3.3 Given a scenario, implement secure systems design. Flashcards
Full Disk Encryption
FDE - is encrypting the entire disk, rather than a specific file or folder.
TPM
Trusted platform Module - are dedicated processors that use cryptographic keys to perform a variety of tasks. Typically a chip on the motherboard, needed if you want to use Bitlocker.
On the Exam if you fully encrypted the disk, it is most likely done with ______
Bitlocker
HSM
Hardware Security Module - External TPM
Secure Boot
is a process whereby the BIOS or UEFI makes a cryptographic hash of the operating system boot loader and any boot drivers and compares that against a stored hash.
Part of hardening a system
Disabling Unnecessary Ports and Services
This is similar to least privileges, but pertains to a computer.
Least Functionality - The system itself should be configured and capable of doing only what it is intended to do and no more.
For the test, Solaris, SELinux, and SUSE Linux
the only trusted OSs.
Peripherals
things that attach to your computer - Wireless Keyboards; Mice; Displays; & Wifi-enabled MicroSD Cards, printers
What type of OS is designed for public end-user access and is locked down so that only preauthorized software products and functions are enabled?
A. Kiosk
B. Appliance
C. Workstation
D. Server
A. Kiosk
Which of the following is the BEST option in preventing an application or even malware from executing on a workstation?
A. Firewall
B. Antivirus
C. Application Whitelist
D. HIPS
C. Application Whitelist
Which of the following is MOST closely associated with BitLocker?
A. ACL
B. DOS
C. DLP
D. TPM
D. TPM
Which of the following BEST explains the use of an HSM within the company servers?
A. Thumb drives present a significant threat which is mitigated by HSM.
B. Software encryption can perform multiple functions required by HSM.
C. Data loss by removable media can be prevented with DLP.
D. Hardware encryption is faster than Software encryption.
D. Hardware encryption is faster than Software encryption.
