4.1 Given a scenario, apply common security techniques to computing resources

These flashcards are designed to help students review key concepts related to applying security techniques to computing resources, focusing on device hardening, secure configuration practices, and risk management.

Device hardening is the practice of changing configurations to secure systems from threats by reducing the vulnerabilities attributed to __________ configurations.

default

Common techniques for device hardening include regular update processes, secure password policies, the principle of __________, and disabling unnecessary software.

least privilege

A secure baseline is a collection of standard configurations and settings for network devices, software, and __________ controls.

access

The Center for __________ Security (CIS) Benchmarks are a resource for secure configuration best practices.

Internet

Security Technical Implementation Guides (STIGs) are developed by the Defense Information Systems Agency (____________) for standardized security configurations.

DISA

Tools like Puppet and Chef are used for __________ management to automate the deployment of secure baseline configurations.

configuration

Regular security audits and __________ assessments ensure ongoing system security.

vulnerability

The principle of __________ states that users should only have the minimum permissions necessary to complete their duties.

least privilege

Wireless Access Points (WAPs) must be configured to use a specific __________ to reduce interference.

channel

An example of hardening practices for switches and routers is to disable unnecessary services and __________.

interfaces

Full Disk Encryption (FDE) protects sensitive data by encrypting the entire contents of the __________.

drive

Mobile Device Management (MDM) allows IT departments to maintain an inventory of all mobile devices __________ corporate resources.

accessing

Various security standards define requirements, controls, and procedures relevant to RTOS and embedded systems, such as __________.

ISO/IEC 15408

Sandboxing is used to isolate running processes from each other, effectively controlling a program so it runs with __________ access.

restrictive

The __________ attribute must be used for cookies to ensure they are only sent over HTTPS connections.

Secure

Input validation is essential to prevent __________ attacks that exploit application input mechanisms.

injection

Bluetooth employs encryption algorithms to protect data transmitted between devices; however, many devices still have vulnerabilities related to __________.

authentication

Device isolation refers to segregating individual devices within a __________ to limit their interaction with others.

network