Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Comptia Security+ > Chapter 4: OS Hardening and Virtualization > Flashcards

Chapter 4: OS Hardening and Virtualization Flashcards

y333

1
Q

Concept of Least Functionality

A
  • Restrict and remove any functionality not required for operation
    - NIST CM-7 control procedures
    - Target features
    > Applications
    > Ports
    > Services (daemons)
    - Consider backwards compatibility when removing obsolete applications
    - SCCM (System Center Configuration Manager) for multiple machines
    - Application blacklisting / whitelisting
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Patch Management

A
  • Process of planning, testing, implementing and auditing patches
    > Planning : Deciding which patches are required
    Checking Compatibility
    Plan how the patch will be tested / deployed
    > Testing : Test the patch on one machine / small system
    > Implement : Patch deployment to all machines
    Use SCCM or other centralized management system
    > Auditing : Confirm patch is live on system
    Check for any failures or changes due to the patch
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Hardening File Systems and Hard Drives

A

a) Use a secure file system
> NTFS for Windows, allows encryption, ACLs, logging
Use chkdsk and convert commands
> ext4 for Linux
Use fdisk –l or df –T
b) Hide important files (System files, personal etc)
c) Manage hard drives
> Delete temp files
> Periodically verify system files integrity
> Defrag hard drives
> Backup data
> Restore points
> Whole disk encryption
> Separate OS system and personal data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Virtualization

A

VM(Virtual Machines) and VDE(Virtual Desktop Environment)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

VM Categories

A
  1. System virtual machine : Runs an entire OS

2. Process virtual machine : Runs a single application (browser)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Other forms of virtualization

A

> VPN (Virtual Private Network)
> VDI (Virtual Desktop Infrastructure)
> VLAN (Virtual Local Area Network)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Hypervisor

A

(Virtual Machine Manager)

- Allows multiple virtual OS to run concurrently

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Type 1 vs Type 2 Hypervisor

A
  • Type 1 - Native
    > Runs directly on host hardware
    > Flexible and efficient
    > Strict hardware/software restrictions, less common
    - Type 2 – Hosted
    > One level removed from host hardware
    > More available to most OS and hardware
    > Resource intensive
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Application Containerization

A
  • Runs distributed applications w/o running an entire VM

- Efficient but less secure

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Securing Virtual Machines

A

Generally equivalent to securing regular OS, but with little more work
1. Update virtual machine software (e.g. VirtualBox)
2. Be wary of VM-VM and VM-host network connections
3. Protect NAS and SAN from virtual hosts
4. Disable unnecessary USB and external ports on VMs
5. Alter boot priority for virtual BIOS
6. Limit and monitor VM resource usage to prevent DOS attacks
7. Protect raw virtual machine image
> Snapshots, Encryption, Access permission and signatures

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Virtualization Sprawl

A

When there are too many VMs to manage at once

> Employ a VMLM (Virtual Machine Lifecycle Management) tool

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

Comptia Security+ (4 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions