Chapter 11: Managing Application Security

Question 1

modern version of the Basic Input Output System (BIOS) is more secure and is needed for a secure boot of the OS. The older BIOS cannot provide secure boot.

Answer 1

Unified Extensible Firmware Interface (UEFI)

Question 2

in a windows computer, the early launch anti malware tests that all drivers that are being loaded are signed and prevents rogue drivers from loading

Answer 2

Early Launch Anti Malware

Question 3

this was first adopted with Windows 8 where all components from the firmware are up to the applications and software measured and stores this information in a log file—log file is stored in the Trusted Platform Module (TPM) chip

Answer 3

Measured Boot

Question 4

using an FDE such as BitLocker

Answer 4

Secure Boot and Attestation

Question 5

monitors websites that are being visited and the files that are being downloaded to ensure they are not infected by viruses or trojans

Answer 5

Antivirus

Question 6

scans computer for adware and spyware and prevents malicious software from running

Answer 6

Anti Malware

Question 7

advanced solution that is better than anti virus or anti malware. It is a centralized console that continuously monitors the computer and makes alerts when a threat has been detected

Answer 7

Endpoint Detection and Response (EDR)

Question 8

an endpoint DLP solution can be setup so that it can protect data on your computer from being stolen by using email or USB drive.

Answer 8

Data Loss Prevention (DLP)

Question 9

more than a traditional firewall. It can act as a stateful firewall by carrying out deep packet filtering. It can also inspect application traffic to ensure that it is legitimate and use whitelisting to ensure that only approved applications are allowed to run.

Answer 9

Next Generation Firewall (NGFW)

Question 10

software program that can be installed on a host to protect it against attack. It analyzes the behavior of a computer and looks for any suspicious behavior in log files

Answer 10

Host Intrusion Prevention System (HIPS)

Question 11

is a passive device that monitors patterns in the behavior of a computer system. Uses a database that contains the setting for the computer including registry, critical file systems, application, Its function is to alert the user to any discrepancies or attacks

Answer 11

Host Intrusion Detection System (HIDS)

Question 12

can be used to prevent unauthorized access to the desktop and can set up permitted rules for approved applications

Answer 12

Host based Firewall

Question 13

cookies can be stolen by attackers to carry out a session hijacking attack; ensure cookies are only downloaded when there is a secure HTTPS session.

Answer 13

Secure Cookies

Question 14

controlling inputs to an application is vital to ensure that buffer overflow, integer overflow, ,and SQL injection attacks cannot be launched against applications and databases.—input validation occurs where data is entered either using a web page or wizard

Answer 14

Input Validation

Question 15

designed to transfer information from the host and the web server—attacker can carry out a cross site scripting attack and is delivered through injecting HTTP response headers—can be prevented by entering HTTP Strict Transport Security (HSTS) header

Answer 15

Hypertext Transfer Protocol (HTTP) headers

Question 16

allows you to digitally sign scripts and executables to verify their authenticity and to confirm they are genuine

Answer 16

Code Signing

Question 17

the code is not executed locally—use static code analyzer tool to check any flaws or weaknesses

Answer 17

Static Code Analyzers

Question 18

the code is run locally—use a technique called fuzzing where random input is inserted into the application to see what the output will be

Answer 18

Dynamic Code Analysis

Question 19

developer reads code line by line to ensure it is written properly and no errors

Answer 19

Manual Code Review

Question 20

put random information to see whether the application crashes or causes memory leaks or error information to be returned.—improper input validation

Answer 20

fuzzing

Question 21

used on computer systems to encrypt the whole hard drive as it holds data at rest

Answer 21

FDE

Question 22

______ chip is stored on the motherboard and is used to store encryption keys so that when the system boots, it can compare the keys to ensure no tampering

Answer 22

TPM

Question 23

when we use certificates for FDE, they use a hardware root of trust that verifies that the keys match before secure boot takes place.

Answer 23

Hardware Root of Trust

Question 24

solid state drives (SSDs) and are purchased already set to encrypt data at rest

Answer 24

Self Encryption Drives (SEDs)

Question 25

similar to TPM chips except it is removable. The key escrow uses HSM to store and manage private keys but smaller ones can be used for computer

Answer 25

Hardware Security Module (HSM)

Question 26

where we can install an application in a virtual environment isolated from our network so we can patch, test, and ensure that it is secure before putting it into a production environment

Answer 26

sandboxing

Question 27

comprised of small devices, such as ATMs, small robots, and wearable technologies , that can use an IP address and connect to internet capable devices
-smart devices
-home automation (lighting climate enterntainment alarm)
-wearable technology
-sensors
-weak defaults
-facilities automation

Answer 27

IoT

Question 28

both hardware and software combined in a single device—some devices will have updates but have no update mechanism making them vulnerable to attack
-rasberry pi

Answer 28

Embedded Systems

Question 29

systems are automated control systems consisting of multiple phases of production
-Energy
-Facilities
-Manufacturing
-Logistics
-Industrial

Answer 29

Supervisory Control and Data Acquisition (SCADA):

Question 30

used for water, telecommunications, health, chemicals, water supply, treatment

Answer 30

Industrial Control System (ICS

Question 31

2 models of the Software Development Life Cycle (SDLC

Answer 31

1. Waterfall–each stage is completed before thenext
2. Agile–several stages of development can occur simultaneously

Question 32

created to allow systems to be programmed to talk to one another

Answer 32

Application Programming Interface (API

Question 33

process of increasing resources when they are needed—cloud pay as you go model

Answer 33

Elasticity

Question 34

where an application can take more users than originally planned with little or no increase in cost

Answer 34

Scalability

Question 35

Application Lifecycle

Answer 35

1. Development
2. Testing
3. Staging
4. Production

Question 36

where two instructions from different threads try to access the same data at the same time.

Answer 36

Race Condition

Question 37

process where you take the source code and make it look obscure so that if it was stolen it would not be understood. ______ masks the source code so that it cannot be understood by competitors.

Answer 37

Obfuscation/Camouflage

Question 38

international not for profit organization that provides an up to date list of the most recent web application security concerns. Rely on donations

Answer 38

Open Web Application Security Project (OWASP)

Question 39

Incident Response Process

Answer 39

1. Preparation– incident response plans written and kept to date
2. Identification–appropriate plan is invoked when incident has occurred
3. Containment– isolate or quarantine computers
4. Eradication–destroy source
5. Recovery– RPO
6. Lessons Learned

Question 40

government sponsored company whose aim is to help prevent cyber attack
-Adversarial-behavior of potential attackers
-Tactics—medium by which the attack will be carried out
-Techniques—breakdown of the processes
-Common Knowledge—documentation relating to attackers tactics

Answer 40

MITRE ATT&CK Framework

Question 41

Cyber Kill Chain—developed by Lockheed Martin

Answer 41

1. Reconnaissance- calling employees, sending emails, social engineering, dumpster diving
2. Weaponization- create malware payload
3. Delivery- medium such as email, web page, usb
4. Exploitation- executing code via a vulnerability
5. Installation- installing malware on asset
6. Command and control- infected system sends back information to attacker
7. Action on objectives- hands on keyboard-attack complete

Question 42

getting the company back up and running so that it can generate income

Answer 42

Disaster Recovery Plan

Question 43

keep the business up and running no matter what disasters occur.

Answer 43

Business Continuity Plan

Question 44

4 phases of BCP

Answer 44

1. Initial Response
2. Relocation–hot warm site
3. Recovery
4. Site Resiliency

Question 45

site is up and running with staff loading data into the systems immediately as it is replicated. This is the most expensive to maintain but has fastest recovery

Answer 45

Hot site

Question 46

similar to hot site but data is sent by courier and maybe 3 to 4 hours behind hot site

Answer 46

Warm Site

Question 47

cheapest to maintain as it has its power and water but not staff or equipment making it the slowest to get back up and running. It has no Data

Answer 47

Cold Site

Question 48

documents with information on events and the necessary action that needs to be taken

Answer 48

Runbooks

Question 49

contain a set of rules and actions to enable the SOAR to identify incidents and take preventative action

Answer 49

Playbooks

Question 50

is the process when one part of the system fails but we have the ability to keep the system running

Answer 50

Redundancy

Question 51

uses minimum of 2 disks with a maximum of 32 disks—if one disk fails then all the data will be lost; primarily used when speed is the concern; situations such as transferring large files, like in video editing or gaming (RAID)

Answer 51

RAID 0 (striping)(fastest)

Question 52

2 disks, mirror set; fault tolerant, so if disk 1 should fail, you could activate disk 2; used when data redundancy and high reliability are crucial; employed for important data storage such as business files or critical system files

Answer 52

RAID 1 (mirroring)(5th fastest)

Question 53

minimum of 3 disks and is known as a stripe set with parity; used in environments where both speed and data protection are important; commonly employed in small to medium sized businesses for general purpose storage, file servers, or databases.

Answer 53

Raid 5: (striping with parity)(3rd fastest)

Question 54

has minimum of 4 disks; has double parity; typically used in scenarios where there is a higher risk of multiple drive failures, or when data integrity and fault tolerance are critical; utilized in large scale storage systems, enterprise level databases, or systems handling sensitive info.

Answer 54

Raid 6: (Double parity)(4th fastest)

Question 55

both mirroring and striping to protect data. It has a mirrored set that is then striped.; implemented in servers or systems that require high performance storage and fault tolerance;

Answer 55

Raid 10: (mirrored striping)(2nd fastest)

Question 56

normally used by a SAN storage solution where there is more than one network path between the SAN storage and the target server.

Answer 56

Multipath

Question 57

is basically a battery that is a standby device so that when the computer power fails, it kicks in

Answer 57

Uninterruptible Power Supply (UPS):

Question 58

most servers will have a ______ so that if the power unit fails, then the other power supply keeps the server running

Answer 58

Dual Supply

Question 59

managed ______ allows you to remotely connect and monitor the power.
Replication-method for the immediate transfer of data and virtual machines within a network

Answer 59

Managed Power Distribution Units (PDUs)

Question 60

is a hardware device that contains a large number of fast disks, such as Solid State Drives (SSDs) and is isolated from the LAN as it has its own network.

Answer 60

Storage Area Network (SAN)

Question 61

is a backup of all your data. This is the *fastest physical backup but uses the most storage space

Answer 61

Full Backup

Question 62

backs up the data since the last full back up or incremental backup. Uses less storage space than full backup and differential

Answer 62

Incremental

Question 63

will backup the data since the last full backup. This will always be two tapes—the full back up from the start and the latest differential. It uses more space than incremental but less than full backup.

Answer 63

Differential

Question 64

Paper Data Destruction

Answer 64

-Burn: incinerator

-Pulping: if burning is not available pulping turns the data into paper mache, is the best option.

-shredding: third best way of disposing of data; a cross cut shredder is best

Question 65

Media Data Destruction

Answer 65

-shredding: shred a metal hard drive into powder—best method

• pulverizing: sledge hammer and smash into small pieces

-Degaussing: this is where an electrical charge is sent across the drive

Question 66

when the computer system becomes corrupt, and you can roll it back to a former state.

Answer 66

Non-persistence

Question 67

you can save the system state and systems settings to removable media. If the computer is corrupt then you can repair the computer and then insert the media and revert system state data

Answer 67

Revert to Known State

Question 68

this is where the system has recorded the configuration state as you log in. This can be reverted to a later stage

Answer 68

Last Known good Configuration

Question 69

a copy of the operating system is saved to a USB flash drive or DVD. Then you will be able to boot from the removable media.

Answer 69

Live boot media