4 Security Applications and Device Flashcards
Which operating system utilizes the PF and IPFW firewall
OS X
Which operating system utilizes the iptables firewall
Linux
What is a monitoring system that detects suspicious actives and generates alerts when they are detected
Intrusion Detection System (IDS)
What are the two types of IDS’s
Host-based IDS and Network-based IDS
What is a host based ids
it monitors the computer infrastructure on which it is installed, analyzing traffic and logging malicious behavior
what is a network based ids
devices intelligently distributed within networks that passively inspect traffic traversing the devices on which they sit
What are the three types of detection methods in an IDS
signature based, policy based, and anomaly based
What is signature based detection method in an IDS
A specific string or byte triggers an alert
What is policy based detection method in an IDS
relies on specific declaration of the security policy
What is anomaly based detection method in an IDS
Analyzes the current traffic against an established baseline and triggers an alert if outside the statistical average
What is malicious activity is identified as an attack:
A. True Positive
B. False Positive
C. True Negative
D. False Negative
A. True Positive
What is legitimate activity is identified as an attack
A. True Positive
B. False Positive
C. True Negative
D. False Negative
B. False Positive
What is legitimate activity is identified as legitimate traffic
A. True Positive
B. False Positive
C. True Negative
D. False Negative
C. True Negative
What is malicious activity identified as legitimate traffic
A. True Positive
B. False Positive
C. True Negative
D. False Negative
D. False Negative
What is the difference between an IDS and an IPS
An IDS detects and monitoring tools. Tools do not take action on their own. Requires human interaction. An IPS is a control system. They accept or rejects packets based on the ruleset. Require that the database gets updated regulated with new thread data.
What is a software-based client that monitors the data in use on a computer and can stop a file transfer or alert an admin of the occurrence
Endpoint Data Loss Prevention System
What is software or hardware-based solution that is installed on the perimeter of the network to detect data in transit
Network Data Loss Prevention System
What is software installed on servers in the datacenter to inspect the data at rest
Storage Data Loss Prevention System
What is cloud software as a service that protects data being stored in cloud services
Cloud DLP System
What is the firmware interface that is similar to BIOS but stores its data in a file rather than on the firmware
UEFI
What are the ways to secure the BIOS
Flash the BIOS, use a BIOS password, configure the BIOS boot loader, disable external ports and devices, and enable the secure boot option
What type of storage device is connected directly to your organization’s network and often use RAID arrays to ensure high availability
Network Attached Storage (NAS)
What is a storage device that is network designed specifically to perform block storage functions that may consist of NAS devices
Storage Area Network (SAN)
What are some security characteristics with a Storage Area Network
Proper Data Encryption, Proper Authentication, and Log NAS access
What is a security limitation place on a system in regards to the utilization of USB storage devices and other removable data
removing media controls
What is a type of disk encryption that is utilized by a storage device that performs whole disk encryption by using embedded software
Self-Encrypting Drive
File Vault and BitLocker are the most commonly used ______ software
encryption
What is a type of disk encryption that utilizes a chip residing on the motherboard that contains an encryption key
Trusted Platform Module (TPM)
If your motherboard doesn’t have a Trusted Platform Module what is something you can use as a key
A usb drive
What is a type of disk encryption that uses physical devices that act as a secure crypto-processor during the encryption process
Hardware Security Module (HSM)
What is a type of encryption standard that utilizes a symmetric block cipher that can encrypt and decrypt information
Advanced Encryption Standard (AES)
What is a type of IDS/IPS that monitors a computer system for unexpected behavior or drastic changes to the system’s state on an endpoint
Host-based IDS/IPS (HIDS or HIPS)
What is a software agent and monitoring system that performs multiple security tasks such as anti-virus, HIDS/HIPS, firewall, DLP, and file encryption
Endpoint Protection Platform (EPP)
What is a software agent that collects system data and logs for analysis by a monitoring system to provide early detection of threats
Endpoint Detection and Response (EDR)
What is a system that can provide automated identification of suspicious activity by user accounts and computer hosts
User and Entity Behavior Analytics (UEBA)
What type of endpoint analysis is heavily dependent on artificial intelligence and machine learning
User and Entity Behavior Analytics (UEBA)
What is the hybrid of EPP, EDR, and UEBA
NextGen AV (NGAV)
What is the highest level of wireless security
WiFi Protected Access 2 (WPA2)
What are some security attributes to do on mobile
Do not jailbreak
