Section 3.2 Host and Application Security Solutions Flashcards
1
Q
Where should endpoint detection be focused?
A
Throughout the entire network
2
Q
What monitors network activity for suspicious behavior and alerts if anything is found?
A
Intrusion Detection Systems (IDS)
3
Q
What monitors network activity and attempts to deal with the issue and either disconnects suspicious connections or turn off attacked services?
A
Intrusion Prevention Systems (IPS)
4
Q
What monitors network patterns and headers of network patches?
A
Network Intrusion Detection systems (NIDS)
5
Q
What component of NIDS collect network data and sends it to the network monitor for analysis?
A
Detection Agent
6
Q
What component of NIDS takes data from the detection agent, analyzes it, and sends warning notifications?
A
Network Monitor
7
Q
What component of NIDS is used for notifications and alarms which are sent to the administrator?
A
Notification system
8
Q
IDS’s are usually located where on the network?
A
A central point
9
Q
What mode of IDS deployment analyzes all traffic?
A
In-band
10
Q
What mode of IDS deployment only analyzes some of the traffic?
A
Out-of-band
11
Q
What do you call a NIDS that uses active detection methods to take immediate steps to halt an intrusion?
A
NIPS
12
Q
What prevention system reroutes network traffic in case of network attacks and terminates suspicious network activity?
A
NIPS
13
Q
What is a disadvantage of active detection systems?
A
False positives can shut down the system
14
Q
What kind of intrusion detection takes steps to mitigate an intrusion?
A
Active Intrusion Detection
15
Q
What kind of intrusion detection typically logs the event or generates alarms?
A
Passive Intrusion Detection
16
Q
What do you call a deep-packet inspection firewall that moves beyond port/protocol inspection and blocking?
A
Next Generation Firewall
17
Q
What kind of monitoring systems contain signature databases that they use to detect attacks?
A
Signature-Based Monitoring
18
Q
What kind of monitoring systems rely on the collective knowledge of security vendors but are unable to detect new attacks that haven’t been recorded?
A
Signature-Based Monitoring
19
Q
What kind of monitoring systems use a known good baseline and looks for anomolies?
A
Behavior/Anomaly-Based Monitoring
20
Q
What kind of monitoring systems are easily and quickly adapted to the environment and can detect new variants of attacks but take time to build a baseline profile?
A
Behavior/Anomaly-Based Monitoring
21
Q
What kind of monitoring systems starts with an initial database of known attack types but changes its alert signatures based on learned behavior?
A
Heuristic-Based Monitoring
22
Q
What do you call a type of attack that has rarely or never been encountered and takes advantage of previously unknown weaknesses and vulnerabilities in a software program or operating system?
A
A zero-day attack
23
Q
What kind of monitoring systems relies on admin to create rules and determine consequences for breaking those rules?
A
Rule-based monitoring
24
Q
What kind of monitoring systems require significant manual set-up and continuous updating?
A
Rule-based monitoring
25
What detection system monitors a specific host for suspicious behavior that could indicate someone is trying to break into the system?
Host-based Intrusion Detection System (HIDS)
26
What detection system can detect an attack by a malicious user who is physically accessing the system console?
Host-based Intrusion Detection System (HIDS)
27
What is an integrated endpoint security solution that combines: REAL-TIME continuous monitoring and collection of endpoint data with rules-based AUTOMATED RESPONSE AND ANALYSIS capabilities?
Endpoint Detection and Response (EDR)
28
What solutions keep sensitive data from leaving a network by a USB, email, etc.?
Data Loss Prevention Solutions
29
What solutions tag data with labels that say whether data can leave the network and how it can leave the network?
Data Loss Preventions
30
What protects both the computers and the networks to which they connect as well as provide a first level of defense to prevent virus spreading?
Antivirus
31
Most viruses and spyware enter a system how?
through email attachments and internet downloads
32
What kind of firewall performs critical functions to protect a user's host computer?
Host-based firewall
33
What part of the host system contains the program code and instructions for starting a computer and loading the OS?
Basic Input/Output System
34
What do you call maintaining the BIOS of of a host system?
Boot Integrity
35
Modern systems use what to boot because it is more secure and is needed for a secure boot of the OS?
Unified Extensible Firmware Interface (UEFI)
36
What uses an unchangeable piece of hardware that contains cryptographic function keys, and verifies that BIOS is being loaded from a known good version?
Hardware Root of Trust
37
What do you call adding a suffix of random characters to a password before it is encrypted?
Salting
38
What creates a 'unique fingerprint' for a message?
Hashing
39
What prevents someone who gains unauthorized access to a database from being able to read the data without an encryption key?
Database Encryption
40
What makes sure that when applications are deployed, they don't contain security issues that can expose sensitive data?
Secure coding practices
41
What do you call the surrounding infrastructure that supports software applications?
Data Center
42
What manages and provisions data centers through machine readable files instead of the physical hardware?
Infrastructure as Code
43
What do you call the small text files saved on your computer to store website data?
Cookies
44
What kind of cookies only transmit over secure channels?
Secure cookies
45
What disallow connections through HTTP and protects against attacks?
HTTP Strict Transport Security (HSTS) headers
46
HTTP request and response messages have what that include various HTTP commands, directives, site referral information, and address data?
Headers
47
What kind of analysis is conducted by executing software on a real or virtual processer to determine how the software will behave in a potentially negative environment?
Dynamic code analysis
48
What refers to the process of coding applications to accept only certain valid input for user-entered fields?
Input Validation
49
What determines how the software should react to error conditions and exceptions?
Error and Exception handling
50
What recognizes specific types of command characters and parses them as simple data rather than executing the text as a command?
Escaping
51
What do you call the use of existing source code for a new purpose, either for a new program or for a new environment?
Code Reuse
52
What do you call saved subroutines that can be used within applications accessing databases, saving time and memory by combining the execution of several statements into one stored procedure?
stored procedures
53
What prevents unauthorized applications from executing by checking each potential execution against a list of applications that have been granted execution rights?
Allow list
54
What concept refers to keeping the OS and applications current through regular updates and critical software patches and removing unnecessary software services from the system?
Operating system hardening
55
What do you call an OS that has met a set of standards such as the Common Criteria?
Trusted OS
56
OS vendors regularly release software updates, which are often rolled into larger software packages called?
service packs, updates, or packages
57
User interaction with external Internet users can result in viruses or Trojans being downloaded that allow what to the users computer?
Backdoor access
58
To protect against the use of backdoor access, the network admin should do what to these programs on the main network firewall to keep them from communicating with the Internet?
block the service ports
59
All software on the workstation should be kept current with what to remove security vulnerabilities from previous versions?
Most recent patches and upgrades
60
What disallows the ability to execute code from memory locations that are reserved for Windows and other known to be good programs?
Data Execution Prevention (DEP)
61
What do you call a special hardware chip that provides authentication by storing security mechanisms that are specific to that system hardware?
TPM
62
What do you call a specialized hardware appliance used to provide onboard cryptographic functions and processing?
Hardware Security Module
63
What should be used to secure access to the data of removable media?
Encryption and Authentication
64
What is used to open email attachments or other high risk files in an environment that will be less harmful if they do indeed turn out to be malicious?
Sandboxing
65
What do you use to protect hosts and applications against a wide variety of malware programs?
Antivirus and Anti-malware software
66
What protects web applications by filtering and monitoring HTTP traffic between a web application and the internet?
Firewalls
67
What should be used to protect the data of mobile devices?
passwords and encryption
68
What should be used to establish a strong, secure foundation for your OS, applications, and web browsers for all your systems, including mobile devices?
security baselines and policies
69
What should be used to make sure hackers cannot insert malformed input or command requests in application input forms?
Input Validation
70
What should you do to special characters and command characters so that they are processed as data, not actual commands?
Use Escaping
71
What should not be displayed in error messages?
filename and directory paths
72
What should applications handle without crashing or providing unauthorized access?
exceptions
73
What concepts should be used to prevent confidential data loss and interception?
DLP concepts
74
What should be used for secure storage of encryption keys and certificates for hardware platforms?
TPM's
75
What are used for high-end security applications that require secure key generation and management on a separate hardware appliance?
HSM's
76
What can secure data in storage on a database server?
Database Encryption
77
What is a software program designed to detect and destroy viruses and other malicious software from the system?
Antivirus
78
What is a program that protects the system from all kinds of malware including viruses, Trojans, worms, and PUPs?
Antimalware
78
What typically protects web applications from common attacks like XSS, CSRF, and SQL Injections?
Firewalls
79
What kind of firewall is an application that is built into desktop operating systems, like Windows or Linux?
Host-based firewall
80
What two types of firewalls are often used together in a layered defense?
Host-based and Network-based
81
What do you call a boot where all components from the firmware, applications, and software are measured and information is stored on a log file?
Measured Boot
82
In a measured boot where is the log file stored?
on the TPM chip on the motherboard
83
What kind of boot is performed at startup where the OS checks that all of the drivers have been signed?
Trusted secure Boot
84
What is it called where during the software integrity is confirmed during the boot process?
Boot attestation
85
What is deemed more secure than encryption because it cannot be reversed?
Tokenization
86
What is used to index and fetch items from a database?
Hashing
87
What function maps data to where the actual records are held?
Hash function
88
What renders rainbow tables ineffective?
Salting
89
What ensures buffer overflow, integer overflow, and SQL injection attacks cannot be launched against applications and databases?
Input validation
90
What can be stolen by attackers to carry out a session hijacking attack?
Secure cookies
91
What can help prevent an attacker from carrying out a cross-site scripting attack through HTTP response headers?
HTTP Strict Transport Security headers
92
What uses a certificate to digitally sign scripts and executables to verify their authenticity and to confirm they are genuine?
Code Signing
93
What do you call it when the developer who creates software writes code in a manner that ensures that there are no bugs or flaws?
Secure Coding Practices
94
What concepts intent is to prevent attacks such as buffer overflow or integer injection during code development?
Secure Coding Practices
95
What do you call analysis where the code is not executed locally but is analyzed by a static code analyzer tool?
Static Code analysis
96
What is the process of running source code inside the tool that reports any flaws or weaknesses?
Static code analysis
97
What kind of analysis requires source code access?
Static code analysis
98
What do you call analysis where the code is executed and fuzzing is used to inject random input into the application?
Dynamic code analysis
99
What kind of analysis exposes flaws in an application before it is rolled out to production?
Dynamic code analysis
100
What kind of analysis does not require source code access?
Dynamic code analysis
101
What is it called when code is reviewed line by line to ensure that the code is well-written and error free? It tends to be tedious and time consuming,
Manual Code Review
102
What is the hardening process of open ports and services?
listening ports should be restricted to those necessary, filtered to restrict traffic, and disabled entirely if unneeded. (Block through firewalls, disable by disabling underlying service)
103
What is the hardening process of the registry?
access should be restricted, and updates should be controlled through policy where available (always make a backup first)
104
What should be used to prevent unwanted access to data in a variety of circumstances?
Drive encryption
105
What is the hardening process of the OS?
OS hardening can often be implemented through security baselines, applied through group policies or management tools
106
What kind of device encrypts anything that is written to that drive?
Self-encrypting Drive
107
What is used for key storage when certificates are used in Full Disk Encryption?
Hardware root of trust
108
What verifies that the keys match before the secure boot process takes place?
Hardware root of trust
109
What is often used as the basis for a hardware root of trust?
TPM
110
What provides the OS with access to keys, but prevents drive removal and data access?
TPM
