Threats, Vulnerabilities, Mitigation 6 Flashcards

1
Q

What is a ACL?

A

Access Control List

  • Allow or disallow traffic
    Via: Grouping of traffic, Source/destination IP, port number etc.
  • Restrict access to network devices
    Limit by IP address or other identifier
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is an Application Allow List?

A
  • Set up rules to allow or disallow particular application in OS
  • Allow/Deny List - Black/White listing

Examples:
* Anti-virus, Anti-malware are deny lists

Decided by:
* Application path
* Hash
* Network Zone
* Signature

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is Isolation?

A
  • Seperating parts of the network or system
  • Prevent Malware to spread, limit access, or contain security breaches
  • Isolation through network segmentation
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is configuration enforcement?

A
  • Perform posture Assesments
    Every time device connects

** Extensive Checks:**
* OS patch version
* EDR
* Status of Firewall
* Certificate status

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is Decomissioning?

A
  • Process of retiring or discontinuing a system, technology equitment or infrastructure
  • Systematically shutting down, removing or phasing out these resources in a controlled and structured manner
  • Memory transer or destruction
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What are hardening techniques and which ones are there?

A

Refer to OS specific techniques to make system more secure
* Updates
* User accounts
* Network access and security
* Monitor and secure
* Encryption
* The Endpoint
* EDR
* Host-based firewall
* Open Ports and Services
* Default password changes
* Removal of unnecessary software

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Expolain hardening technique: User Accounts

A
  • Minimum password lengths and complexity
  • Limited Access
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Explain EDR

A
  • Signature Analysis, behavioural analysis, machine learning and process monitoring tool
  • Investigation of threat
    Root cause analysis
  • Respond to threats
    Isolate system, quarantine threat
    API driven
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is HIPS

A

Host-based Intrusion System
* Recognize and block known and unknown attacks
* Secure OS and application configs
* Often built into EDR

HIPS Identification:
* Signatures, heuristics, behavioural
* Buffer Overflows, regisrty updates, writing files to windows folder
* Access to non-encrypted data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly