Security Flashcards

Question 1

Q

Andrea is concerned that she is being lured to provide her financial institution’s credentials on an invalid site via a message she received. Which type of attack is most likely taking place?

A) MAC address spoofing
B) IP spoofing
C) data mining
D) email spoofing

Answer

A

An email spoofing attack is most likely taking place. Email spoofing occurs when an email header to make it look like the message came from a valid source, when in actuality it comes from someone hoping to gain access to your information or assets. These emails may end up in your spam folder. They often attempt to get users to open attachments and/or respond to their illegal solicitation. Spoofing can be tricky because it can appear real.

Question 2

Q

What is email Spoofing?

Answer

A

Email spoofing occurs when an email header to make it look like the message came from a valid source, when in actuality it comes from someone hoping to gain access to your information or assets. These emails may end up in your spam folder. They often attempt to get users to open attachments and/or respond to their illegal solicitation. Spoofing can be tricky because it can appear real.

Question 3

Q

What is IP Spoofing?

Answer

A

IP spoofing is a technique that hackers will use to gain unauthorized access to computers by using valid IP addresses making it appear to be from the valid trusted host. Upgrading your routers and using firewall protection can help alleviate IP spoofing.

Question 4

Q

MAC Address Spoofing

Answer

A

MAC address spoofing occurs when an attacker changes the MAC address of his computer to match that of a valid trusted host. This is the most often attack that occurs when MAC address filtering is deployed.

Question 5

Q

What does the NAC stand for and function?

Answer

A

A popular method for this is to deploy a network access control (NAC) server and the appropriate NAC policies. NAC basically provides network solutions that secure network devices attempting to access via a non-compliant device. If the device complies with the set policies, they are given full access based on the user’s permissions. But if the device does not comply with the policies, the device is given limited access and is usually quarantined from critical resources.

Question 6

Q

You need to access a shared folder named research$. Which fact is true about this shared folder?

A)It is hidden.
B)It is a local share.
C)It is an administrative share.
D)It is visible.

Answer

A

Because the shared folder ends with a dollar sign, you should know it has the following qualities:

It is hidden.
It requires administrative privileges to access.

A share that ends with a dollar sign ($) is not a local or administrative share. Local shares are created locally and usually have the icon of a hand in all versions of Windows. Local shares can be seen by all users on the network.

Administrative shares are not the only hidden objects. System files and folders are often hidden so that they do not appear when a standard user views a directory listing. System files and folders are assigned the hidden attribute to provide this security.

Question 7

Q

Which of the following wireless authentication methods separates authentication and authorization into two different processes?

A) Multifactor authentication
B) RADIUS
C) Single factor authentication
D) TACACS

Answer

A

The Terminal Access Controller Access-Control System (TACACS) protocol suite separates authentication and authorization into two different processes, with accounting as a third process.

Question 8

Q

You are instructing a new IT technician on securing networks and using permissions. What would you tell Graham that the default permission position should be?

A) explicit allow
B) implicit allow
C) implicit deny
D) explicit deny

Answer

A

The default permission position in a secure network should be implicit deny. This will ensure that if a user or group does not have an explicit allow permission configured, the access will default to an implicit deny. An implicit deny should be the last rule contained on any firewall because most firewalls do not default to this setting. This firewall rule is often defined with a Drop All statement. On Windows servers, the access control list (ACL) defaults to an implicit deny.

Question 9

Q

A hacker has called a company employee and learned the employee’s user name and password by posing as a member of corporate technical support.

Which type of attack has the company suffered?

A) social engineering
B) denial of service
C) brute force
D) Insider threat

Answer

A

The company has suffered a social engineering attack, in which a hacker posed as a company employee or contractor to gain information about a network from legitimate company employees. A hacker typically uses social engineering to gain user names and passwords or sensitive documents by non-technical means, such as posing as an employee or dumpster diving. A company can help protect itself from a social engineering attack by requiring employees to attend security awareness training, which is one of the most neglected aspects of network security. Often hackers will use flattery as a means to gain trust to obtain information.

Question 10

Q

You want to provide secure access to the research laboratory and ensure that only authorized persons can enter the laboratory’s server room. Which system does NOT provide an effective means of ensuring that only authorized persons can enter the server room?

A) biometric access control system
B) smart card system
C) swipe card system
D) single sign-on system

Answer

A

The single sign-on system does not provide an effective means of ensuring that only authorized persons can enter the server room. Single Sign-On (SSO) is used to provide access over a network and ensures security of data in a computer network. However, it does not ensure physical security of data and computers, and cannot be used to ensure that only authorized persons enter the laboratory’s server room.

Question 11

Q

Your organization issues an iPhone to every member of senior management. As dictated by the organizational security policy, you configure the iPhones with passcode locks and enable remote wipe.

A user from your organization contacts you that a company-issued iPhone has been lost. The iPhone contained confidential information. You need to remove all the data from this iPhone.

What should you do?

A) Log in to iTunes, and select Find My iPhone. Select the device from the Devices list, and click Lock.

B )Log in to iCloud.com, and select Find My iPhone. Select the device from the Devices list, and click Lock.

C) Log in to iCloud.com, and select Find My iPhone. Select the device from the Devices list, and click Erase iPhone.

D )Log in to iTunes, and select Find My iPhone. Select the device from the Devices list, and click Erase iPhone.

Answer

A

To remove all the data from the iPhone, you should log in to iCloud.com and select Find My iPhone. Then select the device from the Devices list and click Erase iPhone. This will perform a remote wipe on the lost device.

Question 12

Q

What is a smart card?

A) an electronic file that establishes your identity via a public key infrastructure (PKI) to complete transactions

B) a technology that measures a human characteristic for authentication

C) an electronic signature that can be used to prove the sender’s identity or a document’s signer

D) a hardware device that has an embedded microchip that contains authentication or security information

Answer

A

A smart card is a hardware device that has an embedded microchip that contains authentication or security information. Smart cards are inserted into computers or smart card readers to unlock access for a user. RFID is one technology used in smart cards.

Question 13

Q

You need to run a command or application that requires administrative privileges. What should you do?

A) Right-click the application and select Properties. Select the Run this program as an administrator option on the Compatibility tab.

B) Enter the command name in the search window, right-click the command when it displays, and select Run as administrator.

C) Any of these

D) Right-click the command prompt, select Run as administrator, and enter the command.

Answer

A

You may use any of the options to run a command that requires administrative privileges. Standard privileges would not allow users to run commands or applications that require administrative privileges.

Question 14

Q

You have recently implemented five different security solutions for a small business. Move the correct items from the left column to the column on the right to match the security solutions on the left with the security issue that the solution BEST addresses.

Digital security Install antivirus software
Physical security Implement biometrics
Social engineering Educate users
Wireless security Disable SSID broadcast
Data security Destroy hard drives

Answer

A

Digital security focuses mainly on protecting your networks and devices from harmful data and malware. It includes anti-virus software, firewalls, anti-spyware software, and user authentication with strong passwords.

Physical security focuses mainly on ensuring the buildings and server rooms are protected against physical intrusion. It includes locked doors, guards, mantraps/access control vestibules, securing documentation, shredding old documentation, biometrics, badgers, key fobs, RFID badges, RSA tokens, and privacy filters.

Social engineering occurs when an attacker attempts to acquire information about a network via phone conversations or other social settings. User gullibility is the main reason that social engineering occurs. User education is the best protection against social engineering.

Wireless security focuses mainly on ensuring that a wireless network is protected against intrusion. It includes changing default user names and passwords, changing SSIDs, setting encryptions, disabling SSID broadcast, enabling MAC filtering, antenna and access point placement, power levels, and assigning static IP addresses to wireless routers.

Data security focuses mainly on protecting stored data. It includes hard drive formatting, sanitation, and physical destruction.

Question 15

Q

You are a network administrator for Nutex Corporation. Your organization implements a network. You have been tasked with designing the end-user security training that will be given to all employees regarding the network.

Which security issue should you cover?

A) social engineering attacks
B) denial of service (DoS) attacks
C) physical security issues
D) smart card usage

Answer

A

You should ensure that social engineering attacks are covered in the end-user network security training. End users should always be aware of the social engineering techniques that can be used by hackers. A network security policy should cover end-user training on security solutions and social engineering training.

Question 16

Q

You are attending a class on network identification and authentication. What is the most common form of identification and authentication?

A) user identification with reusable password
B) biometrics
C) two-factor authentication
D)s mart cards

Answer

A

The most common form of identification and authentication is user identification with reusable password. User identifications (IDs) and passwords are something you know, such as your personal information or an alphanumeric word or phrase that you memorize.

Question 17

Q

A user’s computer is infected with malicious software that spreads through the Internet to collect user information, including browsing habits. Which type of malware has infected this computer?

A) virus
B) Trojan horse
C) spyware
D) keylogger

Answer

A

Spyware is a type of malicious software, also referred to as malware. It infects through the Internet to collect user information, including browsing habits. Windows Defender and Microsoft AntiSpyware are two common tools from Microsoft to fight malware. Spyware is most likely to result in identify theft.

Question 18

Q

According to your company’s new security policy, the administrator must define the number of days that a password can be kept before the user can change it. Which password policy setting should the administrator use?

A) the Maximum password age setting
B) the Minimum password age setting
C) the Minimum password length setting
D) the Enforce password history setting

Answer

A

You can configure the Minimum password age setting on a Windows computer to define number of days that a password must be kept before the user can change it. The Minimum password age setting determines how many days a new password must be kept before the user can change it. The Minimum password age setting is designed to work with the Enforce password history setting to prevent users from changing back to their old passwords by quickly resetting their passwords the required number of times.

Question 19

Q

Daniel, a member of the board of directors for your company, has called the help line to complain that an unknown person is posting to his account on his favorite social media site pretending to be him. After discussing the problem, he reveals that he performed the steps as dictated by last week’s email from your department. Your department did not send out an email last week with steps to complete. What term(s) below best describe which attack most likely occurred? (Choose all that apply.)

A) whaling
B) zombie
C) spear phishing
D) mining
E) ransomware

Answer

A

Whaling or spear phishing most likely occurred. Whaling and spear phishing are two types of targeted phishing attacks. Spear phishing targets a group of high-risk users in an organization through email and social media posts. The hacker will send emails to a specific target attempting to convince someone to answer their questions with the objective of getting access to confidential information, usually login credentials. Once they get a response, they will monitor the user’s actions. Later they may use the information gained to mimic the targeted user’s behavior and even writing style. Whaling is conducted like spear phishing, except that whaling specifically targets senior executives (the “big fish”).

Question 20

Q

Vivian wants to set permissions on a certain folder to allow users to modify data. What is she really allowing them to do with this type of permission?

A) The user has all rights to change permissions and take ownership of the directory or any of its subdirectories.

B) The user can read, write, execute, and delete everything, including the folder.

C) The user can read files and view the contents of a directory and any of its subdirectories.

D) The user can read, write, execute, and delete everything, EXCEPT the folder.

Answer

A

With this type of permission, the user can read, write, execute, and delete everything, including the folder. NTFS permissions set on a file or a folder are done by accessing the folder s Properties dialog box and then opening the Security tab. In a nutshell, NTFS enable you to set up security settings on files and folders with the following permissions:

Full Control – Grants users all permissions on the folder. Administrators have this access.

Modify – Grants users a high level of access, except the ability to take full ownership.

Read & Execute – Allows users to read files and execute executable files.

List Folder Contents – Allows users to list the contents of the folder. It does not allow them to read the individual files within that folder. They can only see the file and folder names.

Read – Allows users to read the folder’s contents.

Write – Allows user to write or edit the folder’s contents.

Question 21

Q

Adam is new to networking and is curious about the various terms like MAC address and MAC address filtering. What would be the best description to explain to him about the purpose of MAC address filtering?

A) to provide port authentication for a wireless network
B) to restrict the clients that can access a Web site
C) to restrict the clients that can access a wireless network
D) to ensure that unused ports are not accessible by clients

Answer

A

The purpose of MAC address filtering is to restrict the clients that can access a wireless network. Access is restricted based on the client’s media access control (MAC) address, which is the unique identifier that is encoded on the network interface card (NIC). However, this is no longer considered a major security configuration because MAC addresses can usually be obtained using a network sniffer.

Question 22

Q

Which statement is true regarding smart cards?

A) Smart cards use infrared.
B) Smart cards can be deactivated or replaced.
C) Smart cards do not contain a microprocessor.
D) Smart cards are used only as hotel room keys.

Answer

A

An advantage of using a smart card is that you can deactivate or replace a card key if a user reports it lost or stolen. Smart cards contain a microprocessor that stores information, such as financial, authorization, and personal information. Smart cards are implemented with computers to improve network security. Usually a smart card reader is connected to a computer’s USB port or laptop’s PCMCIA port.

Question 23

Q

Which option would best address the security issues surrounding a BYOD policy in the organization?

A) Smart card
B) MDM policies
C) Software tokens
D) Multifactor identification

Answer

A

Mobile Device Management (MDM) policies would best address the security issues inherent in bring your own device (BYOD) policies in the workplace. MDM policies can allow the organization to control the security of its assets, even assets that are not owned by the organization, while at the same time allowing the employee the freedom of using their own personal devices, such as smart phones and tablets.

Question 24

Q

You have two wireless networks in your building. The wireless networks do not overlap. Both of them use Wi-Fi Protected Access 2 (WPA2).

You want to ensure that no unauthorized wireless access points are established. What should you do?

A) Periodically complete a site survey.
B) Change the two wireless networks to WEP.
C) Change the two wireless networks to WPA3.
D) Disable SSID broadcasts for the two wireless networks.

Answer

A

You should periodically complete a site survey to ensure that no unauthorized wireless access points are established. Site surveys generally produce information on the types of systems in use, the protocols in use, and other critical information. You need to ensure that hackers cannot use site surveys to obtain this information. To protect against unauthorized site surveys, you should change the default Service Set Identifier (SSID) and disable SSID broadcasts. Immediately upon discovering a wireless access point using a site survey, you should physically locate the device and disconnect it.

Question 25

Q

After determining the scope of a user’s job, what is the next step in implementing the principle of least privilege?

A) Determine the minimum set of privileges needed to perform the user’s job.

B) Configure the appropriate group memberships for the user’s account.

C) Configure the appropriate privileges for the user’s account.

D) Determine the maximum set of privileges needed to perform the user’s job.

Answer

A

After determining exactly what a user’s job entails, you should determine the minimum set of privileges that is needed to perform the user’s job.

Question 26

Q

You have discovered that hackers are gaining access to your WEP wireless network. After researching, you discover that the hackers are using war driving. You need to protect against this type of attack. What should you do? (Choose all that apply.)

A) Configure the WEP protocol to WPA2.
B) Configure the network to use authenticated access only.
C) Disable SSID broadcast.
D) Change the default Service Set Identifier (SSID).

Answer

A

You should complete all of the following steps to protect against war-driving attacks:

Change the default SSID.
Disable SSID broadcast.
Configure the network to use authenticated access only.
Configure the WEP protocol to WPA2.
Some other suggested steps include the following:

Implement WPA3 instead of WPA2.
Reduce the access point signal strength.

Question 27

Q

When users log in to the network locally, they must provide their username and password. When users log in to the network remotely, they must provide their username, password, and smart card.

Which two statements are true regarding your organization’s security? (Choose two.)

A) The remote network login uses three-factor authentication.
B) The local network login uses two-factor authentication.
C) The remote network login uses two-factor authentication.
D) he local network login uses one-factor authentication.

Answer

A

The local network login uses one-factor authentication. Although two items are being presented, both items are categorized as something you know.

The remote network login uses two-factor authentication. Although three items are being presented, two items are something you know and one is something you have. Another example of a two-factor authentication system is an ATM card (something you have) and a personal identification number (something you know).

Question 28

Q

Management has requested that BitLocker To Go be implemented on all Windows 10 computers. Which hardware is required to implement this technology?

A) a USB flash drive
B) a network interface card (NIC)
C) DirectX 10.0
D) an optical DVD/CD drive

Answer

A

To implement BitLocker To Go on all Windows 10 computers, you need a USB Flash drive. BitLocker To Go is a technology in Windows 10 that allows you to encrypt the contents of USB Flash drives.

None of the other hardware is required to implement BitLocker To Go.

Question 29

Q

You are creating a presentation for company management on the pros and cons of mobile devices. What is the greatest threat to the security of mobile devices?

A) GPS location services
B )unsecured Wi-Fi
C) theft
D) excessive permissions

Question 30

Q

Your company has several security measures that they have implemented on all mobile devices. Which of the following is NOT a security measure for mobile devices?

A) geotracking
B) passcode locks
C) login attempt restrictions
D) patching/updates
E) anti-virus

Answer

A

Geotracking is NOT a security measure for mobile devices. Geotracking occurs when a mobile device records the location of the device periodically and stores the information in a central location. This is actually a security concern for many mobile device users because law enforcement may be able to access this information. The United States Department of Homeland Security retains the right to access this information when they deem necessary.

Question 31

Q

You work as a network administrator for a small organization that has recently experienced several malware attacks. The attacks originated from users unintentionally downloading malicious software while browsing the Internet. You have been tasked with improving security to help minimize these attacks. Which of the following browser best practices should be implemented to help prevent future attacks? (Choose all that apply).

A) Installing an ad blocker
B) Clearing cached data
C) Using private-browsing modes
D) Using a password manager

Answer

A

Each of these options are practices and tools that should be implemented to help improve browser security.

Question 32

Q

You are creating a wireless network for your company. You need to implement a wireless protocol that provides maximum security while providing support for older wireless clients. Which protocol should you choose?

A) Wi-Fi Protected Access (WPA)
B) Wired Equivalent Privacy (WEP)
C) Wireless Application Protocol (WAP)
D) Wi-Fi Protected Access 2 (WPA2)

Answer

A

You should implement WPA. Wi-Fi Protected Access (WPA) was created to fix core problems with Wired Equivalent Privacy (WEP). WPA is designed to work with older wireless clients while implementing the 802.11i standard.

Note that WEP and WPA are both considered deprecated protocols. While an organization can still implement them, IT professionals should caution against it because of the security issues with both protocols.

Question 33

Q

You are providing training on security breaches regarding passwords and encryption. Which attacks often attempt this type of breach? (Choose all that apply.)

A) Dictionary attack
B) Brute-force attack
C) Rainbow attack
D) Man-in-the-middle attack

Answer

A

Rainbow attacks, brute force attacks, and dictionary attacks often target passwords and encryption.

Question 34

Q

You need to ensure that users are able to log into multiple systems using the same login credentials. Which technology should you deploy?

A) VPN
B) SSO
C) multifactor authentication
D) two-factor authentication

Question 35

Q

Which option is used to protect data in use, data in motion, and data at rest from accidental or intentional leaks?

A) DLP
B) Firewalls
C) Port security
D) Certificates

Answer

A

Data Loss Prevention (DLP) is a set of business rules that protect data in use, data in motion, and data at rest. DLP is the general term for the technology used to protect a company’s information from accidental or intentional leaks.

Certificates would only protect data in use. A good way to use a certificate for DLP would be to prevent a man-in-the-middle attack by requiring the sender or recipient certificate prior to transmitting the data.

Question 36

Q

Several users will be using a new Windows 10 computer. You have been asked to configure the accounts in the appropriate manner to maximize security. Which procedures should you implement? (Choose all that apply.)

A )Rename the Administrator account.
B) Rename the Guest account.
C) Disable the Administrator account
D) Disable the Guest account.

Answer

A

You should rename both the Administrator and Guest accounts because these accounts are created by default. Renaming the accounts provides an added level of security for these accounts. You should also disable the Guest account. The Guest account should only be enabled in certain instances and should only be enabled temporarily. By default, the Guest account in Windows 10 and later is disabled, but you should always confirm this is true.

Question 37

Q

A user asks you to describe how computers are infected with viruses. Which option is NOT usually a way that a virus infection occurs?

A) through email
B) through vendor installation media
C) through the Internet
D) through file sharing

Answer

A

Vendor installation media (such as CDs) are not usually a way that a virus infection occurs. Most vendors ensure that the installation files and media are virus free before disseminating them. However, if you are downloading an installation file from the Internet, be sure you are downloading it from the vendor’s official website or another trusted source, and not from a third-party site that could provide Trojan horses or virus files masquerading as or bundled with legitimate software. For example, if a vendor has an available download of an application but the application itself is owned by another vendor, it is always best to download the application from the owner vendor. The secondary vendor may have added some malicious code to the version on their Web site.

Question 38

Q

Paul is the new security guard at Metroil. He is stationed at the data center where all the valuable data is stored. Entry to the data center is controlled by two doors with a small room between them. Personnel use a smart card to open the first door. During his shift at Metroil, Paul allows access to the data center through the second door once a user has successfully opened the first door. Which type of physical security barrier is being used?

A) mantrap
B) key fob
C) biometrics
D) magnetometer

Answer

A

A mantrap, also referred to as an access control vestibule, is being used. A mantrap is a setup with two doors and a small room between them. The first door requires authentication to get into the small room. Then a second verification will occur (such as a guard visually identifying the person) to allow the user through the second door. Mantraps are typically used where very high security is needed because the second door can only open once the first door is closed. Mantraps are excellent deterrents against tailgating.

Question 39

Q

You manage the workstations for your organization. You are concerned about the introduction of malicious software through seemingly harmless activities like listening to music on a flash drive. Which of the following security practices should you implement?

A) Patch/update management
B) Password reset/unlock account procedures
C) Disable AutoPlay
D) Data encryption

Answer

A

If you disable AutoPlay, this will prevent various types of media, such as CDs, DVDs, and Blu-Ray disks, from automatically launching and playing when inserted. It will also disable AutoPlay for other types of removable media, such as portable hard drives. If this feature is not disabled, an attack can launch from a malicious executable installed on optical media.

Question 40

Q

According to your organization’s data backup policy, you must keep track of the number and location of backup versions of the organization’s data. What is the main purpose of this activity?

A) to ensure proper disposal of information
B) to create an audit trail
C) to demonstrate due diligence
D )to restrict access to the backup versions

Answer

A

The main purpose of keeping track of the number and location of backup versions is to ensure proper disposal of information.

Question 41

Q

A user wants to change his local password on a Windows 10 computer using the least amount of administrative effort. What are the users best options? (Select two)

A) Press Ctrl+Alt+Del, and select Change a Password.

B) Click Start and Control Panel. Click User Accounts. Click Change My Password.

C) Click Start and open the Control Panel. Click User Accounts. Click the user’s account name, and then select Make changes to my account in PC settings.

D) Click Start and search Sign In Options. Then select Password and then choose Change.

Answer

A

The user can click start and search sign in options. Afterwards, they should select Password and then choose Change.

The user may also press Ctrl+Alt+Del and select change a password

Question 42

Q

You manage the Android devices issued to your mobile salesforce. Which two methods for securing Android devices would provide you with the highest level of security? (Choose two.)

A) Patching/OS updates
B) Firewalls
C) Full device encryption
D) Biometric authentication
E) VPN

Answer

A

Biometric authentication and full device encryption would provide you with the highest level of security for Android mobile devices.

Biometric authentication matches a user’s uniquely identifiable physical attribute to a previously stored value. Biometrics is among the most secure physical security measures. Examples include fingerprints, iris or retinal scans, voice prints, and keyboard cadence.

Full device encryption requires that the user provide a PIN, password, or a swipe pattern in order to activate the decryption key on the device. If the user does not provide the correct information, the data remains encrypted and inaccessible.

Question 43

Q

Which of the following is described as gaining unauthorized access to the data center by using another user’s credentials?

A) turnstile
B) intrusion
C) piggybacking
D) mantrap

Answer

A

Piggybacking is the act of gaining unauthorized access to a facility by using another user’s access credentials. It is sometimes referred to as tailgating. Tailgating and piggybacking differ in one key way: in piggybacking, the person who piggybacks does so with the knowledge of the authorized person being followed, whereas in tailgating, the person who enters using real credentials does not give permission to the person following behind.

Question 44

Q

You need to provide a physical security measure for a data center located on the second floor of a building. Management wants you to implement the highest level of security possible. Which physical security control should you implement?

A) Key fobs
B) Biometrics
C) Passwords
D) Smart cards

Answer

A

You should implement biometrics. Biometric devices help identify users’ physical characteristics and include retinal scanners, hand scanners, fingerprint scanners, and DNA scanners. Biometric devices are the authentication factor that is most resistant to being lost or stolen.

Question 45

Q

Your company has recently adopted several new security policies regarding mobile devices. Which mobile device application helps when a mobile device is stolen, but also raises privacy concerns?

A remote backup applications
B) locator application
C) remote wipe applications
D) passcode applications

Answer

A

Locator applications help when a mobile device is stolen. Most locator applications can locate a lost device, lock the lost device, and remote wipe the device. Locator applications also raise privacy concerns because the apps can be used to trace the mobile device.

Question 46

Q

When explaining the differences between NTFS and FAT32 to a user installing Windows 10, which three benefits would you share with them regarding NTFS?

A) file encryption
B) better disk space management
C) virus protection
D) better security
E) malware protection

Answer

A

NTFS is the file system that comes with Windows operating systems. It provides better security, file encryption, and better disk space management than FAT32.

FAT and FAT32 are relatively stable, but if the power goes out or an unexpected system crash occurs, data is not always recoverable. NTFS has a tracking system that manages transactions, files, directories and volumes in a more secure fashion. NTFS also holds permissions for local users and groups and allows them to have read, write, read and execute, modify, full control, or special permissions to both folders and files. Permissions can be configured for allow versus deny. Additionally, it allows file encryption, which prevents hackers from accessing data easily.

Question 47

Q

Recently several employees email accounts were hacked after they visited the local coffee shop and used their mobile devices there. Which type of attack most likely occurred?

A) zombie
B) tailgating
C) shoulder surfing
D) zero-day attack

Answer

A

The employees are most likely the victim of a shoulder surfing attack. Shoulder surfing occurs when hackers watch or sit close to someone and memorize their sensitive data. They will watch for people entering passwords, typing credit card numbers, or other private activities. The best way to avoid shoulder surfing is to survey the area you will be sitting in, sit away from other people’s lines of sight, and not log in to banking sites or other sensitive sites from public places. You can dim your screen or purchase privacy filters, but trying to avoid these types of activities in public is best.

Keep in mind that shoulder surfing is not always carried out by a person that you can see. Video cameras and other surveillance devices can be used to carry out these attacks.

Question 48

Q

Which of the following is an example of phishing?

A) a program that sends out your personal information to an advertiser

B) an attack that uses drones to obtain email accounts to send spam

C) a Visual Basic script attached to an email that infects your system

D) an email request from a financial institution asking you to log in and change your password using the provided link

Answer

A

An example of phishing is an email request pretending to be from a financial institution asking you to log in and change your password using the provided link. Phishing attacks always appear to be from a legitimate source.

Question 49

Q

You are sharing a portable computer with a vendor to work on a legacy application. What should you do to secure this computer from theft?

A) Use a T-bar locking mechanism.
B) Enable BitLocker.
C) Enable encrypting file system (EFS).
D) Implement password protection on the computer.

Answer

A

You should use a T-bar locking mechanism to protect the portable computer from physical theft. A T-bar locking mechanism helps protect your devices from physical theft by locking the device to the desk. If you do not have a T-bar locking mechanism and you need to leave an unsecured computer at any time, you should lock the computer in a cabinet or drawer.

Question 50

Q

You work as a network administrator for a small corporation that has recently set up a new Web server within their premises. You need to ensure that the Web server always receives the same IP address from your DHCP server. What should you do?

A) Utilize a DHCP scope.
B) Implement Universal Plug and Play.
C) Create a DHCP reservation.
D) Implement a screened subnet.

Answer

A

You should create a DHCP reservation. DHCP reservations are used in permanent IP address assignment, such as for a web server. DHCP reservations use an IP address that has been pre-reserved within a DHCP scope.

Question 51

Q

Which Active Directory logical security concept would you implement to best protect a user’s data in the event of a hard drive crash?

A) Login script
B )Folder redirection
C) Domain membership
D) Organizational unit

Answer

A

Folder redirection would protect a user’s data in the event of a hard drive crash. Instead of storing the user’s data (such as the Documents folder) on the local hard drive, folder redirection points to a network storage location, such as a server or a cloud location.

Question 52

Q

During a recent security audit, you discovered that several computers were infected with software that uses tracking cookies to collect and report a user’s activities. Of which type of malware infection is this an example?

A) Trojan horse
B) worm
C) spyware
D) virus

Answer

A

Spyware often uses tracking cookies to collect and report a user’s activities. Spyware installs itself without notifying the user.

Question 53

Q

Daniel is new to your department and is asking about wireless networks. What would you tell him are three conditions that affect the external vulnerabilities of wireless networks? (Choose three.)

A) Antenna selection
B) Number of users
C) Antenna placement
D) Access point power
E) Speed of connection

Answer

A

Antenna selection (such as the use of directional versus omnidirectional antennas) plays an important role in protecting a wireless network.

Antenna placement will also have an effect on the vulnerabilities of a wireless system. Antennas should be placed as far away from exterior walls as possible. Otherwise, the signal will go outside the building. This allows anyone outside the building to attach to your network. That is why RADIUS and other technologies are required for wireless networks.

The power of the access points should be adjusted to a level that is just strong enough for the operation of the network, but not so strong that signals escape to the outside of the building.

The number of users and the speed of the connection will not cause external vulnerabilities to a wireless system. The number of addresses is, however, a cause of external vulnerabilities.

Question 54

Q

You have recently discovered that users on your network have been victims of impersonation attacks. You need to implement an authentication method that checks the identity of both ends of the connection. Which authentication method does this? (select two)

A) biometric authentication
B) RADIUS authentication
C) mutual authentication
D) Kerberos authentication

Answer

A

Mutual authentication, in general terms, checks the identity of both ends of the connection. It is often referred to as two-way authentication. Specifically, Kerberos authentication is one method to accomplish mutual authentication.

Question 55

Q

Which of the following is based on the security concept of “something you have”? (Choose all that apply.)

A) Hardware token
B) Door lock
C) Server lock
D) Biometric lock

Answer

A

Hardware tokens, server locks, and door locks are security concepts considered “something you have.” If they are the sole method of user authentication, safeguards must be put in place to ensure security should they are lost or stolen. They are best implemented as part of a multifactor authentication system.

Question 56

Q

An IT technician has recently discovered an evil twin on your company’s network. What is the best description of an evil twin?

A )an unauthorized access point
B) cracking the WEP secret key using the initialization vector (IV)
C) an access point with the same SSID as the legitimate access point
D) signals about the wireless network marked on the outside of a building

Answer

A

An evil twin is an access point with the same SSID as the legitimate access point. It is a special type of unauthorized access point.

Question 57

Q

As stated in your organization’s new password policy, you must configure how many new passwords must be created before an old one can be reused. Which policy should you use?

A) password complexity
B) password age
C) password lockout
D) password length
E) password history

Answer

A

Password history allows you to configure the exact number of new passwords that must be created before an old one can be reused. This setting enhances security by allowing the administrators to ensure that old passwords are not being reused continually. Reused passwords are sometimes referred to as rotating passwords.

Question 58

Q

You need to configure the UAC: Behavior of the elevation prompt for administrators group policy in a highly secure environment for Windows 10 computers. Which group policy setting should you use?

A) Prompt for consent on the secure desktop
B) Prompt for credentials on the secure desktop
C) Prompt for credentials
D) Prompt for consent

Answer

A

The User Account Control: Behavior of the elevation prompt for administrators is in the Admin Approval Mode group policy. The recommended setting for a highly secure environment is Prompt for credentials on the secure desktop.

Question 59

Q

What is the best implementation of the principle of least privilege?

A) Issuing the Run as command to execute administrative tasks during a regular user session

B) Ensuring that all services use the main administrative account to execute their processes

C) Issuing a single account to each user, regardless of his job function

D) Completing administrative tasks at a computer that functions only as a server

Answer

A

The best implementation of the principle of least privilege is to issue the Run as command to execute administrative tasks during a regular user session. You should never use an administrative account to perform routine operations, such as creating a document, checking your email, and so on. Administrative accounts should only be used when you need to perform an administrative task, such as configuring services or backing up the computer. By issuing Run as the command to execute administrative tasks during a regular user session, you execute the task as needed, but limit only the particular task to running under the administrative account. If you logged off and back on using the administrative account, there is a possibility that you would forget to return to using your regular user account when performing routine tasks.

Question 60

Q

In a security awareness class, the instructor discusses malicious software that relies on other applications to execute and infect the system. Which type of malware is being discussed?

A) a worm
B) a virus
C) a Trojan horse
D) a logic bomb

Answer

A

A virus is malicious software (malware) that relies on other application programs to execute and infect a system. The main criterion for classifying a piece of executable code as a virus is that it spreads itself by means of host applications. The hosts could be any application on the system.

Question 61

Q

You are researching biometrics for identification and verification of employees in an organization.

Which attributes or details of an employee can be used by biometric devices? (Choose all that apply.)

A) hand geometry
B) fingerprints
C) iris
D) face
E) signature
F) hair

Answer

A

You can use the following attributes of a person to recognize the person through the use of biometric devices:

Fingerprints
Palmprint
Face
Signature
Iris
Retina
Hand geometry
Voice

Question 62

Q

In recent weeks, management has established administrators must ensure password strength. Which password setting is most important to ensure password strength?

A) password complexity
B) password history
C) password lockout
D) password age

Answer

A

Password complexity is most important to ensure password strength. Password complexity allows you to configure which characters should be required in a password to reduce the possibility of dictionary or brute force attacks. A typical password complexity policy would force the user to incorporate numbers, letters, and special characters. Both uppercase and lowercase letters can be required. A password that uses a good mix, such as Ba1e$23q, is more secure than a password that only implements parts of these requirements, such as My32birthday, NewYears06, and John$59.

Question 63

Q

You have stored critical information about your company in the computers in your server room. You want only authorized people to be allowed entry into the server room.

Which method will be MOST effective to maintain the security of the server room?

A) Position a surveillance camera at the entrance of the server room.

B) Employ an access control system on the entrance of the server room.

C) Employ an IDS to alert personnel when unauthorized access occurs.

D) Place a safe lock on the server door and give the key only to the authorized persons.

Answer

A

An access control system should be employed at the entrance of the server room to maintain security. An access control system will prevent any unauthorized access to the server room. An access control system uses devices, such as smart cards or biometrics, to provide access only to authorized persons. Therefore, unauthorized individuals cannot enter the server room.

Question 64

Q

Edith and Clarence are studying for their A+ exam and want to learn more about NTFS permissions versus share permissions on Windows 10 computers. Which of the following statements is FALSE?

A )NTFS permissions include Read, Write, Modify, and Full Control.
B) Share permissions can be assigned to users and groups.
C) NTFS permissions can be assigned to users and groups.
D) Share permissions include Read, Write, Modify, and Full Control.

Answer

A

Share permissions do NOT include Read, Write, Modify, and Full Control. They only include Read, Change, and Full Control.

Answer 63

A

Passcode locks are considered to be the easiest to implement for mobile devices. Passcode locks are a type of screen lock. Other screen locks include fingerprint locks, face locks, PIN locks, and swipe locks.

Answer 64

A

She is reporting a tailgating attack. Tailgating occurs when someone uses your credentials without your knowledge to gain entry to a building. The unauthorized individual usually just follows closely behind you as you enter, gaining access to the building without needing a key, a card, or other security device. Many social engineering intruders who require physical access to a site will use this method to gain entry, and can compromise the integrity of the authorized user.

Answer 65

A

Single sign-on allows users to freely access all systems to which their account has been granted access after the initial authentication. The single sign-on process addresses the issue of multiple user names and passwords. It grants users access to all the systems, applications, and resources they need when they start a computer session. This is considered both an advantage and a disadvantage. It is an advantage because the user only has to log in once and does not have to constantly re-authenticate when accessing other systems. Multiple directories can be browsed using single sign-on. It is a disadvantage because the maximum unauthorized access is possible if a user account and its password are compromised.

Answer 66

A

The quickest way to lock a Windows computer is to press the Windows Logo + L keys. This feature works in Windows 10 and higher.

Answer 67

A

The most secure password change request policy is to require users to make password change requests in person. The administrator should request a user’s credentials and photo identification to verify that the user is the valid user.

Answer 68

A

Operating systems are installed with default user and guest accounts. These accounts are well known to most attackers, who can use them to hack into a system. It is recommended that you rename the administrator account to prevent an attacker from using password-guessing techniques to gain entry into the system. In addition, you should disable and rename the guest accounts to prevent users without an account from accessing the system using these anonymous accounts. If you need to use the guest accounts, you should ensure that they have passwords.

Answer 69

A

To provide authentication on a network that contains two servers, he should implement usernames with strong passwords. This will allow the users to authenticate before accessing resources.

Answer 70

A

A rootkit is a collection of programs that grants a hacker administrative access to a computer or network. The hacker first gains access to a single system, and then uploads the rootkit to the hacked system. An example of a rootkit is a system-level kernel module that modifies file system operations.

Answer 71

A

You should disable the account. If you disable the user account, the data is available for backup and archive procedures, but not available to the user.

Account deletion will delete the user and possibly the associated data. However, even if you retained the user’s data, you may not be able to access the data if only the deleted user’s account is configured to have access to that data.

Answer 72

A

When you copy an EFS-encrypted file to an NTFS volume that does not implement EFS, the new version of the file is decrypted. However, the original version of the file remains encrypted.

When you copy an unencrypted file to an NTFS volume that implements EFS, the original version of the file remains decrypted. However, the new version of the file is encrypted.

When you move an encrypted file in the same NTFS volume, the file will remain encrypted. When you move an encrypted file to an NTFS volume that does not implement EFS, the file will be decrypted. When you move an encrypted file to an NTFS volume that implements EFS, the file will remain encrypted.

Answer 73

A

Proper labeling is required to avoid mishandling of the information on storage media. Compact discs (CD-ROMs), Blu-Ray disks, and USB flash drives are used to store small data sets, while backup tapes are used to store large numbers of data sets. Storage media containing confidential information must be appropriately marked and labeled to ensure appropriate classification. The storage media should also be stored in a protected area. Each media should be labeled with the following details:

Classification
Date of creation
Retention period
Volume name and version
Name of the person who created the backup

Answer 74

A

You should adjust the power level setting for the AP to a slightly higher setting. After changing the power level setting, you should reboot the AP. The only way to gain more coverage for an AP is to increase the power level.

Answer 75

A

To be able to connect to all types of Web sites, you should open port 80 and port 443 in the firewall application. Port 80 is used by Hypertext Transfer Protocol (HTTP), the default protocol used by Web pages. Port 443 is used by Secure HTTP (HTTPS), the protocol used by secure Web pages.

Answer 76

A

A worm is a malicious program that replicates itself to computers on a network through security loopholes. A worm infects a computer by detecting various vulnerabilities and security loopholes on a computer. After the computer is infected, the worm attempts to replicate itself by detecting similar security loopholes and vulnerabilities in other computers on the network.

Answer 77

A

Shoulder surfing refers to examining someone’s computer from behind to steal confidential information, such as user passwords or information related to business. Such information can be used to break into the network or the system and can affect the confidentiality and integrity of the information assets of the organization. Privacy screens can help prevent shoulder surfing. You should also implement password masking to prevent shoulder surfing.

Answer 78

A

You should deploy biometrics, smart cards, and strong passwords. This covers three different factors of authentication: something you are (biometrics), something you have (smart cards), and something you know (passwords.)

Answer 79

A

You should configure the Maximum password age policy to define the number of days a password can be used before the user is required to change it. You can set the number of days between 0 and 999. If you set the policy to 0 days, then the password will never expire. Configuring the Maximum password age policy can help prevent a computer from being hacked.

Brainscape's Knowledge GenomeTM

Security Flashcards

Quiz revision

Brainscape's Knowledge Genome^TM