Module 9 - System and endpoint protection Flashcards
(137 cards)
1
Q
Which person is responsible for configuring the OS to eliminate unnecessary services and apply timely security patches?
A
An administrator
2
Q
Which approach involves establishing procedures for update monitoring, evaluation, planning, and documented installation?
A
A systematic approach
3
Q
Which comparison method helps identify potential vulnerabilities by referencing expected performance norms?
A
Establishing a Baseline
4
Q
Which security software warns the user upon detecting viruses and then either isolates or deletes them?
A
Antivirus
5
Q
Which form of protection is designed to block programs that generate unwanted pop-up advertisements?
A
Adware protection
6
Q
Which protection mechanism works by identifying and blocking the IP addresses of known phishing sites?
A
Phishing protection
7
Q
Which security tool scans for keyloggers and similar threats that monitor user input for malicious purposes?
A
Spyware protection
8
Q
Which feature alerts the user if a program or website is considered risky or comes from an unverified origin?
A
Trusted/Untrusted Source verification
9
Q
Which instruction is important when using multiple antivirus or antimalware programs to avoid interference?
A
Only one program should be run at a time
10
Q
Which method of attack involves impersonating legitimate websites to harvest user credentials?
A
Phishing
11
Q
Which type of fake security software mimics a legitimate warning message to trick users into installing malware?
A
Rogue antivirus products
12
Q
Which type of attack uses legitimate programs and memory-resident methods to avoid leaving any file traces?
A
A fileless attack
13
Q
Which kind of malware attack ceases after a reboot because it never installs files on the system?
A
Fileless malware
14
Q
Which scripting languages are mentioned as capable of creating malware in script form?
A
Python, VBA , Bash
15
Q
Which macOS and Linux command-line language can be exploited to write script-based malware?
A
Bash
16
Q
Which Microsoft macro language can be exploited to write malicious scripts embedded in documents?
A
VBA (Virtual Basic for Applications)
17
Q
Which kind of software, although not necessarily malicious, should still be removed if unauthorized or non-compliant?
A
Unapproved software
18
Q
Which kind of vulnerability can cybercriminals exploit if not addressed by code updates?
A
Weaknesses in unpatched systems
19
Q
Which type of code update prevents viruses, worms, or malware from exploiting system flaws?
A
Patches
20
Q
Which software package often combines patches and upgrades to secure a system?
A
Service Pack
21
Q
Which type of solution runs directly on a local device and works with the operating system to prevent attacks?
A
A host based security solution
22
Q
Which software runs on a device to filter incoming and outgoing network activity specifically for that device?
A
A host based firewall
23
Q
Which firewall configuration option lets you define the kinds of traffic allowed into the system?
A
Inbound rules
24
Q
Which tool monitors a host for system calls, file system access, and suspicious behavior?
A
HIDS (Host based Intrusion Detection System)
25
Which security system examines system registry data and configuration information to detect threats on a host?
HIDS (Host based Intrusion Detection System)
26
Which limitation affects the performance of HIDS, especially on resource-constrained systems?
HIDS are resource intensive
27
Which host-based tool not only detects threats but can also take actions like resetting connections or dropping packets?
HIPS (Host based Intrusion Prevention System)
28
Which type of software goes beyond antivirus by continuously monitoring an endpoint and responding to threats?
EDR (Endpoint Detection and Response)
29
Which solution both blocks threats and investigates activity to locate hidden or undetected attacks on the endpoint?
EDR (Endpoint Detection and Response)
30
Which tool ensures that private or confidential information is not accessed, lost, or mishandled?
DLP (Data Loss and Prevention)
31
Which tool ensures that private or confidential information is not accessed, lost, or mishandled?
NGFW (Next Generation Firewall)
32
Which firewall type incorporates application-level filtering and intrusion protection in one device?
NGFW (Next Generation Firewall)
33
Which security device uses in-line deep packet inspection (DPI) to analyze the contents of data packets and enforce application-level rules?
NGFW (Next Generation Firewall)
34
Which feature in Windows allows users to encrypt files, folders, or even the entire hard drive?
The EFS (Encrypted Filesystem)
35
Which encryption method secures the entire contents of a drive, including temporary files and memory?
FDE (Full Disk Encryption)
36
Which Windows feature uses full disk encryption to protect data?
Bitlocker
37
Which security feature must be enabled in the BIOS to allow BitLocker to use hardware-based encryption?
TPM (Trusted Platform Modules)
38
What is the specialized motherboard chip that stores encryption keys, digital certificates, and passwords for BitLocker?
TPM (Trusted Platform Module)
39
Which BitLocker-related tool encrypts removable drives and requires a password instead of using TPM?
Bitlocker To Go
40
Which type of drive encrypts all data automatically to prevent access through another operating system?
A Self-encrypting drive
41
Which term refers to protecting a system from unauthorized changes during startup?
Boot integrity
42
Which kind of software provides instructions for basic computer functions and is stored on a memory chip on the motherboard?
Firmware
43
Which program is the first to run when a computer is turned on and is stored in firmware?
BIOS (Basic Input/Output System)
44
Which firmware interface is a modern replacement for BIOS and supports 64-bit mode?
UEFI (Unified Extensible Firmware Interface)
45
Which security standard ensures only trusted software runs during system boot?
Secure Boot
46
Which process involves firmware checking digital signatures of drivers and OS files before loading them?
Secure Boot
47
Which boot validation method stores component measurements in the TPM for remote verification?
Measured Boot
48
Which boot protection method provides stronger validation than Secure Boot by logging boot measurements?
Measured Boot
49
What does encryption transform readable data into using a complex algorithm?
unreadable information
50
What is needed to convert encrypted (unreadable) data back into its original form?
A special key
51
Which encryption method is used when encrypting data on a USB drive without relying on TPM?
BitLocker To Go
52
Which Apple chip provides hardware-level security including a special CPU, boot protections, and AES encryption?
A Secure Enclave
53
Which system-on-a-chip in Apple devices handles secure operations like encryption and biometric data processing?
A Secure Enclave
54
Which Apple feature enables file encryption and decryption as files are read or written, using hardware support?
Apple Data Protection and FileVault
55
What component allows Apple’s hardware-based AES encryption engine to work without exposing keys to the CPU or OS?
A Secure Enclave
56
Which Apple encryption method ensures that encryption keys are never exposed to the main CPU or running apps?
Hardware based AES encryption
57
Which macOS feature encrypts the storage drive and integrates with hardware encryption to secure user data?
FileVault
58
What protects low-level Apple hardware and only allows unmodified Apple OS software to load at boot?
Secure Boot via ROM
59
Which Apple boot protection ensures that only genuine, unaltered macOS software can run during startup?
Secure boot via Boot ROM
60
Where is biometric authentication data processed to keep it isolated from the OS and potential malware? (in Apple)
In the Secure Enclave
61
Which macOS tool lets users locate lost or stolen devices and remotely lock or erase them?
Find my MAC
62
Which built-in macOS antimalware tool blocks malware based on known signatures and alerts users?
XProtect
63
Which macOS tool removes infections and runs at system restart and user login to detect malware?
MRT (Malware Removal Tool)
64
Which macOS feature ensures that only digitally-signed software from Apple-notarized developers can be installed?
Gatekeeper
65
Which security feature blocks the installation of unauthorized software by verifying its developer signature?
Gatekeeper
66
Which macOS antimalware tool uses automatic rule updates to detect and clean infected systems over time?
MRT (Malware Removal Tool)
67
What protects Apple devices from running malware by scanning apps for known malicious code?
XProtect
68
Which tool can secure computer equipment to desks or immovable objects to prevent theft?
Cable locks
69
Which enclosure can physically shield devices from electromagnetic fields for security purposes?
A Faraday cage
70
What type of lock is common but can be easily forced and is vulnerable if keys are compromised?
A keyed entry lock
71
Which physical security feature can be added to a standard lock to improve door security?
A Deadbolt lock
72
Which locking mechanism uses a programmable button sequence to restrict physical access to a room?
A Cipher lock
73
Which door lock type can log access attempts and restrict entry by time or day?
A Cipher lock
74
Which access control technology uses radio waves to identify and track items wirelessly?
RFID (Radio Frequency Identification)
75
What kind of tag requires very little power and uses an antenna and integrated circuit to communicate with readers?
RFID tag
76
Which term refers to hosts like computers, servers, or IoT devices that connect to a network and can be exploited?
Endpoint
77
Which type of malware attack was projected to cost $6 trillion annually by 2021?
Ransomware
78
Which attack method hijacks computer resources to secretly mine cryptocurrency?
Cryptojacking
79
How many cryptojacking attempts were observed in 2018?
8 million
80
Which category of unwanted email saw a major global increase between 2016 and early 2017?
Spam
81
Which operating system was projected to face an average of 14.2 cyberattacks per device by 2020?
macOS
82
What characteristic allows some malware to avoid antivirus detection by frequently changing its features?
Polymorphism
83
Which type of attack attempts to make an organization’s network inaccessible by overwhelming it with traffic?
A DoS (Denial of Service) attack
84
Which type of external breach might involve altering a company’s online appearance?
Web server defacement
85
Which advanced firewall device might appear in a secure enterprise network perimeter diagram?
An ASA (Adaptive Security Appliance)
86
Which system provides centralized authentication, authorization, and accounting services?
AAA Server
87
Which LAN attack floods the switch’s MAC address table to force it to behave like a hub?
MAC address table overflow
88
Which type of LAN attack involves falsifying the identity of a device to gain unauthorized access?
Spoofing
89
Which type of LAN attack generates excessive broadcast or multicast traffic to overwhelm the network?
A LAN storm attack
90
Which detection method in antimalware tools identifies known malware based on fixed patterns?
Signature Based detection
91
Which detection approach identifies malware based on general traits or behaviors common to threats?
Heuristics based detection
92
Which method detects malware by analyzing suspicious activity rather than known traits?
Behavior based detection
93
Which antivirus model installs and runs directly on the protected endpoint device?
Agent/Host based antivirus protection
94
Which antivirus method is optimized for environments where many virtual operating systems run on one host?
Agentless antivirus
95
Which VMware security product is an example of a virtual appliance used in agentless antivirus scanning?
vShield
96
Which Linux tools provide host-based firewall capabilities? (2)
iptables and TCP Wrappers
97
Which security solution includes antivirus, anti-phishing, safe browsing, HIPS, and firewall features in one package?
Host based security suite
98
Which function in host-based security software provides essential logs for analysis and cybersecurity operations?
Telemetry (logging functionilty)
99
Which independent organization tests and reviews host-based security products and antivirus software?
AV-TEST
100
Which security approach uses network scanning devices to provide multiple layers of protection that individual endpoints cannot achieve alone?
Network Based malware protection
101
Which Cisco appliance filters spam and malicious messages before they reach user inboxes?
Cisco ESA (Email Security Appliance)
101
Which endpoint protection technology provides antivirus and malware defense by integrating both network and host data sources?
AMP (Advanced Malware Protection)
101
Which device protects endpoints by blocking access to harmful websites and enforcing acceptable use policies?
WSA (Web Security Appliance)
102
Which type of firewall combines host-level filtering with centralized rule management and log collection?
Distributed Firewall
102
What system restricts network access to only authorized and compliant endpoints, helping enforce security posture before access is granted?
NAC (Network Admission Control)
103
Which security solution ensures that only properly secured and updated endpoints can connect to the network?
NAC (Network Admission Control)
103
Which Microsoft firewall application uses profiles like Public, Private, and Domain to apply different rule sets based on connection context?
Windows Defender Firewall
103
Which Windows Defender Firewall profile is intended for isolated environments like home networks with NAT routers?
Private profile
104
Which Windows Defender Firewall profile is used for connections on public networks and applies the most restrictive rules?
Public profile
105
Which Windows Defender Firewall profile is applied when connected to a trusted business network with central security?
Domain profile
105
Which Linux application allows system administrators to configure firewall rules based on the Netfilter kernel modules?
iptables
105
Which Linux firewall system succeeded iptables and uses a virtual machine to evaluate packet rules in the kernel?
nftables
106
Which Linux tool provides rule-based access control and logging, filtering packets based on IP addresses and network services?
TCP Wrapping
107
Which term is sometimes used interchangeably with HIDS but includes prevention capabilities as well?
HIPDS (Host-based intrusion detection and prevention systems)
107
Which detection strategy defines normal behavior through rules and reacts when these rules are broken?
Policy based detection
107
What technique do attackers use to modify malware so it evades signature detection while retaining functionality?
Polymorphism
108
Which HIDS detection strategy compares host behavior to a learned baseline and reacts to significant deviations?
Anomaly based detection
109
Which open-source HIDS uses a central manager and supports agents for Mac, Windows, Linux, and Solaris?
OSSEC (Open Source HID SECurity)
110
Which type of attack surface includes vulnerabilities in protocols used by smartphones or IoT devices?
Network Attack Surface
110
Which term refers to a list of applications that are explicitly prohibited from running on a computer?
Application Blocklist
111
Which factors contribute to the continued expansion of the attack surface in modern networks? (3)
IoT devices, BYOD and Cloud connectivity.
111
Which method of application control ensures that only specifically approved software may run?
Application Allowlist
111
Which system allows centralized HIDS management by receiving alerts from agents and analyzing them over syslog?
OSSEC (Open Source HIDS SECurity)
112
Which organization defines the three categories of attack surfaces: network, software, and human?
SANS institute
112
Which type of attack surface involves exploitation of web, cloud, or host-based application vulnerabilities?
Software Attack Surface
112
What term describes the total set of vulnerabilities in a system that are accessible to an attacker?
The attack surface
112
Which Cisco system can retrieve blacklists from the Cisco Talos service and distribute them across a network?
Cisco Firepower security management system
113
Which free blacklist service provides regularly updated lists to help block malicious websites or IPs?
The Spamhaus Project
113
Which Windows tool can be used to configure both blacklisting and allowlisting of applications?
Windows Local Group Policy Editor
113
Which type of attack surface is exploited through user actions such as social engineering or insider threats?
Human Attack Surface
113
What defines the accepted risk level and permitted software environment in an organization?
The Security Baseline
113
Which technique allows suspicious files to be executed in a safe environment to observe behavior?
Sandboxing
113
Which system can track a file’s movement through a network and roll back events to retrieve the file?
Cisco AMP (Advanced Malware Protection)
113
Which Cisco sandboxing system can execute a file and document its behavior in a controlled environment?
Cisco Threat Grid Glovebox
113
Which free, local malware analysis system can be used to examine malware samples?
Cuckoo Sandbox
113
Which online sandbox tool provides rich interactive reports including screenshots of malware behavior?
ANY.RUN
113
Which threat modeling framework does ANY.RUN use to map malware tactics?
MITRE ATT&CK Matrix
