Chapter 5

  1. What is least functionality?
    A core principle associated with secure systems design that sates systems should be deployed only with the applications, services, and protocols they need to meet their purpose.
  2. What does the book define a "trusted operating system" as?
    An operating system that meets a set of predetermined requirements with a heavy emphasis on authentication and authorization.
  3. What is Symantic Ghost?
    A popular imaging application
  4. What are two benefits of Imaging?
    • Secure starting point
    • Reduced costs
  5. What does Resiliency and automation strategies include?
    Automation, scripting and templates that can help deploy systems securely and keep them in a secure state.
  6. What does EMP and ESD stand for?
    • EMP = Electromagnetic energy
    • EMI - electromagnetic pulse (motors, power lines, and flourescent lights)
  7. What is a TPM?
    A Trusted Platform Module is a hardware chip on the computer's motherboard that stores cryptographic keys used for encryption.
  8. What is a HSM?
    • A hardware security module is a security device you can add to a system to manage, generate, and securely store cryptographic keys.
    • Can be expansion cards you install within a server or as devices you plug into computer ports.
  9. What are high performance HSMs?
    High-performance hardware security modules are external devices connected to a network using TCP/IP.
  10. What provdes a hardware root of trust, secure boot, and can be configured for remote attestation?
    • HSMs and TPM
    • Hardware security modules
    • Trusted platform modules
  11. What is a notable difference between HSM (hardware security modules) and TPM (Trusted Platform Modules)?
    HSMs are removable or external
  12. What is a CASB?
    a cloud access security broker is a software tool or service deployed between an organization's network and the cloud provider. It monitors all network traffic and can enforce security policies.
  13. What are the four categories of cloud deployment models?
    • public
    • private
    • community
    • hybrid
    • These identify who has access to the cloud infrastructure.
  14. What does COPE stand for?
    Corporate-owned, personally enabled. Corporate bought it, but you can use it for whatever you want. Still managed by the company tho.
  15. What does SATCOM stand for?
    Satellite communications. - some devices support this type of connection.
  16. What does MDM stand for?
    Mobile Device Management - Includes the technologies to manage mobile devices.
  17. What is a SoC?
    • System on a chip is an integrated curcuit that includes all the functionality of a computing system within the hardware.
    • It typically includes an application contained within onboard memory, such as read-only memory (ROM) or flash memory.
  18. What is an ICS?
    • An industrial control system refers to systems within large facilities such as power plants or water treatment faciliites.
    • ICS is usually controlled by supervisory control and data acquisition (SCADA) systems.
  19. What was Stuxnet?
    Stuxnet is a computer worm designed to attack a specific embedded system used in one of Iran's nuclear enrichment facilities. It caused centrifuges to spin fast enough to tear themselves apart and some reports indicated it destroyed as many as 20 percent of these centrifuges.
  20. What does the number "5" mean in permissions on linux?
    5 indicates Read(4) + Execute (1)
  21. What does the number "6" mean in permissions on linux?
    6 indicates read(4) + write (2)
  22. What does the number "7" mean in permissions on linux?
    7 indicates Read(4) + Write (2) + Execute(1)
Card Set
Chapter 5
Chapter 5