Chapter 10 — Endpoint and Mobile Device Security
Call Kai
Learn
Practice Test
Spaced Repetition
Match
Flashcards
Knowt Play1/631
There's no tags or description
Looks like no tags are added yet.
Name | Mastery | Learn | Test | Matching | Spaced | Call with Kai |
|---|
No analytics yet
Send a link to your students to track their progress
632 Terms
Endpoint hardening
Endpoint hardening changes an operating system, application, or device configuration to reduce security risk and attack surface.Example: An administrator disables unused services, enables disk encryption, and applies secure baseline settings.Memory trick: Hardening makes the endpoint harder to attack.Trick question tip: Disabling unnecessary features, applying baselines, and reducing attack surface point to hardening.
Operating system security
Operating system security protects the core software of a system from unauthorized access, malware, data breaches, and misuse.Example: A workstation uses authentication, patching, endpoint protection, logging, and secure configurations.Memory trick: The OS is the foundation, so secure the foundation first.Trick question tip: Access control, authentication, patching, monitoring, and endpoint protection all apply to OS security.
Hardening balance
Hardening must be balanced against functionality and usability because restrictive settings can break applications or workflows.Example: Disabling an unused service improves security, but disabling a required service can stop a business application from working.Memory trick: Harden without breaking the job.Trick question tip: Security controls should reduce risk while preserving legitimate business function.
Security baseline
A security baseline is a standard set of secure configuration settings used to harden systems consistently.Example: Workstations receive a baseline that enables screen locks, firewall rules, and update settings.Memory trick: Baseline = secure starting line.Trick question tip: Standard checklists, templates, and approved configurations point to baselines.
Best practice baseline
A best practice baseline provides recommended secure settings developed from expert or industry guidance.Example: Administrators use a hardened workstation template based on recognized security guidance.Memory trick: Best practice baseline gives admins a trusted checklist.Trick question tip: Baselines help standardize hardening across many devices.
Configuration baseline template
A configuration baseline template applies approved secure settings automatically or consistently across systems.Example: A template configures password policies, firewall settings, and update behavior on new devices.Memory trick: Template repeats the secure setup.Trick question tip: Automated secure configuration across systems points to a baseline template.
Least functionality
Least functionality means a system should run only the protocols, services, applications, and features required for legitimate use.Example: A server disables unused remote-access services and unnecessary ports.Memory trick: If it is not needed, turn it off.Trick question tip: Reducing unnecessary services and features points to least functionality.
Attack surface
Attack surface is the total set of points where an attacker could interact with or exploit a system.Example: Unused services, open ports, unnecessary software, and extra interfaces increase attack surface.Memory trick: More doors mean more ways in.Trick question tip: Hardening reduces attack surface by removing unnecessary exposure.
Network interface
A network interface connects a device to a network and can be wired, wireless, modem-based, or management-focused.Example: A laptop has both wired and wireless network interfaces.Memory trick: Interface = network connection point.Trick question tip: Unneeded interfaces should be disabled, not merely ignored.
Unused interface risk
Unused interface risk occurs when an enabled but unnecessary network connection creates an extra path into the system.Example: A management network card is disabled because the device does not use remote management.Memory trick: Unused connection still creates exposure.Trick question tip: Disable unused wired, wireless, modem, or management interfaces.
Management network interface card
A management network interface card provides a dedicated management connection that may allow remote administrative access.Example: A server includes a separate management interface for out-of-band administration.Memory trick: Management NIC = admin access path.Trick question tip: If not required, management interfaces should be explicitly disabled or tightly controlled.
Service
A service is a background function or process that supports operating system features, applications, or remote client connections.Example: A file-sharing service allows remote clients to access shared folders.Memory trick: Services run in the background to provide functions.Trick question tip: Unused services should be disabled to reduce attack surface.
Unused service risk
Unused service risk occurs when unnecessary running services create vulnerabilities or remote access points.Example: An unused file-sharing service is disabled on a workstation.Memory trick: Running services are potential doors.Trick question tip: Disable unused services as part of endpoint hardening.
Application service port
An application service port allows client software to connect to an application over the network.Example: A web service listens for client connections on an allowed port.Memory trick: Ports are network doors for applications.Trick question tip: If remote access is not required, disable or block the port.
Unused port risk
Unused port risk occurs when open ports expose services that are not needed for business functions.Example: A firewall blocks an unnecessary remote-management port on a workstation.Memory trick: Open port, open opportunity.Trick question tip: Hardening includes closing or firewall-blocking unnecessary ports.
Nonstandard port
A nonstandard port is a port used for a service other than its typical default port.Example: A web service runs on a different port instead of its default.Memory trick: Nonstandard port means the service moved doors.Trick question tip: Do not assume a service is absent just because the default port is closed.
Malware over open port
Malware may try to send unexpected or nonstandard traffic over an allowed open port to bypass simple controls.Example: Suspicious traffic uses an allowed service port but does not match the expected protocol behavior.Memory trick: Malware may hide in allowed traffic paths.Trick question tip: IDS can detect data that does not conform to the expected protocol format.
Intrusion Detection System protocol validation
An Intrusion Detection System can identify traffic that does not match the expected protocol format for a port or service.Example: The IDS alerts when traffic on a web service port does not look like normal web traffic.Memory trick: IDS checks whether traffic acts like it should.Trick question tip: Protocol mismatch on an allowed port is an IDS detection clue.
Persistent storage
Persistent storage holds data that remains after power is removed, including user files and cached credentials.Example: A workstation drive stores documents, application data, and cached login information.Memory trick: Persistent storage remembers after shutdown.Trick question tip: Disk encryption protects data at rest on persistent storage.
Cached credential
Cached credentials are stored authentication information used to support later or offline access.Example: A laptop stores cached sign-in data for use when it cannot reach the domain controller.Memory trick: Cached credentials are remembered logins.Trick question tip: Stored credentials on endpoints increase the need for disk encryption and access protection.
Disk encryption
Disk encryption protects data at rest by encrypting information stored on a drive.Example: A lost laptop’s drive contents remain unreadable without the required key or authentication.Memory trick: Encrypt the disk so stolen storage is useless.Trick question tip: Data at rest on endpoints calls for disk encryption.
Self-encrypting drive
A self-encrypting drive automatically encrypts data stored on the drive using built-in hardware encryption.Example: A business laptop uses a self-encrypting drive to protect all stored files.Memory trick: The drive encrypts itself.Trick question tip: Self-encrypting drives protect persistent storage at rest.
Maintenance cycle
A maintenance cycle is a recurring process for updating, reviewing, patching, and adjusting device security over time.Example: Administrators regularly apply updates and review baseline compliance.Memory trick: Hardening is not one-and-done.Trick question tip: Keeping up with new threats requires ongoing maintenance.
Threat response maintenance
Threat response maintenance keeps systems updated against newly discovered threats affecting installed software and configurations.Example: A newly disclosed vulnerability triggers testing and deployment of a security patch.Memory trick: New threat, new response.Trick question tip: Patch management and configuration updates are part of endpoint hardening.
Workstation
Workstations are user endpoints that support day-to-day work and often run many applications, making them common attack targets.Example: Employee laptops and desktops require strong hardening and user-focused controls.Memory trick: Workstations sit on the front line.Trick question tip: Workstations have a large attack surface because users interact with many apps and files.
Workstation attack surface
Workstation attack surface is large because workstations support varied tasks, many applications, user browsing, email, removable media, and peripherals.Example: A user workstation has productivity tools, browsers, messaging apps, and USB access.Memory trick: More user activity means more exposure.Trick question tip: Workstations need extra hardening because they are heavily used by people.
Removing unnecessary software
Removing unnecessary software reduces attack surface by eliminating unused applications and components.Example: A workstation image excludes trialware and unused server tools.Memory trick: Less software means fewer weaknesses.Trick question tip: Unneeded applications should be removed, not just ignored.
Limiting administrative privileges
Limiting administrative privileges restricts users from making system-wide changes unless required for their role.Example: Standard users cannot install drivers or change security settings without approval.Memory trick: Fewer admins, fewer mistakes and attacks.Trick question tip: Least privilege is a core workstation hardening control.
Application installation control
Application installation control restricts who can install software and which applications are approved.Example: Users can install only authorized applications through a managed software portal.Memory trick: Control what gets installed.Trick question tip: Strictly managing app installs reduces malware and rogue software risk.
Application update management
Application update management ensures installed software receives approved security and stability updates.Example: Endpoint tools push browser and productivity-suite patches to workstations.Memory trick: Installed apps must stay patched.Trick question tip: Third-party application updates matter, not just operating system patches.
User awareness training
User awareness training teaches users how to recognize threats and follow secure behavior.Example: Employees learn to identify phishing messages and handle sensitive data carefully.Memory trick: Users are part of endpoint defense.Trick question tip: Phishing, passwords, Internet use, and data handling often require awareness training.
Phishing awareness
Phishing awareness teaches users to recognize deceptive messages that attempt to steal credentials or trigger unsafe actions.Example: A user reports a suspicious login email instead of clicking the link.Memory trick: Train users before attackers trick them.Trick question tip: User-focused security is especially important for workstations.
Secure password behavior
Secure password behavior includes using strong passwords, avoiding reuse, and following organizational authentication policies.Example: A user avoids using the same password across personal and work accounts.Memory trick: Password habits affect endpoint security.Trick question tip: User behavior supports technical hardening.
Responsible Internet use
Responsible Internet use means following policies for safe and appropriate browsing, downloading, and online activity.Example: A user avoids downloading unapproved tools from unknown sources.Memory trick: Unsafe browsing can weaken endpoints.Trick question tip: Workstation security includes user practices, not just device settings.
Sensitive data handling
Sensitive data handling means using approved methods to store, transmit, and protect confidential or regulated information.Example: An employee stores customer records only in approved encrypted systems.Memory trick: Sensitive data needs careful handling.Trick question tip: Workstation users must be trained on data handling because endpoints often process sensitive information.
Automatic updates
Automatic updates help keep operating systems and applications current with security fixes.Example: Workstations automatically install approved security patches after testing.Memory trick: Automatic updates close known holes faster.Trick question tip: Patch management is a major endpoint hardening practice.
Screen lock
A screen lock prevents unauthorized access when a user steps away from a workstation.Example: A workstation locks after a short period of inactivity.Memory trick: Lock the screen before someone else uses it.Trick question tip: Auto-lock settings reduce unattended workstation risk.
Host firewall
A host firewall controls inbound and outbound network traffic on an individual endpoint.Example: A workstation blocks unsolicited inbound connections.Memory trick: Host firewall guards one machine.Trick question tip: Endpoint hardening often includes enabling and configuring the local firewall.
Endpoint protection
Endpoint protection detects, prevents, or responds to malware and suspicious activity on endpoints.Example: Endpoint protection blocks a malicious file before execution.Memory trick: Endpoint protection watches the device itself.Trick question tip: Workstations need endpoint protection because they are exposed to users, files, and web content.
Host-based intrusion detection
A host-based intrusion detection system monitors a device for suspicious activity or changes.Example: HIDS alerts when a protected registry setting changes unexpectedly.Memory trick: HIDS watches from inside the host.Trick question tip: Suspicious local events, file changes, or registry changes point to HIDS.
Host-based intrusion prevention
A host-based intrusion prevention system can block suspicious activity on the endpoint.Example: HIPS prevents an unauthorized process from changing a protected setting.Memory trick: HIPS can stop, HIDS mainly detects.Trick question tip: Prevention means blocking, not just alerting.
Increased logging
Increased logging captures more security-relevant events to support monitoring, troubleshooting, and incident response.Example: Workstations log authentication failures and privileged changes.Memory trick: More useful logs mean better visibility.Trick question tip: Logging supports detection and investigation but must be managed to avoid noise.
Workstation encryption
Workstation encryption protects stored data on user devices from exposure if the device is lost or stolen.Example: Full-disk encryption protects files on a stolen laptop.Memory trick: Lost laptop, encrypted data.Trick question tip: Portable endpoints especially need disk encryption.
USB port control
USB port control restricts or blocks removable devices to reduce malware and data-loss risk.Example: Endpoint protection blocks unauthorized USB storage devices.Memory trick: USB ports are tiny doors into and out of the endpoint.Trick question tip: Peripheral control and removable media restrictions are workstation hardening controls.
Device control policy
A device control policy defines which peripheral devices are allowed, blocked, or restricted on endpoints.Example: Only approved encrypted USB drives can connect to company workstations.Memory trick: Device policy controls plug-in hardware.Trick question tip: USB, external drives, and peripherals point to device control.
Workstation segmentation
Workstation segmentation restricts communication between endpoints or groups of endpoints to limit lateral movement.Example: Workstations in one department cannot freely connect to another department’s systems.Memory trick: Segmentation keeps compromise from spreading.Trick question tip: Limiting malware propagation and attacker movement points to segmentation.
Baseline configuration
Baseline configuration is the approved secure configuration standard for a particular type of system.Example: Separate baselines are used for desktop clients, file servers, and DNS servers.Memory trick: Different systems need different secure templates.Trick question tip: Baselines should match system role, not be identical for every device.
Separate system baselines
Separate system baselines are used because different device roles require different secure settings.Example: A file server baseline differs from a workstation baseline.Memory trick: Role decides baseline.Trick question tip: Desktop clients, file servers, DNS servers, application servers, and directory servers may need separate baselines.
Windows registry
The Windows registry stores configuration settings for the operating system, applications, users, and security policies.Example: A policy setting modifies a registry value on a domain-joined computer.Memory trick: Registry = Windows configuration database.Trick question tip: Windows configuration changes often involve registry settings.
Group Policy Object (GPO)
A Group Policy Object is a Windows domain policy mechanism used to apply configuration settings to users and computers.Example: A domain GPO enforces screen-lock and firewall settings on workstations.Memory trick: GPO pushes policy in a domain.Trick question tip: Domain-joined computers receiving policy settings point to GPOs.
GPO registry application
GPO settings are applied to the registry when a domain-joined computer processes policy, such as during startup.Example: A workstation receives approved security settings each time it boots and refreshes policy.Memory trick: GPO writes policy into Windows settings.Trick question tip: Registry values controlled by policy should not randomly change.
Registry least privilege
Registry least privilege limits the ability to modify registry settings to only authorized users and service accounts.Example: Standard users cannot change security-relevant registry keys.Memory trick: Registry changes need restricted rights.Trick question tip: Unauthorized registry modification can weaken host security.
Suspicious registry event
A suspicious registry event is an unexpected or unauthorized change to registry settings that may indicate malware, misconfiguration, or policy tampering.Example: HIDS alerts when a startup-related registry key changes unexpectedly.Memory trick: Registry changes can reveal compromise.Trick question tip: HIDS can monitor registry changes for suspicious activity.
Baseline deviation
Baseline deviation occurs when a system’s actual configuration no longer matches the approved baseline.Example: A workstation has an unauthorized service enabled that is not allowed by the baseline.Memory trick: Deviation means the system drifted away from the secure template.Trick question tip: Configuration drift and mismatched baseline settings point to deviation.
Baseline deviation reporting
Baseline deviation reporting tests and reports whether hosts match the approved baseline configuration.Example: A compliance report shows which systems failed secure configuration checks.Memory trick: Report which systems drifted.Trick question tip: Validating actual settings against a template is baseline deviation reporting.
Security Compliance Toolkit
Security Compliance Toolkit is a Microsoft toolset used to compare and manage Windows security baselines and policy settings.Example: Administrators compare production GPO settings against approved Microsoft security baselines.Memory trick: Toolkit helps check Windows baseline compliance.Trick question tip: Modern Microsoft baseline validation points to Security Compliance Toolkit rather than older tools.
Microsoft Baseline Security Analyzer (MBSA)
Microsoft Baseline Security Analyzer was an older Microsoft tool used to validate Windows security configuration but has been replaced by newer compliance tools.Example: A legacy environment previously used MBSA for security checks.Memory trick: MBSA is old baseline checking.Trick question tip: If the question asks for current Microsoft baseline tools, prefer Security Compliance Toolkit.
Configuration drift
Configuration drift is the gradual movement of system settings away from the approved baseline over time.Example: Different administrators make manual changes that leave workstations inconsistent.Memory trick: Drift means systems slowly wander from the standard.Trick question tip: Baseline reporting helps detect configuration drift.
Endpoint hardening defense in depth
Endpoint hardening defense in depth combines secure baselines, least functionality, disabled unused interfaces and services, blocked ports, encryption, patching, endpoint protection, logging, device control, segmentation, GPOs, and deviation reporting.Example: A workstation uses a secure baseline, full-disk encryption, local firewall rules, USB restrictions, and monitored registry settings.Memory trick: Disable what is unnecessary, protect what remains, and check for drift.Trick question tip: Strong endpoint hardening uses many controls, not one setting.