Module 4 Textbook & Quiz | ITE-249-02 Endpoint and Application Development Security

15. What type of analysis is heuristic monitoring based on? a. Dynamic analysis b. Code analysis c. Static analysis d. Input analysis

a. Dynamic analysis

18. Which of the following tries to detect and stop an attack? a. RDE b. SOMA c. HIDS d. HIPS

d. HIPS

16. Which of these is a list of preapproved applications? a. Blacklist b. Greenlist c. Redlist d. Whitelist

d. Whitelist

Antivirus

One of the first software protections was antivirus (AV) software. This software can examine a computer for file-based virus infections as well as monitor computer activity and scan new documents that might contain a virus. (Scanning is typically performed when files are opened, created, or closed.) If a virus is detected, options generally include cleaning the file of the virus, quarantining the infected file, or deleting the file. Log files created by AV products can also provide beneficial information regarding attacks.

6. What are the two limitations of private information sharing centers? a. Access to data and participation b. Timing of reports and remote access c. Government approval and cost d. Bandwidth and CPU

a. Access to data and participation

20. Which of the following is FALSE about a quarantine process? a. It holds a suspicious application until the user gives approval. b. It is most often used with email attachments. c. It can send a sanitized version of the attachment. d. It can send a URL to the document that is on a restricted computer.

a. It holds a suspicious application until the user gives approval.

Quiz 1. An IOC occurs when what metric exceeds its normal bounds? a. KRI b. IRR c. EXR d. LRG

a. KRI

Two Rights & A Wrong Question 4-1 Choose which statement is wrong by applying your knowledge from the reading. a. Security professionals consider threat maps a vital source of information. b. Two tools that facilitate AIS are STIX and TAXII. c. Two concerns about public information sharing centers are the privacy of shared information and the speed at which the information is shared.

a. Security professionals consider threat maps a vital source of information.

5. Which of the following is an application protocol for exchanging cyberthreat intelligence over HTTPS? a. STIX b. TAXII c. TCP-Over-Secure (ToP) d. AIP-TAR

b. TAXII

13. Which model uses a sequential design process? a. Agile model b. Waterfall model c. Rigid model d. Secure model

b. Waterfall model

2. What are the two concerns about using public information sharing centers? a. Cost and availability b. Regulatory approval and sharing c. Security and privacy d. Privacy and speed

d. Privacy and speed

19. What does Windows 10 Tamper Protection do? a. Prevents any updates to the registry until the user approves the update. b. Limits access to the registry c. Creates a secure backup copy of the registry d. Compresses and locks the registry

b. Limits access to the registry

4. Oskar has been receiving emails about critical threat intelligence information from a public information sharing center. His team leader has asked him to look into how the process can be automated so that the information can feed directly into their technology security. What technology will Oskar recommend? a. Bidirectional Security Protocol (BSP) b. Linefeed Access c. Lightwire JSON Control d. Automated Indicator Sharing (AIS)

d. Automated Indicator Sharing (AIS)

14. Which of the following is NOT an advantage to an automated patch update service? a. Administrators can approve or decline updates for client systems, force updates to install by a specific date, and obtain reports on what updates each computer needs. b. Downloading patches from a local server instead of using the vendor's online update service can save bandwidth and time because each computer does not have to connect to an external server. c. Specific types of updates that the organization does not test, such as hotfixes, can be automatically installed whenever they become available. d. Users can disable or circumvent updates just as they can if their computer is configured to use the vendor's online update service.

d. Users can disable or circumvent updates just as they can if their computer is configured to use the vendor's online update service.

17. What is the advantage of a secure cookie? a. It cannot be stored on the local computer without the user's express permission. b. It is analyzed by AV before it is transmitted. c. It is sent to the server over HTTPS. d. It only exists in RAM and is deleted once the web browser is closed.

c. It is sent to the server over HTTPS.

3. Which privacy protection uses four colors to indicate the expected sharing limitations that are to be applied by recipients of the information? a. TLP b. PCII c. CISA d. FOIA

a. TLP

Two Rights & A Wrong Question 4-2 Choose which statement is wrong by applying your knowledge from the reading. a. Cookies are a work-around of the stateless protocol HTTP. b. In a Trusted Boot, the endpoint's firmware logs the boot process to the OS can send it to a trusted server to assess the security. c. Dynamic analysis uses heuristic monitoring.

b. In a Trusted Boot, the endpoint's firmware logs the boot process to the OS can send it to a trusted server to assess the security.

10. Which boot security mode sends information on the boot process to a remote server? a. UEFI Native Mode b. Measured Boot c. Secure Boot d. Trusted Boot

b. Measured Boot

Two Rights & A Wrong Question 4-3 Choose which statement is wrong by applying your knowledge from the reading. a. A goal of software diversity is to reduce the probability that errors created by different compilers will influence the end results. b. Provisioning is removing a resource that is no longer needed. c. SecDevOps has elasticity and scalability.

b. Provisioning is removing a resource that is no longer needed.

9. Which of the following is not an improvement of UEFI over BIOS? a. Networking functionality in UEFI b. Support of USB 3.0 c. Access larger hard drives d. Stronger boot security

b. Support of USB 3.0

8. Luka has been asked by his supervisor to monitor the dark web for any IOCs concerning their organization. The next week, Luca reports back that he was unable to find anything due to how looking for information on the dark web is different from using the regular web. Which of the following is not different about looking for information on the dark web? a. Dark web merchants open and close their sites without warning. b. The naming structure is different on the dark web. c. Dark web search engines are identical to regular search engines. d. It is necessary to use Tor or IP2.

c. Dark web search engines are identical to regular search engines.

12. Which stage conducts a test that will verify the code functions as intended? a. Testing stage b. Production stage c. Staging stage d. Development stage

c. Staging stage

7. Which of the following is NOT a limitation of a threat map? a. Because threat maps show anonymized data it is impossible to know the identity of the attackers or the victims. b. Threat actors usually mask their real locations so what is displayed on a threat map is incorrect. c. They can be difficult to visualize. d. Many maps claim that they show data in real time, but most are simply a playback of previous attacks.

c. They can be difficult to visualize.

Security Configuration The security of an OS depends upon the proper configuration of its built-in security features. Modern operating systems have hundreds of security settings. A typical OS security configuration should include the following:

• Disabling unnecessary ports and services. One of the primary OS security configurations involves disabling unnecessary open ports and services, or "turning off" any service that is not being used, such as Microsoft Windows ASP.NET State Service, Portable Device Enumerator Service, and Apple macOS Spotlight Indexing. In addition, closing any unnecessary TCP ports can also enhance security. • Disabling default accounts/passwords. Another important disabling function is disabling default accounts and passwords. Some OSs include unnecessary accounts. For example, Microsoft Windows 10 includes a built-in Administrator account that can be used for those building new computers to run programs and applications before a user account is created. In addition, some accounts may come with default passwords that should be changed. • Employing least functionality. The concept of "least functionality" states a user should only be given the minimum set of permissions required to perform necessary tasks; all other permissions should be configured as not available to the user. For example, a user should not have the ability to modify system security features.

11. Which of the following is NOT an important OS security configuration? a. Employing least functionality b. Disabling unnecessary services c. Disabling default accounts d. Restricting patch management

d. Restricting patch management