Creado por DJ Perrone
hace alrededor de 7 años
|
||
Pregunta | Respuesta |
What is a Trusted OS? | - An OS that provides sufficient support for multilevel security. - Meets Government requirements. |
What is TCSEC? | Trusted Computer System Evaluation Criteria - Issued series of books called "Rainbow Series" |
What was the TCSEC replaced by? | Common Criteria (CC) |
What is EAL and how many levels are there? | - Evaluation Assurance Levels - 7 Levels |
Which policies should be part of anti-malware training for users? | - Keeping anti-malware apps current - Performing daily or weekly scans - Disabling auto-run/auto-play - Disabling image previews in Outlook - Surfing smart - Hardening the browser with zones / filters |
What are two locations that DLP could be implemented? | - Network DLP - Endpoint DLP |
What is Network DLP? | - Put at network egress points near perimeter. - Analyzes network traffic |
What is Endpoint DLP? | Runs on end user workstations. |
What two methods does DLP use to determine sensitive data? | - Precise method - Imprecise method |
What are some auditing guidelines? | - Develop a log management plan - Ensure deleting logs reqs TPI - Monitor high-privilege accounts - Ensure you cannot delete logs |
If you see an audit event showing a lot of failure audits for logon/logoff, what could be the threat? | - Random password hack - Brute force attack. |
If you see an audit event showing successful audits for user rights, user and group management along with security changes, what could be the threat? | Misuse of privileges |
What are some aspects of host hardening? | - Remove unnecessary applications - Disable unnecessary services and ports - Control connection to external media - Disable unnecessary accounts - Change default account names and passwords |
While using Intel Active Management Technology (AMT) with Intel vPro chip set, what are some tasks you can accomplish with SCCM on Microsoft Server 2012R2? | - Power on or off multiple computers - Restart a non-functioning computer from known good boot image. - Re-image computer via PXE - Config scheduled software deployments |
Which device is used to protect keys on a disk that's fully encrypted? | Trusted Platform Module (TPM) |
What are two common uses of TPM chips? | - Binding - Sealing |
In reference to TPM, what is binding? | When the HDD is encrypted and the TPM is stored on the physical box. The HDD can only be decrypted by that box. |
In reference to TPM, what is sealing? | Confines the encryption to the HDD, allowing the HDD to be moved to another box. |
What are the memory types used in a TPM chip? | - Endorsement Key (EK) - Storage Root Key (SRK) - Attestation Identity Key (AIK) - Platform Configuration Register (PCR) hash - Storage Keys |
In reference to TPM memory, what is an EK? | - Endorsement Key - Persistent memory that contains private/public key pair. |
In reference to TPM memory, what is an SRK? | - Storage Root Key - Secures the keys stored inside of the TPM. |
In reference to TPM memory, what is an AIK? | - Attestation Identity Key - Memory that ensures the integrity of the EK. |
In reference to TPM memory, what is a PCR hash? | - Platform Configuration Register - Stores data hashing for the sealing function. |
In reference to TPM memory, what is a Storage Key? | - Stores the data hashes for the sealing function. |
What is a Type I hypervisor? | - Native (Bare Metal) - Runs directory on the host hardware to provide virtualization. |
What is a Type II hypervisor? | - Runs within a conventional OS. |
What is container-based virtualization? | - Multiple user-space instances. - Also known as operating system virtualization. |
What is sandboxing and what is it used for? | - Segregation of the virtual environment. - Used to test suspicious files. |
How many steps are part of the secure boot procedure? | - 3 |
In reference to secure boot procedure, what is the first step? | Firmware verifies all UEFI executable files and the OS loader to verify they are trusted. |
In reference to secure boot procedure, what is the second step? | Windows Boot Components verifies the signature on each component to be loaded. - Any non-trusted componentes will not be loaded and require remediation. |
In reference to secure boot procedure, what is the third step? | Signatures on all boot critical drivers are checked as part of secure boot verification in WinLoad and by the Early Launch Antimalware driver. |
What is UEFI and what are some advantages? | Unified Extensible Firmware Interface - Can boot from disk over 2TB with GPT -CPU independent architecture and drivers - Modular |
What is a VM escape? | Where the attacker breaks out of the VM and interacts with the hypervisor. |
What are 3 models for implementing VDI? | - Centralized model - Hosted model - Remote virtual desktops model |
In reference to VDI, what is the centralized model? | - All desktop instances are stored in a single server. - Requires significant processing power on the server. |
In reference to VDI, what is the hosted model? | - Desktops are maintained by a service provider. - Eliminates capital cost but introduces operation costs. |
In reference to VDI, what is the remote virtual desktop model? | - An image is copies to the local machine. - Constant network connection is unnecessary. |
What are two models to host applications from a central location? | - Server-based application virtualization - Client-based application virtualization |
In reference to application virtualization, what is server-based? | - Terminal services - Apps run on servers and users receive app environment through remote client protocol. - Microsoft RDP or Citrix ICA. - Microsoft TS or Citrix Presentation Server |
In reference to application virtualization, what is client-based? | - Application streaming - Target app is packaged and streamed to client PC. Own computing environment. - Microsoft App-V |
What is a Virtual TPM (VTPM) | Enables trusted computed for an unlimited number of virtual machines on a single hardware platform. |
¿Quieres crear tus propias Fichas gratiscon GoConqr? Más información.