module 8

Question 1

In which of the following should you expect some privacy?

Emailing an important document to a friend using an employer email system

Sharing a photo through a mobile phone app

Metadata stored by a web browser

Personally identifiable information entered into a human resource database

Answer 1

Personally identifiable information entered into a human resource database

Question 2

In which of the following situations should you expect total privacy?

Instant messaging

Email messages and attachments

Financial transactions

Social networkin

Answer 2

Financial transactions

Question 3

Which of the following are the BEST steps you can take to avoid having your mobile device exploited by a hacker or infected by a virus? (Select two.)

Avoid anti-virus apps

Keep the operating system up to date

Turn off location services

Lock the screen with some form of authentication

Keep an up-to-date remote backup

Keep your device always in your possession

Answer 3

Keep the operating system up to date

Lock the screen with some form of authentication

Question 4

Which of the following is a common form of social engineering attack?

Stealing the key card of an employee and using that to enter a secured building.

Distributing false information about your organization’s financial status.

Hoax virus information emails.

Using a sniffer to capture network traffic.

Answer 4

Hoax virus information emails.

Question 5

Mark received an email from a software company claiming his account will be disabled soon. The email contains several spelling errors, an attachment, and states he should open the attachment for further instructions. What should Mark do?

Open the attachment because he has anti-virus software installed.

Forward the email to a friend and ask for advice.

Reply to the sender and ask if the attachment is safe.

Delete the email without opening the attachment.

Answer 5

Delete the email without opening the attachment.

Question 6

You work for a company that offers their services through the Internet. Therefore, it is critical that your website performs well. As a member of the IT technician staff, you receive a call from a fellow employee who informs you that customers are complaining that they can’t access your website. After doing a little research, you have determined that you are a victim of a denial-of-service attack.

As a first responder, which of the following is the next BEST step to perform?

Investigate how the attack occurred.

Hire a forensic team to gather evidence.

Prevent such an incident from occurring again.

Contain the problem

Answer 6

Contain the problem

Question 7

What is the best countermeasure against social engineering?

Strong passwords

Access auditing

User awareness training

Acceptable use policy

Answer 7

User awareness training

Question 8

A large number of compromised computers are infected with malware that allows an attacker (herder) to control them to spread email spam and launch denial-of-service attacks.

Which of the following does this security threat describe?

Zombie/botnet

Man-in-the-middle

Spoofing

Phishing

Question 9

Which of the following describes a Man-in-the-Middle attack?

An IP packet is constructed which is larger than the valid size.

A person over the phone convinces an employee to reveal their logon credentials.

An attacker intercepts communications between two network hosts by impersonating each host.

Malicious code is planted on a system where it waits for a triggering event before activating.

Answer 9

An attacker intercepts communications between two network hosts by impersonating each host.

Question 10

A technician walks into the office with a UPS. What sort of threat will this device prepare a system for?

Power outage

Denial-of-service

Data redundancy

Wiretapping

Answer 10

Power outage

Question 11

What do biometrics use to perform authentication of identity?

Ability to perform tasks

Biological attributes

Knowledge of passwords

Possession of a device

Answer 11

Biological attributes

Question 12

A technician assists Joe, an employee in the Sales department, who needs access to the client database by granting Joe administrator privileges. Later, Joe discovers he has access to the salaries in the payroll database.

Which of the following security practices was violated?

Entry control roster

Strong password policy

Principle of least privilege

Multifactor authentication

Answer 12

Principle of least privilege

Question 13

If a malicious user gains access to the system, which component of the framework lets administrators know how they gained access and what exactly they did?

Authorization

Accounting

Access control

Authentication

Answer 13

Accounting

Question 14

Your company has surveillance cameras in your office, uses strong authentication protocols, and requires biometric factors for access control. These are all examples of what principle?

Authentication

Non-repudiation

Integrity

Authorization

Answer 14

Non-repudiation

Question 15

Which of the following security measures is a form of biometrics?

TPM

Chassis intrusion detection

Fingerprint scanner

BIOS password

Answer 15

Fingerprint scanner

Question 16

Which of the following is not a form of biometrics?

Face recognition

Smart card

Retina scan

Fingerprint

Answer 16

Smart card

Question 17

Your company wants to use multifactor authentication. Which of the following would you most likely suggest?

Token and smartphone

Fingerprint and retinal scan

Password and passphrase

PIN and smart card

Answer 17

PIN and smart card

Question 18

Ted, an employee in the Sales department has asked a coworker, Ann, in the Production department to update the product descriptions contained in a Sales document. Ann can open the file but, after making changes, can’t save the file.

Which of the following digital security methods is MOST likely preventing this?

Antivirus software

Multifactor authentication

Directory permission

Data loss prevention

Answer 18

Directory permission

Question 19

Which of the following access controls gives only backup administrators access to all servers on the network?

Authorization

Mandatory

Discretionary

Role-based

Answer 19

Role-based

Question 20

After entering a user ID and password, an online banking user must enter a PIN that was sent as a text message to the user’s mobile phone.

Which of the following digital security methods is being used?

Firewall

DLP

Smart card

Multifactor authentication

Answer 20

Multifactor authentication

Question 21

An accountant needs to send an email with sensitive information to a client and wants to prevent someone from reading the email if it is intercepted in transit. The client’s email system does not allow them to receive attachments due to their company security policies. Which of the following should the accountant use to send the email?

Host-based firewall

Plain text

File level encryption

Cipher text

Answer 21

Cipher text

Question 22

While configuring a wireless access point device, a technician is presented with several security mode options.

Which of the following options will provide the most secure access?

WPA and TKIP

WEP 128

WPA2 and TKIP

WPA2 and AES

WPA and AES

Answer 22

WPA2 and AES

Question 23

The CEO of a small business travels extensively and is worried about having the information on their laptop stolen if the laptop is lost or stolen. Which of the following would BEST protect the data from being compromised if the laptop is lost or stolen?

Anti-malware

Anti-theft lock

Full disk encryption

Complex password

Answer 23

Full disk encryption

Question 24

A technician is tasked to configure a mobile device to connect securely to the company network when the device is used at offsite locations where only internet connectivity is available.

Which of the following should the technician configure?

Hotspot

VPN

IMAP

Bluetooth

Answer 24

VPN

Question 25

A technician is tasked to add a valid certificate to a mobile device so that encrypted emails can be opened.
Which of the following email protocols is being used?

IMEI

POP3

IMAP

S/MIME

Answer 25

S/MIME

Question 26

A small business wants to make sure their wireless network is using the strongest encryption to prevent unauthorized access. Which of the following wireless encryption standards should be used?

WPA

WPA2

WPS

WEP

Answer 26

WPA2

Question 27

Which of the following protocols can be enabled so email is encrypted on a mobile device?

POP3

SMTP

IMAP

SSL

Answer 27

SSL

Question 28

Gloria is concerned that her online banking transactions could be intercepted if she uses public WiFi. Which of the following could she use to prevent access to her online transactions?

Mandatory Access Control (MAC)

Single sign-on

Multifactor authentication

VPN

Answer 28

VPN

Question 29

A user has opened a web browser and accessed a website where they are creating an account. The registration page is asking the user for their username (email address) and a password. The user looks at the URL and the protocol being used is HTTP. Which of the following describes how the data will be transmitted from the webpage to the webserver?

Cipher text

Plain text

AES encrypted message

WPA2 encryption

Answer 29

Plain text

Question 30

Which Internet protocol is used to transmit encrypted data?

HTTPS

FTP

HTTP

DNS

Answer 30

HTTPS

Question 31

A technician is installing a new SOHO wireless router.

Which of the following is the FIRST thing the technician should do to secure the router?

Press the WPS button

Adjust the radio power levels

Change the router’s default password

Disable SSID broadcast

Answer 31

Change the router’s default password

Question 32

The password policy below incorporates the following:

Passwords must include at least one capital letter
Passwords must include a mix of letters and numbers
Passwords must be different from the past eight passwords
Passwords must contain at least one non-alphanumeric character
Which of the following password best practices are being used? (Select TWO).

Password lockout

Password length

Password expiration

Password history

Password age

Password complexity

Answer 32

Password complexity

Password history

Question 33

You are configuring the local security policy of a Windows system. You want to require users to create passwords that are at least 10 characters long. You also want to prevent log on after three unsuccessful logon attempts.

Which of the following policies are BEST to configure? (Select TWO).

Account lockout threshold

Maximum password age

Password complexity

Minimum password length

Enforce password history

Account lockout duration

Answer 33

Minimum password length

Account lockout threshold

Question 34

Why is it better to use a credit card than a debit card for online purchases?

Credit cards have better fraud protection

Credit cards keep track of all your transactions

Debit cards require you to pay additional fees

Credit cards have better interest rates

Answer 34

Credit cards have better fraud protection

Question 35

You are configuring the local security policy of a Windows system. You want to prevent users from reusing old passwords. You also want to force them to use a new password for at least 5 days before changing it again.

Which of the following policies are BEST to configure? (Select TWO).

Enforce password history

Minimum password age

Password complexity

Maximum password age

Minimum password length

Answer 35

Enforce password history

Minimum password age

Question 36

Which of the following components of a successful access control framework is the process of proving that you are who you say you are?

Authentication

Accounting

Access control

Authorization

Answer 36

Authentication

Question 37

You’ve just received an email message that indicates a new, serious malicious code threat is ravaging across the Internet. The message contains detailed information about the threat, its source code, and the damage it can inflict. The message states that you can easily detect whether or not you have already been a victim of this threat by the presence of three files in the \Windows\System32 folder. As a countermeasure, the message suggests that you delete these three files from your system to prevent further spread of the threat.

Based on the email message, which of the following are the next BEST actions to complete? (Select two.)

Distribute the message to everyone in your address book.

Run a full anti-malware scan.

Delete the indicated files if present.

Verify the information on well-known malicious code threat management Web sites.

Perform a complete system backup.

Reboot the system.

Answer 37

Verify the information on well-known malicious code threat management Web sites.

Run a full anti-malware scan.

Question 38

Unwanted, unsolicited emails containing advertisements, political rhetoric, hoaxes, or scams are collectively known as _________.

Spam

Bloatware

Cookies

Illegal messages

Answer 38

Spam

Question 39

Which software is Microsoft’s anti-malware product that is preinstalled on most new computers?

ESET NOD32

Windows Defender

Norton Antivirus

McAfee VirusScan

Answer 39

Windows Defender

Question 40

Which of the following would best prevent an unauthorized person from remotely accessing your computer?

Lockdown device

Firewall

Anti-spam software

Anti-malware software

Answer 40

Firewall

Question 41

You have purchased new computers and will be disposing of your old computers. Instead of recycling the computers, you decide to resell them by placing an ad on the Internet. These computers were previously used for storing sensitive information.

To properly protect the accidental discovery of the company’s sensitive information, which of the following steps MUST be completed prior to getting rid of the computers?

Delete user data and applications from the hard drives

Use data wiping software to clear the hard drives

Include the original operating system discs and product keys with the computers

Reformat the hard drives

Answer 41

Use data wiping software to clear the hard drives

Question 42

Which of the following disaster recovery concepts applies when a server needs to be online and accessible at all times?

Cloud storage

Backup

Replication

Redundancy

Answer 42

Redundancy

Question 43

Your company has a disaster recovery plan that says the order to restore data is customer data, financial system, then email. This is an example of what?

Fault tolerance

Cloud backups

Prioritization

Business Plan

Answer 43

Prioritization

Question 44

What is a disadvantage of using the cloud for data storage?

Cloud storage backups require a reliable internet connection.

Cloud storage can fulfill the requirements for offsite backups.

You can access files from any computer with an internet connection.

Cloud storage allows you to save files to the interne

Answer 44

Cloud storage backups require a reliable internet connection.

Question 45

You are the PC technician for a company. An employee has gone to a meeting while you fix the computer in her office. She accidentally left a report open next to her computer which states that a friend of yours in accounting will be submitted for review if their poor work performance continues.

Which of the following is the BEST action to take?

Ignore the paper and tell no one of its contents.

Give your friend a heads up about what you found, but don’t disclose from where you heard the information.

Tell your fellow PC technicians about what you saw and let them decide what to do with the information.

Tell your friend about the report you saw and whose desk it was on.

Answer 45

Ignore the paper and tell no one of its contents.

Question 46

Even if you perform regular backups, what must be done to ensure that you are protected against data loss?

Regularly test restoration procedures.

Write-protect all backup media.

Restrict restoration privileges to system administrators.

Configure System Maintenance to automatically defragment system hard drives every night.

Answer 46

Regularly test restoration procedures.

Question 47

What is the surest way to prevent the loss of important information on your mobile device if it is lost, stolen, destroyed, or there is a natural disaster?

Configure your device to remotely backup important data to the Cloud.

Don’t put important information on your mobile device.

Configure your device to backup important data to your personal computer.

Only use apps, such as email apps, that store data on the app provider’s servers.

Answer 47

Configure your device to remotely backup important data to the Cloud.

Question 48

A user reports that her system is running slow when saving files. You determine that you will need to upgrade her hard disk. You identify the components that are required and schedule the repair for later that afternoon.

Which of the following steps have you forgotten in your troubleshooting process?

Create an action plan.

Perform a backup.

Verify system functionality.

Implement the solution.

Answer 48

Perform a backup.

Question 49

You have implemented a regular backup schedule for a Windows system, backing up data files every night and creating a system image backup once a week. For security reasons, your company has decided to not store a redundant copy of the backup media at an offsite location.

Where would be the next best place to keep your backup media?

In a drawer in your office.

In a locked room.

On a shelf next to the backup device.

In a locked fireproof safe.

Answer 49

In a locked fireproof safe.