GCGA Ch. 5 Securing Hosts and Data

Question 1

Virtualization

Answer 1

allows multiple servers to operate on a single physical host. It also supports virtual desktops.

Question 2

VDI

Answer 2

A virtual desktop infrastructure (VDI) hosts a user’s desktop operating system on a server. Thin clients, including mobile devices, can connect to a server and access a VDI.

Question 3

Container virtualization

Answer 3

runs services or applications within isolated containers or application cells. Containers use the kernel of the host.

Question 4

VM escape attacks

Answer 4

allow an attacker to access the host system from the VM. The primary protection is to keep the host and guests up to date with current patches.

Question 5

VM sprawl

Answer 5

occurs if personnel within the organization don’t manage the VMs.

Question 6

Endpoints

Answer 6

computing devices such as servers, desktops, laptops, mobile devices, or Internet of Things (IoT) devices.

Question 7

EDR

Answer 7

Endpoint detection and response (EDR) provides continuous monitoring of endpoints. Extended detection and response (XDR) includes other types of devices and systems.

Question 8

Hardening

Answer 8

the practice of making an operating system or application more secure from its default installation.

Question 9

Configuration management practices

Answer 9

help organizations deploy systems with secure configurations. A master image provides a secure starting point for systems. Master images are typically created with templates or other baselines to provide a secure starting point for systems. Integrity measurement tools detect when a system deviates from the baseline.

Question 10

Patch management procedures

Answer 10

ensure operating systems, applications, and firmware are kept up to date with current patches. This ensures they are protected against known vulnerabilities.

Question 11

Change management policies

Answer 11

define the process for making changes and help reduce unintended outages from changes. An application allow list identifies authorized software but blocks all other software. An application block list blocks unauthorized software but allows other software to run.

Question 12

Full disk encryption (FDE)

Answer 12

encrypts an entire disk. A selfencrypting drive (SED) has the encryption circuitry built into the drive.
TPM: A Trusted Platform Module (TPM) is a chip included with many desktops, laptops and some mobile devices, and it supports full disk encryption, a secure boot process, and supports remote attestation. TPMs have an encryption key burned into them and they provide a hardware root of trust.

Question 13

HSM

Answer 13

A hardware security module (HSM) is a removable or external device used for encryption. An HSM generates and stores RSA encryption keys and can be integrated with servers to provide hardware-based encryption. A microSD HSM is a microSD chip with an HSM device installed on it.

Question 14

Protecting confientiality

Answer 14

The primary method of protecting the confidentiality of data is with encryption and strong access controls. File system security includes the use of encryption to encrypt files and folders.

Question 15

Database encryption methods

Answer 15

You can encrypt individual columns in a database (such as credit card numbers), entire databases, individual files, entire disks, and removable media.

Question 16

DLP

Answer 16

Data loss prevention (DLP) techniques and technologies help prevent data loss. They can block transfer of data to USB devices and analyze outgoing data via email to detect unauthorized transfers.

Question 17

Data exfiltration

Answer 17

the unauthorized transfer of data outside an organization.

Question 18

Cloud computing

Answer 18

provides an organization with additional resources. Most cloud services are provided via the Internet or a hosting provider. On-premise clouds are owned and maintained by an organization.

Question 19

SaaS

Answer 19

Software as a Service (SaaS) includes web-based applications such as web-based email.

Question 20

PaaS

Answer 20

Platform as a Service (PaaS) provides an easy-to-configure operating system and on-demand computing for customers. The vendor keeps systems up to date with current patches.

Question 21

IaaS

Answer 21

Infrastructure as a Service (IaaS) provides hardware resources via the cloud. It can help an organization limit the size of its hardware footprint and reduce personnel costs.

Question 22

MSP

Answer 22

A managed service provider (MSP) is a third-party vendor that provides any IT services needed by an organization, including security services. A managed security service provider (MSSP) focuses on providing security services for an organization.

Question 23

CASB

Answer 23

A cloud access security broker (CASB) is a software tool or service deployed between an organization’s network and the cloud provider. It monitors all network traffic and can enforce security policies.

Question 24

Private clouds

Answer 24

designed for use by a single organization.

Question 25

Third-party cloud vendors

Answer 25

sell access to public cloud services to anyone who wants them.

Question 26

Community clouds

Answer 26

Two or more organizations with shared concerns can share a community cloud.

Question 27

Hybrid cloud

Answer 27

A hybrid cloud is a combination of two or more cloud deployment models. Multi-cloud systems combine the resources from two or more cloud service providers. Cloud-based DLP systems can enforce security policies for any data stored in the cloud.

Question 28

Next-generation secure web gateway

Answer 28

provides proxy services for traffic from clients to Internet sites. It can filter URLs and scan for malware.

Question 29

Common cloud security considerations

Answer 29

include availability, resilience, cost, responsiveness, scalability, and segmentation.

Question 30

On-premises vs off-premises deployments

Answer 30

may be created using a centralized approach, with a small number of physical locations, or a decentralized approach, with many physical locations. Off-premises solutions make use of cloud service providers.

Question 31

IaC

Answer 31

Infrastructure as code (IaC) refers to managing and provisioning data centers with code to define VMs and virtual networks.

Question 32

SDN

Answer 32

Software-defined networks (SDN) use virtualization technologies to route traffic instead of using hardware routers and switches.

Question 33

COPE

Answer 33

Corporate-owned, personally enabled (COPE) mobile devices are owned by the organization, but employees can use them for personal reasons.

Question 34

BYOD vs CYOD

Answer 34

Bring your own device (BYOD) policies allow employees to connect their mobile devices to the organization’s network. Choose your own device (CYOD) policies include a list of acceptable devices and allow employees who own one of these devices to connect them to the network.

Question 35

VDI

Answer 35

A virtual desktop infrastructure (VDI) is a virtual desktop, and these can be created so that users can access them from a mobile device.

Question 36

MDM

Answer 36

Mobile device management (MDM) tools help ensure that devices meet minimum security requirements. They can monitor devices, enforce security policies, and block network access if devices do not meet these requirements. MDM tools can restrict applications on devices, segment and encrypt data, enforce strong authentication methods, and implement security methods such as screen locks and remote wipe. Containerization is useful when using the BYOD model.

Question 37

Screen lock

Answer 37

like a password-protected screen saver on desktop systems that automatically locks the device after some time.

Question 38

Remote wipe signal

Answer 38

removes all the data from a lost phone.

Question 39

Geolocation

Answer 39

uses Global Positioning System (GPS) to identify a device’s location. Geofencing uses GPS to create a virtual fence or geographic boundary. Organizations use geofencing to enable access to services or devices within the boundary and block access outside the boundary.

Question 40

Geotagging

Answer 40

uses GPS to add geographical information to files (such as pictures) when posting them on social media sites.

Question 41

Third-party app store

Answer 41

something other than the primary store for a mobile device. Apple’s App Store is the primary store for Apple devices. Google Play is a primary store for Android devices.

Question 42

Jailbreaking

Answer 42

removes all software restrictions on Apple devices, and rooting provides users with root-level access to an Android device. Custom firmware can also root an Android device. MDM tools block network access for jailbroken or rooted devices.

Question 43

Sideloading

Answer 43

the process of copying an application to an Android device instead of installing it from an online store. Tethering allows one mobile device to share its Internet connection with other devices. Wi-Fi Direct allows you to connect devices together without a wireless router.

Question 44

Embedded system

Answer 44

any device that has a dedicated function and uses a computer system to perform that function. A security challenge with embedded systems is keeping them up to date.Embedded systems include smart devices sometimes called the Internet of Things (IoT), such as wearable technology and home automation devices.

Question 45

IoT

Answer 45

Internet of Things (IoT) devices interact with the physical world. They commonly have embedded systems and typically communicate via the Internet, Bluetooth, or other wireless technologies.

Question 46

SCADA & ICS

Answer 46

A supervisory control and data acquisition (SCADA) system controls an industrial control system (ICS). The ICS is used in large facilities such as power plants or water treatment facilities. SCADA and ICS systems are typically in isolated networks without access to the Internet and are often protected by network intrusion prevention systems.

Question 47

SoC

Answer 47

A system on a chip (SoC) is an integrated circuit that includes a full computing system.

Question 48

RTOS

Answer 48

A real-time operating system (RTOS) is an operating system that reacts to input within a specific time.

Question 49

Constraints of embedded systems

Answer 49

The major constraints associated with embedded systems include computing limitations, cryptographic limitations, power limitations, ease of deployment, cost and the inability to patch/patch availability.