7 - 1: Host Security

Question 1

Security baselines

Answer 1

Limit administrative access

Question 2

GPO

Answer 2

Group Policy Object

Question 3

Patch Management

Answer 3

Policy to ensure patches are issued in a timely manner, critical for security issues. Analyze the outcomes of patching

Question 4

System Hardening

Answer 4

Remove unnecessary software and OS components, lockdown host firewall, disable default credentials, verify sysconfig settings

Question 5

Viruses

Answer 5

Spread because of human activity

Question 6

Worms

Answer 6

Spread by themselves

Question 7

Trojan horses

Answer 7

Act as wanted/expected software while carrying malware

Question 8

Spyware

Answer 8

Gathers information and user activity

Question 9

Antivirus mechanisms

Answer 9

Signature detection and behavior/heuristic

Question 10

Signature detection

Answer 10

Watches for known patterns of activity. Requires updating signature files.

Question 11

Behavior/Heuristic detection

Answer 11

Model normal behavior, then alerts when there is deviant behavior

Question 12

EDR

Answer 12

Endpoint Detection and Response, goes deeper than regular antivirus software, real-time protection using endpoint agents and automated responses

Question 13

Sandboxing

Answer 13

Isolates malicious content when it runs, sending it off for monitoring

Question 14

Spam filtering

Answer 14

Blocks unwanted mail

Question 15

Malware logging

Answer 15

Keep a centralized reporting location to review security incidents

Question 16

Application control

Answer 16

Restricts the software that runs on endpoints, typically reported to SIEMs

Question 17

Whitelisting

Answer 17

For tightly controlled environments, its what software can only be used

Question 18

Blacklisting

Answer 18

For looser environment, it is a list of prohibited applications

Question 19

Host Software Baselining

Answer 19

Standard list of software expected on endpoints, then reports deviations to identify unwanted software

Question 20

Firewalls

Answer 20

Restrict traffic and only allow devices that meet security policy to proceed

Question 21

Default Deny Rule

Answer 21

Firewalls, by default, block any network connection not explicitly allowed

Question 22

Firewall Types

Answer 22

Network firewalls and host firewalls. Network access requires BOTH to be configured

Question 23

Network firewalls

Answer 23

Hardware devices that regulate connections between two networks

Question 24

Host firewalls

Answer 24

Software components of an operating system that limit connections to a server

Question 25

Next Generation Firewalls

Answer 25

Designed to use behavioral information to decide network traffic in real time

Question 26

Intrusion Detection Systems

Answer 26

Monitor for suspicious activity and alert sysadmins

Question 27

Intrusion Prevention Systems

Answer 27

Intervene to block suspicious activity once it’s detected

Question 28

File Integrity Monitoring

Answer 28

Watch for unexpected file changes and report on them using cryptographic hashing

Question 29

FIM tuning

Answer 29

Some file changes are expected, so it’s important to tune detection capabilities so as to not over or under alert

Question 30

Data loss prevention

Answer 30

Technology that searches systems and monitors networks for unsecured sensitive information, and provides the ability to block, remove, or encrypt it

Question 31

DLP types

Answer 31

Host-based and network-based

Question 32

Host-based

Answer 32

Detects sensitive information stored on endpoints

Question 33

Network-based

Answer 33

Scans and monitors network transmissions for sensitive information

Question 34

Pattern matching

Answer 34

A detection method analyzing patterns to indicate what data is being moved. Can also be based on a repository of key terms

Question 35

Watermarking

Answer 35

Uses electronic tags to mark sensitive information

Question 36

Linux command to apply database updates

Answer 36

yum