Veracrypt

Answer 34

tool that encrypts partitions of a hard drive

Question 35

Volume encryption

Answer 35

used to encrypt a set space on the storage medium

Question 36

GNU Privacy Guard

Answer 36

a tool that provides cryptographic privacy and authentication for data and communication

Question 37

Mutex

Answer 37

mutually exclusive flag that acts as a gatekeepers to a section of the code so that only one threat can be processed at a time

Question 38

Deadlock

Answer 38

occurs when a lock remains in place because the process its waiting for is terminated crashes or doesnt finish properly