Implementing Security

Question 1

HIDS/HIPS

Answer 1

Host Based Intrusion Detection/Protection System

Question 2

MDM

Answer 2

Mobile Device Management

Question 3

EMM

Answer 3

Enterprise Mobility Management

Question 4

MAM

Answer 4

Mobile Access Management

Question 5

UEM

Answer 5

Unified Endpoint Management
Of MDM, EMM, MAM

Question 6

MicroSD HSM

Answer 6

Micro SD card form Hardware Security Module
secures mobile devices

Question 7

MSSP

Answer 7

Managed Security Service Provider

Question 8

NIST

Answer 8

National Institute for Standards and Technology

Question 9

CSA

Answer 9

Cloud Security Alliance
Prompting best practices in the cloud

Question 10

CCM

Answer 10

Cloud Controls Matrix

Developed by the CSA to help organisations understand appropriate use of cloud security controls and map then to regularity stds

Question 11

CASB

Answer 11

Cloud Access Security Broker

Software tools serving as intermediaries between service providers and users

Question 12

EDR

Answer 12

Endpoint Detection and Response

Tools combining network response and log analysis.
Look for anomalies and IoC (indicator of compromise) using automated rules and detection

Question 13

IPFIX

Answer 13

IP Flow Information Exchange
Serves as a means for transmitting traffic flow over the network (open net flow standard)

Question 14

SIPS

Answer 14

Session Initiation Protocol Secure

For communications traffic like voice and video over HTTPS

Question 15

SRTP

Answer 15

Real-Time Transport Protocol Secure

For voice and video communications

Question 16

TLS

Answer 16

Transport Layer Security

Protocol used in HTTPS, VoIP, email and instant messaging

Question 17

DMARC

Answer 17

Domain-based Message Authentication, Reporting & Conformance

For email and web traffic

Question 18

DKIM

Answer 18

Domain Keys Identified Mail

Question 19

DNSSEC

Answer 19

DNS Secure Protocol

UDP/TCP 53

Ensuring DNS is not modified or malicious using digital signatures

Question 20

FTPS

Answer 20

FTP Secure using TLS

TCP 21 in explicit mode
TCP 990 in Implicit mode

Question 21

SFTP

Answer 21

Secure FTP using SSH
TCP port 22

Question 22

HTTPS

Answer 22

TCP using TLS port 443

Question 23

IMAPS

Answer 23

Internet Mail Access Protocol Secure
Using TCP TLS port 993

Question 24

LDAPS

Answer 24

Lightweight Directory Access Protocol Secure
Using TLS on TCP port 636

Question 25

Secure POP3

Answer 25

TCP 995 using TLS

Question 26

SRTP

Answer 26

Secure Real time Transport Protocol
UDP port 5004
Designed to provide audio and video streams via networks.
Uses encryption and authentication

Question 27

SNMPv3

Answer 27

UDP ports 161,162
Authentication of message sources, integrity, validation and confidentiality via encryption.
Only authPriv level is encrypted

Question 28

IPSec

Answer 28

Suite of security protocols
AH (Authentication Header) uses hashing and shared secret key to ensure IP payload and headers are secure
ESP (Encapsulated Security Payload) in transport or tunnel mode providing integrity and authentication for the packet

Question 29

CASB

Answer 29

Cloud Access Security Broker

Enforce created policies:
Visibility,
Cimpliance,
Threat prevention
Data Security

Question 30

SWG

Answer 30

Secure Web Gateway
Examine API, JSON, storage usage, activities; instance aware

Question 31

OWASP

Answer 31

Open Web App Security Project

Provides up to date list of most recent web app concerns

Question 32

TOCTOU

Answer 32

Time of Check to Time if Use
= race condition

Question 33

Static Code Analysis (SAST)

Answer 33

Automated pre compilation of source code to identify potential vulnerabilities

Question 34

Dynamic Code Analysis (DAST)

Answer 34

Testing of apps during run time for checking decide of running state

Question 35

Software Composition Analysis (SCA)

Answer 35

Identifying open source and third party code to manage licenses and vulnerabilities

Question 36

Fuzz Testing

Answer 36

Sending random malformed Data to check error handling/memory leaks

Question 37

Continuous Integration (CI)

Answer 37

Frequently merging Code changes into a repository after which automated builds and tests are run

Question 38

Continuous Deployment (CD)

Answer 38

Automatically deploying Tested and validated code to a production environment

Question 39

Continuous delivery

Answer 39

Code changes are prepared ready to release in an automated way. A step before CD