Section 04: Security Applications and Devices Flashcards
Device or software application that monitors a system or network and analyzes the data passing through it in order to identify an incident or attack.
Intrusion Detection System
Name the two varieties of IDS.
- Host based intrusion detection system
- Network based intrusion detection system
Name the detection methods for IDS.
- Signature based
- Policy based
- Anomaly-based
What is signature based detection.
The system is looking for a specific string of bytes that will trigger the alert.
What is policy based detection.
Relies on specific declaration of the security policy.
Example: No telnet.
What is anomaly-based detection.
Analyzes the current traffic against an established baseline and triggers an alert if outside the statistical average.
Malicious activity is identified as an attack.
a. True Positive
b. False Positive
c. False Negative
d. True Negative
a. True positive
Legitimate activity is identified as legitimate traffic.
a. True Positive
b. False Positive
c. False Negative
d. True Negative
d. True Negative
Legitimate activity is identified as an attack.
a. True Positive
b. False Positive
c. False Negative
d. True Negative
b. False Positive
Malicious activity is identified as legitimate traffic.
a. True Positive
b. False Positive
c. False Negative
d. True Negative
c. False Negative
IDS can only _____ and ____ on suspicious activity.
Alert and log
HIDS logs are used to _______________ after an attack has occurred.
recreate the events
Blocking of external files containing javascript, images, or web pages from loading in a web browser.
Content Filters
What is the best way to protect against threat actors who may use malicious ads.
Update the browser and extensions regularly.
Monitors the data of a system while in use, in transit, or at rest to detect attempts to steal the data.
Data Loss Prevention (DLP)
Software-based client that monitors the data in use on a computer and can stop a file transfer or alert an admin of the occurence.
Endpoint DLP System
Software or hard-based solution that is installed on the permeter of the network to detect data in transit.
Network DLP System
Software installed on servers in the datacenter to inspect the data at rest.
Storage DLP System
Cloud software as a service that protects data being stored in cloud services.
Cloud DLP System
What do computers use since they don’t have legacy bios anymore?
UEFI - Unified Extensible Firmware Interface
The process of making sure BIOS is up to date. (Upgrade if available)
Flash the BIOS
Name protection methods to secure BIOS?
- Flash the BIOS
- Use BIOS Password
- Configure BIOS boot order
- Disable external ports and devices.
- Enable Secure Boot
Technical limitations placed on a system in regards to the utilization of USB storage devices and other removable media.
Removable media controls
Storage device that performs whole disk encryption by using embedded hardware.
Self-Encrypting Drive (SED)
Physical devices that act as a secure cryptoprocessor during the encryption process.
Hardware Security Module (HSM)
A software agent and monitoring system that performs multipl security tasks such as anti-virus, HIDS/HIPS, firewall, DLP, and file encryption.
Endpoint Protection Platform (EPP)
A software agent that collects system data and logs for analysis by monitoring system to provide early detection of threats.
Endpoint Detection and Response (EDR)
A system that can provide automated identification of suspicious activity by user accounts and computer hosts.
User and Entity Behavior Analytics (UEBA)
