Lesson 10: Assess Endpoint Security Capabilities Flashcards

1
Q

Define ‘Device Hardening’

A

The practice of changing configurations to secure systems from threats by reducing the vulnerabilities attributed to default configurations.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is the role of base practice baselines in device hardening?

A

Best practice baselines provide a standard set of guidelines or checklists for configuring devices securely.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is the essential principle of best practice baselines in device hardening to reduce attack surface?

A

Principle is of least functionality; that a system should run only the protocols and services required by legitimate users and no more.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are examples of device hardening?

A

Disabling excess interfaces; Disabling unnecessary services/ports; Disk encryption; Patch management cycle.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Define ‘Baseline deviation reporting’

A

Testing the actual configuration of hosts to ensure that their configuration settings match the baseline template.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is a windows tool to test baseline deviation?

A

Microsoft Baseline Security Analyzer (MBSA)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

How does segmentation enhance a network’s security?

A

Reduces the potential impact of a cybersecurity incident by isolating systems and limiting the spread of an attack or malware infection.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Define ‘device isolation’

A

Segregating individual devices within a network to limit their interaction with other devices and systems.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is the purpose of device isolation?

A

Prevents the lateral spread of threats should a device become compromised.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Define ‘antivirus’

A

Signature based software detection and prevention.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Define ‘Full disk encryption (FDE)’

A

Encryption of all data on a disk by the OS.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Where is the key used to encrypt data stored when using Full disk encryption (FDE)?

A

Stored in a Trusted Platform Module (TPM).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Define a ‘self-encrypting drive (SED)’

A

A disk drive where the controller can automatically encrypt data that is written to it instead of relying on the OS.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is the name of the key that a self-encrypting drive (SED) uses in encrypt data?

A

Symmetric data/media encryption key (DEK/MEK) for bulk encryption

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is the name of the key that encrypts the symmetric data/media encryption key (DEK/MEK)?

A

Authentication key (AK) or Key Encryption Key (KEK).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Define an ‘authentication key (AK) or Key Encryption Key (KEK)’

A

Private key that is used to encrypt the symmetric bulk media encryption key (MEK).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

When implementing a self-encrypting drive (SED), how does a user access the encrypted data on the drive?

A

A user must authenticate with a password to decrypt the MEK and access the media.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What is used to facilitate auto-updates in Linux?

A

yum-cron or apt unattended-upgrades

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What is the purpose of testing patches before applying them to systems in production?

A

Identify potential issues or conflicts arising from the patch, ensuring that it does not introduce new vulnerabilities or disrupt critical operations; Mitigate the risk of unintended consequences.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What is a ‘endpoint detection and response (EDR)’ product?

A

Software agent that collects system data and logs for analysis to provide early detection of threats.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What is the purpose/function of endpoint detection and response (EDR)?

A

To provide real time and historical visibility into the compromise, contain the malware within a single host, and facilitate remediation of the host to its original state.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

What is the difference between ‘Extended detection and response (XDR)’ and ‘endpoint detection and response (EDR)’

A

Extends protection beyond endpoints by incorporating data from the network, cloud platforms, email gateway, firewall, and other essential infrastructure components.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Define ‘Host-based intrusion detection system (HIDS)’

A

Type of IDS that monitors a computer system for unexpected behavior or drastic changes to the system’s state.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Define ‘host-based intrusion prevention system (HIPS)’

A

Endpoint protection that can detect and prevent malicious activity via signature and heuristic pattern matching.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
What is a crucial feature of Host-based intrusion detection system (HIDS)?
file integrity monitoring (FIM)
26
Define 'file integrity monitoring (FIM)'
Software that reviews system files to ensure that they have not been tampered with.
27
Define the function of 'file integrity monitoring (FIM)'
Audits key system files to ensure they match the authorized versions.
28
What is the windows version of file integrity monitoring (FIM)?
Windows File Protection service runs automatically and the System File Checker (SFC) tool.
29
What Linux command is used to change permissions?
chmod
30
What management tool is used to automate secure baselines across an environment in windows?
Group policy management
31
What management tool is use to support access control policies in Linux?
SELinux
32
Define 'SELinux'
Security feature of CentOS and RedHat that supports access control policies and mandatory access control.
33
What is the function of SELinux?
Allows more granular permission control over every process and system object within an operating system.
34
What are key differences between securing a mobile device in comparison to a traditional desktop?
Remote wiping capabilities, encryption, and secure lock screens.
35
What is the challenge in secure a mobile device against unwanted applications?
Mobile app ecosystem includes many apps with different access permission requirements that present unique data privacy and protection challenges.
36
Define 'Bring your own device (BYOD)'
The mobile device is owned by the employee.
37
Define a 'Bring your own device (BYOD)' policy
Security framework and tools to facilitate use of personally owned devices to access corporate networks and data.
38
What are typical rules in a Bring your own device (BYOD) policy?
OS version and device capabilities
39
Define 'Corporate owned, personally enabled (COPE)'
The device is chosen and supplied by the organization and remains its property but allows personal use.
40
Define 'Mobile device management (MDM)'
Process and supporting technologies for tracking, controlling, and securing the organization's mobile infrastructure.
41
What is the purpose of implementing Mobile device management (MDM)?
To manage, secure, and enforce policies on smartphones, tablets, and other endpoints.
42
How is data protection encryption enabled on an iOS device?
Enabled automatically when you configure a password lock on the device.
43
Define 'Geolocation'
Use of network attributes to identify (or estimate) the physical position of a device.
44
What are two forms of geolocation?
1. Global Positioning System (GPS) 2. Indoor Positioning System (IPS)
45
Define 'Indoor Positioning System (IPS)'
Locates a device by triangulating its proximity to other radio sources, such as cell towers, Wi-Fi access points, and Bluetooth/RFID beacons.
46
What is the primary concern of location services/geolocation?
Privacy; Provides a mechanism to track an individual's movements, and therefore their social and business habits.
47
Define 'Geofencing'
Security control that can enforce a virtual boundary based on real-world geography.
48
Define 'GPS tagging'
Adding geographical data, such as the latitude and longitude where the device was located at the time, to media such as photographs, SMS messages, video, and so on.
49
Define a 'Personal area networks (PANs)'
A network scope that uses close-range wireless technologies (usually based on Bluetooth or NFC) to establish communications between personal devices, such as smartphones, laptops, and printers/peripheral devices.
50
Define an 'ad hoc network'
WIFI-Direct; A type of wireless network where connected devices communicate directly with each other instead of over an established medium.
51
What is the security setback with Bluetooth discovery?
Even a device in non-discoverable mode can still be detected.
52
How can authentication/authorization with Bluetooth be made more secure?
By changing the default key or passkey.
53
Define 'bluejacking'
Sending an unsolicited message using a Bluetooth connection when device authentication is not configured.
54
Define 'Bluesnarfing'
Using an exploit in Bluetooth to steal information from someone else's phone.
55
How are Bluetooth connections secured between to devices initializing pairing?
Devices exchange cryptographic keys to authenticate each other's identity and establish an encrypted communication channel.
56
What control is used to configure access for devices connected via Bluetooth?
Bluetooth generally requires user consent to connect and access specific services.
57
What Bluetooth 4.0 protocol was created to prevent eavesdropping, and on path attacks?
Bluetooth Secure Connections (BSC)
58
How does 'Bluetooth Low Energy (BLE) Privacy' protocol provide privacy?
Uses randomly generated device addresses that periodically change to prevent tracking and unauthorized identification of BLE devices.
59
Define 'Near-field communication (NFC)'
Based on RFID; Standard for two-way radio communications over very short (around four inches) distances.
60
Why is Near-field communication (NFC) insecure?
Does not provide encryption, so eavesdropping and on-path attacks are possible if the attacker can find some way of intercepting the communication and the software services are not encrypting the data.
61