Security (3) Flashcards
You are examining shared folders on a Windows 7 workstation. You notice that there is a shared folder named c$ that you didn’t create. What is the most likely explanation for this share?
An attacker has compromised the workstation and is using the share to control it.
It’s an administrative share that requires administrative privileges to access.
It’s an administrative share that all users have access to.
It’s an administrative share that requires administrative privileges to access.
Administrative shares are created on servers running Windows on the network for administrative purposes. These shares can differ slightly based on which OS is running, but they always end with a dollar sign ($) to make them hidden. There is one for each volume on a hard drive (c$, d$, and so on), as well as admin$ (the root folder—usually c:\winnt) and print$ (where the print drivers are located). These are created for use by administrators and usually require administrator privileges to access
You are configuring NTFS and Share permissions on a Windows 7 workstation. Which of the following statements is true regarding permissions?
Both NTFS and Share permissions can be applied only at the folder level.
NTFS permissions can be applied at the file or folder level, and Share permissions can be applied only at the folder level.
NTFS permissions can be applied only at the folder level, and Share permissions can be applied at the file or folder level.
NTFS permissions can be applied at the file or folder level, and Share permissions can be applied only at the folder level.
NTFS permissions are able to protect you at the file level as well as the folder level. Share permissions can be applied to the folder level only
Fiona is trying to access a folder on an NTFS volume on her local computer. She is a member of the Dev group. The Dev group’s NTFS permissions are Allow Read & Execute. The share permissions for the Dev group are Deny Full Control. What is Fiona’s effective permissions to this folder?
Full Control
Read & Execute
Read
Read & Execute
Since the user and the volume are on the same computer, only NTFS permissions are in effect. Share and NTFS permissions are both consulted only when accessing an NTFS resource across the network. Then, the most restrictive permission set between the two is applied
Which of the following security methods is a physical device that users carry around that provides access to network resources?
Security token
ID badge
Biometrics
Security token
Security tokens are anything that a user must have on them to access network resources, and they are often associated with devices that enable the user to generate a one-time password authenticating their identity. SecurID, from RSA, is one of the best-known examples of a physical security token. ID badges can have security mechanisms built in, but not all do
A system administrator is concerned about workstation security. He wants to be sure that workstations are not compromised when users are away from them during the workday. What should he implement?
Login time restrictions
Screen lock/time-out and screensaver passwords
BIOS/UEFI passwords
Screen lock/time-out and screensaver passwords
Users should lock their computers when they leave their desks, but there should also be a screen lock/time-out setting configured on every workstation to prevent them from inadvertently becoming an open door to the network. A password should be required before the user can begin their session again
You are responsible for physically destroying several old hard drives with confidential information on them. Which methods are acceptable? (Choose two.)
Incineration
Power drill
Degaussing
Drive wipe
Incineration
Power drill
If your intent is to physically destroy the drive, you have a few options. They include shredders (not the paper kind but ones that can handle metal), a drill or hammer, and incineration. Although these methods can be fun, they can also be dangerous, so be sure to use adequate safety measures
A user needs to download a new video card driver for her HP laptop. She finds the driver on the HP site and asks if she can download it. The HP site is an example of what?
Part of an access control list
An authenticator website
A trusted software source
A trusted software source
There are trusted software sources that you know and work with all the time (such as Microsoft or HP) and there are untrusted sources, and you should differentiate between them. Don’t use or let your users use untrusted software sources. Generally, common sense can be your guide, but there are “safe lists” of trusted software vendors from authoritative watchdog companies such as Comodo
You are planning a wireless network for a small office. Which of the following is a good rule of thumb when considering access point placement?
Place them in walls or ceilings for protection.
Place them near metal objects so the signal will reflect better.
Place them in the center of the network area.
Place them in the center of the network area.
There isn’t any one universal solution to wireless access point placement; it depends a lot on the environment. As a general rule, the greater the distance the signal must travel, the more it will attenuate, but you can lose a signal quickly in a short space as well if the building materials reflect or absorb it. You should try to avoid placing access points near metal (which includes appliances) or near the ground. They should be placed in the center of the area to be served and high enough to get around most obstacles. Note that of all current 802.11 standards, only 802.11ac offers directional antennae. All other standards are omnidirectional, meaning that the signal transmits in all directions
On the Internet, you get a news flash that the developer of one of your core applications found a security flaw. They will issue a patch for it in two days. Before you can install the patch, it’s clear that the flaw has been exploited and someone has illegally accessed your network. What type of attack is this?
Zombie/botnet
Noncompliant system
Zero-day attack
Zero-day attack
When a hole is found in a web browser or other software and attackers begin exploiting it the very day it is discovered by the developer (bypassing the one- to two-day response time that many software providers need to put out a patch once the hole has been found), it is known as a zero-day attack (or exploit)
You have just installed a new wireless router for a small office network. You changed the username and password and the default SSID. Which other step should you take to increase the security of the wireless router?
Assign static IP addresses.
Update the firmware.
Enable port forwarding.
Update the firmware.
Changing the default username, password, and SSID are all good measures to take when installing a new router. Another good step is to update the firmware. It’s possible that new firmware was introduced while your device was sitting on a shelf somewhere, and it’s always smart to be up-to-date
Which of the following types of security threats are generally not detectable by anti-malware software and consequently difficult to stop?
Ransomware
Rootkits
Zero-day attack
Zero-day attack
When a hole is found in a web browser or other software and attackers begin exploiting it the very day it is discovered by the developer (bypassing the one- to two-day response time that many software providers need to put out a patch once the hole has been found), it is known as a zero-day attack (or exploit). Because the vulnerability is so new, developers have not had a chance to patch the issue, and anti-malware software will not yet be updated to detect the attack signature
Which type of malware will attack different parts of your system simultaneously, such as your boot sector, executable files, and data files?
Phage virus
Polymorphic virus
Multipartite virus
Multipartite virus
A multipartite virus attacks your system in multiple ways. It may attempt to infect your boot sector, infect all your executable files, and destroy your application files. The hope on the part of the attacker is that you won’t be able to correct all the problems and will allow the infestation to continue
You are creating a BYOD policy for mobile phones at your company. Which of the following are typically included in such a policy?
Limits of proper use, authorized users, and software and security requirements
Limits of proper use, authorized users, software and security requirements, and procedures for termination of employment
Limits of proper use, authorized users, software and security requirements, procedures for termination of employment, and reimbursement policies
Limits of proper use, authorized users, software and security requirements, procedures for termination of employment, and reimbursement policies
BYOD policies are becoming more common in corporate environments. Be sure to have a policy in place to clearly spell out security requirements and user expectations before the employees bring their own devices. Most companies require employees to sign the agreement to acknowledge that they have read it and understand it
A user is worried about others peering over her shoulder to see sensitive information on her screen. What should she use to help avoid this problem?
Mantrap
Email filtering
Privacy filter
Privacy filter
Privacy filters are either film or glass add-ons that are placed over a monitor or laptop screen to prevent the data on the screen from being readable when viewed from the sides. Only the user sitting directly in front of the screen is able to read the data
Your company’s website has been hit by a DDoS attack, coming from several hundred different IP addresses simultaneously. What type of attack did the hacker run first to enable this DDoS attack?
Brute forcing
Zero-day attack
Zombie/botnet
Zombie/botnet
Software running on infected computers called zombies is often known as a botnet. Bots, by themselves, are but a form of software that runs automatically and autonomously and are not harmful. Botnet, however, has come to be the word used to describe malicious software running on a zombie and under the control of a bot-herder. Denial of service attacks—DoS and DDoS—can be launched by botnets, as can many forms of adware, spyware, and spam (via spambots)
