Chapt 17 Flashcards

1
Q

Which component of physical security addresses outer‐level access control?

A) Fences
B) Access control vestibule
C) Multifactor authentication
D) Strong passwords

A

Fences

A. Fences are intended to delay or deter entrance into a facility. Access control vestibules are used for mid‐layer access control to prevent tailgating. Multifactor authentication is used for mid‐ and inner‐layer access control. Strong passwords are used for mid‐ and inner‐layer access control.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which type of device can detect weapons on a person entering a facility?

A) Biometrics
B) Magnetometer
C) Motion sensor
D) Badge reader

A

Magnetometer

B. A magnetometer, also known as a metal detector, can detect weapons on a person entering a facility. Biometrics are used to authenticate someone based on their face, retina, fingerprint, or some other method that biologically verifies their identity. A motion sensor is used to detect motion. A badge reader is used to scan security ID badges.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

As part of your training program, you’re trying to educate users on the importance of security. You explain to them that not every attack depends on implementing advanced technological methods. Some attacks, you explain, take advantage of human shortcomings to gain access that should otherwise be denied. Which term do you use to describe attacks of this type?

A) Social engineering
B) IDS
C) Perimeter security
D) Biometrics

A

Social engineering

A. Social engineering uses the inherent trust in the human species, as opposed to technology, to gain access to your environment. IDSs are network‐based systems that detect intrusions. Perimeter security describes physical security. Biometrics describes an authentication method based on human physical traits.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

You’re in the process of securing the IT infrastructure by adding fingerprint scanners to your existing authentication methods. This type of security is an example of which of the following?

A) Access control
B) Physical barriers
C) Biometrics
D) Softening

A

Biometrics

C. A fingerprint scanner, or any device that identifies a person by a physical trait, is considered a biometric security control. Access control is the system that controls access for users. Physical barriers are structures that limit physical access. Softening refers to weakening of security.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which type of attack denies authorized users access to network resources?

A) DoS
B) Worm
C) Trojan
D) Social engineering

A

Dos A. Although the end result of any of these attacks may be denying authorized users access to network resources, a denial‐of‐service (DoS) attack is specifically intended to prevent access to network resources by overwhelming or flooding a service or network. Worms reproduce and move throughout the network to infect other systems. Trojans are programs that enter a system or network under the guise of another program. Social engineering is a process in which an attacker attempts to acquire information about your network and system by social means, such as talking to people in the organization.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

As the security administrator for your organization, you must be aware of all types of attacks that can occur and plan for them. Which type of attack uses more than one computer to attack the victim?

A) DoS
B) DDoS
C) Worm
D) Rootkit

A

DDoS B. A distributed denial‐of‐service (DDoS) attack uses multiple computer systems to attack a server or host in the network. A denial‐of‐service (DoS) is a one‐on‐one attack to disrupt service. Worms reproduce and move throughout the network to infect other systems and therefore do not attack one victim. Rootkits are software programs that have the ability to hide themselves from the operating system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

A vice president of your company calls a meeting with the IT department after a recent trip to competitors’ sites. She reports that many of the companies she visited granted access to the operating system or applications after an employee presented a number that rotated. Of the following, which technology relies on a rotating number for users for authentication?

A) Smartcard
B) Biometrics
C) Geofencing
D) Token

A

Tokens D. Tokens are rotating numerical keys that you must physically have with you to gain access to the operating system or applications. Biometrics relies on a physical characteristic of the user to verify identity. Biometric devices typically use either a hand pattern or a retinal scan to accomplish this. Smartcards contain a private certificate key and are protected with a password. Geofencing uses your GPS coordinates to ensure that the authentication happens when you are in a defined geographic area.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

You’ve discovered that credentials to a specific application have been stolen. The application is accessed from only one computer on the network. Which type of attack is this most likely to be?

A) On‐path attack
B) Zero‐day
C) Denial‐of‐service (DoS)
D) Smurf

A

on‐path attack A. An on‐path attack intercepts data and then sends the information to the server as if nothing were wrong while collecting the information. Zero‐day attacks are attacks in which a developer has not properly patched a hole yet and is unaware of the hole. A denial‐of‐service (DoS) attack is used to disrupt legitimate requests from being answered. A smurf attack is a type of distributed denial‐of‐service (DDoS).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

A junior administrator comes to you in a panic. After looking at the log files, he has become convinced that an attacker is attempting to use a legitimate IP address to disrupt access elsewhere on the network. Which type of attack is this?

A) Spoofing
B) Social engineering
C) Worm
D) Password

A

spoofing A. A spoofing attack is an attempt by someone or something to masquerade as someone else (IP address) and is often used to disrupt access. Social engineering is a process in which an attacker attempts to acquire information about your network and system by social means, such as talking to people in the organization. Worms reproduce and move throughout the network to infect other systems. Password attacks are used in an attempt to guess passwords.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Which of the following is different from a virus in that it can reproduce itself, is self‐contained, and doesn’t need a host application to be transported?

A) Worm
B) Smurf
C) Phish
D) Trojan

A

worm A. A worm is different from a virus in that it can reproduce itself, is self‐contained, and doesn’t need a host application to be transported. A smurf attack is a type of distributed denial‐of‐service (DDoS). A phishing attack is an attempt to gain a user’s credentials to a network resource. Trojan horses are programs that enter a system or network under the guise of another program.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

A reflective attack attempts to use a broadcast ping on a network. The return address of the ping may be that of a valid system in your network. Which protocol does the reflective attack use to conduct the attack?

A) TCP
B) IP
C) UDP
D) ICMP

A

ICMP D. The reflective attack is using a broadcast ping (ICMP) on a network. The return address of the ping may be that of a valid system in your network. The Transmission Control Protocol (TCP) is not typically used with a reflective attack. The Internet Protocol (IP) is a suite of protocols and solely used with a reflective attack. The User Datagram Protocol (UDP) is not described in this reflective attack.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Which type of attack involves passing a database query with a web request?

A) Insider threat
B) Evil twin
C) SQL injection
D) Tailgating

A

SQL Injection C. A SQL injection attack is a method of passing a SQL query with a web request by using an escape code sequence. An insider threat is a threat from within your organization, such as a disgruntled employee. An evil twin attack involves a rogue access point with the same SSID as your organization. Tailgating is the act of walking behind someone who has swiped to get into an area so the attacker can gain entry.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Which is an example of an authentication method in which you have something?

A) Password
B) Key fob
C) Fingerprint
D) Place

A

key fob
B. A key fob is an example of authentication for something you have. A password is something you know. A fingerprint is something you are. A place is a geographical place in which you are.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

You need to protect your users from potentially being phished via email. Which of the following should you use to protect them?

A) Antivirus software
B) End‐user education
C) SecureDNS
D) The principle of least privilege

A

End‐user education
B. End‐user education is the best way to protect your users from the threat of phishing via email. Antivirus software is used to prevent viruses, not phishing attempts. SecureDNS can be useful in protecting your users, but not from phishing emails. The principle of least privilege assigns only the permissions that users need to do their work, and no more.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Your help desk has informed you that they received an urgent call from the vice president last night requesting his login ID and password. When you talk with the VP today, he says he never made that call. What type of attack is this?

A) Spoofing
B) Replay
C) Social engineering
D) Trojan horse

A

Social engineering
C. Spear phishing is a type of social engineering, where someone is trying to con your organization into revealing account and password information by pretending to be a high‐level person. A spoofing attack is an attempt by someone or something to masquerade as someone else, with the intent of disrupting access. A replay attack is a form of on‐path attack, where packets are replayed at a critical time. Trojan horses are programs that enter a system or network under the guise of another program.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Internal users suspect there have been repeated attempts to infect their systems, as reported to them by pop‐up messages from their antivirus software. According to the messages, the virus seems to be the same in every case. What is the most likely culprit?

A) A server is acting as a carrier for a virus.
B) A password attack is being carried out.
C) Your antivirus software has malfunctioned.
D) A DoS attack is under way.

A

A server is acting as a carrier for a virus.

A. Some viruses won’t damage a system in an attempt to spread into all the other systems in a network. These viruses use that system as the carrier of the virus. A password attack would not prompt your antivirus software to notify you. Your antivirus software could be malfunctioning, but it would not suggest the same virus is infecting you over and over again. A denial‐of‐service (DoS) attack would not prompt your antivirus to notify you.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

You’re working late one night and notice that the hard drive on your new computer is very active even though you aren’t doing anything on the computer and it isn’t connected to the Internet. What is the most likely suspect?

A) A spear phishing attack is being performed.
B) A virus is spreading in your system.
C) Your system is under a DoS attack.
D) TCP/IP hijacking is being attempted.

A

A virus is spreading in your system.

B. A symptom of many viruses is unusual activity on the system disk. The virus spreading to other files on your system causes this. A disk failure will not create high disk activity. A spear phishing attack is a social engineering attack and will not create high disk activity; neither denial‐of‐service attacks nor TCP/IP hijacking attacks will create high disk activity.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

You’re the administrator for a large bottling company. At the end of each month, you routinely view all logs and look for discrepancies. This month, your email system error log reports a large number of unsuccessful attempts to log in. It’s apparent that the email server is being targeted. Which type of attack is most likely occurring?

A) Brute‐force
B) Backdoor
C) Worm
D) TCP/IP hijacking

A

Brute‐force

A. A brute‐force attack is a type of password attack in which a password is guessed over and over until the right password is guessed. A backdoor attack is an embedded account that allows unauthorized access through an unpatched coding hole. A worm is different from a virus in that it can reproduce itself, is self‐contained, and doesn’t need a host application to be transported. A TCP/IP hijacking is an attack that attempts to redirect the TCP/IP conversation to the threat agent.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Your boss needs you to present to upper management the need for a firewall for the network. What is the thesis of your presentation?

A) The isolation of one network from another
B) The scanning of all packets for viruses
C) Preventing password attacks
D) The hardening of physical security

A

The isolation of one network from another

A. The thesis of your presentation should outline the need of a firewall to isolate the external network from the internal network. Firewalls will not scan packets for viruses. Firewalls will not prevent password attacks or harden physical security.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Which Active Directory component maps printers and drives during login?

A) Home folders
B) Organizational unit
C) Login script
D) Microsoft Management Console (MMC)

A

Login script

C. A login script is used by Active Directory during login to map drives and printers. A home folder is a private network location in which the user can store their personal files. Organizational units (OUs) are used to group computers and users so that Group Policy can be applied. The MMC is used to manage various aspects of Active Directory and the local operating system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

a ___ is used for 360-degree video surveillance

A

PTZ(pan-tilt-zoom) camera

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

which authentication method uses your fingerprint to authenticate you?

A

biometrics

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

a ____ is an architectural structure designed to act as a visual perimeter.

A

bollard

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

what type of server examines user credentials and grants them access to network resources?

A

authentication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

what can be implemented to prevent tailgating?

A

access control vestibule

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

____ devices, such as hand scanners and retinal scanners, use physical characteristics to identify the user.

A

biometric

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

a ___ is used to detect weapons when people enter into a building

A

magnetometer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

____ are security devices that you carry with you that display a randomly generated code that you can then use for authentication

A

key fob

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

what gives you access to resources, including buildings, parking lots, and computers? (it contains information about your identity and access privileges.)

A

smartcard

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

why should you disable guest accounts?

A

to increase system security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

the principle of _____ is a simple one: when assigning permissions, give users only the permissions that they need to do their work and no more.

A

least privilege

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

which two protocols does active directory use for the lookup of objects and authentication of users and computers?

A

LDAP (lightweight directory access protocol)
and Kerberos

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

_____ software is typically used with a BYOD (bring your own device) strategy.

A

MDM (mobile device management)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

which malicious software acts on behalf of a third party which, rather than self replicating, like viruses and worms, spreads to machines by users who inadvertently ask for it?

A

spyware

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

____ are software programs that have the ability to hide certain things from the operating system

A

rootkits

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

a firewall operating as a(n) ____ passes or blocks traffic to specific addresses based on the type of application.

A

packet filter

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

the act of digging in the trash in the expectation of gaining confidential information is _____

A

dumpster diving

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

if someone is so close to you when you enter a building that they are able to come in right behind you without needing to use a key, a card, or any other security device, they are said to be _____

A

tailgating

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

what is the name of film or glass add-ons that are placed over a monitor to prevent the data on the screen from being readable when viewed from the sides?

A

privacy filters

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

____ is a process in which an attacker attempts to acquire information about your network and system by social means, such as talking to people in the organization.

A

social engineering

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

_______ is a form of social engineering in which you simply ask someone for a piece of information that you are missing by making it look as if it is a legitimate request.

A

phishing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q

in ____ formatting, the drive controller chip and the drive meet for the very first time and learn to work together

A

low-level

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
43
Q

_____ involves applying a strong magnetic field to initialize the media.

A

degaussing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
44
Q

you are a security admin in your organization. you have secured the server room by establishing a badge reader on the entrance, which allows only the authenticated persons to enter, but then an unauthenticated person also entered the server room and caused some harm. the management has asked to secure the server room with a physical property that is intrinsic to an individual human body. what control should you use to secure the server room in the given scenario?

A) biometric
B) entry control roster
C) mantrap
D) digital certificate

A

biometric

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
45
Q

which of these is designed to centrally administer devices in order to assign device permissions, verify security compliance, apply updates and even monitor activity?

A) UTM
B) MDM
C) DRM
D) MMC

A

MDM mobile device management

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
46
Q

which of the following malware types converts the computer into a zombie?

A) adware
B) botnet
C) backdoor
D) rootkit

A

botnet

D incorrect - the rootkit malware compromises boot systems and core operating system functions to hide from most detection methods.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
47
Q

which of these are embedded RFID circuits that fit on a set of keys and are used with physical access control systems?

A) smartcard
B) key fobs
C) magnetometer
D) biometric

A

key fobs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
48
Q

which of the following guidelines should be followed for account management in a windows 7 computer system? choose all that apply.

A) setting time restrictions
B) changing default usernames
C) restricting user permissions
D) enabling the guest account

A

A, B, and C

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
49
Q

you have been tasked with limiting the number of users who can connect to a network printer located centrally within an office environment. which of the following tools will you use to complete this task?

A) VPN
B) ACL
C) RDP
D) LDAP

A

ACL access control list

LDAP is incorrect because it is a notwork protocol used to access network directory databases, which store info about authorized users and their privileges as well as other organizational information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
50
Q

your boss needs you to present to upper management the need for a firewall for the network. what will be the thesis of your presentation?

A) the isolation of one network from another
B) the scanning of all packets for viruses
C) the prevention of password attacks
D) the hardening of physical security

A

the isolation of one network from another

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
51
Q

which active directory component can enforce settings on a group of users or computers?

A) kerberos
B) group policy
C) login scripts
D) folder redirection

A

group policy

login scripts can set settings but cannot enforce the settings.

kerberos is an authentication protocol used with active directory

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
52
Q

you’ve discovered that credentials to a specific application have been stolen. the application is accessed from only one computer on the network. which type of attack is this most likely to be?

A) zero-day
B) on-path attack
C) smurf
D) denial-of-service

A

on-path attack - intercepts data and then sends the info to the server as if nothing were wrong while collecting the info.

zero-day attacks are attacks in which a developer has not properly patched a hole yet and is unaware of the hole.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
53
Q

which of these is a method to alert security personnel in the event of unauthorized access or a break in?

A) equipment lock
B) PIR
C) alarm system
D) cable lock

A

alarm system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
54
Q

in which of the following attacks does an attacker intercept and relay communications between two points and impersonate each party in the eyes of the other?

A) DNS hijacking
B) DDoS
C) man in the middle
D) spoofing

A

man in the middle

incorrect answers
spoofing is a technique that falsifies the origin of network communications, either to redirect responses or to trick users into thinking it come from a trustworthy source.
DDoS is a type of DoS where a single target is flooded by traffic from many individual computers, often spread across the internet.
DNS hijacking is an attack in which an attacker gives false replies to DNS requests sent by a host to redirect traffic to a malicious or fraudulent site.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
55
Q

you’ve upgraded 4 computers and would like to securely re-purpose the hard drive for later use. which of these will you do to accomplish the task?

A) drive wipe
B) degaussing
C) quick format
D) pulverizing

A

drive wipe

degaussing is used for destroying data from the hard drive and the drive itself.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
56
Q

which statement is true about MDM software?

A) it is a hierarchical collection of security objects, such as users, computers, and policies, among other components.
B) it helps organizations to protect their data on devices that are personally owned by the employees
C) it is a service that can contain many different objects, including users, computers, and printers
D) it describes classes of objects and the attributes that define each object

A

it helps the organizations to protect their data on devices that are personally owned by the employees.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
57
Q

paul, an employee, receives an email that appears to be from the CEO, asking for a report of security credentials for all users. which of the following types of attacks is most likely occurring?

A) spoofing
B) ransomware
C) logic bomb
D) spear phishing

A

spear phishing

logic bomb - a piece of code that sits dormant on a users computer until it is triggered by a specific event, such as a specific date

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
58
Q

a reflective attack attempts to use a broadcast ping on a network. the return address of the ping may be that of a valid system in your network. which protocol does the reflective attack use to conduct the attack?

A) ICMP
B) TCP
C) IP
D) UDP

A

ICMP - internet control message protocol

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
59
Q

which of the following is a technique that falsifies the origin of network communications, either to redirect or to trick users into thinking that it comes from a trustworthy source?

A) spoofing
B) denial of service
C) eavesdropping
D) brute force

A

spoofing

60
Q

you are an IT tech in your organization. when you log into your account, you press a button on your keychain and then type in the new set of numbers it displays. what digital authentication element are you using?

A) smartcard
B) biometric
C) digital certificate
D) one-time password

A

one time password - OTP - valid for a single session, so it can’t be stolen or reused.

61
Q

which of the following viruses attaches itself to legitimate programs and then creates a program with a different filename extension?

A) macro
B) boot sector
C) multipartite
D) companion

A

companion

62
Q

you need to protect your users from trojans, viruses, and phishing emails. what should you implement?

A) multifactor authentication
B) antivirus
C) antimalware
D) software firewalls

A

antimalware

63
Q

which active directory component maps printers and drives during login?

A) OU
B) home folders
C) MMC
D) login script

A

login script

64
Q

the uCorp organization is implementing some techniques of adopting best practices for its network security. which of the following practices should the organization adapt to prevent a zero-day attack on linux?

A) implement patch management
B) use scheduled disk maintenance
C) use phishing
D) use rogue antivirus

A

implement patch management

65
Q

a type of security threat that executes the command received from another computer into your computer is known as a ____.

A) logic bomb
B) botnet
C) phishing attack
D) man in the middle attack

A

botnet

66
Q

jenny, a user, needs to secure her smartphone. she has been suggested to use one of the screen locking methods. which of the following types of screen locks is he LEAST secure?

A) face recognition
B) password
C) pin
D) fingerprint

A

face recognition

67
Q

you work as a security admin in an organization. your company has recently opened its branch office in CA. you have been asked to look after the physical security at the branch office. which of the following physical controls would you implement to ensure the best security? choose all that apply.

A) educate all employees about security-related best practices
B) hire security guards to authenticate users or monitor for intrusion.
C) use CCTV or IP-based security cameras to monitor critical areas
D) use mantraps that allow only one person to pass at a time

A

B, C, and D

68
Q

which of these is responsible for the real time scanning of operating system files and the notifications to the user?

A) definitions database
B) botnet
C) worm
D) antivirus engine

A

antivirus engine

69
Q

What software helps organizations protect their data on devices that are personally owned by the employees. This software allows a secure remote wipe of the company’s data on that device.

A

Mobile device management MDM

70
Q

What uses a protocol called lightweight directory access protocol ldap to quickly look up objects?

A

Active directory

71
Q

Active directory Works in conjunction with what? Which is the protocol that performed the authentication of users

A

Kerberos

72
Q

What is a hierarchical collection of security objects, such as users, computers and policies, among other components.

A

Domain

73
Q

What enable you to group objects together so that you can apply a set of policies to the objects?

A

Organizational units OU

74
Q

What is a feature of active directory that enables you to apply policies to control users and computers?

A

Group policy

75
Q

GPO

A

Group Policy object

76
Q

GPMC

A

Group Policy Management console

77
Q

How often are Policies refreshed in the background?

A

90 minutes

78
Q

What are useful on an active directory Network for connecting network mapped drives and printers, among other administrative tasks?

A

Login Scripts

79
Q

What is a private Network location in which the user can store their personal files?

A

Home folder

80
Q

What speeds login and logout times because the entire profile is no longer downloaded and uploaded upon login and log out?

A

Folder redirection

81
Q

A ____ is a specific type of malware, the purpose of which is to multiply, infect and do harm. It is a self-replicating code that often injects its payload into documents and executables

A

Virus

82
Q

What can encrypt the hard drive or change the user password information?

A

Ransomware

83
Q

What are programs that enter a system or network under the guise of another program? Usually as an attachment or as a part of an installation program.

A

Trojan Horse

84
Q

What may reveal a trojan horse on your system?

A

Port scan

85
Q

What is a software program that can have the ability to hide certain things from the operating system?

A

Root kit

86
Q

With a _____, there may be a number of processes running on a system that do not show up in task manager, or connections that do not appear in netstat display of Active network connections that may be established or available

A

Rootkit

87
Q

What is spread to machines by users who inadvertently ask for it?

A

Spyware

88
Q

What program monitors the user’s activity and respond by offering unsolicited pop-up advertisements, gathers information about the user to pass it on to marketers, or intercepts personal data, such as credit card numbers?

A

Spyware

89
Q

What can cause your system to slow down, lose files, or Shrink disk space?

A

Virus

90
Q

What are some symptoms that your computer has a virus?

A

Programs on your system start to load more slowly

Unusual files appear on your hard drive, or file start to disappear from your system

The size of program files change

Screen or menus may change

You made mysteriously lose access to a disk drive or other system resources

91
Q

What type of virus may be written in such a way that some aspects of the programming act as a decoy to distract analysis while the actual code hides in other areas in the program?

A

Armored virus

92
Q

What type of virus loads when the computer boots and can reinfect an operating system?

A

Boot sector virus

93
Q

What can be used to identify or combat a boot sector virus?

A

Secure boot

94
Q

What is used to verify the entire boot process with digital signatures and identify any part of the boot process that has been modified?

A

Secure boot

95
Q

What virus attaches itself to legitimate programs and then creates a program with a different file name extension?

A

Companion virus

96
Q

What type of virus exploits the enhancements made to many application programs? They can infect all the documents on your system and spread to other systems via email or other methods

A

Macrovirus

97
Q

What type of virus would attempt to infect your boot sector, infect all your executable files and destroy your application files at once?

A

Multipartite

98
Q

What type of virus Alters programs and databases?

A

Phage virus

99
Q

What is the only way to remove a phage virus?

A

Reinstall all the programs that are infected. If you miss even a single instance of this virus on the system, the process will start again and reinfect the system

100
Q

What type of viruses change or mutate to avoid detection?

A

Polymorphic

101
Q

What type of virus can encrypt itself to avoid detection?

A

Polymorphic

102
Q

What is an algorithm or other element of a virus that uniquely identifies it

A

A signature

103
Q

What type of virus can directly attack your antivirus software and potentially destroy the virus definition database file?

A

Retrovirus

104
Q

What type of virus attempts to avoid detection by masking itself from applications?

A

Stealth virus

105
Q

When malware infects a computer, it’s purpose is often to lie dormant and await a command from a command and control server. When this happens the computer is considered a?

A

Zombie

106
Q

What is a group of zombies called

A

Botnet

107
Q

What is often used to launch a malicious DDOS attack or to send spam?

A

A group of zombies or a botnet

108
Q

What can reproduce itself and is self-contained and does not need a host application to be transported?

A

Worm

109
Q

What is responsible for the real-time scanning of operating system files and the notifications to the user?

A

Antivirus engine

110
Q

What type of software package will not only check the file system for threats, like root kits and trojans, but will also watch incoming email for fishing scams and malicious websites?

A

Anti-malware

111
Q

What can be used to refresh the operating system and keep all your data files or remove everything and start from scratch?

A

Windows recovery environment
WinRE

112
Q

Where can you perform a system restore?

A

Windows recovery environment

113
Q

What is the best prevention of security threats?

A

End user education

114
Q

What protects the Windows operating system from malacious worms and malicious inbound Network connections?

A

Windows Defender Firewall

115
Q

You can reset Windows using what to options?

A

The recovery console or from the settings app

116
Q

What is a process in which an attacker attempts to acquire information about your network and system by social means?

A

Social engineering

117
Q

When an attempt is made to acquire information about your network through email or instant messaging it is called?

A

Phishing

118
Q

What is a form of social engineering in which you ask someone for a piece of information that you are missing by making it look as if it is a legitimate request?

A

Phishing

119
Q

When is it called when the attacker uses information that the target would be less likely to question because it appears to be coming from a trusted source?

A

Spear phishing

120
Q

What is it called when someone watches someone else when they enter their sensitive data?

A

Shoulder surfing

121
Q

What allows the attacker to listen in on the user’s traffic and passively sniff Network traffic as it routes the traffic to the original destination?

A

Evil twin

122
Q

What is an attempt by someone or something to masquerade as someone else? It is also called an access attack

A

Spoofing

123
Q

What is it called when the media Access Control address is faked?

A

ARP spoofing or ARP poisoning

124
Q

What can send users to a website other than the one to which they wanted to to go or reroute mail?

A

DNS spoofing

125
Q

On path attack is also known as?

A

Man in the middle

126
Q

What type of attack allows the attacker to impersonate both parties involved in a network conversation, allowing the attacker to eavesdrop and manipulate the conversation without either party knowing?

A

Man in the middle or on path

127
Q

If you have access to a password hash what can be used to find the password?

A

Rainbow tables

128
Q

What is a tactic a threat agent uses to deliver a malicious script to the victim by embedding it into a legitimate web page?

A

Cross site scripting xss

129
Q

_______ happens when a device is lost or compromised in some way?

A

Data leakage

130
Q

If a malicious user has access to ______, they could possibly circumvent your security by booting a live operating system

A

Bios or UEFI

131
Q

What is the best way to prevent a user from falling victim to a drop attack?

A

Disable auto run

132
Q

What type of format can be performed on a system to completely wipe the disk clean?

A

Low level

133
Q

Why should you not perform a low level format on IDE or SCSI drives?

A

These drives are formatted at the factory and you may cause problems by using low level utilities on them

134
Q

What destruction method uses an electromagnet to destroy any magnetic media such as hard drives or a tape backup set

A

Degaussing or disk wiping

135
Q

You need to protect your users from trojans, viruses, and fishing emails. What should you implement?

A) antivirus
B) anti-malware
C) software firewalls
D) multi-factor Authentication

A

Anti-malware

Antivirus software will protect you from viruses and trojans, but not from fishing emails

136
Q

Which active directory component can enforce settings on a group of users or computers?

A) login Scripts
B) group policy
C) Kerberos
D) folder redirection

A

Group policy

Group policy is applied to OUs to enforce settings on a group of users or computers.

Kerberos is an Authentication Protocol used with active directory

137
Q

Which statement is true about the MDM software?

A) it is a hierarchical collection of security objects, such as users, computers, and policies, among other components
B) it describes classes of objects and the attributes that Define each object
C) it is a service that can contain many different objects, including users, computers, and printers
D) it helps organizations to protect their data on devices that are personally owned by the employees

A

D) It helps organizations to protect their data on devices that are personally owned by the employees

A DOMAIN is a hierarchical collection of security objects, such as users, computers, and policies, among other components

138
Q

You have discovered that credentials to a specific application have been stolen. The application is accessed from only one computer on the network. Which type of attack is this most likely to be?

A) on path attack
B) zero day
C) denial of service
D) Smurf

A

On path attack

An on path attack intercepts data and then sends the information to the server as if nothing were wrong while collecting the information

Zero day attacks are attacks in which a developer has not properly patched a hole yet and is unaware of the hole

139
Q

Which of these are embedded RFID circuits that fit on a set of keys and are used with physical address control systems?

A) key fob
B) smart card
C) biometric
D) magnetometer

A

Key fob

A smart card is the size of a credit card with an integrated circuit embedded into the card are also called an ICC integrated circuit chip

140
Q

A type of security threat that executes the command received from another computer onto your computer is known as a?

A) logic bomb
B) man in the middle attack
C) phishing attack
D) botnet

A

Botnet

141
Q

Which of the following viruses attaches itself to legitimate programs and then creates a program with a different file name extension?

A) macro
B) companion
C) multi-partite
D) boot sector

A

Companion

A macro virus exploits the enhancements made to many application programs. Programmers can expand the capability of applications such as Microsoft Word in Excel

A multi-partite virus attacks the system and multiple ways. It may attempt to infect the boot sector, infect all the executable files, and destroy the application files

A boot sector virus infects the master boot record of a hard disk or floppy disk. This type of virus loads when the computer boots and can reinfect an operating system

142
Q

Which of the following is different from a virus and that it can reproduce itself, is self-contained, and doesn’t need a host application to be transported?

A) Trojan
B) worm
C) smurf
D) phish

A

Worm

143
Q

A reflective attack attempts to use a broadcast Ping On A network. The return address of the Ping may be that of a valid system in your network. Which protocol does the reflective attack use to conduct the attack?

A) UDP
B) IP
C) TCP
D) ICMP

A

ICMP

144
Q

The organization you work for is implementing some techniques of adopting best practices for its Network security. Which of the following practices should the organization adapt to prevent a zero day attack on linux?

A) use fishing
B) use Rogue antivirus
C) Implement patch management
D) use scheduled disc maintenance

A

Implement patch management

145
Q

Which of these is designed to centrally administer devices in order to assign device permissions comma verify security compliance comma flight updates comma and monitor activity?

A) UTM
B) MMC
C) DRM
D) MDM

A

MDM

146
Q

Which of the following malware types converts the computer into a zombie?

A) botnet
B) back door
C) root kit
D) adware

A

Botnet

To the computer user, the zombie might appear normal or unusually slow

147
Q

An employee receives an email that appears to be from the ceo, asking for a report of security credentials for all users. Which of the following types of attacks is most likely occurring?

A) spoofing
B) spearphishing
C) logic bomb
D) ransomware

A

Spear phishing