Chapter 11: Managing Application Security Flashcards

1
Q

modern version of the Basic Input Output System (BIOS) is more secure and is needed for a secure boot of the OS. The older BIOS cannot provide secure boot.

A

Unified Extensible Firmware Interface (UEFI)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

in a windows computer, the early launch anti malware tests that all drivers that are being loaded are signed and prevents rogue drivers from loading

A

Early Launch Anti Malware

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

this was first adopted with Windows 8 where all components from the firmware are up to the applications and software measured and stores this information in a log file—log file is stored in the Trusted Platform Module (TPM) chip

A

Measured Boot

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

using an FDE such as BitLocker

A

Secure Boot and Attestation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

monitors websites that are being visited and the files that are being downloaded to ensure they are not infected by viruses or trojans

A

Antivirus

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

scans computer for adware and spyware and prevents malicious software from running

A

Anti Malware

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

advanced solution that is better than anti virus or anti malware. It is a centralized console that continuously monitors the computer and makes alerts when a threat has been detected

A

Endpoint Detection and Response (EDR)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

an endpoint DLP solution can be setup so that it can protect data on your computer from being stolen by using email or USB drive.

A

Data Loss Prevention (DLP)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

more than a traditional firewall. It can act as a stateful firewall by carrying out deep packet filtering. It can also inspect application traffic to ensure that it is legitimate and use whitelisting to ensure that only approved applications are allowed to run.

A

Next Generation Firewall (NGFW)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

software program that can be installed on a host to protect it against attack. It analyzes the behavior of a computer and looks for any suspicious behavior in log files

A

Host Intrusion Prevention System (HIPS)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

is a passive device that monitors patterns in the behavior of a computer system. Uses a database that contains the setting for the computer including registry, critical file systems, application, Its function is to alert the user to any discrepancies or attacks

A

Host Intrusion Detection System (HIDS)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

can be used to prevent unauthorized access to the desktop and can set up permitted rules for approved applications

A

Host based Firewall

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

cookies can be stolen by attackers to carry out a session hijacking attack; ensure cookies are only downloaded when there is a secure HTTPS session.

A

Secure Cookies

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

controlling inputs to an application is vital to ensure that buffer overflow, integer overflow, ,and SQL injection attacks cannot be launched against applications and databases.—input validation occurs where data is entered either using a web page or wizard

A

Input Validation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

designed to transfer information from the host and the web server—attacker can carry out a cross site scripting attack and is delivered through injecting HTTP response headers—can be prevented by entering HTTP Strict Transport Security (HSTS) header

A

Hypertext Transfer Protocol (HTTP) headers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

allows you to digitally sign scripts and executables to verify their authenticity and to confirm they are genuine

A

Code Signing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

the code is not executed locally—use static code analyzer tool to check any flaws or weaknesses

A

Static Code Analyzers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

the code is run locally—use a technique called fuzzing where random input is inserted into the application to see what the output will be

A

Dynamic Code Analysis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

developer reads code line by line to ensure it is written properly and no errors

A

Manual Code Review

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

put random information to see whether the application crashes or causes memory leaks or error information to be returned.—improper input validation

A

fuzzing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

used on computer systems to encrypt the whole hard drive as it holds data at rest

A

FDE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

______ chip is stored on the motherboard and is used to store encryption keys so that when the system boots, it can compare the keys to ensure no tampering

A

TPM

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

when we use certificates for FDE, they use a hardware root of trust that verifies that the keys match before secure boot takes place.

A

Hardware Root of Trust

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

solid state drives (SSDs) and are purchased already set to encrypt data at rest

A

Self Encryption Drives (SEDs)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

similar to TPM chips except it is removable. The key escrow uses HSM to store and manage private keys but smaller ones can be used for computer

A

Hardware Security Module (HSM)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

where we can install an application in a virtual environment isolated from our network so we can patch, test, and ensure that it is secure before putting it into a production environment

A

sandboxing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

comprised of small devices, such as ATMs, small robots, and wearable technologies , that can use an IP address and connect to internet capable devices
-smart devices
-home automation (lighting climate enterntainment alarm)
-wearable technology
-sensors
-weak defaults
-facilities automation

A

IoT

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

both hardware and software combined in a single device—some devices will have updates but have no update mechanism making them vulnerable to attack
-rasberry pi

A

Embedded Systems

29
Q

systems are automated control systems consisting of multiple phases of production
-Energy
-Facilities
-Manufacturing
-Logistics
-Industrial

A

Supervisory Control and Data Acquisition (SCADA):

30
Q

used for water, telecommunications, health, chemicals, water supply, treatment

A

Industrial Control System (ICS

31
Q

2 models of the Software Development Life Cycle (SDLC

A
  1. Waterfall–each stage is completed before thenext
  2. Agile–several stages of development can occur simultaneously
32
Q

created to allow systems to be programmed to talk to one another

A

Application Programming Interface (API

33
Q

process of increasing resources when they are needed—cloud pay as you go model

A

Elasticity

34
Q

where an application can take more users than originally planned with little or no increase in cost

A

Scalability

35
Q

Application Lifecycle

A
  1. Development
  2. Testing
  3. Staging
  4. Production
36
Q

where two instructions from different threads try to access the same data at the same time.

A

Race Condition

37
Q

process where you take the source code and make it look obscure so that if it was stolen it would not be understood. ______ masks the source code so that it cannot be understood by competitors.

A

Obfuscation/Camouflage

38
Q

international not for profit organization that provides an up to date list of the most recent web application security concerns. Rely on donations

A

Open Web Application Security Project (OWASP)

39
Q

Incident Response Process

A
  1. Preparation– incident response plans written and kept to date
  2. Identification–appropriate plan is invoked when incident has occurred
  3. Containment– isolate or quarantine computers
  4. Eradication–destroy source
  5. Recovery– RPO
  6. Lessons Learned
40
Q

government sponsored company whose aim is to help prevent cyber attack
-Adversarial-behavior of potential attackers
-Tactics—medium by which the attack will be carried out
-Techniques—breakdown of the processes
-Common Knowledge—documentation relating to attackers tactics

A

MITRE ATT&CK Framework

41
Q

Cyber Kill Chain—developed by Lockheed Martin

A
  1. Reconnaissance- calling employees, sending emails, social engineering, dumpster diving
  2. Weaponization- create malware payload
  3. Delivery- medium such as email, web page, usb
  4. Exploitation- executing code via a vulnerability
  5. Installation- installing malware on asset
  6. Command and control- infected system sends back information to attacker
  7. Action on objectives- hands on keyboard-attack complete
42
Q

getting the company back up and running so that it can generate income

A

Disaster Recovery Plan

43
Q

keep the business up and running no matter what disasters occur.

A

Business Continuity Plan

44
Q

4 phases of BCP

A
  1. Initial Response
  2. Relocation–hot warm site
  3. Recovery
  4. Site Resiliency
45
Q

site is up and running with staff loading data into the systems immediately as it is replicated. This is the most expensive to maintain but has fastest recovery

A

Hot site

46
Q

similar to hot site but data is sent by courier and maybe 3 to 4 hours behind hot site

A

Warm Site

47
Q

cheapest to maintain as it has its power and water but not staff or equipment making it the slowest to get back up and running. It has no Data

A

Cold Site

48
Q

documents with information on events and the necessary action that needs to be taken

A

Runbooks

49
Q

contain a set of rules and actions to enable the SOAR to identify incidents and take preventative action

A

Playbooks

50
Q

is the process when one part of the system fails but we have the ability to keep the system running

A

Redundancy

51
Q

uses minimum of 2 disks with a maximum of 32 disks—if one disk fails then all the data will be lost; primarily used when speed is the concern; situations such as transferring large files, like in video editing or gaming (RAID)

A

RAID 0 (striping)(fastest)

52
Q

2 disks, mirror set; fault tolerant, so if disk 1 should fail, you could activate disk 2; used when data redundancy and high reliability are crucial; employed for important data storage such as business files or critical system files

A

RAID 1 (mirroring)(5th fastest)

53
Q

minimum of 3 disks and is known as a stripe set with parity; used in environments where both speed and data protection are important; commonly employed in small to medium sized businesses for general purpose storage, file servers, or databases.

A

Raid 5: (striping with parity)(3rd fastest)

54
Q

has minimum of 4 disks; has double parity; typically used in scenarios where there is a higher risk of multiple drive failures, or when data integrity and fault tolerance are critical; utilized in large scale storage systems, enterprise level databases, or systems handling sensitive info.

A

Raid 6: (Double parity)(4th fastest)

55
Q

both mirroring and striping to protect data. It has a mirrored set that is then striped.; implemented in servers or systems that require high performance storage and fault tolerance;

A

Raid 10: (mirrored striping)(2nd fastest)

56
Q

normally used by a SAN storage solution where there is more than one network path between the SAN storage and the target server.

A

Multipath

57
Q

is basically a battery that is a standby device so that when the computer power fails, it kicks in

A

Uninterruptible Power Supply (UPS):

58
Q

most servers will have a ______ so that if the power unit fails, then the other power supply keeps the server running

A

Dual Supply

59
Q

managed ______ allows you to remotely connect and monitor the power.
Replication-method for the immediate transfer of data and virtual machines within a network

A

Managed Power Distribution Units (PDUs)

60
Q

is a hardware device that contains a large number of fast disks, such as Solid State Drives (SSDs) and is isolated from the LAN as it has its own network.

A

Storage Area Network (SAN)

61
Q

is a backup of all your data. This is the *fastest physical backup but uses the most storage space

A

Full Backup

62
Q

backs up the data since the last full back up or incremental backup. Uses less storage space than full backup and differential

A

Incremental

63
Q

will backup the data since the last full backup. This will always be two tapes—the full back up from the start and the latest differential. It uses more space than incremental but less than full backup.

A

Differential

64
Q

Paper Data Destruction

A

-Burn: incinerator

-Pulping: if burning is not available pulping turns the data into paper mache, is the best option.

-shredding: third best way of disposing of data; a cross cut shredder is best

65
Q

Media Data Destruction

A

-shredding: shred a metal hard drive into powder—best method

  • pulverizing: sledge hammer and smash into small pieces

-Degaussing: this is where an electrical charge is sent across the drive

66
Q

when the computer system becomes corrupt, and you can roll it back to a former state.

A

Non-persistence

67
Q

you can save the system state and systems settings to removable media. If the computer is corrupt then you can repair the computer and then insert the media and revert system state data

A

Revert to Known State

68
Q

this is where the system has recorded the configuration state as you log in. This can be reverted to a later stage

A

Last Known good Configuration

69
Q

a copy of the operating system is saved to a USB flash drive or DVD. Then you will be able to boot from the removable media.

A

Live boot media