Implementing System Security Flashcards
Which security measure would protect hard disk contents even if server hard disks were physically stolen?
NTFS permissions
Power-on password
Encryption
Encryption
Encryption is the best answer, because NTFS permissions, power-on password, and complex passwords are all meaningless when someone gains physical access to hard disks
Trinity’s user account is mistakenly deleted when she goes on a three-month maternity leave. When she returns, a new account with appropriate NTFS permissions is created for her. When she tries to open her old files, she keeps getting “Access Denied” messages. What is the problem?
Trinity does not have proper NTFS permissions.
Trinity’s new user account has a different SID than her old one.
Trinity’s files are encrypted with her old account.
Trinity’s files are encrypted with her old account.
Encrypting File System (EFS) encrypts files and folders using keys that are unique to the user. Newly created user accounts, even with the same name, will not use the same keys, which means decryption will not occur. A recovery agent is required to decrypt Trinity’s files
Nate has been using his work e-mail address when surfing the Web and filling in forms on various web sites. To which potential problem has Nate exposed himself?
Spam
Phishing
SQL injection
Spam
Despite perhaps being illegal (this is currently a legal gray area), there is money to be made in providing valid e-mail addresses to spammers and also in spammers sending unsolicited advertisements to those e-mail addresses. Spam filters can reduce the amount of spam showing up in mailboxes
You are a server virtualization consultant for Not Really There, Inc. During a planning meeting with a client, the issue of virtual machine point-in-time snapshots comes up. You recommend careful use of snapshots because of the security ramifications. What is your concern?
Snapshots can consume a large amount of disk space.
Invoked snapshots will mean that the virtual machine is temporarily unavailable.
Invoked snapshots will have fewer patch updates than the currently running virtual machine.
Invoked snapshots will have fewer patch updates than the currently running virtual machine.
Reverting a running virtual machine to an older snapshot could mean going back to a point in time before critical patches or virus scanning updates were applied, thus rendering your virtual machine vulnerable
What can be done to harden a mobile, handheld device? (Choose two.)
Disable Wi-Fi.
Ensure that it is used only in physically secured areas.
Set Bluetooth discovery to disabled.
Enable screen lock.
Set Bluetooth discovery to disabled.
Enable screen lock.
Bluetooth discovery mode makes it possible for anybody within range (10 meters) to see and potentially connect to the mobile device. Screen lock is essential to secure mobile devices; a password or fingerprint scan is used to unlock the screen and make the device usable
A private medical practice hires you to determine the feasibility of cloud computing, whereby storage of e-mail and medical applications, as well as patient information, would be hosted by an Internet provider. You are asked to identify possible security issues. (Choose two.)
Data is not stored locally but is instead stored on the provider’s premises, where other businesses also have access to cloud computing services.
HTTPS will be used to access remote services.
Should the provider be served a subpoena, the possibility of full data disclosure exists.
Data will be encrypted in transit as well as when stored.
Data is not stored locally but is instead stored on the provider’s premises, where other businesses also have access to cloud computing services.
Should the provider be served a subpoena, the possibility of full data disclosure exists.
Because there are many customers sharing the same cloud computing services, it is reasonable to approach the issue of data storage cautiously. Third-party audit findings may dispel or confirm these fears. Depending on the provider’s geographic location, different laws may apply to whether data hosted by the provider can legally be disclosed
Which option will protect employee laptops when they travel and connect to wireless networks?
Personal firewall software
MAC address filtering
Virtualization
Personal firewall software
Personal firewall software could be configured to prevent all inbound network traffic, which also prevents its discovery on a wired or wireless network
What can be done to ensure the confidentiality of sensitive data copied to USB flash drives?
File hash
Encryption
NTFS permissions
Encryption
Encrypting USB flash drives prevents unauthorized parties from viewing the data. Stored data (data at rest) encryption protects data while it is not in use. Some drives are self-encrypting drives (SED), which use their own circuitry to transparently encrypt and decrypt data
Which standard is a firmware solution for drive encryption?
TPM
DLP
EFS
TPM
Trusted Platform Module (TPM) chips can store cryptographic keys or certificates used to encrypt and decrypt drive contents, otherwise called full disk encryption (FDE). If the drive were moved to another computer (even one with TPM), the drive would remain encrypted and inaccessible
What can be done to protect data after a handheld device is lost or stolen?
Execute a remote wipe.
Enable screen lock.
Disable Bluetooth discovery.
Execute a remote wipe.
Remote wipe is an option administrators can exercise to wipe the contents of a handheld device remotely
How can the specific location of a mobile device be tracked?
IP address
MAC address
GPS
GPS
GPS is a common feature in mobile devices that provides coordinates (longitude and latitude) for geographic tracking
What type of software filters unsolicited junk e-mail?
Anti-spam
Antivirus
Antispyware
Anti-spam
Spam is unsolicited junk e-mail. Anti-spam software attempts to filter out these messages, but it sometimes flags legitimate messages as spam
What type of software works against the collection of personal information?
Anti-spam
Antivirus
Antispyware
Antispyware
Spyware gathers personal information and computer usage habits without user knowledge
Which of the following best protects against operating system defects?
Firewall software
Encryption
Patching
Patching
Patching addresses specific operating system defects
What is the best way to prevent laptop theft?
GPS
Cable lock
Host-based firewall
Cable lock
A cable lock is a steel cable designed to secure a laptop to a secure object, such as a desk
A server administrator must adhere to legislation that states that financial data must be kept secure in the event of a physical security breach. What practices will ensure that the administrator complies with the law? (Choose two.)
Applying NTFS permissions
Storing backup tapes in a safe
Encrypting server hard disks
Storing backup tapes in a locked cabinet
Storing backup tapes in a safe
Encrypting server hard disks
In the event of a physical security breach, data will be kept secure in a safe. If server hard disks are stolen, encryption will ensure that data cannot be decrypted by unauthorized parties
What type of software examines application behavior, logs, and events for suspicious activity?
NIDS
Host-based firewall
HIDS
HIDS
Host-based intrusion detection system (HIDS) software monitors applications, logs, and events for suspicious activity
A database administrator requests a method by which malicious activity against a Microsoft SQL Server database server can be detected. All network traffic to the database server is encrypted. What solution should you recommend?
HIDS
NIDS
IPSec
HIDS
Host-based intrusion detection systems (HIDS) are application specific (such as to an SQL Server database). Databases can also benefit from encryption. Encryption presents no problems, since HIDS runs on the target computer
Which of the following are true regarding virtualization? (Choose two.)
Each virtual machine has one or more unique MAC addresses.
Virtual machine operating systems do not need to be patched.
Virtual machines running on the same physical host can belong to different VLANs.
A security compromise of one virtual machine means all virtual machines on the physical host are compromised.
Each virtual machine has one or more unique MAC addresses.
Virtual machines running on the same physical host can belong to different VLANs.
Each virtual machine does have a unique MAC address that is configurable by the virtual machine administrator. Virtual machines running on the same host can connect to different VLANs (physical or internal); this is simply a virtual network configuration setting
Cloud computing offers which benefits? (Choose two.)
Simple scalability
Fewer hardware purchases
Better encryption
Local data storage
No requirement for antivirus software
Simple scalability
Fewer hardware purchases
Scalability with cloud computing is simple because a third party takes care of hardware, software, software licensing, and so on. Because a third party is hosting some (or all) of your IT services, you will require fewer hardware resources
Mitch is responsible for three payroll servers that store data on a SAN. The chief financial officer (CFO) requests observation of access to a group of budget files by a particular user. What should Mitch do?
Create file hashes for each budget file.
Encrypt the budget files.
Configure file system auditing.
Configure file system auditing.
Mitch should configure file system auditing for budget file access by the employee in question
Your company has acquired security software that will monitor application usage on all workstations. Before the software can function properly, you must have users run their applications as they normally would for a short period. Why does the security software require this to be done?
To update antivirus definitions for application files
To establish a normal usage baseline
To verify that the security software has the required permissions to run
To establish a normal usage baseline
To detect abnormal behavior, the security software must know what is normal in this environment
Kevin is a trial lawyer in southern California. He requires secure, high-quality voice communication with clients. What can he do?
Use VoIP with packet encryption over the Internet.
Use cell phone voice encryption.
Use only landline telephones.
Use cell phone voice encryption.
Cell phone voice encryption software ensures that your voice calls are confidential after establishing a secure session with the other cell phone. The encrypted voice is transmitted through the cell phone’s data channel as opposed to the normal voice channel
Your IT manager asks you to ensure that e-mail messages and attachments do not contain sensitive data that could be leaked to competitors. What type of solution should you propose?
Antivirus software
NIDS
DLP
DLP
Data loss prevention (DLP) hardware and software solutions perform deep content inspection of data (such as e-mail bodies and attachments) to prevent information leakage
Your server performance has decreased since the introduction of digitally signing and encrypting all network traffic. You would like to release the servers from this function. Which device should you use?
Smartcard
TPM
HSM
HSM
Hardware security module (HSM) devices are designed to handle cryptographic duties, thus allowing servers to focus on other tasks
Your company has decided that all new server hardware will have TPM support. You receive a new server, and you enable TPM through the CMOS utility and enable drive encryption using TPM in your operating system. What should you do next?
Reboot the server.
Enable IPSec.
Back up the TPM keys.
Back up the TPM keys.
Trusted Platform Module (TPM) stores keys, certificates, and passwords used for disk encryption in a chip. In the event the chip or motherboard fails, it is important to have a copy of the keys so that disk contents can be decrypted. TPM can also store data related to the boot environment on that machine such that the TPM will know whether the boot environment has been tampered with and can lock the device
You attempt to encrypt a folder on drive D: using EFS, but the encryption option is unavailable. What should you do?
Issue the convert d: /fs:ntfs command.
Add your account to the Administrators group.
Enable EFS through Group Policy.
Issue the convert d: /fs:ntfs command.
Encrypting File System (EFS) requires NTFS file systems
Which capabilities are present in an all-in-one security appliance? (Choose three.)
URL filter
Content inspection
Malware inspection
EFS
URL filter
Content inspection
Malware inspection
All-in-one security appliances can control access to web content based on the URL and data in the payload of the packet. Data transmitted through this type of security appliance can also be subject to malware scanning
As the database administrator for your company, you are evaluating various public cloud offerings to test customer database programming changes. Which category of cloud service should you research?
Software as a Service
Platform as a Service
Infrastructure as a Service
Platform as a Service
Platform as a Service (PaaS) provides IT services over a network such as virtual servers, databases, and programming APIs
Your company hosts an on-premises Active Directory server to authenticate network users. Mailboxes and productivity applications for users are hosted in a public cloud. You have configured identity federation to enable locally authenticated users to connect to their mailboxes and productivity applications seamlessly. What type of cloud do you have?
Public
Private
Hybrid
Hybrid
Hybrid cloud solutions combine on-premises IT services with IT services hosted in the cloud
You are deploying Android-based smart phones to employees in your Toronto office. Because of the sensitive nature of your business, you want to employ mechanisms that will protect sensitive data that may exist on phones. Which set of mechanisms should you use?
Full device encryption, run virtual machines, separation of duties
Screen locks, GPS, larger capacity mini SD card
Limiting which apps can be installed, segmenting OS storage location from app storage location, disabling unused features, disabling default passwords
Limiting which apps can be installed, segmenting OS storage location from app storage location, disabling unused features, disabling default passwords
Only apps that have been thoroughly tested and are required should be allowed on smart phones. Enforcing a list of only what is allowed to run is referred to as application white listing. Application black listing specifies restricted apps. App data can be segmented from OS storage to increase security. Encrypting data, especially on removable storage, is critical. Disabling default passwords prevents unauthorized access using passwords that are easily found online
You are installing a mail app on your smart phone that requires the trusted root PKI certificate of the server. The mail server must authenticate the smart phone using a PKI certificate. Which of the following lists applies to this scenario?
Key management, credential management, authentication
Geotagging, transitive trust/authentication, data ownership
Support ownership, patch management, antivirus management
Key management, credential management, authentication
Valid PKI certificates (containing public and private keys) are used by the smart phone and mail server to mutually authenticate in this example; the keys should be backed up. PKI certificates, as well as usernames and passwords, are considered credentials
Management has decided to support a BYOD corporate policy. You have been asked to recommend points of consideration before BYOD is put into effect. Which of the following points should be considered regarding BYOD? (Choose three.)
More storage capacity for servers
Legal ramifications
Network infrastructure changes
Disabling on-board camera/video and microphone outside of calls
Legal ramifications
Network infrastructure changes
Disabling on-board camera/video and microphone outside of calls
Bring your own device (BYOD) policies allow users to bring their own computing devices (laptops, tablets, smart phones) to an organization’s network. As a result, infected user devices could threaten an organization’s network or assets, which could result in litigation. The network infrastructure should be configured with a separate network for BYOD devices. To protect the confidentiality of sensitive data, consider disabling onboard cameras and microphones on mobile devices outside of calls
Which of the following correctly identifies an operating system that meets specific government or regulatory security standards?
Hardened OS
Trusted OS
Security OS
Trusted OS
A trusted OS is a secured operating system that meets or exceeds stringent security standards
A comprehensive data policy encompasses which of the following?
Wiping, disposing, retention, storage
Disposing, patching, retention storage
Retention, storage, virtualization
Wiping, disposing, retention, storage
Wiping a drive or device can remove sensitive data. Disposal of used computing equipment, such as hard disks, can be accomplished with physical shredding. Data retention might be required for regulatory compliance. A data policy might specify types of storage devices and specific configurations where data safety is maintained
Which of the following is a valid way of handling Big Data?
Data at rest
NoSQL
EFS
NoSQL
NoSQL is a type of database designed to process enormous amounts of data in a columnar format. Most SQL database technologies work with data in rows
Which communications standard enables devices to communicate at a very short distance?
NFC
Cellular
SATCOM
NFC
NFC is a technology that enables devices to communicate when they are within 4 inches of each other. It is often used as a payment method
You want an alert to be e-mailed directly to you when a company mobile device leaves an area around the corporate building. Which technology would allow this?
Infrared
Push notification services
Geofencing
Geofencing
Geofencing is a technology that allows a response to be triggered when a device leaves an area defined by GPS coordinates
Your boss approaches you about implementing two-factor authentication using a password along with another form of authentication. Which two methods of authentication could be used?
Password / UEFI
Password / Fingerprint
PIN / OTG
Password / Fingerprint
A password and a fingerprint are a method of two-factor authentication—something the user knows and something the user is
What standard allows a PC to boot only with software in a trusted whitelist?
Hardware root of trust
COPE
Secure boot
Secure boot
Secure boot is a standard that allows only software in a whitelist to be booted on the system
What are some things to monitor for on mobile devices to prevent security issues? (Choose all that apply.)
CYOD
Rooting
Biometrics
Sideloading
Third-party app stores
Rooting
Sideloading
Third-party app stores
A rooted phone can have custom firmware in place of the over-the-air (OTA) firmware and operating systems installed on it, which can raise security issues because it is up to the user to secure the operating system. Sideloading is a way to install an application without using the official app store, and therefore it can come from any source, malicious or not. Third-party app stores can offer malicious or insecure applications that can compromise the security of the mobile device
You want to connect to the Internet through your phone because the computer you are using has no Wi-Fi capabilities. What is this called?
Tethering
Wi-Fi direct/ad hoc
Carrier unlocking
Tethering
Tethering enables you to share the mobile data connection of your phone with the computer it is plugged into
You notice that when mobile devices are taken to the company cafeteria, their connection to Wi-Fi often cuts out. This happens nowhere else in the building. What is the most likely cause of this?
MFDs
EMI
VDE
EMI
Electromagnetic interference (EMI) can cause a device to lose its connection to a wireless network, and microwaves are a large producer of EMI in the same general frequency range of 2.4-GHz Wi-Fi
What kinds of devices would not be allowed in an area where EMI needs to be kept to a minimum? (Choose all that apply.)
Wireless keyboards
Displays
Wireless mice
External storage devices
Wi-Fi–enabled MicroSD cards
Wireless keyboards
Wireless mice
Wi-Fi–enabled MicroSD cards
Wireless keyboards, wireless mice, and Wi-Fi–enabled MicroSD cards are all possible sources of EMI
What are the steps in a secure deployment environment?
Development, testing, staging, production
Development, bug-fixing, deployment
Creation, testing, deployment
Development, testing, staging, production
The proper order of a secure development environment is development, testing, staging, and production
What type of hypervisor would be required if you wanted to use an existing server with an existing operating system?
Type 1
Type 2
Type 3
Type 2
A Type 2 hypervisor runs on top of an existing operating system
Your manager wants to run every application securely on a system in its own virtual server. What is this technique called?
Integrity measurement
VM escape protection
Application container
Application container
An application container enables an administrator to deploy one virtual server per application
Which method enables the running of a read-only version of an operating system that reverts to its original state on every boot?
Configuration validation
Rollback to known configuration
Live boot media
Live boot media
Running off of live boot media enables the operating system to run read-only, and it reverts back to its original state at every reboot
Which of the following tasks are good automation candidates? (Choose all that apply.)
Continuous monitoring
Configuration validation
VM sprawl avoidance
Purging
Continuous monitoring
Configuration validation
Continuous monitoring and configuration validation are both good candidates for automation with scripts because they are repetitive
What are methods of data destruction and media sanitization? (Choose all that apply.)
Burning
Elasticity
Shredding
Degaussing
Pulping
Burning
Shredding
Degaussing
Pulping
These methods are used to destroy and sanitize storage media securely
What attribute of a system describes how well a cloud computing platform can grow in response to workloads?
Scalability
Pulverizing
Templates
Scalability
Scalability is the attribute of a cloud computing resource to grow in response to workloads. Scaling down is also an option when demand declines, and it can save customers money
