Udemy Sections 4-6: Security Applications and Devices, Mobile Device Security, and Hardening Flashcards
1
Q
Software application that protects a single computer or server from unwanted internet traffic
A
Personal firewall
AKA host-based firewall
2
Q
Which firewall is used with Windows?
A
Windows Firewall
3
Q
What do you need to type in the Start bar to find the Windows Firewall with Advanced Security?
A
wf.msc
4
Q
Which firewall is used with Mac?
A
PF (Packet Filter)
IPFW (Internet Protocol Firewall) is the older version that is no longer used
5
Q
Which firewall is used with Linux?
A
iptables
6
Q
T/F: Most antimalware software includes its own firewall
A
True
7
Q
T/F: Most small/home office routers and access points have their own hardware firewall included
A
True
8
Q
What does Stealth Mode in Apple’s GUI firewall mean?
A
Your computer will not respond to or acknowledge any attempt to ping (or otherwise test an application by using ICMP)
9
Q
Device or software application that monitors a system or network and analyzes the data passing through it in order to identify an incident or attack
A
IDS (Intrusion Detection System)
10
Q
3 types of detection methods that NIDS and HIDS use
A
Signature-based
Policy-based
Anomaly-based
11
Q
A type of IDS detection method where a specific string of bytes triggers an alert
A
Signature-based detection method
12
Q
A type of IDS detection method that relies on specific declaration of the security policy (i.e., “No Telnet Authorized”)
A
Policy-based detection method
13
Q
A type of IDS detection method that analyzes the current traffic against an established baseline and triggers an alert if outside the statistical average
A
Anomaly-based detection method
AKA statistical-based detection method
14
Q
4 types of IDS alerts
A
True positive
True negative
False positive
False negative
15
Q
T/F: IDSs can alert, log, and stop suspicious activity
A
False
IDSs cannot take action on security incidents; they only alert and log
To stop attacks, you must have an IPS
16
Q
Where does the data from IDS logs go to prevent an attacker damaging or altering the logs?
A
Syslog server
17
Q
Software that blocks external files containing JavaScript, images, or web pages from loading in a browser
A
Content filter
18
Q
Software that filters website code as it is being downloaded from the server, and removes the advertisements
A
Adblock
19
Q
A cybersecurity software or hardware solution that monitors the data of a system while in use, in transit, or at rest to detect attempts to steal the data
A
DLP (Data Loss Prevention)
20
Q
Theft or unauthorized removal or movement of any data from a device
A
Exfiltration
21
Q
Software-based client that monitors the data in use on a computer and can stop a file transfer or alert an admin of the occurrance.
Can be set to detection mode or prevention mode.
A
Endpoint DLP system
22
Q
Software or hardware-based solution that is installed on the perimeter of the network to detect data in transit, focusing on data moving out of the network to catch data that should stay in the network.
A
Network DLP system
23
Q
Software installed on servers in the datacenter to inspect the data at rest. The data should be encrypted and watermarked, and no one should be accessing it at times that they shouldn’t be.
A
Storage DLP system
24
Q
Cloud software as a service that protects data being stored in cloud services
A
Cloud DLP system
25
4 types of DLP systems
Endpoint DLP system
Network DLP system
Storage DLP system
Cloud DLP system
26
A type of firmware that provides the computer instructions for how to accept input and send output
BIOS (Basic Input Output System)
27
Updated and more robust version of BIOS
UEFI (Unified Extensible Firmware Interface)
28
Ensuring that the BIOS has the most up-to-date software on the chip
Involves removing what is currently on the chip, and replacing it with the newer, updated version
Flashing the BIOS
29
A password set on a computer that prevents anyone from logging into the BIOS changing the boot order or other settings without having that password. Should be a long, strong password.
BIOS password
30
Settings within the BIOS that enables or disables ways to boot up the hard drive
Boot order
31
5 ways to secure your BIOS
Flash the bios
Set a BIOS password
Configure the BIOS boot order
Disable unnecessary external ports and devices
Enable the secure boot option
32
A type of boot option that, upon booting, your computer verifies the public key from the TPM to ensure the code of the OS that's being loaded has been digitally signed by the manufacturer and has not been modified. Ensures that you have a protected boot process.
Secure boot
33
What should you do to protect confidentiality of the data on removable media devices?
Encrypt files
34
3 methods to encrypt files for removable media
Windows 10 Bitlocker To Go
USB thumb drive that already has encryption embedded
Removable media controls
35
Technical limitations placed on a system in regards to the utilization of USB storage devices and other removable media
Removable media controls
36
2 ways to enforce removable media controls
Technical controls in Group Policy
Administrative controls
37
Storage devices that connect directly to your organization's network
NAS (Network Attached Storage)
38
What do NAS systems implement to ensure high availability?
RAID arrays
39
A network designed specifically to perform block storage functions that may consist of NAS devices
SAN (Storage Area Network)
40
3 tips to secure a NAS
Use data encryption
Use proper authentication
Log NAS access
41
Storage device that performs whole disk encryption by using embedded hardware
Very fast, but very expensive
SED (Self-Encrypting Drive)
A type of hardware encryption
42
2 types of encryption
Hardware-based
Software-based
43
T/F: Hardware-based encryption is more commonly used than software-based
False
The opposite is true.
44
Embedded whole-disk encryption in the Mac OS is called
What encryption algorithm does it use?
FileVault
AES
45
Embedded whole-disk encryption in Windows is called
What encryption algorithm does it use?
BitLocker
AES
46
Chip residing on the motherboard that contains a hardware encryption key used by the machine's embedded whole-disk encryption.
This prevents an attacker from removing the drive from the system and reading it; it cannot be read if the drive is removed from the system because it will not have the encryption key.
TPM (Trusted Platform Module)
47
T/F: If your motherboard doesn't have a TPM, you can use an external USB drive as a key
True
But if you lose that USB, you'll never be able to access that data again
48
What type of encryption is AES? (symmetric/asymmetric)
Which encryption keys does it support?
Symmetric
128-bit and 256-bit
Considered unbreakable
49
AES stands for
Advanced Encryption Standard
50
The file-level encryption algorithm used by Windows
EFS (Encrypting File System)
51
T/F: Software-based encryption is slower than hardware-based encryption
False
The opposite is true
52
Physical devices that act as a secure cryptoprocessor during the encryption process. In other words, it acts as a hardware-based encryption device.
Usually a device that plugs in through USB or a network-attached device.
HSM (Hardware Security Module)
53
HSM stands for
Hardware Security Module
54
Used when conducting monitoring, logging, and analysis of endpoints
Endpoint analysis
55
Software capable of detecting and removing virus infections and (in most cases) other types of malware, such as worms, Trojans, rootkits, adware, spyware, password crackers, network mappers, DoS tools, and others
Antivirus (AV)
56
AV stands for
Antivirus
57
A type of IDS or IPS that monitors a computer system for unexpected behavior or drastic changes to the system's state on an endpoint
HIDS/HIPS
58
A software agent and monitoring system that performs multiple security tasks such as AV, HIDS/HIPS, firewall, DLP, and file encryption. The "swiss army knife" of security tools.
Mostly based on signature detection.
EPP (Endpoint Protection Platform)
59
EPP stands for
Endpoint Protection Platform
60
A software agent that collects system data and logs for analysis by monitoring a system to provide early detection of threats.
Mostly based on data collection and behavioral and anomaly analysis
EDR (Endpoint Detection and Response)
61
EDR stands for
Endpoint Detection and Response
62
A system that can provide automated identification of suspicious activity by user accounts and computer hosts
Mostly based on the process behavioral analysis, rather than endpoint data collection
UEBA (User and Entity Behavior Analytics)
63
UEBA stands for
User and Entity Behavior Analytics
64
T/F: UEBA solutions are heavily dependent on advanced computing techniques like AI and ML
True
65
What is Splunk?
A UEBA solution
66
ATP stands for
Advanced Threat Protection
67
AEP stands for
Advanced Endpoint Protection
68
A hybrid of EPP, EDR, and UEBA
NGAV (NextGen AV)
69
The highest level of wireless security
WPA2
70
WPA2 stands for
Wireless Protected Access version 2
71
Why is WPA2 the highest level of wireless security?
WPA2 uses the AES encryption algorithm, which is considered unbreakable as of today.
72
How are Bluetooth connections secured?
Bluetooth pairing creates a shared link key to encrypt the connection
73
T/F: Wired devices are almost always more secure than wireless ones.
True
74
When determining which Bluetooth device to purchase, which encryption algorithm should you be looking for?
AES (Advanced Encryption Standard)
75
What is the first step to securing mobile devices from mobile malware?
Third-party antivirus
76
T/F: Apple mobile devices tend to be more secure than Google devices (Android)
True.
When Apple creates a patch, it is available almost immediately.
When Google creates a patch, all of the different manufacturers (including Android) need to modify the patch to fit their OS. For this reason, patches can take a number of months before they become available to Android users.
77
T/F: You can always trust that software apps available through the official App Store or Play store are secure and safe.
False
Malware can sometimes sneak past Google's or Apple's security checks.
78
What does it mean to root a device?
It means jailbreaking the device
79
Why shouldn't you jailbreak your mobile device?
You bypass the natural protection that the system has, making you more vulnerable to attacks
80
Why shouldn't you use an Android custom firmware or custom ROM?
You're using an alternate version of the OS. When Google releases patches, it doesn't make its way to the custom firmware/ROM
81
What does ROM stand for as it relates to an Android device?
Read Only Memory
82
A file containing the executable instructions (a system image) of an Android OS and affiliated apps.
ROM (Read Only Memory)
83
SIM stands for
Subscriber Identity Module
84
Integrated circuit that securely stores the IMSI number and its related key
SIM card
85
IMSI stands for
International Mobile Subscriber Identity
86
Allows two phones to utilize the same service and allows an attacker to gain access to the phone's data. Also allows an attacker to read texts that you receive
SIM cloning
87
T/F: SIM v2 cards are much more difficult to clone
True
88
What is the main reason that attackers are after gaining your phone number?
Two-factor authentication on websites to access your accounts
89
How to ensure that attackers cannot steal your phone number
Set up a Google Voice Number.
90
What is Google Voice Number?
A phone number that is only used to call people; nobody knows what your actual phone number is behind it.
91
Sending unsolicited messages to Bluetooth-enabled devices
Bluejacking
92
Unauthorized access of information from a wireless device over a Bluetooth connection
Bluesnarfing
93
Difference between Bluejacking and Bluesnarfing?
In Bluejacking, an attacker sends information
In Bluesnarfing, an attacker takes information
94
What are the 2 default Bluetooth link keys on most devices?
0000 or 1234
95
If you must use Bluetooth, what can you do to secure your device?
Turn off Discoverable Mode
96
First step to protect your mobile device in the event of theft
Full-disk encryption
97
Websites that connect to your phone based on its data location and GPS signal
Apple - Find My iPhone
Android - Find My Phone
98
A process that can remotely lock a device. Causes a pin or password to be required before someone can use the device
Remote lock
99
Remotely erases the contents of a device to ensure the information is not recovered by the thief
Remote wipe
100
What is jailbreaking/rooting?
Removing the manufacturer's security protections so you can take it to a different wireless carrier or install third-party apps.
101
What is the difference between jailbreaking and rooting?
They are the same, but rooting is the term for Android devices
102
TLS stands for
Transport Layer Security
103
HTTPS uses what kind of encryption?
TLS
104
This security protocol puts an encryption layer and a tunnel between your device and the web server to ensure confidentiality
TLS
105
Centralized software solution that allows system admins to create and enforce policies across its mobile devices
MDM (Mobile Device Management)
106
MDM stands for
Mobile Device Management
107
Embedding of the geolocation coordinates into a piece of data (i.e. a photo)
Geotagging
108
T/F: BYOD introduces many security issues
True
109
BYOD stands for
Bring Your Own Device
110
Creating a clear separation between personal and company data on a single device
Storage segmentation
111
CYOD stands for
Choose Your Own Device
112
T/F: MDM can prevent certain applications from being installed on a device as well as use DLP systems on the device
True
113
What is the official app store for Apple devices?
What is the official app store for Google Devices?
App Store
Google Play
114
Which kind of SIM card should you be using to keep your mobile device secure against cloning?
SIM v2
115
HTTPS uses what kind of security protocol?
TLS
116
Act of configuring an OS securely by updating it, creating rules and policies to govern it, and removing unnecessary apps and services
Hardening
117
Process of configuring a workstation or server to only provide essential apps and services
Least functionality
118
SCCM stands for
Microsoft's System Center Configuration Management
119
Best practice in order to ensure work computers across an enterprise are setup with strict configuration? Prevents unnecessary applications from being installed and comes with protections.
Utilizing a secure baseline image when setting up new computers
120
A security capability that allows only applications on a list to be run by the OS while all other applications are blocked
Application allowlisting
121
A security capability where any application placed on a list will be preventing from running while all others will be permitted to run
Application blocklisting
122
The Windows filename for the list of services on your computer
services.msc
123
An OS that meets the requirements set forth by the government and has multilevel security
TOS (Trusted OS)
124
TOS stands for
Trusted Operating System
125
Which version of Windows is a TOS?
Windows 7 and newer
126
Which version of Mac is a TOS?
Mac OS X 10.6 and newer
127
What version of FreeBSD is a TOS?
TrustedBSD
128
Which Red Hat OS is a TOS?
Red Hat Enterprise Server
129
4 most popular TOSs
Windows 7 and newer
Mac OS X 10.6 and newer
FreeBSD (TrustedBSD)
Red Hat Enterprise Server
130
A single problem-fixing piece of software for an OS or app
Patch
AKA hotfix
131
Software code that is issued for a product-specific security-related vulnerability
Security update
132
Software code for a specific problem addressing a critical, non-security bug in the software
Critical update
133
A tested, cumulative grouping of patches, hotfixes, security updates, critical updates, and possibly some feature or design changes
Service pack
134
Recommended update to fix a noncritical problem that users have found, as well as to provide additional features or capabilities
Windows update
135
Updated device driver to fix a security issue or add a feature to a supported piece of hardware
Driver update
136
The filename for the Windows Update program
wuapp.exe
137
Process of planning, testing, implementing, and auditing of software patches
Patch management
138
4 steps of patch management
Planning
Testing
Implementing
Auditing
139
Filename for the Windows Update service (disabling this prevents updates from downloading automatically)
wuauserv
140
What is the auditing step in patch management?
Making sure the update was configured properly on the client's computer
141
A set of rules or policies that can be applied to a set of users or computer accounts w/in the OS
Group policy
142
What is the program name for the Group Policy Editor in Windows?
gpedit
143
A group of policies that can be loaded through one procedure
Security template
144
GPO stands for
Group Policy Objective
145
The process of measuring changes in the network, hardware, and software environment
Baselining
146
Which 2 filesystems can Windows utilize?
NTFS
FAT32
147
NTFS stands for
New Technology File System
148
The default filesystem format for Windows. More secure because it supports logging, encryption, larger partition sizes, and larger file sizes than FAT32.
NTFS
149
Which filesystem should you use for a Linux system?
ext4
150
Which filesystem should you use for a Mac?
APFS
151
How to conduct a filesystem check in Windows?
Check Disk with the System File Checker
152
How to conduct a filesystem check in Linux?
fsck
153
How to conduct a filesystem check in Mac?
First Aid in the disk utility app
154
A collection of Group Policy settings that defines what a system will look like and how it will behave for a defined group of users. It allows an administrator to create a policy and deploy it across a large number of devices in the domain or network.
GPO (Group Policy Object)
155
Difference between SED and HSM?
SED is a storage device that has built-in cryptographic processing.
HSM is a hardened, tamper-resistant hardware device that strengthens encryption practices by generating keys, encrypting and decrypting data, and creating and verifying digital signatures.
