Udemy Sections 4-6: Security Applications and Devices, Mobile Device Security, and Hardening

Question 1

Software application that protects a single computer or server from unwanted internet traffic

Answer 1

Personal firewall

AKA host-based firewall

Question 2

Which firewall is used with Windows?

Answer 2

Windows Firewall

Question 3

What do you need to type in the Start bar to find the Windows Firewall with Advanced Security?

Answer 3

wf.msc

Question 4

Which firewall is used with Mac?

Answer 4

PF (Packet Filter)

IPFW (Internet Protocol Firewall) is the older version that is no longer used

Question 5

Which firewall is used with Linux?

Answer 5

iptables

Question 6

T/F: Most antimalware software includes its own firewall

Answer 6

True

Question 7

T/F: Most small/home office routers and access points have their own hardware firewall included

Answer 7

True

Question 8

What does Stealth Mode in Apple’s GUI firewall mean?

Answer 8

Your computer will not respond to or acknowledge any attempt to ping (or otherwise test an application by using ICMP)

Question 9

Device or software application that monitors a system or network and analyzes the data passing through it in order to identify an incident or attack

Answer 9

IDS (Intrusion Detection System)

Question 10

3 types of detection methods that NIDS and HIDS use

Answer 10

Signature-based
Policy-based
Anomaly-based

Question 11

A type of IDS detection method where a specific string of bytes triggers an alert

Answer 11

Signature-based detection method

Question 12

A type of IDS detection method that relies on specific declaration of the security policy (i.e., “No Telnet Authorized”)

Answer 12

Policy-based detection method

Question 13

A type of IDS detection method that analyzes the current traffic against an established baseline and triggers an alert if outside the statistical average

Answer 13

Anomaly-based detection method

AKA statistical-based detection method

Question 14

4 types of IDS alerts

Answer 14

True positive
True negative
False positive
False negative

Question 15

T/F: IDSs can alert, log, and stop suspicious activity

Answer 15

False

IDSs cannot take action on security incidents; they only alert and log

To stop attacks, you must have an IPS

Question 16

Where does the data from IDS logs go to prevent an attacker damaging or altering the logs?

Answer 16

Syslog server

Question 17

Software that blocks external files containing JavaScript, images, or web pages from loading in a browser

Answer 17

Content filter

Question 18

Software that filters website code as it is being downloaded from the server, and removes the advertisements

Answer 18

Adblock

Question 19

A cybersecurity software or hardware solution that monitors the data of a system while in use, in transit, or at rest to detect attempts to steal the data

Answer 19

DLP (Data Loss Prevention)

Question 20

Theft or unauthorized removal or movement of any data from a device

Answer 20

Exfiltration

Question 21

Software-based client that monitors the data in use on a computer and can stop a file transfer or alert an admin of the occurrance.

Can be set to detection mode or prevention mode.

Answer 21

Endpoint DLP system

Question 22

Software or hardware-based solution that is installed on the perimeter of the network to detect data in transit, focusing on data moving out of the network to catch data that should stay in the network.

Answer 22

Network DLP system

Question 23

Software installed on servers in the datacenter to inspect the data at rest. The data should be encrypted and watermarked, and no one should be accessing it at times that they shouldn’t be.

Answer 23

Storage DLP system

Question 24

Cloud software as a service that protects data being stored in cloud services

Answer 24

Cloud DLP system

Question 25

4 types of DLP systems

Answer 25

Endpoint DLP system
Network DLP system
Storage DLP system
Cloud DLP system

Question 26

A type of firmware that provides the computer instructions for how to accept input and send output

Answer 26

BIOS (Basic Input Output System)

Question 27

Updated and more robust version of BIOS

Answer 27

UEFI (Unified Extensible Firmware Interface)

Question 28

Ensuring that the BIOS has the most up-to-date software on the chip

Involves removing what is currently on the chip, and replacing it with the newer, updated version

Answer 28

Flashing the BIOS

Question 29

A password set on a computer that prevents anyone from logging into the BIOS changing the boot order or other settings without having that password. Should be a long, strong password.

Answer 29

BIOS password

Question 30

Settings within the BIOS that enables or disables ways to boot up the hard drive

Answer 30

Boot order

Question 31

5 ways to secure your BIOS

Answer 31

Flash the bios
Set a BIOS password
Configure the BIOS boot order
Disable unnecessary external ports and devices
Enable the secure boot option

Question 32

A type of boot option that, upon booting, your computer verifies the public key from the TPM to ensure the code of the OS that’s being loaded has been digitally signed by the manufacturer and has not been modified. Ensures that you have a protected boot process.

Answer 32

Secure boot

Question 33

What should you do to protect confidentiality of the data on removable media devices?

Answer 33

Encrypt files

Question 34

3 methods to encrypt files for removable media

Answer 34

Windows 10 Bitlocker To Go
USB thumb drive that already has encryption embedded
Removable media controls

Question 35

Technical limitations placed on a system in regards to the utilization of USB storage devices and other removable media

Answer 35

Removable media controls

Question 36

2 ways to enforce removable media controls

Answer 36

Technical controls in Group Policy
Administrative controls

Question 37

Storage devices that connect directly to your organization’s network

Answer 37

NAS (Network Attached Storage)

Question 38

What do NAS systems implement to ensure high availability?

Answer 38

RAID arrays

Question 39

A network designed specifically to perform block storage functions that may consist of NAS devices

Answer 39

SAN (Storage Area Network)

Question 40

3 tips to secure a NAS

Answer 40

Use data encryption
Use proper authentication
Log NAS access

Question 41

Storage device that performs whole disk encryption by using embedded hardware

Very fast, but very expensive

Answer 41

SED (Self-Encrypting Drive)
A type of hardware encryption

Question 42

2 types of encryption

Answer 42

Hardware-based
Software-based

Question 43

T/F: Hardware-based encryption is more commonly used than software-based

Answer 43

False

The opposite is true.

Question 44

Embedded whole-disk encryption in the Mac OS is called

What encryption algorithm does it use?

Answer 44

FileVault

AES

Question 45

Embedded whole-disk encryption in Windows is called

What encryption algorithm does it use?

Answer 45

BitLocker

AES

Question 46

Chip residing on the motherboard that contains a hardware encryption key used by the machine’s embedded whole-disk encryption.

This prevents an attacker from removing the drive from the system and reading it; it cannot be read if the drive is removed from the system because it will not have the encryption key.

Answer 46

TPM (Trusted Platform Module)

Question 47

T/F: If your motherboard doesn’t have a TPM, you can use an external USB drive as a key

Answer 47

True

But if you lose that USB, you’ll never be able to access that data again

Question 48

What type of encryption is AES? (symmetric/asymmetric)

Which encryption keys does it support?

Answer 48

Symmetric

128-bit and 256-bit

Considered unbreakable

Question 49

AES stands for

Answer 49

Advanced Encryption Standard

Question 50

The file-level encryption algorithm used by Windows

Answer 50

EFS (Encrypting File System)

Question 51

T/F: Software-based encryption is slower than hardware-based encryption

Answer 51

False

The opposite is true

Question 52

Physical devices that act as a secure cryptoprocessor during the encryption process. In other words, it acts as a hardware-based encryption device.

Usually a device that plugs in through USB or a network-attached device.

Answer 52

HSM (Hardware Security Module)

Question 53

HSM stands for

Answer 53

Hardware Security Module

Question 54

Used when conducting monitoring, logging, and analysis of endpoints

Answer 54

Endpoint analysis

Question 55

Software capable of detecting and removing virus infections and (in most cases) other types of malware, such as worms, Trojans, rootkits, adware, spyware, password crackers, network mappers, DoS tools, and others

Answer 55

Antivirus (AV)

Question 56

AV stands for

Answer 56

Antivirus

Question 57

A type of IDS or IPS that monitors a computer system for unexpected behavior or drastic changes to the system’s state on an endpoint

Answer 57

HIDS/HIPS

Question 58

A software agent and monitoring system that performs multiple security tasks such as AV, HIDS/HIPS, firewall, DLP, and file encryption. The “swiss army knife” of security tools.

Mostly based on signature detection.

Answer 58

EPP (Endpoint Protection Platform)

Question 59

EPP stands for

Answer 59

Endpoint Protection Platform

Question 60

A software agent that collects system data and logs for analysis by monitoring a system to provide early detection of threats.

Mostly based on data collection and behavioral and anomaly analysis

Answer 60

EDR (Endpoint Detection and Response)

Question 61

EDR stands for

Answer 61

Endpoint Detection and Response

Question 62

A system that can provide automated identification of suspicious activity by user accounts and computer hosts

Mostly based on the process behavioral analysis, rather than endpoint data collection

Answer 62

UEBA (User and Entity Behavior Analytics)

Question 63

UEBA stands for

Answer 63

User and Entity Behavior Analytics

Question 64

T/F: UEBA solutions are heavily dependent on advanced computing techniques like AI and ML

Answer 64

True

Question 65

What is Splunk?

Answer 65

A UEBA solution

Question 66

ATP stands for

Answer 66

Advanced Threat Protection

Question 67

AEP stands for

Answer 67

Advanced Endpoint Protection

Question 68

A hybrid of EPP, EDR, and UEBA

Answer 68

NGAV (NextGen AV)

Question 69

The highest level of wireless security

Answer 69

WPA2

Question 70

WPA2 stands for

Answer 70

Wireless Protected Access version 2

Question 71

Why is WPA2 the highest level of wireless security?

Answer 71

WPA2 uses the AES encryption algorithm, which is considered unbreakable as of today.

Question 72

How are Bluetooth connections secured?

Answer 72

Bluetooth pairing creates a shared link key to encrypt the connection

Question 73

T/F: Wired devices are almost always more secure than wireless ones.

Answer 73

True

Question 74

When determining which Bluetooth device to purchase, which encryption algorithm should you be looking for?

Answer 74

AES (Advanced Encryption Standard)

Question 75

What is the first step to securing mobile devices from mobile malware?

Answer 75

Third-party antivirus

Question 76

T/F: Apple mobile devices tend to be more secure than Google devices (Android)

Answer 76

True.

When Apple creates a patch, it is available almost immediately.

When Google creates a patch, all of the different manufacturers (including Android) need to modify the patch to fit their OS. For this reason, patches can take a number of months before they become available to Android users.

Question 77

T/F: You can always trust that software apps available through the official App Store or Play store are secure and safe.

Answer 77

False

Malware can sometimes sneak past Google’s or Apple’s security checks.

Question 78

What does it mean to root a device?

Answer 78

It means jailbreaking the device

Question 79

Why shouldn’t you jailbreak your mobile device?

Answer 79

You bypass the natural protection that the system has, making you more vulnerable to attacks

Question 80

Why shouldn’t you use an Android custom firmware or custom ROM?

Answer 80

You’re using an alternate version of the OS. When Google releases patches, it doesn’t make its way to the custom firmware/ROM

Question 81

What does ROM stand for as it relates to an Android device?

Answer 81

Read Only Memory

Question 82

A file containing the executable instructions (a system image) of an Android OS and affiliated apps.

Answer 82

ROM (Read Only Memory)

Question 83

SIM stands for

Answer 83

Subscriber Identity Module

Question 84

Integrated circuit that securely stores the IMSI number and its related key

Answer 84

SIM card

Question 85

IMSI stands for

Answer 85

International Mobile Subscriber Identity

Question 86

Allows two phones to utilize the same service and allows an attacker to gain access to the phone’s data. Also allows an attacker to read texts that you receive

Answer 86

SIM cloning

Question 87

T/F: SIM v2 cards are much more difficult to clone

Answer 87

True

Question 88

What is the main reason that attackers are after gaining your phone number?

Answer 88

Two-factor authentication on websites to access your accounts

Question 89

How to ensure that attackers cannot steal your phone number

Answer 89

Set up a Google Voice Number.

Question 90

What is Google Voice Number?

Answer 90

A phone number that is only used to call people; nobody knows what your actual phone number is behind it.

Question 91

Sending unsolicited messages to Bluetooth-enabled devices

Answer 91

Bluejacking

Question 92

Unauthorized access of information from a wireless device over a Bluetooth connection

Answer 92

Bluesnarfing

Question 93

Difference between Bluejacking and Bluesnarfing?

Answer 93

In Bluejacking, an attacker sends information

In Bluesnarfing, an attacker takes information

Question 94

What are the 2 default Bluetooth link keys on most devices?

Answer 94

0000 or 1234

Question 95

If you must use Bluetooth, what can you do to secure your device?

Answer 95

Turn off Discoverable Mode

Question 96

First step to protect your mobile device in the event of theft

Answer 96

Full-disk encryption

Question 97

Websites that connect to your phone based on its data location and GPS signal

Answer 97

Apple - Find My iPhone
Android - Find My Phone

Question 98

A process that can remotely lock a device. Causes a pin or password to be required before someone can use the device

Answer 98

Remote lock

Question 99

Remotely erases the contents of a device to ensure the information is not recovered by the thief

Answer 99

Remote wipe

Question 100

What is jailbreaking/rooting?

Answer 100

Removing the manufacturer’s security protections so you can take it to a different wireless carrier or install third-party apps.

Question 101

What is the difference between jailbreaking and rooting?

Answer 101

They are the same, but rooting is the term for Android devices

Question 102

TLS stands for

Answer 102

Transport Layer Security

Question 103

HTTPS uses what kind of encryption?

Answer 103

TLS

Question 104

This security protocol puts an encryption layer and a tunnel between your device and the web server to ensure confidentiality

Answer 104

TLS

Question 105

Centralized software solution that allows system admins to create and enforce policies across its mobile devices

Answer 105

MDM (Mobile Device Management)

Question 106

MDM stands for

Answer 106

Mobile Device Management

Question 107

Embedding of the geolocation coordinates into a piece of data (i.e. a photo)

Answer 107

Geotagging

Question 108

T/F: BYOD introduces many security issues

Answer 108

True

Question 109

BYOD stands for

Answer 109

Bring Your Own Device

Question 110

Creating a clear separation between personal and company data on a single device

Answer 110

Storage segmentation

Question 111

CYOD stands for

Answer 111

Choose Your Own Device

Question 112

T/F: MDM can prevent certain applications from being installed on a device as well as use DLP systems on the device

Answer 112

True

Question 113

What is the official app store for Apple devices?

What is the official app store for Google Devices?

Answer 113

App Store

Google Play

Question 114

Which kind of SIM card should you be using to keep your mobile device secure against cloning?

Answer 114

SIM v2

Question 115

HTTPS uses what kind of security protocol?

Answer 115

TLS

Question 116

Act of configuring an OS securely by updating it, creating rules and policies to govern it, and removing unnecessary apps and services

Answer 116

Hardening

Question 117

Process of configuring a workstation or server to only provide essential apps and services

Answer 117

Least functionality

Question 118

SCCM stands for

Answer 118

Microsoft’s System Center Configuration Management

Question 119

Best practice in order to ensure work computers across an enterprise are setup with strict configuration? Prevents unnecessary applications from being installed and comes with protections.

Answer 119

Utilizing a secure baseline image when setting up new computers

Question 120

A security capability that allows only applications on a list to be run by the OS while all other applications are blocked

Answer 120

Application allowlisting

Question 121

A security capability where any application placed on a list will be preventing from running while all others will be permitted to run

Answer 121

Application blocklisting

Question 122

The Windows filename for the list of services on your computer

Answer 122

services.msc

Question 123

An OS that meets the requirements set forth by the government and has multilevel security

Answer 123

TOS (Trusted OS)

Question 124

TOS stands for

Answer 124

Trusted Operating System

Question 125

Which version of Windows is a TOS?

Answer 125

Windows 7 and newer

Question 126

Which version of Mac is a TOS?

Answer 126

Mac OS X 10.6 and newer

Question 127

What version of FreeBSD is a TOS?

Answer 127

TrustedBSD

Question 128

Which Red Hat OS is a TOS?

Answer 128

Red Hat Enterprise Server

Question 129

4 most popular TOSs

Answer 129

Windows 7 and newer
Mac OS X 10.6 and newer
FreeBSD (TrustedBSD)
Red Hat Enterprise Server

Question 130

A single problem-fixing piece of software for an OS or app

Answer 130

Patch
AKA hotfix

Question 131

Software code that is issued for a product-specific security-related vulnerability

Answer 131

Security update

Question 132

Software code for a specific problem addressing a critical, non-security bug in the software

Answer 132

Critical update

Question 133

A tested, cumulative grouping of patches, hotfixes, security updates, critical updates, and possibly some feature or design changes

Answer 133

Service pack

Question 134

Recommended update to fix a noncritical problem that users have found, as well as to provide additional features or capabilities

Answer 134

Windows update

Question 135

Updated device driver to fix a security issue or add a feature to a supported piece of hardware

Answer 135

Driver update

Question 136

The filename for the Windows Update program

Answer 136

wuapp.exe

Question 137

Process of planning, testing, implementing, and auditing of software patches

Answer 137

Patch management

Question 138

4 steps of patch management

Answer 138

Planning
Testing
Implementing
Auditing

Question 139

Filename for the Windows Update service (disabling this prevents updates from downloading automatically)

Answer 139

wuauserv

Question 140

What is the auditing step in patch management?

Answer 140

Making sure the update was configured properly on the client’s computer

Question 141

A set of rules or policies that can be applied to a set of users or computer accounts w/in the OS

Answer 141

Group policy

Question 142

What is the program name for the Group Policy Editor in Windows?

Answer 142

gpedit

Question 143

A group of policies that can be loaded through one procedure

Answer 143

Security template

Question 144

GPO stands for

Answer 144

Group Policy Objective

Question 145

The process of measuring changes in the network, hardware, and software environment

Answer 145

Baselining

Question 146

Which 2 filesystems can Windows utilize?

Answer 146

NTFS
FAT32

Question 147

NTFS stands for

Answer 147

New Technology File System

Question 148

The default filesystem format for Windows. More secure because it supports logging, encryption, larger partition sizes, and larger file sizes than FAT32.

Answer 148

NTFS

Question 149

Which filesystem should you use for a Linux system?

Answer 149

ext4

Question 150

Which filesystem should you use for a Mac?

Answer 150

APFS

Question 151

How to conduct a filesystem check in Windows?

Answer 151

Check Disk with the System File Checker

Question 152

How to conduct a filesystem check in Linux?

Answer 152

fsck

Question 153

How to conduct a filesystem check in Mac?

Answer 153

First Aid in the disk utility app

Question 154

A collection of Group Policy settings that defines what a system will look like and how it will behave for a defined group of users. It allows an administrator to create a policy and deploy it across a large number of devices in the domain or network.

Answer 154

GPO (Group Policy Object)

Question 155

Difference between SED and HSM?

Answer 155

SED is a storage device that has built-in cryptographic processing.

HSM is a hardened, tamper-resistant hardware device that strengthens encryption practices by generating keys, encrypting and decrypting data, and creating and verifying digital signatures.