Hardening Techniques Flashcards
What term describes removing unwanted services and features for the purpose of makin git more difficult for an attacker to attack a computer successfully?
A. Locking down
B. Reducing the attack surface
C. Hardening
D. Mitigating risk
C. Hardening
Which of the following areas are included as part of the Trusted Computer Base?
A. Hardware
B. Hardware and firmware
C. Processes and controls
D. All of the above
D. All of the above
The Hardware Security Module (HSM) and the Trusted Platform Module (TPM) provide what hardening technique?
A. Hard drive encryption
B. Trusted user authentication
C. Portable drive encryption
D. Protection against buffer overflow
A. Hard drive encryption
Which trusted OS started as a collaborative effort between the NSA and Red Hat?
A. SEAndroid
B. SELinux
C. Trusted Solaris
D. TrustedARM
B. SELinux
Which of the following will have the least effect in reducing the threat of personal portable drives being used in the organization?
A. Policy
B. User Training
C. Host-based HSM and TPM
D. Prohibiting personal portable drives in the organization
C. Host-based HSM and TPM
Which is not a trusted operating system?
A. SEAndroid
B. SELinux
C. Trusted Solaris
D. TrustedARM
D. TrustedARM
What cryptoprocessor is used to manage cryptographic keys?
A. Trusted Platform Module (TPM)
B. Hardware Security Module (HSM)
C. Self-encrypting drive (SED)
D. Unified Extensible Firmware Interface (UEFI)
B. Hardware Security Module (HSM)
What is the primary purpose of attestation services?
A. Authenticating process
B. Attesting false positives
C. Validating something as true
D. Isolating a process from attack
C. Validating something as true
Which of the following is NOT a basic attribute of trusted OS?
A. Long-term protected storage
B. Separation of user processes from supervisor processes
C. Isolation
D. Air Gap
D. Air gap
What is a primary benefit of using a standard build or standard operating systems throughout the organization?
A. Reduced cost of ownership
B. Patch management diversity
C. Increased logging
D. Smaller network footprint
A. Reduced cost of ownership
Which of the following is used with databases to generate process templates?
A. Management interface
B. Dedicated interface
C. Data interface
D. Restricted interface
C. Data interface
What standard replaced the Trusted Computers System Evaluation Criteria (TCSEC), developed to evaluate stand-alone systems?
A. Rainbow tables
B. Red teaming
C. Orange U-hardening
D. Common Criteria
D. Common Criteria
What compensating control is a form of high availability (HA)?
A. Endpoint detection and response (EDR)
B. Host-based firewall
C. Host-based intrusion detection system (HIDS)
D. Redundant hardware
D. Redundant hardware
How many evaluation assurance levels (EALs) are referenced in Common Criteria?
A. Five
B. Six
C. Seven
D. Eight
C. Seven
What term describes a hard drive that automatically initiates encryption of newly-written data?
A. Self-healing drive
B. TBD encryption
C. Self-encrypting drive
D. TPM-based encryption
C. Self-encrypting drive