CNA 210 | Ch. 9, Client and Application Security

Wi-Fi enabled microSD card

A Secure Digital Input Output (SDIO) card that can wirelessly transmit across a network.

Security template

A collection of security configuration settings.

client

A computing device that has software to enable it to send requests to servers.

Application development lifecycle model

A conceptual model that describes the different stages involved in creating an application

Service pack

A cumulative package of all patches and feature updates.

Cable lock

A device that can be inserted into the security slot of a portable device and rotated until secured to the device to prevent it from being stolen.

Mantrap

A device that monitors and controls two interlocking doors to a small room (a vestibule), designed to separate secure and nonsecure areas.

Deadbolt lock

A door lock that extends a solid metal bar into the door frame for extra security.

Group Policy

A feature that provides centralized management and configuration of computers and remote users who are using specific Microsoft directory services known as Active Directory (AD)

Cage

A fenced secure waiting station area, such as an area that can contain visitors to a facility until they can be approved for entry.

Security guard

A human who is an active security element.

D. deadbolt lock

A lock that extends a solid metal bar into the door frame for extra security is the . A. triple bar lock B. deadman's lock C. full bar lock D. deadbolt lock

Door lock

A lock that requires a key or other device to open doors.

Change management

A methodology for making modifications to a system and keeping track of those changes.

Supply chain

A network that moves a product from the supplier to the customer. Typically made up of vendors that supply raw material, manufacturers who convert the material into products, warehouses that store products, distribution centers that deliver them to the retailers, and retailers who bring the product to the consumer.

heuristic monitoring (dynamic analysis)

A newer approach to AV which uses a variety of techniques to spot the characteristics of a virus instead of attempting to make matches.

Unified Extensible Firmware Interface (UEFI)

A newer mechanism that replaced the BIOS for startup.

antispyware

A package that helps prevent computers from becoming infected by different types of spyware.

Pointer deference

A pointer with a value of NULL used as if it pointed to a valid memory area.

Secure Digital (SD)

A popular type of removable data storage that is available in three different form factors.

Least functionality

A principle in which a user is given the minimum set of permissions required to perform necessary tasks.

Buffer overflow

A process attempts to store data in RAM beyond the boundaries of a fixed-length storage buffer.

Up-to-date resets

A process that makes resetting and getting all updates on a PC much faster than before when hours would be required to install all subsequent patches.

D. Cable conduit

A protected distribution system (PDS) refers to _________. A. Highly secured usernames and passwords B. Controlled hallways and work spaces C. Key management D. Cable conduit

Patch

A publicly released software security update intended to repair a vulnerability.

Access log

A record or list of individuals who have permission to enter a secure area, along with the time they entered and the time they left the area.

Screen filter

A screen that "blacks out" viewers outside the normal direct viewing angle of a display.

Dead code

A section of an application that executes but performs no meaningful function.

Automated patch update service

A service used to manage patches within an enterprise instead of relying upon the vendor's online update service.

Bollard

A short but sturdy vertical post that is used to block vehicular traffic.

microSD

A smaller form factor type of Secure Digital card commonly used in smaller devices such as smartphones, digital cameras, and tablets.

Bayesian filtering

A software that divides email messages that have been received into two piles, spam and nonspam and then does a word count analysis on each message.

Closed circuit television (CCTV)

A specific and limited set of devices that receive transmissions from video surveillance cameras.

Secure DevOps

A specific type of software methodology that follows the agile model and heavily incorporates security concepts.

Staging stage

A stage in application development that performs a quality assurance test to verify that the code functions as intended.

Testing stage

A stage in which an application is tested for any errors that could result in a security vulnerability.

Development stage

A stage of application development in which the requirements for the application are established and it is confirmed that the application meets the intended business needs before the actual coding begins.

Secure Boot

A standard designed to be used with UEFI to ensure that a computer boots using only software that is trusted by the computer manufacturer.

Barricade

A structure designed to block the passage of traffic.

Stored procedure

A subroutine available to applications that access a relational database.

Protected Distribution System (PDS)

A system of cable conduits that is used to protect classified information being transmitted between two secure areas.

Fencing

A tall, permanent structure to keep out individuals for maintaining security.

Model verification

A test used to ensure that the projected application meets all specifications at that point.

Sandbox

A testing environment that isolates untested code from the live production environment.

Alarmed carrier PDS

A type of PDS where the carrier system is deployed with specialized optical fibers in the conduit that can sense acoustic vibrations that occur when an intruder attempts to gain access to the cables, which triggers an alarm.

Hardened carrier PDS

A type of PDS where the data cables are installed in a conduit that is constructed of special electrical metallic tubing or similar material.

Popup blocker

A type of spyware used for decreasing the amount of unwanted advertisements on a user's screen while browsing the internet.

Memory leak

A vulnerability that occurs when an application dynamically allocates memory but does not free that memory when finished using it.

Sign

A written placard that displays a warning, such as a notice that an area is restricted.

least functionality

According to the concept of ____, a user should only be given the minimum set of permissions required to perform necessary tasks.

Proper input validation

Accounting for errors such as incorrect user input.

Integrity measurement

An "attestation mechanism" designed to ensure that an application is running only known and approved executables.

Kernel pruning

An OS hardening technique removes all unnecessary features that may compromise an operating system.

Reduce capabilities

An OS hardening technique significantly restricts what resources can be accessed and by whom.

Read-only file system

An OS hardening technique that makes it so important operating system files cannot be changed.

Least privilege

An OS hardening technique that removes all supervisor or administrator accounts that can bypass security settings and instead splits privileges into smaller units.

Secure Digital Input Output (SDIO)

An SD storage card with integrated wireless transmission capabilities, using Bluetooth or Wi-Fi technology.

Agile model

An application development lifecycle model that follows an incremental approach.

Waterfall model

An application development lifecycle model that uses a sequential design process.

Production stage

An application development stage in which the application is released to be used in its actual setting.

DLL injection

An attack that inserts code into a running process through a Dynamic Link Library.

Executable files attack

An attack that tricks the vulnerable application into modifying or creating executable files on the system.

BIOS attack

An attack used by threat actors to infect a computer during a firmware update.

Alarm

An audible sound to warn a guard of an intruder.

pull yourself up by your own bootstraps

An expression that was used to describe an impossible task of lifting oneself off the ground by pulling on the bootstrap. This term was eventually adapted to describe the computer startup process. (Possible bonus)

Trusted OS

An operating system that has been designed through OS hardening.

Static analysis

Another name for signature-based monitoring.

Fuzzing or Heuristic monitoring

Another term used for dynamic analysis.

host

Any end device in a network.

Supply chain infections

Attack where malware is injected into products during manufacturing or storage steps.

read-only memory (ROM) flash memory

BIOS firmware was originally stored in ___, but was latter moved to ____ so it could be easily updated.

Telecommunications Electronics Material Protected from Emanating Spurious Transmissions (TEMPEST)

Classified standard created by the United States government intended to prevent attackers from picking up electromagnetic fields from government buildings.

Cipher lock

Combination locks that use buttons that must be pushed in the proper sequence to open the door.

Multifunctional device (MFD)

Combines the functions of a printer, copier, scanner, and fax machine.

passive

Computer displays are often considered _______ peripherals.

Application blacklisting

Creating a list of applications that are denied to run.

Application whitelisting

Creating a list of applications that are permitted to run.

Baselining

Creating a starting point for comparison purposes to apply targets and goals to measure success.

Code signing

Digitally signing applications.

Data exposure

Disclosing sensitive data to attackers.

Immutable systems

Ensuring that once a value or configuration is employed as part of an application, it is not modified.

Continuous integration

Ensuring that security features are incorporated at each stage of application development.

Basic Input/Output System (BIOS)

Firmware that wakens and tests the various components of the computer upon startup.

Patch Tuesday

For several years, Microsoft delivered security patches only on the second Tuesday of the month, known as _____________.

dynamic analysis

Heuristic monitoring, or _______________, uses techniques to identify characteristics of a virus instead of matching a virus signature.

A. Using the security mechanisms on a standard Wi-Fi network.

How can an SDIO card be made secure? A. Using the security mechanisms on a standard Wi-Fi network. B. Turning on patch updates to the SDIO card. C. Requiring a username before accessing the SDIO card. D. SDIO cards are natively secure and no security settings are needed.

C. The bytes of a virus are placed in different "piles" and then used to create a profile.

How does heuristic detection detect a virus? A. A virtualized environment is created and the code is executed in it. B. A string of bytes from the virus is compared against the suspected file. C. The bytes of a virus are placed in different "piles" and then used to create a profile. D. The virus signature file is placed in a suspended chamber before streaming to the CPU.

Lighting

Illuminating an area so that it can be viewed after dark.

Roller barrier

Independently rotating large cups (diameter of 5 inches or 115 millimeters) affixed to the top of a fence prevents the hands of intruders from gripping the top of a fence to climb over it.

Client-side execution and validation

Input validation that is performed by the user's web browser.

Server-side execution and validation

Input validation that uses the server to perform the validation.

Runtime code testing.

Looking for errors after the program has compiled correctly and is running, such as a pointer deference or memory leak.

Infrastructure as code

Managing a hardware and software infrastructure using the same principles as developing computer code.

4,000 50,000,000

Microsoft's first operating system, MS-DOS v1.0, had ____ lines of code, while Windows 10 is estimated to have up to ________ lines.

Mail gateway

Monitors emails for spam and other unwanted content to prevent these messages from being delivered.

Appliance OS

OS in firmware that is designed to manage a specific device like a digital video recorder or video game console.

Mobile OS

Operating system for cell phones, smartphones, tablets, and other handheld devices

Server OS

Operating system software that runs on a network server to provide resources to network users.

Normalization

Organizing data within a database to minimize redundancy.

whitelisting

Permitting only specifically designated applications to run on an OS is known as _____.

Key management

Procedures to regulate the distribution of door keys.

Electromagnetic spying

Process of picking up electromagnetic fields emitted by computers, printers, and other digital devices and then reading the data that is producing them.

Feature update

Provides enhancements to the software to provide new or expanded functionality, but does not address security vulnerability.

Stress testing

Putting an application under a heavier than normal load to determine if the program is robust and can perform all error handling correctly.

Deprovisioning

Removing a resource that is no longer needed.

deprovisioning

Removing a resource that is no longer used is known as ____________.

Wildcard scanning

Scanning process in which it is allowed to skip bytes or ranges of bytes instead of looking for an exact match.

String scanning

Scanning process that attempts to match known virus patterns against potentially infected files.

Mismatch scanning

Scanning process which allows a set number of bytes in the string to be any value regardless of their position in the string

Compiled code testing

Searching for errors that could prevent an application from properly compiling from source code to application code.

Elite Tailored Access Operations (TAO)

Section of the NSA responsible for compromising networks owned by hostile nations to spy on them.

Dynamic analysis

Software testing technique that deliberately provides invalid, unexpected, or random data as inputs to a computer program.

Version control

Software that allows changes to be automatically recorded and if necessary "rolled back" to a previous version of the software.

Antivirus (AV)

Software that can examine a computer for any infections as well as monitor computer activity and scan new documents that might contain a virus.

Workstation OS

Software that manages hardware and software on a client computer.

Network OS

Software that runs on a network device like a firewall, router, or switch.

OpenFirmware

Something used by early Apple computers that performed a similar function to BIOS.

Kiosk OS

System and user interface software for an interactive customer device.

Proper error handling

Taking the correct steps when an error occurs so that the application does not abort unexpectedly.

Power on Self Test (POST)

Test performed by BIOS on startup to ensure full functionality.

Secure DevOps

The _____________ methodology includes security automation, continuous integration, immutable systems, infrastructure as code, and baselining.

Motion detection

The ability to determine an object's change in position in relation to its surroundings.

Air gap

The absence of any type of connection between areas.

Provisioning

The enterprise-wide configuration, deployment, and management of multiple types of IT system resources.

Hardware root of trust

The hardware starting point in a chain of trust.

Booting (or booting up)

The process of a computer starting up by itself.

OS hardening

The process of tightening security during the design and coding of an operating system.

Chain of trust

The process of validating elements/signatures by UEFI and Secure Boot during the boot sequence.

Integer overflow

The result of an arithmetic operation like addition or multiplication exceeds the maximum size of the integer type used to store it.

Static program analyzers

Tools that examine software without actually executing the program; instead, the source code is reviewed and analyzed.

Security automation

Tools that test for vulnerabilities automatically.

Patch management tools

Tools used to manage security fixes.

False

True or False. A proven method for securing documents, files, and data is automatic synchronization with a cloud-based repository.

False

True or False. Because of potential vulnerabilities, it is recommended that SDKs not be used when developing new applications.

True

True or False? A BIOS attack does not take advantage of a vulnerability on the computer but exploits only the update feature of the BIOS.

False. The BIOS settings were not lost but instead were reset to their default settings.

True or False? In the event that CMOS is shutdown due to battery failure, all BIOS setting would be lost.

True

True or False? Smart MFDs have an OS that allows additional applications to be installed that extend the abilities of the MFD.

True

True or False? The exact details of Tempest are secret, but we do know they use special protective coatings on cables and shielding in buildings to prevent electromagnetic fields from being at a detectable level from outside.

False. It can be difficult or sometimes impossible to clean when planted in the ROM firmware.

True or False? if the malware is planted in the ROM firmware of the device, it can be difficult, but generally less so than typical malware to clean on an infected device.

Disabling unnecessary ports and services

Turning off any service that is not being used.

Disabling default accounts/passwords

Turning off unnecessary default accounts and passwords.

Flash

Type of memory used by mobile devices.

Forced updates

Updates that cannot be refused or delayed.

Code reuse of third-party libraries and SDKs

Using existing software or software development kits (SDKs) in a new application.

video surveillance cameras

Video camera used to monitor activity; captured images can be sent to closed circuit TV (CCTV) monitored by a human or recorded for later examination.

C. Group Policy

What allows for a single configuration to be set and then deployed to many or all users? A. Snap-In Replication (SIR) B. Active Directory C. Group Policy D. Command Configuration

Standard-Capacity (SDSC) High-Capcity (SDHC) eXtended-Capacity (SDXC) Secure Digital Input Output (SDIO)

What are the four families of SD card?

Do Not Duplicate Manufacturer's serial numbers

What should be marked on and removed from any master keys that are created?

Lithium-ion battery 10 years

What was used to provide dedicated power to CMOS and how long could it hold a charge?

Process spawning control

When a threat actor tricks the vulnerable application into spawning executable files on the system.

System tampering

When a threat actor uses a vulnerable application to modify special sensitive areas of the operating system and take advantage of those modifications.

Code emulation

When a virtual environment is created that simulates the CPU and memory of the computer.

No selective updates

When users cannot select individual Windows updates to download and install.

A. Waterfall model

Which model uses a sequential design process? A. Waterfall model B. Rigid model C. Agile model D. Secure model

B. Cable lock

Which of the following can be used to secure a laptop or mobile device? A. Mobile connector B. Cable lock C. Mobile chain D. Security tab

A. Requires periodic visual inspections

Which of the following is NOT a characteristic of an alarmed carrier PDS? A. Requires periodic visual inspections B. Uses continuous monitoring C. Carrier can be hidden above the ceiling D. Eliminates the need to seal connections

D. Variable overflow

Which of the following is NOT a memory vulnerability? A. DLL injection B. Pointer deference C. Buffer overflow D. Variable overflow

C. Moisture

Which of the following is NOT a motion detection method? A. Magnetism B. Radio frequency C. Moisture D. Infrared

D. Supply chains take advantage of the trusted "chain of trust" concept.

Which of the following is NOT a reason why supply chain infections are considered especially dangerous? A. If the malware is planted in the ROM firmware of the device this can make it difficult or sometimes even impossible to clean an infected device. B. Users are receiving infected devices at the point of purchase and are completely unaware that a brand new device may be infected. C. It is virtually impossible to closely monitor every step in the supply chain. D. Supply chains take advantage of the trusted "chain of trust" concept.

B. Restricting patch management

Which of the following is NOT a typical OS security configuration? A. Employing least functionality B. Restricting patch management C. Disabling default accounts/passwords D. Disabling unnecessary ports and services

C. Users can disable or circumvent updates just as they can if their computer is configured to use the vendor's online update service.

Which of the following is NOT an advantage to an automated patch update service? A. Administrators can approve or decline updates for client systems, force updates to install by a specific date, and obtain reports on what updates each computer needs. B. Downloading patches from a local server instead of using the vendor's online update service can save bandwidth and time because each computer does not have to connect to an external server. C. Users can disable or circumvent updates just as they can if their computer is configured to use the vendor's online update service. D. Specific types of updates that the organization does not test, such as hotfixes, can be automatically installed whenever they become available.

A. Barricade

Which of the following is NOT designed to prevent individuals from entering sensitive areas but instead is intended to direct traffic flow? A. Barricade B. Fencing C. Roller barrier D. Type V controls

B. Service pack

Which of the following is a cumulative package of all patches? A. Rollup B. Service pack C. Patch D. Hotfix

C. Model validation

Which of the following is not used to test application code? A. Stress testing B. Fuzzing C. Model validation D. Static program analysis

B. Dynamic analysis

Which of the following types of testing uses unexpected or invalid inputs? A. Stress testing B. Dynamic analysis C. Static analysis D. Runtime testing

B. Whitelist

Which of these is a list of approved email senders? A. Blacklist B. Whitelist C. Bluelist D. Yellowlist

C. Staging stage

Which stage is a "quality assurance" test that verifies the code functions as intended? A. Production stage B. Testing stage C. Staging stage D. Development stage

B. It monitors and controls two interlocking doors to a room.

Which statement about a mantrap is true? A. It is illegal in the United States. B. It monitors and controls two interlocking doors to a room. C. It is a special keyed lock. D. It requires the use of a cipher lock.

B. Network OS

Which type of operating system runs on a firewall, router, or switch? A. Server OS B. Network OS C. Device OS D. Resource OS

B. Keyed entry lock

Which type of residential lock is most often used for keeping out intruders? A. Encrypted key lock B. Keyed entry lock C. Privacy lock D. Passage lock

Windows 10

With which operating system did Microsoft stop doing patches only on the second Tuesday of the month?

Obfuscation/camouflaged code

Writing an application in such a way that its inner functionality is difficult for an outsider to understand.

microSD miniSD

_______ and _______memory cards are commonly used in smaller electronic devices like smartphones, digital cameras, and tablets.

Full SD

_______ memory cards are typically used in large consumer electronics devices.