Cybersecurity Basics Quiz

Questions and Answers

What is a primary concern regarding the security of smart devices?

• They have excellent security measures in place.
• Their security is often neglected or inadequate. (correct)
• They are impervious to network risks.
• They use advanced encryption protocols by default.

What is a virtual machine?

• An operating system designed for embedded systems.
• A physical computer using traditional software.
• A type of smart device for home automation.
• A software simulation of a computing environment. (correct)

Which type of hypervisor runs directly on the host's hardware?

• Cloud hypervisor
• Type I hypervisor (correct)
• Distributed hypervisor
• Type II hypervisor

What is a key advantage of virtualization?

It reduces the number of physical machines needed. (D)

How does security vary in special-purpose systems?

It depends on the specific purpose and functionality of the systems. (D)

What is the primary purpose of anti-malware software?

To scan systems and networks for malicious software (B)

Which type of anti-malware can actively monitor system for signs of virus activity?

Antivirus (C)

Which of the following is a function of anti-spam filters?

To detect keywords used in spam messages (A)

Embedded systems often have which characteristic compared to PCs or servers?

Dedicated purpose with less sophisticated architecture (B)

Which of the following statements is true about anti-malware applications?

They should be installed on all devices and kept updated. (D)

What is one of the roles of external auditors in an organization's security compliance?

To check compliance with PCI DSS (C)

A pop-up blocker primarily prevents which of the following?

The display of unwanted browser elements (A)

Which of these is NOT a function of an embedded system?

Offering a user-friendly GUI for every application (C)

What is a characteristic of a Type I hypervisor?

It interacts directly with the hardware. (A)

Which cloud deployment model allows multiple entities to share ownership?

Community (B)

What is the main feature of public cloud services?

It typically requires pay-as-you-go subscriptions. (C)

What does cloud computing primarily rely on?

Real-time communication over distributed networks. (A)

Which of the following best defines Software as a Service (SaaS)?

Cloud-based applications are provided to users. (A)

In which type of cloud model does an organization maintain a dedicated network?

Private cloud model (B)

What is a common concern for services traversing the Internet?

Security vulnerabilities. (A)

Which type of hypervisor is considered to have more efficient resource management?

Type I hypervisor (D)

What is the primary goal of limiting dead code in application development?

To minimize security risks. (C)

What should server-side code primarily focus on according to secure coding techniques?

To validate user inputs and execute server-side logic. (B)

Why is limiting data exposure particularly critical in multi-user systems?

To ensure only necessary data is visible to users. (D)

In which programming languages is memory management typically handled manually?

C and C++. (D)

What is the purpose of using stored procedures in secure coding practices?

To prevent unauthorized access to data. (C)

What is a feature of Platform as a Service (PaaS)?

Offers virtual systems to customers. (D)

Which of the following best describes Infrastructure as a Service (IaaS)?

It provides data centers and networking resources. (D)

What type of connection does Wi-Fi primarily provide?

Local area connections for mobile devices. (A)

What is the main benefit of using a strong password or PIN for a device's lock screen?

It protects sensitive data from unauthorized access. (B)

Which deployment model provides employees with ownership and management of their devices?

BYOD (B)

Which of the following is a notable risk associated with Bluetooth technology?

Vulnerability to bluejacking and bluesnarfing. (D)

What does geofencing enable organizations to do?

Track and restrict device functionality based on geographic boundaries. (B)

How do MDM solutions typically function within an organization?

They offer a centralized console for managing all devices. (B)

What is a potential risk associated with the BYOD deployment model?

Increased security vulnerabilities due to personal device usage. (B)

What advantage does Screen Lock provide as a mobile device security control?

It restricts access based on user-defined codes. (B)

During which phase of the Software Development Lifecycle is security integration important?

Throughout all phases of the lifecycle. (D)

Which of the following best describes the primary use of Near Field Communication (NFC)?

In-person data exchange over short distances. (C)

What type of service does Security as a Service (SECaaS) primarily provide?

Resources focused on security measures. (D)

What is the primary aim of implementing access controls based on the principle of least privilege?

To restrict access to only those who need it for their role. (B)

What does remote wipe functionality allow an organization to do?

Remotely delete sensitive data from devices that are lost or stolen. (C)

In the context of the CYOD model, what is the employees' role regarding the devices?

They select devices from a predetermined list approved by the organization. (C)

Flashcards

Anti-malware software

Software that scans systems and networks for malicious software. Most scan for known malware. Some can scan for unknown malware.

Antivirus

Scans for code matching virus patterns (signature-based). Can actively monitor system for virus activity (behavior-based or heuristic).

Anti-spam filters

Detect key words used in spam messages. Can also block based on IPs of known spam sources.

Anti-spyware

Designed specifically to identify and stop spyware. Functionality may come packaged with antivirus software.

Pop-up blocker

Prevents websites from popping up elements in the browser. Most browsers include this functionality.

Embedded systems

Hardware and software systems that have a specific function within a larger system. Larger systems include everything from home appliances to industrial machines.

Embedded system architecture

May use an all-in-one microcontroller rather than discrete CPU/memory components.

Embedded system complexity

Often don't have the complexity of a PC or server.

Hypervisor

A software layer that sits between the physical hardware and the virtual machines running on it. It manages resources and provides a virtualized environment for the guest OS.

Virtualization

Creating a simulated computing environment that resembles a physical computer. This allows you to run different operating systems and software within a single physical machine.

Virtual Machine

A virtualized computer that runs within a virtualized environment. It operates as if it were an independent physical machine.

Type I Hypervisor

A hypervisor that runs directly on the host hardware without an underlying operating system. This allows for high performance and more direct access to the hardware.

Type II Hypervisor

A hypervisor that runs as an application on top of the host operating system. It's more flexible but typically has slightly slower performance.

Private Cloud

A cloud computing model where resources are provided by a single entity over a private network. It offers greater control over services and is ideal for sensitive applications like banking and government.

Public Cloud

A cloud computing model where services are offered via the Internet to a broader audience. It offers subscriptions and free lower-tier services, but security concerns exist due to access over the internet.

Community Cloud

A cloud computing model where multiple entities come together to share resources for a common purpose. It's beneficial for pooling resources and achieving a shared goal.

Hybrid Cloud

A cloud computing model that combines different deployment models, such as private and public clouds. It allows organizations to utilize the advantages of both models and cater to specific needs.

Cloud Computing

Cloud computing refers to the delivery of computing services – including servers, storage, databases, networking, software, analytics, and intelligence – over the Internet ('the cloud').

Software-as-a-Service (SaaS)

SaaS refers to a cloud service model where software is delivered as a service to users over the internet. Users can access and use the software without the need for installation, maintenance, or updates.

Dead code

Code that is written but never executed. This can be unused functions, variables, or entire blocks of code. It increases the size of the application and can be a potential security risk.

Limiting data exposure

A technique that prevents data from being exposed to unauthorized users. This can include hiding sensitive data from clients, limiting the amount of data returned in API calls, and using strong authentication methods.

Memory management

This refers to the different ways that programming languages handle memory allocation and deallocation. Some languages manage memory automatically, while others require manual management.

Stored procedures

Pre-compiled SQL statements that perform actions on a database. They can help to prevent SQL injection attacks and ensure that only authorized data is accessed.

Server-side vs client-side

This involves separating the functionality of an application into two parts: the server-side, which handles the backend logic, and the client-side, which handles the user interface. This helps to improve security by limiting the amount of code that is exposed to the user.

Infrastructure as a Service (IaaS)

Provides access to infrastructure resources like data centers, servers, and networking. Examples include Amazon EC2 and Azure VMs.

Platform as a Service (PaaS)

Offers virtual environments for customers, allowing them to run their applications and operating systems. Examples include Oracle Database and Azure SQL Database.

Cellular Connection

A type of wireless connection using transceivers in fixed locations, primarily used for mobile phones. Offers transport encryption but users have little control over security.

Wi-Fi Connection

Provides local area connections for mobile devices, often using encryption and authentication for security. Organizations have more control over Wi-Fi networks than cellular.

Bluetooth Connection

Short-range wireless technology used for communication between devices in close proximity. Examples include connecting a wireless headset to a smartphone.

Near Field Communication (NFC)

A communication method for very close proximity, primarily used for in-person data exchange. Examples include contactless payment systems.

Mobile Device Management (MDM)

The process of managing, controlling, and securing an organization's mobile infrastructure. Solutions often involve web-based platforms with a centralized console for enforcing security across devices.

Strong Password/PIN

A strong and unique password or PIN used for device access.

Full Device Encryption

Protecting sensitive data on a device using encryption algorithms.

Remote Wipe

Remotely erasing sensitive data from a lost or stolen device.

Application and Content Management

Restricting access to apps and content based on specific rules.

Corporate-Owned Model

The organization owns and manages all devices.

BYOD (Bring Your Own Device)

Employees own their devices and manage them, but the organization may have some control for work purposes.

CYOD (Choose Your Own Device)

Employees choose from a pre-approved list of devices, but still control them.

VMI (Virtual Mobile Infrastructure)

Simulating mobile operating systems on virtual machines, allowing for centralized management.

Study Notes

Implementing Host and Software Security

• Implement Host Security
• Implement Cloud and Virtualization Security
• Implement Mobile Device Security
• Incorporate Security in the Software Development Lifecycle

Hardening

• The security technique of altering a system's configuration to close vulnerabilities and protect the system against attack.
• Typically implemented so systems conform to security policy.
• Many different techniques are available.
• Hardening may also restrict a system's capabilities.
• Hardening must be balanced against accessibility.

Operating System Security

• Each OS has unique vulnerabilities for attackers to exploit.
• Different OS types and OSes from different vendors have their own weaknesses.
• Vendors try to correct vulnerabilities while attackers try to exploit them.
• Stay up-to-date with security info posted by vendors and other references.
• Different types of OSes:
  • Network
  • Server
  • Workstation
  • Appliance
  • Mobile

Operating System Hardening Techniques

• Implement a principle of least functionality.
• Disable unnecessary network ports.
• Disable unnecessary services.
• Take advantage of secure configurations.
• Disable default accounts.
• Force users to change default passwords.
• Implement a patch management service.

Trusted Computing Base

• The hardware, firmware, and software component responsible for ensuring computer system security.
• Trusted operating system: Operating systems that fulfill security requirements as in a TCB.

Hardware and Firmware Security

• BIOS/UEFI: Basic Input/Output System and Unified Extensible Firmware Interface. Both firmware interfaces to initialize hardware for system boot. UEFI is more modern and secure.
• Root of trust and HSM: Root of trust enforces trusted computing through encryption. Hardware security module is a physical device that implements root of trust.
• TPM: Trusted Platform Module. Secure cryptoprocessor that generates keys for use in TCB. Secure boot is a UEFI feature that prevents malicious processes from executing during boot. Cryptographic hash taken of boot loader to ensure integrity. TPM can sign hash for third-party verification (remote attestation).

Security Baselines

• A collection of host security settings.
• Compare the baseline to the security settings of hosts in your network.
• Baselines are crucial for streamlining the host hardening process.
• Don't harden hosts in a vacuum; use the baseline as a security template.
• Each baseline will differ based on the computer's function and operating system.

Software Updates

• Patch: Small unit of code meant to address a security problem or functionality flaw.
• Hotfix: A patch issued on an emergency basis to address a specific security flaw.
• Rollup: A collection of previously issued patches and hotfixes.
• Service pack: A large compilation of system updates that can include functionality enhancements and any prior patches, hotfixes, and rollups.

Application Blacklisting and Whitelisting

• Blacklisting: Preventing the execution of all apps that are on a list of unauthorized apps.
  • Drawback: You can't block malicious apps you haven't identified.
• Whitelisting: Preventing the execution of all apps that aren't on a list of authorized apps.
  • Drawback: Creation and maintenance of list increases overhead.

Logging

• The process of an operating system or application recording data about activity on a computer.
• Logs stored as text files with varying levels of detail.
• Highly detailed logging can consume excessive storage space.
• Logs can reveal information about a suspected attack.
• Restrict access to logs and back them up routinely.

Auditing

• Performing an organized technical evaluation of a system's security to ensure it is in compliance.
• Similar to a security assessment.
• Auditing is focused more on ascertaining if the system meets a set of criteria.
• Criteria come from laws, regulations, standards, and organizational policy.
• Most audits are performed by third parties.
• Example: External auditor checks to see if online merchant is in compliance with PCI DSS.
• Commonly associated with reviewing log files.
• Can also test passwords, scan firewalls, review user permissions. Audits contribute to the overall hardening process.

Anti-malware Software

• Software that scans systems and networks for malicious software.
• Most scan for known malware.
• Some can scan for unknown malware.
• Install anti-malware on all computers.
• Keep anti-malware apps updated.

Types of Anti-malware Software

• Antivirus: Scans for code matching virus patterns (signature-based). Can actively monitor system for virus activity (behavior-based or heuristic).
• Anti-spam: Anti-spam filters detect key words used in spam messages. Can also block based on IPs of known spam sources. Functionality may come packaged with antivirus software.
• Anti-spyware: Designed specifically to identify and stop spyware.
• Pop-up blocker: Prevents websites from popping up elements in the browser. Most browsers include this functionality.
• Host-based firewalls: Not specifically designed for anti-malware. Can still block network traffic used by malware.

Embedded Systems

• Hardware and software systems that have a specific function within a larger system.
• Larger systems include everything from home appliances to industrial machines.
• Embedded systems are found in all kinds of technology and industries.
• Usually don't have the complexity of a PC or server.
• Their dedicated purpose often means less sophisticated architecture.
• May use an all-in-one microcontroller rather than discrete CPU/memory components.
• May not have a GUI.
• May still have an OS.
• Larger system may be user-friendly even if embedded system is not.

Security Implications for Embedded Systems

• Smart devices: Smart devices are electronic devices with network connectivity. Smart devices have autonomous computing properties. Security is an afterthought or not thought of at all.
• IoT: IoT devices are objects connected to the Internet. IoT devices use embedded electronic components. Like smart devices, security is very poor or non-existent.
• Camera systems: IP cameras are easier to manager than CCTV. Susceptible to standard networking risks. Can use encryption protocols to protect recorded data.
• Special purpose systems: Medical devices, ATMs, vehicles, etc. Security depends on purpose and functionality of systems.

Virtualization

• Virtualization: Creating a simulation of a computing environment.
• Simulates hardware and software.
• You create virtualized computers to run on physical computers.
• Example: Virtual Linux computer running on physical Windows
• Virtual machine: A virtualized computer.
• Advantages: Easier to manage, Cost-efficient, Power and resource-efficient.

Hypervisors

• The layer of software that separates the virtual software from the physical hardware it runs on.
• Manage resources on physical host and provide them to the virtual guests.
• Provide flexibility and increased efficiency of hardware use.
• Two basic types:
  • Type I: Run directly on host's hardware.
  • Type II: Run as an application on top of host operating system.

Cloud Computing

• Computing involving real-time communication over large distributed networks to provide various resources to a consumer.
• Typically relies on the Internet.
• "The cloud" refers to resources available on a particular service. Examples: Business sites, consumer sites, storage services, etc.
• You can access and manage resources from anywhere.
• Storage method and location are not visible to the consumer.
• Cloud computing uses virtualization to provision resources.

Cloud Deployment Models

• Private: Usually distributed by a single entity over a private network. Enables entities to exercise greater controller over services. Geared toward banking and governmental services.
• Public: Done over the Internet offering services to general consumers. Pay-as-you-go subscriptions and lower-tier services for free.
• Community: Security is a concern for anything traversing the Internet. Multiple entities sharing ownership of a cloud service. Done to pool resources for a common concern.
• Hybrid: Combines two or more of the previous models. Example: Private cloud for internal personnel, public for customers.

Cloud Service Types

• Software (SaaS): SaaS uses cloud to provide apps to users. Eliminates installation and purchasing of specific versions. Examples: Office 365, Salesforce, G Suite.
• Platform (PaaS): PaaS provides virtual systems to customers. Can include operating systems and application engines. Examples: Oracle Database, Azure SQL Database, Google App Engine.
• Infrastructure (IaaS): laaS provides access to infrastructure needs. Includes data centers, servers, networking, etc. Examples: Amazon EC2, Azure VMs, OpenStack.
• Security (SECaaS): SECaaS provides resources for security purposes. Includes authentication, anti-malware, intrusion detection, etc. Examples: Cloudflare, FireEye, SonicWall.

Mobile Device Connection Methods

• Cellular: Wireless connection to transceivers in fixed locations across the world. Used primarily by mobile phones for voice and text, but also data. Uses transport encryption, but users have little control over security.
• Wi-Fi: Wi-Fi networks provide local area connections for mobile devices. Can incorporate encryption and authentication if using secure protocols. Organizations have more control over Wi-Fi than cellular. Wireless technology primarily used for short-range communications.
• Bluetooth: Example: Wireless headset connected to a nearby smartphone. Susceptible to bluejacking and bluesnarfing. Wireless communication in very close proximity.
• NFC: Used primarily for in-person data exchange. Susceptible to BE signal interception and DoS flooding.

Mobile Device Management

• The process of tracking, controlling, and securing an organization's mobile infrastructure.
• MDM solutions are often web-based platforms with a centralized console. You can enforce security on all mobile devices at once, rather than individually.

Mobile Device Security Controls

• Screen lock: Option should be enabled with strict requirements for unlock. Can only be accessed by code user has set.
• Strong passwords and PINS: User should set up strong password/PIN for lock screen.
• Full device encryption: Data on devices should be encrypted to protect sensitive data.
• Remote wipe/lockout: Remote wipe: remotely delete sensitive data if device is lost or stolen. Remote lockout: remotely trigger lock screen if device is lost or stolen.
• Geolocation and geofencing: Geolocation: tracking the geographic location of devices. Geofencing: creating geographic boundaries for device functionality. Uphold principle of least privilege.
• Access controls: Consider context-aware authentication. Set restrictions on what apps/content user can access.
• Application and content management: Consider blacklisting or whitelisting apps.

Mobile Deployment Models

• Corporate-owned: Organization is sole owner of devices and has full management control. Most secure. May be too strict to be feasible.
• BYOD: Bring your own device-employees own and manage personal devices. Becoming increasingly common. Introduces security issues with new risks and questions of ownership.
• CYOD: Choose your own device-employees choose from a vetted list of devices. Employee still in control of device. Tries to mitigate BYOD vulnerabilities but not be too strict.
• COPE: Corporate-owned, personally enabled. Employees can still use devices for personal reasons. Organization still has some control, which can prompt privacy concerns.
• VMI: Virtual mobile infrastructure—similar to VDI but for mobile OSes. Employees connect to VMs running mobile OSes. Organization retains control during work; employee regains control when outside of work.

Software Development Lifecycle

• The practice of developing software across a lifecycle from initial planning to final deployment and obsolescence.
• Each developed app goes through distinct phases of this lifecycle.
• You must integrate security into each phase of the lifecycle.

Secure Coding Techniques

• Limiting dead code: Code that executes but produces results not used by app. Remove dead code to minimize risk.
• Server-side vs. client-side: Server side should validate input and execute code not meant for user. Client side should handle execution of GUI-based code.
• Limiting data exposure: Limit how much data the app exposes to users. Especially important in systems that provide access to multiple users.
• Memory management: Some languages manage memory automatically (Python, Java, etc.). Some languages require manual management (C, C++, etc.).
• Stored procedures: Pre-compiled database statements used for input validation. Deny user access to underlying data.