Chapter 9: Security Vulnerabilities, Threats, and Countermeasures Flashcards
the security design principle that indicates that organizations do not operate in isolation
Shared responsibility
an initiative by the Department of Homeland Security (DHS) to facilitate the open and free exchange of indicators of compromise (IoCs) and other cyberthreat information between the U.S. federal government and the private sector in an automated and timely manner (described as “machine speed”)
Automated indicator sharing (AIS)
any tangible part of a computer that you can actually reach out and touch, from the keyboard and monitor to its CPU(s), storage media, and memory chips.
hardware
means handling two or more tasks simultaneously.
multitasking
Today, most CPUs are ____. This means that the CPU is now a chip containing two, four, eight, dozens, or more independent execution cores that can operate simultaneously and/or independently.
multicore
a _______ harnesses the power of more than one processor to complete the execution of a multithreaded application.
multiprocessor system
It involves the pseudo-simultaneous execution of two tasks on a single processor coordinated by the OS as a way to increase operational efficiency.
Multiprogramming
_______ permits multiple concurrent tasks to be performed within a single process.
Multithreading
From a security standpoint, _____ organize code and components in an OS (as well as applications, utilities, or other code that runs under the OS’s control) into concentric rings
protection rings
In the _____, a process is ready to resume or begin processing as soon as it is scheduled for execution.
ready state
The _______ is when a process executes on the CPU and keeps going until it finishes, its time slice expires, or it is blocked for some reason (usually because it has generated an interrupt for I/O).
running state or problem state
The_______ is when a process is ready for continued execution but is waiting for I/O to be serviced before it can continue processing
waiting state
The _______ is used when the process must perform an action that requires privileges that are greater than the problem state’s set of privileges, including modifying system configuration, installing device drivers, or modifying security settings.
supervisory state
When a process finishes or must be terminated (because an error occurs, a required resource is not available, or a resource request can’t be met), it goes into a _____ state.
supervisory state
the storage bank for information that the computer needs to keep readily available.
memory
memory the system can read but can’t change (no writing allowed).
Read-only memory (ROM)
a ____ chip’s contents aren’t “burned in” at the factory as with standard ROM chips. Instead, a _____ incorporates special functionality that allows an end user to burn in the chip’s contents later.
PROM
a nonvolatile form of storage media that can be electronically erased and rewritten.
Flash memory
readable and writable memory that contains information a computer uses during processing.
Random access memory (RAM)
There are two main types of RAM: _____ RAM and ____ RAM
dynamic and static
The CPU also includes a limited amount of onboard memory, known as _______
registers
When using memory resources, the processor must have some means of referring to various locations in memory. The solution to this problem is known as ______
memory addressing
a term commonly used to refer to magnetic, optical, or flash-based media or other storage devices that contain data not immediately available to the CPU.
Secondary memory
______ is a special type of secondary memory that is used to expand the addressable space of real memory.
Virtual memory
______ are used to store information that may be used by a computer any time after it’s written.
Data storage devices
the RAM that a computer uses to keep necessary information readily available to the CPU while the computer is running.
Primary memory
includes all the familiar long-term storage devices that you use every day.
Secondary memory
There is a memory compromise, called the_____ attack, that freezes memory chips to delay the decay of resident data when the system is turned off or the RAM is pulled out of the motherboard.
cold boot
Data may remain on secondary storage devices even after it has been erased. This condition is known as _______.
data remanence
The types of countermeasures and safeguards used to protect against emanation attacks are known as _____ countermeasures.
TEMPEST
a term used to describe software that is stored in a ROM or an EEPROM chip. This type of software is changed infrequently (actually, never, if it’s stored on a true ROM chip as opposed to an EEPROM or flash chip) and often drives the basic operation of a computing device.
Firmware
the legacy basic low-end firmware or software embedded in a motherboard’s EEPROM or flash chip. The ____ contains the OS-independent primitive instructions that a computer needs to start up and load the OS from disk.
Basic input/output system (BIOS)
The process of updating the UEFI, BIOS, or firmware is known as _____.
flashing
_______ is a feature of UEFI that aims to protect the local OS by preventing the loading or installing of device drivers or an OS that is not signed by a preapproved digital certificate.
Boot attestation or secure boot
______ is an optional feature of UEFI that takes a hash calculation of every element involved in the booting process.
Measured boot
____ are code objects sent from a server to a client to perform some action.
Applets
The temporary storage of files downloaded from internet sites that are being held by the client’s utility (typically a browser) for current and possibly future use.
Temporary internet files or the internet files cache
A _____ is used to spread or distribute network traffic load across several network links or network devices.
load balancer
______ technologies are networking and distributed application solutions that share tasks and workloads among peers.
Peer-to-peer (P2P)
A ____ is a collection or ledger of records, transactions, operations, or other events that are verified using hashing, timestamps, and transaction data.
blockchain
______ systems are computing platforms designed to perform complex calculations or data manipulations at extremely high speeds.
High-performance computing (HPC)
An HPC solution is composed of three main elements: _____ resources, _____ capabilities, and _____ capacity.
compute, network, storage
A ______ is designed to process or handle data as it arrives on the system with minimal latency or delay.
real-time operating system (RTOS)
______ is a derivative of IoT that focuses more on industrial, engineering, manufacturing, or infrastructure level oversight, automation, management, and sensing.
Industrial Internet of Things (IIoT)
______ is a philosophy of network design where data and the compute resources are located as close as possible in order to optimize bandwidth use while minimizing latency.
Edge computing
A _____IT environment is any system that is intended to remain unchanged by users and administrators.
static
_______ systems include the check-in kiosk at the airport, an ATM, and often the complimentary guest computer at a hotel or library.
static
_______ devices include smartphones, mobile phones, tablets, smart TVs, set-top boxes, or an HDMI-stick streaming-media player
Network-enabled
A ______ is something used to enclose or contain something else. Wrappers are well known in the security community in relation to Trojan horse malware.
wrapper
A ____ constructs new applications or functions out of existing but separate and distinct software services. The resulting application is often new; thus, its security issues are unknown, untested, and unprotected.
service-oriented architecture (SOA)
A type___ hypervisor is a native or bare-metal hypervisor. In this configuration, there is no host OS; instead, the hypervisor installs directly onto the hardware where the host OS would normally reside.
1
A type ____ hypervisor is a hosted hypervisor. In this configuration, a standard regular OS is present on the hardware, and then the hypervisor is installed as another software application.
2
____ refers to the flexibility of virtualization and cloud solutions to expand or contract resource utilization based on need.
Elasticity
_____ occurs when an organization deploys numerous virtual machines without an overarching IT management or security plan in place.
VM sprawl
_____ occurs when software within a guest OS is able to breach the isolation-protection provided by the hypervisor in order to violate the container of other guest OSs or to infiltrate a host OS.
VM escaping
______ is the ability of a mobile device to include details about its location in any media created by the device, such as photos, videos, and social media posts.
Geotagging
______ management is a device-management solution that limits which applications can be installed onto a device.
application
______ is a security option that prohibits unauthorized software from being able to execute. It prevents any and all software, including malware, from executing unless it’s on the preapproved exception list
whitelisting
_____ is the activity of sharing the cellular network data connection of a mobile device with other devices. This is also known as a hotspot
Tethering
_______ requires that the OS provide separate memory spaces for each process’s instructions and data.
Process isolation
A ______ is a method that is used to pass information over a path that is not normally used for communication.
covert channel
A ______ is malware that embeds itself deep within an OS.
rootkit
______ occurs when an attacker gains access to a system and makes small, random, or incremental changes to data during storage, processing, input, output, or transaction rather than obviously altering file contents or damaging or deleting entire files.
Data diddling
