Ch5: Securing Hosts and Data

Question 1

Least functionality

Answer 1

A core security principle stating that systems should be deployed with the least amount of applications, services, and protocols

Question 2

Trusted OS

Answer 2

A trusted OS meets a set of predetermined requirements, such as those identified in the Common Criteria. Uses the MAC (mandatory access control) model

Question 3

A master image provides

Answer 3

a secure starting point for systems

Question 4

Admins create master images with templates or other tools to…

Answer 4

create a secure baseline

Question 5

Integrity measurements discover…

Answer 5

when a system deviates from the baseline

Question 6

The WannaCry ransomware worked only because…

Answer 6

Systems were not kept up-to-date with current patches. Microsoft had released an update to the known vulnerability two months before the attack

Question 7

Patch management ensures

Answer 7

OS’s and applications are up to date with current patches to protect systems against known vulnerabilities

Question 8

Change management

Answer 8

Defines the process and accounting structure for handling modifications and upgrades. Goal is to provide documentation for all changes and reduce risks related to unintended outages

Question 9

Application whitelist

Answer 9

List of authorized software that prevents users from installing or running software that isn’t on the list

Question 10

Application blacklist

Answer 10

List of unauthorized software that prevents users from installing or running software on the list

Question 11

Sandboxing

Answer 11

The use of an isolated area, often used for testing

Question 12

I can create a sandbox with…

Answer 12

A VM or the chroot command on Linux

Question 13

Secure deployment environment includes

Answer 13

Development, testing, staging, and production elements

Question 14

Secure systems design considers…

Answer 14

Electromagnetic interference (EMI) and electromagnetic pulse (EMP)

Question 15

EMI sources

Answer 15

Motors, power lines, fluorescent lights. Can be prevented with shielding

Question 16

Mild forms of EMP

Answer 16

Electrostatic discharge and lightning. Systems can be protected from these

Question 17

TPM

Answer 17

Trusted Platform Module is a hardware chip included on many laptops and mobile devices that includes a unique RSA asymmetric key burned into the chip and provides a hardware root of trust

Question 18

TPM provides

Answer 18

Full disk encryption and supports a secure boot process and remote attestation

Question 19

HSM

Answer 19

Hardware security module is a removable or external device that can generate, store, and manage RSA keys used in asymmetric encryption. Many server-based applications use an HSM to protect keys

Question 20

SaaS

Answer 20

Software as a Service cloud-based technologies includes any software or application provided to users over a network like the Internet, such as web-based email

Question 21

PaaS

Answer 21

Platform as a Service provides customers with a fully managed platform, which the vendor keeps up to date with current patches

Question 22

IaaS

Answer 22

Infrastructure as a Service provides customers with access to hardware in a self-managed platform

Question 23

CASB

Answer 23

A cloud access security broker is a software tool deployed between an organization’s network and the cloud provider that provides Security as a Service by monitoring traffic and enforcing security policies

Question 24

Private clouds

Answer 24

Only available for one organization

Question 25

Public cloud services

Answer 25

…are provided by 3rd-party companies and available to anyone

Question 26

Community cloud

Answer 26

Shared by multiple organizations

Question 27

Hybrid cloud

Answer 27

Combination of 2 or more clouds

Question 28

COPE devices

Answer 28

Corporate-owned, personally enabled devices are owned by the organization but employees can use them for personal reasons

Question 29

BYOD

Answer 29

A bring your own device policy allows employees to connect their own personal devices to the corporate network

Question 30

CYOD

Answer 30

A choose your own device policy includes a list of approved devices. Employees with a device on the list can connect to the network

Question 31

VDI

Answer 31

A virtual desktop infrastructure is a virtual desktop and these can be created so that users can access them from a mobile device

Question 32

MDM tools help…

Answer 32

Mobile device management tools help enforce security policies on mobile devices.

Question 33

MDM tools include

Answer 33

Use of storage segmentation, containerization, full disk encryption, and enforcing strong authentication methods to prevent unauthorized access.

Question 34

Remote wipe

Answer 34

sends a signal to a lost or stolen device to erase all data

Question 35

Geolocation

Answer 35

Uses GPS and can help locate a lost or stolen device

Question 36

Geofencing

Answer 36

creates a virtual fence or geographic boundary and can be used to detect when a device is within an organization’s property

Question 37

GPS tagging

Answer 37

adds geographical data to files such as pictures

Question 38

Context-aware authentication

Answer 38

uses multiple elements to authenticate a user and a mobile device

Question 39

Jailbreaking

Answer 39

removes all software restrictions from an Apple device

Question 40

Rooting (android)

Answer 40

modifies an Android device, giving users root-level access to the device. Overwriting the firmware with custom firmware is one way (“another way”) to root an Android device

Question 41

Sideloading

Answer 41

The process of installing software on an Android device from a source other than an authorized store

Question 42

Tethering

Answer 42

The process of sharing a mobile device’s Internet connection with other devices

Question 43

Wi-Fi Direct

Answer 43

A standard that allows devices to connect without a wireless access point or wireless router

Question 44

You can use what to prevent tethering or Wi-Fi Direct Internet access?

Answer 44

MDM tools can block access to devices using tethering or Wi-Fi Direct to access the Internet

Question 45

Embedded system

Answer 45

Any device that has a dedicated function and uses a computer system to perform that function. Includes any IoT devices such as wearable technology and home automation systems

Question 46

SCADA system

Answer 46

A supervisory control and data acquisition system has embedded systems that control an industrial control system (ICS) such as one used in a power plant or water treatment facility

Question 47

Primary methods of protecting confidentiality of data

Answer 47

encryption and strong access controls

Question 48

Database column encryption

Answer 48

protects individual fields within a database

Question 49

File/folder-level protection

Answer 49

protects individual files

Question 50

Full disk encryption

Answer 50

protects entire disks

Question 51

chmod

Answer 51

changes permissions on linux systems

Question 52

Data exfiltration

Answer 52

the unauthorized transfer of data out of a network

Question 53

DLP techniques

Answer 53

Data loss prevention techniques can block the use of USB devices to prevent data loss and monitor outgoing email traffic for unauthorized data transfers

Question 54

Cloud-based DLP

Answer 54

can enforce security policies for data stored in the cloud, such as ensuring that Personally Identifiable Information (PII) is encrypted