3.2 Flashcards
Given a scenario, implement host or application security solutions.
Is the concept of extending the security perimeter to the devices that are connected to the network.
Endpoint protection
Are integrated solutions that combine individual endpoint security functions into a complete package.
Endpoint detection
and response (EDR)
Serve to prevent sensitive data from leaving the network without notice.
Data Loss Prevention (DLP)
Act by inspecting the actual traffic crossing the firewall-not just looking at the source and destination addresses and ports, but also at the actual content being sent.
Next-generation firewall (NGFW)
Act to detect undesired elements in network traffic to and from the host.
Host-based intrusion detection
system (HIDS)
Is a HIDS with additional components to permit it to respond automatically to a threat condition.
Host-based intrusion prevention
system (HIPS)
Also referred to as personal firewalls. Are host-based protective mechanisms that monitor and control traffic passing in to and out of a single system.
Host-based firewall
The assurance that the boot process of a computer system has not been compromised or tampered with by unauthorized entities.
Boot integrity
Offers a solution to the [problem of boot integrity, called called Secure Boot, which is a mode that, when enabled, only allows signed drivers and OS loaders to be invoked.
Boot security/Unified Extensible
Firmware Interface (UEFI)
Is a security feature designed to enhance the integrity of the boot process in computer systems. It works by processing hashes and comparing the hash values to known good values.
Measured boot
Is a security mechanism used to verify the integrity of a computing platform’s boot process remotely. It involves generating and providing evidence to remote parties about the trustworthiness of the platform’s boot sequence.
Boot attestation
Is the process of substituting a surrogate value, called a token, for a sensitive data element.
Tokenization
Is the process of adding a random element to a value before performing a mathematical operation like hashing.
Salting
Is a mathematical method of reducing a data element to a short form that is not reversible to the original form.
Hashing
Is when code is examined without being executed.
Static code analysis
Is analysis that is performed when the software is executed.
Dynamic code analysis
Is a brute force method of addressing input validation issues and vulnerabilities. The basis for ____________ a program is the application of large numbers of inputs to determine which inputs cause faults and which ones might be vulnerable to exploitation.
Fuzzing
Are methods of implementing cryptographic protection on hard drives and other similar storage media with the express purpose of protecting the data, even if the drive is removed from the machine. Are software only proprietary solutions.
Self-encrypting drive (SED)/
full-disk encryption (FDE)
Is used for applying hardware-based encryption to storage mediums.
Opal
Is the concept that if one has trust in a source’s specific security functions, this layer can be used to promote security to higher layers of a system.
Hardware root of trust
Is a hardware solution on the motherboard, one that assists with key generation and storage as well as random number generation.
Trusted Platform Module (TPM)
Refers to the quarantine or isolation of a system from its surroundings.
Sandboxing