Module 06 Software and Hardware Assurance Best Practices

Pataasin ang iyong marka sa homework at exams ngayon gamit ang Quizwiz!

input validation

Assuring that the data received is legitimate.

Trusted Platform Module (TPM)

A chip on the motherboard of the computer that provides cryptographic services.

self-encrypting drive (SED)

A hard drive that automatically encrypts all data files.

Simple Object Access Protocol (SOAP)

A message protocol that allows the distributed elements of an application to communicate in a web-services environment.

malware signatures

A method that can be used to identify and label malware code.

software development lifecycle (SDLC)

A methodology that can be used to build a program or application from its inception to decommission.

trusted foundry

A program by the U.S. Department of Defense that is designed to secure the manufacturing supply chain for vendors who supply technology to the military.

hardware security module (HSM)

A removable external cryptographic device.

Trusted execution

A secure area of the processor that guarantees that code and data are loaded inside a special secure area.

secure enclave

A secure coprocessor that functions in addition to the regular processor.

Endpoint detection and response (EDR)

A set of tools that have a similar functionality to HIDS and HIPS but are considered more robust.

Firmware

A specific class of computer software that provides the low-level control for a device's specific hardware.

eFuse

A technology that prevents the contents of a chip to be reversed.

bus encryption

A technology that protects the transfer of data between two processors.

Stress testing

A type of software testing that verifies stability and reliability of the software application when tested under extremely heavy load conditions.

processor security extensions

Additions added to the functionality of processors to provide additional enhancements and reduce the attack surface of the system

Security Assertion Markup Language (SAML)

An XML standard that allows secure web domains to exchange user authentication and authorization data in an SOA.

code review

An analysis of software code that can be either simple or comprehensive.

service-oriented architecture (SOA)

An approach that makes software components reusable through "service interfaces."

UEFI (Unified Extensible Firmware Interface)

An improved version of the firmware interface developed to replace the BIOS.

Formal methods for verification of critical software

Applying mathematically rigorous techniques (called formal methods) that use tools for the specification, design, and verification of software.

trusted firmware updates

Approved and verified updates to be used to edit the contents of firmware.

Which of the following permits a processor to read from a memory location or write to a location during the same data operation?

Atomic execution

Representational State Transfer (REST)

Considered an improvement over SOAP as a means of communications between web-based systems.

Which of the following options are capabilities of the EDR tool?

Data collection Providing a Detection Engine Data Recording Centralized Console

antitampering

Devices that can be installed on secure systems to prevent any physical actions by the threat actor on the device.

Which of the following is NOT an advantage of a software-oriented architecture (SOA)?

Eliminates the need for business analysts

What does EDR stand for?

Endpoint Detection and Response

True or False: Measured Boot provides the highest degree of security and does not impact the boot process.

False

True or False: Provisioning is removing a resource that is no longer needed.

False

True or false: A Windows firewall can be configured only locally.

False

True or false: Permissions can be applied to differ from user to user.

False

True or false: SRPs can be applied to the local security policy and group policy.

False

True or false: The blacklist method is used for blocking the application or set of applications from shutting down.

False

rule writing

Generating malware signatures based on specific rules.

Where does a hardware root of trust security check begin?

Hardware

Which of these provides cryptographic services and is external to the device?

Hardware security module (HSM)

Which of the following is NOT correct about the agile model?

It follows a rigid sequential design process.

Which of the following is NOT correct about YARA?

It is a proprietary tool.

Which boot security mode provides the highest degree of security?

Measured Boot

Which boot security mode sends information on the boot process to a remote server?

Measured Boot

session management

Monitoring and controlling the authentication and access control (or authorization) modules in web applications.

Which of the following is NOT a secure SDLC source?

Nessus

Raul is removing HTML control characters from text that is to be displayed on the screen. What secure coding best practice is he following?

Output encoding

Simpson is using predefined variables as placeholders when querying a database. What secure best coding practice is he following?

Parameterized query

Which of the following options are used to configure ACLs?

Per-user basis Per group basis Using an effective right mask For users other than the ones in the group for a file

Atomic execution

Permitting a processor to read from a memory location or write to a location during the same data operation.

Which of the following options are the three main tasks of DLP?

Protect Intellectual Property (IP) Bring Data Visibility Protect the personal information

security regression testing

Retesting an application to ensure that new software modifications do not reintroduce any old vulnerabilities that had been already corrected.

What is an XML standard that allows secure web domains to exchange user authentication and authorization data in an SOA?

SAML

Which technology is REST replacing?

SOAP

data protection

Schemes for securing the integrity of any data that the application accesses.

port security

Securing the ports on a hardware device.

Ryker has added a new module to an application and now needs to test it to be sure that the new module does not reintroduce any old vulnerabilities. What testing is Ryker performing?

Security regression testing

Which stage conducts a test that will verify the code functions as intended?

Staging stage

output encoding

Stripping anything other than text from data before it is displayed.

User acceptance testing (UAT)

The final phase of the software assessment process in which those who will be using the software will test it.

DevSecOps

The process of integrating secure development best practices and methodologies into application software development and deployment processes using the agile model.

sandboxing

The process of using a sandbox container in which an application can run so that it does not impact the underlying hardware.

hardware root of trust

The strongest starting point of the security chain that cannot be modified like software.

Which of the following is NOT correct about the software development lifecycle (SDLC)?

There has been only one approved SDLC model.

True or False: A goal of software diversity is to reduce the probability that errors created by different compilers will influence the end results.

True

True or False: A program by the U.S. Department of Defense that is designed to secure the manufacturing supply chain for vendors who supply technology to the military.

True

True or false: Data loss prevention is a set of rules that are defined to protect confidential and sensitive information.

True

Which of the following is a secure area of the processor that guarantees that code and data are loaded inside a special secure area?

Trusted execution

parameterized query

Using predefined variables or prepared statements as placeholders for parameters.

Measured Boot

Using the computer's firmware to log the boot process so the OS can send it to a trusted server to assess the security.

boot attestation

Verifying that the boot process is secure.

Which of the following types of NVM cannot be reset once code is written to it?

efuse

Which model uses a sequential design process?

waterfall model


Kaugnay na mga set ng pag-aaral

dental assisting ch 11 study questions

View Set

chapter 5 evidence base practice

View Set

L2: MLP, backpropagation and activation functions

View Set