Securing Host and Data Flashcards
Your organization wants to reduce threats from zero day vulnerabilities. Of the following choices, what provides the best solution?
A. Opening ports on a server’s firewall
B. Disabling unnecessary services
C. Keep systems up to date with current patches D. Keep systems up to date with current service packs
B. Disabling unnecessary services helps reduce threats, including threats from zero day vulnerabilities. It also reduces the threat from open ports on a firewall if the associated services are disabled, but opening ports won’t reduce threats. Keeping systems up to date with patches and service packs protects against known vulnerabilities and is certainly a good practice. However, by definition there aren’t any patches or service packs available for zero day vulnerabilities.
Of the following choices, what could you use to deploy baseline security configurations to multiple systems?
A. IDS
B. Security template
C. Change management
D. Performance baseline
B. You can use security templates to deploy baseline security configurations to multiple systems. An IDS can detect malicious activity after it occurs. A performance baseline identifies the overall performance of a system at a point in time. A change management system helps ensure that changes don’t result in unintended outages through a change, and includes the ability to document changes.
An administrator wants to prevent users from installing software. Of the following choices, what is the easiest way to accomplish this?
A. Manually remove administrative rights
B. Implement port scanners
C. Use a security template
D. Implement a job rotation policy
C. You can use a security template to restrict user rights and control group membership so that users don’t have rights to install software. Manually removing administrative rights is possible, but it requires you to touch every system and isn’t as easy as using a security template. A port scanner can help determine what services and protocols are running on a remote system by identifying open ports. A job rotation policy rotates employees through different positions and can help prevent fraud.
You are troubleshooting a server that users claim is running slow. You notice that the server frequently has about twenty active SSH sessions. What can you use to determine if this is normal behavior? A. Vendor documentation B. Security template C. Baseline report D. Imaging
C. Baseline reports document normal behavior of a system, and you can compare current activity against the baseline report to determine what is different or abnormal. Vendor documentation identifies methods of locking down an operating system or application but won’t document baseline activity. You can use security templates to deploy the same security settings to multiple systems. Images include mandated security configurations but don’t show normal operation.
Your organization is considering deploying multiple servers using a standardized image. Of the following choices, what best describes the security benefit of this plan?
A. The image can include unnecessary protocols B. The image provides fault tolerance as a RAID 5 C. It eliminates Trojans
D. The image can include mandated security configurations
D. One of the benefits of an image used as a baseline is that it includes mandated security configurations to the operating system. It’s common to remove unnecessary protocols on an image, not include them. RAID provides fault tolerance and increases availability for disk drives, but a standardized image is unrelated to RAID. Trojans are a type of malware that look useful to the user but are malicious.
Management is reviewing a hardware inventory in a datacenter. They realize that many of the servers are underutilized resulting in wasted resources. What can they do to improve the situation?
A. Implement virtualization
B. Implement VM escape
C. Increase the datacenter footprint
D. Add TPMs
A. Virtualization can reduce the number of physical servers used by an organization, reduce the datacenter’s footprint, and eliminate wasted resources. VM escape is an attack run on virtual machines allowing the attacker to access and control the physical host. Virtualization decreases the datacenter’s footprint, but increasing it will result in more wasted resources. A TPM is a hardware chip that stores encryption keys and provides full disk encryption, but it doesn’t reduce wasted resources.
- What type of attack starts on a virtual system but can affect the physical host?
A. TPM
B. DLP
C. VM escape
D. VMware
C. A VM escape attack runs on a virtual system and, if successful, allows the attacker to control the physical host server and all other virtual servers on the physical server. A TPM is a hardware chip that stores encryption keys and provides full disk encryption. A DLP is a device that reduces the risk of employees e-mailing confidential information outside the organization. VMware is a popular virtualization application.
An organization is considering using virtualization in their datacenter. What benefits will this provide? (Choose all that apply.)
A. Increased footprint
B. Decreased footprint
C. Reduction in physical equipment needing security
D. Elimination of VM escape attacks
B, C. Virtualization can reduce the footprint of a datacenter, eliminate wasted resources, and result in less physical equipment needing physical security. Virtualization reduces the footprint, not increases it. Virtual systems are susceptible to VM escape attacks if they aren’t kept patched.
You have created an image for a database server that you plan to deploy to five physical servers. At the last minute, management decides to deploy these as virtual servers. What additional security steps do you need to take with these virtual images before deploying them?
A. None
B. Lock down the virtual images
C. Install virtual antivirus software
D. Install virtual patches
A. Virtual servers have the same security requirements as physical servers, so additional security steps are not required. The original image should include security settings and antivirus software, and should be up to date with current patches. Virtual servers use the same patches as physical systems and do not use virtual patches.
Of the following choices, what indicates the best method of reducing operating system vulnerabilities?
A. Whole disk encryption
B. Patch management
C. Trusted Platform Module
D. File level encryption
B. Patch management is the most efficient way to combat operating system vulnerabilities. Whole disk encryption protects the confidentiality of data on a system and is useful in mobile devices, but doesn’t directly reduce operating system vulnerabilities. A Trusted Platform Module supports whole disk encryption. File level encryption can prevent users, including administrators, from accessing specific files.
Of the following choices, what would you use in a patch management process?
A. VM escape
B. TPM
C. Penetration testing
D. Regression testing
D. Regression testing verifies that a patch has not introduced new errors. VM escape is an attack run on a virtual machine allowing the attacker to access physical host system. A TPM is a hardware chip that is included on the motherboard of many laptops, and it stores encryption keys used for full drive encryption. Penetration tests actively test security controls by attempting to exploit vulnerabilities and can cause system instability.
An organization recently suffered a significant outage due to attacks on unpatched systems. Investigation showed that administrators did not have a clear idea of when they should apply the patches. What can they do to prevent a reoccurrence of this problem?
A. Apply all patches immediately
B. Apply the missing patches on the attacked systems immediately
C. Test the patches with regression testing in a test environment mirroring the production environment
D. Create a patch management policy
D. A patch management policy defines a timeline for installing patches and can help solve this problem. Patches should be tested before applying them, instead of applying them immediately. It’s appropriate to identify missing patches on these systems and test them with regression testing, but this only solves the immediate issue and won’t prevent a reoccurrence of the problem.
Of the following choices, what best identifies the purpose of a change management program?
A. It defines the process and accounting structure for handling system modifications
B. It provides a method of defining a timeline for installing patches
C. It is a primary method of protecting against loss of confidentiality
D. It reduces the footprint of a datacenter
A. A change management system defines the process and accounting structure for system modifications. A patch management policy defines a timeline for installing patches, but change management isn’t restricted to only applying patches. Encryption and access controls protect against loss of confidentiality. Virtualization and cloud computing can reduce the footprint of a datacenter.
Your organization wants to prevent unintended outages caused from changes to systems. What could it use?
A. Patch management
B. Regression testing
C. Change management
D. Security template
C. A change management system helps prevent unintended outages from unauthorized changes and provides a method of documenting all changes. Patch management ensures that systems are up to date with current patches. Regression testing verifies that a patch has not introduced new errors. You can use security templates to deploy multiple systems using the same settings.
A file server within a network hosts files that employees throughout the company regularly access. Management wants to ensure that some personnel files on this server are not accessible by administrators. What provides the best protection?
A. Remove administrative access to the server B. Protect the files with permissions
C. Use file encryption
D. Use full disk encryption
C. File level encryption is a security control that provides an additional layer of protection and can prevent administrators from accessing specific files. Administrators need access to a server to manage and maintain it, so it’s not feasible to remove administrative access. Permissions provide access control, but an administrator can bypass permissions. Full disk encryption is appropriate for removable storage or mobile devices, but not to protect individual files on a server.