Ch 5. Securing Hosts/Data

Question 1

Least Functionality

Answer 1

a core security principle stating that systems should be deployed with the least amount of applications, services, and protocols

Question 2

Backdoor

Answer 2

an access point to an application or service that bypasses normal security mechanisms

Question 3

Trusted Operating System

Answer 3

meets a set of predetermined requirements, such as those identified in the Common Criteria. It uses the mandatory access control (MAC) model.

Question 4

Patch Management

Answer 4

ensures that systems and applications stay up to date with current patches

Question 5

Change Management

Answer 5

defines the process and accounting structure for handling modifications and upgrades. The goals are to reduce risks related to unintended outages and provide documentation for all changes

Question 6

Sandboxing

Answer 6

the use of an isolated area for testing. You can create one with a virtual environment and on Linux with the chroot command.

Question 7

EMI

Answer 7

Electromagnetic Interference; comes from sources such as motors, power lines, and fluorescent lights and can interfere with signals transmitted over wires

Question 8

EMP

Answer 8

Electromagnetic Pulse; a short burst of energy that can cause damage to computing equipment

Question 9

FDE

Answer 9

Full Disk Encryption; encrypts an entire disk

Question 10

SED

Answer 10

Self-Encrypting Drive; includes the hardware and software to encrypt all data on the drive and securely store the encryption keys

Question 11

BIOS

Answer 11

Basic Input/Output System; includes software that provides a computer with basic instructions on how to start. Often referred to as firmware

Question 12

UEFI

Answer 12

Unified Extensible Firmware Interface; like BIOS but with enhancements such as being CPU-independent

Question 13

TPM

Answer 13

Trusted Platform Module; a hardware chip on the computer’s motherboard that stores cryptographic keys used for encryption

Question 14

Secure Boot

Answer 14

process that checks and validates system files during the boot process. A TPM typically uses a secure boot process

Question 15

Attestation

Answer 15

sends a report to a stored system to check and validate system files during the boot process

Question 16

Hardware Root of Trust

Answer 16

a known secure starting point. TPMs have a private key (RSA) burned into the hardware that provides a hardware root of trust

Question 17

HSM

Answer 17

Hardware Security Module; a removable or external device that can generate, store, and mange RSA keys used in asymmetric encryption. Many server-based applications use an HSM to protect keys

Question 18

CASB

Answer 18

Cloud Access Security Broker; a software tool or service deployed between an organization’s network and the cloud provider. It provides Security as a Service by monitoring traffic and enforcing security policies

Question 19

Four models of Cloud Deployment

Answer 19

Public, Private, Community, Hybrid

Question 20

MDM

Answer 20

Mobile Device Management; helps enforce security policies on mobile devices

Question 21

tethering

Answer 21

the process of sharing a mobile device’s Internet connection with other devices

Question 22

WiFi Direct

Answer 22

a standard that allows devices to connect without a wireless access point

Question 23

Embedded Systems

Answer 23

any device that has a dedicated function and uses a computer system to perform that function

Question 24

SoC

Answer 24

system on a chip; an integrated circuit that includes all the functionality of a computing system within the hardware.

Question 25

ICS

Answer 25

Industrial Control System; typically refers to systems within large facilities such as power plants or water treatment facilities

Question 26

SCADA

Answer 26

Supervisory Control and Data Acquisition; a system that controls an ICS such as a power plant or water treatment facility.

Question 27

RTOS

Answer 27

Real Time Operating System; an OS that reacts to input within a specific time. If it can’t respond within the specific time than it doesn’t process the data and typically reports an error

Question 28

Data Exfiltration

Answer 28

the unauthorized transfer of data outside an organization