Implementing Host-Based Security Flashcards
You have been tasked with deploying a security solution that will monitor activity related to a specific application server. The solution must be able to detect suspicious activity and take steps to prevent the activity from continuing. What should you deploy?
NIPS
HIDS
HIPS
HIPS
A host-based intrusion prevention system (HIPS) runs on a specific host such as an application server. A HIPS can be configured to detect anomalous behavior related to that specific host and is not limited only to reporting/alerting/logging the activity; it can also be configured to take action to stop the activity, such as blocking specific types of network traffic from specific hosts
You need to implement a tool that can be configured to detect abnormal activity for a cloud-based virtual network. The solution must be configured to send alert notifications to administrators. What should you deploy?
NIDS
HSM
HIDS
NIDS
A NIDS is not specific to a host but instead analyzes network traffic from many sources to detect potentially malicious activity
Your software development team is creating a custom app that will accept customer payments. The app calls upon existing third-party APIs, where those APIs result in a unique value generated from user payment methods and that unique value is sent over the network to complete payment transactions. Which technique is taking place when payments occur using this custom app?
Tokenization
Salting
Encryption
Tokenization
Tokenization is a security technique that uses a trusted centralized service to create a digital representation of sensitive data, such as credit card information. This “token” can then be used to authorize resource access or payments without ever sending the actual origin sensitive data
Which close-range wireless system that supports “tap” payments is commonly used for debit and credit card payments with point-of-sale systems?
Wi-Fi
Bluetooth
NFC
NFC
Near Field Communication (NFC) is a wireless technology used to transfer small amounts of data between devices that are no more than approximately 10 centimeters (3.9 inches) apart. NFC is commonly used for “tap” contactless payment systems from smartphones or payment cards
You plan on working remotely while vacationing in a rural location, where traditional wired phone service and electricity are unavailable. Your mobile phone has a data connection in this location, but the signal is very weak and unacceptably slow for work purposes over the Internet. You plan on using batteries and a power generator to run electrical devices. Which network connectivity options should you consider? (Choose two.)
DSL
Cable modem
Cellular signal booster
Satellite connectivity
Cellular signal booster
Satellite connectivity
Cellular signal boosters can amplify a weak cellular signal many times to enable voice calls, texting, and mobile device data usage that otherwise may be unacceptably slow or not be possible in a rural area. Always check with the nearest cell tower provider to register your cellular signal booster. Satellite connectivity requires a satellite dish installation to transmit and receive data through a wireless satellite system and can also be used to provide Internet connectivity to rural areas or ships at sea
Your company-issued smartphone is configured to accept your fingerprint as a form of authentication. What type of authentication is this?
Context-aware
Multifactor
Biometric
Biometric
Biometric authentication uses a person’s physical characteristics for unique identification, such as through fingerprints, retinal scans, voice and speech recognition, and so on
Some of your technically proficient users have modified their company-issued Android smartphone to provide full device access in order to install apps requiring this permission. Which term best describes this scenario?
Jailbreaking
sudo
Rooting
Rooting
Rooting an Android device means allowing full privileged access to a device and its operating system, which is required by some apps and provides the user full device configuration ability. One common way of rooting a phone is to download a developer toolkit or specialized firmware flashing app; you may also require a separate USB-connected computer to complete the process. The term “rooting” came about because the Android operating system is based on the Linux operating system kernel, which uses the root account as the fully privileged account. Users should be aware that rooting an Android device can introduce security risks (malware getting full control of the device) and may void a mobile carrier’s warranty
You are configuring a mobile device management (MDM) solution to harden employee smartphones. The devices must be configured such that:
.Device location around the world cannot be tracked.
.Sensitive data cannot be viewed by unauthorized parties.
.Device configuration and data can be removed when devices are lost or stolen.
.Corporate apps and data are isolated from personal apps and data.
What do you need to do?
Disable GPS, enable full device hashing, enable remote wipe, and run apps in Docker containers.
Disable GPS enable full device encryption, enable remote wipe, and configure containerization.
Disable Bluetooth, enable full device encryption, enable remote access, and configure containerization.
Disable GPS enable full device encryption, enable remote wipe, and configure containerization.
Disabling a global positioning system (GPS) on a mobile device, which is often used for device tracking, geolocation media tagging, and limiting location-based app usage with geolocation, prevents the device location from being tracked through GPS, although device tracking is still possible with cell-tower triangulation within a locality. Protecting sensitive data from unauthorized parties can be achieved with full device encryption. Remote wipe enables mobile device administrators to erase the device remotely over the network if the device is lost or stolen. Mobile device containerization separates work and personal apps, settings, and data for security purposes, including remote wiping of only the corporate container (partition). Mobile device administrators can also harden devices by enabling settings such as timeout screen locking, or disabling unneeded functionality provided by cameras, microphones, Bluetooth connectivity, and so on
After sensitive data is leaked from within your organization, you decide to implement security solutions on all desktop computers that will ensure that sensitive documents are shared only with authorized parties. Desktop computers must also be protected from malicious code and must block network traffic not initiated by the desktop itself. Which of the following solutions will best address these concerns?
DLP, full disk backup, firewall
Anti-malware, disk encryption using TPM, firewall
DLP, anti-malware, firewall
DLP, anti-malware, firewall
Data loss prevention (DLP) software solutions can reduce the potential of intentional and unintentional sensitive data leaks, such as preventing the forwarding of confidential data to e-mail addresses outside the organization. Anti-malware, if kept up-to-date, can help protect devices from malicious code. A desktop computer with a host-based firewall configured can allow or block network traffic to or from that computer. Next-generation firewalls take this a step further by inspecting all details in the transmissions
Users in your company use a web browser on their tablets to access their cloud-hosted Windows desktop and applications remotely. Which term best encompasses this scenario?
TPM
VDI
HSM
VDI
Virtual Desktop Infrastructure (VDI) provides remote desktop and apps access from any type of device, even if only a web browser is used
Users complain that as they are travelling on a commuter train to and from work, they are unable to access e-mail and cloud-based files on their laptops. However, they are able to read e-mail messages on their company-issued smartphones. Cloud-based files can be edited only using specialized software installed on laptops. The train does not offer Wi-Fi Internet connectivity. Users must have access to e-mail and cloud-based files during their commute while minimizing costs and inconvenience. What should you do?
Teach users how to sideload applications.
Teach users how to enable GPS tagging.
Teach users how to enable smartphone tethering.
Teach users how to enable smartphone tethering.
Smartphone tethering enables you to connect other devices, such as laptops lacking cellular connectivity, to a smartphone Internet connection through the smartphone’s data services. Tethering can be done wirelessly between the smartphone and the laptop, or through a USB cable
You are traveling on a bus with a colleague, and you both have your laptops. You need to share files with each other during the trip with a minimum of inconvenience and minimal cost. The bus does not offer Wi-Fi connectivity. What should you do?
Copy the files to external USB storage media.
Copy the files to a MicroSD HSM.
Enable Wi-Fi Direct.
Enable Wi-Fi Direct.
Desktop, laptop, and mobile devices can be quickly linked together wirelessly for transferring files using Wi-Fi Direct, even when no Internet connection is available
Which technique should be employed when testing unfamiliar software to ensure it is benign?
Sandboxing
Push notifications
Firmware Over-The-Air updates
Sandboxing
Sandboxing uses an isolated network, host, or app environment for testing configurations, including unfamiliar software, without the risk of unintentionally harming other systems or components
Which wireless technology is commonly used for inventory control?
Wi-Fi
RFID
NFC
RFID
Radio-frequency identification (RFID) uses wireless radio frequencies to track items or animals with RFID tags attached to them, such as for inventory control and animal location tracing
Your manager has asked you to evaluate and recommend a single IT tool that can be used to manage desktops, laptops, as well as Android tablets and smartphones. What type of tool should you be looking at?
Trusted platform module
Unified end-point management
SEAndroid
Unified end-point management
A unified end-point management (UEM) solution allows for the centralized management of many types of devices and includes the functionality of mobile device management (MDM) and mobile application management (MAM) capabilities. UEM tools can deploy device configurations and apps, manage apps and security settings, and apply updates, which removes the need to work with multiple device management tools
You have been tasked with disabling the SMS text messaging multimedia message service (MMS) on user smartphones. Which type of SMS texting risk is directly mitigated with this configuration?
Injection attack
Ransomware triggered from an e-mail message file attachment
Malicious code embedded in video files
Malicious code embedded in video files
When MMS is enabled, malicious code embedded in media files could be distributed through MMS. Disabling MMS reduces this likelihood. MMS is also sometimes referred to as rich communication services (RCS)
You are evaluating IoT HVAC sensors for a commercial building. One concern is how device updates can be applied wirelessly when they are available. What should you search for in the IoT sensor documentation?
Sideloading
Firmware OTA updates
WSUS
Firmware OTA updates
Firmware Over-The-Air can be used to deliver firmware updates wirelessly to devices without requiring updates to be manually downloaded or transferred using cables
Upon entering your favorite hardware and tool store, the store app that you had previously installed welcomes you and lists that day’s sales items for that store location. You search the app for a wrench, and the app directs you within the store to the correct location of the item. What is being used in this scenario?
Firmware OTA updates
Geotagging
Geofencing
Geofencing
Geofencing uses device location tracking to present mobile device users with message when they are within a specific geographic boundary
Your organization manages valuable pharmaceutical research data. Company security policies require Android mobile device users to use cryptographic keys to protect sensitive data. The keys cannot be stored on the device itself. What type of accompanying hardware should be used for securely storing cryptographic keys?
USB On-The-Go
Secondary SIM card
MicroSD HSM
MicroSD HSM
MicroSD hardware security modules (HSMs) plug directly into mobile devices to provide cryptographic authentication and management functions
To which operating system does the term “jailbreaking” apply?
Android
iOS
Linux
iOS
Jailbreaking applies to Apple iOS devices such as the iPhone, iPad, and iPod. Like rooting an Android device, jailbreaking can be achieved with an installed app on the device, or it can be done using a USB-connected external computer to remove device restrictions, which provides the user full configuration flexibility, such as installing apps not available in the Apple App Store. Jailbreaking can void device and carrier warranties and increases the risk of device compromise due to malicious code with full device access
In which device provisioning strategy does an organization pay for and provide a mobile device to employees while allowing employees personal use of the device?
CYOD
VDI
COPE
COPE
In the corporate owned personally enabled (COPE) mobile device provisioning strategy, the organization provides mobile devices to employees for both personal and business use. The organization will often pay partial or full monthly costs related to the mobile device, and in some jurisdictions this is considered an income tax benefit to the employee
You no longer require data stored on a self-encrypting drive (SED). What is the quickest way to wipe the drive so that it can be reused, while ensuring data artifacts are not recoverable?
Overwrite all disk sectors with random data.
Overwrite all disk sectors with 0’s.
Remove and destroy SED cryptographic keys.
Remove and destroy SED cryptographic keys.
For encrypted drives, one quick method of wiping the drive is to destroy the drive decryption key, which renders all encrypted data on the drive unreadable, since the decryption key no longer exists. The drive can then be repartitioned and formatted for continued use while ensuring that the old data is not recoverable. This technique is often referred to as crypto erase
Which abilities are unique to end-point detection and response solutions in comparison to host-based packet filtering firewalls? (Choose two.)
Block incoming traffic initiated from outside the machine
Allow incoming response traffic initiated from the machine
Stop attacks in progress
Detect threats
Stop attacks in progress
Detect threats
The “response” part of end-point detection and response solution refers to the ability to stop attacks from continuing after threats have been detected
You have decided to use a different mobile network provider. Which process must be completed to use a new provider?
Containerization
Carrier unlock
Jailbreaking
Carrier unlock
Carrier unlocking enables a smartphone to be switched to a different mobile network provider. This process is often executed for free by the new carrier you are switching to
Online payment services can use your credit card while never sending the actual credit card details to merchants during payment transactions. Which technique enables this to occur?
Encryption
Salting
Tokenization
Tokenization
Tokenization is a security technique that uses a trusted centralized service to create a digital representation of sensitive data, such as credit card information. This “token” can then be used to authorize resource access or payments without ever sending the actual origin sensitive data
Which technique provides cryptographic one-way functions with randomized data in addition to the data that is to be protected?
Encryption
Hashing
Salting
Salting
Salting is a technique used to add random data to unique data prior to all of the data being fed into a one-way hashing algorithm. Linux user passwords stored in the /etc/shadow file are represented as a hash value generated from the salted user password string
You work in the IT department at a military base. The IT department has secured issued smartphones to require that users must provide not only user credentials to sign in, but they must also be present at the base. Which term best describes this scenario?
Multifactor authentication
Identity federation
Context-aware authentication
Context-aware authentication
Context-aware authentication uses not only standard identification mechanisms such as usernames and passwords, but it also uses factors such as device location, type of configuration, time of day, and so on
