4_4_1 Section 4 – Operations and Incident Response - 4.4 – Securing an Environment- Endpoint Security Configuration

Questions and Answers

What is the endpoint referring to in the context of security?

• Cloud storage services
• Cybersecurity software
• Network routers and servers
• Devices used for daily work (correct)

What is the primary concern of the IT security team regarding applications on endpoints?

• Network bandwidth
• System performance
• Malware and vulnerabilities (correct)
• User productivity

What is the purpose of defining what applications are allowed or not allowed on a particular endpoint?

• To create a more secure and stable environment (correct)
• To enhance user experience
• To improve system performance
• To reduce network traffic

What might happen if a user downloads software from a third-party website?

The software might have some malicious software or malware (A)

What is one philosophy on how to implement application control on endpoints?

Using an approved list of applications (A)

What is the characterization of an approved list of applications for endpoint control?

A very restrictive list (A)

What is the purpose of a deny list in endpoint security?

To prevent specific applications from running on an endpoint (C)

What happens to an application when anti-malware software detects it as malicious?

It is removed from the system and placed in a quarantine area (D)

How can a hash be used to control application execution?

By taking a hash of an executable and allowing it to run if the hash matches (D)

What is the purpose of a digital signature in application execution?

To allow or deny execution based on the developer's name (C)

How can limiting permissions to specific folders enhance security?

By limiting the permissions to specific folders, creating a trusted area (B)

What is the purpose of setting a policy based on zones in endpoint security?

To allow or disallow applications based on the zone they are executing from (B)

What type of devices are referred to as endpoints in the context of security?

Desktop computers, laptops, smartphones, and tablets (C)

Why is it important to control what applications are running on an endpoint?

To prevent malware and vulnerabilities (A)

What is the responsibility of the IT security team regarding endpoints?

To monitor endpoints for alerts and alarms (A)

What is the risk of downloading software from a third-party website?

The software might contain malicious software or malware (A)

What is the goal of creating an approved list of applications for endpoint control?

To create a more secure and stable environment (C)

What is the result of restricting applications on an endpoint?

A more secure and stable environment (D)

What is the purpose of a blocklist in endpoint security?

To prevent specific applications from running on the endpoint (A)

What happens to an application when endpoint security software recognizes it as malicious?

It is placed in a quarantine folder (B)

What is the benefit of limiting the permissions to specific folders on a storage device?

It reduces the risk of malicious software installation (D)

What is the purpose of setting a policy based on zones in endpoint security?

To allow or disallow applications based on the zone they are executing from (D)

What is the purpose of digital signatures in application execution?

To identify the manufacturer or developer of the application (B)

What is the primary purpose of the IT security team in relation to endpoint security?

To prevent malicious applications from running on the endpoint (B)