3.2

Question 1

Endpoint Protection

Answer 1

It is the concept of extending security perimeters to the devices that are connecting to the network. Endpoint protection solutions include HIDS/HIPS, firewalls, antivirus, DLP solutions, etc.

Question 2

Antivirus

Answer 2

Antivirus attempts to identify, neutralize, or remove malicious programs, macros, and files. Signature-based looks for known signatures of malware. Heuristic-based searches for suspicious behavior from programs that allude to malware.

Question 3

Anti-Malware

Answer 3

It is a product that is designed to protect your machine from malicious software or malware.

Question 4

Endpoint Detection and Response (EDR)

Answer 4

EDR combines individual endpoint security functions into a complete package. It can include antivirus, anti-malware, software patching, firewall, and DLP solutions.

Question 5

Data loss prevention (DLP)

Answer 5

DLP serves to prevent data from leaving a network unnoticed. DLP monitoring will take whatever file activity and send the reports to a centralized system.

Question 6

Next-Generation Firewall (NGFW)

Answer 6

NGFW will actually analyze the content of the traffic that is coming through and not just the source and destination IPs or ports. The challenge is to make sure the rulesets are up-to-date and able to catch the anomalous traffic coming in.

Question 7

Host-based Intrusion Detection System (HIDS)

Answer 7

HIDS will detect undesired elements that are affecting the hosts endpoints that it is assigned to. It tailors it’s detection to the host OS.

Question 8

Host-based Intrusion Prevention System (HIPS)

Answer 8

A HIPS is able to act like a HIDS but is capable of acting on it and respond automatically to a threat condition. It detects and prevents.

Question 9

Host-based Firewall

Answer 9

These are software-based firewalls that monitor and control traffic passing and and out of a single system.

Linux has IPTables, TCP Wrapper, IPChains
Windows has Windows Defender Firewall

Question 10

Boot Integrity

Answer 10

Process of a system powering up and loading and running the correct hardware/firmware/software needed in compliance with the expected state.

Question 11

Boot Security/Unified Extensible Firmware Interface (UEFI)

Answer 11

UEFI offers Secure Boot, which only will boot signed drivers and OS loaders. It also uses attestation to ensure that these drivers and loaders haven’t been changed since approved to use.

Question 12

Measured Boot

Answer 12

Measured boot depends on the Root of Trust in starting the system, but uses hashes of the processes running to compare to known-good hashes. This is good because signatures are harder to come by.

Question 13

Boot Attestation

Answer 13

Boot attestation reports the state of a system between components and Root of Trust through digital signatures.

Question 14

Database

Answer 14

Databases can have encryption that protects against any database compromise while performance hits are negligible.

Question 15

Tokenization

Answer 15

Tokenization is substituting a value instead of the actual sensitive data to guard against disclosing that data. It is a referential integrity option.

Question 16

Salting

Answer 16

Salting is adding a random value to the end of a password before performing hashing. This will change the outcome hash even if two users have identical passwords.

Question 17

Hashing

Answer 17

Mathematical operation of reducing a data element into an outcome that is not reversible.

Question 18

Application security

Answer 18

We need application security since OSs and infrastructure software has addressed many of the vulnerabilities over the years. In-house software is much less likely to have security reviews and this means they are more likely to have vulnerabilities.

Question 19

Input Validations

Answer 19

Having comprehensive and stringent validation of inputs will help guard against any unwanted outcomes for an attacker to exploit. It will prevent many types of attacks.

Question 20

Secure Cookies

Answer 20

Cookies have an attribute that secures cookies to send the data over HTTPS and thus, encrypts the data from attackers seeing it.

Question 21

Hypertext Transfer Protocol (HTTP) Headers

Answer 21

These HTTP headers are vulnerable to risks such as protocol downgrade attacks, clickjacking, cookie hijacking and other attacks. That’s why HTTPS is better because it encrypts your data.

Question 22

Code Signing

Answer 22

Code signing is adding a digital signature to code to verify the integrity of the code and show evidence of the source of the software.

Question 23

Allow List

Answer 23

Allow lists are lists of applications that are allowed to run on a machine using hashes to verify they are not corrupted. These are easy to use on a single-purpose machine but a multi-purpose one makes these lists a lot more complex.

Question 24

Block List/Deny List

Answer 24

A block list/deny list is a list the explicitly states what applications are not allow to run on a machine. This list is easier to exploit by making minor changes to the software and thus changing the hashes.

Question 25

Secure Coding Practices

Answer 25

In order for your code to be secure, you need to have a set of standards and procedures in place that allow for the code to properly run while maintaining the highest level of security possible. input validation, proper error and handling, cross-site scripting and cross-site request forgery mitigations can all improve code.

Question 26

Static Code Analysis

Answer 26

Static Code Analysis is when code is examined without being executed. There are automated tools that will go through and analyze the code. It'll search for weaknesses and vulnerablities.

Question 27

Manual Code Review

Answer 27

It can be directed or undirected. Undirected uses a program to proof-read the code while directed is a person talking through the code so that the people watching can see if there are any issues that are present.

Question 28

Dynamic Code Analysis

Answer 28

Code analysis done while the program is running. The program is fed specific inputs to see if the program runs the desired outcomes and has no odd behaviors.

Question 29

Fuzzing

Answer 29

It is the brute force method for testing input validation issues and vulnerabilities. You want to see if you can cause a fault that is exploitable.

Question 30

Hardening

Answer 30

Only running the items necessary will improve system throughput and increase security. It'll decrease the attack surface area associated with system reduces vulnerabilities.

Question 31

Open ports

Answer 31

Any service that is not going to be used on the system should be disabled, and any unnecessary ports should be blocked by the firewall.

Question 32

Registry

Answer 32

The registry is a repository for all information related to configurations. Keeping backups of known good copies of your registry will be useful when comparing it to a later iteration that may have malicious activity.

Question 33

Disk Encryption

Answer 33

Having a disk encrypted will render it unusable without the proper keys.

Question 34

OS

Answer 34

No matter what the OS, updates and patches should be applied where and when possible. Any nonessential services and software should be disabled and/or removed. Unnecessary open ports should be blocked or closed. All users should implement strong passwords and change them on a regular basis. Access policies and permissions should be implemented based on least privilege, where appropriate. Privileged user accounts should be used only when necessary, and there should be no local administrative accounts on Windows boxes. Also, logging should be implemented. In domain-based environments, group policies should be deployed to maintain security settings.

Question 35

Patch Management

Answer 35

Making sure you keep your systems up to date. This comes in the form of hotfixes, patches, service pack, etc.

Question 36

Third-party Updates

Answer 36

Third-party vendors offer services that will automatically check for you if it becomes an issue to manage updates.

Question 37

Auto-Update

Question 38

Self-Encrypting Drive (SED)/ Full Disk Encryption (FDE)

Answer 38

SEDs and FDE offer a way to protect data on a drive in devices like laptops or other portable devices. This will make it harder for an attacker to run offline attacks at their leisure. The data stays encrypted.

Question 39

Opal

Answer 39

Opal is a hardware-based standard that does the same thing as SED/FDE. It provide shard-based encryption to mass storage devices, hard drives, SSDs, optical drives, etc. Since, it is hardware, it has better performance than the software-based SEDs/FDEs.

Question 40

Hardware Root of Trust

Answer 40

Concept that if one has trust in a source's specific security functions, this layer is then used to promote security to higher levels of a system.

Question 41

Trusted Platform Module (TPM)

Answer 41

Hardware solution on a motherboard that assists with key generation and storage as well as random number generation. This hardware is separate from the software so it makes it secure from any tampering done to the software side trying to access this TPM.

Question 42

Sandboxing

Answer 42

It is quarantining or isolating of a system from its surroundings. Can be used to test configurations, software updates, software deployment, etc.