3.2 Given a scenario, implement host or application security solutions.

Question 1

TPM

Answer 1

The Trusted Platform Module (TPM) is a hardware-based encryption solution that is embedded in the system and provides secure key storage for full disk encryption. A TPM keeps hard drives locked until proper authentication occurs.

Question 2

HSM

Answer 2

A Hardware Security Module (HSM) is a device used to generate, maintain, and store cryptographic keys. It is an external device and can easily be added to a system.

Question 3

HIDS

Answer 3

A Host-based Intrusion Detection System (HIDS) can detect attacks on a host and protect critical files.

Question 4

HIPS

Answer 4

Host intrusion prevention systems (HIPS) provide threat detection and prevent those threats based on signature values, heuristic behaviors, and security policies.

Question 5

EDR

Answer 5

An endpoint detection and response (EDR) product provides real-time and historical visibility into the compromise, contains the malware, and facilitates remediation of the host to its original state.

Question 6

Measured Boot

Answer 6

A trusted, or measured, boot process uses the trusted platform module (TPM) at each stage in the boot process to check hashes of key system state data, which then uses an attestation process to verify if the system has not been tampered with.

Question 7

Fuzzing

Answer 7

Fuzzing is a dynamic analysis technique that checks code as it is running. When using fuzzing, the system is attacked with random data to check for code vulnerabilities.

Question 8

Static analyzer

Answer 8

A static code analyzer examines code quality and effectiveness without executing the code. An analyzer can be used in conjunction with development for continued code quality checks, or once the code is in its finalization stages.

Question 9

SED

Answer 9

A self-encrypting drive (SED) includes both the hardware and software to encrypt data on a drive. Keys are securely stored within for decryption. SED requires credentials to be entered for decryption.

Question 10

provides encryption for a whole disk and protects the confidentiality of the data

Answer 10

Full disk encryption (FDE)

Question 11

radio frequencies emitted by external sources, such as power lines that disturb signals. Can be avoided by shielding

Answer 11

Electromagnetic interference (EMI)

Question 12

combination of hardware and software used to adjust settings in a computer.

Answer 12

BIOS

Question 13

UEFI

Answer 13

Unified Extensible Firmware Interface (UEFI) is a specification for a software program that connects a computer’s firmware to its operating system. UEFI is the replacement for Basic Input/Output System (BIOS) and has many advancements to include provisions for secure booting.

Question 14

process of checking and validating system files during a boot process.

Answer 14

Attestation

Question 15

a known secure starting point by embedding a private key in the system. The key remains private until the public key is matched.

Answer 15

hardware root of trust

Question 16

environment mimics that of production and allows for an environment to practice deployment

Answer 16

staging

Question 17

the final stage of the deployment effort. Testing in this environment would be too late, given it is the operational environment.

Answer 17

Production

Question 18

A place for creation. Requirements are turned into reality in this environment

Answer 18

development

Question 19

An isolated environment that is often used for testing. Security, patches, and critical updates can be tested.

Answer 19

sandbox

Question 20

Dynamic analysis

Answer 20

Inspects code as it is running for code quality and vulnerabilities.

Question 21

NIDS

Answer 21

Network Intrusion Detection System (NIDS) is an appliance at the network level.

Question 22

NIPS

Answer 22

Network Intrusion Prevention System (NIPS) is like a NIDS but uses intrusive means to protect the network.