Managing Apple Device Security Flashcards
Some apps install ____, or kexts—a kind of system extension that works using older methods that aren’t as secure or reliable as modern alternatives
kernel extensions
On your Mac, where can you find application permission settings for Full Disk Access, Camera access, and other privacy-related settings?
Settings > Privacy & Security
What Terminal command opens the manual for tccutil?
man tccutil
The ____ Terminal command manages the privacy database, which stores decisions the user has made about whether apps may access personal data
tccutil
TCC means Transparency, Consent, and Control
In Terminal, you can use ____ to determine the bundle identifier for an application
codesign
You can use codesign to create, check, and display code signatures and inquire into the dynamic status of signed code in macOS
What Terminal command opens the manual for codesign?
man codesign
Scenario: After typing codesign -d -r - /Applications/Webex.app to determine the bundle identifier, Cisco-Systems.Spark, what Terminal command do you type next to reset privacy settings for the said app?
tccutil reset All Cisco-Systems.Spark
Which Terminal command resets privacy settings for all applications on your Mac?
tccutil reset All
How do you remove an application’s access to the camera in the Privacy section of Privacy & Security settings?
A. Click the application from the list in Camera settings and click the minus button.
B. Turn off the application from the Camera settings list.
C. Click the application and click Disable Camera Access.
D. Enter an administrator account password, then delete the application from Camera settings.
B. Turn off the application from the Camera settings list.
You turn off applications to remove their access.
What do privacy settings help users do?
A. Prevent unauthorized applications from opening
B. Control what applications can or can’t do with a Mac
C. Secure data on their disk by encrypting the contents automatically
B. Control what applications can or can’t do with a Mac
Users can update camera, microphone, and screen recording settings to control what applications can or can’t do with a Mac.
Which privacy setting allows applications to monitor input from the user’s keyboard even while they’re using other applications?
A. Accessibility
B. Automation
C. Bluetooth
D. Input Monitoring
D. Input Monitoring
Input Monitoring grants applications access to a user’s input devices
What Terminal command should you type to sign application Terminal.app with a signing identity named “authority”?
codesign -s authority Terminal.app
Which option causes codesign to replace any existing signature on the path(s) given. Without this option, existing signatures will not be replaced, and the signing operation fails.
-f
f means force
What Terminal command should you type to verify the dynamic validity of process 666
codesign –verify 666
What Terminal command should you type to display all information about Terminal.app’s code signature?
codesign –display –verbose=4 Terminal.app
-d is also display
____ is a security technology designed to help prevent potentially malicious software from modifying protected files and folders on your Mac. It restricts the root user account and limits the actions that the root user can perform on protected parts of the Mac operating system.
System Integrity Protection
System Integrity Protection includes protection for which parts of the system?
- /System
- /usr
- /bin
- /sbin
- /var
- Apps that are pre-installed with the Mac operating system
Which Paths and apps can third-party apps and installers continue to write to?
- /Applications
- /Library
- /usr/local
Apps that you download from the App Store already work with System Integrity Protection
A. True
B. False
A. True
MacOS malware defenses are structured in which three layers?
- Prevent launch or execution of malware: App Store, or Gatekeeper combined with Notarization
- Block malware from running on customer systems: Gatekeeper, Notarization, and XProtect
- Remediate malware that has executed: XProtect
____ is a malware scanning service provided by Apple. Developers who want to distribute apps for macOS outside the App Store submit their apps for scanning as part of the distribution process
Notarization
MacOS includes built-in antivirus technology called ____ for the signature-based detection and removal of malware
XProtect
Which conditions prompt XProtect to check for known malicious content?
- An app is first launched
- An app has been changed (in the file system)
- XProtect signatures are updated
MacOS includes a security technology called ____, which is designed to help ensure that only trusted software runs on a user’s Mac
Gatekeeper
Gatekeeper also requests user approval before opening downloaded software for the first time to make sure the user hasn’t been tricked into running executable code they believed to simply be a data file
____ deliver important security improvements between software updates—for example, improvements to the Safari web browser, the WebKit framework stack, or other critical system libraries. They may also be used to mitigate some security issues more quickly, such as issues that might have been exploited or reported to exist “in the wild.”
Rapid Security Responses
Rapid Security Responses deliver important security improvements between software updates.
Where do you check if your device automatically applies Rapid Security Responses?
- iPhone or iPad: Go to Settings > General > Software Update > Automatic Updates, then make sure that “Security Responses & System Files” is turned on
- Mac: Choose Apple menu > System Settings > General > Software Update. Click the Show Detail button (i button) next to Automatic Updates, then make sure that “Install Security Responses and system files” is turned on
____ is an optional, extreme protection that’s designed for the very few individuals who, because of who they are or what they do, might be personally targeted by some of the most sophisticated digital threats
Lockdown Mode
Lockdown Mode helps protect devices against extremely rare and highly sophisticated cyber attacks.
How do you turn on Lockdown mode on your iPhone or iPad?
Settings > Privacy & Security > Lockdown Mode > Turn On Lockdown Mode
You will need to enter your device passcode
How do you turn on Lockdown mode on your Mac?
System Settings > Privacy & Security > Lockdown Mode > Turn On Lockdown Mode
How do you exclude an app or edit your excluded websites on your iPhone while in Lockdown Mode?
Settings > Privacy & Security > Lockdown Mode > Configure Web Browsing > Turn off selected apps
To edit your excluded websites, tap Excluded Safari Websites > Edit.
How do you exclude websites on your Mac while in Lockdown Mode?
(Safari)
Safari menu > Settings for [website] > deselect the Enable Lockdown Mode checkbox
To edit your excluded websites:
Safari menu > Settings > Websites > in sidebar click Lockdown Mode > From the menu next to a configured website, turn Lockdown Mode on or off
If a device is in Lockdown Mode, new configuration profiles can be installed, and the device can be enrolled in Mobile Device Management or device supervision
A. True
B. False
B. False
You can’t have both Screen Sharing and Remote Management on at the same time
A. True
B. False
A. True
On your Mac, where can you find security settings for Screen Sharing such as password or control permissions?
System Settings > General > Sharing > Screen Sharing > click Info button (i)
If you forget your login password or need to reset it, ____ won’t let you access your encrypted files
FileVault
How do you turn on FileVault on your Mac?
Settings > Privacy & Security > FileVault > Turn On >follow onscreen instructions
What should you do after you turn on FileVault?
A. Continue to use your Mac as you normally do.
B. Wait until FileVault encryption is complete.
C. Quit all applications.
D. Log out of your user account.
A. Continue to use your Mac as you normally do.
You can use your Mac normally because encryption is nearly immediate for Mac computers with Apple silicon or the T2 chip, and it proceeds safely in the background on other Mac computers.
You’ve forgotten your login password or it’s locked from too many failed attempts to log in.
What’s the alternative method to unlock FileVault and reset your password?
A. Call AppleCare to create a new account recovery key.
B. Use iCloud Account Recovery.
C. Create a new personal recovery key.
B. Use iCloud Account Recovery.
Instead of using a personal recovery key, you can set up FileVault to use your iCloud account to reset the password and access your user account and files.
