Endpoint and Application Development Security

Question 1

KRIs

Answer 1

Key Risk Indicators

exceeding normal baselines; failed logins; bandwidth

Question 2

CISCP

Answer 2

Cyber Information Sharing and Collaboration Program

Analyst-to-analyst technical exchange

Question 3

OSINT

Answer 3

Open Source Intelligence
Public information sharing centers
DHS and CISCP

Question 4

What are the 2 concerns of public information sharing centers?

Answer 4

Privacy and Speed

Question 5

AIS

Answer 5

Automated Indicator Sharing
STIX and TAXII
More in public information sharing

Question 6

STIX

Answer 6

Structured Threat Information Expression

visually and stored lightweight

Question 7

TAXII

Answer 7

Trusted Automated Exchange of Intelligence Information
Forced over HTTPS

Question 8

Closed Source Information

Answer 8

owned
must go through a vetting process and meet certain criteria

Question 9

Adversary TTP

Answer 9

Tactics, Techniques, and Procedures
Threat actors and how they attack

Question 10

Boot Attestation

Answer 10

determining boot process is valid

Question 11

Antivirus - String Scanning

Answer 11

matching patterns

Question 12

Antivirus - Wildcard scanning

Answer 12

skips bytes to look for exact match

Question 13

Antivirus - Mismatch scanning

Answer 13

number of bytes in string be any value no matter position

Question 14

Heuristic Monitoring - Code emulation

Answer 14

virtual environment is made to determine virus

Question 15

Anti-Malware - Bayesian filtering

Answer 15

for spam
divides emails
every word is analyzed and how often

Question 16

First-party cookies

Answer 16

from website being viewed so when revisited
could be stolen to impersonate

Question 17

Third-party cookies

Answer 17

websites try to place in local hard drive for advertisment

Question 18

Session cookie

Answer 18

in RAM
duration of site visit

Question 19

Secure cookie

Answer 19

sent to server w encrypted requested over HTTPS

Question 20

HTTP Response Headers - HSTS

Answer 20

HTTP Strict Transport Security
forces HTTPS

Question 21

HTTP Response Headers - CSP

Answer 21

Content Security Policy
restricts what resources a user can load into site

Question 22

HTTP Response Headers - X-XSS

Answer 22

Cross-Site Scripting Protection
stops a page loading if detects XSS attack

Question 23

HTTP Response Headers - X-Frame-options

Answer 23

prevents attacks that overlay their content on site

Question 24

EDR

Answer 24

Endpoint Detection and Response
more robust than HIDPS
gathers from multiple hosts to a central database

Question 25

How do you harden endpoints?

Answer 25

Patches, turn off unneeded ports and services, change default settings

Question 26

What are the 4 general concepts of SecDevOps?

Answer 26

Development, testing, staging, production

Question 27

Directory traversal

Answer 27

exploits to move from root directory to others

Question 28

Waterfall Model

Answer 28

Sequential design have to start over if you have to go back to last stage extensive planning

Question 29

Agile Model

Answer 29

Incremental overcomes disadvantages of waterfall modules done in short sprints

Question 30

Automated courses of action

Answer 30

Continuous monitoring Continuous validation Continuous integrity Continuous delivery Continuous deployment

Question 31

Immutable systems

Answer 31

if change is needed a whole new system is made

Question 32

Fuzzing

Answer 32

random inputs to try to trigger exceptions

Question 33

CISA

Answer 33

Cybersecurity Info Act autority for info sharing private sector, state and local and federal gov't

Question 34

FOIA

Answer 34

Freedom of Info Act publics right to request records from any federal agency

Question 35

TLP

Answer 35

Traffic-Light Protocol sensitive info is shared w right audience 4 color catefories

Question 36

PCII

Answer 36

Protected Critical Infrastructure Info protects private sector infrastructure info that is voluntarily shared w gov't to DHS

Question 37

Legacy BIOS Boot

Answer 37

BIOS for boot no security

Question 38

UEFI Native Mode

Answer 38

UEFI standards to boot updated as needed no validation of boot process

Question 39

Secure Boot

Answer 39

firmware and software verified validated custom software may not pass Can turn off but hard to impossible to turn back on without resetting

Question 40

Trusted Boot

Answer 40

Microosoft OS checks integrity of boot before loading

Question 41

Measured Boot

Answer 41

Sends to trusted server to assess security highest security slower process

Question 42

Secure coding techniques

Answer 42

input validation normalization stored procedure code signing obfuscation/camo code dead code Code reuse Server-side and client side validation

Question 43

Input validation

Answer 43

errors are accounted for

Question 44

Normalization

Answer 44

organizing data to database

Question 45

Stored procedure

Answer 45

subroutine to access a relational database

Question 46

Code signing

Answer 46

digital signing applications

Question 47

Obfuscation/Camo code

Answer 47

inner functions hard to understand

Question 48

Dead Code

Answer 48

code executes but no function