Secure Systems Design and Deployment Flashcards
Why is physical security an essential element of a security plan?
Because employees telecommute, physical security is of lesser concern.
Physical security is not necessary with capabilities like encrypted hard drives and UEFI.
Unauthorized access to hardware and networking components can make many security controls ineffective.
Unauthorized access to hardware and networking components can make many security controls ineffective.
Physical security is an essential element of a security plan because unauthorized access to hardware and networking components can make many security controls ineffective
Which of the following is true concerning the purpose of full disk encryption and self-encrypting drives?
They significantly affect user response times during the encryption process.
They eliminate the need for physical security measures.
They protect the data even if the disk is removed from the machine.
They protect the data even if the disk is removed from the machine.
The purpose of full disk encryption (FDE) and self-encrypting drives (SEDs) is to protect the data even if the disk is removed from the machine
What is the primary purpose of the TPM?
To store encryption keys and make them inaccessible via normal software channels
To ensure platforms can run in a trusted environment
To facilitate storage of keys in the machine’s normal storage
To store encryption keys and make them inaccessible via normal software channels
The primary purpose of Trusted Platform Module (TPM) is to store encryption keys and make them inaccessible via normal software channels
Which of the following is not true about HSMs?
They are devices used to manage or store encryption keys.
Their limiting factor is performance.
They allow the use of keys without exposing them to host-based threats.
Their limiting factor is performance.
Performance is not a limiting factor for HSMs
Why is UEFI preferable to BIOS?
UEFI resides on the hardware, making it faster than BIOS.
UEFI is stored in volatile hardware storage.
UEFI has more security designed into it, including provisions for secure booting.
UEFI has more security designed into it, including provisions for secure booting.
UEFI is preferable to BIOS because it has more security designed into it, including provisions for secure booting
Secure Boot performs all of the following except:
It provides all approved drivers needed.
It enables attestation that drivers haven’t changed since they were approved.
It only allows signed drivers and OS loaders to be invoked.
It provides all approved drivers needed.
Secure Boot does not provide all drivers; rather, it ensures they are signed and unchanged
When researching the security of a device manufacturer’s supply chain, which of the following is most difficult to determine?
Once a device is ordered, the purchaser can be sure its source won’t change.
Specifications are consistent between lots.
Country of origin.
Country of origin.
The country of origin of all the device’s components
Which of the following is not true regarding hardware roots of trust?
They are secure by design.
They have very specific functionality.
They provide security only at their level, not to higher layers of a system.
They provide security only at their level, not to higher layers of a system.
Hardware roots of trust are built on the principle that if one “trusts” one layer, that layer can be used to promote security to higher layers of a system
Which of the following is true about electromagnetic interference (EMI)?
It is a well-known issue and computer systems are protected from it.
Fluorescent lights can produce EMI that can affect computer systems.
Industrial equipment doesn’t produce EMI.
Fluorescent lights can produce EMI that can affect computer systems.
Fluorescent lights can produce EMI that can affect computer systems
What is an important step in securing a host system?
Determining the correct settings and implementing them correctly
Using the operating system’s embedded options for ease of configuration
Increasing the attack surface by enabling all available settings
Determining the correct settings and implementing them correctly
An important step in securing a host system is determining the correct settings and implementing them correctly
Which of the following is a stand-alone machine, typically operating a browser on top of a Windows OS and set up to autologin to a browser instance locked to a specific website?
Workstation
Kiosk
Appliance
Kiosk
A kiosk is a stand-alone machine, typically operating a browser on top of a Windows OS and set up to autologin to a browser instance locked to a specific website
Which of the following is a more formal, larger software update that addresses many software problems, often containing enhancements or additional capabilities as well as fixes for known bugs?
Hotfix
Service pack
Patch
Patch
A patch is a more formal, larger software update that addresses many software problems, often containing enhancements or additional capabilities as well as fixes for known bugs
What is a simple way to improve system security?
Enabling all ports and services
Maintaining comprehensive access control rules
Disabling unnecessary ports and services
Disabling unnecessary ports and services
Disabling unnecessary ports and services is a simple way to improve system security
Why is the principle of least functionality important?
Manufacturer settings control known vulnerabilities.
Dynamically assigning functions reduces the attack surface.
Unnecessary functionality adds to the attack surface.
Unnecessary functionality adds to the attack surface.
The principle of least functionality is important because unnecessary or unused functions add to the attack surface
All of the following are steps in the OS hardening process except for:
Removing unnecessary applications and utilities
Disabling unneeded services
Accepting default permissions
Accepting default permissions
Accepting default permissions is not part of the OS hardening process
