Hardening Flashcards
Objectives: ● 2.5 - Explain the purpose of mitigation techniques used to secure the enterprise ● 4.1 - Given a scenario, you must be able to apply common security techniques to computing resources ● 4.5 - Given a scenario, you must be able to modify enterprise capabilities to enhance security
Question 1: Scenario-Based (Default Passwords)
A small business owner purchases a new wireless router for their office. Upon setting it up, they notice that the login credentials to access the router’s configuration page are admin for both the username and password. What is the BEST action they should take next?
A) Leave the credentials as they are since they work fine.
B) Change the default password to a strong, unique password.
C) Disable Wi-Fi to prevent unauthorized access.
D) Share the credentials with all employees for easy access.
Answer: B) Change the default password to a strong, unique password.
Explanation:
(A) Incorrect: Leaving default credentials is a major security risk because attackers can find them in manuals and online.
(B) Correct: Default passwords should be changed immediately to prevent unauthorized access.
(C) Incorrect: Disabling Wi-Fi may reduce unauthorized access but does not address the real issue of weak credentials.
(D) Incorrect: Sharing credentials increases the risk of compromise, especially if an employee’s device is breached.
Question 2: Explained-Based (Password Management)
Which of the following is the BEST practice for managing administrative passwords for critical systems?
A) Using the same strong password for all devices.
B) Rotating passwords every 30 days and writing them down.
C) Storing passwords in a password manager and rotating them every 90 days.
D) Using short passwords to make them easier to remember.
Answer: C) Storing passwords in a password manager and rotating them every 90 days.
Explanation:
(A) Incorrect: Reusing passwords increases security risks; if one device is compromised, all others are vulnerable.
(B) Incorrect: While rotating passwords is good, writing them down physically increases the risk of theft.
(C) Correct: Using a password manager ensures security and convenience while keeping passwords long, strong, and unique.
(D) Incorrect: Short passwords are easy to crack using brute-force attacks.
Question 3: Scenario-Based (Unneeded Ports and Protocols)
An IT administrator is setting up a web server. They notice that both port 80 (HTTP) and port 443 (HTTPS) are open. The company requires secure web communication. What should the administrator do?
A) Close port 80 and allow only HTTPS over port 443.
B) Keep both ports open to ensure compatibility.
C) Close both ports since they pose a security risk.
D) Disable HTTPS and allow only HTTP to reduce encryption overhead.
Answer: A) Close port 80 and allow only HTTPS over port 443.
Explanation:
(A) Correct: HTTPS (port 443) provides encrypted and secure communication. Keeping HTTP (port 80) open allows insecure traffic.
(B) Incorrect: Leaving port 80 open increases the risk of unencrypted data transmission.
(C) Incorrect: Closing both ports would prevent web access entirely, which is not practical.
(D) Incorrect: HTTP is insecure because it does not encrypt traffic, making it vulnerable to attacks.
Question 4: Explained-Based (Auditing Open Ports)
Why is it important to audit and disable unneeded ports on a system?
A) To prevent unauthorized access and reduce the attack surface.
B) To make it easier for employees to access the system remotely.
C) To increase network traffic for performance testing.
D) To allow all possible connections and ensure compatibility.
Answer: A) To prevent unauthorized access and reduce the attack surface.
Explanation:
(A) Correct: Disabling unneeded ports reduces the number of potential entry points for attackers.
(B) Incorrect: Keeping unnecessary ports open increases security risks.
(C) Incorrect: More open ports do not help with performance testing; they increase the risk of exploitation.
(D) Incorrect: Security should always be prioritized over excessive compatibility.
Question 5: Scenario-Based (Default Open Ports)
A network security analyst performs a scan on a newly installed device and finds port 23 (Telnet) and port 22 (SSH) open. What is the best course of action?
A) Leave both ports open for compatibility.
B) Close port 23 and use SSH over port 22 for secure remote access.
C) Close both ports to prevent any remote access.
D) Use Telnet (port 23) instead of SSH since it is easier to configure.
Answer: B) Close port 23 and use SSH over port 22 for secure remote access.
Explanation:
(A) Incorrect: Leaving Telnet (port 23) open is a security risk since it transmits data in plain text.
(B) Correct: SSH (port 22) is a secure protocol for remote access, while Telnet is insecure.
(C) Incorrect: Closing both ports would prevent all remote management, which may not be practical.
(D) Incorrect: Telnet lacks encryption and is vulnerable to eavesdropping.
Question 6: Explained-Based (Secure vs. Insecure Protocols)
Which of the following protocol pairs correctly identifies the insecure and secure version?
A) HTTP (secure) / HTTPS (insecure)
B) Telnet (insecure) / SSH (secure)
C) SMTP (secure) / SMTPS (insecure)
D) FTP (secure) / FTPS (insecure)
Answer: B) Telnet (insecure) / SSH (secure).
Explanation:
(A) Incorrect: HTTPS is the secure version of HTTP, not the other way around.
(B) Correct: Telnet sends unencrypted data, while SSH provides secure remote access.
(C) Incorrect: SMTP is not encrypted, while SMTPS provides encryption.
(D) Incorrect: FTPS (FTP Secure) is the secure version of FTP.
Question 7: Scenario-Based (Factory Settings)
A company sets up a new file server and leaves the factory settings unchanged. Which of the following is the most likely consequence?
A) Increased security due to manufacturer configurations.
B) A higher risk of exploitation due to known default settings.
C) Faster performance because factory settings are optimized.
D) Better user experience due to default permissions.
Answer: B) A higher risk of exploitation due to known default settings.
Explanation:
(A) Incorrect: Default settings prioritize usability over security.
(B) Correct: Attackers can easily find default configurations in manuals and exploit them.
(C) Incorrect: Default settings do not guarantee better performance.
(D) Incorrect: Security risks outweigh user experience benefits in this case.
Question 1: Scenario-Based (Least Functionality)
A system administrator is setting up a new employee workstation. To follow the principle of least functionality, which of the following should the administrator do?
A) Install all possible applications the employee may need in the future.
B) Only install essential applications and services required for the employee’s role.
C) Allow employees to install any software they find useful.
D) Keep default applications installed on the system without modification.
Answer: B) Only install essential applications and services required for the employee’s role.
Explanation:
(A) Incorrect: Installing unnecessary applications increases vulnerabilities and does not follow the least functionality principle.
(B) Correct: The least functionality principle ensures only essential applications and services are installed, reducing security risks.
(C) Incorrect: Allowing unrestricted installations increases the chance of vulnerabilities.
(D) Incorrect: Default applications may include unnecessary or insecure programs.
Question 2: Explained-Based (Managing Software)
Why is keeping software up-to-date an essential security practice?
A) Updates often include security patches that fix vulnerabilities.
B) Older versions of software are always more secure than newer ones.
C) Software updates help increase disk space.
D) Newer software versions always include more features, making security a lesser concern.
Answer: A) Updates often include security patches that fix vulnerabilities.
Explanation:
(A) Correct: Updates frequently contain patches for newly discovered security vulnerabilities.
(B) Incorrect: Older versions may have unpatched vulnerabilities, making them less secure.
(C) Incorrect: Updating software does not necessarily increase disk space.
(D) Incorrect: Security is always a concern, regardless of new features.
Question 3: Scenario-Based (Secure Baseline Images)
A company wants to ensure that all new computers deployed in the organization have the same security settings and applications. What is the best approach to achieve this?
A) Allow each employee to install necessary applications manually.
B) Create a secure baseline image that includes the OS, required applications, and strict security settings.
C) Install only the operating system and let users customize everything else.
D) Use an outdated image that has been used for years without updates.
Answer: B) Create a secure baseline image that includes the OS, required applications, and strict security settings.
Explanation:
(A) Incorrect: Allowing employees to install applications can lead to inconsistencies and security risks.
(B) Correct: A secure baseline image ensures consistency and security across all workstations.
(C) Incorrect: Minimal installations without security configurations can leave vulnerabilities.
(D) Incorrect: Outdated images may not include recent security updates.
Question 4: Explained-Based (Preventing Unauthorized Software)
Which of the following is the best way to prevent unauthorized software installation on company computers?
A) Allow all employees full administrative rights.
B) Use application allowlisting to restrict which applications can run.
C) Let employees decide which software they need for productivity.
D) Use a firewall to block software installations.
Answer: B) Use application allowlisting to restrict which applications can run.
Explanation:
(A) Incorrect: Full administrative rights allow unrestricted software installations, increasing security risks.
(B) Correct: Application allowlisting ensures only approved software can run, preventing unauthorized installations.
(C) Incorrect: Employees may install unverified or insecure software, increasing vulnerabilities.
(D) Incorrect: A firewall does not prevent software installations on local machines.
Question 5: Scenario-Based (Application Allowlisting)
A company is concerned about employees installing unapproved applications. The security team decides to implement application allowlisting. How will this affect software execution?
A) Only applications on the allowlist will be permitted to run.
B) All applications will be allowed unless flagged as malware.
C) Only applications on the blocklist will be prevented from running.
D) Any new application installed by an employee will automatically be allowed.
Answer: A) Only applications on the allowlist will be permitted to run.
Explanation:
(A) Correct: Allowlisting ensures that only explicitly approved applications can execute.
(B) Incorrect: This describes a blocklisting approach, which is less secure.
(C) Incorrect: Blocklisting only prevents specific applications, allowing unlisted ones to run.
(D) Incorrect: Allowlisting denies all applications by default unless they are explicitly allowed.
Question 6: Explained-Based (Application Blocklisting)
Which statement best describes application blocklisting?
A) All applications are denied by default unless they are explicitly allowed.
B) Only applications on the blocklist are prevented from running, while all others are allowed.
C) Blocklisting is more secure than allowlisting because it prevents all threats.
D) Blocklisting requires less management effort than allowlisting and is always preferred.
Answer: B) Only applications on the blocklist are prevented from running, while all others are allowed.
Explanation:
(A) Incorrect: This describes allowlisting, not blocklisting.
(B) Correct: Blocklisting prevents only specific applications from running while allowing all others.
(C) Incorrect: Blocklisting is generally less secure because it allows unknown applications until they are explicitly blocked.
(D) Incorrect: Blocklisting is easier to manage but does not provide the highest level of security.
Question 7: Scenario-Based (Choosing Between Allowlisting and Blocklisting)
A company is debating whether to use allowlisting or blocklisting. If security is the top priority, which method should they choose?
A) Blocklisting, because it prevents the most dangerous applications from running.
B) Allowlisting, because it denies everything except explicitly approved applications.
C) Blocklisting, because it is easier to implement and requires fewer updates.
D) Neither method is useful for enterprise security.
Answer: B) Allowlisting, because it denies everything except explicitly approved applications.
Explanation:
(A) Incorrect: Blocklisting allows all applications except those explicitly blocked, making it less secure.
(B) Correct: Allowlisting is more secure because only approved applications can run.
(C) Incorrect: Ease of implementation does not equate to better security.
(D) Incorrect: Both allowlisting and blocklisting are critical security methods.
Question 8: Explained-Based (Centralized Management with Active Directory)
How does Microsoft Active Directory help organizations manage application security?
A) It provides a central way to enforce group policies, including application allowlisting and blocklisting.
B) It automatically updates all installed applications to the latest version.
C) It prevents employees from using any software on their computers.
D) It scans the network for malware and removes it automatically.
Answer: A) It provides a central way to enforce group policies, including application allowlisting and blocklisting.
Explanation:
(A) Correct: Active Directory allows centralized policy enforcement across all company workstations.
(B) Incorrect: Active Directory does not handle software updates.
(C) Incorrect: It restricts unauthorized software but does not completely prevent all software use.
(D) Incorrect: Active Directory is not an antivirus solution.
A military contractor is developing a new fighter jet control system that requires highly secure computing to prevent cyber threats. Which type of operating system should they use?
A) Windows 11 Enterprise
B) macOS Ventura
C) Integrity-178B
D) Ubuntu Desktop
Answer: C) Integrity-178B
Explanation:
(A) Incorrect: Windows 11 Enterprise is secure but not designed for mission-critical military systems.
(B) Incorrect: macOS Ventura is a commercial OS, not an embedded real-time system.
(C) Correct: Integrity-178B is a POSIX-based real-time OS with an EAL6 rating, used in fighter jets, spacecraft, and commercial aircraft.
(D) Incorrect: Ubuntu Desktop is a general-purpose OS, not optimized for military-grade security.
Which of the following statements is true about Evaluation Assurance Levels (EALs)?
A) EAL 1 is the highest level of security certification.
B) Only operating systems used in finance and healthcare can obtain EAL certification.
C) An operating system with EAL6 certification has undergone rigorous security evaluation for high-risk environments.
D) Every operating system must be evaluated for an EAL rating.
Answer: C) An operating system with EAL6 certification has undergone rigorous security evaluation for high-risk environments.
Explanation:
(A) Incorrect: EAL1 is the lowest, while EAL7 is the highest security level.
(B) Incorrect: EAL certification is not limited to finance and healthcare; it applies to military, aerospace, medical devices, etc.
(C) Correct: EAL6 OS (e.g., Integrity-178B) undergoes strict testing for critical applications like aerospace and defense.
(D) Incorrect: EAL certification is optional, and many general-purpose OS (Windows, macOS) are not rated at high levels.
A government agency needs an OS that ensures even administrators cannot modify access permissions to sensitive files. Which security model should they implement?
A) Discretionary Access Control (DAC)
B) Mandatory Access Control (MAC)
C) Role-Based Access Control (RBAC)
D) Attribute-Based Access Control (ABAC)
Answer: B) Mandatory Access Control (MAC)
Explanation:
(A) Incorrect: DAC allows users some control over their own files, which is less secure.
(B) Correct: MAC enforces strict access policies defined by system administrators—users cannot override them.
(C) Incorrect: RBAC assigns permissions based on roles, but does not enforce absolute control like MAC.
(D) Incorrect: ABAC considers multiple attributes (e.g., location, device), but MAC strictly follows predefined rules.
Which statement best describes the Trusted Computing Base (TCB) in an operating system?
A) The TCB includes all system components responsible for security enforcement.
B) The TCB is only found in trusted operating systems.
C) A larger TCB makes an OS more secure.
D) TCB refers to the memory allocated for security applications.
Answer: A) The TCB includes all system components responsible for security enforcement.
Explanation:
(A) Correct: The TCB consists of all critical security components, including the OS kernel, security controls, and authentication mechanisms.
(B) Incorrect: Every OS has a TCB, but trusted OS minimize it for security.
(C) Incorrect: A larger TCB increases attack surface, making security harder to maintain.
(D) Incorrect: TCB is not just memory—it includes all security-relevant components.
A company deploys SELinux on its servers to enforce strict security policies. How does SELinux improve security?
A) It allows users to define their own access rules.
B) It prevents unauthorized applications and users from accessing system resources, even if they have root privileges.
C) It replaces the Linux kernel with a more secure version.
D) It removes all unnecessary services and applications automatically.
Answer: B) It prevents unauthorized applications and users from accessing system resources, even if they have root privileges.
Explanation:
(A) Incorrect: SELinux follows Mandatory Access Control (MAC) policies, not user-defined access.
(B) Correct: SELinux restricts access based on policies, ensuring that even root users cannot bypass security settings.
(C) Incorrect: SELinux enhances security within the Linux kernel, but does not replace it.
(D) Incorrect: SELinux controls access, but does not automatically remove applications.
Why do trusted operating systems often use microkernels?
A) Microkernels minimize the Trusted Computing Base (TCB), reducing security vulnerabilities.
B) Microkernels include all system components inside the kernel for improved security.
C) Microkernels are faster than monolithic kernels.
D) Microkernels are only used in general-purpose operating systems like Windows and macOS.
Answer: A) Microkernels minimize the Trusted Computing Base (TCB), reducing security vulnerabilities.
Explanation:
(A) Correct: Microkernels reduce the size of the TCB, making the system less vulnerable to attacks.
(B) Incorrect: Microkernels move system functions outside the kernel, limiting its complexity.
(C) Incorrect: Microkernels are not necessarily faster, but they improve security and reliability.
(D) Incorrect: Microkernels are used in embedded systems (e.g., Integrity-178B), not traditional OS like Windows/macOS.
A user downloads an application from an unknown source. To prevent the app from accessing sensitive system files, what security mechanism should they use?
A) Role-Based Access Control (RBAC)
B) Application Sandboxing
C) Mandatory Access Control (MAC)
D) File Encryption
Answer: B) Application Sandboxing
Explanation:
(A) Incorrect: RBAC controls user roles, not application behavior.
(B) Correct: Sandboxing isolates applications, preventing them from affecting other files or programs.
(C) Incorrect: MAC enforces access control system-wide, but does not specifically sandbox applications.
(D) Incorrect: File encryption protects stored data, but does not restrict application execution.
A system administrator wants to ensure patches are applied consistently across all company workstations. What is the best approach to achieve this?
A) Manually check each system and install patches as needed.
B) Use automated patch management software to scan, download, and install patches.
C) Disable automatic patching and apply updates only during annual security audits.
D) Rely on employees to manually update their computers.
Answer: B) Use automated patch management software to scan, download, and install patches.
Explanation:
(A) Incorrect: Manually checking each system is inefficient and impractical in large networks.
(B) Correct: Automated patch management ensures timely updates and reduces human error.
(C) Incorrect: Delaying patching to annual audits leaves systems vulnerable for long periods.
(D) Incorrect: Employees may ignore updates, increasing security risks.
Why is patching a critical security practice for IT systems?
A) Patches help fix known vulnerabilities that hackers could exploit.
B) Patching prevents unauthorized software installation.
C) Patching is optional because firewalls provide sufficient protection.
D) Patches are only necessary for operating systems, not applications.
Answer: A) Patches help fix known vulnerabilities that hackers could exploit.
Explanation:
(A) Correct: Patches fix security holes, reducing the risk of attacks.
(B) Incorrect: Patching does not directly control software installation; it fixes bugs and vulnerabilities.
(C) Incorrect: Firewalls help, but patching is essential to protect against exploits.
(D) Incorrect: Applications also require patching to address security flaws.
A company delays installing security patches for two weeks after release. What risk does this create?
A) Hackers may reverse-engineer the patch and develop exploits targeting unpatched systems.
B) Delaying patches improves system performance.
C) The patch may become ineffective if not installed immediately.
D) Hackers cannot exploit vulnerabilities in unpatched systems.
Answer: A) Hackers may reverse-engineer the patch and develop exploits targeting unpatched systems.
Explanation:
(A) Correct: Once a patch is released, hackers often analyze it to discover vulnerabilities before organizations install it.
(B) Incorrect: Delaying patches does not improve performance; it increases security risks.
(C) Incorrect: A patch remains effective once installed, but delaying it leaves systems vulnerable.
(D) Incorrect: Unpatched systems are prime targets for attacks.
Which of the following statements about software updates is correct?
A) Hotfixes address critical security vulnerabilities and should be applied immediately.
B) Service packs contain only security patches.
C) Updates always improve security.
D) A system never needs additional patches after a service pack is installed.
Answer: A) Hotfixes address critical security vulnerabilities and should be applied immediately.
Explanation:
(A) Correct: Hotfixes target critical security issues and must be applied as soon as possible.
(B) Incorrect: Service packs include both security patches and feature updates.
(C) Incorrect: Updates can introduce new vulnerabilities that require additional patches.
(D) Incorrect: New threats emerge after service packs, requiring additional patches.
An IT manager is reviewing patches released by Microsoft. Which type of patch should be applied first?
A) A hotfix that addresses an actively exploited security vulnerability.
B) A feature update that improves software performance.
C) A non-critical patch for an application used by only a few employees.
D) A service pack that bundles multiple patches, but includes no urgent fixes.
Answer: A) A hotfix that addresses an actively exploited security vulnerability.
Explanation:
(A) Correct: Hotfixes fix urgent security flaws and should be applied immediately.
(B) Incorrect: Feature updates do not address security vulnerabilities.
(C) Incorrect: Non-critical patches can be scheduled for later deployment.
(D) Incorrect: Service packs bundle multiple patches, but individual urgent patches should be prioritized first.
What is the purpose of a service pack?
A) To provide a single installer that includes all previous updates and patches.
B) To replace the operating system with a new version.
C) To only install security patches.
D) To remove outdated features from the system.
Answer: A) To provide a single installer that includes all previous updates and patches.
Explanation:
(A) Correct: A service pack bundles multiple updates and patches for easier deployment.
(B) Incorrect: Service packs update the existing OS, they do not replace it.
(C) Incorrect: Service packs include both security and feature updates.
(D) Incorrect: Service packs add fixes, but do not remove system features.
A company wants to implement a strong patch management program. What best practices should they follow?(Choose Three)
A) Assign a team to track vendor patches.
B) Use automated tools for deployment.
C) Categorize patches by urgency and test before deployment.
D) Delay patching to avoid unnecessary system changes.
Answer: A, B, and C
Explanation:
(A) Correct: A dedicated team should track vendor patch releases.
(B) Correct: Automated tools ensure timely and consistent updates.
(C) Correct: Testing patches prevents system instability and compatibility issues.
(D) Incorrect: Delaying patching increases security risks.
A company’s cybersecurity audit found that several servers were running outdated software with known vulnerabilities listed in the CVE database. What should the IT team do first?
A) Wait until the next scheduled update cycle to apply patches.
B) Immediately apply the latest patches after testing them in a controlled environment.
C) Uninstall the affected software to remove the vulnerability.
D) Notify employees about the vulnerability and ask them to avoid using the software.
Answer: B) Immediately apply the latest patches after testing them in a controlled environment.
Explanation:
(A) Incorrect: Waiting increases security risks since known vulnerabilities can be exploited.
(B) Correct: Testing and deploying patches promptly ensures security while preventing compatibility issues.
(C) Incorrect: Uninstalling may not be a viable solution if the software is critical for operations.
(D) Incorrect: Notifying employees does not address the underlying security risk.
What does CVE (Common Vulnerabilities and Exposures) provide?
A) A public database tracking known security vulnerabilities in software and hardware.
B) A proprietary security report only accessible to antivirus vendors.
C) A tool for automatically patching vulnerabilities in all software.
D) A list of security updates provided by software manufacturers.
Answer: A) A public database tracking known security vulnerabilities in software and hardware.
Explanation:
(A) Correct: CVE entries document security weaknesses, helping IT teams identify threats.
(B) Incorrect: CVE data is publicly available, not proprietary.
(C) Incorrect: CVE does not patch vulnerabilities; it only identifies them.
(D) Incorrect: CVEs list security flaws, but manufacturers provide updates separately.
An organization updates its software automatically but recently experienced downtime due to a faulty patch. What should they implement to prevent future issues?
A) Continue deploying patches immediately without testing.
B) Establish a test environment to verify patches before full deployment.
C) Disable patching entirely to avoid issues.
D) Let employees manually decide when to install patches.
Answer: B) Establish a test environment to verify patches before full deployment.
Explanation:
(A) Incorrect: Deploying patches without testing can lead to unexpected failures.
(B) Correct: Testing patches prevents disruptions in production environments.
(C) Incorrect: Disabling patches leaves the system vulnerable to attacks.
(D) Incorrect: Allowing employees to decide on patching creates inconsistency and security risks.
What are the four main steps of an effective patch management process?
A) Identify, remove, replace, and secure.
B) Plan, test, implement, and audit.
C) Monitor, delete, notify, and document.
D) Scan, clean, block, and update.
Answer: B) Plan, test, implement, and audit.
Explanation:
(A) Incorrect: This does not cover the full patching cycle.
(B) Correct: Effective patch management follows a structured approach:
✅ Planning (identify needed patches & track updates).
✅ Testing (verify patches in a lab environment before deployment).
✅ Implementing (deploy patches to all required systems).
✅ Auditing (verify successful installation & monitor for issues).
(C) Incorrect: No testing or implementation is mentioned.
(D) Incorrect: These steps focus on antivirus security, not patching.
A company with 10,000 computers needs to roll out security patches while minimizing risk. What best approach should they take?
A) Deploy the patch immediately to all devices.
B) Use Patch Rings to deploy updates gradually in phases.
C) Wait until a full system upgrade is available before applying patches.
D) Apply patches only to newly installed computers.
Answer: B) Use Patch Rings to deploy updates gradually in phases.
Explanation:
(A) Incorrect: Immediate deployment to all devices increases risk of failure across the network.
(B) Correct: Patch Rings deploy updates in controlled groups, allowing early detection of issues before full rollout.
(C) Incorrect: Waiting for a full upgrade delays security fixes.
(D) Incorrect: Only patching new computers leaves existing systems vulnerable.
Why should firmware updates be included in patch management?
A) Firmware controls the hardware operations, and outdated versions may have vulnerabilities.
B) Firmware does not need updates because it is pre-installed by manufacturers.
C) Only operating systems and applications require patching.
D) Patching firmware is unnecessary if a firewall is in place.
Answer: A) Firmware controls the hardware operations, and outdated versions may have vulnerabilities.
Explanation:
(A) Correct: Firmware updates fix security issues and performance bugs in networking devices (routers, switches, servers).
(B) Incorrect: Firmware requires updates just like OS and software.
(C) Incorrect: Network devices also require patching to remain secure.
(D) Incorrect: Firewalls do not protect against firmware vulnerabilities.
An IT administrator manages thousands of servers and workstations. What is the best patch management tool to use for automated deployment and auditing?
A) Microsoft Endpoint Configuration Manager
B) Manual patching via USB drives
C) Windows Update automatic deployment
D) Employee self-service patch installation
Answer: A) Microsoft Endpoint Configuration Manager
Explanation:
(A) Correct: Microsoft Endpoint Configuration Manager provides automated patching, verification, and centralized control.
(B) Incorrect: Manual patching is inefficient for large-scale deployments.
(C) Incorrect: Windows Update is not ideal for enterprises, as it lacks full control over patch deployment.
(D) Incorrect: Letting employees handle patching can lead to delays and security gaps.
How should mobile devices be included in a company’s patch management strategy?
A) By using an MDM (Mobile Device Manager) to deploy updates.
B) By manually updating each device.
C) By disabling automatic updates to prevent patch failures.
D) By requiring employees to update their devices at home.
Answer: A) By using an MDM (Mobile Device Manager) to deploy updates.
Explanation:
(A) Correct: MDM solutions automate patching for mobile devices, ensuring compliance and security.
(B) Incorrect: Manually updating each device is impractical.
(C) Incorrect: Disabling updates leaves devices vulnerable.
(D) Incorrect: Relying on employees leads to inconsistent patching.
A company wants to enforce password complexity requirements, account lockout policies, and software restrictions on all employee workstations. What is the best tool to implement these security policies?
A) Windows Task Scheduler
B) Registry Editor
C) Group Policy Object (GPO)
D) Windows Update
Answer: C) Group Policy Object (GPO)
Explanation:
(A) Incorrect: Task Scheduler automates system tasks, but cannot enforce security policies.
(B) Incorrect: Registry Editor modifies system settings but is not an efficient way to apply security policies across multiple systems.
(C) Correct: GPOs allow administrators to apply security policies centrally across multiple computers and users.
(D) Incorrect: Windows Update installs software updates but does not enforce security policies.
Which statement best describes the difference between Security Templates and Group Policy Objects (GPOs)?
A) Security Templates apply policies, while GPOs create policies.
B) GPOs are pre-made security settings, while Security Templates apply them.
C) Security Templates are predefined rules that can be loaded into a GPO to apply security settings.
D) Security Templates control only password settings, while GPOs control everything else.
Answer: C) Security Templates are predefined rules that can be loaded into a GPO to apply security settings.
Explanation:
(A) Incorrect: Security Templates do not directly apply policies—they must be imported into a GPO.
(B) Incorrect: GPOs apply security settings, while Security Templates provide predefined settings.
(C) Correct: Security Templates contain predefined security rules that can be imported into GPOs for enforcement.
(D) Incorrect: Security Templates can include more than just password settings (e.g., account lockout, application restrictions).
A company wants to ensure newly installed computers automatically receive security settings such as firewall configurations, password policies, and software restrictions. What security strategy should they implement?
A) Enable automatic Windows Updates.
B) Apply a Secure Baseline using GPOs.
C) Manually configure each new computer.
D) Only install antivirus software on new systems.
Answer: B) Apply a Secure Baseline using GPOs.
Explanation:
(A) Incorrect: Windows Updates install patches, but do not enforce security settings.
(B) Correct: A Secure Baseline ensures all computers start with the same security configurations.
(C) Incorrect: Manually configuring computers is time-consuming and inconsistent.
(D) Incorrect: Antivirus software is important, but does not provide full security configuration.
What is baselining, and why is it important in security management?
A) Baselining is automatically updating software to the latest version.
B) Baselining tracks normal system activity to detect suspicious behavior.
C) Baselining is the process of encrypting all data on a network.
D) Baselining means resetting all security settings to default values.
Answer: B) Baselining tracks normal system activity to detect suspicious behavior.
Explanation:
(A) Incorrect: Baselining is not related to automatic updates.
(B) Correct: Baselining helps security teams recognize deviations from normal behavior, which can indicate cyberattacks or anomalies.
(C) Incorrect: Encryption is separate from baselining.
(D) Incorrect: Resetting security settings is not part of baselining.
An administrator wants to block employees from running applications in the Temp directory, but allow all applications in Program Files and the Windows folder. Which feature in Group Policy should they use?
A) Windows Defender Antivirus
B) AppLocker with an Allow List and Block List
C) Windows Update Policy
D) User Account Control (UAC)
Answer: B) AppLocker with an Allow List and Block List
Explanation:
(A) Incorrect: Windows Defender protects against malware, but does not enforce application restrictions.
(B) Correct: AppLocker can create Allow and Block rules, preventing unauthorized programs from running.
(C) Incorrect: Windows Update Policy manages system updates, not application execution.
(D) Incorrect: User Account Control (UAC) prompts for admin approval but does not block specific folders.
Which of the following statements is true about Group Policy Objects (GPOs)?
A) GPOs only apply to local computers, not networked computers.
B) GPOs can enforce security policies across an entire Windows domain.
C) GPOs are only used to control user logins, not system security settings.
D) GPOs must be applied manually on each computer.
Answer: B) GPOs can enforce security policies across an entire Windows domain.
Explanation:
(A) Incorrect: GPOs can be applied both locally and across networked computers.
(B) Correct: GPOs are commonly used in Active Directory domains to enforce security settings.
(C) Incorrect: GPOs manage many security settings beyond login policies (e.g., software restrictions, firewall settings).
(D) Incorrect: GPOs are centrally managed and applied automatically to all assigned computers.
A company wants to block specific software from running on employee computers. What steps should the administrator take in the Group Policy Editor?
A) Navigate to Computer Configuration > Windows Settings > Security Settings > Application Control Policies > AppLocker, then create a Deny Rule for the specific software.
B) Open Task Manager and end the application process.
C) Disable the software in Windows Services Manager.
D) Remove administrator privileges from all users.
Answer: A) Navigate to Computer Configuration > Windows Settings > Security Settings > Application Control Policies > AppLocker, then create a Deny Rule for the specific software.
Explanation:
(A) Correct: AppLocker in GPO allows administrators to block applications using Deny Rules.
(B) Incorrect: Ending a process is temporary and does not prevent the software from running again.
(C) Incorrect: Windows Services Manager controls background services, not application execution.
(D) Incorrect: Removing admin privileges does not block specific applications from running.
Group Policy Objects (GPOs) are primarily used in Active Directory (AD) environments to enforce policies across multiple computers in a domain. However, some aspects of Group Policy can also be applied on a local machine using the Local Group Policy Editor (gpedit.msc).
A system administrator notices that even though a user has read and execute permissions on a file using traditional Linux file permissions (chmod and chown), the user is still denied access to the file.
Which security mechanism is most likely responsible for this restriction?
A) Discretionary Access Control (DAC)
B) SELinux enforcing Mandatory Access Control (MAC)
C) AppArmor
D) Firewall rules
Answer: B) SELinux enforcing Mandatory Access Control (MAC)
Explanation:
(A) Incorrect: DAC relies on file owners controlling access via chmod and chown. However, SELinux overrides DAC rules when enforcing MAC.
(B) Correct: SELinux uses MAC, which means a file’s security context (label) must match the accessing process’s context. If it doesn’t, access is denied—even if DAC allows it.
(C) Incorrect: AppArmor also controls access, but SELinux is the default security module in CentOS and Red Hat.
(D) Incorrect: Firewall rules control network access, not file access.
Which SELinux mode allows security violations to be logged but not enforced, making it useful for testing policies before full enforcement?
A) Enforcing
B) Permissive
C) Disabled
D) Targeted
Answer: B) Permissive
Explanation:
(A) Incorrect: Enforcing mode actively blocks violations according to SELinux policies.
(B) Correct: Permissive mode allows all operations but logs violations, making it useful for troubleshooting before switching to Enforcing mode.
(C) Incorrect: Disabled mode turns off SELinux completely, meaning no logs or policy checks occur.
(D) Incorrect: Targeted refers to SELinux policies, not enforcement modes.
An administrator is configuring a web server running Apache (httpd). The web content files are stored in /var/www/html/, but Apache cannot access these files even though they have the correct read permissions (chmod 644).
What SELinux context issue is most likely causing this problem?
A) The files are labeled with the incorrect security type (httpd_sys_content_t).
B) The firewall is blocking Apache from accessing the files.
C) Apache is running as an unprivileged user and lacks DAC permissions.
D) The administrator has not restarted the server.
Answer: A) The files are labeled with the incorrect security type (httpd_sys_content_t).
Explanation:
(A) Correct: In SELinux, files must have the correct security context (label) to be accessed by a process.
For Apache, files should be labeled as httpd_sys_content_t.
If the files are labeled incorrectly, SELinux denies access, even if traditional Linux permissions (chmod 644) allow it.
(B) Incorrect: Firewalls control network traffic, not file access permissions.
(C) Incorrect: Apache does run as an unprivileged user, but SELinux’s MAC policy is the cause of the restriction.
(D) Incorrect: Restarting the server does not change file contexts. The restorecon or chcon command must be used.
What is the main difference between Targeted and Strict SELinux policies?
A) Targeted policies apply only to critical system processes, while Strict policies enforce MAC on all system processes.
B) Targeted policies disable SELinux, while Strict policies enable it.
C) Targeted policies are less secure and should not be used.
D) Strict policies only protect network-related applications.
Answer: A) Targeted policies apply only to critical system processes, while Strict policies enforce MAC on all system processes.
Explanation:
(A) Correct:
Targeted Policies (Default in CentOS/RHEL) → Protect only critical system processes.
Strict Policies → Enforce MAC across the entire system, requiring manual configurations for every file and process.
(B) Incorrect: Targeted policies do not disable SELinux—they selectively enforce MAC.
(C) Incorrect: Targeted policies provide a balance between security and usability.
(D) Incorrect: Strict policies apply to all system objects, not just network-related applications.
A Linux system administrator logs in as sysadmin_u but notices that they cannot perform administrative tasks unless they switch roles.
Why does SELinux require role switching instead of granting full privileges by default?
A) It reduces the attack surface by limiting high privileges only when necessary.
B) It prevents users from running any command.
C) It ensures that all users have equal access to system files.
D) It forces users to manually enter commands instead of using automation.
Answer: A) It reduces the attack surface by limiting high privileges only when necessary.
Explanation:
(A) Correct: SELinux uses Role-Based Access Control (RBAC) to limit high-privilege actions to specific roles.
This ensures that a sysadmin cannot accidentally perform risky operations unless they explicitly switch roles.
(B) Incorrect: SELinux does not block all commands, only those restricted by MAC policies.
(C) Incorrect: SELinux does not grant equal access—it strictly enforces security policies.
(D) Incorrect: SELinux does not prevent automation; it simply restricts unauthorized actions.
Why should an administrator use Permissive Mode instead of disabling SELinux when testing security policies?
A) Permissive mode logs security violations but does not block them, making it useful for troubleshooting.
B) Disabling SELinux permanently deletes all security logs.
C) Permissive mode automatically fixes policy violations.
D) SELinux cannot be re-enabled once disabled.
Answer: A) Permissive mode logs security violations but does not block them, making it useful for troubleshooting.
Explanation:
(A) Correct: Permissive Mode keeps SELinux active and logs violations, allowing administrators to test policies before enforcing them.
(B) Incorrect: Disabling SELinux does not delete logs, but it stops logging future violations.
(C) Incorrect: Permissive mode does not fix violations, it only logs them.
(D) Incorrect: SELinux can be re-enabled after being disabled, but all file contexts must be manually restored (restorecon).
Scenario: A company issues laptops to employees for remote work. To prevent data leaks in case of theft, they want to ensure all data, including the OS, is encrypted.
Which encryption method should they use?
A) File-Level Encryption
B) Full-Disk Encryption
C) Volume Encryption
D) Record-Level Encryption
✅ Answer: B) Full-Disk Encryption💡 Explanation: Full-Disk Encryption (FDE) protects all system files, applications, and user data.
Scenario: Why would an organization choose partition encryption instead of full-disk encryption?
Select the best reason:
A) Partition encryption does not require a password.
B) It improves performance by encrypting only sensitive partitions.
C) It provides more security than full-disk encryption.
D) Partition encryption automatically encrypts all system files.
✅ Answer: B) It improves performance by encrypting only sensitive partitions.💡 Explanation: Partition encryption reduces system overhead while protecting sensitive data.
Scenario: A healthcare provider needs to encrypt sensitive patient information in their database. However, encrypting the entire database might slow down their application.
Which encryption method should they use?
A) Full-Disk Encryption
B) Volume Encryption
C) Database Encryption
D) Record-Level Encryption
✅ Answer: D) Record-Level Encryption💡 Explanation: Encrypting only sensitive fields (e.g., SSNs, medical records) minimizes performance impact.
Question: Why would an organization use Transparent Data Encryption (TDE) for their SQL Server database?
Select the correct answer:
A) TDE encrypts the database automatically without changing application code.
B) TDE is faster than unencrypted database operations.
C) TDE only encrypts database backups, not active data.
D) TDE permanently deletes sensitive records.
✅ Answer: A) TDE encrypts the database automatically without changing application code.💡 Explanation: TDE works at the database level, encrypting data without requiring application modifications.
A journalist frequently sends sensitive documents via email. Which encryption method would be the most appropriate?
Choose the best option:
A) Full-Disk Encryption
B) File-Level Encryption
C) Database Encryption
D) Record-Level Encryption
✅ Answer: B) File-Level Encryption💡 Explanation: File-level encryption allows encrypting specific files before transferring them.
Scenario: An organization has a secure research database but wants additional encryption for only a specific subset of research files within their storage.
Which encryption method is best suited?
A) Full-Disk Encryption
B) Partition Encryption
C) Volume Encryption
D) Record-Level Encryption
✅ Answer: C) Volume Encryption💡 Explanation: Volume encryption creates an encrypted container for storing specific files.
Your organization just purchased 100 new laptops for employees. What is the most efficient way to ensure all laptops have the same secure configuration?
A) Manually configure each laptop one by one.
B) Create an image of a fully secured laptop and deploy it to all devices.
C) Install software but skip security configurations to save time.
D) Allow employees to configure their own laptops based on preference.
Answer: B) Create an image of a fully secured laptop and deploy it to all devices.
Explanation: Creating and deploying a secure image saves time and ensures consistent security across all devices.
Which of the following best describes the role of a secure baseline in cybersecurity?
A) A temporary security measure used in case of a cyberattack.
B) A set of defined security configurations applied to systems to ensure a minimum security level.
C) A feature of antivirus software that detects malware.
D) A document that lists all security incidents in an organization.
Answer: B) A set of defined security configurations applied to systems to ensure a minimum security level.
Explanation: A secure baseline ensures that all systems start from a well-defined security standard.
Which of the following tools can be used in a Windows domain environment to enforce a secure baseline?
A) AWS Config
B) Group Policy Objects (GPOs)
C) Anti-virus software
D) Personal firewalls
Answer: B) Group Policy Objects (GPOs).
Explanation: GPOs allow administrators to enforce security policies across all computers in a Windows domain.
Your security team finds that employees are installing unauthorized applications, creating potential security risks. What is the best approach to mitigate this risk?
A) Monitor employees but take no action.
B) Restrict software installation permissions for standard users.
C) Allow employees to install software but conduct security audits.
D) Require employees to report all installed applications.
Answer: B) Restrict software installation permissions for standard users.
Explanation: Locking down systems to prevent unauthorized software installations ensures adherence to the secure baseline.
