Chapter 4 Flashcards
You have hired 10 new temporary workers who will be with the company for three months. You want to make sure that the user accounts cannot be used for login after that time period. What should you do?
Configure day/time restrictions in the user accounts.
Configure account policies in Group Policy.
Configure account lockout in Group Policy.
Configure account expiration in the user accounts.
Configure account expiration in the user accounts.
Which Microsoft tool can be used to review a system’s security configuration against recommended settings?
Microsoft Security Compliance Toolkit
Registry Editor
Windows Defender
Microsoft Internet Explorer
Microsoft Security Compliance Toolkit
Which type of update should be prioritized even outside of a normal patching window?
Microsoft updates
Monthly updates
Critical updates
Security updates
Critical updates
Prepare to Document means establishing the process you will use to document your network.
Which of the following makes this documentation more useful?
Identify the choke points on the network.
Automate administration as much as possible.
Have a printed hard copy kept in a secure location.
Identify who is responsible for each device.
Have a printed hard copy kept in a secure location.
Documenting procedures and processes are part of which milestone in the NSA’s Manageable Network Plan?
Reach Your Network
Document Your Network
Prepare to Document
Control Your Network
Document Your Network
In which milestone should you use a network scanner and then confirm the scan manually with a room-by-room walkthrough?
Prepare to Document
Reach Your Network
Map Your Network
Protect Your Network
Map Your Network
Windows Server Update Services (WSUS) is used to accomplish which part of a manageable network?
Patch management
User access
Documentation
Device accessibility
Patch management
You have recently been hired as the new network administrator for a startup company. The company’s network was implemented prior to your arrival. One of the first tasks you need to complete in your new position is to develop a manageable network plan for the network.
You have already completed the first and second milestones, in which documentation procedures were identified and the network was mapped. You are now working on the third milestone, which is identifying ways to protect the network.
Which tasks should you complete as a part of this milestone? (Select two.)
Create an approved application list for each network device.
Physically secure high-value systems.
Apply critical patches whenever they are released.
Identify and document each user on the network.
Set account expiration dates.
Physically secure high-value systems.
Identify and document each user on the network.
For Milestone 4 (Reach Your Network), which of the following would be considered a secure protocol to use to reach your network?
SSH
HTTP
Telnet
FTP
SSH
As you go through the process of making your network more manageable, you discover that employees in the sales department are on the same network segment as the human resources department.
Which of the following steps can be used to isolate these departments?
Move the sales department into the DMZ.
Implement the principle of least privilege for the human resources department.
Identify the choke points on your network.
Create a separate VLAN for each department.
Create a separate VLAN for each department.
Which of the following tools can you use on a Windows network to automatically distribute and install software and operating system patches on workstations? (Select two.)
WSUS
Group Policy
Security Configuration and Analysis
Security Templates
WSUS
Group Policy
Which of the following describes a configuration baseline?
A list of common security settings that a group or all devices share
A collection of security settings that can be automatically applied to a device
The minimum services required for a server to function
A set of performance statistics that identifies normal operating performance
A list of common security settings that a group or all devices share
What should you consider security baselines?
Unchangeable
Suggestion
Static
Dynamic
Dynamic
By definition, what is the process of reducing security exposure and tightening security controls?
Active scanning
Passive reconnaissance
Social engineering
Hardening
Hardening
Which of the following is the strongest form of multi-factor authentication?
A password, a biometric scan, and a token device
Two passwords
Two-factor authentication
A password and a biometric scan
A password, a biometric scan, and a token device
You have recently experienced a security incident with one of your servers. After some research, you determine that a new hotfix has recently been released, which would have protected the server.
Which of the following recommendations should you follow when applying the hotfix?
Test the hotfix and then apply it to all servers.
Apply the hotfix immediately to all servers.
Test the hotfix and then apply it to the server that had the problem.
Apply the hotfix immediately to the server. Apply the hotfix to other devices only as the security threat manifests itself.
Test the hotfix and then apply it to all servers.