Chapter 21: Security

Question 1

_______ is any type of software that is used to disrupt computers and gain unauthorized access to systems, networks, and data

Answer 1

malware

Question 2

_______ is a software that spies on system activities and transits details of web searches and other activities to remove computers

Answer 2

spyware

Question 3

A ______ is a program that infects files in a operating systems by rewriting those files so that they do what the programmer wants

Answer 3

virus

Question 4

______ can self replicate and no user intervention is required

Answer 4

worms

Question 5

_______ are malware programs disguised as popular videos or website links that trap keystrokes or transmit sensitive information

Answer 5

trojan horses

Question 6

______ are a concealment method used by many types of malware to prevent detection by normal anivirus and anti malware programs

Answer 6

Rootkits

Question 7

________ uses malware to encrypt the targeted computer’s files.

Answer 7

ransomware

Question 8

A __________ takes advantage of a not yet patched security flaw in an operating system or app, frequently on the same day the vulnerability has become known.

Answer 8

zero day attack

Question 9

A ________ is a computer on the Internet that has been taken over by a hostile program so it can be used for malware distribution, distributed denial of service (DDoS) or other attacks without notification to the normal users of the computer

Answer 9

Zombie/Botnet

Question 10

________ is a method of cracking passwords by calculating and using every possible combination of characters until the correct password is discovered

Answer 10

Brute forcing

Question 11

___________ attempt to crack passwords by trying all the words in a list

Answer 11

dictionary attacks

Question 12

_________ are systems that are tagged by a configuration manager application because they do not have the most up to date security patches installed

Answer 12

non compliant systems

Question 13

_______ occurs when an unauthorized person attempts to accompany an authorized person into a secure area by following them closely and grabbing the door before it shuts.

Answer 13

tailgating

Question 14

If an authorized persona knownlying participates in tailgating, this is called _________

Answer 14

piggybacking

Question 15

A ________ attack involves the attacker intercepting a connection while fooling the endpoints into thinking they are communicating directly with each other

Answer 15

man in the middle (MiTM)

Question 16

The sending of unauthorized messages over a Bluetooth connection to a device

Answer 16

Bluejacking

Question 17

Provides unauthorized access from a wireless device through a Bluetooth connection

Answer 17

Bluesnarfing

Question 18

Creates unauthorized backdoor access to connect a Bluetooth device back to the attacker

Answer 18

Bluebugging

Question 19

What are the 4 factors of preventing security breaches

Answer 19

1. physical security
2. digital security
3. user education/ acceptable use policy (AUP)
4. principle of least privilege

Question 20

can be used to secure laptops and other equipment that include the Kensington security lock port

Answer 20

cable locks

Question 21

_____ refers to the use of biological information, such as human body characteristics, to authenticate a potential user of a secure area.

Answer 21

Biometrics

Question 22

What is the most common type of biometric security system for PCs?

Answer 22

fingerprint based

Question 23

an ID badge that uses radio frequency identification technology that store information about the user

Answer 23

RFID badge

Question 24

What is the 2 phase authentication protocol for key fobs as security devices?

Answer 24

1. the user logs into the key fob with a PIN
2. The user logs into the system or restricted area using a randomly generated access code that refreshes every 30 to 60 seconds

Question 25

_______ is the term used in OS X and Linux for configuring the access levels a user has to a directory (folder) and individual files

Answer 25

Directory permissions

Question 26

In Windows, the equivalent term for directory permissions is _________

Answer 26

file and folder permissions

Question 27

What is the most common type of VPNs?

Answer 27

PPTP (uses 128 bit encryption) and L2TP/IPsec (combined; uses 256 bit encryption)

Question 28

_______ refers to the prevention of confidential information from being viewed or stolen by unauthorized parties by observing and analyzing unusual patterns of data access, email and instant messaging

Answer 28

DLP (Data loss/leakage prevention)

Question 29

______ refers to preventing specified UDP or TCP ports form being used by a service, application, specific device, or all devices with a firewall appliance or software firewall

Answer 29

disabling ports

Question 30

________ are included in software and used to identify the publisher; most OS display warning messages when an app without one is being installed; some block installation of an app without one

Answer 30

digital certificates

Question 31

What are the 3 standard account levels in Windows?

Answer 31

standard user, administrator, and guest

Question 32

______ have permission to perform routine tasks but are blocked from performing tasks that involve system wide changes unless they can provide an admin password when prompted by User Account Control

Answer 32

Standard User

Question 33

_____ are users with an administrator account and can perform any and all tasks

Answer 33

Administrator

Question 34

______ the most limited level in Windows, cannot install software or hardware or run existing applications and cannot access files in shared document folders

Answer 34

Guest

Question 35

______ account is disabled in Windows by default. If it is enabled for a user to gain access to the computer, that access should be temporary and the account should be disabled again when the user no longer requires access.

Answer 35

guest

Question 36

______ account was in earlier version of Windows; had more permissions than standard users but fewer than administrators; in Windows Vista and later, they have the same rights and permissions as standard users

Answer 36

power users

Question 37

________ control both local and network access, and can be set for individual users or groups, while _________ affect only network shares.

Answer 37

NTFS permissions; share permissions

Question 38

When you move a folder or file to a different location on the same volume, the folder or file __________

Answer 38

retains its original permissions

Question 39

When you copy a folder or file on the same, or to a different volume, the folder or file _________________

Answer 39

inherits the permissions of the parent folder it was copied to

Question 40

__________ are used in Windows to indicate how files can be treated

Answer 40

file attributes

Question 41

A folder or file permission that gives complete access to contents of a folder

Answer 41

full control

Question 42

A folder or file permission that allows you to change file or folder contents

Answer 42

modify

Question 43

A folder or file permission that allows you to access file or folder contents and run programs

Answer 43

read & execute

Question 44

A folder or file permission that allows you to display folder contents

Answer 44

list folder contents

Question 45

A folder or file permission that allows you to access a file or folder

Answer 45

read

Question 46

A folder or file permission that allows you to add a new file or folder

Answer 46

write

Question 47

_______ describes how files and folders receive permissions. Any permissions that you set in the parent will be inherited by the subfolder

Answer 47

permission propagation and inheritance

Question 48

What are the 5 steps to making system files and folders visible?

Answer 48

1. click tools
2. click folder options
3. click view
4. click show hidden files, folders, and drives
5. click hide protected operating system files

Question 49

Windows includes a variety of authentication protocols that can be used on a corporate network such as _______ (4 examples)

Answer 49

Kerberos, TLS/SSL, PKU2U, NTLM

Question 50

A full disk encryption software developed for business oriented versions of Windows by Microsoft that can encrypt the entire disk and is transparent to users

Answer 50

BitLocker

Question 51

What are the 3 requirements for Bitlocker

Answer 51

1. A Trusted Platform Module (TPM)
   or
2. An external USB key to store the encrypted keys
3. A hard drive with 2 volumes

Question 52

BitLocker software is based on the __________ and uses a _______ encryption key

Answer 52

Advanced Encryption Standard; 128 Bit

Question 53

Starting with Windows Vista SP1, BitLocker can be used to _________

Answer 53

encrypt internal hard disk volumes other than the system drive

Question 54

In Windows 7 and later versions, BitLocker functionality is extended to external USB drives (including flash drives) with _____________

Answer 54

BitLocker to Go

Question 55

_______ is offered by business editions of Windows and can be used to protect sensitive data files and temporary files and can be applied to individual files or folders

Answer 55

EFS (Encrypting File System)

Question 56

How can the CMOS password be removed?

Answer 56

1. by resetting the CMOS. reset the CMOS by removing the CMOS battery for a few minutes

Question 57

A security measure that when enabled, it prompts the user to enter a password for the hard drive when the computer is first booted

Answer 57

HDD password

Question 58

To enable the recovery of EFS encrypted files in the event that Windows cannot start, you should export the user’s ________

Answer 58

EFS Security key

Question 59

How to set password policy that require the user change password periodically

Answer 59

Computer Configuration> Windows Settings> Security Options

Question 60

How to set policy that inform in advance that passwords are about to expire, require complex password, prevent old password from being used, or require a minimum password length

Answer 60

Computer Configuration> Windows Settings>Account Policies> Password Policy

Question 61

How to set policy to have user wait a certain # of minutes after unsuccessful log in attempts to log in again

Answer 61

Computer Configuration> Windows Settings>Account Policies> Account Lockout Policy

Question 62

5 account management settings that can enhance security

Answer 62

1. restricting user permissions
2. login time restrictions
3. disabling guest account
4. failed attempts lockout
5. timeout/screen lock

Question 63

When you ___________ an optical disc or USB drive wont automatically start its autorun application and any embedded malware wont have a chance to infect the system before you can scan the media

Answer 63

disable autorun

Question 64

How do you turn off Autorun in Windows Vista/7/8/8.1/10

Answer 64

open the autoplay applet in control panel, clear the Use Autoplay for all media a devices and select save

Question 65

How do you turn off Autorun/autoplay in Windows 8/8.1

Answer 65

search for “autoplay settings” and clock it; in the pc and devices menu, move the Use AutoPlay for all media and devices slider to off

Question 66

What patch/ update management system is uses for OS, Windows and Linux

Answer 66

OS X- OS X Server’s Software update service
Windows- Microsoft’s Window Server Update Services (WSUS)
Linux- several but Yellowdog Updater Modifies is popular

Question 67

If ___________ is check marked, and a user accesses a website or application that requires a secure certificate, the credentials are stored on the device

Answer 67

use secure credentials

Question 68

By default, secure credentials are ________ after a session is over

Answer 68

dropped

Question 69

________ is able to secure, monitor, manage, and support multiple different mobile devices across the enterprise

Answer 69

Mobile Device Managment

Question 70

An ____________ is used to receive or generate authentication codes for one o f more apps or services

Answer 70

authenticator application

Question 71

Apple does not include a firewall because the design of iOS uses a feature called _______ that runs apps in separate protected space

Answer 71

sandboxing

Question 72

5 profile security requirements for security devices:

Answer 72

1. specifying approved devices and OS versions
2. requiring passwords and lock screens
3. device encryption
4. support issues
5. when and how to remove company info when an employees leaves the organization

Question 73

5 types of physical destruction methods

Answer 73

1. shredder (recommended for optical media)
2. drill/hammer
3. electromagnetic (degaussing) (best method)
4. incineration
5. certificate of destruction

Question 74

_____ is a quick format that only clears the root folder; the remainder of the data on the disk can be recovered until it is overwritten

Answer 74

standard format

Question 75

______ is performed by the drive manufacturer before the drive is shipped and cannot be performed in the field

Answer 75

low level format

Question 76

____ is writing on the hard disk or SSD’s data area with zeros; data could still be recovered

Answer 76

overwrite

Question 77

To assure the complete destruction of data on a storage device, it must be overwritten. Name 2 programs that exceed data destruction standards.

Answer 77

1. DoD 5220.22-M (7 passes)

2. Peter Gutman’s 35 pass max security method