Chapter 5 Securing Hosts and Data

Question 1

____ is the practice of making an operating system (OS) or application more secure from its default installation.

Answer 1

Hardening

Question 2

___ helps eliminate vulnerabilities from default configurations, misconfigurations, and weak configurations.

Answer 2

Hardening

Question 3

Describe least functionality

Answer 3

A core security principle stating that systems should be deployed with the least amount of applications, services, and protocols.

Question 4

A ____ is an access point to an application or service that bypasses normal security.

Answer 4

Backdoor

Question 5

True or false: A system or application default account and default password does not need to be changed.

Answer 5

False

Default accounts and default passwords should always be changed.

Question 6

Windows and Apple operating systems are _____ source software, meaning that the underlying code is not freely available to the public.

Answer 6

Closed

Question 7

Linux and Unix operating systems are ____ source software, meaning that it is freely available to the public.

Answer 7

Open

Question 8

Identify three other locations where OSs operate

Answer 8

Kiosks
Network
Appliance

Question 9

What is a kiosk?

Answer 9

A kiosk is a small structure in an open area used to sell something, provide information, or display advertisements.

Question 10

To create a non-persistent operating system on a computer you can use a ___

Answer 10

Live boot media

Ex. DISA uses BootMe that authorized DoD users can use to run an operating system on almost any computer.

Question 11

What is a non-persistent operating system?

Answer 11

One that disappears when users turn off the computer

Question 12

What is a common method of deploying systems?

Answer 12

Creating a master image with a secure configuration, and then deploy the image to multiple systems.

Question 13

What is a trusted operating system?

Answer 13

One that meets a set of predetermined requirements with a heavy emphasis on authentication and authorization.

Question 14

What is the overall goal of a trusted operating system?

Answer 14

To ensure that only authorized personnel can access data based on their permissions. It also prevents any modifications and movement of data by unauthorized entities.

Question 15

An ____ is a snapshot of a single system that administrators deploy to multiple other systems.

Answer 15

Image

Question 16

What are two important benefits of imaging?

Answer 16

1. It creates a secure starting point.

2. It reduces cost

Question 17

True or false: You can convert an image to a virtual system

Answer 17

True

Question 18

A ____ is a known starting point and organizations commonly use them to provide known starting points for systems.

Answer 18

Baseline

Question 19

True or False: Admins can use an MS security template to import to a GPO and then apply to systems within a domain

Answer 19

True
Some orgs deploy a master image to all systems and then use the security templates to automatically apply different security settings to different groups of systems based on their security needs.

Question 20

___ security configuration is a common security issue

Answer 20

Weak

Question 21

True or False: One of the primary benefits of secure baselines is that they improve the overall security posture of systems

Answer 21

True

Question 22

Identify the three steps for the use of baselines

Answer 22

1. Initial baseline configuration
2. Integrity measurements for baseline deviation
3. Remediation

Question 23

____ ensures that systems and applications stay up to date with current patches.

Answer 23

Patch management

Question 24

One of the most efficient ways to reduce operating system and application vulnerabilities is ____ because it protects systems from known vulnerabilities.

Answer 24

Patch management

Question 25

True or False: Patch management does not include a group of methodologies and processes of identifying, downloading, testing, deploying, and verifying patches.

Answer 25

False

Question 26

What does SCCM stand for and what is it?

Answer 26

System Center Configuration Manager

It is a systems management tool used for many purposes like patch management

Question 27

____ defines the process for any type of system modifications or upgrades, including changes to applications.

Answer 27

Change management

Question 28

What are two key goals of Change Management?

Answer 28

1. To ensure changes to IT systems do not result in unintended outages
2. To provide an accounting structure or method to document all changes

Question 29

A common security issue is the use of _______ software, which can cause many different problems.

Answer 29

Unauthorized

Question 30

The most common problem of using unauthorized software often includes ____

Answer 30

Malware

Question 31

Aside from malware, additional problems of using unauthorized software are _____ and ____

Answer 31

Application support and license compliance violations

Question 32

True or False: An organization can be susceptible to fines and penalties if they breach license agreements.

Answer 32

True

Question 33

______ is a list of applications authorized to run on a system

Answer 33

Application whitelist

Question 34

____ is a list of applications the system blocks

Answer 34

Application blacklist

Question 35

____ ______ ______ in MS Group Policy can be used for both whitelisting and blacklisting computers within a domain.

Answer 35

Software Restriction Policies

Question 36

What does MDM stand for?

Answer 36

Mobile Device Management

Question 37

True or False: an MDM can whitelist and blacklist applications on mobile devices

Answer 37

True

Question 38

_______ is the use of an isolated area on a system and it is often used for testing.

Answer 38

Sandboxing

Question 39

True or False: Sandboxing cannot be used by admins and security professionals to test various security controls before deploying them to a live production network.

Answer 39

False

It can be used to test security controls.

Question 40

True or False: Virtualized sandboxes are useful for testing patches

Answer 40

True

Question 41

The ____ command in Linux is used to change the root directory for an application, effectively isolating it.

Answer 41

Chroot

Note: Chroot jail is a term when using chroot to isolate a sandbox in a test directory

Question 42

List the different types of environments in a secure staging environment

Answer 42

1. Development - used by developers to create and modify code
2. Test - used by developers to unit test and identify any bugs or errors. Typically does not simulate a full production environment
3. Staging - simulates the production environment and is used for late stage testing.
4. Production - Final product which includes everything needed to support the application and allow customers and others to use it.

Question 43

A ____ ____ includes all the elements required to produce a product.

Answer 43

Supply chain

Question 44

What does EMI stand for and what is it?

Answer 44

Electromagnetic interference
Interference of transmitted signals over wires that comes from sources such as motors, power lines, and fluorescent lights and can prevented from shielding

Question 45

What does EMP stand for and what is it?

Answer 45

Electromagnetic pulse
A short burst of electromagnetic energy. It can come from a wide assortment of sources and can cause damage to computing equipment

Question 46

What are some sources of EMP?

Answer 46

1. Electrostatic discharge (ESD).
2. Lightning
3. Military weapons such as nuclear explosions

Question 47

What does FDE stand for and what is it?

Answer 47

Full disk encryption

When an entire disk is encrypted

Question 48

What does SED stand for and what is it?

Answer 48

Self-Encrypting Drives

A drive that includes hardware and software to encrypt all data on the drive and securely store the encryption keys

Question 49

What does BIOS stand for and what is it?

Answer 49

Basic Input/Output System

Firmware which provides a computer with basic instructions on how to start.

Question 50

What does UEFI stand for and what is it?

Answer 50

Unified Extensible Firmware Interface

Firmware similar to BIOS with enhanced features such as booting from larger disks and designed to be CPU independent

Question 51

What process upgrades a BIOS or UEFI and how does it work?

Answer 51

Flashing overwrites the software within the BIOS/UEFI chip with newer software

Question 52

A ____ is a hardware chip on the computer’s motherboard that stores cryptographic keys. It keeps hard drives locked, or sealed, until the system completes a system verification and authentication process.

Answer 52

Trusted Platform Module (TPM)

Question 53

A ____ supports secure boot and attestation processes

Answer 53

Trusted Platform Module

Question 54

True or False: If a TPM detects that files have been modified it will block the boot process to protect the data on the drive

Answer 54

True

Question 55

What is a remote attestation process?

Answer 55

A process that uses a separate system (not TPM) to check the boot files

Question 56

Rivest Shamir Adleman (RSA) private keys are used for what form of encryption?

Answer 56

Asymmetric

Question 57

True or False: A hardware root of trust is formed where a private key is matched with a public key

Answer 57

True

Question 58

True or False: Another term for hardware root of trust is secure starting point

Answer 58

True

Question 59

What does HSM stand for and what is it?

Answer 59

Hardware Security Module
It is a security device that can be added to a system to manage, generate, and securely store cryptographic keys. Similar to a TPM

Question 60

What is a noteworthy difference between HSM and TPM?

Answer 60

HSMs are removable or external devices

Question 61

_____ _____ refers to accessing computing resources via a different location than your local computer.

Answer 61

Cloud computing

Question 62

Web-based e-mail is what type of could computing service?

Answer 62

Software as a Service (SaaS)

Question 63

What is Amazon’s hosted cloud services referred to as?

Answer 63

Amazon EC2 - Elastic Compute Cloud

Note: It combines virtualization with cloud computing and they currently provide a wide variety of services

Question 64

What other options do organizations have aside from cloud hosted services?

Answer 64

1. On-premise - all resources owned, operated, and maintained within the org’s building(s)
2. Hosted - An org can rent access to resources from a specific org. However in most cases, hosted services are somewhere within the cloud

Question 65

What does SaaS stand for and what is it?

Answer 65

Software as a Service

A software or application provided to users over a network i.e. internet Generally accessed via a web browser

Question 66

What does PaaS stand for and what is it?

Answer 66

Platform as a Service
Provides customers with a pre-configured computing platform they can use as needed. Referred to by many providers as a managed hardware solution.

Question 67

What does IaaS stand for and what is it?

Answer 67

Infrastructure as a Service
Allows an organization to outsource its equipment requirements, including the hardware and all support operations. The provider owns the equipment, houses it in its data center, and performs all required hardware maintenance. The customer essentially rents access to the equipment and often pays on a per-use basis. Often referred to as a self-managed solution.

Question 68

What does CSP stand for?

Answer 68

Cloud Service Provider

Question 69

When comparing CSP and customer responsibilities for SaaS, PaaS, and IaaS, explain the difference in security responsibilities

Answer 69

SaaS the CSP has more responsibility than the customer.
IaaS the customer has more responsibility than the CSP.
PaaS there is closer to equal responsibility

Question 70

What is Security as a Service?

Answer 70

Any services provided via the cloud that provide security services, and is commonly viewed as a subset of SaaS.
Example is of licensed anti-virus where each individual installs with their own license and the anti-virus is automatically updated periodically

Question 71

What does CASB stand for and what is it?

Answer 71

Cloud access security broker
A software tool or service deployed between an organization’s network and the cloud provider. It provides Security as a Service by monitoring traffic and enforcing security policies.

Question 72

What are the four categories of cloud deployment models?

Answer 72

1. Public
2. Private
3. Community
4. Hybrid

Question 73

____ are available from third-party companies, such as Amazon, Google, Microsoft, and Apple. They provide similar services to anyone willing to pay for them.

Answer 73

Public

Question 74

____ is set up for specific organizations.

Answer 74

Private

Question 75

Those with shared concerns (such as goals, security, requirements or compliance considerations) can share cloud resources within a _____.

Answer 75

Community cloud

Question 76

A ____ is a combination of two or more clouds.

Answer 76

Hybrid cloud

Question 77

____ is when the organization purchases devices and issues them to employees

Answer 77

Corporate-owned

Question 78

What does COPE stand for and what is it?

Answer 78

Corporate-owned, personally enabled
Deployment model where the employees are free to use the device as if it was their own personal device. Not restricted to only work related activities.

Question 79

What does BYOD stand for and what is it?

Answer 79

Bring your own device

Where an employee can use his/her own personal mobile device and connect to the employer’s network

Question 80

What does CYOD stand for and what is it?

Answer 80

Choose your own device

Organization identifies a list of acceptable mobile devices that employees can purchase and bring to work.

Question 81

What does VDI stand for and what is it?

Answer 81

Virtual desktop infrastructure

Ability to access the VDI from users mobile device

Question 82

What is ANT and ANT+?

Answer 82

Proprietary wireless protocols used by some mobile devices. Many sports and fitness sensors collect data on users and use ANT to send the data to a mobile device application i.e. fitbit

Question 83

What are some MDM concepts with respect to mobile devices?

Answer 83

1. Application management
2. Full device encryption
3. Storage segmentation
4. Content management
5. Containerization
6. Passwords and PINs
7. Biometrics
8. Screen locks
9. Remote wipe

Question 84

How are biometrics used with mobile devices?

Answer 84

Used for authentication and can be managed via MDM

Question 85

What is a remote wipe?

Answer 85

MDM can send a remote signal to a device and wipe/erase all of the data including cached data

Question 86

What is containerization for mobile devices?

Answer 86

Isolating an application to run in a container which protects the application and its data

Question 87

What is storage segmentation for mobile devices?

Answer 87

Separate segments created on mobile device to protect data

Question 88

What is geolocation?

Answer 88

Using GPS to identify the location of a device

Question 89

What is geofencing?

Answer 89

Using GPS to create a virtual fence or geographic boundary. Apps can be configured to run only within a virtual fence.

Question 90

What is GPS tagging aka geotagging?

Answer 90

When geographical information is added to files such as pictures when posting on social media.

Question 91

What is context-aware authentication?

Answer 91

Uses multiple elements to authenticate a user and a mobile device. Can include the user’s identity, geolocation, verification that the device is within a geofence, time of day, and type of device.

Question 92

What are push notification services?

Answer 92

Services which send messages to mobile devices from apps.

Question 93

_____ refers to removing all software restrictions from an Apple device.

Answer 93

Jailbreaking

Often done by users in order to install software from third-party sources

Question 94

____ is the process of modifying an Android device to give the user full administrator access to the device

Answer 94

Rooting

Question 95

Mobile devices typically have the OS stored in ______ memory

Answer 95

Onboard

Question 96

What does OTA stand for with regards to mobile devices?

Answer 96

Over the air

Question 97

____ is the process of copying an application package in the Application Packet Kit (APK) format to the device and then activating it

Answer 97

Sideloading

Question 98

True or False: Overwriting the firmware on an Android device with customer firmware is another way to root an Android device

Answer 98

True

Question 99

What are two primary risks with text messaging?

Answer 99

1. Messages sent in cleartext allowing the information to be intercepted and read by others
2. With MMS attackers can gain remote code execution privileges on the user’s phone

Question 100

What does SMS stand for?

Answer 100

Short Message Service

Question 101

What does MMS stand for?

Answer 101

Multimedia Message Service

Question 102

How does disabling the camera and recording microphone on a mobile device improve security?

Answer 102

Reduces the risk of attackers being able to use those hardware features to infiltrate and spy

Question 103

______ allows you to share one device’s internet connection with other devices

Answer 103

Tethering

Question 104

_____ ____ is a standard that allows devices to connect without a wireless access point, or wireless router.

Answer 104

Wi-Fi direct

Question 105

True or False: An MDM cannot block access to devices using tethering or Wi-Fi direct to access the internet.

Answer 105

False

MDMs can block tethering and wi-fi direct connections

Question 106

_____ ____ is any device that has a dedicated function and uses a computer system to perform that function

Answer 106

Embedded system

Question 107

____ ____ includes Internet-connected devices, such as wireless thermostats, lighting, coffee makers, etc.

Answer 107

Home automation

Question 108

____ is an integrated circuit that includes all the functionality of a computing system within the hardware. It typically includes an application contained within onboard memory.

Answer 108

System on Chip (SoC)

Question 109

________ typically refers to systems within large facilities such as power plants or water treatment facilities.

Answer 109

Industry Controlled System (ICS)
Controlled by SCADA systems and best practice is for them to be within isolated networks i.e. VLAN that do not have access to the internet. If connected to corporate network are often protected by NIPS to block unwanted traffic

Question 110

____ is an operating system that reacts to input within a specific time.

Answer 110

Real-Time Operating System (RTOS)

Question 111

What does HVAC stand for?

Answer 111

Heating, Ventilating, and Air Conditioning

Question 112

What are some special-purpose devices contain embedded systems?

Answer 112

1. Medical devices
2. Automotive vehicles
3. Unmanned aerial vehicles (UAV)

Question 113

What are some forms of software based encryption?

Answer 113

1. MS Net Technology File System (NTFS) which allows to configure permissions with ACLs
2. Database encryption - either entire database or specific datasets

Question 114

What are the primary methods of protecting the confidentiality of data?

Answer 114

1. Encryption

2. Strong access controls

Question 115

What does EFS stand for?

Answer 115

Encrypting File System

Question 116

What is a benefit of file and folder level encryption?

Answer 116

Ability to encrypt individual files without encrypting an entire disk

Question 117

True or False: A common security issue with permissions is giving users more permissions than they need

Answer 117

True

Question 118

When does an access violation occur?

Answer 118

When a user accesses materials that they shouldn’t

Question 119

What are three primary entities that you can assign permissions to within Linux?

Answer 119

1. Owner - User who owns the file or directory
2. Group - Contains multiple users. A group can be an owner as well
3. Others - Everyone else outside of Owner and Group. These permissions do not override those of Owner and Group

Question 120

What are the basic Linux permissions?

Answer 120

1. Read (r/4) - allows to view the file
2. Write (w/2) - allows to modify the file
3. Execute (x/1) - allows to run the file

Question 121

True or False: With Linux file permissions, unassigned permissions are represented as an asterisk

Answer 121

False

Unassigned permissions are represented as a dash

Question 122

What does FACL stand for?

Answer 122

File access control list

Question 123

What command do linux admins use to change permissions on files?

Answer 123

chmod

Stands for change mode

Question 124

What is an example of using the chmod command?

Answer 124

chmod 755 success.exe
Owner has rwx
Group has rx
Others has rx

Question 125

What are the basic Windows permissions?

Answer 125

1. Read - users can view
2. Read and execute - users can view and run/execute
3. Write - Users can create new and modify existing
4. Modify - users can modify permissions

Question 126

True or False: A DLP solution can prevent a user from copying or printing files with specific content

Answer 126

True

Some DLP solutions will also log and alert of the activity

Question 127

____ is the unauthorized transfer of data outside an organization and is a significant concern.

Answer 127

Data exfiltration

Question 128

True or False: DLPs can scan the text of all emails including zipped files which it unzips and scans

Answer 128

True

Question 129

True or False: Many organizations classify and label data using terms such as Confidential, Private, and Proprietary

Answer 129

True

Question 130

What does PII stand for?

Answer 130

Personally Identifiable Information

Question 131

What does PHI stand for?

Answer 131

Protected Health Information