3.2 host or application security solutions

Question 1

EDR

Answer 1

Endpoint Detection and Response

a system that monitors and analyzes security threat information from endpoints and computer workstations.

Question 2

DLP

Answer 2

data loss prevention

detects and prevents data breaches.

Question 3

NGFW

Answer 3

next generation firewall

more powerful than traditional firewalls and have additional features

Question 4

HIDS

Answer 4

host based intrusion detection system
uses log files to identify intrusions

Question 5

HIPS

Answer 5

host based intrusion prevention system
block known attacks

Question 6

TPM

Answer 6

trusted platform module

computer chip

enforce software licenses, store passwords, certificates or encryption keys.

Question 7

ELAM

Answer 7

Early launch anti-malware (ELAM)provides protection for the computers in your network when they start up and before third-party drivers initialize.

Question 8

fuzzing

Answer 8

a quality assurance technique that detects security vulnerabilities and coding errors in software, operating systems, and networks.

It involves sending a large amount of random data, called fuzz, to the test subject to make it crash.

Question 9

static analysis

Answer 9

Static code analysis is the process of analyzing code without running it.

It can detect errors, bugs, security flaws, and quality issues.

Question 10

Hardening

Answer 10

• Open ports and services
• Registry
• Disk encryption
• OS
• Patch management
• Third-party updates
• Auto-update

Question 11

SED

Answer 11

self encrypting drive
hardware based full disk encryption
opal - SED standard

Question 12

Measured Boot

Answer 12

protects your machine from rootkits and other malware. Measured Boot will check each start up component including the firmware all the way to the boot drivers and it will store this information in what is called a Trusted Platform Module (TPM).

Question 13

dynamic code analysis

Answer 13

Dynamic code analysis is the process of analyzing code while it is running. It can measure performance, behavior, code functionality, memory leaks, and resource consumption.

Question 14

Opal

Answer 14

a set of specifications for self-encrypting drives (SEDs)

OPAL Security is a hardware-based encryption standard

Question 15

Trusted Boot

Answer 15

In the kernel | OS validation | hardware, firmware

Trusted Boot verifies the digital signature of the OS in the kernel

Question 16

Secure Boot

Answer 16

In the UEFI | software validation

only allows validated programs to run when a computer starts up