Securing Host Systems Flashcards
You suspect that your server has been compromised because it has been running slowly and is unresponsive. Using a network analyzer, you also notice that large amounts of network data are being sent out from the server. Which of the following is the most likely cause?
The server has a rootkit installed.
The server is infected with spyware.
The server is part of a botnet.
The server is part of a botnet.
If your system has been infected with a worm or virus and has become part of a botnet, at certain time, it may take part in distributed denial-of-service attacks on another system on the Internet and may exhibit slow responsiveness and a large amount of network data being sent out of the system
As part of your security baselining and operating system hardening, you want to make sure you protect yourself from vulnerabilities in your operating system software. Which of the following tasks should you perform?
Update antivirus signature files.
Install any patches or OS updates.
Use an encrypted file system.
Install any patches or OS updates.
The most recent software updates and patches for your operating system will contain the latest bug and exploit fixes. This prevents known bugs and weakness in the operating system from being exploited
A user has brought a virus-infected laptop into the facility. It contains no antivirus protection software and hasn’t been hooked up to the network yet. What’s the best way to fix the laptop?
Get the laptop on the network and download antivirus software from a server.
Boot the laptop with an antivirus boot CD.
Get the laptop on the network and download antivirus software from the Internet.
Boot the laptop with an antivirus boot CD.
If a computer is infected with a virus, do not connect it to a network, or you run the risk of the virus infecting other computers and servers. Use an antivirus program on a boot CD to clean the virus off the laptop before connecting it to the network
You are creating a standard security baseline for all users who use company mobile phones. Which of the following is the most effective security measure to protect against unauthorized access to the mobile device?
Enforce the use of a screen lock password.
Enable the GPS chip.
Install personal firewall software.
Enforce the use of a screen lock password.
To prevent unauthorized access to the device in the event it is lost or stolen, you can enable a screen lock password. The user will not be able to access the device until he enters the password
A security patch for your OS was released about a week after you applied the latest operating system service pack. What should you do?
Wait until the release of the next full service pack.
Download the patch only if you experience problems with the OS.
Download and install the security patch.
Download and install the security patch.
Even though you just installed the latest service pack, a security vulnerability might have recently been discovered, requiring that you install a new security patch. You will not be protected from the vulnerability if you do not install the security patch, and it might be too dangerous to wait for it to be included in the next service pack
Your application firewall is indicating that some type of HTTP worm is trying to infect one of your database servers, which also seems to be running an HTTP web server on port 80. This server does not need any type of web services. What should be done?
Install antivirus software.
Change the web server to use a different port.
Disable the web server.
Disable the web server.
Any application or service that is not needed by the server should be disabled or uninstalled. Leaving services enabled, such as a web server, could make the server vulnerable to web server attacks, including HTTP-based worms
To protect the confidentiality of users’ web browsing history and website credentials, which of the following security baseline policies should you enable for all users’ web browsers?
Block third-party cookies.
Periodically delete the browser cache.
Enforce SSL.
Block third-party cookies.
Third-party cookies are typically from advertising sites not related to the specific site you are browsing. By blocking these cookies, you will protect any identifying information in your web browsing history from being leaked to third-party companies
You have recently installed antivirus software on several client workstations and performed a full scan of the systems. One of the systems was infected with a virus less than an hour after the installation of the software. Which of the following is the most likely issue?
The virus was preexisting on the system.
Antivirus signatures need to be updated.
The virus could only be blocked by a pop-up blocker.
Antivirus signatures need to be updated.
Your antivirus software is installed with a default database of virus signatures. It may be several months out of date, and it is a best practice to immediately run the signature file update to make sure you are running with the latest signatures. Otherwise, the antivirus software may miss detecting a newly identified virus
There is an active shooter incident within your company, and your CEO has directed you to push a message out to all corporate mobile devices to account for the safety of all personnel by their “checking in.” What is the best option to be sure that even personnel with weak cellular connections receive the message?
MMS
SMS
Push notification
SMS
Although push notifications work well with a strong, steady connection to either a cellular or Wi-Fi network, SMS is more likely to get the message out to users who might have a weak signal