Section 3.2 Host and Application Security Solutions

Question 1

Where should endpoint detection be focused?

Answer 1

Throughout the entire network

Question 2

What monitors network activity for suspicious behavior and alerts if anything is found?

Answer 2

Intrusion Detection Systems (IDS)

Question 3

What monitors network activity and attempts to deal with the issue and either disconnects suspicious connections or turn off attacked services?

Answer 3

Intrusion Prevention Systems (IPS)

Question 4

What monitors network patterns and headers of network patches?

Answer 4

Network Intrusion Detection systems (NIDS)

Question 5

What component of NIDS collect network data and sends it to the network monitor for analysis?

Answer 5

Detection Agent

Question 6

What component of NIDS takes data from the detection agent, analyzes it, and sends warning notifications?

Answer 6

Network Monitor

Question 7

What component of NIDS is used for notifications and alarms which are sent to the administrator?

Answer 7

Notification system

Question 8

IDS’s are usually located where on the network?

Answer 8

A central point

Question 9

What mode of IDS deployment analyzes all traffic?

Answer 9

In-band

Question 10

What mode of IDS deployment only analyzes some of the traffic?

Answer 10

Out-of-band

Question 11

What do you call a NIDS that uses active detection methods to take immediate steps to halt an intrusion?

Answer 11

NIPS

Question 12

What prevention system reroutes network traffic in case of network attacks and terminates suspicious network activity?

Answer 12

NIPS

Question 13

What is a disadvantage of active detection systems?

Answer 13

False positives can shut down the system

Question 14

What kind of intrusion detection takes steps to mitigate an intrusion?

Answer 14

Active Intrusion Detection

Question 15

What kind of intrusion detection typically logs the event or generates alarms?

Answer 15

Passive Intrusion Detection

Question 16

What do you call a deep-packet inspection firewall that moves beyond port/protocol inspection and blocking?

Answer 16

Next Generation Firewall

Question 17

What kind of monitoring systems contain signature databases that they use to detect attacks?

Answer 17

Signature-Based Monitoring

Question 18

What kind of monitoring systems rely on the collective knowledge of security vendors but are unable to detect new attacks that haven’t been recorded?

Answer 18

Signature-Based Monitoring

Question 19

What kind of monitoring systems use a known good baseline and looks for anomolies?

Answer 19

Behavior/Anomaly-Based Monitoring

Question 20

What kind of monitoring systems are easily and quickly adapted to the environment and can detect new variants of attacks but take time to build a baseline profile?

Answer 20

Behavior/Anomaly-Based Monitoring

Question 21

What kind of monitoring systems starts with an initial database of known attack types but changes its alert signatures based on learned behavior?

Answer 21

Heuristic-Based Monitoring

Question 22

What do you call a type of attack that has rarely or never been encountered and takes advantage of previously unknown weaknesses and vulnerabilities in a software program or operating system?

Answer 22

A zero-day attack

Question 23

What kind of monitoring systems relies on admin to create rules and determine consequences for breaking those rules?

Answer 23

Rule-based monitoring

Question 24

What kind of monitoring systems require significant manual set-up and continuous updating?

Answer 24

Rule-based monitoring

Question 25

What detection system monitors a specific host for suspicious behavior that could indicate someone is trying to break into the system?

Answer 25

Host-based Intrusion Detection System (HIDS)

Question 26

What detection system can detect an attack by a malicious user who is physically accessing the system console?

Answer 26

Host-based Intrusion Detection System (HIDS)

Question 27

What is an integrated endpoint security solution that combines: REAL-TIME continuous monitoring and collection of endpoint data with rules-based AUTOMATED RESPONSE AND ANALYSIS capabilities?

Answer 27

Endpoint Detection and Response (EDR)

Question 28

What solutions keep sensitive data from leaving a network by a USB, email, etc.?

Answer 28

Data Loss Prevention Solutions

Question 29

What solutions tag data with labels that say whether data can leave the network and how it can leave the network?

Answer 29

Data Loss Preventions

Question 30

What protects both the computers and the networks to which they connect as well as provide a first level of defense to prevent virus spreading?

Answer 30

Antivirus

Question 31

Most viruses and spyware enter a system how?

Answer 31

through email attachments and internet downloads

Question 32

What kind of firewall performs critical functions to protect a user’s host computer?

Answer 32

Host-based firewall

Question 33

What part of the host system contains the program code and instructions for starting a computer and loading the OS?

Answer 33

Basic Input/Output System

Question 34

What do you call maintaining the BIOS of of a host system?

Answer 34

Boot Integrity

Question 35

Modern systems use what to boot because it is more secure and is needed for a secure boot of the OS?

Answer 35

Unified Extensible Firmware Interface (UEFI)

Question 36

What uses an unchangeable piece of hardware that contains cryptographic function keys, and verifies that BIOS is being loaded from a known good version?

Answer 36

Hardware Root of Trust

Question 37

What do you call adding a suffix of random characters to a password before it is encrypted?

Answer 37

Salting

Question 38

What creates a ‘unique fingerprint’ for a message?

Answer 38

Hashing

Question 39

What prevents someone who gains unauthorized access to a database from being able to read the data without an encryption key?

Answer 39

Database Encryption

Question 40

What makes sure that when applications are deployed, they don’t contain security issues that can expose sensitive data?

Answer 40

Secure coding practices

Question 41

What do you call the surrounding infrastructure that supports software applications?

Answer 41

Data Center

Question 42

What manages and provisions data centers through machine readable files instead of the physical hardware?

Answer 42

Infrastructure as Code

Question 43

What do you call the small text files saved on your computer to store website data?

Answer 43

Cookies

Question 44

What kind of cookies only transmit over secure channels?

Answer 44

Secure cookies

Question 45

What disallow connections through HTTP and protects against attacks?

Answer 45

HTTP Strict Transport Security (HSTS) headers

Question 46

HTTP request and response messages have what that include various HTTP commands, directives, site referral information, and address data?

Answer 46

Headers

Question 47

What kind of analysis is conducted by executing software on a real or virtual processer to determine how the software will behave in a potentially negative environment?

Answer 47

Dynamic code analysis

Question 48

What refers to the process of coding applications to accept only certain valid input for user-entered fields?

Answer 48

Input Validation

Question 49

What determines how the software should react to error conditions and exceptions?

Answer 49

Error and Exception handling

Question 50

What recognizes specific types of command characters and parses them as simple data rather than executing the text as a command?

Answer 50

Escaping

Question 51

What do you call the use of existing source code for a new purpose, either for a new program or for a new environment?

Answer 51

Code Reuse

Question 52

What do you call saved subroutines that can be used within applications accessing databases, saving time and memory by combining the execution of several statements into one stored procedure?

Answer 52

stored procedures

Question 53

What prevents unauthorized applications from executing by checking each potential execution against a list of applications that have been granted execution rights?

Answer 53

Allow list

Question 54

What concept refers to keeping the OS and applications current through regular updates and critical software patches and removing unnecessary software services from the system?

Answer 54

Operating system hardening

Question 55

What do you call an OS that has met a set of standards such as the Common Criteria?

Answer 55

Trusted OS

Question 56

OS vendors regularly release software updates, which are often rolled into larger software packages called?

Answer 56

service packs, updates, or packages

Question 57

User interaction with external Internet users can result in viruses or Trojans being downloaded that allow what to the users computer?

Answer 57

Backdoor access

Question 58

To protect against the use of backdoor access, the network admin should do what to these programs on the main network firewall to keep them from communicating with the Internet?

Answer 58

block the service ports

Question 59

All software on the workstation should be kept current with what to remove security vulnerabilities from previous versions?

Answer 59

Most recent patches and upgrades

Question 60

What disallows the ability to execute code from memory locations that are reserved for Windows and other known to be good programs?

Answer 60

Data Execution Prevention (DEP)

Question 61

What do you call a special hardware chip that provides authentication by storing security mechanisms that are specific to that system hardware?

Answer 61

TPM

Question 62

What do you call a specialized hardware appliance used to provide onboard cryptographic functions and processing?

Answer 62

Hardware Security Module

Question 63

What should be used to secure access to the data of removable media?

Answer 63

Encryption and Authentication

Question 64

What is used to open email attachments or other high risk files in an environment that will be less harmful if they do indeed turn out to be malicious?

Answer 64

Sandboxing

Question 65

What do you use to protect hosts and applications against a wide variety of malware programs?

Answer 65

Antivirus and Anti-malware software

Question 66

What protects web applications by filtering and monitoring HTTP traffic between a web application and the internet?

Answer 66

Firewalls

Question 67

What should be used to protect the data of mobile devices?

Answer 67

passwords and encryption

Question 68

What should be used to establish a strong, secure foundation for your OS, applications, and web browsers for all your systems, including mobile devices?

Answer 68

security baselines and policies

Question 69

What should be used to make sure hackers cannot insert malformed input or command requests in application input forms?

Answer 69

Input Validation

Question 70

What should you do to special characters and command characters so that they are processed as data, not actual commands?

Answer 70

Use Escaping

Question 71

What should not be displayed in error messages?

Answer 71

filename and directory paths

Question 72

What should applications handle without crashing or providing unauthorized access?

Answer 72

exceptions

Question 73

What concepts should be used to prevent confidential data loss and interception?

Answer 73

DLP concepts

Question 74

What should be used for secure storage of encryption keys and certificates for hardware platforms?

Answer 74

TPM’s

Question 75

What are used for high-end security applications that require secure key generation and management on a separate hardware appliance?

Answer 75

HSM’s

Question 76

What can secure data in storage on a database server?

Answer 76

Database Encryption

Question 77

What is a software program designed to detect and destroy viruses and other malicious software from the system?

Answer 77

Antivirus

Question 78

What is a program that protects the system from all kinds of malware including viruses, Trojans, worms, and PUPs?

Answer 78

Antimalware

Question 78

What typically protects web applications from common attacks like XSS, CSRF, and SQL Injections?

Answer 78

Firewalls

Question 79

What kind of firewall is an application that is built into desktop operating systems, like Windows or Linux?

Answer 79

Host-based firewall

Question 80

What two types of firewalls are often used together in a layered defense?

Answer 80

Host-based and Network-based

Question 81

What do you call a boot where all components from the firmware, applications, and software are measured and information is stored on a log file?

Answer 81

Measured Boot

Question 82

In a measured boot where is the log file stored?

Answer 82

on the TPM chip on the motherboard

Question 83

What kind of boot is performed at startup where the OS checks that all of the drivers have been signed?

Answer 83

Trusted secure Boot

Question 84

What is it called where during the software integrity is confirmed during the boot process?

Answer 84

Boot attestation

Question 85

What is deemed more secure than encryption because it cannot be reversed?

Answer 85

Tokenization

Question 86

What is used to index and fetch items from a database?

Answer 86

Hashing

Question 87

What function maps data to where the actual records are held?

Answer 87

Hash function

Question 88

What renders rainbow tables ineffective?

Answer 88

Salting

Question 89

What ensures buffer overflow, integer overflow, and SQL injection attacks cannot be launched against applications and databases?

Answer 89

Input validation

Question 90

What can be stolen by attackers to carry out a session hijacking attack?

Answer 90

Secure cookies

Question 91

What can help prevent an attacker from carrying out a cross-site scripting attack through HTTP response headers?

Answer 91

HTTP Strict Transport Security headers

Question 92

What uses a certificate to digitally sign scripts and executables to verify their authenticity and to confirm they are genuine?

Answer 92

Code Signing

Question 93

What do you call it when the developer who creates software writes code in a manner that ensures that there are no bugs or flaws?

Answer 93

Secure Coding Practices

Question 94

What concepts intent is to prevent attacks such as buffer overflow or integer injection during code development?

Answer 94

Secure Coding Practices

Question 95

What do you call analysis where the code is not executed locally but is analyzed by a static code analyzer tool?

Answer 95

Static Code analysis

Question 96

What is the process of running source code inside the tool that reports any flaws or weaknesses?

Answer 96

Static code analysis

Question 97

What kind of analysis requires source code access?

Answer 97

Static code analysis

Question 98

What do you call analysis where the code is executed and fuzzing is used to inject random input into the application?

Answer 98

Dynamic code analysis

Question 99

What kind of analysis exposes flaws in an application before it is rolled out to production?

Answer 99

Dynamic code analysis

Question 100

What kind of analysis does not require source code access?

Answer 100

Dynamic code analysis

Question 101

What is it called when code is reviewed line by line to ensure that the code is well-written and error free? It tends to be tedious and time consuming,

Answer 101

Manual Code Review

Question 102

What is the hardening process of open ports and services?

Answer 102

listening ports should be restricted to those necessary, filtered to restrict traffic, and disabled entirely if unneeded. (Block through firewalls, disable by disabling underlying service)

Question 103

What is the hardening process of the registry?

Answer 103

access should be restricted, and updates should be controlled through policy where available (always make a backup first)

Question 104

What should be used to prevent unwanted access to data in a variety of circumstances?

Answer 104

Drive encryption

Question 105

What is the hardening process of the OS?

Answer 105

OS hardening can often be implemented through security baselines, applied through group policies or management tools

Question 106

What kind of device encrypts anything that is written to that drive?

Answer 106

Self-encrypting Drive

Question 107

What is used for key storage when certificates are used in Full Disk Encryption?

Answer 107

Hardware root of trust

Question 108

What verifies that the keys match before the secure boot process takes place?

Answer 108

Hardware root of trust

Question 109

What is often used as the basis for a hardware root of trust?

Answer 109

TPM

Question 110

What provides the OS with access to keys, but prevents drive removal and data access?

Answer 110

TPM