Lesson 8 - Managing Security Settings Flashcards
What is a complexity requirement?
Complexity requirements are rules designed to enforce best-practice password selection, such as minimum length and use of multiple character types.
What is execution control?
Executive control is the process of determining what additional software may be installed on a client or server beyond its baseline to prevent the use of unauthorized software.
What is AutoPlay?
AutoPlay is Windows mechanisms for automatic actions to occur when a peripheral storage device is attached
What is EFS?
The Encryption File System is Microsoft’s file-level encryption feature available for use on NTFS
True or false? An organization should rely on automatic screen savers to prevent lunchtime attacks.
False. A lunchtime attack is where a threat actor gains access to a signed-in user account because the desktop has not locked. While an automatic screensaver lock provides some protection, there may still be a window of opportunity for a threat actor between the user leaving the workstation unattended and the screensaver activating. Users must lock the workstation manually when leaving it unattended.
What type of account management policy can protect against password-guessing attacks?
A lockout policy disables the account after a number of incorrect sign-in attempts.
A security consultant has recommended more frequent monitoring of the antivirus software on workstations. What sort of checks should this monitoring perform?
That the antivirus is enabled, is up to date with scan engine components and definitions, and has only authorized exclusions configured.
You are completing a checklist of security features for workstation deployments. Following the CompTIA A+ objectives, what additional item should you add to the following list, and what recommendation for a built-in Windows feature or features can you recommend be used to implement it?
- Password best practices
- End-user best practices
- Account management
- Change default administrator’s user account/password
- Disable AutoRun/AutoPlay
- Enable Windows Update, Windows Defender Antivirus, and Windows Defender Firewall
Data-at-rest encryption. In Windows, this can be configured at file level via the Encrypting File System (EFS) or at disk level via BitLocker.
What is a trusted source?
A trusted source is an installer package that can be verified by a digital signature or cryptographic hash
What is an untrusted source?
An untrusted source is an installer package whose authenticity and integrity cannot be verified.
What are extensions?
Extensions are an add-on that uses the browser API (application programming interface) to implement new functionality
What are plug-ins?
Plug-ins are software installed to a web browser to handle multimedia objects embedded in web pages. Use of most plug-in types is now deprecated.
What are digital certificates?
Digital certs ate identification and authentication information presented in the X.509 format and issued by a Certificate Authority (CA) as a guarantee that a key pair (as identified by the public key embedded in the certificate) is valid for a particular subject (user or host).
What is cache?
Cache is cookies, site files, form data, passwords, and other information stored by a browser. Caching behavior can be enabled or disabled and data can be cleared manually.
What is different about private/incognito browsing mode?
It’s a browser mode in which all session data and cache is discarded and tracking protection features are enabled by default
A company must deploy custom browser software to employees’ workstations. What method can be used to validate the download and installation of this custom software?
The package can be signed using a developer certificate issued by a trusted certificate authority. Alternatively, a cryptographic hash of the installer can be made, and this value can be given to each support technician. When installing the software, the technician can make his or her own hash of the downloaded installer and compare it to the reference hash.
A security consultant has recommended blocking end-user access to the chrome://flags browser page. Does this prevent a user from changing any browser settings?
No. The chrome://flags page is for advanced configuration settings. General user, security, and privacy settings are configured via chrome://settings.
What primary indicator must be verified in the browser before using a web form?
That the browser address bar displays the lock icon to indicate that the site uses a trusted certificate. This validates the site identity and protects information submitted via the form from interception.
True or false? Using a browser’s incognito mode will prevent sites from recording the user’s IP address.
False. Incognito mode can prevent the use of cookies but cannot conceal the user’s source IP address. You do not need to include this in your answer, but the main way to conceal the source IP address is to connect to sites via a virtual private network (VPN).
What are boot sector viruses?
Boot sector viruses infect the boot sector code or partition table on a disk drive. When the disk is attacked to a computer, the virus attempts to hijack the bootloader process to load itself into memory.
What are Trojans?
Trojans is malware concealed within an installer package for software that appears to be legitimate. The malware will be installed alongside the program and execute with the same privileges. It might be able to add itself to startup locations so that it always runs when the computer starts or the user signs in. This is referred to as persistence.
What are worms?
Worms replicate between processes in system memory rather than infecting an executable file stored on disk. Worms can also exploit vulnerable client/server software to spread between hosts in a network.
What is fileless malware?
Fileless malware refers to malicious code that uses the host’s scripting environment, like Windows PowerShell or PDF JavaScript, to create new malicious processes in memory. As it may be disguised as script instructions or a document file rather than an executable image file, this type of malware can be harder to detect.
What is a remote access Trojan (RAT)?
RAT is a malware that creates a backdoor remote administration channel to allow a threat actor to access and control the infected host.
What is command and control (C2 or C&C)?
C2 is an infrastructure of hosts and services with which attackers direct, distribute, and control malware over botnets.
What is spyware?
Spyware is software that records information about a PC and its users, often installed without the user’s consent. It’s malware that can perform browser reconfigurations, like allowing tracking cookies, changing default search providers, opening arbitrary pages at startup, etc.
What is a keylogger?
A keylogger is spyware that actively attempts to steal confidential information by recording keystrokes.
What is a rootkit?
A rootkit is a class of malware that modifies system files, often at the kernel level, to conceal its presence.
What is ransomware?
Ransomware is malware that tries to extort money from the victim by blocking normal operation of a computer and/or encrypting the victim’s files and demanding payment
What is a cryptominer?
A cryptominer is malware that hijacks computer resources to create cryptocurrency
What is an antivirus scan?
Antivirus scan is software capable of detecting and removing virus infections and other types of malware.
What is a rogue antivirus?
Rogue antivirus is a spoofed desktop notifications and browser ads designed to alarm users and promote installation of Trojan malware.
What is redirection?
Redirection in a browser is a consequence of malware infection where DNS and/or search results are corrupted to redirect requests from legitimate site hosts to spoofed sites or ads.
What is a certificate warning?
A certificate warning is a browser indication that a site connection is not secure because the certificate is invalid or the issuing CA is not trusted.
