Chapter 18 Flashcards
APT
Advanced Persistent Threat
DLP
Data Loss Prevention
EDR
Endpoint Detection Response
FDE
Full Disk Encryption
HIDS
Host-based Intrusion Detection System
HIPS
Host-based Intrusion Prevention System
HSTS
HTTP Strict Transport Security
Malware is short for
Malicious Software
NGFW
Next Generation Fire Wall
PCR
Platform Configuration Registers
SDLM
Software Development Lifecycle Methodology
SED
Self-Encrypting Drive
SP in Windows SP means
Service Pack
TPM
Trusted Platform Module
UEFI
Unified Extensible Firmware Interface
UEM
Unified Endpoint Management
UTM
Unified Threat Management
A secure mechanism to verify the integrity of an IoT gateway during boot time.
Boot Attestation
What is the purpose of HIDS?
To detect undesired elements in network traffic to and from the host.
What is the purpose of a HIPS?
To detect undesired elements in network traffic but also protect the network from the malicious activity.
Served to prevent sensitive data from leaving the network without notice.
Data Loss Prevention
Ensures that a device boots using only software that is trusted by the Original Equipment Manufacturer.
Secure Boot.
Process of adding random strings of characters to passwords in a database or each password before they are hashed to make them more secure.
Salting.
A software application made by Microsoft used to scan, detect, and remove viruses, spyware, and malware.
Windows Defender
A free open source utility for network discovery and security auditing.
NMap.
An open source GUI which aims to make NMap easier for beginners.
ZenMap
Services are accessed using what two ports?
TCP and UDP
Small blocks of data created by a web server while a user is browsing a website and placed on the user’s computer or other device.
Cookie
A physical or embedded security technology that resides on a computer’s motherboard or processor.
TPM (Trusted Platform Module)
The process of testing input received by an application for compliance against a standard defined within the application.
Input Validation
What are allow and deny lists?
An allow list is a list of approved applications. A block/deny list is a list of applications that should not be allowed to run.
A directive that declares browsers should only interact via HTTPS, never HTTP, with a max time of 3600 seconds.
HSTS [HTTP Strict Transport Security]
What is the purpose of input validation?
To validate data input by the user, and repeat the request for the data in the case where input of the user is not valid.
A source that can always be trusted within a cryptographic system.
Hardware Root of Trust
Hardware based standard that is used for applying hardware-based encryption to mass storage devices.
Opal
What is the challenge in allow listing?
The number of potential applications that are run on a typical machine.
What host-based firewall is included in Windows OS?
Windows Defender Firewall
A physical device that connects to a computer network and exchanges data or commands with other devices.
Endpoint
The quarantine or isolation of a system from its surroundings.
Sandboxing
Two other server operating systems other than Windows.
Linux and VM/Hypervisor
What’s the purpose of hotfixes, patching, and service packs?
To make sure the software and hardware of a system is up to date on the latest updates to better keep them secured and working efficiently.
What are FDE and SDE?
Methods of implementing encryption on hard drives.
What is the difference between Heuristic-scanning and signature-scanning?
Heuristic scanning looks for specific commands or instructions that would not typically be found in an application, signature scanning uses a virus dictionary to look for malware and viruses.
What is the purpose of a security appliance?
To keep a system protected from malicious activity.
Why does encryption and obfuscation pose problems for anti-malware?
If a virus or malware is encrypted then the antimalware won’t be able to find it in its signature dictionary.
What code has weaknesses and vulnerabilities?
All code.
How Root of Trust applies to UEFI
To ensure that a known, certified boot loader is used to load the next stage loader/manager or O/S kernel.
Why would a security specialist run Netstat?
To have a statistics of all active connections in a system, making it easier to monitor and identify problems.
A repository of all information related to configurations.
Registry
What are hive keys?
Keys use to access the registry.
In what three ways can antimalware resolve malware issues?
Quarantine, Remove, and block.
How often are new security advisories released?
Once a week, every monday.
What does high-level software mean?
Applications close to user level.
What is MITRE and OWASP?
Websites that list all known software exploits and vulnerabilities.
