4.1

Question 1

A template of a secure configuration that can be modified in order to best serve the specific application it is being used for.

They are often available from the manufacturer of the device or application.

Answer 1

Security baseline

Question 2

True/False

Most security baselines rarely need updating/changing

Answer 2

True

However, some baselines may require frequent updating due to discovered vulnerabilities or new software needed.

Question 3

2 common hardening techniques for mobile devices

Answer 3

Update

Segmentation (user vs company data)

Question 4

True/False

Mobile devices typically have hardening checklists available from the manufacturer

Answer 4

True

Question 5

4 ways to harden a workstation

Answer 5

Keep it updated

Automate the monthly security patches (but make sure to test them)

Connect to a policy management system (AD group policy, etc.)

Remove unnecessary software

Question 6

2 ways to harden network infrastructure devices

Answer 6

Configure authentication - don’t use defaults!

Check with the manufacturer for security updates

(Because these are purpose-built devices, they don’t get updated often. But any updates are always important.)

Question 7

4 ways to harden/secure cloud infrastructure

Answer 7

Secure the cloud management workstation

Implement least privilege

Configure EDR (all devices accessing the cloud should be secure)

Always have backups (you can backup to a separate cloud provider)

Question 8

4 ways to harden/secure servers

Answer 8

Update and patch

Secure accounts (least privilege, password requirements)

Limit network access (firewall)

Monitor and secure (antivirus, antimalware)

Question 9

SCADA stands for

Answer 9

Supervisory Control and Data Acquisition System

Question 9

1 way to harden/secure SCADA/ICS

Answer 9

Extensive segmentation - no access from the outside

Question 10

3 ways to harden/secure embedded systems

Answer 10

Security patches

Segmentation on their own network

Firewall in front of the segment

Note: Upgrading/modifying an existing embedded system is not always an option. Remember that embedded systems don’t usually allow access into the OS. Things like televisions and watches are easy, but other things not so much.

Question 11

3 ways to harden/secure RTOSs

Answer 11

Isolate the system from the rest of the network

Run with the minimum amount of services

Use secure communication (firewall)

Question 12

3 ways to harden/secure IoT devices

Answer 12

Change default accounts and configurations

Deploy updates quickly

Segment IoT devices on their own VLAN

Question 13

The inspection of a location that involves what wireless networks are nearby, determining the existing wireless spectrum, identifying existing access points, and a plan for how to work around existing wireless frequencies.

Answer 13

Site survey

Question 14

A two-dimensional diagram that shows wireless AP signal coverage.

Answer 14

Heat map

AKA Wi-Fi coverage map

Question 15

MDM stands for

Answer 15

Mobile Device Management

Question 16

BYOD stands for

Answer 16

Bring Your Own Device

Question 17

A system that allows centralized management of mobile devices. Can set policies on features (camera, apps, data, etc.), enforce segmentation, and manage access control (screen locks, PINs).

Answer 17

MDM

Question 18

A policy that allows employees to bring their own personal device to be used partially for work. The device will be managed via an MDM.

Answer 18

BYOD

Question 19

COPE stands for

Answer 19

Corporate owned, personally enabled

Question 20

A policy where the organization purchases the device for employees to use as both a personal and corporate device.

Answer 20

COPE

Question 21

Difference between COPE and CYOD

Answer 21

CYOD allows the employee to choose which device they want to use

Question 22

CYOD stands for

Answer 22

Choose Your Own Device

Question 23

PAN stands for

Answer 23

Personal Area Network

Question 24

PAN is AKA

Answer 24

Bluetooth

Question 25

MIC stands for

Answer 25

Message Integrity Check

Question 26

3 methods to secure a wireless network

Answer 26

Authenticate users before granting access

Encrypt all confidential communication

Verify integrity of communication (MIC)

Question 27

True/False

WPA2 is insecure because it is vulnerable to brute force attacks

Answer 27

True

Question 28

Which cipher mode does WPA3 use? This encryption is stronger than that of WPA2.

Answer 28

GCMP

Question 29

GCMP stands for

Answer 29

Galois/Counter Mode Protocol

Question 30

2 security services that GCMP provides

Answer 30

Data confidentiality with AES

MIC with GMAC (Galois Message Authentication Code)

Question 31

SAE stands for

Answer 31

Simultaneous Authentication of Equals

Question 32

The authentication process used in WPA3

Answer 32

SAE

Question 33

A derivation of Diffie-Hellman key exchange with an authentication component. Everyone uses a different session key even if they each use the same pre-shared key.

Eliminates the need for four-way handshakes and hashes, so it is not vulnerable to brute force attacks.

Answer 33

SAE

Question 34

SAE is AKA

Answer 34

Dragonfly handshake

Question 35

A PSK is a fancy name for a…

Answer 35

Network password

Question 36

PSK stands for

Answer 36

Pre-shared key

Question 37

The 2 most common methods of securing a network

Answer 37

Shared password (PSK)

Centralized authentication (802.1X)

Question 38

WPA3-Personal / WPA3-PSK provides authentication via

Answer 38

PSK

Question 39

WPA3-Enterprise / WPA3-802.1X provides authentication via

Answer 39

Individual authentication credentials with an authentication server (ex. RADIUS, LDAP, TACACS+, etc.)

Question 40

A framework that identifies users, authenticates them, identifies their permissions, and logs what resources that user accessed.

Answer 40

AAA framework

Question 41

RADIUS stands for

Answer 41

Remote Authentication Dial-In User Service

Question 42

One of the most common AAA protocols that is supported on a wide variety of platforms and devices.

It centralizes authentication for users–through routers, switches, firewalls, VPNs, and 802.1X network access.

Answer 42

RADIUS

Question 43

When a network says it is an “open system” that means…

Answer 43

No authentication/password is required

Question 44

NAC stands for

Answer 44

Network Access Control

Question 45

A control that prevents network access until authentication is successful (802.1X is just one type of this)

Answer 45

NAC

Question 46

802.1X NAC is used in conjunction with…

Answer 46

AAA server (RADIUS, LDAP, TACACS+, etc.)

Allows administrators centralized management for disabling accounts, forcing password changes, etc.

Question 47

A framework used with 802.1X that allows manufacturers to customize authentication measures for their devices to meet requirements.

Combined with 802.1X to provide authentication to the network.

Answer 47

EAP

Question 48

EAP stands for

Answer 48

Extensible Authentication Protocol

Question 49

A security process that prevents unexpected input from being interpreted by an application

Answer 49

Input validation

Question 50

A type of input validation that raises an error when the input does not match what is expected. (ex. SSN should be 9 characters and only have integers.)

Answer 50

Normalization

Question 51

An automated tool that inputs random data of random types to see what the application does. If the application behaves unexpectedly, the developer can fix whatever issue it has.

Answer 51

Fuzzer

Question 52

Small pieces of information that are stored on your browser that track the websites you visited. They are used for personalization and session management.

Answer 52

Cookies

Question 53

Difference between cookies and secure cookies

Answer 53

Secure cookies will only be transferred when using a secure connection (ex. HTTPS)

Question 54

SAST stands for

Answer 54

Static Application Security Testing

Question 55

An automated analysis tool that identifies known vulnerabilities (buffer overflows, database injections, etc.)

Answer 55

SAST

Question 56

A way to ensure that the code you are installing is the same code that was deployed by the developer/manufacturer

Answer 56

Code signing

Question 57

A method of isolating a system for the purposes of testing data without affecting the production network.

Answer 57

Sandbox

Question 58

Real-time detection of application use that can indicate who is accessing the application, blocked attack attempts, identify anomalous file transfers or increased permissions, and log events.

Answer 58

Application security monitoring

Question 59

2 vulnerabilities that CANNOT be identified by a SAST tool.

Answer 59

Authentication security
Insecure cryptography