Boot, OS, & System Security
The most secure server boot verification mechanism.
What is measured boot?
Slowly injecting misleading data into a system is this attack.
What is data poisoning?
Tool used to apply on-prem security policies to cloud services.
What is a CASB (Cloud Access Security Broker)?
Before running a vulnerability scan, IDS/IPS should be configured to treat scanner traffic as this.
What is low-priority scanner events?
This report section explains the purpose of the vulnerability assessment and compliance needs.
What is the Background and Context section?
This starts the chain of trust in boot security.
What is hardware verification?
Accessing unauthorized files due to insecure permissions is this attack.
What is directory traversal?
Cloud apps often need protection due to weaknesses in these interfaces.
What are insecure APIs or interfaces?
A scan including a port scan and identification of responding software is this type.
What is a noncredentialed scan?
Compliance laws relating to electronic protected health information fall under this.
What is HIPAA?
Malware that survives OS reinstallation may require this fix.
What is updating UEFI firmware?
Zero-day attacks fall under this Johari window category.
What are unknown knowns?
Best approach for improving app security and quality in development.
What is adopting the SDLC (Software Development Life Cycle)?
Organizations with rotating mobile device checks often use this pair of scan types.
What are agent-based and agentless scans?
Presenting evidence with a mismatched serial number may cause this outcome.
What is the case being thrown out?
A 3 TB hard drive won’t boot after replacing a 500 GB hard drive because the system uses this older technology.
What is BIOS?
Storage decreases during the week then resets on weekends—likely due to this.
What is data exfiltration?
Alternative to UBA (User Behavior Analytics) agents that attackers can disable.
What is service-defined protection?
To target specific files in a vulnerability scan, configure this scan setting.
What is the data types configuration?
Delayed disclosure may cause customers to act on rumors—this issue.
What is misinformation?
A user logging into Linux as root despite being a standard user is often due to this Windows-based role.
What is being a Windows administrator?
Enabling port mirroring without approval most likely indicates this threat type.
What is an insider threat acting for an external attacker?
Implementing CI, CD, and CDE represents this major secure development practice area.
What is secure development best practices?
Honeypots + IOA analysis + situational assumptions equals this threat hunting type.
What is hybrid threat hunting?
To shorten the time between detecting and neutralizing an attack, organizations focus on this metric.
What is MTTC (Mean Time to Contain)?