Section 4: Security Applications and Devices

Question 1

What is the BIOS?

Answer 1

The Basic Input Output System (BIOS) is a type of firmware that is software on a chip. The systems way of deciding what it is going to accept as input and output.

For example: A motherboard talking to keyboard, graphics card, etc.

This is a legacy system, newer systems use UEFI

Question 2

What is the BIOS/UEFI load Order?

Answer 2

1. Boot drive or device
2. Load the machine
3. Operating System

Question 3

5 steps of Securing the BIOS/UEFI?

Answer 3

1. Flash/Update
2. Password Protect
3. Boot Order (Internal HDD and Network only)
4. Disable External Ports not in use
5. Enable Secure Boot

Question 4

How does Secure Boot work?

Answer 4

Secure Boot loads the public key from the trusted platform module (TPM) in the processor and verifies it with the operating system to ensure it has not been modified.

Question 5

What are Removable Media Controls? How can they be implemented?

Answer 5

Removable Media Controls are technical limitations placed on a system in regards to the utilization of usb storage devices.

They can be implemented by group policies such as blocking read or write access from usb or disk drive.

Administrative controls would be polices put in place as to how these devices are used.

Question 6

What is a NAS storage system?

Answer 6

Network Attached Storage (NAS) is a storage device directly attached to an organizations network. Usually in RAID array for high availability.

Question 7

What is a SAN storage system?

Answer 7

Storage Area Network (SAN) is a network designed specifically to perform block storage functions that may consist of NAS devices.

Question 8

How to secure Storage Devices? 3 steps?

Answer 8

1. Data Encryption
2. Proper Individual Level Authentication
3. Log access

Question 9

What is Encryption?

Answer 9

Encryption is the process of scrambling data into unreadable information that can only be unscrambled with a key

Question 10

What is Hardware Based Encryption and one example?

Answer 10

Hardware based encryption is the use of hardware to encrypt data on a system.

One example is a Self Encrypting Drive (SED)

Question 11

What is an SED for data?

Answer 11

Self Encrypting Drive (SED) is a storage device that performs whole disk encryption by using embedded hardware.

Question 12

What is Software Based encryption and two examples of it?

Answer 12

Software based encryption is an encryption process that uses the computers resources to encrypt information.

Two example are: FileVault on MacOS and BitLocker on Windows.

Question 13

What is AES?

Answer 13

Advanced Encryption Standard (AES) is the symmetric key encryption that support 128-bit and 256-bit keys.

considered unbreakable

Question 14

What is the downside of Whole Disk encryption?

Answer 14

Lower performance

Unless there are HSMs

Question 15

What is an HSM? Why are they not common?

Answer 15

Hardware Security Module (HSM) is a physical device that acts as a secure crypto-processor during the encryption process/Digital Singing.

They are not common because they are very expensive.

Question 16

What are Endpoints in security?

Answer 16

Endpoints are devices like computers, phones, etc used to connect to the network.

Question 17

Cybersecurity Analysts must be able to do what?

Answer 17

Cybersecurity Analysts must be able to use tools to identify behavioral anomalies and then identify the techniques used by malware to achieve privilege escalation and persistence on the host.

Question 18

Name the 5 Endpoint Security Capabilities?

Answer 18

1. Anti-Virus (AV)
2. Host Intrusion Detection/Prevention System (HIDS/HIPS)
3. Endpoint Protection Platform (EPP)
4. Endpoint Detection and Response (EDR)
5. User and Entity Behavior Analytics (EUBA)

Question 19

What is Anti-Virus in relation to endpoint security?

Answer 19

Anti-Virus (AV) is software capable of detecting and removing viruses and other malware.

Question 20

What is HIDS/HIPS in relation to endpoint security?

Answer 20

Host-based Intrusion Detection or Prevention Systems (HIDS/HIPS) is a type of intrusion detection or prevention system for unexpected behaviors or drastic changes to systems state in an endpoint.

File system detection is a type of HIDS

Question 21

What is EPP in relation to endpoint security? What task can it do?

Answer 21

Endpoint Protection Platform (EPP) is a software agent and monitoring system that perform multiple security tasks such as AV, HIDS/HIPS, DLP, Firewall, File Encryption

Question 22

What is EDR in relation to endpoint security?

Answer 22

Endpoint Detection and Response (EDR) is a software agent that collects system data and logs for analysis by a monitoring system to provide early detection of threats. This is a behavioral detection system.

Question 23

What is UEBA in relation to endpoint security?

Answer 23

User and Entity Behavioral Analytics (UEBA) is a system that can provide automatic identification of suspicion activity by user accounts and compute hosts. This generally uses Artificial Intelligence and Machine Learning.

Question 24

What is ATP/AEP/NGAV in relation to endpoint security?

Answer 24

Advanced Threat or Endpoint Protection and NextGeneration AV are a mixture of the 5 Endpoint security capabilities.