Class 10: Endpoint and Mobile Device Security
Call Kai
Learn
Practice Test
Spaced Repetition
Match
Flashcards
Knowt Play1/65
There's no tags or description
Looks like no tags are added yet.
Name | Mastery | Learn | Test | Matching | Spaced | Call with Kai |
|---|
No analytics yet
Send a link to your students to track their progress
66 Terms
Endpoint hardening
Endpoint hardening changes an operating system, application, or device configuration to reduce security risk and attack surface.
Example: A workstation disables unused services, enables disk encryption, applies patches, and follows a secure baseline.
Memory trick: Hardening makes the endpoint harder to attack.
Trick question tip: Disabling unnecessary features, applying baselines, patching, encryption, and reducing attack surface point to endpoint hardening.
Security baseline
A security baseline is a standardized set of approved secure settings used to configure similar systems consistently.
Example: All managed laptops receive the same screen-lock, firewall, update, and logging settings.
Memory trick: Baseline = secure starting line.
Trick question tip: A baseline defines required settings; hardening applies and strengthens them.
Least functionality
Least functionality means a system should run only the services, applications, protocols, interfaces, and features required for its job.
Example: A server disables unused remote-access services and unnecessary ports.
Memory trick: If it is not needed, turn it off.
Trick question tip: Reducing unnecessary services and features points to least functionality and attack-surface reduction.
Attack surface
Attack surface is the total set of exposed services, ports, accounts, interfaces, applications, and features an attacker could target.
Example: Removing unused software and closing unused ports reduces the number of possible entry points.
Memory trick: More doors mean more ways in.
Trick question tip: Hardening usually reduces attack surface rather than adding more exposed functionality.
Unused interfaces, services, and ports
Enabled but unnecessary interfaces, background services, and open ports create extra pathways into an endpoint.
Example: An administrator disables a management NIC, turns off unused file sharing, and blocks an unnecessary remote-management port.
Memory trick: Unused connection still creates exposure.
Trick question tip: Disable or block unused items; do not merely ignore them.
Nonstandard port risk
A nonstandard port is a port used for a service other than its usual default port, which can hide a service from casual checks but does not secure it.
Example: A web service runs on a different port but still requires authentication, patching, and monitoring.
Memory trick: Moving the door is not locking it.
Trick question tip: Do not assume a service is absent because its default port is closed.
Protocol validation by IDS
An IDS can identify traffic that does not match the expected protocol behavior for a port or service.
Example: Traffic using an allowed web port is flagged because it does not look like normal web traffic.
Memory trick: IDS checks whether traffic acts like it should.
Trick question tip: Protocol mismatch on an allowed port points to IDS protocol validation.
Persistent storage and cached credentials
Persistent storage keeps data after power is removed, and cached credentials are stored authentication data used for later or offline access.
Example: A laptop drive stores documents and cached sign-in data for offline use.
Memory trick: Persistent storage remembers after shutdown.
Trick question tip: Stored endpoint data and cached credentials increase the need for disk encryption and strong access controls.
Disk encryption
Disk encryption protects data at rest by making stored information unreadable without the required key or authentication.
Example: A stolen laptop’s drive contents remain unreadable because full-disk encryption is enabled.
Memory trick: Encrypt the disk so stolen storage is useless.
Trick question tip: Lost or stolen endpoint plus stored data protection points to disk encryption.
Self-encrypting drive
A self-encrypting drive automatically encrypts stored data using built-in hardware encryption.
Example: A business laptop uses a self-encrypting drive to protect all stored files.
Memory trick: The drive encrypts itself.
Trick question tip: SEDs protect persistent storage at rest but still require strong authentication and key management.
Maintenance cycle
A maintenance cycle is the recurring process of updating, reviewing, patching, and adjusting endpoint security over time.
Example: Administrators regularly apply updates and check whether devices still match the baseline.
Memory trick: Hardening is not one-and-done.
Trick question tip: New threats require ongoing patching, review, and configuration updates.
Workstation hardening
Workstation hardening protects user endpoints that browse the web, read email, use removable media, and run many applications.
Example: A managed laptop uses endpoint protection, automatic updates, screen lock, USB controls, and least privilege.
Memory trick: Workstations sit on the front line.
Trick question tip: User activity, browsing, email, files, and peripherals make workstations high-risk endpoints.
Removing unnecessary software
Removing unnecessary software reduces attack surface by eliminating unused applications, trialware, tools, and components.
Example: A standard workstation image excludes unapproved utilities and unused server tools.
Memory trick: Less software means fewer weaknesses.
Trick question tip: Unneeded applications should be removed, not simply left unused.
Limiting administrative privileges
Limiting administrative privileges prevents users from making system-wide changes unless their role requires it.
Example: Standard users cannot install drivers or change security settings without approval.
Memory trick: Fewer admins, fewer mistakes and attacks.
Trick question tip: Least privilege reduces damage from malware, insider misuse, and accidental changes.
Application installation control
Application installation control restricts who can install software and which applications are approved.
Example: Users install only authorized software through a managed company portal.
Memory trick: Control what gets installed.
Trick question tip: Restricting application installation reduces malware, rogue software, and licensing risk.
Application update management
Application update management ensures third-party and built-in applications receive approved security and stability updates.
Example: Endpoint tools push browser and productivity-suite patches to workstations.
Memory trick: Installed apps must stay patched.
Trick question tip: Endpoint patching includes applications, not only the operating system.
User awareness training
User awareness training teaches secure behavior for phishing, passwords, internet use, removable media, and sensitive data handling.
Example: Employees learn to report suspicious messages and avoid unapproved downloads.
Memory trick: Users are part of endpoint defense.
Trick question tip: Training is the best clue when the weakness is user behavior rather than a missing technical setting.
Automatic updates
Automatic updates help endpoints receive security fixes consistently and quickly after approval or testing.
Example: Workstations automatically install approved security patches after a staged rollout.
Memory trick: Updates close known holes faster.
Trick question tip: Automatic updating supports patch management but still needs testing, monitoring, and rollback planning.
Screen lock
A screen lock requires authentication before someone can access an unattended device.
Example: A workstation locks after several minutes of inactivity.
Memory trick: Lock the screen before someone else uses it.
Trick question tip: Unattended workstation risk points to screen-lock enforcement.
Host firewall
A host firewall controls inbound and outbound traffic on an individual endpoint.
Example: A workstation blocks unsolicited inbound connections but permits required business traffic.
Memory trick: Host firewall guards one machine.
Trick question tip: A host firewall protects the endpoint itself; a network firewall protects traffic between zones.
Endpoint protection
Endpoint protection detects, blocks, quarantines, or responds to malware and suspicious activity on individual devices.
Example: Endpoint protection blocks a malicious file before it executes.
Memory trick: Endpoint protection watches the device itself.
Trick question tip: Endpoint protection is one layer and does not replace patching, least privilege, or secure configuration.
HIDS versus HIPS
A HIDS detects and alerts on suspicious host activity, while a HIPS can actively block suspicious activity on the endpoint.
Example: A HIDS alerts on an unexpected registry change, while a HIPS blocks an unauthorized process action.
Memory trick: HIDS detects; HIPS prevents.
Trick question tip: Detection and alerting point to HIDS; blocking points to HIPS.
Increased logging
Increased logging records more security-relevant endpoint events to support monitoring, troubleshooting, and incident response.
Example: Workstations log authentication failures, privilege use, and protected-setting changes.
Memory trick: Logs remember what happened.
Trick question tip: Logging creates evidence but must be tuned so it does not create useless noise.
USB port control
USB port control restricts or blocks removable devices to reduce malware and data-loss risk.
Example: Only approved encrypted USB drives can connect to company workstations.
Memory trick: USB ports are tiny doors in and out.
Trick question tip: USB malware, removable storage, and peripheral restrictions point to device control.
Device control policy
A device control policy defines which peripherals are allowed, blocked, or restricted on endpoints.
Example: External storage is blocked unless it is company-approved and encrypted.
Memory trick: Device policy controls plug-in hardware.
Trick question tip: External drives, USB devices, and peripherals point to device control.
Workstation segmentation
Workstation segmentation limits communication between endpoints or endpoint groups to reduce lateral movement.
Example: A workstation in one department cannot freely connect to another department’s systems.
Memory trick: Segmentation keeps compromise from spreading.
Trick question tip: Limiting malware propagation or attacker movement points to segmentation.
Windows registry
The Windows registry stores operating-system, application, user, and security configuration settings.
Example: A policy setting modifies registry values on a domain-joined workstation.
Memory trick: Registry = Windows configuration database.
Trick question tip: Unexpected registry changes may indicate malware, tampering, or misconfiguration.
Group Policy Object (GPO)
A GPO centrally applies configuration settings to users and computers in a Microsoft domain environment.
Example: A domain GPO enforces screen-lock, firewall, and update settings on workstations.
Memory trick: GPO pushes policy in a Windows domain.
Trick question tip: Domain-joined computers receiving centralized settings point to GPOs.
Baseline deviation and drift
Baseline deviation occurs when actual settings no longer match the approved baseline, and configuration drift is the gradual movement away from approved settings over time.
Example: A workstation has an unauthorized service enabled after manual troubleshooting.
Memory trick: Deviation means drift from the template.
Trick question tip: Baseline reporting and compliance tools detect drift and unauthorized changes.
Security Compliance Toolkit versus MBSA
Microsoft Security Compliance Toolkit is a modern toolset for managing and comparing Windows security baselines, while MBSA is an older retired baseline-checking tool.
Example: Administrators compare current GPO settings against approved Microsoft baselines.
Memory trick: Toolkit is modern; MBSA is old.
Trick question tip: If the question asks for current Microsoft baseline validation, prefer Security Compliance Toolkit.
Endpoint hardening defense in depth
Strong endpoint hardening combines baselines, least functionality, disabled unused interfaces, blocked ports, encryption, patching, endpoint protection, logging, device control, segmentation, GPOs, and deviation reporting.
Example: A workstation uses full-disk encryption, local firewall rules, USB restrictions, approved software, and monitored registry settings.
Memory trick: Disable what is unnecessary, protect what remains, and check for drift.
Trick question tip: Endpoint hardening is a layered process, not one single setting.
Mobile hardening
Mobile hardening applies endpoint-security controls to smartphones and tablets while accounting for portability, apps, wireless radios, location services, and theft risk.
Example: A company enforces encryption, screen locks, remote wipe, app restrictions, and operating-system updates on phones.
Memory trick: Mobile devices walk away, so harden them harder.
Trick question tip: Remote wipe, screen locks, GPS, Bluetooth, NFC, MDM, and app permissions point to mobile hardening.
Mobile versus desktop hardening
Mobile and desktop hardening share basics such as updates, strong authentication, endpoint protection, and least privilege, but mobile devices add extra risks from portability and wireless features.
Example: Both laptops and phones need updates, but phones also need remote wipe and app permission control.
Memory trick: Same basics, extra mobile risks.
Trick question tip: Loss, theft, app permissions, GPS, Bluetooth, and NFC make mobile hardening different.
Remote wipe
Remote wipe deletes data from a mobile device through a management console when the device is lost, stolen, retired, or no longer trusted.
Example: IT remotely wipes a stolen phone to protect corporate data.
Memory trick: Remote wipe erases from far away.
Trick question tip: Lost or stolen mobile device plus data protection points to remote wipe.
Secure lock screen
A secure lock screen requires authentication before a person can access a mobile device.
Example: A phone requires a strong passcode or biometric unlock before use.
Memory trick: Lock the screen, protect the device.
Trick question tip: Mobile loss or theft makes screen-lock enforcement important.
Mobile app permissions
Mobile app permissions control which device features and data an application can access.
Example: A map app requests location access while a simple calculator is denied contact access.
Memory trick: Permissions decide what apps can touch.
Trick question tip: Excessive app permissions create privacy and data exposure risk.
Mobile app ecosystem risk
The mobile app ecosystem includes many apps with different permission needs, update practices, and privacy behaviors.
Example: A mobile app requests access to contacts, camera, storage, and location.
Memory trick: Apps want permissions; permissions create risk.
Trick question tip: App permissions and privacy concerns are common mobile-security clues.
BYOD
Bring Your Own Device allows employees to use personally owned devices for work, reducing hardware cost but increasing control, privacy, and support challenges.
Example: An employee uses a personal phone to access corporate email under company policy.
Memory trick: BYOD = employee owns it.
Trick question tip: Personal ownership and mixed personal/work use point to BYOD.
COPE
Corporate Owned, Personally Enabled means the organization owns the device but allows limited personal use.
Example: A company-issued phone permits personal browsing while remaining managed by IT.
Memory trick: COPE = company owns, personal allowed.
Trick question tip: Corporate ownership plus allowed personal use points to COPE.
COBO
Corporate Owned, Business Only means the organization owns the device and restricts it to business use.
Example: A company-issued phone is locked down for work applications only.
Memory trick: COBO = company owns, business only.
Trick question tip: COBO offers the highest organizational control but least personal flexibility.
CYOD
Choose Your Own Device lets employees choose from a preapproved list of organization-supported devices.
Example: An employee selects a phone model from a company-approved list.
Memory trick: CYOD = controlled choice.
Trick question tip: Employee choice from an approved list points to CYOD, not BYOD.
Mobile deployment model comparison
BYOD offers flexibility and cost savings but less control, COPE balances company control with personal use, COBO provides maximum control, and CYOD gives limited choice from approved models.
Example: A company chooses COPE when it wants ownership and management while allowing limited personal use.
Memory trick: More user freedom usually means less company control.
Trick question tip: Device ownership and personal-use rules are the key exam distinction.
Mobile Device Management (MDM)
MDM centrally manages, secures, monitors, inventories, and enforces policies on smartphones, tablets, and other mobile endpoints.
Example: IT uses MDM to require encryption, screen locks, approved apps, and remote wipe.
Memory trick: MDM manages mobile devices.
Trick question tip: Policy enforcement, remote lock/wipe, app control, mobile inventory, and compliance checks point to MDM.
MDM compliance and quarantine
MDM can check device compliance and block, quarantine, or restrict devices that fail security requirements.
Example: A phone without required encryption is blocked from corporate email.
Memory trick: MDM checks before access.
Trick question tip: Quarantining or blocking noncompliant mobile devices points to MDM.
Mobile Application Management (MAM)
MAM manages and secures specific mobile applications and their data rather than controlling the entire device.
Example: Corporate email data can be wiped from an app while personal photos remain untouched.
Memory trick: MAM controls the app, not the whole phone.
Trick question tip: BYOD privacy concerns often favor MAM or app-container controls.
Mobile content management
Mobile content management controls how corporate files and data are stored, shared, synchronized, and accessed on mobile devices.
Example: A policy prevents sensitive documents from being saved to unapproved personal storage.
Memory trick: Control the company data on the device.
Trick question tip: Document sharing, app data leakage, and corporate file access point to mobile content controls.
Full device encryption for mobile
Full device encryption protects stored mobile data so it is harder to read if a device is lost or stolen.
Example: A stolen phone’s data remains unreadable without the correct unlock secret and encryption key.
Memory trick: Encrypt the phone before it walks away.
Trick question tip: Lost or stolen mobile device plus stored data protection points to mobile encryption.
External media encryption
External media encryption protects removable storage used with endpoints or mobile devices.
Example: An approved external drive encrypts business data before it leaves the office.
Memory trick: Encrypt removable storage too.
Trick question tip: Removable media with sensitive data points to external media encryption and device control.
Geolocation
Geolocation identifies or estimates a device’s location using technologies such as GPS, Wi-Fi, cellular signals, Bluetooth, RFID, or indoor positioning.
Example: A managed phone reports its location when marked lost.
Memory trick: Geolocation tells where the device is.
Trick question tip: Location tracking can support security but also creates privacy and confidentiality risk.
GPS versus indoor positioning system
GPS uses satellite signals to estimate location, while an indoor positioning system estimates location using nearby wireless signals such as Wi-Fi, Bluetooth, cellular, or RFID.
Example: A phone uses GPS outdoors and Wi-Fi or Bluetooth signals inside a building.
Memory trick: GPS uses satellites; IPS uses nearby signals.
Trick question tip: Indoor location estimates without satellites point to IPS.
Geofencing
Geofencing applies policy based on whether a device is inside or outside a defined geographic boundary.
Example: A corporate app becomes unavailable when the phone leaves an approved country or facility.
Memory trick: Geofencing draws a virtual boundary.
Trick question tip: Location-based allow or block rules point to geofencing.
Context-aware authentication
Context-aware authentication changes access decisions based on signals such as location, device health, network, time, behavior, and risk.
Example: A login from an unusual location requires additional verification.
Memory trick: Authentication adapts to context.
Trick question tip: If access changes because of location or device posture, think context-aware authentication.
GPS tagging risk
GPS tagging stores location metadata in files such as photos, which can reveal where a person, facility, or activity occurred.
Example: A photo taken at a secure site exposes location metadata when shared.
Memory trick: Photo metadata can tell where you were.
Trick question tip: GPS metadata can be both a personal privacy risk and an organizational confidentiality risk.
Camera and microphone restrictions
Camera and microphone restrictions limit capture of audio, video, or images in sensitive environments.
Example: MDM disables the camera when a device enters a secure area.
Memory trick: Control sensors that can leak secrets.
Trick question tip: Secure areas, recording restrictions, and mobile sensors point to camera or microphone controls.
Cellular data connection risk
Cellular data lets mobile devices access networks through a carrier but may bypass enterprise network monitoring and filtering.
Example: A phone using cellular data does not pass through the company web filter.
Memory trick: Cellular can go around company defenses.
Trick question tip: Use endpoint-based controls and VPN because cellular traffic may avoid internal protections.
VPN for cellular data
A VPN protects mobile traffic over carrier networks by creating an encrypted tunnel to approved resources.
Example: A remote employee connects to a VPN before accessing internal systems from a phone.
Memory trick: VPN wraps mobile traffic in encryption.
Trick question tip: Secure tunnel over cellular data points to VPN.
Wi-Fi tethering and hotspot risk
Tethering or hotspot features share a mobile device’s network connection with other devices, which can bypass normal network controls or expose the device to unauthorized clients.
Example: A phone shares cellular access with a laptop outside the company’s filtered network.
Memory trick: Tethering turns the phone into a network bridge.
Trick question tip: Unauthorized hotspot use can bypass enterprise monitoring and policy enforcement.
Bluetooth
Bluetooth provides short-range wireless communication between devices and peripherals, but pairing, discovery, weak PINs, and outdated versions can create risk.
Example: A phone pairs with a headset using an approved secure pairing method.
Memory trick: Bluetooth is short-range but still attackable.
Trick question tip: Bluetooth security questions often mention pairing, PINs, discovery mode, or nearby peripherals.
Bluesnarfing
Bluesnarfing is unauthorized theft of information from a Bluetooth-enabled device.
Example: An attacker extracts contact or message data from a vulnerable nearby device.
Memory trick: Snarfing steals data.
Trick question tip: Bluetooth plus data exfiltration points to bluesnarfing.
Bluejacking and bluebugging
Bluejacking sends unsolicited messages over Bluetooth, while bluebugging takes control of Bluetooth functions or the device.
Example: An attacker sends unwanted Bluetooth messages in one case and controls calling features in another.
Memory trick: Jacking annoys; bugging controls.
Trick question tip: Message spam over Bluetooth points to bluejacking; unauthorized control points to bluebugging.
Bluetooth peripheral risk
Bluetooth peripherals can introduce risk if they are malicious, compromised, outdated, or use weak pairing.
Example: A compromised keyboard sends unexpected commands to a paired tablet.
Memory trick: Peripherals can become attack paths.
Trick question tip: Malicious firmware or suspicious behavior from a paired device points to peripheral risk.
NFC
Near Field Communication is a very short-range wireless technology used for contactless payments, tag reading, pairing, and small data exchanges.
Example: A phone taps a point-of-sale terminal to make a payment.
Memory trick: NFC works when devices are very close.
Trick question tip: Contactless payment, RFID tags, tap-to-pair, or device bumping points to NFC.
NFC tag risk
NFC tags can direct devices to websites, launch actions, or exchange data, so malicious or tampered tags can create phishing or malware risks.
Example: A poster tag opens a malicious page instead of the expected information.
Memory trick: Tap the wrong tag, open the wrong action.
Trick question tip: NFC does not automatically make the destination trustworthy.
Mobile wallet and tokenization
A mobile wallet stores payment credentials and usually sends a payment token instead of the original card number during contactless payment.
Example: A wallet app transmits a limited-use token when the phone is tapped at checkout.
Memory trick: Token replaces the real card number.
Trick question tip: Mobile-wallet transactions using tokens point to payment tokenization.
Contactless card skimming
Contactless card skimming reads payment-card information without permission, though modern mobile-wallet tokenization reduces exposure of the original card number.
Example: An attacker skims limited information from a contactless card.
Memory trick: Skimming reads card data without permission.
Trick question tip: Card skimming may reveal card details, while mobile wallets typically use tokens.
Mobile hardening defense in depth
Mobile defense in depth combines updates, strong passwords, endpoint protection, encryption, secure lock screens, MDM or MAM, app controls, geofencing, remote wipe, and user awareness.
Example: A COPE phone is enrolled in MDM, encrypted, restricted to approved apps, and remotely wipeable.
Memory trick: Manage the device, protect the data, control the apps, prepare for loss.
Trick question tip: Strong mobile security depends on both technical controls and the chosen ownership model.