Chapter 5 Securing Host and Data Flashcards

1
Q

Least functionality is a core secure system design principle. It states that systems should be deployed with only the applications, services, and protocols they need to function.

A

A trusted operating system meets a set of predetermined requirements such as those defined in the Common Criteria. It typically uses the mandatory access control (MAC) model.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

A master image provides a secure starting point for systems. Master images are typically created with templates or other baselines to provide a secure starting point for systems. Integrity measurement tools detect when a system deviates from the baseline.

A

Patch management procedures ensure operating systems and applications are kept up to date with current patches. This ensures they are protected against known vulnerabilities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Change management policies define the process for making changes and help reduce unintended outages from changes.

A

Application whitelisting allows authorized software to run, but blocks all other software. Application blacklisting blocks unauthorized software, but allows other software to run.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Sandboxing provides a high level of flexibility for testing security controls and testing patches. You can create sandboxes in virtual machines (VMs) and with the chroot command on Linux systems.

A

Electromagnetic interference (EMI) comes from sources such as motors, power lines, and fluorescent lights and can be prevented with shielding.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Electromagnetic pulse (EMP) is a short burst of electromagnetic energy. Mild forms such as electrostatic discharge and lightning can be prevented but EMP damage from military weapons may not be preventable.

A

Full disk encryption (FDE) encrypts an entire disk. A self-encrypting drive (SED) includes the hardware and software necessary to automatically encrypt a drive.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

A Trusted Platform Module (TPM) is a chip included with many laptops and some mobile devices and it provides full disk encryption, a secure boot process, and supports remote attestation. TPMs have an encryption key burned into them that provides a hardware root of trust.

A

A hardware security module (HSM) is a removable or external device used for encryption. An HSM generates and stores RSA encryption keys and can be integrated with servers to provide hardware-based encryption.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Cloud computing provides an organization with additional resources. Most cloud services are provided via the Internet or a hosting provider. On-premise clouds are owned and maintained by an organization.

A

Software as a Service (SaaS) includes web-based applications such as web-based email.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Infrastructure as a Service (IaaS) provides hardware resources via the cloud. It can help an organization limit the size of their hardware footprint and reduce personnel costs.

A

Platform as a Service (PaaS) provides an easy-to-configure operating system and on-demand computing for customers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

A cloud access security broker (CASB) is a software tool or service deployed between an organization’s network and the cloud provider. It monitors all network traffic and can enforce security policies acting as Security as a Service.

A

Private clouds are only available for a specific organization. Public cloud services are provided by third-party companies and available to anyone. A community cloud is shared by multiple organizations. A hybrid cloud is a combination of two or more clouds.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Mobile devices include smartphones and tablets and run a mobile operating system.

A

Corporate-owned, personally enabled (COPE) mobile devices are owned by the organization, but employees can use them for personal reasons.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Bring your own device (BYOD) policies allow employees to connect their mobile device to the organization’s network. Choose your own device (CYOD) policies include a list of acceptable devices and allow employees with one of these devices to connect them to the network.

A

A virtual desktop infrastructure (VDI) is a virtual desktop and these can be created so that users can access them from a mobile device.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Mobile devices can connect to the Internet, networks, and other devices using cellular, wireless, satellite, Bluetooth, near field communication (NFC), ANT, infrared, and USB connections.

A

Mobile device management (MDM) tools help ensure that devices meet minimum security requirements. They can monitor devices, enforce security policies, and block network access if devices do not meet these requirements.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

MDM tools can restrict applications on devices, segment and encrypt data, enforce strong authentication methods, and implement security methods such as screen locks and remote wipe.

A

A screen lock is like a password-protected screen saver on desktop systems that automatically locks the device after a period of time. A remote wipe signal removes all the data from a lost phone.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Geolocation uses Global Positioning System (GPS) to identify a device’s location. Geofencing uses GPS to create a virtual fence or geographic boundary. Organizations use geofencing to enable access to services or devices when they are within the boundary, and block access when they are outside of the boundary.

A

Geotagging uses GPS to add geographical information to files (such as pictures) when posting them on social media sites.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

A third-party app store is something other than the primary store for a mobile device. Apple’s App Store is the primary store for Apple devices. Google Play is a primary store for Android devices.

A

Jailbreaking removes all software restrictions on Apple devices. Rooting provides users with root-level access to an Android device. Custom firmware can also root an Android device. MDM tools block network access for jailbroken or rooted devices.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

A Universal Serial Bus On-The-Go (USB OTG) cable allows you to connect mobile devices.

A

Sideloading is the process of copying an application to an Android device instead of installing it from an online store.

17
Q

Tethering allows one mobile device to share its Internet connection with other devices. Wi-Fi Direct allows you to connect devices together without a wireless router.

A

An embedded system is any device that has a dedicated function and uses a computer system to perform that function. A security challenge with embedded systems is keeping them up to date.

18
Q

Embedded systems include smart devices sometimes called the Internet of things (IoT), such as wearable technology and home automation devices.

A

A system on a chip (SoC) is an integrated circuit that includes a full computing system.

19
Q

A supervisory control and data acquisition (SCADA) system controls an industrial control system (ICS). The ICS is used in large facilities such as power plants or water treatment facilities. SCADA and ICS systems are typically in isolated networks without access to the Internet, and are sometimes protected by network intrusion prevention systems (NIPSs).

A

A real-time operating system (RTOS) is an operating system that reacts to input within a specific time.

20
Q

Embedded systems are found in many common and special-purpose devices. This includes multi-function devices (MFDs), such as printers; heating, ventilation, and air conditioning (HVAC) systems; medical devices; automotive vehicles; aircraft; and unmanned aerial vehicles (UAVs).

A

The primary method of protecting the confidentiality of data is with encryption and strong access controls. File system security includes the use of encryption to encrypt files and folders.

21
Q

You can encrypt individual columns in a database (such as credit card numbers), entire databases, individual files, entire disks, and removable media.

A

Users should be given only the permissions they need. When they have too much access, it can result in access violations or the unauthorized access of data.

22
Q

You can use the chmod command to change permissions on a Linux system.

A

Data exfiltration is the unauthorized transfer of data outside an organization.

23
Q

Data loss prevention (DLP) techniques and technologies help prevent data loss. They can block transfer of data to USB devices and analyze outgoing data via email to detect unauthorized transfers. Cloud-based DLP systems can enforce security policies for any data stored in the cloud.

A

End