Section 4 Security Applications and Devices

Question 1

Software applications that protect a single computer from unwanted internet traffic (Host Based Firewalls)

Answer 1

Personal Firewalls

Question 2

Every windows computer has already a software based firewall built in and available. Two types included is a basic version and a more advanced version called the Windows Firewall with advanced security.

Answer 2

Windows Firewall

Question 3

Built in software firewall for Mac users. Basic version is accessed through the system preference panel.

Answer 3

OSX (Apple’s Firewall)

Question 4

Can be configured through the command line using different accept and reject rules based upon the type of network traffic that’s expected and the part being utilized for that communication.

Answer 4

iptables (Linux Firewall)

Question 5

Device or software application that monitors a system or network and analyzes the data passing through it in order to identify an incident or attack.

Answer 5

Intrusion Detection System (IDS)

Question 6

This usually takes the form of a piece of software that’s installed on your computer or on a server and it will protect it.

Answer 6

HIDS

Question 7

A piece of hardware that is installed on your network and all the traffic that goes through the switch and then will receive a copy to be sent down the Network Intrusion Detection System.

Answer 7

NIDS

Question 8

A specific string of bytes triggers on alert.

Answer 8

Signature Based Detection

Question 9

Relies on specific declaration of the security policy.

Answer 9

Policy Based Detection

Question 10

Analyzes the current traffic against an established baseline and triggers on alert if outside the statistical average.

Answer 10

Anomaly Based Detection

Question 11

Blocking of external files containing JavaScript, images, or web pages, from loading in a browser.

Answer 11

Content Filters

Question 12

Monitors the data of a system while in use, in transit, or at rest to detect attempts to steal the data.

Answer 12

Data Loss Prevention (DLP)

Question 13

Software based client that monitors the data in use on a computer and can stop a file transfer or alert on admin of the occurence.

Answer 13

Endpoint DLP System

Question 14

Software or hardware based solution that is installed on the perimeter of the network to detect data in transit.

Answer 14

Network DLP System

Question 15

Software installed on servers in the datacenter to inspect the data at rest.

Answer 15

Storage DLP System

Question 16

Cloud software as a service that protects data being stored in cloud services.

Answer 16

Cloud DLP System

Question 17

Firmware that provides the computer instructions for how to accept input and send output.

Answer 17

Basic Input Output System (BIOS)

Question 18

Technical limitations placed on a system in regards to the utilization of USB storage devices and other removable devices.

Answer 18

Removable Media Controls

Question 19

Storage devices that connect directly to your organizations network.

Answer 19

Network Attached Storage (NAS)

Question 20

Network designed specifically to perform block storage functions that may consist of NAS devices.

Answer 20

Storage Area Network (SAN)

Question 21

Storage device that performs whole disk encryption by using embedded hardware.

Answer 21

Self Encryption Drive (SED)

Question 22

Chip residing on the motherboard that contains an encryption key.

Answer 22

Trust Platform Module (TPM)

Question 23

Symmetric key encryption that supports 128 bit and 256 bit keys.

Answer 23

Advanced Encryption Standard

Question 24

Physical devices that act as a secure crypto processor during the encryption process.

Answer 24

Hardware Security Module (HSM)

Question 25

Software capable of detecting and removing virus infections and (in most cases) other types of malware, such as worms, trojans, rootkits, adware, spyware, password crackers, network mappers, DoS tools and others.

Answer 25

Anti-Virus (AV)

Question 26

A type of IDS or IPS that monitors as computer system for unexpected behavior or drastic changes to the system’s state on an endpoint.

Answer 26

Host Based IDS/IPS (HIDS/HIPS)

Question 27

A software agent that collects system data and logs for analysis by monitoring system to provide early detection of threats.

Answer 27

Endpoint Detection and Response (EDR)

Question 28

A system that can provide automated identification of suspicious activity by user accounts and computer hosts.

Answer 28

User and Entity Behavior Analytics (UEBA)