Chapter 5

Question 1

Least Functionality

Answer 1

A core principle of secure systems design

Systems should be deployed with only the applications, services, and protocols needed to meet their purpose

Question 2

Trusted Operating System

Answer 2

An operating system that is configured to meet a set of security requirements

It ensures that only authorized personnel can access data based on their permissions

Question 3

Patch Management

Answer 3

The process used to keep systems up to date with current patches

It typically includes evaluating and testing patches before deploying them

Question 4

Change Management

Answer 4

The process used to prevent unauthorized changes

Unauthorized changes often result in unintended outages

Question 5

Application whitelist

Answer 5

A list of application that a system allows

Users are only able to install or run applications on the list

Question 6

Application Blacklist

Answer 6

A list of applications that a system blocks

Users are unable to install or run any applications on the list

Question 7

Sandboxing

Answer 7

The use of an isolated area on a system, typically for testing

Virtual machines are often used to test patches in an isolated sandbox

Application developers sometimes use the chroot command to change the root directory crating a sandbox

Question 8

Chroot

Answer 8

A Linux command used to change the root directory

It is often used for sandboxing

Question 9

EMI

Answer 9

Electromagnetic interference is an interference caused by motors, power lines, and fluorescent lights

EMI shielding prevents outside interference sources from corrupting data and prevents data from emanating outside the cable

Question 10

EMP

Answer 10

Electromagnetic Pulse is a short burst of energy that can potentially damage electronic equipment

It can result from electrostatic discharge (ESD), lightning, and military weapons

Question 11

FDE

Answer 11

Full disk encryption is a method to encrypt an entire disk

Compared with SED

Question 12

SED

Answer 12

Self-encrypting drive is a device that includes he hardware and software necessary to encrypt a hard drive

Users typically enter credentials to decrypt and use the drive

Question 13

BIOS

Answer 13

Basic Input/Output System is a computers firmware used to manipulate different settings such as the date and time, boot drive, and access password

UEFI is the designated replacement for BIOS

Question 14

UEFI

Answer 14

Unified Extensible Firmware Interface is a method used to boot some systems and intended to replace BIOS firmware

Question 15

TPM

Answer 15

Trusted Platform Module is a hardware chip on the motherboard included with many laptops and some mobile devices

It provides full disk encryption

Compare with HSM

Question 16

Secure Boot

Answer 16

A process that checks and validates system files during the boot process

A TPM typically uses a secure boot process

Question 17

Attestation

Answer 17

A process that checks and validates system files during the boot process

TPMs sometimes used remote attestation, sending a report to a remote system for attestation

Question 18

Hardware Root of Trust

Answer 18

A known secure starting point

TPMs have a private key burned into the hardware that provides a hardware root of trust

Question 19

HSM

Answer 19

Hardware security module is a removable or external device that van generate, store, and manage RSA keys used in asymmetric encryption

Compare wirh TPM

Question 20

SaaS

Answer 20

Software as a Service is a cloud computing model that provides applications over the internet

Webmail is an example of a cloud based technology

Compare with IaaS and PaaS

Question 21

PaaS

Answer 21

Platform as a Service is a cloud computing model that provides cloud customers with a preconfigured computing platform they can use as needed

Compare with IaaS and SaaS

Question 22

IaaS

Answer 22

Infrastructure as a service is a cloud computing model that allows an organization to rent access to hardware in a self-managed platform

Compare with PaaS and SaaS

Question 23

CASB

Answer 23

Filler

Question 24

Cloud Deployment models

Answer 24

Cloud model types that identify who has access to cloud resources

Public clouds are for any organization

Private clouds are for a single organization

Community clouds are shared among community organizations

A hybrid cloud is a combination of two or more clouds

Question 25

MDM

Answer 25

Mobile device management is a group of applications and/or technologies used to manage mobile devices

MDM tools can monitor mobile devices and ensure they ate in compliance with security policies

Question 26

Application Management

Answer 26

Filler

Question 27

Full Device Encryption

Answer 27

Filler

Question 28

Storage Segmentation

Answer 28

A method used to isolate data on mobile devices

It allows personal data to be stored in one location and encrypted corporate data to be stored elsewhere

Question 29

Content management

Answer 29

Filler

Question 30

Containerization

Answer 30

A method used to isolate applications in mobile devices

It isolates and protects the application, including any data used by the application

Question 31

Passwords and PINs

Answer 31

Filler

Question 32

Biometrics

Answer 32

Filler

Question 33

Screen Locks

Answer 33

Filler

Question 34

Remote Wipe

Answer 34

The process of sending a signal to a remote device to erase all data

It is useful when a mobile device is lost or stolen

Question 35

Geolocation

Answer 35

The location of a device identified by GPS

It can help locate a lost or stolen mobile device

Question 36

Geofencing

Answer 36

A virtual fence or geographic boundary

It uses GPS to create the boundary

Apps can then respond when a mobile device is within the virtual fence

Question 37

GPS Tagging

Answer 37

A process of adding geographical data to files such as pictures

It typically includes latitude and longitude coordinates of the location where the picture was taken or the file was created

Question 38

Context-Aware

Answer 38

An authentication method using multiple elements to authenticate a user and a mobile device

It can include identity, geolocation, the device type, and more

Question 39

Push Notification Services

Answer 39

The services that messages to mobile devices

Question 40

Third Party App Store

Answer 40

An app store other than the primary source for mobile device apps

It refers to an app store other than the App Store or Google Play for Apple and Android devices, respectively

Question 41

Jailbreaking

Answer 41

The process of modifying an Apple mobile device to remove software restrictions

It allows a user to install software from any third-party source

Compare with rooting

Question 42

Rooting

Answer 42

The process of modifying an Android device, giving the user root-level, or administrator, access

Compare with Jailbreaking

Question 43

Firmware OTA Updates

Answer 43

Over-the-air updates for mobile device firmware that keep them up to date

These are typically downloaded to the device from the Internet and applied to update the device

Question 44

Custom Firmware

Answer 44

Mobile device firmware other than the firmware provided with the device

People sometimes use custom firmware to root Android devices

Question 45

Sideloading

Answer 45

The process of copying an application package to a mobile device

It is useful for developers when testing apps, but can be risky if users sideload unauthorized apps to their device

Question 46

SMS

Answer 46

Short Message Service is a basic text messaging service

Compare with MS

Question 47

MMS

Answer 47

Multimedia Messaging Service is a method used to send text messages

It is an extension of SMS and supports sending multimedia content

Question 48

USB OTG

Answer 48

Universal Serial Bus On-The-Go is a cable used to connect mobile devises to other devices

It is one of many methods that you can use to connect a mobile device to external media

Question 49

Tethering

Answer 49

The process of sharing an Internet connection from one mobile device to another

Question 50

Wi-Fi Direct

Answer 50

A standard that allows devices to connect without a wireless access point

Question 51

Carrier Unlocking

Answer 51

The process of unlocking a mobile phone from a specific cellular provider

Question 52

Embedded System

Answer 52

Any device that has a dedicated function and uses a computer system to perform that function

It includes a CPU, an operating system, and one or more applications

Question 53

IoT

Answer 53

Internet of things is the network of physical devices connected to the Internet

It typically refers to smart devices with an IP address, such as wearable technology and home automation systems

Question 54

Wearable Technology

Answer 54

Smart devices that a person can wear or have implanted

Question 55

Home Automation

Answer 55

Smart devices used within the home that have IP addresses

These are typically accessible via the Internet and are part of the Internet of things (IoT)

Question 56

SoC

Answer 56

System on a chip is an integrated circuit that includes a computing system within the hardware

Many mobile devices include an S0C

Question 57

ICS

Answer 57

Industrial control system is a system that controls large systems such as power plants or water treatment facilities

A SCADA system controls the ICS

Question 58

SCADA

Answer 58

Supervisory control and data acquisition is a system used to control an ICS such as power plant or water treatment facility

Ideally, a SCADA is within an isolated network

Question 59

RTOS

Answer 59

Real-time operating system is an operating system that reacts to input within a specific time

Many embedded systems include an RTOS

Question 60

HVAC

Answer 60

Heating, ventilation, and air conditioning is a physical security control that increases availability by regulating airflow within data centers and server rooms

Question 61

UAVs

Answer 61

Unmanned aerial vehicles are flying vehicles piloted by remote control or onboard computers

Question 62

EFS

Answer 62

Filler

Question 63

NTFS

Answer 63

Filler

Question 64

ACLs

Answer 64

Access control lists are lists of rules used by routers and stateless firewalls

These devices use the ACL to control traffic based on networks, subnets, IP addresses, ports, and some protocols

Question 65

GPG

Answer 65

Filler

Question 66

Linux Permissions

Answer 66

Filler

Question 67

Windows Permissions

Answer 67

Filler

Question 68

DLP

Answer 68

Data loss prevention is a group of technologies used to prevent data loss

They can block the use of the USB devices, monitor outgoing email to detect and block unauthorized data transfers, and monitor data stored in the cloud

Question 69

Data Exfiltration

Answer 69

The unauthorized transfer of data outside an organization