Section 4.4 Applying mitigation techniques or controls Flashcards
Where are the approved applications listed? If an application is not listed, it cannot be launched.
Approved Application list
What is the list of applications deemed dangerous, such as certain offensive security tools? If the application is on this list then it can not be run.
Application Block List/Deny List
What is it called when a device has been infected with a virus and removed from the network?
Quarantining
With _____________, a user is authenticated and the device is checked to confirm it is patched and compliant before being granted access.
Network Access Control (NAC)
What can be used to block traffic and we can use either an MDM solution or group policy to change the configuration on endpoint devices?
Firewall Rules
What can be used to push configuration changes to mobile devices? Can enforce device settings from password policy to blocking cameras.
Mobile Device Management (MDM)
What do you call policy-based protection of sensitive data, usually based on labels or patter matching? Protects data at rest or in transit, in email, Intranet, cloud drives, etc…
Data Loss Prevention (DLP)
Changes in attacks might require___________ on either a proxy server or a UTM firewall?
an update to the content filters
Endpoints reporting a host or trust error may indicate what kind of problem?
A certificate problem
A certificate problem may require what?
updating a certificate that has expired or revoke a certificate because it has been compromised.
Internet-facing services need a certificate issued by who?
A commercial Certificate Authority
__________ means blocking access altogether.
Isolation
_____________ endpoints are used to view classified data to isolate the endpoint from the network to protect against a network-based attack.
Air gapped
__________ eliminates all network connectivity (wired, Wi-Fi)
Air gap
The only way to add or extract data from an air gapped computer is by using?
A removable device
Users entering an area for confidential meetings or to view secret research must place their phones in a what? It blocks electromagnetic signals from entering or exiting, rendering cellular signals useless.
Faraday Cage
___________ is about minimizing damage and limiting the scope of an incident.
Containment
If an endpoint has been compromised and may be infected by a virus, IT security will do what to stop the malware from spreading?
Contain it
Containing the incident comes __________ finding the root cause and full remediation.
before
In a BYOD mobile device scenario, ____________ will keep personal and business data separate? Prevents personal data from being removed in remote wipe.
Mobile Application Management (MAM)
Within a private subnet, ___________ can be used to carry out segmentation and traffic filtering for sensitive applications and data? These rules could be enforced with subnets and firewalls.
VLAN’s
What kind of system collects data from many other sources within the network? Provides real-time monitoring, traffic analysis, and notification of potential attacks.
Security Information and Event Management (SIEM)
What kind of system provides centralized alert and response automation with threat-specific playbooks? Response may be fully automated or single-click.
Security Orchestration, Automation, and Response (SOAR)
What do you call documents with information on events and the necessary actions to stop threats? Can be used to configure automated response in a playbook and documents the human analyst response steps.
Runbooks
What contains a set of rules and actions to identify incidents and take preventative action? May need to be amended for better automated response as threats evolve. (This is the response automation)
Playbooks