Security (5) Flashcards
It appears as though someone is trying to log in to a user account by guessing the password. Which account management policy will help prevent this type of attack?
Setting failed attempts lockout
Disabling autologin
Requiring strong passwords
Setting failed attempts lockout
Configure user account settings so that there are a limited number of login attempts (three is a good number) before the account is locked for a period of time. Legitimate users who need to get in before the block expires can contact the administrator and explain why they weren’t able to give the right password three times in a row, and illegitimate users will go away in search of another system to try to enter
Dianne is typing her password in to her workstation and notices her co-worker Todd hovering nearby. When she glances up at him, it appears as though he was watching her type, and he quickly looks away. What is this an example of?
Spoofing
Tailgating
Shoulder surfing
Shoulder surfing
One form of social engineering is shoulder surfing, and it involves nothing more than watching someone when they enter their sensitive data. They can see you entering a password, typing in a credit card number, or entering any other pertinent information. The best defense against this type of attack is simply to survey your environment before entering personal data
You are installing a small office wired network. The manager is concerned that employees will visit websites with objectionable material. Which feature should you look for in a router to help prevent such access?
Content filtering
Disabling ports
Port forwarding/mapping
Content filtering
Content filtering is the process of blocking objectionable content, from either websites or email. Many routers and firewalls will provide content filtering services. In many cases, a reference service is used to block websites, and filters can be implemented to scan emails for prohibited content
Your office is in a building with several other companies. You want to configure the wireless network so that casual users in the building are not able to easily see your network name. What should you do to configure this?
Enable WPA2.
Enable MAC filtering.
Disable SSID broadcasts.
Disable SSID broadcasts.
One method of “protecting” the network that is often recommended is to turn off the SSID broadcast. The access point is still there and can still be accessed by those who know of it, but it prevents those who are looking at a list of available networks from finding it. This should be considered a weak form of security because there are still ways, albeit a bit more complicated, to discover the presence of the access point besides the SSID broadcast
You have a Windows domain network and want to ensure that users are required to maintain strong passwords. What is the best way to implement this on the network?
Use a firewall.
Use DLP.
Use Group Policy.
Use Group Policy.
In a Windows domain, password policies can be configured at the domain level using Group Policy objects. Variables that you can configure include password complexity and length and the time between allowed changes to passwords
You are planning security protocols for your company’s new server room. What’s the simplest way to help keep potential attackers away from your servers?
Install a mantrap.
Use cable locks.
Lock the doors.
Lock the doors
Sometimes the obvious solutions are the best ones! A key aspect of access control involves physical barriers. One of the easiest ways to prevent those intent on creating problems from physically entering your environment is to lock your doors and keep them out
A user on your network reported that his screen went blank and a message popped up. It’s telling him that his files are no longer accessible, and if he wants them back, he needs to enter a credit card number and pay a $200 fee. Which type of malware has infected his system?
Rootkit
Ransomware
Trojan
Ransomware
With ransomware, software—often delivered through a Trojan horse—takes control of a system and demands that a third party be paid. The “control” can be accomplished by encrypting the hard drive, by changing user password information, or via any of a number of other creative ways. Users are usually assured that by paying the extortion amount (the ransom), they will be given the code needed to revert their systems to normal operations. Even among malware, ransomware is particularly nasty
You are setting up a new wireless router for a home office. Which of the following should you change when initially configuring the network? (Choose two.)
The router administrator’s username and password
The default SSID
The radio power level
The WPS setting
The router administrator’s username and password
The default SSID
When configuring a new wireless router, always change the username and password first. This prevents would-be hackers from having easy access to the router. Then change the default SSID
You are configuring a router for a small office network. The network users should be able to access regular and secure websites and send and receive email. Those are the only connections allowed to the Internet. Which security precaution should you take to prevent additional traffic from coming through the router?
Enable content filtering.
Enable port forwarding/mapping.
Use port security.
Use port security.
Disable all unneeded protocols/ports. In this case, ports 80 and 443 are needed for HTTP and HTTPS access, and ports 25, 110, and 143 may be needed for email. That’s it. If you don’t need them, remove the additional protocols, software, or services or prevent them (disable them, or block them, as the setting is typically called on a router) from loading. Ports not in use present an open door for an attacker to enter
Your iPhone requires a passcode to unlock it. Because of recent phone thefts around your office, you want to set your phone so that all data is destroyed if incorrect passcodes are entered 10 times in a row. Which feature allows you to do this?
Failed login attempts restrictions
Screen locks
Remote wipes
Failed login attempts restrictions
Failed login attempt restrictions will destroy all local data on the phone if incorrect passcodes are entered 10 times in a row. While this is recommended for users with phones that contain sensitive data and that are frequently taken into public venues or placed in compromising positions, the casual user should not turn on this feature unless they can be sure there will always be a recent backup available in iTunes
On a Windows 8 workstation, there are two NTFS volumes. The Managers group has Modify access to the D:\mgmt directory. You move the folder to the D:\keyfiles folder, to which the Managers group has Read access. What level of permissions will the Managers group have to the new D:\keyfiles\mgmt directory?
Full Control
Modify
Read & Execute
Modify
When you move a file or folder on the same NTFS volume, it will keep its original permissions. If you copy it or move it to a different volume, it will inherit permissions from its new parent directory
For users to log on to your network from a remote location, they are required to supply a username and password as well as a code from an RSA token. What type of security is this an example of?
Using a firewall
Using multifactor authentication
Using an access control list
Using multifactor authentication
When users log on to a computer or network, they are generally required to provide credentials such as a username or password. In multifactor authentication, the user is required to provide two or more items. These items are generally from two of three categories: something they know (such as a password), something they have (such as a code from a security token), or something they are (biometric screening)
You want to recycle some hard drives that your company no longer uses but do not want other people to have access to the data. Which methods of removing the data are acceptable for your purposes? (Choose two.)
Formatting the drive
Using an overwrite utility
Using a drive wipe utility
Using electromagnetic fields
Using an overwrite utility
Using a drive wipe utility
The best methods are either overwrite or drive wipe. Overwriting the drive entails copying over the data with new data. A common practice is to replace the data with 0s. Drive wipes do a similar thing. Formatting the drive does not guarantee that others can’t read the data. Using electromagnetic fields (or degaussing) isn’t reliable and can damage the hard drive. (Not to mention it won’t work at all on SSDs!)
Which of the following file attributes are turned on by default for system files on a Windows 8.1 workstation? (Choose two.)
Hidden
Archive
System
Read-only
Hidden
System
System files are critical to the operating system working properly and should not be changed or deleted. By default, the Hidden and System attributes are set. Some are also set to Read-only, but not all. For example, the virtual memory file (pagefile.sys) is a system file but is not Read-only
You have just installed a Windows 8.1 workstation. For better security, which user account should you disable?
Default User
Administrator
Guest
Guest
When Windows is installed, one of the default accounts it creates is Guest, and this represents a weakness that can be exploited by an attacker. While the account cannot do much, it can provide initial access to a system, and the attacker can use that to find another account or acquire sensitive information about the system. To secure the system, disable all accounts that are not needed, especially the Guest account, which is disabled by default
Which type of network attack involves an intermediary hardware device intercepting data and altering it or transmitting it to an unauthorized user?
Man-in-the-middle
Noncompliant system
Zombie/botnet
Man-in-the-middle
Man-in-the-middle attacks clandestinely place something (such as a piece of software or a rogue router) between a server and the user, and neither the server’s administrator nor the user is aware of it. The man-in-the-middle intercepts data and then sends the information to the server as if nothing is wrong. The man-in-the-middle software may be recording information for someone to view later, altering it, or in some other way compromising the security of your system and session
You are implementing new password policies for your network, and you want to follow guidelines for password best practices. Which of the following will best help improve the security of your network? (Choose two.)
Require passwords to expire every 180 days.
Require passwords to be at least 8 characters long.
Require passwords to have a special character.
Require passwords to be no more than 10 characters long.
Require passwords to be at least 8 characters long.
Require passwords to have a special character.
Setting strong passwords is critical to network security. They should be as long as possible. Eight or 10 characters is a good minimum. Users should also need to use a combination of uppercase and lowercase letters, a number, and a special character such as #, @, &, or others. Passwords should also expire, but 180 days is too long. Having a 42-day or 90-day requirement would be better
What does NTFS use to track users and groups and their level of access?
ACLs
Tokens
Badges
ACLs
With NTFS, each file, directory, and volume can have its own security. NTFS tracks security in access control lists (ACLs), which can hold permissions for local users and groups, and each entry in the ACL can specify what type of access is given—such as Read & Execute, List Folder Contents, or Full Control. This allows a great deal of flexibility in setting up a network
An administrator has granted a user Read & Execute permissions to the C:\files folder. Which of the following statements are true regarding subfolders of C:\files? (Choose two.)
The user will have no access to subfolders of C:\files.
The user will have Read & Execute access to subfolders of C:\files.
Explicit permissions assigned to C:\files\morefiles will override those set on C:\files.
Explicit permissions assigned to C:\files files override those set on C:\files\morefiles.
The user will have Read & Execute access to subfolders of C:\files.
Explicit permissions assigned to C:\files\morefiles will override those set on C:\files.
Inheritance is the default behavior throughout the permission structure, unless a specific setting is created to override it. For example, a user who has Read and Write permissions in one folder will have that in all the subfolders unless a change has been made specifically to one of the subfolders. Explicit permissions at a more granular level will apply instead of those set at a higher level of the directory tree
Which type of digital security method would you use if you wanted to monitor who is using data and transmitting it on the network?
VPN
Access control system
DLP
DLP
Data loss prevention (DLP) systems monitor the contents of systems (workstations, servers, and networks) to make sure that key content is not deleted or removed. They also monitor who is using the data (looking for unauthorized access) and transmitting the data. DLP systems share commonalities with network intrusion prevention systems
You have created a user account for a contract employee, who will be with the company for one month. Which user group should this user’s account be placed in?
Administrators
Standard Users
Guest
Guest
The Guest account is created by default (and should be disabled) and is a member of the Guests group. For the most part, members of Guests have the same rights as Users except they can’t get to log files. The best reason to make users members of the Guests group is to access the system only for a limited time. There is no group named Standard Users by default. There is a Users group, Administrators, Power Users, Guests, and a few others
On your network, there are multiple systems that users need to access, such as a Windows domain, a Box (cloud) site for storage, and SAP. You want to configure the network such that users do not need to remember separate usernames or passwords for each site; their login credentials will be good for different systems. Which technology should you use?
EFS
BTG
SSO
SSO
One of the big problems larger systems must deal with is the need for users to access multiple systems or applications. This may require a user to remember multiple accounts and passwords. The purpose of single sign-on (SSO) is to give users access to all the applications and systems that they need when they log on. Some of the systems may require users to enter their credentials again, but the username and password will be consistent between systems
You are disconnecting a Windows 10 workstation from your network due to being compromised by malware. With minimal time for investigating the scope of the malware’s impact on the workstation, what would be your next step?
Backup and Restore
Emergency Repair Disk creator
System Recovery Options
Backup and Restore
If you want to recover your computer and bring it back to the point where it was when it was new (minus any files that you added since purchasing the machine), you can use the recovery CD set or DVD. In Windows, you can create a system repair disc from the Backup And Restore interface (beneath the Control Panel options for System And Security)
