Lesson 12: Implementing Host Security Solutions Flashcards
Compare and evaluate the various levels and types of platform security to conclude which option applies to a hardware Trusted Platform Module (TPM).
A. A security system that is designed to prevent a computer from being hijacked by a malicious operating system.
B. The boot metrics and operating system files are checked and signatures verified at logon.
C. Digital certificates, keys, and hashed passwords are maintained in hardware-based storage.
D. The industry standard program code that is designed to operate the essential components of a system.
C
Compare and evaluate the various levels and types of security found within a Trusted OS (TOS) to deduce which scenario is an example of a hardware Root of Trust (RoT).
A. A security system is designed to prevent a computer from being hijacked by a malicious operating system
B. The boot metrics and operating system files are checked, and signatures verified at logon.
C. Digital certificates, keys, and hashed passwords are maintained in hardware-based storage.
D. The industry standard program code that is designed to operate the essential components of a system.
B
A company security manager takes steps to increase security on Internet of Things (IoT) devices and embedded systems throughout a company’s network and office spaces. What measures can the security manager use to implement secure configurations for these systems? (Select all that apply.)
A. Isolate hosts that are using legacy versions of operating systems (OSes) from other network devices through network segmentation.
B. Use wrappers, such as Internet Protocol Security (IPSec) for embedded systems’ data in transit.
C. Increase network connectivity for embedded systems so they receive regular updates.
D. Maintain vendor-specific software configuration on Internet of Things (IoT) devices that users operate at home and in the office.
A,B
Compare the features of static and dynamic computing environments and then select the accurate statements. (Select all that apply.)
A. Embedded systems are typically static computing environments, while most personal computers are dynamic computing environments.
B. Dynamic computing environments are easier to update than static computing environments.
C. Dynamic computing environments give less control to users than static computing environments.
D. Dynamic computing environments are easier to secure than static computing environments.
A,B
Evaluate the features and vulnerabilities found in medical devices and then select the accurate statements. (Select all that apply.)
A. Medical devices are only those devices located outside of the hospital setting, including defibrillators and insulin pumps.
B. Attackers may attempt to gain access in order to kill or injure patients, or hold medical units ransom.
C. Medical devices are updated regularly to secure them against vulnerabilities and protect patient safety.
D. Many portable devices, such as cardiac monitors and insulin pumps, run on unsupported operating systems.
B,D
Select the options that can be configured by Group Policy Objects (GPOs). (Select all that apply.)
A. Registry settings
B. Code signing
C. Software deployment
D. Baseline deviation
A,C
Examine the differences between general purpose personal computer hosts and embedded systems and select the true statements regarding embedded system constraints. (Select all that apply.)
A. Many embedded systems work on battery power, so they cannot require significant processing overhead.
B. Many embedded systems rely on a root of trust established at the hardware level by a trusted platform module (TPM).
C. Embedded systems often use the system on chip (SoC) design to save space and increase power efficiency.
D. Most embedded systems are based on a common but customizable design, such as Raspberry Pi or Arduino.
A,C
A system administrator has received new systems to deploy within a work center. Which of the following should the system administrator implement to ensure proper hardening without impacting functionality? (Select all that apply.)
A. Remove all third-party software.
B. Disable ports that allow client software to connect to applications.
C. Disable any network interfaces that are not required.
D. Disable all unused services.
C,D
A system administrator is deploying a new web server. Which hardening procedures should the administrator consider? (Select all that apply.)
A. The administrator should use SFTP to transfer files to and from the server remotely.
B. Any guest accounts that exist on the webserver should be disabled or removed.
C. The administrator should assign a digital certificate and enable the use of TLS 1.3.
D. The configuration templates contain vulnerabilities, and the administrator should not utilize them.
A,C
Evaluate approaches to applying patch management updates to select the accurate statement.
A. Operating System major release updates are known to frequently cause problems with software application compatibility.
B. Applying all patches as released is more time consuming than only applying patches as needed.
C. It is more costly to apply all patches, so most companies choose to apply patches on an as-needed basis.
D. It is best practice to install patches immediately to provide the highest level of security for workstations.
A
During a training event, an executive at a large company asks the security manager trainer why pushing automatic updates as a patch management solution is not ideal for their Enterprise network. How will the security manager most likely respond?
A. The security manager pushes updates individually, based on office hours.
B. Automatic updates can cause performance and availability issues.
C. A patch management suite is impractical for Enterprise networks.
D. Next-generation endpoint protection suites perform patch management.
B
Given knowledge of secure firmware implementation, select the statement that describes the difference between secure boot and measured boot.
A. Secure boot requires a unified extensible firmware interface (UEFI) and trusted platform module (TPM), but measured boot requires only a unified extensible firmware interface (UEFI).
B. Secure boot provisions certificates for trusted operating systems (OSes) and blocks unauthorized OSes. Measured boot stores and compares hashes of critical boot files to detect the presence of unauthorized processes.
C. Secure boot is the process of sending a signed boot log or report to a remote server, while measured boot provisions certificates for trusted operating systems (OSes) and blocks unauthorized OSes.
D. Secure boot requires a unified extensible firmware interface (UEFI) but does not require a trusted platform module (TPM). Measured boot is the mechanism by which a system sends signed boot log or report to a remote server.
B
You are asked to help design a security system. What are some methods that can be used to mitigate risks to embedded systems in such environments? (Select all that apply.)
A. Faraday cage
B. Firmware patching
C. Network Segmentation
D. Wrappers
B,C,D
Analyze the features of a Full Disk Encryption (FDE) to select the statements that accurately reflect this type of security. (Select all that apply.)
A. FDE encrypts the files that are listed as critical with one encryption key.
B. The encryption key that is used for FDE can only be stored in a TPM on the disk for security.
C. A drawback of FDE is the cryptographic operations performed by the OS reduces performance.
D. FDE requires the secure storage of the key used to encrypt the drive contents.
C,D
Contrast vendor support for products and services at the end of their life cycle. Which of the following statements describes the difference between support available during the end of life (EOL) phase and end of service life (EOSL) phase?
A. During the end of life (EOL) phase, manufacturers provide limited support, updates, and spare parts. In the end of service life (EOSL), developers or vendors no longer support the product and no longer push security updates.
B. During the end of service life (EOSL) phase, manufacturers provide limited support, updates, and spare parts. In the end of life (EOL), developers or vendors no longer support the product and no longer push security updates.
C. All vendors adhere to a policy of providing five years of mainstream support (end of life support) and five years of extended support (end of service life support), during which vendors only ship security updates.
D. A well-maintained piece of software is in its end of service life (EOSL) stage. Abandonware refers to a product during the end of life (EOL) stage, which no longer receives updates.
A
