Implementing System Security

Question 1

Which security measure would protect hard disk contents even if server hard disks were physically stolen?

NTFS permissions

Power-on password

Encryption

Answer 1

Encryption

Encryption is the best answer, because NTFS permissions, power-on password, and complex passwords are all meaningless when someone gains physical access to hard disks

Question 2

Trinity’s user account is mistakenly deleted when she goes on a three-month maternity leave. When she returns, a new account with appropriate NTFS permissions is created for her. When she tries to open her old files, she keeps getting “Access Denied” messages. What is the problem?

Trinity does not have proper NTFS permissions.

Trinity’s new user account has a different SID than her old one.

Trinity’s files are encrypted with her old account.

Answer 2

Trinity’s files are encrypted with her old account.

Encrypting File System (EFS) encrypts files and folders using keys that are unique to the user. Newly created user accounts, even with the same name, will not use the same keys, which means decryption will not occur. A recovery agent is required to decrypt Trinity’s files

Question 3

Nate has been using his work e-mail address when surfing the Web and filling in forms on various web sites. To which potential problem has Nate exposed himself?

Spam

Phishing

SQL injection

Answer 3

Spam

Despite perhaps being illegal (this is currently a legal gray area), there is money to be made in providing valid e-mail addresses to spammers and also in spammers sending unsolicited advertisements to those e-mail addresses. Spam filters can reduce the amount of spam showing up in mailboxes

Question 4

You are a server virtualization consultant for Not Really There, Inc. During a planning meeting with a client, the issue of virtual machine point-in-time snapshots comes up. You recommend careful use of snapshots because of the security ramifications. What is your concern?

Snapshots can consume a large amount of disk space.

Invoked snapshots will mean that the virtual machine is temporarily unavailable.

Invoked snapshots will have fewer patch updates than the currently running virtual machine.

Answer 4

Invoked snapshots will have fewer patch updates than the currently running virtual machine.

Reverting a running virtual machine to an older snapshot could mean going back to a point in time before critical patches or virus scanning updates were applied, thus rendering your virtual machine vulnerable

Question 5

What can be done to harden a mobile, handheld device? (Choose two.)

Disable Wi-Fi.

Ensure that it is used only in physically secured areas.

Set Bluetooth discovery to disabled.

Enable screen lock.

Answer 5

Set Bluetooth discovery to disabled.

Enable screen lock.

Bluetooth discovery mode makes it possible for anybody within range (10 meters) to see and potentially connect to the mobile device. Screen lock is essential to secure mobile devices; a password or fingerprint scan is used to unlock the screen and make the device usable

Question 6

A private medical practice hires you to determine the feasibility of cloud computing, whereby storage of e-mail and medical applications, as well as patient information, would be hosted by an Internet provider. You are asked to identify possible security issues. (Choose two.)

Data is not stored locally but is instead stored on the provider’s premises, where other businesses also have access to cloud computing services.

HTTPS will be used to access remote services.

Should the provider be served a subpoena, the possibility of full data disclosure exists.

Data will be encrypted in transit as well as when stored.

Answer 6

Data is not stored locally but is instead stored on the provider’s premises, where other businesses also have access to cloud computing services.

Should the provider be served a subpoena, the possibility of full data disclosure exists.

Because there are many customers sharing the same cloud computing services, it is reasonable to approach the issue of data storage cautiously. Third-party audit findings may dispel or confirm these fears. Depending on the provider’s geographic location, different laws may apply to whether data hosted by the provider can legally be disclosed

Question 7

Which option will protect employee laptops when they travel and connect to wireless networks?

Personal firewall software

MAC address filtering

Virtualization

Answer 7

Personal firewall software

Personal firewall software could be configured to prevent all inbound network traffic, which also prevents its discovery on a wired or wireless network

Question 8

What can be done to ensure the confidentiality of sensitive data copied to USB flash drives?

File hash

Encryption

NTFS permissions

Answer 8

Encryption

Encrypting USB flash drives prevents unauthorized parties from viewing the data. Stored data (data at rest) encryption protects data while it is not in use. Some drives are self-encrypting drives (SED), which use their own circuitry to transparently encrypt and decrypt data

Question 9

Which standard is a firmware solution for drive encryption?

TPM

DLP

EFS

Answer 9

TPM

Trusted Platform Module (TPM) chips can store cryptographic keys or certificates used to encrypt and decrypt drive contents, otherwise called full disk encryption (FDE). If the drive were moved to another computer (even one with TPM), the drive would remain encrypted and inaccessible

Question 10

What can be done to protect data after a handheld device is lost or stolen?

Execute a remote wipe.

Enable screen lock.

Disable Bluetooth discovery.

Answer 10

Execute a remote wipe.

Remote wipe is an option administrators can exercise to wipe the contents of a handheld device remotely

Question 11

How can the specific location of a mobile device be tracked?

IP address

MAC address

GPS

Answer 11

GPS

GPS is a common feature in mobile devices that provides coordinates (longitude and latitude) for geographic tracking

Question 12

What type of software filters unsolicited junk e-mail?

Anti-spam

Antivirus

Antispyware

Answer 12

Anti-spam

Spam is unsolicited junk e-mail. Anti-spam software attempts to filter out these messages, but it sometimes flags legitimate messages as spam

Question 13

What type of software works against the collection of personal information?

Anti-spam

Antivirus

Antispyware

Answer 13

Antispyware

Spyware gathers personal information and computer usage habits without user knowledge

Question 14

Which of the following best protects against operating system defects?

Firewall software

Encryption

Patching

Answer 14

Patching

Patching addresses specific operating system defects

Question 15

What is the best way to prevent laptop theft?

GPS

Cable lock

Host-based firewall

Answer 15

Cable lock

A cable lock is a steel cable designed to secure a laptop to a secure object, such as a desk

Question 16

A server administrator must adhere to legislation that states that financial data must be kept secure in the event of a physical security breach. What practices will ensure that the administrator complies with the law? (Choose two.)

Applying NTFS permissions

Storing backup tapes in a safe

Encrypting server hard disks

Storing backup tapes in a locked cabinet

Answer 16

Storing backup tapes in a safe

Encrypting server hard disks

In the event of a physical security breach, data will be kept secure in a safe. If server hard disks are stolen, encryption will ensure that data cannot be decrypted by unauthorized parties

Question 17

What type of software examines application behavior, logs, and events for suspicious activity?

NIDS

Host-based firewall

HIDS

Answer 17

HIDS

Host-based intrusion detection system (HIDS) software monitors applications, logs, and events for suspicious activity

Question 18

A database administrator requests a method by which malicious activity against a Microsoft SQL Server database server can be detected. All network traffic to the database server is encrypted. What solution should you recommend?

HIDS

NIDS

IPSec

Answer 18

HIDS

Host-based intrusion detection systems (HIDS) are application specific (such as to an SQL Server database). Databases can also benefit from encryption. Encryption presents no problems, since HIDS runs on the target computer

Question 19

Which of the following are true regarding virtualization? (Choose two.)

Each virtual machine has one or more unique MAC addresses.

Virtual machine operating systems do not need to be patched.

Virtual machines running on the same physical host can belong to different VLANs.

A security compromise of one virtual machine means all virtual machines on the physical host are compromised.

Answer 19

Each virtual machine has one or more unique MAC addresses.

Virtual machines running on the same physical host can belong to different VLANs.

Each virtual machine does have a unique MAC address that is configurable by the virtual machine administrator. Virtual machines running on the same host can connect to different VLANs (physical or internal); this is simply a virtual network configuration setting

Question 20

Cloud computing offers which benefits? (Choose two.)

Simple scalability

Fewer hardware purchases

Better encryption

Local data storage

No requirement for antivirus software

Answer 20

Simple scalability

Fewer hardware purchases

Scalability with cloud computing is simple because a third party takes care of hardware, software, software licensing, and so on. Because a third party is hosting some (or all) of your IT services, you will require fewer hardware resources

Question 21

Mitch is responsible for three payroll servers that store data on a SAN. The chief financial officer (CFO) requests observation of access to a group of budget files by a particular user. What should Mitch do?

Create file hashes for each budget file.

Encrypt the budget files.

Configure file system auditing.

Answer 21

Configure file system auditing.

Mitch should configure file system auditing for budget file access by the employee in question

Question 22

Your company has acquired security software that will monitor application usage on all workstations. Before the software can function properly, you must have users run their applications as they normally would for a short period. Why does the security software require this to be done?

To update antivirus definitions for application files

To establish a normal usage baseline

To verify that the security software has the required permissions to run

Answer 22

To establish a normal usage baseline

To detect abnormal behavior, the security software must know what is normal in this environment

Question 23

Kevin is a trial lawyer in southern California. He requires secure, high-quality voice communication with clients. What can he do?

Use VoIP with packet encryption over the Internet.

Use cell phone voice encryption.

Use only landline telephones.

Answer 23

Use cell phone voice encryption.

Cell phone voice encryption software ensures that your voice calls are confidential after establishing a secure session with the other cell phone. The encrypted voice is transmitted through the cell phone’s data channel as opposed to the normal voice channel

Question 24

Your IT manager asks you to ensure that e-mail messages and attachments do not contain sensitive data that could be leaked to competitors. What type of solution should you propose?

Antivirus software

NIDS

DLP

Answer 24

DLP

Data loss prevention (DLP) hardware and software solutions perform deep content inspection of data (such as e-mail bodies and attachments) to prevent information leakage

Question 25

Your server performance has decreased since the introduction of digitally signing and encrypting all network traffic. You would like to release the servers from this function. Which device should you use?

Smartcard

TPM

HSM

Answer 25

HSM

Hardware security module (HSM) devices are designed to handle cryptographic duties, thus allowing servers to focus on other tasks

Question 26

Your company has decided that all new server hardware will have TPM support. You receive a new server, and you enable TPM through the CMOS utility and enable drive encryption using TPM in your operating system. What should you do next?

Reboot the server.

Enable IPSec.

Back up the TPM keys.

Answer 26

Back up the TPM keys.

Trusted Platform Module (TPM) stores keys, certificates, and passwords used for disk encryption in a chip. In the event the chip or motherboard fails, it is important to have a copy of the keys so that disk contents can be decrypted. TPM can also store data related to the boot environment on that machine such that the TPM will know whether the boot environment has been tampered with and can lock the device

Question 27

You attempt to encrypt a folder on drive D: using EFS, but the encryption option is unavailable. What should you do?

Issue the convert d: /fs:ntfs command.

Add your account to the Administrators group.

Enable EFS through Group Policy.

Answer 27

Issue the convert d: /fs:ntfs command.

Encrypting File System (EFS) requires NTFS file systems

Question 28

Which capabilities are present in an all-in-one security appliance? (Choose three.)

URL filter

Content inspection

Malware inspection

EFS

Answer 28

URL filter

Content inspection

Malware inspection

All-in-one security appliances can control access to web content based on the URL and data in the payload of the packet. Data transmitted through this type of security appliance can also be subject to malware scanning

Question 29

As the database administrator for your company, you are evaluating various public cloud offerings to test customer database programming changes. Which category of cloud service should you research?

Software as a Service

Platform as a Service

Infrastructure as a Service

Answer 29

Platform as a Service

Platform as a Service (PaaS) provides IT services over a network such as virtual servers, databases, and programming APIs

Question 30

Your company hosts an on-premises Active Directory server to authenticate network users. Mailboxes and productivity applications for users are hosted in a public cloud. You have configured identity federation to enable locally authenticated users to connect to their mailboxes and productivity applications seamlessly. What type of cloud do you have?

Public

Private

Hybrid

Answer 30

Hybrid

Hybrid cloud solutions combine on-premises IT services with IT services hosted in the cloud

Question 31

You are deploying Android-based smart phones to employees in your Toronto office. Because of the sensitive nature of your business, you want to employ mechanisms that will protect sensitive data that may exist on phones. Which set of mechanisms should you use?

Full device encryption, run virtual machines, separation of duties

Screen locks, GPS, larger capacity mini SD card

Limiting which apps can be installed, segmenting OS storage location from app storage location, disabling unused features, disabling default passwords

Answer 31

Limiting which apps can be installed, segmenting OS storage location from app storage location, disabling unused features, disabling default passwords

Only apps that have been thoroughly tested and are required should be allowed on smart phones. Enforcing a list of only what is allowed to run is referred to as application white listing. Application black listing specifies restricted apps. App data can be segmented from OS storage to increase security. Encrypting data, especially on removable storage, is critical. Disabling default passwords prevents unauthorized access using passwords that are easily found online

Question 32

You are installing a mail app on your smart phone that requires the trusted root PKI certificate of the server. The mail server must authenticate the smart phone using a PKI certificate. Which of the following lists applies to this scenario?

Key management, credential management, authentication

Geotagging, transitive trust/authentication, data ownership

Support ownership, patch management, antivirus management

Answer 32

Key management, credential management, authentication

Valid PKI certificates (containing public and private keys) are used by the smart phone and mail server to mutually authenticate in this example; the keys should be backed up. PKI certificates, as well as usernames and passwords, are considered credentials

Question 33

Management has decided to support a BYOD corporate policy. You have been asked to recommend points of consideration before BYOD is put into effect. Which of the following points should be considered regarding BYOD? (Choose three.)

More storage capacity for servers

Legal ramifications

Network infrastructure changes

Disabling on-board camera/video and microphone outside of calls

Answer 33

Legal ramifications

Network infrastructure changes

Disabling on-board camera/video and microphone outside of calls

Bring your own device (BYOD) policies allow users to bring their own computing devices (laptops, tablets, smart phones) to an organization’s network. As a result, infected user devices could threaten an organization’s network or assets, which could result in litigation. The network infrastructure should be configured with a separate network for BYOD devices. To protect the confidentiality of sensitive data, consider disabling onboard cameras and microphones on mobile devices outside of calls

Question 34

Which of the following correctly identifies an operating system that meets specific government or regulatory security standards?

Hardened OS

Trusted OS

Security OS

Answer 34

Trusted OS

A trusted OS is a secured operating system that meets or exceeds stringent security standards

Question 35

A comprehensive data policy encompasses which of the following?

Wiping, disposing, retention, storage

Disposing, patching, retention storage

Retention, storage, virtualization

Answer 35

Wiping, disposing, retention, storage

Wiping a drive or device can remove sensitive data. Disposal of used computing equipment, such as hard disks, can be accomplished with physical shredding. Data retention might be required for regulatory compliance. A data policy might specify types of storage devices and specific configurations where data safety is maintained

Question 36

Which of the following is a valid way of handling Big Data?

Data at rest

NoSQL

EFS

Answer 36

NoSQL

NoSQL is a type of database designed to process enormous amounts of data in a columnar format. Most SQL database technologies work with data in rows

Question 37

Which communications standard enables devices to communicate at a very short distance?

NFC

Cellular

SATCOM

Answer 37

NFC

NFC is a technology that enables devices to communicate when they are within 4 inches of each other. It is often used as a payment method

Question 38

You want an alert to be e-mailed directly to you when a company mobile device leaves an area around the corporate building. Which technology would allow this?

Infrared

Push notification services

Geofencing

Answer 38

Geofencing

Geofencing is a technology that allows a response to be triggered when a device leaves an area defined by GPS coordinates

Question 39

Your boss approaches you about implementing two-factor authentication using a password along with another form of authentication. Which two methods of authentication could be used?

Password / UEFI

Password / Fingerprint

PIN / OTG

Answer 39

Password / Fingerprint

A password and a fingerprint are a method of two-factor authentication—something the user knows and something the user is

Question 40

What standard allows a PC to boot only with software in a trusted whitelist?

Hardware root of trust

COPE

Secure boot

Answer 40

Secure boot

Secure boot is a standard that allows only software in a whitelist to be booted on the system

Question 41

What are some things to monitor for on mobile devices to prevent security issues? (Choose all that apply.)

CYOD

Rooting

Biometrics

Sideloading

Third-party app stores

Answer 41

Rooting

Sideloading

Third-party app stores

A rooted phone can have custom firmware in place of the over-the-air (OTA) firmware and operating systems installed on it, which can raise security issues because it is up to the user to secure the operating system. Sideloading is a way to install an application without using the official app store, and therefore it can come from any source, malicious or not. Third-party app stores can offer malicious or insecure applications that can compromise the security of the mobile device

Question 42

You want to connect to the Internet through your phone because the computer you are using has no Wi-Fi capabilities. What is this called?

Tethering

Wi-Fi direct/ad hoc

Carrier unlocking

Answer 42

Tethering

Tethering enables you to share the mobile data connection of your phone with the computer it is plugged into

Question 43

You notice that when mobile devices are taken to the company cafeteria, their connection to Wi-Fi often cuts out. This happens nowhere else in the building. What is the most likely cause of this?

MFDs

EMI

VDE

Answer 43

EMI

Electromagnetic interference (EMI) can cause a device to lose its connection to a wireless network, and microwaves are a large producer of EMI in the same general frequency range of 2.4-GHz Wi-Fi

Question 44

What kinds of devices would not be allowed in an area where EMI needs to be kept to a minimum? (Choose all that apply.)

Wireless keyboards

Displays

Wireless mice

External storage devices

Wi-Fi–enabled MicroSD cards

Answer 44

Wireless keyboards

Wireless mice

Wi-Fi–enabled MicroSD cards

Wireless keyboards, wireless mice, and Wi-Fi–enabled MicroSD cards are all possible sources of EMI

Question 45

What are the steps in a secure deployment environment?

Development, testing, staging, production

Development, bug-fixing, deployment

Creation, testing, deployment

Answer 45

Development, testing, staging, production

The proper order of a secure development environment is development, testing, staging, and production

Question 46

What type of hypervisor would be required if you wanted to use an existing server with an existing operating system?

Type 1

Type 2

Type 3

Answer 46

Type 2

A Type 2 hypervisor runs on top of an existing operating system

Question 47

Your manager wants to run every application securely on a system in its own virtual server. What is this technique called?

Integrity measurement

VM escape protection

Application container

Answer 47

Application container

An application container enables an administrator to deploy one virtual server per application

Question 48

Which method enables the running of a read-only version of an operating system that reverts to its original state on every boot?

Configuration validation

Rollback to known configuration

Live boot media

Answer 48

Live boot media

Running off of live boot media enables the operating system to run read-only, and it reverts back to its original state at every reboot

Question 49

Which of the following tasks are good automation candidates? (Choose all that apply.)

Continuous monitoring

Configuration validation

VM sprawl avoidance

Purging

Answer 49

Continuous monitoring

Configuration validation

Continuous monitoring and configuration validation are both good candidates for automation with scripts because they are repetitive

Question 50

What are methods of data destruction and media sanitization? (Choose all that apply.)

Burning

Elasticity

Shredding

Degaussing

Pulping

Answer 50

Burning

Shredding

Degaussing

Pulping

These methods are used to destroy and sanitize storage media securely

Question 51

What attribute of a system describes how well a cloud computing platform can grow in response to workloads?

Scalability

Pulverizing

Templates

Answer 51

Scalability

Scalability is the attribute of a cloud computing resource to grow in response to workloads. Scaling down is also an option when demand declines, and it can save customers money