Chapt 18 Flashcards
Which policy would you create to define the minimum specification if an employee wanted to use their own device for email?
A) MDM
B) AUP
C) BYOD
D) NDA
BYOD
C. A bring your own device (BYOD) policy defines the minimum specifications for an employee’s device used for work‐related access. The mobile device management (MDM) software would usually police these specifications, but it would not define them. The acceptable use policy (AUP) is a code of conduct when dealing with organization resources. The nondisclosure agreement (NDA) is an agreement used when dealing with intellectual property.
Which term refers to copying data between a mobile device and a computer system in order to mirror such things as contacts, programs, pictures, and music?
A) Calibration
B) Remote wipe
C) Pairing
D) Synchronization
Synchronization
D. Synchronizing a mobile device with a computer system allows you to mirror personal data between the devices, regardless of which one contains the most current data. Calibration refers to matching the device’s and user’s perceptions of where the user is touching the screen. Remote wipes allow you to remove personal data from a lost or stolen device. Pairing is what must be done in Bluetooth for two Bluetooth devices to connect and communicate.
You want to follow the rules of good security administration as set by CompTIA and vendors. To do so, which account should be disabled on most Windows operating systems for security reasons?
A) Guest
B) Print Operators
C) Power Users
D) Userone
Guest
A. The Guest account should be disabled on the operating system, unless there is good reason to leave the account enabled. Print Operators is a group found on Windows servers. Power Users is a group found on both Windows workstations and servers. Userone is obviously a user account. Unless the user has left the organization, there should be no reason to disable the account.
What kind of mobile app is being used when the owner’s phone displays a message on the screen and emits an extremely loud tone?
A) Failed login restriction
B) Antivirus
C) Locator
D) Remote wipe
Locator
C. Locator apps can find the phone and then display a message that can be read even while the phone is locked. Locator apps also often give the user the option to make the phone blare a noise to aid in finding the device. Failed login restrictions will wipe a device if a specific number of wrong passwords are entered. Antivirus apps make sure that your phone does not get a virus, but they offer no way to message or locate the device. Remotely wiping a mobile device is a feature of locator apps, but it is not itself an app that displays messages and produces noises.
As a best practice, after a set period of inactivity on a Windows workstation, what should happen?
A) The system should shut down.
B) The system should restart.
C) A password‐enabled screensaver should automatically start.
D) The system should log out the user.
password‐enabled screensaver
C. A screensaver should automatically start after a short period of idle time, and that screensaver should require a password before the user can begin the session again. The system should neither shut down nor restart, since work could still be open. For the same reason, the system should not log out the user.
A new app developed for the Android platform has which extension?
A) .sdk
B) .apk
C) .ipa
D) .exe
apk
B. Android apps have an .apk (Android Package Kit) extension. Apps are developed with a software development kit (SDK), but .sdk is not a valid extension. Apple iOS apps use an .ipa (iOS App Store Package) extension. Only the Windows desktop operating system can execute .exe files.
Which of the following has the goal of allowing a username/password combination to be entered once and then allowing claims to be used for consecutive logins? (Choose the best answer.)
A) Tokens
B) Kerberos
C) Single sign‐on
D) Multifactor authentication
single sign‐on
C. The goal of single sign‐on (SSO) is to allow a username/password combination. Once the combination is entered, claims are used to access additional resources. Tokens are given to the operating system after a user successfully logs in; they allow a user to access rights on the operating system. Kerberos is used (along with Active Directory) to authenticate a user on the Windows operating system. Multifactor authentication is the use of two or more factors to authenticate a user.
Which of these is a password manager?
A) Edge
B) Credential Manager
C) Internet Explorer 11
D) Active Directory
Credential Manager
B. The Windows Credential Manager is a password manager that is built into the operating system of Windows. Edge and Internet Explorer 11 work in conjunction with the Credential Manager, but they are not password managers. Active Directory is used to authenticate domain users, but it does not manage passwords for end users.
You have a very small network in a home‐based office, and you want to limit network access to only those hosts that you physically own. What should you utilize to make this possible?
A) Static IP addresses
B) Disabled DNS
C) Default subnet mask
D) Empty default gateway
Static IP addresses
A. The advantage to assigning the IP addresses statically is that you can make certain which host is associated with which IP address, and then use filtering to limit network access to only those hosts. Disabling DNS will limit all hosts on a network from getting to the Internet and will not limit network access. A default subnet mask will not limit network access and will cause other problems. An empty default gateway will not limit network access.
Which wireless encryption protocol provides Advanced Encryption Standard (AES) encryption?
A) Wired Equivalent Privacy (WEP)
B) Wi‐Fi Protected Access (WPA)
C) Wi‐Fi Protected Access 2 (WPA2)
D) Temporal Key Integrity Protocol (TKIP)
WPA2
C. Wi‐Fi Protected Access 2 (WPA2) offers the Advanced Encryption Standard (AES) for encrypting wireless communications. Wired Equivalent Privacy (WEP) offers weak 64‐ or 128‐bit encryption. Wi‐Fi Protected Access (WPA) uses the RC4 encryption algorithm. Temporal Key Integrity Protocol (TKIP) is a part of the WPA encryption protocol.
Which type of add‐on will extend the functionality of the web browser in a way it wasn’t originally designed?
A) Pop‐up blocker
B) Extensions
C) Plug‐in
D) Ad blocker
Extensions
B. An extension is a type of add‐on that will extend the functionality of the web browser in a way it was never originally designed. A pop‐up blocker changes the way a web page is rendered. A plug‐in changes the way a web page is rendered. An ad blocker also changes the way a web page is rendered.
What is normally performed when an employee is offboarded?
A) Their user account is deleted.
B) Their user account is unlocked.
C) Their user account is created.
D) Their user account’s password is reset.
Their user account is deleted.
A. When an employee is offboarded, their user account is deleted or disabled. A user account is not created, nor is its password reset, during the offboarding process. A user account normally is created during the onboarding process.
By default, when setting up an Android device, why do you need a Google account?
A) The device requires email setup.
B) The account is used for cloud synchronizations.
C) The account is used for desktop backups.
D) The device requires registration.
account is used for cloud synchronizations.
B. By default, a Google account is required on Android devices; it is used to synchronize data and app purchases to the cloud. The device does not require email to be set up, but the account can be used for the setup. The account is not used for desktop backups. The device does not require registration.
You need to secure your mobile device’s lock screen with the highest level of protection. Which of the following should you use? (Choose the best answer.)
A) Fingerprint lock
B) Face lock
C) Passcode lock
D) Swipe lock
Fingerprint
A. Fingerprint locks are the most secure of all the lock methods, since fingerprints are hard to duplicate. Face locks have a high number of false positives, which can be used to gain access to the phone. Passcode locks can be cracked or shoulder surfed. Swipe locks are not really locks; they just allow the screen to be opened with a swipe.
You need to encrypt a single file on a Windows desktop. Which technology should you use?
A) EFS
B) BitLocker
C) NTFS
D) BitLocker to Go
EFS
A. The Encrypted File System (EFS) is a functionality of the Windows NTFS filesystem. EFS can encrypt individual files and folders. BitLocker is a full‐device encryption technology. NTFS is a filesystem that supports encryption and security, among other functionality. BitLocker to Go is used for full‐device encryption of removable drives.
A user is in both the Sales group and the Marketing group. The Sales group has full permission at the share level, and the Marketing group has Read‐only permission. The files on NTFS are secured with the Modify permission for the Sales group and the Read & Execute permission for the Marketing group. Which permissions will the user have?
A) Full
B) Modify
C) Read‐only
D) Read & Execute
Modify
B. Because the user is in both groups and the Sales group has full share permissions and the Sales group has modify NTFS permissions, the most restrictive of the two is Modify, so that will be the effective permission for the user. All of the other answers are incorrect.
James just moved a folder on the same partition. What will happen with the permissions for the folder?
A) The permissions will be the same as they were before the move.
B) The permissions will be inherited from the new parent folder.
C) The permissions will be configured as the root folder for the drive letter.
D) The permissions will be blank until configured.
permissions will be the same
A. The permissions will be the same as before the move, since you are just moving the files and not creating a new entity. The permissions will not be inherited from the parent folder. The permissions will not be configured the same as the root folder. The permissions will not be blank.
A user is in the Sales group. The Sales group has no permissions at the share level. The files on NTFS are secured with the Modify permission for the Sales group. What permissions will the user have?
A) The user will have the Modify permission when connecting from the network.
B) The user will have the Modify permission when logged in locally to the computer.
C) The user will have no access when logged in locally to the computer.
D) The user will have Read‐only permissions when connecting from the network.
B. The user will have only the Modify permission when logged in locally to the computer, since the filesystem is not shared with the appropriate permissions. The user will not have the Modify permission when connecting from the network. The user will still have the Modify permission when logged in locally, because of the NTFS permissions. The user will not have read‐only permissions when connecting from the network.
You are trying to delete a file on the local filesystem, but the operating system will not let you. What could be the problem? (Choose the best answer.)
A) The NTFS Modify permission is applied to the file.
B) The share permissions are not set to Full Control.
C) The file attributes are set to Read‐only.
D) The file attributes are set to System.
The file attributes are set to Read‐only.
C. The file attributes are most likely set to Read‐only, and thus you are not permitted to delete the file. The Modify permission would not hinder the file from being deleted. The share permissions would not have any bearing on the problem, since the local filesystem is being accessed. The file attributes being set to System would not restrict a file from being deleted.
You need to enforce profile security requirements on mobile devices. Which should you use to achieve this goal?
A) AUP
B) NDA
C) BYOD
D) MDM
MDM
D. Mobile device management (MDM) software enables you to enforce profile security requirements on mobile devices. The acceptable use policy (AUP) is a code of ethics your users should follow when dealing with organizational resources. A nondisclosure agreement (NDA) is an agreement between an employee and the organization to protect intellectual property. A bring your own device (BYOD) policy explains how devices should be secured but provides no enforcement.
copying data, such as contacts, photos, and music between a computer and a mobile device is referred to as what?
synchronization
the ____ feature of windows allows you to use drive encryption to protect files, including those needed for startup and logon
bit locker
mobile devices use fingerprints and facial recognition for what type of authentication?
biometric
why should you disable guest accounts?
to increase system security
which encryption technology requires a TPM(trusted platform module)?
bitlocker
______ allows for individual files to be encrypted
EFS (encrypted file system)
what are two locations to which you can sync an iPhone?
icloud or itunes
the ___ filesystem provides file-level security and encryption
NTFS
the ____ attribute is used by backup programs.
archive
the ____ is the local authentication database for windows operating systems
SAM (security account manager)
a ____ is an add-on that changes the way a web page is rendered in the web browser
plug-in
_____ mode allows browsing the internet without storing browser data.
private browsing
the ____ stores username and passwords for Microsoft edge
credential manager
the _____ wireless frequency only has 3 nonoverlapping channels
2.4 Gz
you can disable SSID ____ to hide a wireless SSID
broadcasting
the ___ wireless encryption standard replaces PSK (pre-shared key) with a higher level of security
WPA 3
what is a valid reason for keeping firmware updated?
to patch security holes that may be found
a _____ creates a subnetwork that faces both the public and the private network.
screened subnet
apps developed for iOS will have a(n) ____ extension, and android apps will have a(n) ____ extension
.ipa and .apk
for android devices, ____ is an application that performs some of the same functions as Apple’s Find My iPhone
Find My Device
_____ uses a front facing camera and biometrics to unlock your phone.
face lock
a ____ policy defines a set of requirements for the device’s use in the workplace
BYOD (bring your own device)
which encryption technology allow for the transport of file via encrypted removable drive?
bitlocker to go
a user has created a file in the NTFS folder with the modify permission. which of these actions are allowed with this permission?
A) read, write, and delete
B) read and write
C) read and run
D) only read
read, write and delete
by default, which of the following is a wireless connection method that allows the connection of an iPhone to a computer for synchronization?
A) USB
B) Wi-Fi
C) Bluetooth
D) Ethernet
wifi
james, a security analyst, is hardening an authentication server. one of the primary requirements is to ensure that there is SSO on the server. which of the following technologies should he configure to fulfill the requirement in the given scenario?
A) kerberos
B) SSH
C) LDAP
D) telnet
kerberos - it is an authentication service that is based on a time-sensitive ticket-granting system.
which of these is not a share permission?
A) read
B) change
C) modify
D) full control
modify
read, full control and change and share permissions
which cypher is used by the WPA encryption standard to encrypt network traffic?
A) AES
B) RC4
C) TKIP
D) CCMP
TKIP
RC4 - used by WEP
AES - used by WPA2
CCMP - is a replacement for TKIP and uses the AES cipher
which protocol is used in conjunction with active directory for claims-based authentication for users?
A) LDAP
B) kerberos
C) single sign on
D) EFS
single sign on
what is the publisher of the key pair called?
A) certificate directory
B) certificate service
C) certificate authorization
D) certificate authority
certificate authority
which of these supports the principle of least privilege by logging an administrator with minimal permissions?
A) UAC
B) DAC
C) DAV
D) UAV
UAC - user account control
you have a phone and you need to prevent pocket dialing someone by accident. which of the following screen locks will help you in the given scenario?
A) pattern lock
B) swipe lock
C) PIN lock
D) face lock
swipe lock - used to prevent pocket dialing by accident
using a smartcard is an example of what type of authentication?
A) single factor
B) active directory
C) multifactor
D) RADIUS
multifactor - smartcards are an example of multifactor authentication because you must have the smartcard and know the passphrase that secures the credentials stored on the card.
what is primarily used to segregate network traffic, optimize network speed, and permanently assign a network path for a specific protocol or network service?
A) demilitarized zone
B) NIDS
C) port forwarding
D) NAT
port forwarding
which of the following authentication systems is used as the authentication back end for wifi networks that are using the WPA Enterprise security?
A) LDAP
B) RADIUS
C) Kerberos
D) 802.1X
RADIUS - it authenticates users when they attempt to connect to the network and is designed for dial up connections to private LANs.
which of these is a network protocol that allows for automatic configuration of port forwarding?
A) UPnP
B) content filtering
C) DHCP
D) MAC address filtering
UPnP - universal plug and play
which of these contains the login information for a user, including their groups and privileges?
A) single sign on
B) kerberos
C) access tokens
D) multifactor authentication
access tokens
kerberos - the authentication protocol used with active directory
SSO - a claims based authentication method
Multifactor Authentication - requires two or more factors for authentication.
which user group exists on windows but has no special privileges and can be customized to make a general set of privileged user permissions?
A) guests
B) users
C) administrators
D) power users
power users - have privileges beyond that of an ordinary user but less than that of an administrator.
which of these is a cryptographic suite of protocols that use PKI to provide secure data transfer?
A) SSH
B) SSL
C) IPSec
D) ARP
SSL - secure sockets layer is a crypto suite of protocols that use PKI (public key infrastructure) to provide secure data transfer.
which of the following statements is true about IP filtering?
A) it helps secure the external network from another external network
B) it helps secure the internal network from another internal network
C) it helps secure the internal network from an external network
D) it helps secure the external network from an internal network
it helps secure the internal network from an external network
IP filtering = firewall rules
which of these can be used as the main authentication method for the microsoft implementation of a RADIUS server called NPS?
A) TACACS+
B) RADIUS
C) Kerberos
D) Multifactor Authentication
kerberos
which of these is mainly used for authentication of users on routers and switches to allow management access?
A) TACACS+
B) Kerberos
C) multifactor authentication
D) RADIUS
TACACS+ - also used to authenticate users connecting to wireless access points via a centralized database.
permissions on remote folders are governed by which of the following ?
A) NTFS only
B) share permissions only
C) NTFS permissions, unless share permissions are set
D) NTFS and share permissions
NTFS and share permissions
a user is in both the sales group and the marketing group. the sales group has full permission at the share level and the marketing group has read-only permissions. the files on NTFS are secured with the modify permission for the sales group and the read and execute permission for the marketing group. which permissions will the user have?
A) modify
B) full
C) read and execute
D) read only
modify
which type of addon will extend the functionality of the web browser in a way it wasn’t originally designed?
A) ad blocker
B) pop-up blocker
C) extensions
D) plug-in
extensions
A,B,D change the way a web page is rendered
you need to enforce profile security requirements on mobile devices. which of these should you use to achieve this goal?
A) AUP
B) MDM
C) BYOD
D) NDA
MDM - mobile device management
Intune is an example of what type of software?
MDM mobile device management
Every Windows operating system has a local database and authentication system called the?
Security account manager SAM
What authenticates by using claims?
Single sign On SSO
When you _____ a file it will have the permissions signed to it that are already in place at the new location of the file, regardless of which permissions were on the original file
Copy
If you _____ a file it will attempt to keep the same permissions as it had in the original location
Move
Administrative Shares are automatically created on all Windows operating systems on the network for administrative purposes these shares have what distinguishing characteristic?
They always end with a dollar sign to make them hidden
What type of scan is used to remove malware that is difficult to remove while the operating system is running?
Microsoft Defender offline scan
Which version of Windows is BitLocker not included with?
Home and education
What uses certificates to encrypt data on windows?
EFS encrypting file system
What extend the functionality of the web browser in a way that was not originally conceived when it was designed?
Extensions
What changed the way a web page is rendered on the web browser?
Plugins
What is a cryptographic suite of protocols that use public key infrastructure pki to provide secure data transfer?
SSL
To retrieve the latest copy of a web page and its assets so that you can verify how it is rendered you would do?
Clear your web browser’s cache
The private browsing mode on the edge browser is called?
In private
The private browsing mode on the Chrome browser is called?
Incognito mode
What type of encryption provides a 64 or 128-bit encryption via the shared passphrase?
WEP wired equivalent privacy
What uses tkip?
WPA Wi-Fi protected access
802.11i is also known as?
WPA2
How many 2.4 GHz channels are able to be used in america?
11
What is commonly used for authentication of virtual private networks, Wireless Systems and any network system that requires a common Authentication system?
Radius
RADIUS operates on what port?
1812, 1813
What is mainly used for authentication of users on routers and switches to allow management access?
TACACS+
What is used (along with Active Directory) to authenticate a user on the Windows operating system?
Kerberos
