Chapter 5: Securing Hosts and Data

Question 1

_____ _____ is a core secure system design principle. It states that systems should be deployed with only the applications, services, and protocols they need to function.

Answer 1

Least functionality

Question 2

A _____ operating system meets a set of predetermined requirements such as those defined in the Common Criteria. It typically uses the mandatory access control (MAC) model.

Answer 2

trusted

Question 3

A _____ _____ provides a secure starting point for systems. They are typically created with templates or other baselines to provide a secure starting point for systems. Integrity measurement tools detect when a system deviates from the baseline.

Answer 3

master image

Question 4

_____ _____procedures ensure operating systems and applications are kept up to date with current patches. This ensures they are protected against known vulnerabilities.

Answer 4

Patch management

Question 5

_____ _____ policies define the process for making changes and help reduce unintended outages from changes.

Answer 5

Change management

Question 6

Application _____ allows authorized software to run, but blocks all other software. Application_____ blocks unauthorized software, but allows other software to run.

Answer 6

whitelisting

blacklisting

Question 7

_____ provides a high level of flexibility for testing security controls and testing patches. Youcan create sandboxes in virtual machines (VMs) and with the chroot command on Linux systems.

Answer 7

Sandboxing

Question 8

___ ____ comes from sources such as

motors, power lines, and fluorescent lights and can be prevented with shielding.

Answer 8

Electromagnetic interference (EMI)

Question 9

___ ___ is a short burst of electromagnetic energy. Mild forms such as electrostatic discharge and lightning can be prevented but EMP damage from military weapons may not be preventable.

Answer 9

Electromagnetic pulse (EMP)

Question 10

___ _____ _____ encrypts an entire disk. A self- encrypting drive (SED) includes the hardware and software necessary to automatically encrypt a drive.

Answer 10

Full disk encryption (FDE)

Question 11

A _____ _____ _____ is a chip included with many laptops and some mobile devices and it provides full disk encryption, a secure boot process, and supports remote attestation. They have an encryption key burned into them that provides a hardware root of trust.

Answer 11

Trusted Platform Module (TPM)

Question 12

A _____ _____ _____ is a removable or external device used for encryption. An HSM generates and stores RSA encryption keys and can be integrated with servers to provide hardware-based encryption.

Answer 12

hardware security module (HSM)

Question 13

___ __ __ ____includes web-based applications such as web-based email.

Answer 13

Software as a Service (SaaS)

Question 14

____ __ __ ____ provides hardware resources via the cloud. It can help an organization limit the size of their hardware footprint and reduce personnel costs.

Answer 14

Infrastructure as a Service (IaaS)

Question 15

____ ___ ___ _____ provides an easy-to-configure operating system and on- demand computing for customers.

Answer 15

Platform as a Service (PaaS)

Question 16

A ____ ____ ____ ____ is a software tool or service deployed between an organization’s network and the cloud provider. It monitors all network traffic and can enforce security policies acting as Security as a Service.

Answer 16

cloud access security broker (CASB)

Question 17

____-____, ____ ____ mobile devices are owned by the organization, but employees can use them for personal reasons.

Answer 17

Corporate-owned, personally enabled (COPE)

Question 18

___ ___ ___ ___ policies allow employees to connect their mobile device to the organization’s network.

Answer 18

Bring your own device (BYOD)

Question 19

____ ____ ____ ____ policies include a list of acceptable devices and allow employees with one of these devices to connect them to the network.

Answer 19

Choose your own device (CYOD)

Question 20

A ___ ___ ____ is a virtual desktop and these can be created so that users can access them from a mobile device.

Answer 20

virtual desktop infrastructure (VDI)

Question 21

_____ devices can connect to the Internet, networks, and other devices using cellular, wireless, satellite, Bluetooth, near field communication (NFC), ANT, infrared, and USB connections.

Answer 21

Mobile

Question 22

____ ____ ____ tools help ensure that devices meet minimum security requirements. They can monitor devices, enforce security policies, and block network access if devices do not meet these requirements.

Answer 22

Mobile device management (MDM)

Question 23

_____ ____ ____ tools can restrict applications on devices, segment and encrypt data, enforce strong authentication methods, and implement security methods such as screen locks and remote wipe.

Answer 23

Mobile device management (MDM)

Question 24

A ____ ____ is like a password-protected screen saver on desktop systems that automatically locks the device after a period of time. A ____ ____ signal removes all the data from a lost phone.

Answer 24

screen lock

remote wipe

Question 25

______ uses Global Positioning System (GPS) to identify a device’s location.______ uses GPS to create a virtual fence or geographic boundary. Organizations use this to enable access to services or devices when they are within the boundary, and block access when they are outside of the boundary.

Answer 25

Geolocation

Geofencing

Question 26

_____ uses GPS to add geographical information to files (such as pictures) when posting them on social media sites.

Answer 26

Geotagging

Question 27

A ____-_____ app store is something other than the primary store for a mobile device. Apple’s App Store is the primary store for Apple devices. Google Play is a primary store for Android devices.

Answer 27

third-party

Question 28

_____ removes all software restrictions on Apple devices. Rooting provides users with root-level access to an Android device. Custom firmware can also root an Android device. MDM tools block network access for jailbroken or rooted devices.

Answer 28

Jailbreaking

Question 29

_____ is the process of copying an application to an Android device instead of installing it from an online store.

Answer 29

Sideloading

Question 30

A _______ cable allows you to connect mobile devices.

Answer 30

Universal Serial Bus On-The-Go (USB OTG)

Question 31

_____ allows one mobile device to share its Internet connection with other devices. Wi-Fi Direct allows you to connect devices together without a wireless router.

Answer 31

Tethering

Question 32

An_____ system is any device that has a dedicated function and uses a computer system to perform that function. A security challenge with these systems is keeping them up to date.

Answer 32

embedded

Question 33

Embedded systems include smart devices sometimes called the ___ ___ ___, such as wearable technology and home automation devices.

Answer 33

Internet of things (IoT)

Question 34

A ___ __ __ ____ is an integrated circuit that includes a full computing system.

Answer 34

system on a chip (SoC)

Question 35

A supervisory control and data acquisition (SCADA) system controls an industrial control system (ICS). The ICS is used in large facilities such as _____ ____or ____ ____. SCADA and ICS systems are typically in _____ networks without access to the Internet, and are sometimes protected by network intrusion prevention systems (NIPSs).

Answer 35

power plants or water treatment facilities

isolated

Question 36

A ____-____ ____ ____ is an operating system that reacts to input within a specific time.

Answer 36

real-time operating system (RTOS)

Question 37

The primary method of protecting the confidentiality of data is with _____ and strong ____ ____. File system security includes the use of encryption to encrypt files and folders.

Answer 37

encryption

access controls

Question 38

Users should be given only the_____ they need. When they have too much access, it can result in access violations or the unauthorized access of data.

Answer 38

permissions

Question 39

You can use the _____ command to change permissions on a Linux system.

Answer 39

chmod

Question 40

____ ____ is the unauthorized transfer of data outside an organization.

Answer 40

Data exfiltration

Question 41

____ _____ ____ techniques and technologies help prevent data loss. They can block transfer of data to USB devices and analyze outgoing data via email to detect unauthorized transfers. Cloud-based systems can enforce security policies for any data stored in the cloud.

Answer 41

Data loss prevention (DLP)