Section 04: Security Applications and Devices Flashcards

1
Q

Device or software application that monitors a system or network and analyzes the data passing through it in order to identify an incident or attack.

A

Intrusion Detection System

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Name the two varieties of IDS.

A
  • Host based intrusion detection system
  • Network based intrusion detection system
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Name the detection methods for IDS.

A
  • Signature based
  • Policy based
  • Anomaly-based
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is signature based detection.

A

The system is looking for a specific string of bytes that will trigger the alert.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is policy based detection.

A

Relies on specific declaration of the security policy.
Example: No telnet.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is anomaly-based detection.

A

Analyzes the current traffic against an established baseline and triggers an alert if outside the statistical average.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Malicious activity is identified as an attack.
a. True Positive
b. False Positive
c. False Negative
d. True Negative

A

a. True positive

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Legitimate activity is identified as legitimate traffic.
a. True Positive
b. False Positive
c. False Negative
d. True Negative

A

d. True Negative

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Legitimate activity is identified as an attack.
a. True Positive
b. False Positive
c. False Negative
d. True Negative

A

b. False Positive

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Malicious activity is identified as legitimate traffic.
a. True Positive
b. False Positive
c. False Negative
d. True Negative

A

c. False Negative

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

IDS can only _____ and ____ on suspicious activity.

A

Alert and log

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

HIDS logs are used to _______________ after an attack has occurred.

A

recreate the events

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Blocking of external files containing javascript, images, or web pages from loading in a web browser.

A

Content Filters

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is the best way to protect against threat actors who may use malicious ads.

A

Update the browser and extensions regularly.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Monitors the data of a system while in use, in transit, or at rest to detect attempts to steal the data.

A

Data Loss Prevention (DLP)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Software-based client that monitors the data in use on a computer and can stop a file transfer or alert an admin of the occurence.

A

Endpoint DLP System

17
Q

Software or hard-based solution that is installed on the permeter of the network to detect data in transit.

A

Network DLP System

18
Q

Software installed on servers in the datacenter to inspect the data at rest.

A

Storage DLP System

19
Q

Cloud software as a service that protects data being stored in cloud services.

A

Cloud DLP System

20
Q

What do computers use since they don’t have legacy bios anymore?

A

UEFI - Unified Extensible Firmware Interface

21
Q

The process of making sure BIOS is up to date. (Upgrade if available)

A

Flash the BIOS

22
Q

Name protection methods to secure BIOS?

A
  1. Flash the BIOS
  2. Use BIOS Password
  3. Configure BIOS boot order
  4. Disable external ports and devices.
  5. Enable Secure Boot
23
Q

Technical limitations placed on a system in regards to the utilization of USB storage devices and other removable media.

A

Removable media controls

24
Q

Storage device that performs whole disk encryption by using embedded hardware.

A

Self-Encrypting Drive (SED)

25
Q

Physical devices that act as a secure cryptoprocessor during the encryption process.

A

Hardware Security Module (HSM)

26
Q

A software agent and monitoring system that performs multipl security tasks such as anti-virus, HIDS/HIPS, firewall, DLP, and file encryption.

A

Endpoint Protection Platform (EPP)

27
Q

A software agent that collects system data and logs for analysis by monitoring system to provide early detection of threats.

A

Endpoint Detection and Response (EDR)

28
Q

A system that can provide automated identification of suspicious activity by user accounts and computer hosts.

A

User and Entity Behavior Analytics (UEBA)