Section 4.4 Applying mitigation techniques or controls Flashcards
Where are the approved applications listed? If an application is not listed, it cannot be launched.
Approved Application list
What is the list of applications deemed dangerous, such as certain offensive security tools? If the application is on this list then it can not be run.
Application Block List/Deny List
What is it called when a device has been infected with a virus and removed from the network?
Quarantining
With _____________, a user is authenticated and the device is checked to confirm it is patched and compliant before being granted access.
Network Access Control (NAC)
What can be used to block traffic and we can use either an MDM solution or group policy to change the configuration on endpoint devices?
Firewall Rules
What can be used to push configuration changes to mobile devices? Can enforce device settings from password policy to blocking cameras.
Mobile Device Management (MDM)
What do you call policy-based protection of sensitive data, usually based on labels or patter matching? Protects data at rest or in transit, in email, Intranet, cloud drives, etc…
Data Loss Prevention (DLP)
Changes in attacks might require___________ on either a proxy server or a UTM firewall?
an update to the content filters
Endpoints reporting a host or trust error may indicate what kind of problem?
A certificate problem
A certificate problem may require what?
updating a certificate that has expired or revoke a certificate because it has been compromised.
Internet-facing services need a certificate issued by who?
A commercial Certificate Authority
__________ means blocking access altogether.
Isolation
_____________ endpoints are used to view classified data to isolate the endpoint from the network to protect against a network-based attack.
Air gapped
__________ eliminates all network connectivity (wired, Wi-Fi)
Air gap
The only way to add or extract data from an air gapped computer is by using?
A removable device