4.4 Incident, apply mitigation techniques or controls to secure an environment

Question 1

Endpoint configuration: what are the different security controls for endpoints?

Answer 1

• Application approved /deny lists
• OS

Question 2

Endpoint configuration: why some application are allowed /denied ?

Answer 2

Because some app can be dangerous and contain vulnerabilities, trojan horses, malware

Question 3

Endpoint configuration: why OS are important for security endopoint ?

Answer 3

Decisons are made in the OS:
- App: allow app with this unique identifier
- OS can allow digitally signed apps from certain publisher (ex: anything signed by microsoft is trusted but not the rest)
- Path: allow application that are install in a specific folder

Question 4

Security configuration: what can be configured to tighten security?

Answer 4

• Firewall rules
• MDM
• DLP
• Content filter/ URL filter
• Updating or revoking certificates

Question 5

Security configuration: what is isolation?

Answer 5

Administratively isolate a compromised device from everything else

Question 6

Security configuration: what can be isolated?

Answer 6

• Network: remediation VLAN
• Process: limit app execution, prevent malicious activity

Question 7

Security configuration: what is containment?

Answer 7

Run application in its own sandbox

Question 8

Security configuration: why containment help in security?

Answer 8

Limit interaction with host OS and other application. Therefor, malware would have no method of infection

Question 9

Security configuration: what is SOAR?

Answer 9

Security Orchestration, Automation and Response helps coordinate, execute and automate tasks between various people and tools all within a single platform.

Ex: reset password, create website certificate, backup data app