SEC+ Revision Questions Implementing System Security

Question 1

Which security measure would protect hard disk contents even if server hard disks were physically stolen?
A. NTFS permissions
B. Power-on password
C. Complex administrative passwords
D. Encryption

Answer 1

D. Encryption

Question 2

Trinity’s user account is mistakenly deleted when she goes on a three-month maternity leave. When she returns, a new account with appropriate NTFS permissions is created for her. When she tries to open her old files, she keeps getting “Access Denied” messages. What is the problem?
A. Trinity does not have proper NTFS permissions.
B. Trinity’s new user account has a different SID than her old one.
C. Trinity’s files are encrypted with her old account.
D. Trinity’s account should be made a member of the Power Users group.

Answer 2

C. Trinity’s files are encrypted with her old account.

Question 3

Nate has been using his work e-mail address when surfing the Web and filling in forms on various web sites. To which potential problem has Nate exposed himself?
A. Spam
B. Phishing
C. SQL injection
D. DNS poisoning

Answer 3

A. Spam

Question 4

You are a server virtualization consultant for Not Really There, Inc. During a planning meeting with a client, the issue of virtual machine point-in-time snapshots comes up. You recommend careful use of snapshots because of the security ramifications. What is your concern?
A. Snapshots can consume a large amount of disk space.
B. The use of snapshots could trigger a MAC flood.
C. Invoked snapshots will mean that the virtual machine is temporarily unavailable.
D. Invoked snapshots will be patched less often than the currently running virtual machine.

Answer 4

D. Invoked snapshots will be patched less often than the currently running virtual machine.

Question 5

What can be done to harden a mobile, handheld device? (Choose two.)
A. Disable Wi-Fi.
B. Ensure it is used only in physically secured areas.
C. Set Bluetooth discovery to disabled.
D. Enable screen lock.

Answer 5

C. Set Bluetooth discovery to disabled.
&
D. Enable screen lock.

Question 6

A private medical practice hires you to determine the feasibility of cloud computing whereby
e-mail and medical applications, as well as patient information, would be hosted by an Internet provider. You are asked to identify possible security issues. (Choose two.)
A. Data storage is not local but instead on the provider’s premises, where other businesses also have access to cloud computing services.
B. HTTPS will be used to access remote services.
C. Should the provider be served a subpoena, the possibility of full data disclosure exists.
D. Data will be encrypted in transit as well as when stored.

Answer 6

A. Data storage is not local but instead on the provider’s premises, where other businesses also have access to cloud computing services.
&
C. Should the provider be served a subpoena, the possibility of full data disclosure exists.

Question 7

Which option will protect employee laptops when they travel and connect to wireless networks?
A. Personal firewall software
B. MAC address filtering
C. Virtualization
D. 802.11n-compliant wireless card

Answer 7

A. Personal firewall software

Question 8

What can be done to ensure the confidentiality of sensitive data copied to USB flash drives?
A. File hash
B. Encryption
C. NTFS permissions
D. Share permissions

Answer 8

B. Encryption

Question 9

Which standard is a firmware solution for drive encryption?
A. TPM
B. DLP
C. EFS
D. NTFS

Answer 9

A. TPM

Question 10

What can be done to protect data after a handheld device is lost or stolen?
A. Enable encryption.
B. Execute a remote wipe.
C. Enable screen lock.
D. Disable Bluetooth discovery.

Answer 10

B. Execute a remote wipe.

Question 11

How can the specific location of a mobile device be tracked?
A. IP address
B. MAC address
C. SIM card code
D. GPS

Answer 11

D. GPS

Question 12

What type of software filters unsolicited junk e-mail?
A. Antispam
B. Antivirus
C. Antispyware
D. Antiadware

Answer 12

A. Antispam

Question 13

What type of software works against the collection of personal information?
A. Antispam
B. Antivirus
C. Antispyware
D. Antiadware

Answer 13

C. Antispyware

Question 14

Which of the following best protects against operating system defects?
A. Antivirus software
B. Firewall software
C. Encryption
D. Patching

Answer 14

D. Patching

Question 15

What is the best way to prevent laptop theft?
A. GPS
B. Cable lock
C. Host-based firewall
D. Antivirus software

Answer 15

B. Cable lock

Question 16

A server administrator must adhere to legislation that states financial data must be kept secure in the event of a physical security breach. What practices will ensure the administrator complies with the law? (Choose two.)
A. Applying NTFS permissions
B. Storing backup tapes in a safe
C. Encrypting server hard disks
D. Storing backup tapes in a locked cabinet

Answer 16

B. Storing backup tapes in a safe
&
C. Encrypting server hard disks

Question 17

What type of software examines application behavior, logs, and events for suspicious activity?
A. NIDS
B. Host-based firewall
C. HIDS
D. Spyware

Answer 17

C. HIDS

Question 18

A database administrator requests a method by which malicious activity against a Microsoft SQL database server can be detected. All network traffic to the database server is encrypted. What solution should you recommend?
A. HIDS
B. NIDS
C. IPSec
D. SSL

Answer 18

A. HIDS

Question 19

Which of the following are true regarding virtualization? (Choose two.)
A. Each virtual machine has one or more unique MAC addresses.
B. Virtual machine operating systems do not need to be patched.
C. Virtual machines running on the same physical host can belong to different VLANs.
D. A security compromise in one virtual machine means all virtual machines on the physical host are compromised.

Answer 19

A. Each virtual machine has one or more unique MAC addresses.
&
C. Virtual machines running on the same physical host can belong to different VLANs.

Question 20

Cloud computing offers which benefits? (Choose two.)
A. Simple scalability
B. Fewer hardware purchases
C. Better encryption
D. Local data storage
E. No requirement for antivirus software

Answer 20

A. Simple scalability
&
B. Fewer hardware purchases

Question 21

Mitch is responsible for three payroll servers that store data on a SAN. The chief financial officer (CFO) requests observation of access to a group of budget files by a particular user. What should Mitch do?
A. Create file hashes for each budget file.
B. Encrypt the budget files.
C. Configure a HIDS to monitor the budget files.
D. Configure file system auditing.

Answer 21

D. Configure file system auditing.

Question 22

Your company has acquired security software that will monitor application usage on all workstations. Before the software can function properly, you must have users run their applications as they normally would for a short period. Why does the security software require this to be done?
A. To update antivirus definitions for application files
B. To establish a normal usage baseline
C. To verify the security software has the required permissions to run
D. To verify licensed software is being used

Answer 22

B. To establish a normal usage baseline

Question 23

Kevin is a trial lawyer in southern California. He requires secure, high-quality voice communication with clients. What can he do?
A. Use VoIP with packet encryption over the Internet.
B. Use cell phone voice encryption.
C. Use only landline telephones.
D. Use his cell phone on a special voice network for legal professionals.

Answer 23

B. Use cell phone voice encryption.

Question 24

Your IT manager asks you to ensure e-mail messages and attachments do not contain sensitive data that could be leaked to competitors. What type of solution should you propose?
A. Antivirus software
B. NIDS
C. DLP
D. HIDS

Answer 24

C. DLP

Question 25

Your server performance has decreased since the introduction of digitally signing and encrypting all network traffic. You would like to release the servers from this function. Which device should you use?
A. Smartcard
B. TPM
C. HSM
D. EFS

Answer 25

C. HSM

Question 26

Your company has decided that all new server hardware will have TPM support. You receive a new server, and you enable TPM through the CMOS utility and enable drive encryption using TPM in your operating system. What should you do next?
A. Reboot the server.
B. Enable EFS on the server.
C. Enable IPSec.
D. Back up the TPM keys.

Answer 26

D. Back up the TPM keys.

Question 27

You attempt to encrypt a folder on drive D: using EFS, but the encryption option is unavailable. What should you do?
A. Issue the convert d: /fs:ntfs command.
B. Add your account to the Administrators group.
C. Enable EFS through Group Policy.
D. Enable TPM in the CMOS utility.

Answer 27

A. Issue the convert d: /fs:ntfs command.

Question 28

Which capabilities are present in an all-in-one security appliance? (Choose three.)
A. URL filter
B. Content inspection
C. Malware inspection
D. EFS

Answer 28

A. URL filter
&
B. Content inspection
&
C. Malware inspection

Question 29

As the database administrator for your company, you are evaluating various public cloud offerings to test customer database programming changes. Which category of cloud service should you research?
A. Software as a Service
B. Platform as a Service
C. Infrastructure as a Service
D. Security as a Service

Answer 29

B. Platform as a Service

Question 30

Your company hosts an on-premises Active Directory server to authenticate network users. Mailboxes and productivity applications for users are hosted in a public cloud. You have configured identity federation to allow locally authenticated users to seamlessly connect to their mailboxes and productivity applications. What type of cloud do you have?
A. Public
B. Private
C. Hybrid
D. Community

Answer 30

C. Hybrid

Question 31

You are deploying Android-based smart phones to employees in your Toronto office. Because of the sensitive nature of your business, you want to employ mechanisms that will protect sensitive data that may exist on phones. Which set of mechanisms should you employ?
A. Full device encryption, run virtual machines, separation of duties
B. Remote wiping, lockout, FTP app
C. Screen locks, GPS, larger-capacity mini SD card
D. Limiting which apps can be installed, segmenting OS storage location from app storage location, and disabling unused features

Answer 31

D. Limiting which apps can be installed, segmenting OS storage location from app storage location, and disabling unused features

Question 32

You are installing a mail app on your smart phone that requires the trusted root PKI certificate of the server. The mail server must authenticate the smart phone using a PKI certificate. Which of the following lists applies to this scenario?
A. Key management, credential management, authentication
B. Geotagging, transitive trust/authentication, data ownership
C. Support ownership, patch management, antivirus management
D. Mobile forensic data recovery, privacy, onboarding/offboarding

Answer 32

A. Key management, credential management, authentication

Question 33

Management has decided to support a BYOD corporate policy. You have been asked to recommend points of consideration before BYOD is put into effect. Which of the following points should be considered regarding BYOD? (Choose three.)
A. More storage capacity for servers
B. Legal ramifications
C. Network infrastructure changes
D. Disabling on-board camera/video

Answer 33

B. Legal ramifications
&
C. Network infrastructure changes
&
D. Disabling on-board camera/video

Question 34

Which of the following correctly identifies an operating system that meets specific government or regulatory security standards?
A. Hardened OS
B. Trusted OS
C. Security OS
D. Patched OS

Answer 34

B. Trusted OS

Question 35

A comprehensive data policy encompasses which of the following?
A. Wiping, disposing, retention, storage
B. Disposing, patching, retention storage
C. Retention, storage, virtualization
D. Storage, virtualization, elasticity

Answer 35

A. Wiping, disposing, retention, storage

Question 36

Which of the following is a valid way of handling Big Data?
A. Data at rest
B. NoSQL
C. EFS
D. Cloud storage

Answer 36

B. NoSQL