Hardening Techniques Flashcards

1
Q

What term describes removing unwanted services and features for the purpose of makin git more difficult for an attacker to attack a computer successfully?
A. Locking down
B. Reducing the attack surface
C. Hardening
D. Mitigating risk

A

C. Hardening

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which of the following areas are included as part of the Trusted Computer Base?
A. Hardware
B. Hardware and firmware
C. Processes and controls
D. All of the above

A

D. All of the above

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

The Hardware Security Module (HSM) and the Trusted Platform Module (TPM) provide what hardening technique?
A. Hard drive encryption
B. Trusted user authentication
C. Portable drive encryption
D. Protection against buffer overflow

A

A. Hard drive encryption

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which trusted OS started as a collaborative effort between the NSA and Red Hat?
A. SEAndroid
B. SELinux
C. Trusted Solaris
D. TrustedARM

A

B. SELinux

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which of the following will have the least effect in reducing the threat of personal portable drives being used in the organization?
A. Policy
B. User Training
C. Host-based HSM and TPM
D. Prohibiting personal portable drives in the organization

A

C. Host-based HSM and TPM

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Which is not a trusted operating system?
A. SEAndroid
B. SELinux
C. Trusted Solaris
D. TrustedARM

A

D. TrustedARM

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What cryptoprocessor is used to manage cryptographic keys?
A. Trusted Platform Module (TPM)
B. Hardware Security Module (HSM)
C. Self-encrypting drive (SED)
D. Unified Extensible Firmware Interface (UEFI)

A

B. Hardware Security Module (HSM)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is the primary purpose of attestation services?
A. Authenticating process
B. Attesting false positives
C. Validating something as true
D. Isolating a process from attack

A

C. Validating something as true

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Which of the following is NOT a basic attribute of trusted OS?
A. Long-term protected storage
B. Separation of user processes from supervisor processes
C. Isolation
D. Air Gap

A

D. Air gap

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is a primary benefit of using a standard build or standard operating systems throughout the organization?
A. Reduced cost of ownership
B. Patch management diversity
C. Increased logging
D. Smaller network footprint

A

A. Reduced cost of ownership

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Which of the following is used with databases to generate process templates?
A. Management interface
B. Dedicated interface
C. Data interface
D. Restricted interface

A

C. Data interface

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What standard replaced the Trusted Computers System Evaluation Criteria (TCSEC), developed to evaluate stand-alone systems?
A. Rainbow tables
B. Red teaming
C. Orange U-hardening
D. Common Criteria

A

D. Common Criteria

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What compensating control is a form of high availability (HA)?
A. Endpoint detection and response (EDR)
B. Host-based firewall
C. Host-based intrusion detection system (HIDS)
D. Redundant hardware

A

D. Redundant hardware

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

How many evaluation assurance levels (EALs) are referenced in Common Criteria?
A. Five
B. Six
C. Seven
D. Eight

A

C. Seven

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What term describes a hard drive that automatically initiates encryption of newly-written data?
A. Self-healing drive
B. TBD encryption
C. Self-encrypting drive
D. TPM-based encryption

A

C. Self-encrypting drive

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What hardening technique was designed to block rootkits and other malware that could take control of BIOS-based systems and was first required in Windows 8?
A. BIOS/YUEFI
B. NS/XN
C. ASLR
D. SEDs

A

A. BIOS/UEFI

17
Q

What is the purpose of the NX (No-eXecute) bit?
A. Monitor for buffer overflow attempts
B. Perform hardware encryption during processing
C. Segregate the processor’s memory areas
D. Allow the BIOS to be protected

A

C. Segregate the processor’s memory areas

18
Q

What technology helps mitigate a variety of risks by detecting odd behavior, such as detecting an unauthorized user or a Trojaned device?
A. SED
B. TMP
C. UEBA
D. UA

A

C. UEBA

19
Q

How does ASLR protect against buffer overflow attacks?
A. Relocating the process in memory
B. Encrypting executable code
C. Randomizing portions of the code
D. Encrypting code while in memory during processing

A

C. Randomizing portions of the code

20
Q

What is the term that describes the isolation and restriction of applications in their own respective memory and drive space in the trusted OS SEAndroid?
A. Security enhanced application
B. Out-of-band application
C. Application sandboxing
D. Application isolation

A

C. Application Sandboxing