Chapt 18 Flashcards

Question 1

Q

Which policy would you create to define the minimum specification if an employee wanted to use their own device for email?

A) MDM
B) AUP
C) BYOD
D) NDA

Answer

A

BYOD
C. A bring your own device (BYOD) policy defines the minimum specifications for an employee’s device used for work‐related access. The mobile device management (MDM) software would usually police these specifications, but it would not define them. The acceptable use policy (AUP) is a code of conduct when dealing with organization resources. The nondisclosure agreement (NDA) is an agreement used when dealing with intellectual property.

Question 2

Q

Which term refers to copying data between a mobile device and a computer system in order to mirror such things as contacts, programs, pictures, and music?

A) Calibration
B) Remote wipe
C) Pairing
D) Synchronization

Answer

A

Synchronization
D. Synchronizing a mobile device with a computer system allows you to mirror personal data between the devices, regardless of which one contains the most current data. Calibration refers to matching the device’s and user’s perceptions of where the user is touching the screen. Remote wipes allow you to remove personal data from a lost or stolen device. Pairing is what must be done in Bluetooth for two Bluetooth devices to connect and communicate.

Question 3

Q

You want to follow the rules of good security administration as set by CompTIA and vendors. To do so, which account should be disabled on most Windows operating systems for security reasons?

A) Guest
B) Print Operators
C) Power Users
D) Userone

Answer

A

Guest
A. The Guest account should be disabled on the operating system, unless there is good reason to leave the account enabled. Print Operators is a group found on Windows servers. Power Users is a group found on both Windows workstations and servers. Userone is obviously a user account. Unless the user has left the organization, there should be no reason to disable the account.

Question 4

Q

What kind of mobile app is being used when the owner’s phone displays a message on the screen and emits an extremely loud tone?

A) Failed login restriction
B) Antivirus
C) Locator
D) Remote wipe

Answer

A

Locator
C. Locator apps can find the phone and then display a message that can be read even while the phone is locked. Locator apps also often give the user the option to make the phone blare a noise to aid in finding the device. Failed login restrictions will wipe a device if a specific number of wrong passwords are entered. Antivirus apps make sure that your phone does not get a virus, but they offer no way to message or locate the device. Remotely wiping a mobile device is a feature of locator apps, but it is not itself an app that displays messages and produces noises.

Question 5

Q

As a best practice, after a set period of inactivity on a Windows workstation, what should happen?

A) The system should shut down.
B) The system should restart.
C) A password‐enabled screensaver should automatically start.
D) The system should log out the user.

Answer

A

password‐enabled screensaver
C. A screensaver should automatically start after a short period of idle time, and that screensaver should require a password before the user can begin the session again. The system should neither shut down nor restart, since work could still be open. For the same reason, the system should not log out the user.

Question 6

Q

A new app developed for the Android platform has which extension?

A) .sdk
B) .apk
C) .ipa
D) .exe

Answer

A

apk
B. Android apps have an .apk (Android Package Kit) extension. Apps are developed with a software development kit (SDK), but .sdk is not a valid extension. Apple iOS apps use an .ipa (iOS App Store Package) extension. Only the Windows desktop operating system can execute .exe files.

Question 7

Q

Which of the following has the goal of allowing a username/password combination to be entered once and then allowing claims to be used for consecutive logins? (Choose the best answer.)

A) Tokens
B) Kerberos
C) Single sign‐on
D) Multifactor authentication

Answer

A

single sign‐on
C. The goal of single sign‐on (SSO) is to allow a username/password combination. Once the combination is entered, claims are used to access additional resources. Tokens are given to the operating system after a user successfully logs in; they allow a user to access rights on the operating system. Kerberos is used (along with Active Directory) to authenticate a user on the Windows operating system. Multifactor authentication is the use of two or more factors to authenticate a user.

Question 8

Q

Which of these is a password manager?

A) Edge
B) Credential Manager
C) Internet Explorer 11
D) Active Directory

Answer

A

Credential Manager
B. The Windows Credential Manager is a password manager that is built into the operating system of Windows. Edge and Internet Explorer 11 work in conjunction with the Credential Manager, but they are not password managers. Active Directory is used to authenticate domain users, but it does not manage passwords for end users.

Question 9

Q

You have a very small network in a home‐based office, and you want to limit network access to only those hosts that you physically own. What should you utilize to make this possible?

A) Static IP addresses
B) Disabled DNS
C) Default subnet mask
D) Empty default gateway

Answer

A

Static IP addresses
A. The advantage to assigning the IP addresses statically is that you can make certain which host is associated with which IP address, and then use filtering to limit network access to only those hosts. Disabling DNS will limit all hosts on a network from getting to the Internet and will not limit network access. A default subnet mask will not limit network access and will cause other problems. An empty default gateway will not limit network access.

Question 10

Q

Which wireless encryption protocol provides Advanced Encryption Standard (AES) encryption?

A) Wired Equivalent Privacy (WEP)
B) Wi‐Fi Protected Access (WPA)
C) Wi‐Fi Protected Access 2 (WPA2)
D) Temporal Key Integrity Protocol (TKIP)

Answer

A

WPA2
C. Wi‐Fi Protected Access 2 (WPA2) offers the Advanced Encryption Standard (AES) for encrypting wireless communications. Wired Equivalent Privacy (WEP) offers weak 64‐ or 128‐bit encryption. Wi‐Fi Protected Access (WPA) uses the RC4 encryption algorithm. Temporal Key Integrity Protocol (TKIP) is a part of the WPA encryption protocol.

Question 11

Q

Which type of add‐on will extend the functionality of the web browser in a way it wasn’t originally designed?

A) Pop‐up blocker
B) Extensions
C) Plug‐in
D) Ad blocker

Answer

A

Extensions
B. An extension is a type of add‐on that will extend the functionality of the web browser in a way it was never originally designed. A pop‐up blocker changes the way a web page is rendered. A plug‐in changes the way a web page is rendered. An ad blocker also changes the way a web page is rendered.

Question 12

Q

What is normally performed when an employee is offboarded?

A) Their user account is deleted.
B) Their user account is unlocked.
C) Their user account is created.
D) Their user account’s password is reset.

Answer

A

Their user account is deleted.
A. When an employee is offboarded, their user account is deleted or disabled. A user account is not created, nor is its password reset, during the offboarding process. A user account normally is created during the onboarding process.

Question 13

Q

By default, when setting up an Android device, why do you need a Google account?

A) The device requires email setup.
B) The account is used for cloud synchronizations.
C) The account is used for desktop backups.
D) The device requires registration.

Answer

A

account is used for cloud synchronizations.
B. By default, a Google account is required on Android devices; it is used to synchronize data and app purchases to the cloud. The device does not require email to be set up, but the account can be used for the setup. The account is not used for desktop backups. The device does not require registration.

Question 14

Q

You need to secure your mobile device’s lock screen with the highest level of protection. Which of the following should you use? (Choose the best answer.)

A) Fingerprint lock
B) Face lock
C) Passcode lock
D) Swipe lock

Answer

A

Fingerprint
A. Fingerprint locks are the most secure of all the lock methods, since fingerprints are hard to duplicate. Face locks have a high number of false positives, which can be used to gain access to the phone. Passcode locks can be cracked or shoulder surfed. Swipe locks are not really locks; they just allow the screen to be opened with a swipe.

Question 15

Q

You need to encrypt a single file on a Windows desktop. Which technology should you use?

A) EFS
B) BitLocker
C) NTFS
D) BitLocker to Go

Answer

A

EFS
A. The Encrypted File System (EFS) is a functionality of the Windows NTFS filesystem. EFS can encrypt individual files and folders. BitLocker is a full‐device encryption technology. NTFS is a filesystem that supports encryption and security, among other functionality. BitLocker to Go is used for full‐device encryption of removable drives.

Question 16

Q

A user is in both the Sales group and the Marketing group. The Sales group has full permission at the share level, and the Marketing group has Read‐only permission. The files on NTFS are secured with the Modify permission for the Sales group and the Read & Execute permission for the Marketing group. Which permissions will the user have?

A) Full
B) Modify
C) Read‐only
D) Read & Execute

Answer

A

Modify
B. Because the user is in both groups and the Sales group has full share permissions and the Sales group has modify NTFS permissions, the most restrictive of the two is Modify, so that will be the effective permission for the user. All of the other answers are incorrect.

Question 17

Q

James just moved a folder on the same partition. What will happen with the permissions for the folder?

A) The permissions will be the same as they were before the move.
B) The permissions will be inherited from the new parent folder.
C) The permissions will be configured as the root folder for the drive letter.
D) The permissions will be blank until configured.

Answer

A

permissions will be the same
A. The permissions will be the same as before the move, since you are just moving the files and not creating a new entity. The permissions will not be inherited from the parent folder. The permissions will not be configured the same as the root folder. The permissions will not be blank.

Question 18

Q

A user is in the Sales group. The Sales group has no permissions at the share level. The files on NTFS are secured with the Modify permission for the Sales group. What permissions will the user have?

A) The user will have the Modify permission when connecting from the network.
B) The user will have the Modify permission when logged in locally to the computer.
C) The user will have no access when logged in locally to the computer.
D) The user will have Read‐only permissions when connecting from the network.

Answer

A

B. The user will have only the Modify permission when logged in locally to the computer, since the filesystem is not shared with the appropriate permissions. The user will not have the Modify permission when connecting from the network. The user will still have the Modify permission when logged in locally, because of the NTFS permissions. The user will not have read‐only permissions when connecting from the network.

Question 19

Q

You are trying to delete a file on the local filesystem, but the operating system will not let you. What could be the problem? (Choose the best answer.)

A) The NTFS Modify permission is applied to the file.
B) The share permissions are not set to Full Control.
C) The file attributes are set to Read‐only.
D) The file attributes are set to System.

Answer

A

The file attributes are set to Read‐only.

C. The file attributes are most likely set to Read‐only, and thus you are not permitted to delete the file. The Modify permission would not hinder the file from being deleted. The share permissions would not have any bearing on the problem, since the local filesystem is being accessed. The file attributes being set to System would not restrict a file from being deleted.

Question 20

Q

You need to enforce profile security requirements on mobile devices. Which should you use to achieve this goal?

A) AUP
B) NDA
C) BYOD
D) MDM

Answer

A

MDM

D. Mobile device management (MDM) software enables you to enforce profile security requirements on mobile devices. The acceptable use policy (AUP) is a code of ethics your users should follow when dealing with organizational resources. A nondisclosure agreement (NDA) is an agreement between an employee and the organization to protect intellectual property. A bring your own device (BYOD) policy explains how devices should be secured but provides no enforcement.

Question 21

Q

copying data, such as contacts, photos, and music between a computer and a mobile device is referred to as what?

Answer

A

synchronization

Question 22

Q

the ____ feature of windows allows you to use drive encryption to protect files, including those needed for startup and logon

Answer

A

bit locker

Question 23

Q

mobile devices use fingerprints and facial recognition for what type of authentication?

Answer

A

biometric

Question 24

Q

why should you disable guest accounts?

Answer

A

to increase system security

Question 25

Q

which encryption technology requires a TPM(trusted platform module)?

Answer

A

bitlocker

Question 26

Q

______ allows for individual files to be encrypted

Answer

A

EFS (encrypted file system)

Question 27

Q

what are two locations to which you can sync an iPhone?

Answer

A

icloud or itunes

Question 28

Q

the ___ filesystem provides file-level security and encryption

Question 29

Q

the ____ attribute is used by backup programs.

Question 30

Q

the ____ is the local authentication database for windows operating systems

Answer

A

SAM (security account manager)

Question 31

Q

a ____ is an add-on that changes the way a web page is rendered in the web browser

Question 32

Q

_____ mode allows browsing the internet without storing browser data.

Answer

A

private browsing

Question 33

Q

the ____ stores username and passwords for Microsoft edge

Answer

A

credential manager

Question 34

Q

the _____ wireless frequency only has 3 nonoverlapping channels

Question 35

Q

you can disable SSID ____ to hide a wireless SSID

Answer

A

broadcasting

Question 36

Q

the ___ wireless encryption standard replaces PSK (pre-shared key) with a higher level of security

Question 37

Q

what is a valid reason for keeping firmware updated?

Answer

A

to patch security holes that may be found

Question 38

Q

a _____ creates a subnetwork that faces both the public and the private network.

Answer

A

screened subnet

Question 39

Q

apps developed for iOS will have a(n) ____ extension, and android apps will have a(n) ____ extension

Answer

A

.ipa and .apk

Question 40

Q

for android devices, ____ is an application that performs some of the same functions as Apple’s Find My iPhone

Answer

A

Find My Device

Question 41

Q

_____ uses a front facing camera and biometrics to unlock your phone.

Answer

A

face lock

Question 42

Q

a ____ policy defines a set of requirements for the device’s use in the workplace

Answer

A

BYOD (bring your own device)

Question 43

Q

which encryption technology allow for the transport of file via encrypted removable drive?

Answer

A

bitlocker to go

Question 44

Q

a user has created a file in the NTFS folder with the modify permission. which of these actions are allowed with this permission?

A) read, write, and delete
B) read and write
C) read and run
D) only read

Answer

A

read, write and delete

Question 45

Q

by default, which of the following is a wireless connection method that allows the connection of an iPhone to a computer for synchronization?

A) USB
B) Wi-Fi
C) Bluetooth
D) Ethernet

Question 46

Q

james, a security analyst, is hardening an authentication server. one of the primary requirements is to ensure that there is SSO on the server. which of the following technologies should he configure to fulfill the requirement in the given scenario?

A) kerberos
B) SSH
C) LDAP
D) telnet

Answer

A

kerberos - it is an authentication service that is based on a time-sensitive ticket-granting system.

Question 47

Q

which of these is not a share permission?

A) read
B) change
C) modify
D) full control

Answer

A

modify

read, full control and change and share permissions

Question 48

Q

which cypher is used by the WPA encryption standard to encrypt network traffic?

A) AES
B) RC4
C) TKIP
D) CCMP

Answer

A

TKIP

RC4 - used by WEP
AES - used by WPA2
CCMP - is a replacement for TKIP and uses the AES cipher

Question 49

Q

which protocol is used in conjunction with active directory for claims-based authentication for users?

A) LDAP
B) kerberos
C) single sign on
D) EFS

Answer

A

single sign on

Question 50

Q

what is the publisher of the key pair called?

A) certificate directory
B) certificate service
C) certificate authorization
D) certificate authority

Answer

A

certificate authority

Question 51

Q

which of these supports the principle of least privilege by logging an administrator with minimal permissions?

A) UAC
B) DAC
C) DAV
D) UAV

Answer

A

UAC - user account control

Question 52

Q

you have a phone and you need to prevent pocket dialing someone by accident. which of the following screen locks will help you in the given scenario?

A) pattern lock
B) swipe lock
C) PIN lock
D) face lock

Answer

A

swipe lock - used to prevent pocket dialing by accident

Question 53

Q

using a smartcard is an example of what type of authentication?

A) single factor
B) active directory
C) multifactor
D) RADIUS

Answer

A

multifactor - smartcards are an example of multifactor authentication because you must have the smartcard and know the passphrase that secures the credentials stored on the card.

Question 54

Q

what is primarily used to segregate network traffic, optimize network speed, and permanently assign a network path for a specific protocol or network service?

A) demilitarized zone
B) NIDS
C) port forwarding
D) NAT

Answer

A

port forwarding

Question 55

Q

which of the following authentication systems is used as the authentication back end for wifi networks that are using the WPA Enterprise security?

A) LDAP
B) RADIUS
C) Kerberos
D) 802.1X

Answer

A

RADIUS - it authenticates users when they attempt to connect to the network and is designed for dial up connections to private LANs.

Question 56

Q

which of these is a network protocol that allows for automatic configuration of port forwarding?

A) UPnP
B) content filtering
C) DHCP
D) MAC address filtering

Answer

A

UPnP - universal plug and play

Question 57

Q

which of these contains the login information for a user, including their groups and privileges?

A) single sign on
B) kerberos
C) access tokens
D) multifactor authentication

Answer

A

access tokens

kerberos - the authentication protocol used with active directory
SSO - a claims based authentication method
Multifactor Authentication - requires two or more factors for authentication.

Question 58

Q

which user group exists on windows but has no special privileges and can be customized to make a general set of privileged user permissions?

A) guests
B) users
C) administrators
D) power users

Answer

A

power users - have privileges beyond that of an ordinary user but less than that of an administrator.

Question 59

Q

which of these is a cryptographic suite of protocols that use PKI to provide secure data transfer?

A) SSH
B) SSL
C) IPSec
D) ARP

Answer

A

SSL - secure sockets layer is a crypto suite of protocols that use PKI (public key infrastructure) to provide secure data transfer.

Question 60

Q

which of the following statements is true about IP filtering?

A) it helps secure the external network from another external network
B) it helps secure the internal network from another internal network
C) it helps secure the internal network from an external network
D) it helps secure the external network from an internal network

Answer

A

it helps secure the internal network from an external network

IP filtering = firewall rules

Question 61

Q

which of these can be used as the main authentication method for the microsoft implementation of a RADIUS server called NPS?

A) TACACS+
B) RADIUS
C) Kerberos
D) Multifactor Authentication

Question 62

Q

which of these is mainly used for authentication of users on routers and switches to allow management access?

A) TACACS+
B) Kerberos
C) multifactor authentication
D) RADIUS

Answer

A

TACACS+ - also used to authenticate users connecting to wireless access points via a centralized database.

Question 63

Q

permissions on remote folders are governed by which of the following ?

A) NTFS only
B) share permissions only
C) NTFS permissions, unless share permissions are set
D) NTFS and share permissions

Answer

A

NTFS and share permissions

Question 64

Q

a user is in both the sales group and the marketing group. the sales group has full permission at the share level and the marketing group has read-only permissions. the files on NTFS are secured with the modify permission for the sales group and the read and execute permission for the marketing group. which permissions will the user have?

A) modify
B) full
C) read and execute
D) read only

Answer 57

A

extensions

A,B,D change the way a web page is rendered

Answer 58

A

MDM - mobile device management

Answer 59

A

MDM mobile device management

Answer 60

A

Security account manager SAM

Answer 61

A

Single sign On SSO

Answer 62

A

They always end with a dollar sign to make them hidden

Answer 63

A

Microsoft Defender offline scan

Answer 64

A

Home and education

Answer 65

A

EFS encrypting file system

Answer 66

A

Extensions

Answer 67

A

Clear your web browser’s cache

Answer 68

A

In private

Answer 69

A

Incognito mode

Answer 70

A

WEP wired equivalent privacy

Answer 71

A

WPA Wi-Fi protected access

Answer 72

A

1812, 1813

Brainscape's Knowledge GenomeTM

Chapt 18 Flashcards

Brainscape's Knowledge Genome^TM