Information Technology /Security+ (SY0-701): Lesson 10: Assess Endpoint Security Capabilities Part 2
Security+ (SY0-701): Lesson 10: Assess Endpoint Security Capabilities Part 2
This deck covers key concepts related to endpoint security capabilities, focusing on tools and policies for managing device security, mobile device management, geolocation, and Bluetooth security.
What management tool is use to support access control policies in Linux?
SELinux
Tap or swipe ↕ to flip
Swipe ←→Navigate
SSpeak
FFocus
1/30
Key Terms
Term
Definition
What management tool is use to support access control policies in Linux?
SELinux
Define 'SELinux'
Security feature of CentOS and RedHat that supports access control policies and mandatory access control.
What is the function of SELinux?
Allows more granular permission control over every process and system object within an operating system.
What are key differences between securing a mobile device in comparison to a traditional desktop?
Remote wiping capabilities, encryption, and secure lock screens.
What is the challenge in secure a mobile device against unwanted applications?
Mobile app ecosystem includes many apps with different access permission requirements that present unique data privacy and protection challenges.
Define 'Bring your own device (BYOD)'
The mobile device is owned by the employee.
Related Flashcard Decks
Study Tips
- Press F to enter focus mode for distraction-free studying
- Review cards regularly to improve retention
- Try to recall the answer before flipping the card
- Share this deck with friends to study together
| Term | Definition |
|---|---|
What management tool is use to support access control policies in Linux? | SELinux |
Define 'SELinux' | Security feature of CentOS and RedHat that supports access control policies and mandatory access control. |
What is the function of SELinux? | Allows more granular permission control over every process and system object within an operating system. |
What are key differences between securing a mobile device in comparison to a traditional desktop? | Remote wiping capabilities, encryption, and secure lock screens. |
What is the challenge in secure a mobile device against unwanted applications? | Mobile app ecosystem includes many apps with different access permission requirements that present unique data privacy and protection challenges. |
Define 'Bring your own device (BYOD)' | The mobile device is owned by the employee. |
Define a 'Bring your own device (BYOD)' policy | Security framework and tools to facilitate use of personally owned devices to access corporate networks and data. |
What are typical rules in a Bring your own device (BYOD) policy? | OS version and device capabilities |
Define 'Corporate owned, personally enabled (COPE)' | The device is chosen and supplied by the organization and remains its property but allows personal use. |
Define 'Mobile device management (MDM)' | Process and supporting technologies for tracking, controlling, and securing the organization's mobile infrastructure. |
What is the purpose of implementing Mobile device management (MDM)? | To manage, secure, and enforce policies on smartphones, tablets, and other endpoints. |
How is data protection encryption enabled on an iOS device? | Enabled automatically when you configure a password lock on the device. |
Define 'Geolocation' | Use of network attributes to identify (or estimate) the physical position of a device. |
What are two forms of geolocation? |
|
Define 'Indoor Positioning System (IPS)' | Locates a device by triangulating its proximity to other radio sources, such as cell towers, Wi-Fi access points, and Bluetooth/RFID beacons. |
What is the primary concern of location services/geolocation? | Privacy; Provides a mechanism to track an individual's movements, and therefore their social and business habits. |
Define 'Geofencing' | Security control that can enforce a virtual boundary based on real-world geography. |
Define 'GPS tagging' | Adding geographical data, such as the latitude and longitude where the device was located at the time, to media such as photographs, SMS messages, video, and so on. |
Define a 'Personal area networks (PANs)' | A network scope that uses close-range wireless technologies (usually based on Bluetooth or NFC) to establish communications between personal devices, such as smartphones, laptops, and printers/peripheral devices. |
Define an 'ad hoc network' | WIFI-Direct; A type of wireless network where connected devices communicate directly with each other instead of over an established medium. |
What is the security setback with Bluetooth discovery? | Even a device in non-discoverable mode can still be detected. |
How can authentication/authorization with Bluetooth be made more secure? | By changing the default key or passkey. |
Define 'bluejacking' | Sending an unsolicited message using a Bluetooth connection when device authentication is not configured. |
Define 'Bluesnarfing' | Using an exploit in Bluetooth to steal information from someone else's phone. |
How are Bluetooth connections secured between to devices initializing pairing? | Devices exchange cryptographic keys to authenticate each other's identity and establish an encrypted communication channel. |
What control is used to configure access for devices connected via Bluetooth? | Bluetooth generally requires user consent to connect and access specific services. |
What Bluetooth 4.0 protocol was created to prevent eavesdropping, and on path attacks? | Bluetooth Secure Connections (BSC) |
How does 'Bluetooth Low Energy (BLE) Privacy' protocol provide privacy? | Uses randomly generated device addresses that periodically change to prevent tracking and unauthorized identification of BLE devices. |
Define 'Near-field communication (NFC)' | Based on RFID; Standard for two-way radio communications over very short (around four inches) distances. |
Why is Near-field communication (NFC) insecure? | Does not provide encryption, so eavesdropping and on-path attacks are possible if the attacker can find some way of intercepting the communication and the software services are not encrypting the data. |