Security (2) Flashcards
You have been hired to implement new network security practices. One of the things you need to do is create a document describing the proper usage of company hardware and software. What is this type of document called?
DLP
AUP
ACL
AUP
Acceptable use policies (AUPs) describe how the employees in an organization can use company systems and resources, both software and hardware. This policy should also outline the consequences for misuse. In addition, the policy (also known as a use policy) should address the installation of personal software on company computers and the use of personal hardware such as USB devices
You have a Windows 7 Enterprise workstation and want to encrypt the entire hard drive, including startup files. Which technology best meets your needs?
BitLocker
BitLocker To Go
EFS
BitLocker
BitLocker Drive Encryption allows you to use drive encryption to protect files—including those needed for startup and logon. This is available only with Windows 10 Professional and Enterprise versions, Windows 8 (Pro and Enterprise), and Windows 7 (Enterprise and Ultimate). For removable drives, BitLocker To Go provides the same encryption technology to help prevent unauthorized access to the files stored on them
Software was installed on a laptop without the user’s knowledge. The software has been tracking the user’s keystrokes and has transmitted the user’s credit card information to an attacker. What type of threat is this?
Zombie/botnet
Spoofing
Spyware
Spyware
Spyware differs from other malware in that it works—often actively—on behalf of a third party. Rather than self-replicating, like viruses and worms, spyware is spread to machines by users who inadvertently ask for it. The users often don’t know they have asked for it but have done so by downloading other programs, visiting infected sites, and so on. The spyware program monitors the user’s activity and responds by offering unsolicited pop-up advertisements (sometimes known as adware), gathers information about the user to pass on to marketers, or intercepts personal data such as credit card numbers
A new user named Jelica has joined your company as a network administrator. Which of the following statements is most correct regarding her network access?
She should have just one user account, with standard user-level permissions.
She should have two user accounts, one with user-level permissions and one with administrator-level permissions.
She should have thee user accounts, one with user-level permissions, one with administrator-level permissions, and one with remote access administrator-permissions.
She should have two user accounts, one with user-level permissions and one with administrator-level permissions.
Jelica should have a non-administrative account to use for day-to-day tasks. And Jelica also needs an account with administrative privileges to perform the administrative duties. When creating user accounts, follow the principle of least privilege: Give users only the permissions they need to do their work and no more. This is especially true with administrators. Those users should be educated on how each of the accounts should be used
Which types of security threats are direct attacks on user passwords? (Choose two.)
Brute force
Zombie/botnet
Dictionary attack
Spoofing
Brute force
Dictionary attack
Password attacks occur when an account is attacked repeatedly. This is accomplished by using applications known as password crackers, which send possible passwords to the account in a systematic manner. Two types of password attacks are brute-force and dictionary attacks
You read corporate email on your iPhone and do not want others to access the phone if you leave it somewhere. What is the first layer of security that you should implement to keep others from using your phone?
Multifactor authentication
Full device encryption
Screen lock
Screen lock
All the options will increase the security of an iPhone. For just the basic level of security, though, enable a screen lock. A user will need to enter a code to gain access to the device. It’s typically enough to thwart casual snoops and would-be hackers
You use your mobile phone for email and extensive Internet browsing. You want to add an additional level of security to always verify your identity online when accessing various accounts. Which type of app do you need?
Authenticator app
Trusted source app
Biometric authentication app
Authenticator app
An authenticator app can help securely verify your identity online, regardless of the account you want to log into. Different apps work in different ways, but the general procedure is that the app will generate a random code for you to type in along with your username and password. The random code helps identify you and tells the site you are logging into that you really are who you say you are
You have instructed users on your network to not use common words for their passwords. What type of attack are you trying to prevent?
Brute forcing
Dictionary attack
Social engineering
Dictionary attack
A dictionary attack uses a dictionary of common words to attempt to find the user’s password. Dictionary attacks can be automated, and several tools exist in the public domain to execute them. As an example of this type of attack, imagine guessing words and word combinations found in a standard English-language dictionary. The policy you have recommended could also help thwart those who may try to look over a shoulder to see a user’s password, but they can still see it whether it’s a common word or not
Which type of malware is designed to look like a different program and, when installed, create a back door for an attacker to access the target system?
Trojan
Virus
Worm
Trojan
Trojan horses are programs that enter a system or network under the guise of another program. A Trojan horse may be included as an attachment or as part of an installation program. The Trojan horse can create a back door or replace a valid program during installation. It then accomplishes its mission under the guise of another program
You have been asked to dispose of several old magnetic hard drives. What is the name of the process of using a large magnet to clear the data off a hard drive?
Overwriting
Degaussing
Incineration
Degaussing
A large electromagnet can be used to destroy any magnetic media, such as a hard drive or backup tape set. The most common of these is the degaussing tool. Degaussing involves applying a strong magnetic field to initialize the media (this is also sometimes referred to as disk wiping). This process helps ensure that information doesn’t fall into the wrong hands
You recently noticed a change on your computer. Now when you open your web browser, no matter what you search for, you get a dozen unsolicited pop-up windows offering to sell you items you didn’t ask for. What type of problem does your computer have?
Spyware
Ransomware
Zombie/botnet
Spyware
Spyware differs from other malware in that it works—often actively—on behalf of a third party. Rather than self-replicating, like viruses and worms, spyware is spread to machines by users who inadvertently ask for it. The users often don’t know they have asked for it but have done so by downloading other programs, visiting infected sites, and so on. The spyware program monitors the user’s activity and responds by offering unsolicited pop-up advertisements (sometimes known as adware), gathers information about the user to pass on to marketers, or intercepts personal data such as credit card numbers
On a Windows 7 workstation, there is one volume formatted with NTFS. The Developers group has Modify access to the C:\dev directory. You copy the folder to the C:\operations folder, to which the Developers group has Read access. What level of permissions will the Developers group have to the new C:\operations\dev directory?
Modify
Read & Execute
Read
Read
When a file or folder is copied on NTFS volumes, the new file or folder will inherit its permissions from its new parent folder. The old permissions will be discarded. However, when files and folders are moved, versus copying them, the original permissions are retained at the new location
Your office has recently experienced several laptop thefts. Which security mechanism is designed to protect mobile devices from theft?
Security token
USB lock
Key fob
USB lock
Users should never leave a company notebook computer, tablet computer, or smartphone in a position where it can be stolen or compromised while they are away from the office. USB locks or cable locks should be used to keep notebook computers securely in place whenever users are not near their devices
Which type of security device displays a randomly generated code that the user enters for access to computer resources?
RFID badge
Smart card
Key fob
Key fob
Key fobs are named after the chains that used to hold pocket watches to clothes. They are security devices that you carry with you; they display a randomly generated code that you can then use for authentication. This code usually changes very quickly (every 60 seconds is probably the average), and you combine this code with your PIN for authentication. RSA is one of the most well-known vendors of key fobs. These may also be called security tokens
Which type of digital security needs to have constant updates to best protect your network or computer?
Antivirus
Firewall
Access control list
Antivirus
Antivirus software is an application that is installed on a system to protect it and to scan for viruses as well as worms and Trojan horses. Most viruses have characteristics that are common to families of viruses. Antivirus software looks for these characteristics, or fingerprints, to identify and neutralize viruses before they impact you. Antivirus software needs to be constantly updated to ensure that it can detect the most current viruses