Chapter 4: Endpoint And Application Development Security

Question 1

A metric of the upper and lower bounds of specific indicators of normal network activity

Answer 1

Key Risk Indicators (KRIs)

Question 2

An indicator that malicious activity is occurring but is still in the early stages

Answer 2

Indicator of compromise (IOC)

Question 3

An evaluation used for discovering an attack before it occurs

Answer 3

Predictive analysis

Question 4

Anything that can be used freely without restrictions

Answer 4

Open source

Question 5

A repository by which open source cybersecurity information is collected and disseminated

Answer 5

Public information sharing centers

Question 6

Four CISCP privacy protection umbrellas include …

Answer 6

1. Cybersecurity Information Sharing Act (CISA)
2. Freedom of Information Act (FOIA)
3. Traffic-Light Protocol (TLP)
4. Protected Critical Infrastructure Information (PCII)

Question 7

A technology that enables the exchange of cyber threat indicators between parties through computer-to-computer communication

Answer 7

Automated Indicator Sharing (AIS)

Question 8

A language and format used to exchange cyber threat intelligence

Answer 8

Structured Threat Information Expression (STIX)

Question 9

An application protocol for exchanging cyber threat intelligence over Hypertext Transfer Protocol Secure (HTTPS)

Answer 9

Trusted Automated Exchange of Intelligence (TAXII)

Question 10

Proprietary information owned by an entity that has an exclusive right to it

Answer 10

Closed source

Question 11

Organizations participating in closed source information that restrict both access to data and participation

Answer 11

Private information sharing centers

Question 12

A repository of known vulnerabilities and information as to how they have been exploited

Answer 12

Vulnerability database

Question 13

An illustration of cyber threats overlaid on a diagrammatic representation of a geographical area

Answer 13

Threat map

Question 14

A storage area in which victims of an attack can upload malicious files and software code that can then be examined by others to learn more about these attacks and craft their defenses

Answer 14

File and code repositories

Question 15

Part of the internet beyond the reach of normal search engines and is the domain of threat actors

Answer 15

Dark web

Question 16

Securing endpoint computers primarily involves three tasks, including …

Answer 16

1. Confirming that the computer had started safely
2. Protecting the computer from attacks
3. Hardening the computer for even greater protection

Question 17

An improved firmware interface developed to replace the BIOS

Answer 17

Unified Extensible Firmware Interface (UEFI)

Question 18

When each element in the boot process relies on the confirmation of the previous element to know that the entire process is secure

Answer 18

Chain of trust

Question 19

Security checks that begin with hardware checks

Answer 19

Hardware root of trust

Question 20

The process of determining that the boot process is valid

Answer 20

Boot atteststion

Question 21

A boot security mode where the computer’s firmware logs the boot process so the OS can send it to a trusted server to assess the security

Answer 21

Measured Boot

Question 22

Software that can examine a computer for file-based virus infections as well as monitor computer activity and scan new documents that might contain a virus

Answer 22

Antivirus

Question 23

A suite of software intended to provide prophecy ions against multiple types of malware, such as ransomware, cryptomalware, Trojans, and other malware

Answer 23

Antimalware

Question 24

A protocol that forgets everything that occurs between browser client and the server

Answer 24

Stateless protocol

Question 25

A protocol that remembers everything that occurs between browser client and the server

Answer 25

Stateful protocol

Question 26

A cookie that is only sent to the server with an encrypted request over the secure HTTPS protocol

Answer 26

Secure cookie

Question 27

A header that can inform the browser how to function while communicating with the website

Answer 27

HTTP Response Header

Question 28

A software-based application that runs on an endpoint computer and can detect that an attack has occurred

Answer 28

Host Intrusion Detection Systems (HIDS)

Question 29

Robust tools that monitor endpoint events and take immediate action

Answer 29

Endpoint detection and response (EDR)

Question 30

Software that monitors endpoint activity to immediately block a malicious attack by following specific rules

Answer 30

Host Intrusion Detection Systems

Question 31

Patch updates for application and utility software

Answer 31

Third-party updates

Question 32

The automatic download and installation of patches as they become available

Answer 32

Auto-update

Question 33

Turning off any service that is not being used and closing any unnecessary TCP ports to enhance security

Answer 33

Disabling unnecessary ports and services

Question 34

A database that contains low-level settings used by the Windows OS and for those applications that elect to use it

Answer 34

Registry

Question 35

Requiring pre approval for an application to run or not run

Answer 35

Application whitelisting and blacklisting

Question 36

Approving in advance only specific applications to run on the OS so that any item not approved is either restricted or denied

Answer 36

Whitelisting

Question 37

Creating a list of unapproved software so that any item not on the list can run

Answer 37

Blacklisting

Question 38

A “container” in which an application can be run so that it does not impact the underlying OS

Answer 38

Sandbox

Question 39

The process that holds a suspicious document, most commonly used with email attachments

Answer 39

Quarantine