Lesson 10: Assess Endpoint Security Capabilities

Question 1

Define ‘Device Hardening’

Answer 1

The practice of changing configurations to secure systems from threats by reducing the vulnerabilities attributed to default configurations.

Question 2

What is the role of base practice baselines in device hardening?

Answer 2

Best practice baselines provide a standard set of guidelines or checklists for configuring devices securely.

Question 3

What is the essential principle of best practice baselines in device hardening to reduce attack surface?

Answer 3

Principle is of least functionality; that a system should run only the protocols and services required by legitimate users and no more.

Question 4

What are examples of device hardening?

Answer 4

Disabling excess interfaces; Disabling unnecessary services/ports; Disk encryption; Patch management cycle.

Question 5

Define ‘Baseline deviation reporting’

Answer 5

Testing the actual configuration of hosts to ensure that their configuration settings match the baseline template.

Question 6

What is a windows tool to test baseline deviation?

Answer 6

Microsoft Baseline Security Analyzer (MBSA)

Question 7

How does segmentation enhance a network’s security?

Answer 7

Reduces the potential impact of a cybersecurity incident by isolating systems and limiting the spread of an attack or malware infection.

Question 8

Define ‘device isolation’

Answer 8

Segregating individual devices within a network to limit their interaction with other devices and systems.

Question 9

What is the purpose of device isolation?

Answer 9

Prevents the lateral spread of threats should a device become compromised.

Question 10

Define ‘antivirus’

Answer 10

Signature based software detection and prevention.

Question 11

Define ‘Full disk encryption (FDE)’

Answer 11

Encryption of all data on a disk by the OS.

Question 12

Where is the key used to encrypt data stored when using Full disk encryption (FDE)?

Answer 12

Stored in a Trusted Platform Module (TPM).

Question 13

Define a ‘self-encrypting drive (SED)’

Answer 13

A disk drive where the controller can automatically encrypt data that is written to it instead of relying on the OS.

Question 14

What is the name of the key that a self-encrypting drive (SED) uses in encrypt data?

Answer 14

Symmetric data/media encryption key (DEK/MEK) for bulk encryption

Question 15

What is the name of the key that encrypts the symmetric data/media encryption key (DEK/MEK)?

Answer 15

Authentication key (AK) or Key Encryption Key (KEK).

Question 16

Define an ‘authentication key (AK) or Key Encryption Key (KEK)’

Answer 16

Private key that is used to encrypt the symmetric bulk media encryption key (MEK).

Question 17

When implementing a self-encrypting drive (SED), how does a user access the encrypted data on the drive?

Answer 17

A user must authenticate with a password to decrypt the MEK and access the media.

Question 18

What is used to facilitate auto-updates in Linux?

Answer 18

yum-cron or apt unattended-upgrades

Question 19

What is the purpose of testing patches before applying them to systems in production?

Answer 19

Identify potential issues or conflicts arising from the patch, ensuring that it does not introduce new vulnerabilities or disrupt critical operations; Mitigate the risk of unintended consequences.

Question 20

What is a ‘endpoint detection and response (EDR)’ product?

Answer 20

Software agent that collects system data and logs for analysis to provide early detection of threats.

Question 21

What is the purpose/function of endpoint detection and response (EDR)?

Answer 21

To provide real time and historical visibility into the compromise, contain the malware within a single host, and facilitate remediation of the host to its original state.

Question 22

What is the difference between ‘Extended detection and response (XDR)’ and ‘endpoint detection and response (EDR)’

Answer 22

Extends protection beyond endpoints by incorporating data from the network, cloud platforms, email gateway, firewall, and other essential infrastructure components.

Question 23

Define ‘Host-based intrusion detection system (HIDS)’

Answer 23

Type of IDS that monitors a computer system for unexpected behavior or drastic changes to the system’s state.

Question 24

Define ‘host-based intrusion prevention system (HIPS)’

Answer 24

Endpoint protection that can detect and prevent malicious activity via signature and heuristic pattern matching.

Question 25

What is a crucial feature of Host-based intrusion detection system (HIDS)?

Answer 25

file integrity monitoring (FIM)

Question 26

Define ‘file integrity monitoring (FIM)’

Answer 26

Software that reviews system files to ensure that they have not been tampered with.

Question 27

Define the function of ‘file integrity monitoring (FIM)’

Answer 27

Audits key system files to ensure they match the authorized versions.

Question 28

What is the windows version of file integrity monitoring (FIM)?

Answer 28

Windows File Protection service runs automatically and the System File Checker (SFC) tool.

Question 29

What Linux command is used to change permissions?

Answer 29

chmod

Question 30

What management tool is used to automate secure baselines across an environment in windows?

Answer 30

Group policy management

Question 31

What management tool is use to support access control policies in Linux?

Answer 31

SELinux

Question 32

Define ‘SELinux’

Answer 32

Security feature of CentOS and RedHat that supports access control policies and mandatory access control.

Question 33

What is the function of SELinux?

Answer 33

Allows more granular permission control over every process and system object within an operating system.

Question 34

What are key differences between securing a mobile device in comparison to a traditional desktop?

Answer 34

Remote wiping capabilities, encryption, and secure lock screens.

Question 35

What is the challenge in secure a mobile device against unwanted applications?

Answer 35

Mobile app ecosystem includes many apps with different access permission requirements that present unique data privacy and protection challenges.

Question 36

Define ‘Bring your own device (BYOD)’

Answer 36

The mobile device is owned by the employee.

Question 37

Define a ‘Bring your own device (BYOD)’ policy

Answer 37

Security framework and tools to facilitate use of personally owned devices to access corporate networks and data.

Question 38

What are typical rules in a Bring your own device (BYOD) policy?

Answer 38

OS version and device capabilities

Question 39

Define ‘Corporate owned, personally enabled (COPE)’

Answer 39

The device is chosen and supplied by the organization and remains its property but allows personal use.

Question 40

Define ‘Mobile device management (MDM)’

Answer 40

Process and supporting technologies for tracking, controlling, and securing the organization’s mobile infrastructure.

Question 41

What is the purpose of implementing Mobile device management (MDM)?

Answer 41

To manage, secure, and enforce policies on smartphones, tablets, and other endpoints.

Question 42

How is data protection encryption enabled on an iOS device?

Answer 42

Enabled automatically when you configure a password lock on the device.

Question 43

Define ‘Geolocation’

Answer 43

Use of network attributes to identify (or estimate) the physical position of a device.

Question 44

What are two forms of geolocation?

Answer 44

1. Global Positioning System (GPS)
2. Indoor Positioning System (IPS)

Question 45

Define ‘Indoor Positioning System (IPS)’

Answer 45

Locates a device by triangulating its proximity to other radio sources, such as cell towers, Wi-Fi access points, and Bluetooth/RFID beacons.

Question 46

What is the primary concern of location services/geolocation?

Answer 46

Privacy; Provides a mechanism to track an individual’s movements, and therefore their social and business habits.

Question 47

Define ‘Geofencing’

Answer 47

Security control that can enforce a virtual boundary based on real-world geography.

Question 48

Define ‘GPS tagging’

Answer 48

Adding geographical data, such as the latitude and longitude where the device was located at the time, to media such as photographs, SMS messages, video, and so on.

Question 49

Define a ‘Personal area networks (PANs)’

Answer 49

A network scope that uses close-range wireless technologies (usually based on Bluetooth or NFC) to establish communications between personal devices, such as smartphones, laptops, and printers/peripheral devices.

Question 50

Define an ‘ad hoc network’

Answer 50

WIFI-Direct; A type of wireless network where connected devices communicate directly with each other instead of over an established medium.

Question 51

What is the security setback with Bluetooth discovery?

Answer 51

Even a device in non-discoverable mode can still be detected.

Question 52

How can authentication/authorization with Bluetooth be made more secure?

Answer 52

By changing the default key or passkey.

Question 53

Define ‘bluejacking’

Answer 53

Sending an unsolicited message using a Bluetooth connection when device authentication is not configured.

Question 54

Define ‘Bluesnarfing’

Answer 54

Using an exploit in Bluetooth to steal information from someone else’s phone.

Question 55

How are Bluetooth connections secured between to devices initializing pairing?

Answer 55

Devices exchange cryptographic keys to authenticate each other’s identity and establish an encrypted communication channel.

Question 56

What control is used to configure access for devices connected via Bluetooth?

Answer 56

Bluetooth generally requires user consent to connect and access specific services.

Question 57

What Bluetooth 4.0 protocol was created to prevent eavesdropping, and on path attacks?

Answer 57

Bluetooth Secure Connections (BSC)

Question 58

How does ‘Bluetooth Low Energy (BLE) Privacy’ protocol provide privacy?

Answer 58

Uses randomly generated device addresses that periodically change to prevent tracking and unauthorized identification of BLE devices.

Question 59

Define ‘Near-field communication (NFC)’

Answer 59

Based on RFID; Standard for two-way radio communications over very short (around four inches) distances.

Question 60

Why is Near-field communication (NFC) insecure?

Answer 60

Does not provide encryption, so eavesdropping and on-path attacks are possible if the attacker can find some way of intercepting the communication and the software services are not encrypting the data.