Chapter 5: Securing Hosts and Data

Question 1

What is Virtualization?

Answer 1

The creation of virtual instances of computing resources- like servers, storage, or networks, on a single physical machine using a hypervisor, improving efficiency, scalability, and isolation.

Question 2

What is a Hypervisor?

Answer 2

Software that creates and managed virtual machines by allocating hardware resources, allowing multiple OSes to run on one physical machine.

Question 3

In virtualization, what is a Host?

Answer 3

The physical machine that runs the hypervisor and provides hardware resources to virtual machines (guests).

Question 4

In virtualization, what is a Guest?

Answer 4

A virtual machine running on a host system, managed by a hypervisor, with its own OS and virtual hardware.

Question 5

What is Cloud Scalability?

Answer 5

The ability of a cloud system to handle increasing workloads by adding or upgrading resources over time (either vertically or horizontally).

Question 6

What is Cloud Elasticity?

Answer 6

The ability of a cloud system to automatically scale resources up or dowin in real-time based on workload demand.

Question 7

What is a Thin Client?

Answer 7

A minimal computer that depends on a central server for processing and storage, commonly used to access virtual desktops or applications.

Question 8

What is Virtual Desktop Infrastructure (VDI)?

Answer 8

A system that delivers desktop environments from a central server to end-user devices like thin clients, enabling remote and centralized desktop access.

Question 9

What is Containerization?

Answer 9

A lightweight virtualization method where apps and their dependencies are packed into containers that run in isolated environments, sharing the host OS kernel.

Question 10

What is VM Escape?

Answer 10

A security exploit where an attacker breaks out of a virtual machine and gains access to the host or other VMs, violating isolation.

Question 11

What is VM Sprawl?

Answer 11

A situation where unmanaged growth of virtual machines causes inefficiencies, security risks, and administrative challenges.

Question 12

What is Resource Reuse?

Answer 12

Refers to the potential for data or resources to remain on a shared infrastructure after a customer has finished using them, making them potentially accessible for other users of the cloud service.

Question 13

What benefits does Replication offer VMs?

Answer 13

Replication provides high availability, disaster recovery, fast failover, and safe environments for testing without affecting production.

Question 14

What are Snapshots?

Answer 14

A saved state of a VM at a specific point in time, used to restore the VM to that exact state later.

Question 15

What is an endpoint?

Answer 15

Computing devices such as servers, VMs, desktops, laptops, mobile devices, or IoT devices.

Question 16

What is Antivirus software?

Answer 16

Detects, prevents, and removes malware using methods like signature-based detection, heuristics, and real-time protection.

Question 17

What is Endpoint Detection and Response (EDR)?

Answer 17

Monitors endpoints for threats, analyzes behavior, and provides real-time alerts and responses.

Question 18

What is Extended Detection and Response (XDR)?

Answer 18

A unified security solution that integrated data from endpoints, networks, cloud, and more to detect and respond to threats more effectively.

Question 19

What is Host Intrusion Prevention Systems (HIPS)?

Answer 19

Endpoint software that detects and blocks malicious activity using signatures and behavior analysis.

Question 20

In the context of endpoints, what is Hardening?

Answer 20

Endpoint hardening is the process of securing devices by minimizing vulnerabilities, applying patches, disabling unnecessary services, and using security measures like encryption and access controls.

Question 21

What is Configuration Management?

Answer 21

The process of managing and maintaining consistent system settings and configurations to ensure operational effectiveness, security, and compliance.

Question 22

In configuration management, what is a Baseline?

Answer 22

A baseline in configuration management is an approved and documented set of configuration settings that serves as a reference point for future changes, ensuring system consistency and control.

Question 23

What is an Image?

Answer 23

A replica or snapshot of a system’s configuration, including the OS, applications, and settings, used for rapid system deployment or restoration.

Question 24

What is a Master Image?

Answer 24

A master image is a pre-configured, optimized base image used as a template for creating consistent, identical system configurations across multiple devices.

Question 25

What is a Secure Starting Point?

Answer 25

Refers to a baselines configuration that ensures systems are securely configured before deployment, with key security measures like encryption, access control, and patching in place.

Question 26

What are Reduced Costs in Cybersecurity?

Answer 26

Occurs when preventative measures, automation, and effective risk management minimizes the financial impact of cyber incidents, avoiding costly breaches, fines, and reputational damage.

Question 27

What is a Patch?

Answer 27

A software update that fixes vulnerabilities, corrects bugs, or adds new features to enhance security and functionality.

Question 28

What is Patch Management?

Answer 28

The process of acquiring, testing, and deploying software patches to keep systems secure and up-to-date, ensuring that vulnerabilities are mitigated.

Question 29

What is Change Management?

Answer 29

The systemic process for managing changes in IT systems to ensure that changes are made with minimal risk, disruption, and that they are properly planned and documented.

Question 30

What is an Application Allow List?

Answer 30

A security measure where only pre-approved applications are allowed to run on a system, preventing unauthorized software from executing.

Question 31

What is an Application Block List?

Answer 31

A security approach that prevents known malicious or untrusted applications from running while allowing all other applications.

Question 32

What is Full Disk Encryption (FDE)?

Answer 32

A software-based program that encrypts the entire hard drive of a device, making all data inaccessible without proper decryption credentials, even if the device is stolen.

Question 33

What is Self-Encrypting Drives (SED)?

Answer 33

A hardware-based storage device that automatically encrypts and decrypts data as it's written and read, using an onboard encryption engine.

Question 34

What is Boot Integrity?

Answer 34

Ensures that only trusted and untampered code is run during the system's startup process, protecting against unauthorized modifications at boot time.

Question 35

What is Measured Boot?

Answer 35

Conducts enough of the boot process to perform checks without allowing the user to interact with the system. If it detects that the system has lost integrity and can no longer be trusted, the system won't boot.

Question 36

What is the Basic Input/Output System (BIOS)?

Answer 36

A legacy firmware interface that initializes hardware and starts the OS using the Master Boot Record (MBR) during the boot process.

Question 37

What is the Unified Extensible Firmware Interface (UEFI)?

Answer 37

A modern firmware interface that replaces BIOS, offering enhanced booting security, faster startup, and support for larger drives.

Question 38

What is a Trusted Platform Module (TPM)?

Answer 38

A hardware chip that securely store cryptographic keys and system integrity measurements to support security features like encryption and Measured Boot.

Question 39

What is Boot Attestation?

Answer 39

A process where cryptographic measurements from the boot process are sent to a remote server to verify system integrity and trustworthiness.

Question 40

What is a Hardware Root of Trust?

Answer 40

A trusted, tamper-resistant hardware component that verifies the integrity of the system's boot process and establishes a secure foundation for system trust.

Question 41

What is Secure Boot?

Answer 41

A feature that ensures only digitally signed, trusted software runs during system startup, protecting against boot-time malware and tampering.

Question 42

What is Remote Attestation?

Answer 42

A process where a system proves to a remote verifier that its hardware and software have not been tampered with, using cryptographic boot measurements.

Question 43

What is a Hardware Security Module (HSM)?

Answer 43

A tamper-resistant device that securely manages, generates, and stores cryptographic keys and performs secure encryption operations.

Question 44

What is MicroSD HSM?

Answer 44

A compact hardware security module that fits in a MicroSD slot and securely performs cryptographic operations and stores encryption keys.

Question 45

What is Decommissioning?

Answer 45

A secure and systematic retirement of IT assets, including secure data removal and proper disposal.

Question 46

What is Legacy Hardware?

Answer 46

Outdated or unsupported hardware that remains in use, often posing security and compatibility challenges.

Question 47

What is End-of-life (EOL) Hardware?

Answer 47

Hardware that is no longer supported or maintained by the manufacturer, making it vulnerable and unsuitable for continued use.

Question 48

What is Data Exfiltration?

Answer 48

The unauthorized transfer of data from a system, often by attackers of insiders.

Question 49

What is Data Loss Prevention (DLP)?

Answer 49

A set of technologies and strategies to detect and prevent the unauthorized sharing or leakage of data.

Question 50

What is Removable Media?

Answer 50

Portable storage devices that can be connected and removed from a computer, often carrying data or malware risks.

Question 51

What is Data-in-use?

Answer 51

Data that is actively being accessed or processed in memory, and is vulnerable to attacks during that state.

Question 52

What is a Secure Enclave?

Answer 52

A hardware-isolated area for processing sensitive data securely, protecting it even if the main system is compromised.

Question 53

What is Cloud Computing?

Answer 53

The on-demand delivery of IT resources over the Internet, providing scalable and flexible services without owning physical hardware.

Question 54

What is a Cloud Delivery Model?

Answer 54

A method of delivering cloud services--SaaS, PaaS, or Iaas--based on the level of control and responsibility between provider and user.

Question 55

What is Software as a Service (SaaS)?

Answer 55

A cloud model where users access fully-managed applications over the Internet without handling the underlying infrastructure.

Question 56

What is Platform as a Service (PaaS)?

Answer 56

A cloud model that provides a platform for developers to build and deploy apps without managed the underlying hardware or OS.

Question 57

What is Serverless Computing?

Answer 57

A cloud model where the provider manages infrastructure, allowing developers to focus solely on writing and deploying code.

Question 58

What is Infrastructure as a Service (IaaS)?

Answer 58

A cloud model providing virtualized computing resources online, where users manage their own software and the provider handles hardware.

Question 59

What is a Cloud Deployment Model?

Answer 59

A strategy for deploying cloud services, such as public, private, hybrid, or community clouds, based on access and control needs.

Question 60

What is the Public Cloud?

Answer 60

A cloud environment offered by third parties to multiple users, providing scalability and ease of use.

Question 61

What is the Private Cloud?

Answer 61

A cloud environment exclusively used by one organization, providing greater control and security.

Question 62

What is the Community Cloud?

Answer 62

A cloud environment shared by multiple organizations with similar concerns, like compliance or mission objectives.

Question 63

What is the Hybrid Cloud?

Answer 63

A cloud environment that merges public and private clouds to increase flexibility and optimize workloads.

Question 64

What is Multi-Cloud Systems?

Answer 64

The use of multiple cloud service providers to enhance performance, avoid lock-in, and boost resilience.

Question 65

What is an Application Programming Interface (APIs)?

Answer 65

A set of rules and protocols that enable software applications to interact and share data.

Question 66

What are Microservices?

Answer 66

An architectural style where applications are built as a small, independent, and loosely coupled services.

Question 67

What is a Managed Security Service Provider (MSSP)?

Answer 67

A third-party provider that remotely managed and monitors an organization's cybersecurity infrastructure and operations.

Question 68

What are some services an MSSP may offer?

Answer 68

Some services may include: 24/7 security monitoring, firewalls, IDS, IPS, Threat Intelligence, Vulnerability Assessments & Penetration Testing, Incident Response, SIEM, Compliance Monitoring, and Endpoint Detection and Response (EDR).

Question 69

What is a Managed Service Provider (MSP)?

Answer 69

A third-party company that remotely manages a business's IT infrastructure, providing services like network management, tech support, updates, and backups.

Question 70

What considerations should an organization take when considering cloud security issues?

Answer 70

Availability, resilience, cost, responsiveness, scalability, and segmentation.

Question 71

In regards to cloud computing, what does on-premises mean?

Answer 71

IT infrastructure that is physically hosted and managed within an organization's own location rather than in the cloud.

Question 72

What are the benefits of having a centralized on-premises setup?

Answer 72

Easier management, better security control, reduced costs, and simplified backups and recovery.

Question 73

What are the benefits of having a decentralized on-premises setup?

Answer 73

Improved local performance, improved resilience, site autonomy, and flexibility.

Question 74

What is a Cloud Access Security Broker (CASB)?

Answer 74

Monitors and enforces security policies between cloud users and cloud services.

Question 75

What is a Cloud-based DLP?

Answer 75

Designed to detect and block unauthorized sharing or movement of sensitive data in the cloud.

Question 76

What is a Next-Generation Secure Web Gateway (SWG)?

Answer 76

A web security tool that inspects traffic for threats, enforces policies, and protects cloud-bound traffic.

Question 77

What are Cloud Firewall Security Groups?

Answer 77

Virtual firewalls that control inbound and outbound traffic to cloud resources based on rules.

Question 78

What is Infrastructure as Code (IaC)?

Answer 78

Managing and provisioning infrastructure through machine-readable code instead of manual configuration.

Question 79

What is Software-defined Networking (SDNs)?

Answer 79

A network architecture that separates the control plane from the data plane and uses a centralized controller for flexible, programmable network management.

Question 80

What is a Software-defined Wide Area Network (SDN-WAN)?

Answer 80

WAN architecture that uses software to manage and optimize network traffic across multiple connection types.

Question 81

What is Edge Computing?

Answer 81

A computing model where data is processed near the source, reducing latency and improving speed.

Question 82

What is Fog Computing?

Answer 82

A decentralized computing model that processes data between edge devices and the cloud, enhancing efficiency.

Question 83

What are mobile devices?

Answer 83

Portable computing devices such as smartphones, tablets, and laptops that connect to the Internet via wireless networks.

Question 84

What is a mobile device deployment model?

Answer 84

A framework that defines how devices are owned, controlled, and managed in an organization, impacting security and user experience.

Question 85

Explain the Corporate-Owned mobile device deployment model.

Answer 85

A device fully owned and controlled by an organization, typically used for work tasks, with all security usage policies enforced by the organization.

Question 86

Explain the Corporate-Owned, Personally Enabled (COPE) mobile device deployment model.

Answer 86

A model where the organization owns the device but allows personal use, managing and securing the device while enabling personal applications.

Question 87

Explain the Bring Your Own Device (BYOD) mobile device deployment model.

Answer 87

A model where employees use their personal devices for work, with the organization providing security guidelines while employees retain control over the device.

Question 88

Explain the Choose Your Own Device (CYOD) mobile device deployment model.

Answer 88

A model where employees select from a list of pre-approved devices provided by the organization, which manages and secure the devices.

Question 89

May you name a few methods mobile devices use to connect to networks and other devices?

Answer 89

Cellular, WiFi, and Bluetooth.

Question 90

What is Cellular?

Answer 90

Refers to mobile phone networks that enable voice calls, text messaging, and Internet access through base stations in geographic cells.

Question 91

What is Mobile Device Management (MDM)?

Answer 91

A security software that allows organizations to monitor, manage,and secure mobile devices, enforce policies, and remotely configure or wipe data.

Question 92

What is Unified Endpoint Management (UEM)?

Answer 92

A security solution that allows organizations to manage and secure all types of endpoints (like desktops, mobile devices, and IoT devices) from a single platform, ensuring consistent security and configuration.

Question 93

What are some MDM concepts that apply to mobile devices?

Answer 93

Application management, full device encryption, storage segmentation, content management, containerization, passwords/PINs, biometrics, screen locks, remote wipes, geolocation, geofencing, GPS tagging, context-aware authentication, and push notifications.

Question 94

What are Third-party app stores?

Answer 94

Unofficial app marketplaces where users can download apps not available in the official stores. They may present security risks due to unverified or malicious software.

Question 95

What is Jailbreaking?

Answer 95

The process of removing restrictions on IOS devices to gain full access to the operating system, allowing the installation of unauthorized apps and modifications.

Question 96

What is Rooting?

Answer 96

The process of gaining root access to the operating system of Android devices, enabling system modifications and the installation of unauthorized apps.

Question 97

What are Over the Air (OTA) Updates?

Answer 97

Software or firmware updates delivered wirelessly to a device, ensuring it receives the latest features and security patches.

Question 98

In regards to mobile devices, what is Custom Firmware?

Answer 98

Overwriting the device's manufacturer firmware with one of your own making or an image made by somebody else.

Question 99

What is Sideloading?

Answer 99

The process of manually installing apps or software onto a device from a third-party source instead of the official app store, which may pose security risks.

Question 100

What is an Embedded System?

Answer 100

A specialized computer system designed to perform specific tasks within a larger system, often with real-time constraints.

Question 101

What is Internet of Things (IoT)?

Answer 101

Refers to a network of interconnected devices that communicate and share data over the Internet, enabling automation and remote control.

Question 102

What is an Industrial Control System (ICS)?

Answer 102

A system used to control industrial processes, such as manufacturing, production, and energy distribution, ensuring smooth and safe operations.

Question 103

What is a Supervisory Control and Data Acquisition (SCADA) system?

Answer 103

An industrial control system used to monitor and control large-scale processes, such as utilities or manufacturing systems, by collecting real-time data and enabling remote management.

Question 104

What is System-on-chip (SoC)?

Answer 104

An integrated circuit that combines essential components like a processor, memory, and input/output interfaces onto a single chip, used in embedded systems and mobile devices.

Question 105

What is Real-time Operating System (RTOS)?

Answer 105

An operating system designed to meet the strict timing and reliability requirements of embedded systems, ensuring tasks are completed within specific deadlines.

Question 106

What is the challenge with embedded systems such as ICS, IoT, and SCADA?

Answer 106

Security vulnerabilities, limited resources, interoperability issues, real-time processing requirements, and the difficulties of maintaining systems over long lifespans.

Question 107

What are some constraints of embedded systems?

Answer 107

Computing power, cryptographic limitations, power, ease of development, cost, and inability to patch/patch availability.