Mitigation Techniques 2.5 Flashcards
1
Q
Patching
A
- replacement code
- Designed to correct problems or vulnerabilities.
- A way to prevent an attack.
2
Q
Encryption
A
- Securing data on another system.
- Prevent access to application data files.
3
Q
Encrypted File System (EFS)
A
- Security feature of Windows.
- Enables transparent encryption/decryption of files on the system.
4
Q
Full Disk Encryption (FDE)
A
- Encrypting an entire disk
- Protects all the contents in the container.
5
Q
Application Data Encryption
A
- Encryption is managed by the app.
- Stored data is protected.
6
Q
Monitoring
A
- A way to identify security events.
- Aggregrate information from devices
- Built-in or external to a device.
7
Q
Sensors
A
- Capture data and act upon it.
- Can report what is observed.
- Can use multiple readings to match a pattern and create an event.
- Act based on proscribed rules.
8
Q
Network Based Sensors
A
- Provide coverage across multiple machines.
- Limited by traffic engineering systems that packets pass them.
- Analysis is limited in their ability to make precise decisions on content.
9
Q
Host-Based Sensors
A
- Provide more specific and accurate information in relation to what the host machine is seeing and doing.
- Limited to just that host.
10
Q
Collectors
A
- Sensors, or concentrators that combine multiple sensors.
- Collect data for processing by other systems.
11
Q
Examples of Collectors
A
- Proprietary consoles, SIEM consoles, syslog servers
12
Q
Security Information and Event Management SIEM
A
- Collects, aggregates, and applies pattern matching to the volumes of data.
- Turns the tables of data into meaningful actionable information.
- A central source of monitoring data.
13
Q
Least Privilege
A
- Giving users access to information and systems they need to perform their duties.
- Rights and permissions are set to the bare minimum.
- Limits the scope of malicious behavior.
14
Q
Configuration Enforcement
A
- Enforces the configuration of a system logging onto the network.
- Checks if the OS is up to date on firewalls, antivirus software, and other security features
15
Q
If System is Out-of-Date According to Configuration Enforcement Procedures
A
- Systems are quarantined.
- Brought to a private VLAN with limited access to bring the system up to date.
- Recheck the system after making corrections.D