Chapter 7 Security Flashcards
A mantrap is:
an area with two locking doors
A mantrap essentially:
slows down the entry process in hopes that people sneaking in behind others will be thwarted before gaining entry to the secure area
Badge readers are:
devices that can interpret the data on a certain type of ID
ID badges and readers can use a variety of physical security methods, including the following:
Photos
Barcodes and magnetic strips
RFID technology
Barcodes embedded on ID badges and readers enable:
the cards to carry a range of information about the bearers and can limit individuals’ access to only authorized areas of building
ID badges and readers with RFID chips can:
be used to open only doors that are matched to the RFID chip
A smart card is:
a credit-card sized card that contains stored information and might also contain a simple microprocessor or an RFID chip
Smart card can be used to store:
identification for use in security applications
store values for use in prepaid telephone and debit card services, hotel guest room access and many other functions
Smart cards are available in 2 form factors:
contact
contactless
Contactless cards are also known as:
proximity cards
Contactless card readers are usually:
wall mounted so users can scan their cards within 6 inches of a reader
A smart card-based security system includes:
smart cards
card readers that are designed to work with smart cards
a back-end system that contains a database that stores a list of approved smart cards for each secured location
A smart card-based security system can also be used to:
secure individual personal computers
The best way to deter a thief is to:
use a mix of technical barriers and human interaction
When employees enter the work area in the presence of a guard, it is more likely that:
the best practices will be followed and everyone will scan in and be authenticated
Without a guard in the work area it is more common for:
people to hold the door for people who are recognized but say they have misplaced their IDs
Another way to deploy guards besides in the work area is to:
have them watch several areas via security cameras that record access into and out of the buildings
The easiest way to secure an area is to:
lock doors
Aside from main entrances, you should also always lock:
server rooms
wiring closets
labs
other technical rooms when not in use
Physical door locks might seem low tech, but they can’t be:
taken over by hackers
Other precautions to take besides locking doors include:
documenting who has keys to server rooms
wiring closets and periodically changing locks and keys
Cipher locks on a door uses:
punch codes
Biometric security refers to:
the use of a person’s biological information to authenticate potential users of a secure area
The most common type of biometric security for PCs is:
fingerprint based
Examples of biometric security include:
fingerprint scanning
retina scanning
facial recognition
What is a token?
Any physical device that a user must carry to gain access to a specific system
Examples of a token are:
smart cards
RFID cards
USB tokens
key fobs
Where is the security slot on a laptop typically located?
near a rear corner
Rack-level security involves:
locking down equipment in a server rack
Rack-level security can be done with:
cabinets or cages with secure biometric locks or perhaps keycards that can be changed often
Besides cabinets or cages in a data center, what else is appropriate to use for security?
Security cameras
USB locks can be used to:
secure USB cables into the computer and to securely plug empty USB ports
Data on a computer screen can be easily protected by installing a:
privacy screen
A privacy screen is a:
transparent cover for a PC monitor or laptop display that reduces the cone of vision, usually about 30 degrees, so that only the person directly in front of the screen can see the content
Many privacy screens are also:
antiglare, helping to reduce the user’s eye strain
Key fobs can contain:
RFID chips
Many key fobs are used as part of a two-step authentication protocol as follows:
The user carries a key fob that generates a code every 30 to 60 seconds. Every time the code changes on the fob, it is also matched in the authentication server. In some cases the user must also log into the fob to see the access code for an extra layer of security
The user then logs into the system or restricted area, using the randomly generated access code displayed on the key fob’s LCD display
An entry control roster is:
a list of individuals or representatives who are authorized to enter a secured area
A keypad lock on an entrance to a secure area can:
store a list of authorized PINs
Active Directory is:
a Microsoft solution for managing users, computers, and information access in a network
Active Directory is based on:
a database of all resources and users that will be managed within the network. The information in the database determines what people can see and do within the network
Here are the basics for Active Directory:
Login script
Domain
Group Policy
Organization Unit (OU)
Home folder
Folder redirection
Explain login script for Active Directory:
When a user logs onto the network, Active Directory knows who that user is and runs a login script to make the assigned resources available
Explain domain for Active Directory:
The domain is a computer network or group computer networks under one administration
Explain Group Policy for Active Directory:
This is a set of rules and instructions defining what a user or group of users can or cannot do when logged into the domain
The term Group Policy Object (GPO) is:
a set of instructions assigned to a group of users or to certain machines on the network
Explain Organizational Unit (OU) for Active Directory:
logical groups that help organize users and computers so that Group Policy Object (GPO) may give them special access to financial records
Explain home folder for Active Directory:
This folder is accessible to the network administrator and is where the user’s data and files are kept locally
Explain Folder redirection for Active Directory:
This allows for the work done by an Organizational Unit (OU) to be saved on a common folder in the domain as directed by the administrator instead of the user
Software tokens are different than regular tokens because:
they exist in software and are commonly stored on devices
An example of a software token is:
Google Authenticator which is an app that is downloaded to a device and provides a shared secret key
A suite of software known as mobile device management (MDM) is used for:
Organizations that have many mobile devices that need to administer them such that all devices and users comply with the security practices in place
Good mobile device management (MDM) software do these things:
secures
monitors
manages
supports multiple different mobile devices across the enterprise
Disabling ports refers to:
using a firewall appliance of software firewall to prevent specified UDP or TCP ports from being used by a service, an app, a specific device, or all devices
Turning off unused ports makes it:
harder for hackers to find stealth access into a machine
The MAC address is a:
list of six two-digit hexadecimal numbers
A MAC address is usually found on:
a label on the side of a network adapter
Because MAC addresses are unique, it is possible to:
control access to most wireless networks by allowing only certain addresses in. This process is sometimes called whitelisting
Some routers can be configured to block:
a list of specified MAC address from accessing the wired network
MAC address filtering can be a useful way to:
block casual hackers from gaining access to a small wireless (or wired) network, but it can be troublesome for a large network with many different devices coming into and going out of the system as each needs to be entered separately.
What is MAC address cloning?
The use of software to change the MAC address of a network device
MAC addresses are not:
encrypted and can be detected by software used to hack networks
MAC address filtering should not:
be relied on alone to stop serious attacks
Digital certificates included in software are use to:
identify the publisher
Most OSs display warning messages when:
an app without a digital certificate is being installed
To access Certificate Manager in Windows 10 follow these steps:
click the Start button
type certmgr.msc in the search field and press Enter
In Windows 10 the Certificate Manager does what?
It keeps track of and check certificates
Antivirus/anti-malware software for mobile devices are:
third-party applications that need to be paid for, downloaded, and installed to the mobile device
One of the benefits of iOS being a closed-source OS is that it can be more difficult to:
write viruses for it, making is somewhat difficult to compromise
A firewall is a:
physical device or a software program that examines data packets on a network to determine whether to forward them to their destination or block them
A one-way firewall is used to:
protect against inbound threats only
A two-way firewall is used to:
protect against both unauthorized inbound and outbound traffic
A software firewall can be:
configured to permit traffic between specified IP addresses and to block traffic to and from the Internet except when permitted on a per-program basis
A corporate network may use a proxy server with a firewall as:
the sole direct connection between the Internet and the corporate network and use a firewall in the proxy server to protect the corporate network against threats
Physical firewalls are specialed:
computers whose software is designed to quickly analyze network traffic and make forwarding decisions based on rules set by the administrator
Most current OSs have some sort of firewall built in, the examples are:
Windows has Windows Defender, initially configured a one-way firewall but can be configured to work as a two-way firewall
macOS includes an application firewall
Linux includes iptables to configure netfilter, its packet-filtering framework
Authenticating users means:
making sure those who are logging in are truly who they say they are
To solve the problem of weak passwords, administrators should mandate:
strong passwords in their authentication settings
Strong passwords that foil casual hackers have the following characteristics:
They are at least eight characters long; every character added to this minimum makes the password exponentially safer
They include a variety of uppercase and lowercase letters, numbers, and symbols
They do not include real names and words
The best type of authentication system is one that:
uses two or more authentication methods, this is known as multifactor authentication
Directory permissions is the term used in macOS and Linux for:
configuring the access levels a user has to a directory (folder) and individual files. In Windows, the equivalent term is file and folder permissions
In Linux and macOS, directory permissions include:
Read (opens file but no changes)
Write (able to read and change file)
Execute (runs executable file or opens directory)
The chmod command is used in Linux to:
change directory permissions
In macOS, the Get Info menu’s Sharing & Permissions submenu is used to:
change directory permissions
In Windows, file and folder permissions on an NTFS drive include:
Full control
Modify
Read & Execute
List folder contents (applies to folders only)
Read
Write
Data loss/leakage prevention (DLP) involves:
preventing confidential information from being viewed or stolen by unauthorized parties
Data loss/leakage prevention (DLP) goes beyond normal digital security methods such as firewalls and antivirus software by:
observing and analyzing unusual patterns of data access, email, and instant messaging, whether the data is going into or out of an organization’s network
Access control lists (ACLs) are:
lists of permissions or restriction rules for access to an object such as a file or folder
Access control lists (ACLs) controls:
which users or groups can perform specific operations on specified files or folders
Smart cards can be used to enable:
logins to a network, encrypt or decrypt drives, and provide digital signatures when supported by the network server
Email filtering can be used to:
organize email into folders automatically
block spam and potentially dangerous messages
Email filtering can be performed at:
the point of entry to a network with a specialized email filtering server or appliance as well as by enabling the spam and threat detection features that are built into email clients or security software
Applying the principle of least privilege means:
giving a user access to only what is required to do his or her job
An encrypted wireless network relies on:
the exchange of a passphrase between the client and the wireless access point (WAP) or router before the client can connect to the network
There are several standards for encryption for a network connection. They are:
WEP
WPA versions
TKIP
AES
There are four different authentication methods for access to a wireless network, they are:
single-factor
multifactor
RADIUS
TACACS
Single-factor authentication is basic:
username and password access to a computer or network
A multifactor authentication system uses:
two or more authentication methods and is far more secure than single-factor authentication
Multifactor authentication is a:
combination of the password and the digital token, which makes it very difficult for imposters to gain access to a system
A Remote Authentication Dial-In User Service (RADIUS) Servers is used for a:
user who wants to access a network or an online service. They enter a username and password when requested
With Terminal Access Controller Access Control System (TACACS) a user:
who was already authenticated into the network was automatically logged into other resources in the system as well
Malicious software, or malware is:
software designed to infiltrate a computer system and possibly damage it without the user’s knowledge or consent
Malware is a broad term used by computer professionals to includes:
viruses
worms
Trojan horses
spyware
rootkits
keyloggers
adware
other types of undesirable software
Ransomware uses:
malware to encrypt the targets computer’s files. The ransom demand might be presented after you call a bogus technical support number displayed onscreen or the ransom may be displayed onscreen
Trojan malware, also known as a Trojan horse is a:
malware program disguised as a “gift”- usually popular videos or website links- that trick the user into downloading a virus that might be used to trap keystrokes or transmit sensitive information
Keylogger viruses are:
especially dangerous because they track keystrokes and can capture usernames and passwords of unwitting users
A keylogger can be delivered via a:
Trojan horse
phishing
fake email attachment that the user opens
A rootkit is a set of:
hacking tools that makes its way deep into the computer’s OS or applications and sets up shop to take over the computer
A rootkit is a complex:
type of malware that is difficult to detect and remove with standard malware antivirus software
Some rootkits do different things. For example some:
do keylogging
listen for banking information
can take over a computer completely
Sometimes the only solution for a rootkit is to:
wipe the drive and reinstall the OS
Virus is a generic term for:
any malicious software that can spread to other computers and cause trouble
Most virus attacks are spread with:
human assistance when users fall prey to phishing and carelessly open attachments
Hackers can infect multiple computers to form:
a botnet
Hackers use a botnet to:
cause trouble, such as by mounting denial or service attacks or spreading spam
Hackers who install networks of bots sometimes:
sell access to them to other hackers
Worms are different from over viruses in that they:
are able to self-replicate on computers and push themselves out to other computers
Spyware is:
software that spies on system activities and transmits details of web searches or other activities to remote computers
What is a good indicator of spyware?
Getting multiple unwanted pop-up windows when browsing the Internet
Spyware can possibly cause:
slow system performance
Antivirus/anti-malware programs can use some or all of the following techniques to protect users and systems:
Real-time protection to block infection
Periodic scans for known and suspected threats
Automatic updating on a frequent (usually daily) basis
Renewable subscriptions to obtain updated threat signatures
Links to virus and threat encyclopedias
Inoculation of systems files
Permissions-based access to the Internet
Scanning of downloaded files and sent/received email
When attempting to protect against viruses and malware, the two most important things to remember is to:
keep your anti-malware application up to date
watch out for unknown data, whether it comes via email, USB flash drive, mobile device, or some other mechanism
The Recovery Console allows:
you to reset your PC or boot from a recovery disk
Troubleshooting an infected PC can be done from a:
recovery drive
A recovery drive allows you to:
boot into a minimal Safe mode that does not install all applications or normal condition
To enable and Time Machine follow these steps:
- Connect a suitable external disk to a macOS system
- When prompted, click Use a Backup Disk. You can also check the Encrypt Backup Disk box to protect the backup
- If you select the option to encrypt your backup in Step 2, enter a password, confirm it, and enter a password hint. Click Encrypt Disk
- Make sure Time Machine is turned on. After the selected disk is encrypted, the backup starts
Regardless of the sophistication of physical or digital security measures, the lack of user education and an acceptable use policy (AUP) can lead to security issues. Some elements of a good AUP include the following:
Have users ask for an ID when approached in person by somebody claiming to be from the help desk, the phone company, or a service company
Have users ask for a name and a supervisor name when contacted by phone by someone claiming to be from the help desk, the phone company, or a service company
Provide contact information for the help desk, phone company, and authorized service companies and ask users to call the authorized contact person to verify that a service call or phone request for information is legitimate
Ask users to log into systems and then provide the tech the computer rather than giving the tech login information
Have users change passwords immediately after service calls
Ask users to report any potential social engineering calls or in-person contracts, even if no information was exchanged
Users should be educated in how to do the following:
Keep antivirus, antispyware, and anti-malware programs updated
Scan systems for virus, spyware, and malware
Understand major malware types and techniques
Scan removable media drives (such as optical discs and USB drives) for viruses and malware
Disable autorun
Configure scanning program for scheduled operation
Respond to notifications that viruses, spyware, or malware have been detected
Quarantine suspect files
Report suspect files to the help desk
Remove malware
Disable antivirus software when needed and know when to reenable antivirus software
Avoid opening attachments from unknown senders
Use anti-phishing features in web browsers and email clients
Domain Name Service (DNS) involves:
a database containing public IP addresses and their associated domain names
The purpose of Domain Name Service (DNS) is to:
translate domain names used in web page request into IP addresses
Domain Name Service (DNS) functions are included in:
SOHO routers
larger networks
Domain name servers communicate with:
other, larger, domain name servers if the requested addresses are not in their databases
Hackers like to capture Domain Name Service (DNS) information because:
it provides links between domain names and IP address
With Domain Name Service (DNS) records, a hacker can:
create false DNS information that can point victims to fake websites and get them to download malware or viruses
Six common social engineering techniques that all employees in an organization should know about are:
phishing
spear phishing
impersonation
should surfing
tailgating
dumpster diving
The key to mitigating social engineering threats is a combination of:
ensuring employee
implementing policies and protocols for handling sensitive internal information
and whenever possible, using cybersecurity
Phishing involves:
creating bogus websites or sending fraudulent emails that trick users into providing personal, bank, or credit card information
Phone phishing uses:
an interactive voice response (IVR) system that the user has been tricked into calling to dupe the user into revealing information
Spear phishing involves:
sending spoof messages that appear to come from an internal source requesting confidential information, such as payroll or tax information
Phishing can be addressed with:
awareness warnings from administrators that give examples of the latest threats and education for employees about using judgment to identify suspicious messages
The best protection against spear phishing is:
implementing security software that identifies spear phishing mail and educating users about how to handle sensitive information within the organization
Impersonation happens when a hacker:
pretends to be someone the victim trusts via email, phone, or in person
What can help prevent impersonation attacks?
Common sense and strict policies oh how to communicate sensitive information
Shoulder surfing is:
the attempt to view physical documents on a user’s desk or electronic documents displayed on a monitor by looking over the user’s shoulder
A common protection against shoulder surfing is:
a special privacy screen that limits the viewing range of a display
Tailgating occurs when:
an authorized person attempts to accompany an authorized person into a secure are by following that person closely and grabbing the door before it shuts
If the authorized person is knowingly involved in tailgating is known as:
piggybacking
Dumpster diving is when a person:
goes through the trash seeking information about a network or about a person with access to the network
A distributed denial service (DDoS) attack occurs when:
several (up to thousands) of computer have been compromised with special malware that turns them into bots. The bots then get directions from their new master to attack with thousand of requests to a network site. The traffic is so overwhelming that the site is unreachable by normal traffic and is effectively shut down
A denial of service (DoS) attack involves:
one computer attacking a specific target with an overwhelming number of service requests
Zero day occurs when:
legitimate software is sold and distributed, it may have security vulnerabilities that are unknown. When the flaws are discovered, the users may put out alerts while the software company who made the software creates a patch. The hackers watch for those alerts and exploit the vulnerabilities before the patch is installed
A man-in-the-middle (MiTM) attack involves:
the attacker intercepting a connection while fooling the endpoints into thinking there are communicating directly with each other.
In a man-in-the-middle (MiTM) attack the attacker essentially becomes:
an authorized and undetected proxy or relay point and the attacker uses this position to capture confidential data or transmit altered information to one or both ends of the original connections
A brute force attack involves:
cracking passwords by calculating and using every possible combination of characters until the correct password is discovered
One way an administrator can block brute forcing is to:
set authentication systems to lock after a specified number of incorrect passwords are offered
Dictionary attacks involve:
attempting to crack passwords by trying all the words in a list, such as a dictionary
Dictionary attacks can be blocked by:
locking systems after a specified number of incorrect passwords are offered
Requiring more sophisticated passwords that do not include identifiable information such as birthdays or family names
A rainbow table is used in:
an attack in much the same manner as in a brute force attack, but it is more mathematically sophisticated and takes less time
Rainbow tables are:
precomputed tables that can speed calculations when cracking hashes
Spoofing is a general term for:
malware attacks that purport to come from a trustworthy source
Non-compliant systems are systems that:
are tagged by a configuration manager application for not having the most up-to-date security patches installed
A zombie/botnet is a:
computer on the Internet that has been taken over by a hostile program so it can be used for malware distribution or distributed denial of service (DDoS) or other attacks without notification to the regular uses of the computer
Many malware attacks attempt to turn targeted computers into:
zombies on a hostile botnet
The principles of access control are:
Users and groups
NTFS vs. share permissions
Shared files and folders
System files and folders
User authentication
Run as administrator vs. standard user
BitLocker
BitLocker To Go
EFS
There are three standard account levels in Windows
Standard
Administrator
Guest
Standard accounts have:
permission to perform routine tasks
Administrator accounts users can:
perform any and all tasks
Guest accounts are:
the most limited
In Windows versions up to 8.1, the power users account is:
a specific account type that has more permissions than standard users but fewer than administrators
In Windows 10 the Power Users group has:
been discontinued, but it is available to assign for backward compatibility
New Technology File System (NTFS) is:
an improved way to store files on disks over the FAT system of Windows 95
Permissions control both:
local and network access to files and can be set for individual users or groups
Each permission has two settings:
Allow
Deny
In some cases, an administrator must issue an explicit:
denial if the user is part of a larger group that already has access to a parent folder but needs to be kept out of a particular subfolder
When you copy a folder or file to a different volume:
the folder or file inherits the permissions of the parent folder it was copied to (the target directory)
When you copy a folder or file to a different location on the same volume:
the folder or file retains its original permissions
File attributes are used in Windows to:
indicate how can be treated
specify which files should be backed up
specify which should be hidden from the normal GUI or command-line file listings, whether a file compressed or encrypted, and so on
To view file attributes in Windows follow these steps:
right-click a file in File Explorer or Windows Explorer and select Properties
To view file attributes from the Windows command line, you should use what command?
Attrib
Shared files and folders have their permissions via:
the Security tab of the object’s properties sheet
Folder and file permissions vary by user type or group and can include the following:
Full control: compete access to the contents of the file or folder
Modify: change file or folder contents
Read & Execute: access file or folder contents and run programs
List Folder Contents: display folder contents
Read: access a file or folder
Write: add a new file or folder
Local shares are normally configured on:
a folder or library basis in Windows
To connect to the administrative share, a user must:
provide a username and password for an account on that system
If you create a folder you can describe how the files and folders receive permissions by these two terms:
inheritance
propagation
To make system files and folders visible in Windows 10 follow these steps:
- Open File Explorer
- In the top left select the View tab
- Uncheck the boxes that are hidden that need to be viewed
BitLocker software can:
encrypt the entire disk, which, after completed, is transparent to the user
The requirements for using BitLocker are:
A Trusted Platform Module (TPM) chip, which is a chip residing on the motherboard that actually stores the encrypted keys
or
An external USB key to store the encrypted keys. Using TPM chip requires changes to Group Policy setting
and
A hard drive with two volumes, preferably created during the installation of Windows
BitLocker software is based on:
Advanced Encryption Standard (AES) and uses 128-bit encryption key
BitLocker To Go is:
removable drives and external USB drives (including flash drives) that have BitLocker functionality
Encrypting File System (EFS) can be used to:
protect sensitive data files and temporary files and can be applied to individual files or folders
Encrypting File System (EFS) files can be opened only by:
the user who encrypted them, by an administrator, or by EFS keyholders (users who have been provided with EFS certificate key for another user’s account)
To encrypt a file in Windows 10, follow this process:
- Right-click the file in the File Explorer and select Properties
- Click the Advanced button on the General tab
- Click the empty Encrypt Contents to Secure Data check box
- Click OK
- Click Apply. When prompted, select the option the file and parent folder or only the file as desired and click OK
- Click OK for close the properties sheet
Using a password generator can make:
the creation of strong passwords easier
The following are best practices for passwords:
Setting strong passwords
Setting expiration for passwords
Requiring a password to enter a computer after the screensaver appears
Passwords can be set up to require users to do the following:
Change passwords periodically to keep them fresh and secure
Be informed in advance that passwords are about to expire so that users can change passwords early and prevent being locked out at an inconvenient time
Enforce a minimum password length to keep passwords strong
Require complex passwords that include a mixture of letters, numbers, and special characters
Prevent old passwords from being reused continually by tracking past passwords and not allowing them
Wait a certain number of minutes after a specified number of unsuccessful logins has taken place before being able to log in again
User account settings, when combined with workstation security settings help:
prevent unauthorized access to the network
User permissions for standard users prevent:
systemwide changes, but additional restrictions can be set with Group Policy or Local Security Policy
Login time restrictions can be used to:
specify when an account can be used
The guest account in Windows is a potential:
security risk, so it should be disabled
Password policy should specify that:
a user should be locked out after a specified number of failed attempts to log into an account
Automatic screen locking can be configured to:
take effect after a specified amount of idle time, which can help safeguard a system if a user forgets to lock the system manually
Default usernames and passwords for SOHO routers or other devices or services that have default passwords should be:
changed
After a user is created, a technician might need to perform a few common tasks which are:
Account deletion: a technician might need to completely remove a user from Active Directory
Password reset/unlock: This may need to be done when a user has forgotten a password or failed to authenticate
Disable account: It is possible to deactivate a user but keep the account and its records
Auto run is a feature that enables:
programs to start automatically when a CD or USB drive or flashcard is connected to a computer
Both Autorun and AutoPlay allow the user to:
be selective in what kinds of programs, updates, and syncs can take place
To disable autorun in Windows by using Local Group Policy, complete the following steps:
- Click Start and in the search field type gpedit.msc to open the Local Group Policy Editor
- Navigate to Computer Configuration> Administrative Templates> Windows Components> AutoPlay Policies
- Double-click the Turn Off AutoPlay settings to display the Turn Off AutoPlay configuration window
- Click the Enabled radio button and then click OK to enable the policy named Turn off AutoPlay
Data encryption should be used on laptops and other systems that might be used:
outside the more secure corporate network environment
To encrypt folders folders or drives use the following steps:
- Right-click the folder or drive to be secured and select Properties
- Click the Advanced button at the bottom of the General tab
- In the Advanced Attributes dialog, select the Encrypt Contents to Secure Data check box and click OK
Patches and updates and OSs and applications should be:
managed centrally to prevent systems from falling out of compliance
Microsoft’s Windows Server Update Services (WSUS) can be used for:
OS and application patches and updates for Microsoft product
macOS Server’s Software Update service can be used for:
OS and application patches and updates for macOS machines
The first step in securing a mobile device is setting up the:
screen lock
A screen lock can be:
a pattern that is drawn on the display, a PIN (passcode lock), or a password
Some devices support other types of screen locking, including:
fingerprint lock and face lock
A swipe lock app immediately:
locks a device when the user swipes the display to one side
A remote wipe can be initiated from a desktop computer to:
delete all the contents of the remote mobile device
There are two ways to back up a mobile device. They are:
via a USB connection to a desktop or laptop
the cloud by using a remote backup application
Patching/OS updates help:
protect mobile devices from the latest vulnerabilities and threats
With full device encryption, your data is not:
accessible to would-be thieves unless they know the passcode
File-based encryption is:
encryption on individual files, meaning each file has a separate encryption key, so all the phone resources do not have to be tied up in the encryption process
An authenticator application is used to:
receive or generate authentication codes for one or more apps or services
Apps downloaded from locations other than the OS app store are considered:
untrusted and should not be used if at all possible
Jailbreaking the phone is usually required to:
run untrusted apps
Jailbreaking removes:
security measures built into the phones
Benefits of bring your own device (BYOD) policies include:
No hardware cost to the organization
Higher usage due to employee satisfaction with their selected device
Greater productivity
Potential drawbacks of BYOD include:
Hidden costs of management and security
Possibility that some employees will not want to buy their own devices
Issues involved with organizations using corporate-owned mobile devices, BYOD, or a mixture setting are:
specifying approved devices and OS versions
requiring passwords and lock screens
requiring device encryption, support issues, and when and how to remove company information when an employee leaves the organization
Physical destruction renders:
a mass storage device into small pieces that cannot be reconstructed, making the data inside unrecoverable
Physical destruction methods include the following:
Shredding
Drill/Hammer
Electromagnetic (degaussing)
Incineration
Electromagnetic degaussers and permanent magnet degaussers can be used to:
permanently purge information from a disk
Data-recycling companies can provide a:
certificate to prove compliance with local laws or institutional policies
As long as the data on a hard drive or other mass storage device can be rendered unrecoverable, it is not:
necessary to destroy the media itself
The following are some best practices for recycling and repurposing:
Low-level format vs. standard format
Overwrite
Drive wipe
Describe the best practices for recycling and repurposing:
Low-level format
A low-level format that creates the physical infrastructure where data will be stored on a disk is performed by the drive manufacturer before the drive is shipped and cannot be performed in the field
Describe the best practices for recycling and repurposing:
Standard format
The standard format used in OSs is a quick format. This type of format clears only the root folder
Describe the best practices for recycling and repurposing:
Overwrite
Overwrite a hard disk’s or SSD’s data area with zeros
Describe the best practices for recycling and repurposing:
Drive wipe
destroys existing data and partition information in such a way as to prevent data recovery or drive forensic analysis. Use this method when maintaining the storage device as a working device is important for repurposing (such as for donation or resale)
The service set identified (SSID) can provide:
a great deal of useful information to a potential hacker of a wireless network
If a default SSID is broadcast by a wireless network, a hacker can:
look up the documentation for a specific router or the most common models of a particular brand and determine the default IP address range, the default administrator username and password, and other information that would make it easy to attack the network
To help “hide” the details of your network and location, a replacement SSID for a secure wireless network should not include any of the following:
Your name
Your company name
Your location
Any other easily identifiable information
Wireless Access Point’s (WAP) generally, should be:
placed in the middle of an office to offer the greatest coverage while reducing the chance of outsiders being able to connect to the device
When wireless routers and access points radio power levels are set to low:
clients at the perimeter of the building will not be able to gain access
When wireless routers and access points radio power levels are set to high:
computers located in neighboring businesses will be able to attempt access
If a wireless signal is too weak, regardless of the router location and radio power levels, and the router is older, consider:
replacing it with a new wireless router
Using WiFi Protected Setup (WPS) is an:
easy way to configure a secure wireless network with a SOHO router, provided that all devices on the network support WPS
There are several ways that WiFi Protected Setup (WPS) can be configured. The most common ways include:
PIN (enter router pin in new device)
Push button (similar to Xbox controller sync with time span)
If you want to limit access to the Internet for certain computers or log activity for computer by IP address you can:
disable the DHCP setting of handing out IP addresses to all computers connected to it
By default, most Wireless Access Points (WAP) and wireless routers use a feature that acts like a simple firewall called:
Network Address Translation (NAT)
Network Address Translation (NAT) prevents:
traffic from the Internet from determining the private IP addresses used by computer on the network
Many Wireless Access Points (WAP) and wireless routers offer additional firewall features that can be enabled, including:
Access logs
Filtering of specific types of traffic
Enhanced support for VPNs
Use port forwarding to allow:
inbound traffic on a particular TCP or UDP port or range to go to a particular IP addresses rather than all devices on a network
Port forwarding is also known as:
port mapping
Blocking TCP and UDP ports are also known as:
disabling ports
Blocking TCP and UDP ports is performed with:
a firewall app such as Windows Defender Firewall with Advanced Security
Windows Defender includes the following sections:
Virus & Threat Protection
Account Protection
Firewall & Network Protection
App & Browser Control
Device Security
Device Performance & Health
Family Options
To determine whether a WAP or wireless router has a firmware update available, follow these steps:
- View the device’s configuration dialogs to record the current firmware version
- Visit the device vendor’s website to see whether a new version of the firmware is available
- Download the firmware update to a PC that can be connected to the device with an Ethernet cable
- Connect the PC to the device with an Ethernet cable
- Navigate to the device’s firmware update dialog
- Follow the instructions to update firmware
In a SOHO network environment, physical security refers to:
preventing unauthorized use of the network
The same basics of physical security apply in a SOHO network in a large office environment, they are:
Secure the network equipment in a locked wiring closet or room
Disable any unused wall Ethernet jacks by either disabling their switch ports or unplugging the patch panels in the wiring closet
Route network cables out of sight, in the walls and above the ceiling
Locks doors when leaving
If possible, dedicate a lockable room as a workspace in a home office to protect company devices and other resources from the hazards of daily family life, such as children and pets
