Module 16 - Host Hardening - Q&A Flashcards
All of the following are characteristics of host hardening, except:
A. Minimum needed functionality
B. Maximum level of privileges for each user
C. Patched and updated
D. Removal of unnecessary applications
B. Hosts should be configured with the minimum necessary level of privileges for each user, not the maximum.
You have an external DNS server that has been the target of a lot of traffic directed at SMTP lately. The server is required to make and respond to name resolution queries only. You examine the configuration of the server and find that the sendmail utility is configured and running on the host, and the server is also listening for inbound connections on TCP port 25. Which of the following actions should you take?
A. Disable sendmail and any other program using TCP port
B. Configure sendmail to send and receive e-mail from designated hosts only.
C. Disable the name resolution services on the host.
D. Configure DNS service to block inbound e-mail into the host.
A. Disabling sendmail and any other program using TCP port 25 is the best option, since the e-mail service is not needed on the host.
Which of the following should always be considered when configuring a host?
A. Allowing access to configuration of management interfaces and configuration utilities
B. Maximum functionality for user accounts
C. Principle of least privilege
D. Shared passwords for administrative groups of users
C. The principle of least privilege should always be considered when configuring a host, regardless of whether it is user accounts, management interfaces, or authentication methods.
Which of the following systems is normally required in high-security environments, and is used to address multilevel security requirements? A. 256-bit encryption B. Biometric authentication C. Single Sign-On capability D. Trusted operating system
D. A trusted OS is normally required in high-security environments and is used to address multilevel security requirements.
On which of the following might an antispam solution be best installed in an enterprise infrastructure? A. Workstation B. E-mail server C. Firewall D. Proxy server
B. An antispam solution should be installed on an e-mail server.
To prevent an application from being installed or executed on a host, \_\_\_\_\_\_\_\_\_\_ should be implemented. A. blacklisting B. greylisting C. whitelisting D. protected memory execution
A. To prevent an application from being installed or executed on a host, blacklisting should be implemented.
Which of the following would be considered an effective measure in preventing a removable drive from being stolen when not in use?
A. Encrypting the drive
B. Requiring a strong password to unlock the drive
C. Securing the drive to the device using it with a cable lock
D. Locking the drive in a steel cabinet
D. Locking the drive in a steel cabinet would prevent the drive from being stolen.
Which of the following should you do before installing a patch on a production host in an enterprise environment?
A. Install host-based firewall and IDS applications.
B. Test the patch.
C. Determine the urgency of the patch and install it immediately if it is a critical security update.
D. Get approval from the end user.
B. You should always test the patch before installing it on a production host in an enterprise environment.
Different groups in your organization require certain applications and security configuration settings that are unique to each group. You install a standard baseline image to the host computers for all the different groups. A developer group now complains that their applications do not work as they require, and that the security settings are too restrictive for them. They are able to document and show the necessity for less-restrictive security settings. Which of the following is your best course of action?
A. Make changes to each individual host within the developer group to accommodate their needs.
B. Withdraw the requirement for a standard baseline since it cannot be enforced without impacting productivity.
C. Require that the developer group change their procedures and applications to fit with the new standard baseline image.
D. Create a specialized baseline image that applies only to the developer group, and ensure that everyone else gets the standard baseline image.
D. Create a specialized baseline image that applies only to the developer group, and ensure that everyone else gets the standard baseline image.
All of the following are reasons to implement a continuous monitoring solution, except:
A. Ensure that any changes made are included in the updated standard security baseline.
B. Detect changes to the configuration baseline.
C. Detect security incidents.
D. Ensure that unauthorized changes are reversed.
A. Ensuring that any changes made are included in the updated standard security baseline is not the purpose of a continuous monitoring program. Decisions on whether these changes are acceptable or not, or if they should be included in the baseline, resides with the change management authority. Continuous monitoring is designed to detect all changes, acceptable or not.
