Chapter 5: Securing Hosts and Data Flashcards
_____ _____ is a core secure system design principle. It states that systems should be deployed with only the applications, services, and protocols they need to function.
Least functionality
A _____ operating system meets a set of predetermined requirements such as those defined in the Common Criteria. It typically uses the mandatory access control (MAC) model.
trusted
A _____ _____ provides a secure starting point for systems. They are typically created with templates or other baselines to provide a secure starting point for systems. Integrity measurement tools detect when a system deviates from the baseline.
master image
_____ _____procedures ensure operating systems and applications are kept up to date with current patches. This ensures they are protected against known vulnerabilities.
Patch management
_____ _____ policies define the process for making changes and help reduce unintended outages from changes.
Change management
Application _____ allows authorized software to run, but blocks all other software. Application_____ blocks unauthorized software, but allows other software to run.
whitelisting
blacklisting
_____ provides a high level of flexibility for testing security controls and testing patches. Youcan create sandboxes in virtual machines (VMs) and with the chroot command on Linux systems.
Sandboxing
___ ____ comes from sources such as
motors, power lines, and fluorescent lights and can be prevented with shielding.
Electromagnetic interference (EMI)
___ ___ is a short burst of electromagnetic energy. Mild forms such as electrostatic discharge and lightning can be prevented but EMP damage from military weapons may not be preventable.
Electromagnetic pulse (EMP)
___ _____ _____ encrypts an entire disk. A self- encrypting drive (SED) includes the hardware and software necessary to automatically encrypt a drive.
Full disk encryption (FDE)
A _____ _____ _____ is a chip included with many laptops and some mobile devices and it provides full disk encryption, a secure boot process, and supports remote attestation. They have an encryption key burned into them that provides a hardware root of trust.
Trusted Platform Module (TPM)
A _____ _____ _____ is a removable or external device used for encryption. An HSM generates and stores RSA encryption keys and can be integrated with servers to provide hardware-based encryption.
hardware security module (HSM)
___ __ __ ____includes web-based applications such as web-based email.
Software as a Service (SaaS)
____ __ __ ____ provides hardware resources via the cloud. It can help an organization limit the size of their hardware footprint and reduce personnel costs.
Infrastructure as a Service (IaaS)
____ ___ ___ _____ provides an easy-to-configure operating system and on- demand computing for customers.
Platform as a Service (PaaS)
A ____ ____ ____ ____ is a software tool or service deployed between an organization’s network and the cloud provider. It monitors all network traffic and can enforce security policies acting as Security as a Service.
cloud access security broker (CASB)
____-____, ____ ____ mobile devices are owned by the organization, but employees can use them for personal reasons.
Corporate-owned, personally enabled (COPE)
___ ___ ___ ___ policies allow employees to connect their mobile device to the organization’s network.
Bring your own device (BYOD)
____ ____ ____ ____ policies include a list of acceptable devices and allow employees with one of these devices to connect them to the network.
Choose your own device (CYOD)
A ___ ___ ____ is a virtual desktop and these can be created so that users can access them from a mobile device.
virtual desktop infrastructure (VDI)
_____ devices can connect to the Internet, networks, and other devices using cellular, wireless, satellite, Bluetooth, near field communication (NFC), ANT, infrared, and USB connections.
Mobile
____ ____ ____ tools help ensure that devices meet minimum security requirements. They can monitor devices, enforce security policies, and block network access if devices do not meet these requirements.
Mobile device management (MDM)
_____ ____ ____ tools can restrict applications on devices, segment and encrypt data, enforce strong authentication methods, and implement security methods such as screen locks and remote wipe.
Mobile device management (MDM)
A ____ ____ is like a password-protected screen saver on desktop systems that automatically locks the device after a period of time. A ____ ____ signal removes all the data from a lost phone.
screen lock
remote wipe