ch 9

Question 1

BIOS

Answer 1

Basic input/output system

Question 2

UEFI

Answer 2

unified extensible firmware interface

Question 3

what was made to combat BIOS attacks

Answer 3

(UEFI) unified extensible firmware interface

Question 4

what is the secure boot process

Answer 4

when using UEFI and secure boot, a computer checks the digital signature of each piece of boot software. if signatures are deem valid the computer boots.

Question 5

what happens if the computer does not deem the boot valid

Answer 5

the computer doesn’t start

Question 6

(TEMPEST)

Answer 6

telecommunications electronics material protected from emanating spurious transmissions

Question 7

what is TEMPEST

Answer 7

intended to prevent attackers from picking up electromagnetic fields from government buildings.

Question 8

what happens during a supply chain infection

Answer 8

steps in the supply chain has opened the door for malware to be injected into products during their manufacturing or storage.

Question 9

what to for OS security configuration

Answer 9

Disabling unnecessary ports and services,
disabling defaults accounts/ passwords
employing least functionality
application white listing and black listing

Question 10

what is a software security update to repair vulnerabilities

Answer 10

security patch

Question 11

what includes enhancements to the software to provide new or expanded functionality, does not address security vulnerability

Answer 11

feature update

Question 12

what accumulates security updates and additional features

Answer 12

service patch

Question 13

what manages patches locally rather than rely on the vendor’s online update service

Answer 13

automated patch update service

Question 14

updates that are applied no matter what

Answer 14

forced updates

Question 15

software that examines a computer for infections, scans new documents that might contain viruses

Answer 15

antivirus

Question 16

what is the weakness of antivirus

Answer 16

vendor must continually search for new viruses, update and distribute signature files to users

Question 17

what is a newer approach to (AV) Antivirus that has heuristic monitoring

Answer 17

dynamic analysis

Question 18

one AV heuristic monitoring technique, questionable code is executed in virtual environment to determine if it is a virus.

Answer 18

code emulation

Question 19

monitors emails for span and other unwanted content

Answer 19

antispam- mail gateway

Question 20

define black listing

Answer 20

nonapproved senders

Question 21

define whitelisting

Answer 21

approved senders

Question 22

what devides email messages into two piles spam and non spam

Answer 22

bayeasian filtering

Question 23

what helps prevent computers from becoming infected by different types of spyware

Answer 23

antispyware

Question 24

small window appearing over website usually created by advertisers

Answer 24

pop-up

Question 25

s separate program as part of anti-spyware package

Answer 25

pop-up blockers

Question 26

tightening security during the design and coding of the OS

Answer 26

OS Hardening

Question 27

an OS that has been designed through OS hardening

Answer 27

trusted OS

Question 28

Removing all unnecessary features that may compromise an OS

Answer 28

kernel pruning

Question 29

(SDIO)

Answer 29

Secure digital input output

Question 30

a storage cad with integrated wireless transmission capabilities

Answer 30

SDIO Secure digital input output

Question 31

An SDIO device used in devices like digital cameras

Answer 31

WIFI enabled micro SD card

Question 32

uses internal storage and external SD cards

Answer 32

Digital cameras

Question 33

(MFD)

Answer 33

Multifunctional devices

Question 34

combines the functions of a printer, copier, scanner, and fax machine

Answer 34

MFD Multifunctional devices

Question 35

(DLP)

Answer 35

Data loss prevention

Question 36

whats the alternative name for displays

Answer 36

often considered "passive" peripherals

Question 37

what is a bollard

Answer 37

vertical post, preventing a car from ramming into the building

Question 38

are security guards considered active security elements ?

Answer 38

yes

Question 39

(PDS)

Answer 39

Protection Distribution system

Question 40

a system of cable conduits used to protect classified information that is being transmitted between two secure areas

Answer 40

(PDS) Protected Distribution system

Question 41

Conduit contructed of special electrical metallic tubing

Answer 41

hardened carrier PDS

Question 42

specialized optical fibers in the conduit that sense acoustic vibrations that occur when an intruder attempts to gain access

Answer 42

alarmed carrier PDS

Question 43

the physical security protecting the hardware of the host system

Answer 43

computer hardware system

Question 44

what are the aspects of application security

Answer 44

application development security secure coding techniques code testing

Question 45

what are the application development stages

Answer 45

development testing staging production

Question 46

what are the application development life cycles

Answer 46

waterfall model | agile model

Question 47

what does the secure devops methodology include

Answer 47

``` security automation continuous integration immutable systems infrastructure as code base lining ```

Question 48

what is provisioning

Answer 48

the enterprise wide configuration, development, and management of multiple types of IT system resources

Question 49

what is deprovisioning

Answer 49

in application development is removing a resource that is no longer needed.

Question 50

test is used to ensure that the projected application meets all specifications at that point

Answer 50

model verification

Question 51

searches for errors that could prevent the application from properly compiling from source code to application code

Answer 51

compiled code testing

Question 52

looks for errors after the program has compiled correctly and is running

Answer 52

runtime code testing

Question 53

which is a testing environments that isolates the untested code from the live production environment

Answer 53

sandbox

Question 54

tools that examine software without executing the program

Answer 54

static program analyzers