3.2 Implement Host or Application Security Solutions

Question 1

A method of enpoint threat protection that scales to meet the increasing number of threats these days.

Answer 1

Endpoint detection and response (EDR)

Question 2

What are the 3 steps to EDR?

Answer 2

Detect a threat

Investigate the threat

Respond to the threat

Question 3

Endpoint protection method that involves stopping the leakage of data before the attacker can get to it.

Answer 3

Data loss prevention (DLP)

Question 4

A firewall capable of broad security controls that include allowing or blocking application features, identifing malware, examining encrypted data, and preventing access to URLs or URL categories.

Answer 4

Next-generation firewall (NGFW)

Question 5

Software based firewall that runs directly on the endpoint. Can allow or disallow application traffic.

Answer 5

host-based firewall

Question 6

What is the difference between a HIDS and a HIPS system?

Answer 6

HIDS - Host-based intrusion detection system

Used to detect intrusions

HIPS - Host-based intrusion prevention system

Used to block known attacks

Question 7

What are the two integrated hardware compnents that are the source of trust for a system when it comes to security?

Answer 7

Trusted platform module (TPM)

Hardware security module (HSM)

Question 8

Boot type that is part of the UEFI specification and verifies the bootloader on a system.

Answer 8

Secure boot

Question 9

Boot version that verifies the digital signature of the OS kernel, and takes place just before loading the drivers.

Answer 9

Trusted Boot

Question 10

What is it called when a devices sends an encrypted and digitally signed report of the system’s secure boot information to an attestation server?

Answer 10

Remote attestation

Question 11

What are 3 of the main compliance standards that often apply to database security?

Answer 11

PCI DSS

HIPAA

GDPR

Question 12

The process of replacing sensitive information with a non-sensitive placeholder.

Answer 12

Tokenization

Question 13

True or false: In tokenization, the original data and the token are mathematically related, just like an encryption.

Answer 13

False

Question 14

Process of developing code which verifies that the data entered is correctly formatted to prevent attacks.

Answer 14

Input validation

Question 15

The process of sending random input data to an application in order to test it’s robustness and input validation.

Answer 15

Dynamic analysis (fuzzing)

Question 16

True or false: the process of fuzzing is processor and resource heavy.

Answer 16

True

Question 17

What protocol are secure cookies only transmitted over?

Answer 17

HTTPS

Question 18

In code signing, a developer signs their code with their own private key using asymmetric encryption. What must happen first before the developer can do the signing?

Answer 18

A trusted CA must sign the developers private key

Question 19

The process of testing applications using a static code analyzers to identify security flaws.

Answer 19

Static application security testing (SAST)

Question 20

Process of minimizing the attack surface of an application.

Answer 20

Hardening

Question 21

The process of encrypting a drive using hardware rather than encryption software like BitLocker.

Answer 21

Self-encrypting drive (SED)

Question 22

What are 4 ways to harden operating systems?

Answer 22

Updates

User account limitations

Network Access limitation

Monitor and secure (AV)

Question 23

Development method used to deploy and test software that prevents the application from accessing unrelated resources on the network.

Answer 23

Sandboxing

Question 25

What are 4 ways to allow or deny applications via an operating system?

Answer 25

Hash

Certificate

File Path

Network Zone

Question 26

Standard for SED storage drives.

Answer 26

Opal Standard