Brainscape's Knowledge GenomeTM


Top Flashcards (Certified)
All Flashcards

Sec+ 601 > Domain 3: Implementation (25%) > Flashcards

Domain 3: Implementation (25%) Flashcards

1
Q

*3.2 Endpoint protection

Data Loss Prevention (DLP)

A

Monitors the data of a system while in use, in transit, or at rest to detect attempts to steal the data.

*Software or hardware solutions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

*3.2 Boot Integrity

Unified Extensible Firmware Interface (UEFI) (Updated version of BIOS)

A

Firmware that provides the computer instructions for how to accept
input and send output.

A type of system firmware providing support for 64-bit CPU
operation at boot, full GUI and mouse operation at boot, and
better boot security.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

*3.2 Self-encrypting drive (SED)

A

Storage device that performs whole disk encryption by using embedded
hardware.

*hardware based

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

*3.2 Full-disk encryption (FDE)

A

software based encription.

Mac: FileVault
Windows: BitLocker

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

*3.2 Trusted Platform Module (TPM)

A

Chip residing on the motherboard that contains an encryption key.

If your motherboard doesn’t have TPM, you can use an external
USB drive as a key.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

*3.3 Network appliances

Hardware Security Module (HSM)

A

Physical devices that act as a secure cryptoprocessor during the encryption process

you’ll see them as an adapter card that plugs in through a USB or a network-attached device.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

*3.2 Endpoint protection

Endpoint Detection and Response (EDR)

A

A software agent that collects system data and logs for analysis by a monitoring system to provide early detection of threats.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

*3.2 Endpoint protection

Antivirus/anti-malware

A

Software capable of detecting and removing virus infections and (in most
cases) other types of malware, such as worms, Trojans, rootkits, adware,
spyware, password crackers, network mappers, DoS tools, and others.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

*3.2 Endpoint protection

Host-based firewall/personal firewall

A

A software application that protects a single computer from unwanted Internet traffic.

ex: Windows: windows firewall
Mac: PF and IPFW
Linux: iptables

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

*3.5 Mobile device management (MDM)

Remote Wipe

A

Remotely erases the contents of the device to ensure the information is
not recovered by the thief.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

*3.1 Protocols

Transport Layer Security

A

puts an encryption layer and a tunnel between your device and the server to ensure you have confidentiality and nobody is conducting a man-in-the-middle attack from you.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

*3.5 Mobile Device Management (MDM)

A

Centralized software solution that allows system administrators to create and enforce policies across its mobile devices.

-remote administration and configuration of mobile devices. I can push out software policies to you, prevent you from installing applications, and install updates remotely without your use.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

*3.7 Account policies

Geotagging

A

Embedding of the geolocation coordinates into a piece of data (i.e., a photo).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

*3.5 Mobile Device Management (MDM)

Storage Segmentation (BYOD)

A

Creating a clear separation between personal and company data on a single device.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

*3.5 Deployment Models

BYOD

A

Bring your own device

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

*3.5 Deployment Models

CYOD

A

Choose your own device

CYOD gives the employee a choice of a couple of phones.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

*3.2 Hardware root of trust

A

A cryptographic module embedded within a computer system that can endorse trusted execution and attest to boot settings and metrics.

EX: Trusted Platform Module (TPM), Hardware Security Module (HSM).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

*3.2 Trusted Platform Module (TPM)

A

A specification for hardware-based storage of digital certificates, keys,
hashed passwords, and other user and platform identification
information.

you really need to remember that TPM, the trusted platform module, is this part of your system
that allows you to have the ability to ensure that when you’re booting up, it is done securely and we can take those reports and digitally sign them using the TPM.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

3.3, 3.5, 3.8

Hardware Security Module (HSM)

A

An appliance for generating and storing cryptographic keys that is less susceptible to tampering and insider threats than software-based storage.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

3.2 Boot Integrity

Secure boot

A

Secure boot is a feature of UEFI that prevents unwanted processes from executing during the boot operation. Essentially, as a computer is booting up, it’s going to check things and make sure that there’s digital signatures installed from those operating system vendors. If Microsoft Windows isn’t signed by Microsoft, we’re not going to boot it. That’s the idea of secure boot. We want to make sure that the bootloader is only loading things that are valid and not loading malware.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

*3.2 Boot Integrity

Measured Boot

A

A UEFI feature that gathers secure metrics to validate the boot process in an attestation report. So, as you’re booting up, it’s going to be taking different measurements, how much time does it take for you to do this? How much process should it take to do that, and based on that, it’s going to collect that data, it’s going to create a report, and then it’s going to attest to it.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

*3.2 Boot Integrity

Boot Attestation

A

A claim that the data presented in a report is valid, and it does this by digitally signing it using the TPM’s private key. So, the UEFI, it’s going to take that report, it’s going to sign it with that digital key, and then send it on to the operating system into the processor. This way we know we can trust it.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q
  • 3.2 Application Security

Static code analysis

A

Source code of an application is reviewed manually or with automatic
tools without running the code

Think of static analysis as your third grade English teacher looking over your essay and marking it up with a red pen to show you all of your errors.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

*3.2 Application Security

Dynamic code Analysis

A

Analysis and testing of a program occurs while it is being executed or run

Dynamic analysis on the other hand is performed on a program while it’s being run. The most common type of dynamic analysis includes the use of fuzzing.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
*3.2 Application Security Fuzzing
Injection of randomized data into a software program in an attempt to find system failures, memory leaks, error handling issues, and improper input validation Fuzzing, also known as a Fuzz Test, involves using a software program to insert randomized data in an attempt to find vulnerabilities. Fuzzing is used to determine possible system failures, memory leaks, error handling issues, and improper input validation as well.
26
*3.3 Access Control List (ACL)
An ordered set of rules that a router uses to decide whether to permit or deny traffic based upon given characteristics IP Spoofing is used to trick a Router's ACL
27
*3.3 Network segmentation Screened Subnet (DMZ)
A segment isolated from the rest of a private network by one or more firewalls that accept connections from the internet over designated ports. Focused on providing controlled access to publicly available servers that are hosted within your organizational network. Everything behind the Screened Subnet (DMZ) is invisible to the outside network.
28
*3.3 Network segmentation Extranet
Specialized type of DMZ that is created for your partner organizations to access over a wide area network
29
*3.3 Network segmentation Intranet
Used when only one company is involved
30
*3.3 Network Access Control(NAC)
Security Technique in which devices are scanned to determine its current state prior to being allowed access onto a given network
31
3.5 Mobile Device Management *Context Aware Authentication
Process to check the user’s or system’s attributed or characteristics prior to allowing it to connect § Restrict authentication based on the time of day or location
32
3.8 Authentication/Authorization *Single Sign-On (SSO)
A default user profile for each user is created and linked with all of the resources needed § Compromised SSO credentials cause a big breach in security
33
3.8 Authentication/authorization *Security Assertion Markup Language (SAML)
Attestation model built upon XML used to share federated identity management information between systems
34
3.8 Authentication/authorization OpenID
An open standard and decentralized protocol that is used to authenticate users in a federated identity management system User logs into an Identity Provider (IP) and uses their account at Relying Parties (RP) OpenID is easier to implement than SAML SAML is more efficient than OpenID
35
3.8 Authentication/Authorization *802.1X
Standardized framework used for port-based authentication on wired and wireless networks First, 802.1x is an IEEE standard that defines Port-Based Network Access Control or PNAC. 802.1x is a data link layer authentication technology that's used to connect devices to a wired or wireless LAN. Also, it defines the EAP protocol. RADIUS TACACS+ 802.1x can prevent rogue devices
36
3.8 Authentication/authorization *Extensible Authentication Protocol (EAP)
A framework of protocols that allows for numerous methods of authentication including passwords, digital certificates, and public key infrastructure § EAP-MD5 uses simple passwords for its challenge-authentication § EAP-TLS uses digital certificates for mutual authentication § EAP-TTLS uses a server-side digital certificate and a client-side password for mutual authentication
37
3.8 Authentication/authorization Kerberos
An authentication protocol used by Windows to provide for two-way (mutual) authentication using a system of tickets Port 88 § A domain controller can be a single point of failure for Kerberos
38
3.8 Authentication/authorization *Password Authentication Protocol (PAP)
Used to provide authentication but is not considered secure since it transmits the login credentials unencrypted (in the clear)
39
3.8 Authentication/authorization Challenge Handshake Authentication Protocol (CHAP)
Used to provide authentication by using the user’s password to encrypt a challenge string of random numbers
40
3.3 *Virtual Private Network (VPN)
Allows end users to create a tunnel over an untrusted network and connect remotely and securely back into the enterprise network § Client-to-Site VPN or Remote Access VPN VPN Concentrator: § Specialized hardware device that allows for hundreds of simultaneous VPN connections for remote workers Split Tunneling: § A remote worker’s machine diverts internal traffic over the VPN but external traffic over their own internet connection § Prevent split tunneling through proper configuration and network segmentation
41
3.8 Authentication/authorization Remote Authentication Dial-In User Service (RADIUS)
1.Provides centralized administration of dial-up, VPN, and wireless authentication services for 802.1x and the Extensible Authentication Protocol (EAP) 2.Centralization administration system for dial-up, VPN, and wireless authentication (802.1x) that uses either ports 1812/1813 (UDP) or 1645/1646 UDP (alternative) § RADIUS operates at the application layer
42
3.8 Authentication/authorization Terminal Access Controller Access Control System Plus (TACACS+)
Cisco’s proprietary version of RADIUS that provides separate authentication and authorization functions over port 49 (TCP)
43
3.8 Access Control Schemes Discretionary Access Control (DAC)
* The access control policy is determined by the owner * DAC is used commonly * 1. Every object in a system must have an owner * 2. Each owner determines access rights and permissions for each object
44
3.8 Access Control Schemes Mandatory Access Control (MAC)
An access control policy where the computer system determines the access control for an object * The owner chooses the permissions in DAC but in MAC, the computer does
45
3.8 Access Control Schemes Rule-based Access Control
Label-based access control that defines whether access should be granted or denied to objects by comparing the object label and the subject label
46
3.8 Access control schemes Role-based Access Control (RBAC)
* An access model that is controlled by the system (like MAC) but utilizes a set of permissions instead of a single data label to define the permission level * Power Users is a role-based permission
47
3.8 Access Control Schemes Attribute-Based Access Control (ABAC)
* An access model that is dynamic and context-aware using IF-THEN statements * If Jason is in HR, then give him access to \\fileserver\HR
48
3.3 Port spanning/port mirroring
One or more switch ports are configured to forward all of their packets to another port on the switch
49
3.1 Protocols SNMP
A TCP/IP protocol that aids in monitoring network-attached devices and computers § SNMP is incorporated into a network management and monitoring system
50
3.1 Protocols SNMP v3
Version of SNMP that provides integrity, authentication, and encryption of the messages being sent over the network
51
Monitors the data of a system while in use, in transit, or at rest to detect attempts to steal the data. *Software or hardware solutions
*3.2 Endpoint protection Data Loss Prevention (DLP)
52
Firmware that provides the computer instructions for how to accept input and send output. A type of system firmware providing support for 64-bit CPU operation at boot, full GUI and mouse operation at boot, and better boot security.
*3.2 Boot Integrity Unified Extensible Firmware Interface (UEFI) (Updated version of BIOS)
53
Storage device that performs whole disk encryption by using embedded hardware. *hardware based
*3.2 Self-encrypting drive (SED)
54
software based encription. Mac: FileVault Windows: BitLocker
*3.2 Full-disk encryption (FDE)
55
Chip residing on the motherboard that contains an encryption key. If your motherboard doesn’t have TPM, you can use an external USB drive as a key.
*3.2 Trusted Platform Module (TPM)
56
Physical devices that act as a secure cryptoprocessor during the encryption process you'll see them as an adapter card that plugs in through a USB or a network-attached device.
*3.3 Network appliances Hardware Security Module (HSM)
57
A software agent that collects system data and logs for analysis by a monitoring system to provide early detection of threats.
*3.2 Endpoint protection Endpoint Detection and Response (EDR)
58
Software capable of detecting and removing virus infections and (in most cases) other types of malware, such as worms, Trojans, rootkits, adware, spyware, password crackers, network mappers, DoS tools, and others.
*3.2 Endpoint protection Antivirus/anti-malware
59
A software application that protects a single computer from unwanted Internet traffic. ex: Windows: windows firewall Mac: PF and IPFW Linux: iptables
*3.2 Endpoint protection Host-based firewall/personal firewall
60
Remotely erases the contents of the device to ensure the information is not recovered by the thief.
*3.5 Mobile device management (MDM) Remote Wipe
61
puts an encryption layer and a tunnel between your device and the server to ensure you have confidentiality and nobody is conducting a man-in-the-middle attack from you.
*3.1 Protocols Transport Layer Security
62
Centralized software solution that allows system administrators to create and enforce policies across its mobile devices. -remote administration and configuration of mobile devices. I can push out software policies to you, prevent you from installing applications, and install updates remotely without your use.
*3.5 Mobile Device Management (MDM)
63
Embedding of the geolocation coordinates into a piece of data (i.e., a photo).
*3.7 Account policies Geotagging
64
Creating a clear separation between personal and company data on a single device.
*3.5 Mobile Device Management (MDM) Storage Segmentation (BYOD)
65
Bring your own device
*3.5 Deployment Models BYOD
66
Choose your own device CYOD gives the employee a choice of a couple of phones.
*3.5 Deployment Models CYOD
67
A cryptographic module embedded within a computer system that can endorse trusted execution and attest to boot settings and metrics. EX: Trusted Platform Module (TPM), Hardware Security Module (HSM).
*3.2 Hardware root of trust
68
A specification for hardware-based storage of digital certificates, keys, hashed passwords, and other user and platform identification information. you really need to remember that TPM, the trusted platform module, is this part of your system that allows you to have the ability to ensure that when you're booting up, it is done securely and we can take those reports and digitally sign them using the TPM.
*3.2 Trusted Platform Module (TPM)
69
An appliance for generating and storing cryptographic keys that is less susceptible to tampering and insider threats than software-based storage.
3.3, 3.5, 3.8 Hardware Security Module (HSM)
70
Secure boot is a feature of UEFI that prevents unwanted processes from executing during the boot operation. Essentially, as a computer is booting up, it's going to check things and make sure that there's digital signatures installed from those operating system vendors. If Microsoft Windows isn't signed by Microsoft, we're not going to boot it. That's the idea of secure boot. We want to make sure that the bootloader is only loading things that are valid and not loading malware.
3.2 Boot Integrity Secure boot
71
A UEFI feature that gathers secure metrics to validate the boot process in an attestation report. So, as you're booting up, it's going to be taking different measurements, how much time does it take for you to do this? How much process should it take to do that, and based on that, it's going to collect that data, it's going to create a report, and then it's going to attest to it.
*3.2 Boot Integrity Measured Boot
72
A claim that the data presented in a report is valid, and it does this by digitally signing it using the TPM's private key. So, the UEFI, it's going to take that report, it's going to sign it with that digital key, and then send it on to the operating system into the processor. This way we know we can trust it.
*3.2 Boot Integrity Boot Attestation
73
Source code of an application is reviewed manually or with automatic tools without running the code Think of static analysis as your third grade English teacher looking over your essay and marking it up with a red pen to show you all of your errors.
* 3.2 Application Security Static code analysis
74
Analysis and testing of a program occurs while it is being executed or run Dynamic analysis on the other hand is performed on a program while it's being run. The most common type of dynamic analysis includes the use of fuzzing.
*3.2 Application Security Dynamic code Analysis
75
Injection of randomized data into a software program in an attempt to find system failures, memory leaks, error handling issues, and improper input validation Fuzzing, also known as a Fuzz Test, involves using a software program to insert randomized data in an attempt to find vulnerabilities. Fuzzing is used to determine possible system failures, memory leaks, error handling issues, and improper input validation as well.
*3.2 Application Security Fuzzing
76
An ordered set of rules that a router uses to decide whether to permit or deny traffic based upon given characteristics IP Spoofing is used to trick a Router's ACL
*3.3 Access Control List (ACL)
77
A segment isolated from the rest of a private network by one or more firewalls that accept connections from the internet over designated ports. Focused on providing controlled access to publicly available servers that are hosted within your organizational network. Everything behind the Screened Subnet (DMZ) is invisible to the outside network.
*3.3 Network segmentation Screened Subnet (DMZ)
78
Specialized type of DMZ that is created for your partner organizations to access over a wide area network
*3.3 Network segmentation Extranet
79
Used when only one company is involved
*3.3 Network segmentation Intranet
80
Security Technique in which devices are scanned to determine its current state prior to being allowed access onto a given network
*3.3 Network Access Control(NAC)
81
Process to check the user’s or system’s attributed or characteristics prior to allowing it to connect § Restrict authentication based on the time of day or location
3.5 Mobile Device Management *Context Aware Authentication
82
A default user profile for each user is created and linked with all of the resources needed § Compromised SSO credentials cause a big breach in security
3.8 Authentication/Authorization *Single Sign-On (SSO)
83
Attestation model built upon XML used to share federated identity management information between systems
3.8 Authentication/authorization *Security Assertion Markup Language (SAML)
84
An open standard and decentralized protocol that is used to authenticate users in a federated identity management system User logs into an Identity Provider (IP) and uses their account at Relying Parties (RP) OpenID is easier to implement than SAML SAML is more efficient than OpenID
3.8 Authentication/authorization OpenID
85
Standardized framework used for port-based authentication on wired and wireless networks First, 802.1x is an IEEE standard that defines Port-Based Network Access Control or PNAC. 802.1x is a data link layer authentication technology that's used to connect devices to a wired or wireless LAN. Also, it defines the EAP protocol. RADIUS TACACS+ 802.1x can prevent rogue devices
3.8 Authentication/Authorization *802.1X
86
A framework of protocols that allows for numerous methods of authentication including passwords, digital certificates, and public key infrastructure § EAP-MD5 uses simple passwords for its challenge-authentication § EAP-TLS uses digital certificates for mutual authentication § EAP-TTLS uses a server-side digital certificate and a client-side password for mutual authentication
3.8 Authentication/authorization *Extensible Authentication Protocol (EAP)
87
An authentication protocol used by Windows to provide for two-way (mutual) authentication using a system of tickets Port 88 § A domain controller can be a single point of failure for Kerberos
3.8 Authentication/authorization Kerberos
88
Used to provide authentication but is not considered secure since it transmits the login credentials unencrypted (in the clear)
3.8 Authentication/authorization *Password Authentication Protocol (PAP)
89
Used to provide authentication by using the user’s password to encrypt a challenge string of random numbers
3.8 Authentication/authorization Challenge Handshake Authentication Protocol (CHAP)
90
Allows end users to create a tunnel over an untrusted network and connect remotely and securely back into the enterprise network § Client-to-Site VPN or Remote Access VPN VPN Concentrator: § Specialized hardware device that allows for hundreds of simultaneous VPN connections for remote workers Split Tunneling: § A remote worker’s machine diverts internal traffic over the VPN but external traffic over their own internet connection § Prevent split tunneling through proper configuration and network segmentation
3.3 *Virtual Private Network (VPN)
91
1.Provides centralized administration of dial-up, VPN, and wireless authentication services for 802.1x and the Extensible Authentication Protocol (EAP) 2.Centralization administration system for dial-up, VPN, and wireless authentication (802.1x) that uses either ports 1812/1813 (UDP) or 1645/1646 UDP (alternative) § RADIUS operates at the application layer
3.8 Authentication/authorization Remote Authentication Dial-In User Service (RADIUS)
92
Cisco’s proprietary version of RADIUS that provides separate authentication and authorization functions over port 49 (TCP)
3.8 Authentication/authorization Terminal Access Controller Access Control System Plus (TACACS+)
93
* The access control policy is determined by the owner * DAC is used commonly * 1. Every object in a system must have an owner * 2. Each owner determines access rights and permissions for each object
3.8 Access Control Schemes Discretionary Access Control (DAC)
94
An access control policy where the computer system determines the access control for an object * The owner chooses the permissions in DAC but in MAC, the computer does
3.8 Access Control Schemes Mandatory Access Control (MAC)
95
Label-based access control that defines whether access should be granted or denied to objects by comparing the object label and the subject label
3.8 Access Control Schemes Rule-based Access Control
96
* An access model that is controlled by the system (like MAC) but utilizes a set of permissions instead of a single data label to define the permission level * Power Users is a role-based permission
3.8 Access control schemes Role-based Access Control (RBAC)
97
* An access model that is dynamic and context-aware using IF-THEN statements * If Jason is in HR, then give him access to \\fileserver\HR
3.8 Access Control Schemes Attribute-Based Access Control (ABAC)
98
One or more switch ports are configured to forward all of their packets to another port on the switch
3.3 Port spanning/port mirroring
99
A TCP/IP protocol that aids in monitoring network-attached devices and computers § SNMP is incorporated into a network management and monitoring system
3.1 Protocols SNMP
100
Version of SNMP that provides integrity, authentication, and encryption of the messages being sent over the network
3.1 Protocols SNMP v3
101
Uses digital signatures to provide an assurance that the software code has not been modified after it was submitted by the developer
3.2 Application security Code Signing
102
Allow all of the subdomains to use the same public key certificate and have it displayed as valid § Wildcard certificates are easier to manage
3.9 Types of certificates Wildcard Certificates
103
Allows a certificate owner to specify additional domains and IP addresses to be supported
3.9 Public Key Infrastructure (PKI) and Types of Certificates Subject Alternative Name (SAN)

Sec+ 601 (7 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions