Módulo 10 - Protocol, App and Cloud Security Flashcards

Question

Define: Virtual private network (VPN)

Answer 1

A secure tunnel over another network, connecting multiple remote endpoints, with multipoint VPNs connecting more than two endpoints.

Answer 2

Software, firmware, or hardware creating and running virtual machines by managing the virtual platform and guest OS execution.

Answer 3

The use of software containers or pseudo-interfaces to emulate a physical network, improving efficiency by isolating applications.

Answer 4

The combination or segmentation of LANs to create virtual networks, improving efficiency and flexibility across large networks.

Answer 5

Virtual Local Area Network

Answer 6

Virtual Area Network

Answer 7

Virtual Private Network

Answer 8

Virtual Machine Monitor

Answer 9

1. Delivery of common business applications via web services 2. Connection over the internet or a LAN 3. No end-user knowledge of physical infrastructure needed

Answer 10

1. Public cloud 2. Private cloud 3. Community cloud 4. Hybrid cloud

Answer 11

1. Infrastructure as a Service (IaaS) 2. Platform as a Service (PaaS) 3. Software as a Service (SaaS) 4. Security as a Service (SECaaS)

Answer 12

1. Zero Trust 2. Cloud Access Security Broker (CASB) 3. Segregate centrally stored data 4. Patches Mamagemnt 5. Service management 6. Security monitoring 7. Encryption 8. Penetration testing 9. Comply with regulatory measures

Answer 13

1. Workstation hardware costs 2. Centralized data protection and backup 3. Remote access 4. Fast snapshots deploy 5. No lost devices

Answer 14

The provision of software, data access, computation, and storage services via the internet without requiring end-user knowledge of physical infrastructure.

Answer 15

A cloud accessible by anyone, with resources made available by a service provider, often for free or with a fee.

Answer 16

A cloud restricted to a single organization, hosted internally or by a third party, with secure, exclusive access to resources.

Answer 17

A combination of public, private, and community cloud resources, integrating their functionalities.

Answer 18

A cloud model providing security services such as authentication, anti-virus, intrusion detection, and penetration testing, integrated into a corporate infrastructure.

Answer 19

A tool or service ensuring communication and access to cloud services comply with organizational security policies and procedures.

Answer 20

All points at which a malicious threat actor could attempt to exploit vulnerabilities in a system.

Answer 21

An attack where a threat actor infiltrates a target indirectly through vulnerabilities in its supply chain, such as cloud service providers or hardware vendors.

Answer 22

A virtualization method hosting user desktops on data center hardware, allowing access via thin clients with enhanced security and flexibility.

Answer 23

Infrastructure as a Service

Answer 24

Platform as a Service

Answer 25

Software as a Service

Answer 26

Security as a Service

Answer 27

Cloud Access Security Broker

Answer 28

1. Implement security controls like in physical datacenters 2. Use data classification policies 3. Assign information to storage, handling, and access categories 4. Assign security classifications based on sensitivity and criticality 5. Use tools to securely dispose of data when no longer needed

Answer 29

1. Pay only for storage used 2. Cuts energy consumption by up to 70% 3. Offers off-premises, on-premises, or hybrid storage options 4. Provides intrinsic storage availability and data protection 5. Shifts storage maintenance tasks to the provider 6. Allows VM image transfer between cloud and on-premises locations 7. Serves as a natural disaster backup with globally distributed servers

Answer 30

A data storage model provided by a third party as a service, utilizing distributed resources to offer redundancy, durability, and scalability.

Answer 31

A gatekeeper that enforces security policies on cloud storage, focusing on visibility, compliance, access control, encryption, and loss prevention.

Answer 32

A cloud storage design where distributed resources act as one unified system for redundancy and fault tolerance.

Answer 33

A cloud storage system with intrinsic availability and data protection, ideal for reducing costs and effort in managing availability and recovery.

Answer 34

1. Cellular 2. WiFi 3. Bluetooth 4. NFC 5. ANT 6. Infrared 7. USB 8. SATCOM (satellite)

Answer 35

1. Device content management 2. Remote wipe 3. Geofencing 4. Geolocation management 5. Screen lock with passwords 6. Push notification management 7. Password storage and management 8. Biometrics 9. Full device encryption

Answer 36

1. Rooting/jailbreaking/sideloading 2. Flashing custom firmware 3. Carrier unlocking 4. OTA firmware and app updates 5. Camera usage and geolocation in pictures 6. SMS/MMS protocols 7. Connection to external media 8. USB OTG 9. Microphone usage for recording 10. Tethering

Answer 37

1. Sandboxed apps 2. Digital signatures from Apple or certified third parties 3. Encryption APIs for app data (AES, RC4, 3DES)

Answer 38

1. Modules must be digitally signed by Microsoft 2. Anti-buffer-overflow memory restrictions 3. Data Execution Prevention (DEP) 4. Address Space Layout Randomization (ASLR) 5. SafeSEH and sacrificial canary values

Answer 39

1. Use apps only from reputable sources 2. Avoid jailbreaking or sideloading apps 3. Use app whitelisting via MDM solutions

Answer 40

Restricting a mobile device to a particular geographical area.

Answer 41

The ability to store usernames and passwords for various resources, enabling automatic login to network resources or websites.

Answer 42

The process of defining specific apps that are allowed on a device, often enforced using mobile device management (MDM) solutions.

Answer 43

The embedding of GPS coordinates within files, such as images or videos, which can pose privacy and security risks.

Answer 44

The process of installing apps from third-party app stores or websites instead of official app stores.

Answer 45

Near Field Communication

Answer 46

Adaptive Network Topology

Answer 47

Mobile Device Management

Answer 48

Over-the-Air

Answer 49

1. Manually configure security settings on each device 2. Distribute security settings via configuration profiles for iOS 3. Use an MDM solution to push security policies over a network

Answer 50

1. Apple iOS 8.0 and later 2. Mac OS X 10.9 and later 3. Windows > 8.1 4. Google Android 4.0

Answer 51

1. Intune Standalone (cloud-only) 2. Hybrid MDM with Configuration Manager

Answer 52

1. Account Portal 2. Admin Portal 3. Company Portal

Answer 53

1. Add Intune users 2. Define Intune policies 3. Manage users and groups 4. Enroll computers 5. Enroll mobile devices

Answer 54

A cloud-based MDM solution from Microsoft that enables remote management and security for mobile devices and Windows systems.

Answer 55

A cloud-only deployment of Windows Intune managed via a web console accessible over the internet.

Answer 56

A deployment combining Windows Intune's MDM capabilities with Configuration Manager for content and device administration.

Answer 57

A service required for managing iOS devices through MDM solutions, enabling notifications and enrollment actions.

Answer 58

Mobile Device Management

Answer 59

Apple Push Notification Service

Answer 60

Enterprise Management + Security

Answer 61

1. Track the device 2. Push apps and updates 3. Manage security settings (e.g., lock screens, passwords) 4. Remotely wipe the device

Answer 62

1. Install and uninstall apps remotely 2. Update apps as needed 3. Limit app functionality as needed

Answer 63

1. Workstations 2. Printers 3. Mobile devices 4. IoT devices 5. Wearable devices

Answer 64

1. Add 2. Deploy 3. Configure 4. Protect 5. Retire

Answer 65

1. App catalog 2. Self-service portal 3. Remote management

Answer 66

A solution that allows IT administrators to remotely manage and enforce policies on mobile devices, focusing on the device itself.

Answer 67

A solution that manages applications on mobile devices, enabling control over app installation, updates, and functionality.

Answer 68

A solution combining MDM and MAM to manage both device hardware and applications, addressing challenges of diverse device ecosystems.

Answer 69

A comprehensive solution that combines traditional device management and enterprise mobility management to manage all endpoint types in a single system.

Answer 70

A method that defines the apps users can and cannot use, assigning apps to users or devices via groups for streamlined management.

Answer 71

A Mobile Application Management configuration allowing app and data protection on devices enrolled with third-party EMM providers.

Answer 72

Access control based on app protection policies, restricting user actions like copying data or installing apps on rooted devices.

Answer 73

Mobile Application Management

Answer 74

Enterprise Mobility Management

Answer 75

Unified Endpoint Management

Answer 76

Mobile Application Management Without Enrollment

Answer 77

1. Malware propagation 2. Loss of sensitive data control 3. Malicious insider attacks 4. Device management 5. Support responsibilities

Answer 78

1. Corporate-owned device 2. Corporate-owned, personally enabled (COPE) 3. Choose your own device (CYOD) 4. Virtual desktop infrastructure (VDI)

Answer 79

The risk of infected user devices spreading malware when connected to the organization's network.

Answer 80

The risk of sensitive organizational data being copied to personal devices and exposed due to weak security, theft, or malware.

Answer 81

Threats posed by users intentionally misusing personal devices to steal or capture sensitive information.

Answer 82

The challenge of defining responsibility for updates, anti-malware, and overall maintenance of personal devices used on-site.

Answer 83

The need to address who provides support for personal devices and apps used for organizational purposes.

Answer 84

A strategy where the company provides devices, enabling greater control and monitoring of security while restricting usage to workplace purposes.

Answer 85

A deployment model allowing employees to use company-owned devices for both corporate and personal purposes while maintaining strong security controls.

Answer 86

A strategy offering employees a limited selection of corporate-owned devices, balancing user choice with enhanced security measures.

Answer 87

A technology enabling mobile devices to connect to a virtualized desktop, enhancing security and data protection by processing data on central servers.

Answer 88

Bring Your Own Device

Answer 89

Corporate-Owned, Personally Enabled

Answer 90

Choose Your Own Device

Answer 91

Virtual Desktop Infrastructure

Answer 92

1. Refrigerators 2. Dishwashers 3. Microwaves

Answer 93

1. Regularly update firmware manually (if supported) 2. Segment the network using VLANs 3. Encrypt all network communications

Answer 94

Supervisory Control and Data Acquisition systems are specialized computers that gather, analyze, and manage industrial automation equipment.

Answer 95

An OS designed to serve real-time applications with strict time constraints, often critical to entire system operations.

Answer 96

An integrated circuit that includes all typical computer system components, commonly used in hobbyist projects like Raspberry Pi.

Answer 97

A configurable screen with buttons used to display and interact with data, commonly found on airplanes, helicopters, and ships.

Answer 98

A protocol optimized for transmitting voice data over packet-switched IP networks, allowing phone calls through the internet.

Answer 99

An integrated circuit configured post-manufacture by the customer using a hardware description language (HDL).

Answer 100

Aircraft that operate without a human pilot onboard, used for military, search and rescue, weather monitoring, and recreation.

Answer 101

An open-source hardware and software platform for building digital devices and interactive objects, featuring single-board microcontrollers.

Answer 102

Supervisory Control and Data Acquisition

Answer 103

Real-Time Operating System

Answer 104

System on a Chip

Answer 105

Multi-Function Display

Answer 106

Field Programmable Gate Array

Answer 107

Voice over IP"

Answer 108

1. Virus 2. Spam 3. Open SMTP relay abuse 4. Phishing

Answer 109

1. Enable spam filters on clients and email servers 2. Enable antivirus scanning for attachments 3. Disable preview screens in email clients 4. Avoid clicking unsubscribe links in unsolicited emails 5. Install server-level anti-spam software 6. Avoid posting full email addresses on the web

Answer 110

1. Sender Policy Framework (SPF) 2. DomainKeys Identified Mail (DKIM) 3. Domain-based Message Authentication, Reporting & Conformance (DMARC)

Answer 111

1. Authentication 2. Message integrity 3. Non-repudiation through digital signatures 4. Privacy through encryption

Answer 112

An email authentication method that verifies the sender's IP address against a list of authorized IPs published in the DNS TXT records of the sender's domain.

Answer 113

A protocol that uses digital signatures to verify the integrity and authenticity of email messages by checking the signature against a DKIM record in the sender's DNS.

Answer 114

A protocol that uses SPF and DKIM checks to define rules for handling emails and provides reporting on unauthorized email activity.

Answer 115

Secure/Multipurpose Internet Mail Extensions, a protocol that uses X.509 certificates for email encryption and digital signatures to ensure authentication, integrity, and privacy.

Answer 116

Pretty Good Privacy, a system for email encryption and digital signatures that uses either a web of trust or trust signatures for certificate validation.

Answer 117

Sender Policy Framework

Answer 118

DomainKeys Identified Mail

Answer 119

Domain-based Message Authentication, Reporting & Conformance

Answer 120

Secure/Multipurpose Internet Mail Extensions

Answer 121

Pretty Good Privacy

Módulo 10 - Protocol, App and Cloud Security Flashcards

(145 cards)