Section 4.4 Applying mitigation techniques or controls Flashcards

1
Q

Where are the approved applications listed? If an application is not listed, it cannot be launched.

A

Approved Application list

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is the list of applications deemed dangerous, such as certain offensive security tools? If the application is on this list then it can not be run.

A

Application Block List/Deny List

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is it called when a device has been infected with a virus and removed from the network?

A

Quarantining

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

With _____________, a user is authenticated and the device is checked to confirm it is patched and compliant before being granted access.

A

Network Access Control (NAC)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What can be used to block traffic and we can use either an MDM solution or group policy to change the configuration on endpoint devices?

A

Firewall Rules

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What can be used to push configuration changes to mobile devices? Can enforce device settings from password policy to blocking cameras.

A

Mobile Device Management (MDM)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What do you call policy-based protection of sensitive data, usually based on labels or patter matching? Protects data at rest or in transit, in email, Intranet, cloud drives, etc…

A

Data Loss Prevention (DLP)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Changes in attacks might require___________ on either a proxy server or a UTM firewall?

A

an update to the content filters

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Endpoints reporting a host or trust error may indicate what kind of problem?

A

A certificate problem

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

A certificate problem may require what?

A

updating a certificate that has expired or revoke a certificate because it has been compromised.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Internet-facing services need a certificate issued by who?

A

A commercial Certificate Authority

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

__________ means blocking access altogether.

A

Isolation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

_____________ endpoints are used to view classified data to isolate the endpoint from the network to protect against a network-based attack.

A

Air gapped

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

__________ eliminates all network connectivity (wired, Wi-Fi)

A

Air gap

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

The only way to add or extract data from an air gapped computer is by using?

A

A removable device

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Users entering an area for confidential meetings or to view secret research must place their phones in a what? It blocks electromagnetic signals from entering or exiting, rendering cellular signals useless.

A

Faraday Cage

17
Q

___________ is about minimizing damage and limiting the scope of an incident.

A

Containment

18
Q

If an endpoint has been compromised and may be infected by a virus, IT security will do what to stop the malware from spreading?

A

Contain it

19
Q

Containing the incident comes __________ finding the root cause and full remediation.

A

before

20
Q

In a BYOD mobile device scenario, ____________ will keep personal and business data separate? Prevents personal data from being removed in remote wipe.

A

Mobile Application Management (MAM)

21
Q

Within a private subnet, ___________ can be used to carry out segmentation and traffic filtering for sensitive applications and data? These rules could be enforced with subnets and firewalls.

A

VLAN’s

22
Q

What kind of system collects data from many other sources within the network? Provides real-time monitoring, traffic analysis, and notification of potential attacks.

A

Security Information and Event Management (SIEM)

23
Q

What kind of system provides centralized alert and response automation with threat-specific playbooks? Response may be fully automated or single-click.

A

Security Orchestration, Automation, and Response (SOAR)

24
Q

What do you call documents with information on events and the necessary actions to stop threats? Can be used to configure automated response in a playbook and documents the human analyst response steps.

A

Runbooks

25
Q

What contains a set of rules and actions to identify incidents and take preventative action? May need to be amended for better automated response as threats evolve. (This is the response automation)

A

Playbooks