Security+ Test Study (4.5 - 5.6) Flashcards
What is URL scanning?
Universal Resource Locator Scanning: Allowing or restricting websites based upon the site’s URL. Usually managed by URL category rather than individual URLs.
What is an agent based content filter?
To check if a device is in compliance, a software agent is usually installed onto a device before it is given out. It’s then always on and checking to see if the device is within compliance. Agent devices continuously have to be updated and are usually managed from a single console, but the local agent makes the filtering decisions.
What is a proxy content filter?
A user makes a request for a web page, and the request travels through a proxy. The proxy asks the internet for the web page, and the internet gives the web page to the proxy. The proxy then decides whether or not to give the web page to the user based upon the filtering rules set up inside of it.
What are block rules?
Rules that allow or deny websites or website categories. You can make your block rules be specific (by URL) or by general category (Educational, Gambling, Government, etc).
In terms of web filtering, what is reputation?
Content filters sometimes block or allow URLs based upon the website’s “reputation”, or the perceived risk of what accessing that site would be.
What is DNS filtering?
Allowing or blocking websites based upon their IP address.
What is active directory?
A database of everything on the network. Computers, user accounts, printers, file shares, etc.
What is group policy?
Security policies (what users and computers can and can’t do) set up in Active Directory.
What is SELinux?
Security Enhanced Linux. Allows a Linux administrator to assign least privilege to users.
In terms of securing protocols, what is protocol selection?
Use secure protocols that utilize encryption if at all possible. Don’t compromise on this.
In terms of securing protocols, what is port selection?
Use secure ports for your networking. HTTPS over HTTP, port 443 over port 80, for example.
What is transport method?
You may want to encrypt all of your traffic regardless of whether your ports and protocols are encrypting it or not. You can do this by utilizing a VPN concentrator at your endpoint, or using WPA3 on your wireless network.
What is DMARC?
Domain-Based Message Authentication Reporting and Conformance. An extension of SPF and DKIM. If a message sent to a third-party using DKIM or SPF does not properly validate, DMARC can give the receiver the option of what to do with these invalidated messages (Accept all, send to spam, or reject mail). Also added to DNS as a TXT record. Can be queried and reports can be made to see what type of messages you’re getting.
What is DKIM?
Domain Keys Identified Mail. Allowing your mail server to automatically digitally sign emails going out to a third-party. Validated from a TXT record in your DNS.
What is SPF?
Sender Policy Framework. A protocol that defines which email servers are authorized to send mail on the users behalf. Mail domain is added to your DNS as a TXT record.
What is a mail gateway?
A device within a screened subnet that blocks emails at the gateway and evaluates the source of inbound email messages. Device can be on-site or cloud based.
What is FIM?
File Integrity Monitoring. Some files should never change. FIMs check and make sure the files that shouldn’t be changing aren’t changing. Windows has one built in called SFC (system file checker). Linux has one called Tripwire.
What is DLP?
Data Loss Prevention. Looks for and stops running data you don’t want running on your network. If someone sends their social security number over the network, DLP stops it. Also prohibits USB access and blocks sensitive information in inbound and outbound emails, if you set it up that way.
What is an endpoint?
The device used by the user.
What is the edge?
Where the inside of the network meets the outside (the internet). Where firewalls are usually placed.
What is NAC?
Network Access Control. Rules put in place that limit a device’s access to certain types of data, either someone on the outside trying to get in, or someone inside trying to get out. Rules based on user, group, location, application, etc. Think ACLs.
What is a posture assessment?
An assessment that’s performed on a user’s own personal device and given a health check to see if it’s clean before connecting it to the network.
What is EDR?
Endpoint Detection and Response. A lightweight endpoint agent that’s like an antivirus on steroids. It takes a look at things like behavioral analysis, machine learning, and process monitoring, in addition to bad signatures and analyzes all of these things to see if they’re potential threats. Responses to threats are automated.
What is XDR?
Extended Detection and Response. EDR but it’s an Ascended Sayian.