Security Flashcards

Question

An office is experiencing constant connection attempts to the corporate Wi-Fi. Which of the following should be disabled to mitigate connection attempts? A. SSID B. DHCP C. Firewall D. SSD

Answer 1

A. SSID ## Footnote Disabling the SSID (Service Set Identifier) broadcast hides the Wi-Fi network from public view, making it less visible to unauthorized users or devices attempting to connect. This reduces constant connection attempts while still allowing authorized devices to connect by manually entering the SSID. Why the other options are incorrect: B. DHCP: Disabling DHCP would stop automatic IP address assignment but would not directly prevent connection attempts to the Wi-Fi network. C. Firewall: A firewall protects the network from threats but doesn’t prevent connection attempts. D. SSD: This refers to solid-state drives and is unrelated to Wi-Fi or networking.

Answer 2

C. XSS ## Footnote Cross-Site Scripting (XSS) involves injecting malicious scripts or arbitrary characters into web page requests or input fields. These scripts are then executed by the web browser of other users viewing the page, potentially compromising data or security. Why the other options are incorrect: A. SMS: Refers to Short Message Service for text messaging, unrelated to web page requests or scripting. B. SSL: Refers to Secure Sockets Layer, a protocol for encrypting communications, not injecting characters. D. VPN: Refers to Virtual Private Network, used for secure and private network connections, not scripting attacks.

Answer 3

D. Restricting log-in times E. Enabling a screen lock ## Footnote Explanation: D. Restricting log-in times: Prevents user accounts from being accessed during the night shift. E. Enabling a screen lock: Automatically locks computers when inactive, blocking unauthorized access. Incorrect Options: A: Protects data but doesn’t block access to the system. B: Prevents malware via USB but doesn’t restrict access. C: Limits permissions but doesn’t stop logins. F: Reduces risks but doesn’t prevent access.

Answer 4

A. Ransomeware ## Footnote Explanation: Ransomware is a type of malicious software that encrypts a victim's data and demands payment, often in cryptocurrency, to unlock it. Cryptocurrency is commonly used due to its anonymity and ease of transfer. Why the other options are incorrect: B. Keylogger: Records keystrokes to steal sensitive information but does not demand payments. C. Cryptomining: Uses a system's resources to mine cryptocurrency for the attacker but does not request payments. D. Rootkit: Provides unauthorized access to a system and hides malicious activities but does not typically demand payments.

Answer 5

B. Access control vestibule ## Footnote An access control vestibule (also called a mantrap) allows physical access to a restricted area while maintaining a record of events. It often includes logging mechanisms like keycard readers, biometrics, or surveillance systems to track who enters and exits. A. Hard token: Authenticates but doesn’t log physical access. C. Key fob: Grants access but doesn’t inherently log events. D. Door lock: Secures access but doesn’t track events.

Answer 6

B. MDM ## Footnote MDM solutions help secure, monitor, and manage BYOD (Bring Your Own Device) policies. They can enforce security policies, detect and mitigate malware, and restrict data sharing to reduce the risk of data disclosure. Why the other options are incorrect: A. UAC (User Account Control): UAC is a Windows feature that minimizes the impact of malware on a system but does not specifically address BYOD concerns or manage devices. C. LDAP (Lightweight Directory Access Protocol): LDAP is used for directory services like authentication and user management but does not manage mobile devices or prevent malware-related data leaks. D. SSO (Single Sign-On): SSO simplifies authentication across systems but does not directly address device security or malware protection.

Answer 7

C. Least privilege ## Footnote Least privilege ensures users only have the minimum level of access needed to perform their job functions, reducing the risk of unauthorized access or data breaches. Why the other options are incorrect: A. Access control list (ACL): Specifies permissions for resources but does not inherently ensure users have only the necessary level of access. B. Multifactor authentication (MFA): Enhances authentication security but doesn’t regulate the level of access granted. D. Mobile Device Management (MDM): Manages and secures devices but does not directly control access levels for user functions.

Answer 8

A. Dumpster Diving ## Footnote Shredding documents prevents attackers from retrieving sensitive information from trash, which is a tactic used in dumpster diving. B. Phishing: Not related to physical documents. C. Whaling: Targets individuals via phishing, not physical documents. D. Shoulder surfing: Involves observing someone in person, not document disposal.

Answer 9

D. Keylogger ## Footnote A keylogger is a type of malware designed to record keystrokes to capture sensitive information such as usernames, passwords, or credit card details. The presence of grabber.exe (which likely refers to the malicious program) and output.txt (where the captured data may be stored) suggests this is a keylogger operation. A. Trojan: Trojans disguise as legitimate software but don’t typically capture keystrokes or store them in files like output.txt. They focus on broader malicious actions, not just logging keystrokes. B. Rootkit: Rootkits hide malware and operate at a deeper level, often without visible files. The grabber.exe and output.txt files suggest visible data capture, which is not typical for rootkits. C. Cryptominer: Cryptominers mine cryptocurrency and don’t typically generate files like output.txt to store captured data. They focus on using system resources, not logging keystrokes.

Answer 10

B. Biometrics ## Footnote Biometrics (like fingerprint or facial recognition) is a built-in mobile device feature that can serve as a second authentication factor alongside a PIN. It’s easy to enforce, user-friendly, and aligns with common two-factor authentication (2FA) policies for mobile devices. ❌ A. Smart card Smart cards require external hardware/readers and are not typically used or supported natively on most mobile devices. ❌ C. Hard token Hard tokens are external physical devices, not a built-in feature of mobile phones. ❌ D. One-time password (OTP) OTPs are often used for remote login, not local device unlock, and usually require a separate app or service.

Answer 11

D. Multifactor authentication ## Footnote Multifactor authentication (MFA) means using two or more different types of authentication factors: Something you know (e.g., password or PIN) Something you have (e.g., ID card, smartphone) Something you are (e.g., fingerprint, face scan) In this case, using an ID (something you have), a password (something you know), and a biometric (something you are) is a textbook example of MFA. ❌ A. Types of security This is a vague term — not specific enough to describe using multiple authentication factors. ❌ B. Access control Access control refers to who is allowed access and what they can do, but doesn’t specifically describe how they’re authenticated. ❌ C. Principle of least privilege This concept means users get only the access they need, not about how they log in.

Answer 12

B. Bollard ## Footnote A bollard is a short, sturdy post designed to physically block vehicles from accessing certain areas. Commonly installed in front of buildings, stores, or pedestrian zones to prevent vehicle crashes, both accidental and intentional. ❌ A. Cameras Cameras provide surveillance, but they do not physically prevent vehicles from crashing. ❌ C. Lighting Lighting improves visibility and safety, but it doesn’t stop a vehicle. ❌ D. Biometrics Biometrics are used for identity verification, such as fingerprint or facial recognition — unrelated to vehicle control.

Answer 13

A. Uninstall the game application D. Install the latest security patches ## Footnote ✅ A. Uninstall the game application The problems started after installing the app. It’s likely malicious or poorly coded. Removing it can stop crashes and battery drain. ✅ D. Install the latest security patches Ensures the device has protection against known malware or exploits the app may have used. ❌ B. Perform a factory reset Too extreme for a first step. Try less drastic actions first. ❌ C. Connect to external charger Doesn’t fix the root cause (malware or bad app). ❌ E. Clear app cache May improve performance slightly but won’t remove malware or malicious behavior. ❌ F. Enable built-in anti-malware Good long-term, but doesn’t directly address the current issue if the app is already causing harm.

Answer 14

C. RADIUS ## Footnote ✅ C. RADIUS Used for secure authentication of users on enterprise wireless networks. Ideal for BYOD because it supports per-user credentials and integrates with directory services like Active Directory. Provides better control, auditing, and access management for a variety of personal devices. ❌ A. Local certificates Requires installing certificates on each personal device — not scalable for most BYOD environments. ❌ B. TACACS+ Typically used for administrative access to network devices, not end-user wireless authentication. ❌ D. Captive portal More suitable for guest access, not for securely authenticating employee-owned devices with user credentials.

Answer 15

B. Boot sector virus ## Footnote ✅ B. Boot sector virus Infects the boot sector or master boot record (MBR) of the drive. Remains active even after reinstalling the OS because it loads before the OS and can reinfect the system. ❌ A. Trojan Typically delivered through files or downloads, but does not persist through OS reinstall if storage is wiped properly. ❌ C. Spyware Usually detected and removed with proper malware tools; unlikely to survive a full OS reinstall. ❌ D. Rootkit Can hide deep in the OS but generally removed by a full OS reinstall unless combined with boot sector infection.

Answer 16

A. Isolate the machine from the network ## Footnote ✅ A. Isolate the machine from the network Prevents malware or attackers from spreading or communicating externally. Important first step to contain the infection or issue before further troubleshooting. ❌ B. Scan the system for hidden files Helpful later, but first you want to stop any possible spread. ❌ C. Disable unused ports Good security practice but not immediate priority in this scenario. ❌ D. Install antivirus software Important, but if the machine is infected, isolating first is safer. ❌ E. Reconfigure the firewall Useful for network security but not the first step here.

Answer 17

E. Disable AutoRun F. Restrict user permissions ## Footnote ✅ E. Disable AutoRun AutoRun (or AutoPlay) is a feature in Windows that can automatically execute programs on USB drives when they're inserted. Disabling AutoRun prevents malware from launching automatically, which is key to stopping this kind of USB-based attack. ✅ F. Restrict user permissions If users do not have administrative rights or permission to install software, malicious software on USB drives will be unable to install itself, even if it's executed manually. ❌ Incorrect Options Explained: A. Install a host-based IDS – While helpful for monitoring, it detects intrusions after they occur; it doesn't prevent USB-based malware installation. B. Restrict log-in times – Controls when users can access systems, but does nothing to prevent USB-based infections. C. Enable a BIOS password – Prevents BIOS access but is unrelated to USB drive activity within the operating system. D. Update the password complexity – Improves account security, but doesn't stop malware from installing via USB.

Answer 18

B. Activating the email spam filter ## Footnote ✅ B. Activating the email spam filter A spam filter helps prevent phishing emails from reaching the user's inbox by filtering out suspicious or malicious messages. This is the most direct and effective way to reduce phishing attempts. ❌ Incorrect Options: A. Enabling Windows Firewall A firewall blocks unauthorized network traffic, but it does not filter emails or stop phishing attacks. C. Using a secure VPN connection A VPN secures network traffic, especially on public networks, but it doesn’t prevent phishing emails from being received or opened. D. Running vulnerability scans on a schedule Scans help identify system weaknesses, but they don’t block phishing attempts directly.

Answer 19

A. Keys ## Footnote ✅ A. Keys Encrypted emails use public key encryption. To decrypt the message, the user must have the appropriate private key, and sometimes the sender and receiver must exchange public keys beforehand. The technician's advice to "exchange information to decode the message" refers to this key exchange process. ❌ Incorrect Options: B. Token Tokens are usually used in multi-factor authentication (MFA), not for decrypting email content. C. Password While some encrypted emails may be opened with a password, that’s not the standard for enterprise email encryption, which typically uses key pairs (public/private keys). D. Root CA A Root Certificate Authority (CA) is part of a certificate hierarchy and is used to validate certificates, not decrypt individual messages. It’s not what the user would receive from the sender.

Answer 20

B. 53 ## Footnote ✅ B. 53 Port 53 is used by DNS (Domain Name System) for both queries and responses, including DNS recursion, over UDP and TCP. DNS recursion is the process by which a DNS server queries other DNS servers on behalf of the client to resolve a domain name. ❌ Incorrect Options: A. 1 Port 1 is the TCP Port Service Multiplexer (TCPMUX), which is rarely used and not related to DNS. C. 80 Port 80 is used for HTTP (web traffic), not DNS. D. 123 Port 123 is used for NTP (Network Time Protocol), which synchronizes clocks between systems. E. 445 Port 445 is used for Microsoft-DS (Direct SMB over TCP/IP), primarily for file sharing in Windows environments.

Answer 21

A. Multifactor authentication ## Footnote ✅Multifactor authentication (MFA) is the best defense against brute-force attacks because it requires more than just a password — even if an attacker correctly guesses or cracks the password through brute force, they still need another factor (like a code from an app or a fingerprint). This greatly reduces the chances of unauthorized access. ❌ Breakdown of Incorrect Answers: B. Encryption Encryption protects data at rest or in transit, not login access specifically. It doesn’t prevent brute-force attacks directly. C. Increased password complexity While complexity helps, it only slows down brute-force attacks — it doesn’t stop them, especially with automated tools and large password lists. D. Secure password vault A password vault helps users manage strong passwords, but it doesn’t directly protect against an attacker brute-forcing a login page.

Answer 22

A. Remote wipe ## Footnote ✅ Remote wipe allows an administrator to erase all data on a lost or stolen mobile device remotely. This is the best method to protect sensitive data from being accessed if a device is misplaced and cannot be recovered. ❌ Breakdown of Incorrect Options: B. Device encryption 🔒 Helpful for protecting data, but only effective if the attacker can't bypass the lock screen. It doesn’t prevent access if the device remains unlocked. C. PIN codes 🔢 Adds a basic level of security, but can be bypassed or brute-forced with enough time or tools. D. Locator applications 📍 Useful to find a lost device, but do not secure or delete the data if recovery isn't possible.

Answer 23

C. Biometric scanner D. Smartcard reader | Something you have (a physical item) Something you are (biometric data) ## Footnote ✅ Correct Answers: C. Biometric scanner 🧬 → “Something you are” Uses physical characteristics (e.g., fingerprint, facial recognition). D. Smartcard reader 💳 → “Something you have” Requires possession of a physical smartcard to authenticate. ❌ Incorrect Answers: A. Password manager 🔐 Manages credentials (e.g., usernames/passwords), but not a form of authentication itself. B. Encryption keys 🗝️ Used for securing data, not a factor in physical or biometric access. E. Host-based IDS 🛡️ Monitors for threats; not related to authentication. F. PIN code 🔢 “Something you know”, not “something you are” or “have”.

Answer 24

C. Schedule a scan. ## Footnote When malware is installed after clicking a suspicious link, the best immediate step is to run a full malware/antivirus scan to detect and remove malicious software. It allows antivirus or anti-malware software to detect and remove malware. Scanning helps identify all affected files. It’s a standard, safe, and effective first step in malware removal. ❌ Why the Other Options Are Incorrect: A. Run System Restore 🔻 Might not remove the malware completely; malware can infect restore points. B. Place in recovery mode 🔻 Not a common or direct method for malware removal; recovery mode is more for system recovery or reinstall. D. Restart the PC 🔻 Restarting alone does nothing to remove malware; it might even trigger malware to activate.

Answer 25

A. Certificate warning ## Footnote ✅The message "Your connection is not private" typically appears when there is an issue with the website’s SSL/TLS certificate. This warning indicates that the browser cannot verify the identity of the website, often due to an expired, invalid, or untrusted certificate. ❌ Why the Other Options Are Incorrect: B. Malware 🔻 Malware causes different warnings or symptoms, not specifically this message. C. JavaScript error 🔻 JavaScript errors usually cause functionality issues or script errors, not security warnings about privacy. D. Missing OS update 🔻 Missing OS updates rarely cause browser privacy warnings directly.

Answer 26

B. MFA ## Footnote MFA (Multi-Factor Authentication) uses multiple types of factors to verify identity, often described as: Something you know (e.g., password or PIN) Something you have (e.g., smartcard, token, or phone) Something you are (e.g., fingerprint or other biometric) ❌ Why the Other Options Are Incorrect: A. ACL (Access Control List) 🔻 Defines permissions for users or groups but is not about authentication factors. C. SMS (Short Message Service) 🔻 A communication method; sometimes used for 2FA codes, but not the full concept of multiple factors. D. NFC (Near Field Communication) 🔻 A technology for short-range communication, sometimes used for contactless authentication, but not a factor type.

Answer 27

A. WPA3 ## Footnote ✅Explanation: WPA3 is the latest Wi-Fi security protocol, providing stronger encryption and better protection against brute-force attacks than previous standards. It’s currently the most secure wireless authentication method for home and small business networks. ❌ B. WEP Explanation: WEP is an outdated and insecure wireless encryption protocol that can be easily cracked. It is no longer recommended or considered secure. ❌ C. RADIUS Explanation: RADIUS is an authentication protocol often used in enterprise wireless networks to authenticate users, but it is not itself an authentication type. It relies on other authentication methods and typically works with WPA2-Enterprise or WPA3-Enterprise. ❌ D. TACACS+ Explanation: TACACS+ is a protocol used for centralized authentication, authorization, and accounting, mostly in network device management, not a wireless authentication type. ❌ E. WPS Explanation: WPS (Wi-Fi Protected Setup) is a convenience feature meant to simplify connecting devices to a network but is vulnerable to attacks and considered insecure.

Answer 28

A. Scan for malware and ransomware ## Footnote ✅ A. Scan for malware and ransomware Since the laptop is redirecting to unfamiliar websites and showing random pop-ups—both clear symptoms of a malware infection—the first step should be to scan for malware and ransomware using a reliable anti-malware tool. Identifying and removing the infection is necessary before taking any further recovery or optimization steps. ❌ Incorrect Options: ❌ B. Perform a system restore System Restore can help revert system files to a previous state, but doing this before removing malware may preserve or reactivate malicious software. ❌ C. Check the network utilization This might reveal suspicious traffic, but it doesn’t address the root cause or fix the problem. ❌ D. Update the antivirus software While important, updating antivirus software should be done before scanning, not as the first and only step. If malware is already active, it may interfere with updates.

Answer 29

D. Browser plug-ins ## Footnote ✅ Malicious browser plug-ins or extensions are a common source of persistent pop-ups and adware-like behavior. If a malware scan doesn't detect anything, the next best step is to check installed browser extensions. ❌ A. Windows updates – Keeping Windows updated is good practice but unlikely to fix pop-up adware issues directly. ❌ B. DNS settings – Incorrect DNS can redirect sites, but pop-ups are usually more related to browser activity. ❌ C. Certificate store – This affects site authentication, not ad pop-ups.

Security Flashcards

(53 cards)