Information Technology /Security+ (SY0-701): Lesson 10: Assess Endpoint Security Capabilities Part 1
Security+ (SY0-701): Lesson 10: Assess Endpoint Security Capabilities Part 1
This deck covers key concepts and practices in endpoint security, focusing on device hardening, encryption, and detection systems.
Define ‘Device Hardening’
The practice of changing configurations to secure systems from threats by reducing the vulnerabilities attributed to default configurations.
Tap or swipe ↕ to flip
Swipe ←→Navigate
SSpeak
FFocus
1/30
Key Terms
Term
Definition
Define ‘Device Hardening’
The practice of changing configurations to secure systems from threats by reducing the vulnerabilities attributed to default configurations.
What is the role of base practice baselines in device hardening?
Best practice baselines provide a standard set of guidelines or checklists for configuring devices securely.
What is the essential principle of best practice baselines in device hardening to reduce attack surface?
Principle is of least functionality; that a system should run only the protocols and services required by legitimate users and no more.
What are examples of device hardening?
Disabling excess interfaces; Disabling unnecessary services/ports; Disk encryption; Patch management cycle.
Define ‘Baseline deviation reporting’
Testing the actual configuration of hosts to ensure that their configuration settings match the baseline template.
What is a windows tool to test baseline deviation?
Microsoft Baseline Security Analyzer (MBSA)
Related Flashcard Decks
Study Tips
- Press F to enter focus mode for distraction-free studying
- Review cards regularly to improve retention
- Try to recall the answer before flipping the card
- Share this deck with friends to study together
| Term | Definition |
|---|---|
Define ‘Device Hardening’ | The practice of changing configurations to secure systems from threats by reducing the vulnerabilities attributed to default configurations. |
What is the role of base practice baselines in device hardening? | Best practice baselines provide a standard set of guidelines or checklists for configuring devices securely. |
What is the essential principle of best practice baselines in device hardening to reduce attack surface? | Principle is of least functionality; that a system should run only the protocols and services required by legitimate users and no more. |
What are examples of device hardening? | Disabling excess interfaces; Disabling unnecessary services/ports; Disk encryption; Patch management cycle. |
Define ‘Baseline deviation reporting’ | Testing the actual configuration of hosts to ensure that their configuration settings match the baseline template. |
What is a windows tool to test baseline deviation? | Microsoft Baseline Security Analyzer (MBSA) |
How does segmentation enhance a network’s security? | Reduces the potential impact of a cybersecurity incident by isolating systems and limiting the spread of an attack or malware infection. |
Define ‘device isolation’ | Segregating individual devices within a network to limit their interaction with other devices and systems. |
What is the purpose of device isolation? | Prevents the lateral spread of threats should a device become compromised. |
Define ‘antivirus’ | Signature based software detection and prevention. |
Define ‘Full disk encryption (FDE)’ | Encryption of all data on a disk by the OS. |
Where is the key used to encrypt data stored when using Full disk encryption (FDE)? | Stored in a Trusted Platform Module (TPM). |
Define a ‘self-encrypting drive (SED)’ | A disk drive where the controller can automatically encrypt data that is written to it instead of relying on the OS. |
What is the name of the key that a self-encrypting drive (SED) uses in encrypt data? | Symmetric data/media encryption key (DEK/MEK) for bulk encryption. |
What is the name of the key that encrypts the symmetric data/media encryption key (DEK/MEK)? | Authentication key (AK) or Key Encryption Key (KEK). |
Define an ‘authentication key (AK) or Key Encryption Key (KEK)’ | Private key that is used to encrypt the symmetric bulk media encryption key (MEK). |
When implementing a self-encrypting drive (SED), how does a user access the encrypted data on the drive? | A user must authenticate with a password to decrypt the MEK and access the media. |
What is used to facilitate auto-updates in Linux? | yum-cron or apt unattended-upgrades. |
What is the purpose of testing patches before applying them to systems in production? | Identify potential issues or conflicts arising from the patch, ensuring that it does not introduce new vulnerabilities or disrupt critical operations; Mitigate the risk of unintended consequences. |
What is a ‘endpoint detection and response (EDR)’ product? | Software agent that collects system data and logs for analysis to provide early detection of threats. |
What is the purpose/function of endpoint detection and response (EDR)? | To provide real time and historical visibility into the compromise, contain the malware within a single host, and facilitate remediation of the host to its original state. |
What is the difference between ‘Extended detection and response (XDR)’ and ‘endpoint detection and response (EDR)’ | Extends protection beyond endpoints by incorporating data from the network, cloud platforms, email gateway, firewall, and other essential infrastructure components. |
Define ‘Host-based intrusion detection system (HIDS)’ | Type of IDS that monitors a computer system for unexpected behavior or drastic changes to the system’s state. |
Define ‘host-based intrusion prevention system (HIPS)’ | Endpoint protection that can detect and prevent malicious activity via signature and heuristic pattern matching. |
What is a crucial feature of Host-based intrusion detection system (HIDS)? | file integrity monitoring (FIM) |
Define 'file integrity monitoring (FIM)' | Software that reviews system files to ensure that they have not been tampered with. |
Define the function of 'file integrity monitoring (FIM)' | Audits key system files to ensure they match the authorized versions. |
What is the windows version of file integrity monitoring (FIM)? | Windows File Protection service runs automatically and the System File Checker (SFC) tool. |
What Linux command is used to change permissions? | chmod |
What management tool is used to automate secure baselines across an environment in windows? | Group policy management |