Topic 1: Network and security basics Flashcards

Question 1

Q

In information security, what are the three main goals? (Select the three best answers.)

A. Auditing

B. Integrity

C. Non-repudiation

D. Confidentiality

E. Risk Assessment

F. Availability

Answer

A

B, D, and F. Confidentiality, integrity, and availability (known as CIA, the CIA triad, and the security triangle) are the three main goals when it comes to information security. Another goal within information security is accountability.

Question 2

Q

To protect against malicious attacks, what should you think like?

A. Hacker

B. Network admin

C. Spoofer

D. Auditor

Answer

A

A. To protect against malicious attacks, think like a hacker. Then, protect and secure like a network security administrator.

Question 3

Q

Tom sends out many e-mails containing secure information to other companies. What concept should be implemented to prove that Tom did indeed send the e-mails?

A. Authenticity

B. Non-repudiation

C. Confidentiality

D. Integrity

Answer

A

B. You should use non-repudiation to prevent Tom from denying that he sent the e-mails.

Question 4

Q

Which of the following does the A in CIA stand for when it comes to IT security? (Select the best answer.)

A. Accountability

B. Assessment

C. Availability

D. Auditing

Answer

A

C. Availability is what the A in CIA stands for, as in “the availability of data.” Together the acronym stands for confidentiality, integrity, and availability. Although accountability is important and is often included as a fourth component of the CIA triad, it is not the best answer. Assessment and auditing are both important concepts when checking for vulnerabilities and reviewing and logging, but they are not considered to be part of the CIA triad.

Question 5

Q

Which of the following is the greatest risk when it comes to removable storage?

A. Integrity of data

B. Availability of data

C. Confidentiality of data

D. Accountability of data

Answer

A

C. For removable storage, the confidentiality of data is the greatest risk because removable storage can easily be removed from the building and shared with others. Although the other factors of the CIA triad are important, any theft of removable storage can destroy the confidentiality of data, and that makes it the greatest risk.

Question 6

Q

When it comes to information security, what is the I in CIA?

A. Insurrection

B. Information

C. Indigestion

D. Integrity

Answer

A

D. The I in CIA stands for integrity. The acronym CIA stands for confidentiality, integrity, and availability. Accountability is also a core principle of information security.

Question 7

Q

You are developing a security plan for your organization. Which of the following is an example of a physical control?

A. Password

B. DRP

C. ID card

D. Encryption

Answer

A

C. An ID card is an example of a physical security control. Passwords and encryption are examples of technical controls. A disaster recovery plan (DRP) is an example of an administrative control.

Question 8

Q

A user receives an e-mail but the e-mail client software says that the digital signature is invalid and the sender of the e-mail cannot be verified. The would-be recipient is concerned about which of the following concepts?

A. Confidentiality

B. Integrity

C. Remediation

D. Availability

Answer

A

B. The recipient should be concerned about the integrity of the message. If the e-mail client application cannot verify the digital signature of the sender of the e-mail, then there is a chance that the e-mail either was intercepted or is coming from a separate dangerous source. Remember, integrity means the reliability of the data, and whether or not it has been modified or compromised by a third party before arriving at its final destination.

Question 9

Q

Cloud environments often reuse the same physical hardware (such as hard drives) for multiple customers. These hard drives are used and reused when customer virtual machines are created and deleted over time. What security concern does this bring up implications for?

A. Availability of virtual machines

B. Integrity of data

C. Data confidentiality

D. Hardware integrity

Answer

A

C. There is a concern about data confidentiality with cloud computing because multiple customers are sharing physical hard drive space. A good portion of customers run their cloud-based systems in virtual machines. Some virtual machines could run on the very same hard drive (or very same array of hard drives). If one of the customers had the notion, he could attempt to break through the barriers between virtual machines, which if not secured properly, would not be very difficult to do.

Question 10

Q

Which of the following individuals uses code with little knowledge of how it works?

A. Hacktivist

B. Script kiddie

C. APT

D. Insider

Answer

A

B. A script kiddie uses code and probably doesn’t understand how it works and what the repercussions will be. Other actors such as hackers, hacktivists, insiders, and so on will usually have a higher level of sophistication when it comes to technology. An advanced persistent threat (APT) is a group of technical processes or the entity that implements those processes. An APT is just that—advanced—and is on the other side of the spectrum from the script kiddie.

Question 11

Q

When is a system completely secure?

A. When it is updated

B. When it is assessed for vulnerabilities

C. When all anomalies have been removed

D. Never

Answer

A

D. A system can never truly be completely secure. The scales are always tipping back and forth; a hacker develops a way to break into a system, then an administrator finds a way to block that attack, and then the hacker looks for an alternative method. It goes on and on; be ready to wage the eternal battle!

Question 12

Q

____________ is relatively low speed, has a global scale and reach, administration is decentralised and dispersed with a reduced level of security and lowest level of trust.

Question 13

Q

____________ is usually private and owned by an organisation, usually high speed architecture and can include WAN components in this context, with a mostly centralised administration, elevated level of security and highest level of trust.

Question 14

Q

________________ is usually private and owned by an external organisation, it often has high speed architecture and can include WAN or VPN components, with mostly centralised administration, elevated level of security and Mid/High level of trust.

Question 15

Q

___________ is usually private and owned by an organisation, it often has high speed architecture and can include components of any network architecture, with mostly centralised administration, restricted level of security, mid level of trust and provides “landing pad” for external parties, while protecting internal networks.

Question 16

Q

The Session layer protocols include? (choose three):

NFS

PICT

X Windows

SQL

TCP

Answer

A

NFS

X Windows

SQL

Question 17

Q

Which layer is responsible for finding a communication partner on the network?

Application

Transport

Data Link

Physical

Answer

A

Data Link

Question 18

Q

If your network diagnostic tool identifies a problem with the logical addressing, what layer of the OSI model would you be troubleshooting?

Network

Physical

Transport

Data Link

Question 19

Q

The Presentation layer protocols include? (choose two)

PICT

TCP

IPX

JPEG

SQL

Answer

A

PICT
JPEG

Question 20

Q

Which of the following are performed at the Presentation layer? (Choose two):

Setting checkpoints in the data stream for reliability

Adding the network addresses to the header

Providing character conversion between dissimilar operating systems (such as PC to mainframe)

Presenting data to the Application layer

Answer

A

Providing character conversion between dissimilar operating systems (such as PC to mainframe)

Presenting data to the Application layer

Question 21

Q

Which layer is responsible for multiplexing data from upper layers and placing the data into a segment?

Network

Physical

Data Link

Transport

Answer

A

Transport

Question 22

Q

The function of the Session layer is? (choose two):

To present data to the Network layer

To provide flow control

To place checkpoints into the data stream for reliability

To determine if half-duplex or full-duplex is being used

Answer

A

To place checkpoints into the data stream for reliability

To determine if half-duplex or full-duplex is being used

Question 23

Q

The Transport layer can communicate directly with the Network and Presentation layers.

True

False

Answer

A

False

Application

Presentation

Session

Transport

Network

Data Link

Physical

Question 24

Q

The Network layer’s primary function is to:

Establish a communication path to the communication partner

Add MAC addresses to the packet

Provide connection-oriented service

Route data between different network segments

Answer

A

Route data between different network segments

Question 25

Q

Known as malware, this includes computer viruses, worms, Trojan horses, spyware, rootkits, adware, ransomware, crypto-malware, and other types of unwanted software. Everyone has heard of a scenario in which a user’s computer was compromised to some extent due to malicious software:

System failure
Social engineering
Unauthorised access
Malicious software

Answer

A

Malicious software

Question 26

Q

Access to computer resources and data without consent of the owner. It might include approaching the system, trespassing, communicating, storing and retrieving data, intercepting data, or any other methods that would interfere with a computer’s normal work. Access to data must be controlled to ensure privacy. Improper administrative access falls into this category as well:

Social engineering
Malicious software
Unauthorised access
System failure

Answer

A

Unauthorised access

Question 27

Q

Computer crashes or individual application failure. This can happen due to several reasons, including user error, malicious activity, or hardware failure:

Social engineering
System failure
Unauthorised access
Malicious software

Answer

A

System failure

Question 28

Q

The act of manipulating users into revealing confidential information or performing other actions detrimental to the users. An example would be receiving e-mails from unknown entities making false claims or asking for personal information:

Unauthorised access
System failure
Malicious software
Social engineering

Answer

A

Social engineering

Question 29

Q

The three primary concepts cybersecurity needs to protect are:

confidentiality, disclosure, availability
disclosure, alteration, denial
confidentiality, integrity, availability
continuity, integrity, availability

Answer

A

confidentiality, integrity, availability

Question 30

Q

Which one of the following is a possible technology weakness?

insufficient RAM
tailgating
default password
poorly written DR policy

Answer

A

insufficient RAM

Question 31

Q

Which layer of the OSI model do routers work at?

internet

data link

transport

network

Question 32

Q

Which of the following traffic types allows users to “tune into” different types of traffic?

anycast
unicast
multicast
broadcast

Answer

A

multicast

Question 33

Q

A group of compromised computers that have software installed by a worm or Trojan is known as which of the following?

A. Botnet

B. Virus

C. Rootkit

D. Zombie

Answer

A

A. A botnet is a group of compromised computers, usually working together, with malware that was installed by a worm or a Trojan horse. An individual computer within a botnet is referred to as a zombie (among other things). A virus is code that can infect a computer’s files. A rootkit is a type of software designed to gain administrator-level access to a system.

Question 34

Q

Which of the following computer security threats can be updated automatically and remotely? (Select the best answer.)

A. Virus

B. Worm

C. Zombie

D. Malware

Answer

A

C. Zombies (also known as zombie computers) are systems that have been compromised without the knowledge of the owner. A prerequisite is the computer must be connected to the Internet so that the hacker or malicious attack can make its way to the computer and be controlled remotely. Multiple zombies working in concert often form a botnet. See the section “Delivery of Malware” earlier in this chapter for more information.

Question 35

Q

You have been given the task of scanning for viruses on a PC. What is the best of the following methods?

A. Recovery environment

B. Dual-boot into Linux

C. Command Prompt only

D. Boot into Windows normally

Answer

A

A. You should use a recovery environment. Most often, this would be the one built into Windows. Many manufacturers suggest using this, and more specifically Safe Mode. However, it could also be a Linux rescue disc or flash drive. That’s not a true dual-boot though. An actual dual-boot is when Windows and Linux are both installed to the hard drive. Command Prompt only is not enough, nor is it necessary for some virus scanning scenarios. Booting into Windows normally is tantamount to doing nothing. Remember to use a recovery environment when scanning for viruses.

Question 36

Q

Which of the following is a common symptom of spyware?

A. Infected files

B. Computer shuts down

C. Applications freeze

D. Pop-up windows

Answer

A

D. Pop-up windows are common to spyware. The rest of the answers are more common symptoms of viruses.

Question 37

Q

Dan is a network administrator. One day he notices that his DHCP server is flooded with information. He analyzes it and finds that the information is coming from more than 50 computers on the network. Which of the following is the most likely reason?

A. Virus

B. Worm

C. Zombie

D. PHP script

Answer

A

B. A worm is most likely the reason that the server is being bombarded with information by the clients; perhaps it is perpetuated by a botnet. Because worms self-replicate, the damage can quickly become critical.

Question 38

Q

Which of the following is not an example of malicious software?

A. Rootkits

B. Spyware

C. Viruses

D. Browser

Answer

A

D. A web browser (for example, Internet Explorer) is the only one listed that is not an example of malicious software. Although a browser can be compromised in a variety of ways by malicious software, the application itself is not the malware.

Question 39

Q

Which type of attack uses more than one computer?

A. Virus

B. DoS

C. Worm

D. DDoS

Answer

A

D. A DDoS, or distributed denial-of-service, attack uses multiple computers to make its attack, usually perpetuated on a server. None of the other answers use multiple computers.

Question 40

Q

What is a malicious attack that executes at the same time every week?

A. Virus

B. Worm

C. Ransomware

D. Logic bomb

Answer

A

D. A logic bomb is a malicious attack that executes at a specific time. Viruses normally execute when a user inadvertently runs them. Worms can self-
replicate at will. Ransomware is a type of malware that restricts access to files (or entire systems) and demands a ransom be paid.

Question 41

Q

Which of these is a true statement concerning active interception?

A. When a computer is put between a sender and receiver

B. When a person overhears a conversation

C. When a person looks through files

D. When a person hardens an operating system

Answer

A

A. Active interception normally includes a computer placed between the sender and the receiver to capture information. All other statements concerning active interception are false. If a person overhears a conversation it can be considered eavesdropping. When a person looks through files it could be normal or malicious. When a person hardens an operating system, that person is making it more secure. We discuss these concepts as we progress through the book.

Question 42

Q

Which of the following types of scanners can locate a rootkit on a computer?

A. Image scanner

B. Barcode scanner

C. Malware scanner

D. Adware scanner

Answer

A

C. Malware scanners can locate rootkits and other types of malware. These types of scanners are often found in anti-malware software from manufacturers such as McAfee, Symantec, and so on. Adware scanners (often free) can scan for only adware. Always have some kind of anti-malware software running on live client computers!

Question 43

Q

Which type of malware does not require a user to execute a program to distribute the software?

A. Worm

B. Virus

C. Trojan horse

D. Stealth

Answer

A

A. Worms self-replicate and do not require a user to execute a program to distribute the software across networks. All the other answers do require user intervention. Stealth refers to a type of virus.

Question 44

Q

Whitelisting, blacklisting, and closing open relays are all mitigation techniques addressing what kind of threat?

A. Spyware

B. Spam

C. Viruses

D. Botnets

Answer

A

B. Closing open relays, whitelisting, and blacklisting are all mitigation techniques that address spam. Spam e-mail is a serious problem for all companies and must be filtered as much as possible.

Question 45

Q

How do most network-based viruses spread?

A. By optical disc

B. Through e-mail

C. By USB flash drive

D. By instant messages

Answer

A

B. E-mail is the number one reason why network-based viruses spread. All a person needs to do is double-click the attachment within the e-mail, and the virus will do its thing, which is most likely to spread through the user’s address book. Removable media such as optical discs and USB flash drives can spread viruses but are not nearly as common as e-mail. A virus can also spread if it was incorporated into a link within an instant message, or as an attachment to the IM. This is definitely something to protect against, but not quite as common as e-mail-based viruses, especially in larger organizations’ networks.

Question 46

Q

Which of the following defines the difference between a Trojan horse and a worm? (Select the best answer.)

A. Worms self-replicate but Trojan horses do not.

B. The two are the same.

C. Worms are sent via e-mail; Trojan horses are not.

D. Trojan horses are malicious attacks; worms are not.

Answer

A

A. The primary difference between a Trojan horse and a worm is that worms will self-replicate without any user intervention; Trojan horses do not self-replicate.

Question 47

Q

Which of the following types of viruses hides its code to mask itself?

A. Stealth virus

B. Polymorphic virus

C. Worm

D. Armored virus

Answer

A

D. An armored virus attempts to make disassembly difficult for an antivirus software program. It thwarts attempts at code examination. Stealth viruses attempt to avoid detection by antivirus software altogether. Polymorphic viruses change every time they run. Worms are not viruses.

Question 48

Q

Which of the following types of malware appears to the user as legitimate but actually enables unauthorized access to the user’s computer?

A. Worm

B. Virus

C. Trojan

D. Spam

Answer

A

C. A Trojan, or a Trojan horse, appears to be legitimate and looks like it’ll perform desirable functions, but in reality is designed to enable unauthorized access to the user’s computer.

Question 49

Q

Which of the following would be considered detrimental effects of a virus hoax? (Select the two best answers.)

A. Technical support resources are consumed by increased user calls.

B. Users are at risk for identity theft.

C. Users are tricked into changing the system configuration.

D. The e-mail server capacity is consumed by message traffic.

Answer

A

A and C. Because a virus can affect many users, technical support resources can be consumed by an increase in user phone calls. This can be detrimental to the company because all companies have a limited number of technical support personnel. Another detrimental effect is that unwitting users may be tricked into changing some of their computer system configurations. The key term in the question is “virus hoax.” The technical support team might also be inundated by support e-mails from users, but not to the point where the e-mail server capacity is consumed. If the e-mail server is consumed by message traffic, that would be a detrimental effect caused by the person who sent the virus and by the virus itself but not necessarily by the hoax. Although users may be at risk for identity theft, it is not one of the most detrimental effects of the virus hoax.

Question 50

Q

One of your co-workers complains of very slow system performance and says that a lot of antivirus messages are being displayed. The user admits to recently installing pirated software and downloading and installing an illegal keygen to activate the software. What type of malware has affected the user’s computer?

A. Worm

B. Logic bomb

C. Spyware

D. Trojan

Answer

A

D. A Trojan was probably installed (unknown to the user) as part of the keygen package. Illegal downloads often contain malware of this nature. At this point, the computer is compromised. Not only is it infected, but malicious individuals might be able to remotely access it.

Question 51

Q

A user complains that they were browsing the Internet when the computer started acting erratically and crashed. You reboot the computer and notice that performance is very slow. In addition, after running a netstat command you notice literally hundreds of outbound connections to various websites, many of which are well-known sites. Which of the following has happened?

A. The computer is infected with spyware.

B. The computer is infected with a virus.

C. The computer is now part of a botnet.

D. The computer is now infected with a rootkit.

Answer

A

C. The computer is probably now part of a botnet. The reason the system is running slowly is probably due to the fact that there are hundreds of outbound connections to various websites. This is a solid sign of a computer that has become part of a botnet. Spyware, viruses, and rootkits might make the computer run slowly, but they will not create hundreds of outbound connections.

Question 52

Q

One of your users was not being careful when browsing the Internet. The user was redirected to a warez site where a number of pop-ups appeared. After clicking one pop-up by accident, a drive-by download of unwanted software occurred. What does the download most likely contain?

A. Spyware

B. DDoS

C. Smurf

D. Backdoor

E. Logic bomb

Answer

A

A. Of the answers listed, the download most likely contains spyware. It could contain other types of malware as well, such as viruses, Trojans, worms, and so on. The rest of the answers are types of network attacks and methods of accessing the computer to drop a malware payload. A DDoS is a distributed denial-of-service attack, which uses many computers to attack a single target. Smurf is an example of a DDoS. We’ll talk more about these in Chapter 7. Backdoors are vulnerabilities in code that can allow a hacker (or even the programmer) administrative access to an operating system. Logic bombs are ways of delivering malware; they are based on timing.

Question 53

Q

You are the network administrator for a small organization without much in the way of security policies. While analyzing your servers’ performance you find various chain messages have been received by the company. Which type of security control should you implement to fix the problem?

A. Antivirus

B. Anti-spyware

C. Host-based firewalls

D. Anti-spam

Answer

A

D. The chain messages are e-mails (similar to the archaic chain letter) that are being spammed on the network. Therefore, anti-spam security controls need to be implemented. This would be a type of preventive control. Antivirus programs find and quarantine viruses, worms, and Trojans, but unless they are part of an AV suite of software, they will not check e-mail. Anti-spyware tools will attempt to prevent spyware from being installed on the computer. Host-based firewalls block attacks from coming through specific ports, but will not catch spam messages. However, a HIDS (host-based intrusion detection system) could possibly detect spam, and a HIPS (host-based intrusion prevention system) might even prevent or quarantine it.

Question 54

Q

You are the security administrator for your organization and have just completed a routine server audit. You did not notice any abnormal activity. However, another network security analyst finds connections to unauthorized ports from outside the organization’s network. Using security tools, the analyst finds hidden processes that are running on the server. Which of the following has most likely been installed on the server?

A. Spam

B. Rootkit

C. Backdoor

D. Logic bomb

E. Ransomware

Answer

A

B. Most likely, a rootkit was installed. These can evade many routine scans, so there is no fault here. It’s just that more in-depth analysis was required to find the rootkit. The hidden processes are the main indicator of the rootkit. Spam is simply harassment by e-mail (and other messaging systems), to put it nicely. Backdoors are programmed ways to bypass security of an operating system. A logic bomb is code that defines when a particular type of malware will execute. Ransomware is when a computer is operationally held hostage; files are not retrievable by the user (because they have been encrypted) until a ransom is paid. It’s important to run in-depth scans periodically. They can be time consuming, but they can uncover many threats and vulnerabilities that would otherwise go unnoticed.

Question 55

Q

What are some of the drawbacks to using a HIDS instead of a NIDS on a server? (Select the two best answers.)

A. A HIDS may use a lot of resources, which can slow server performance.

B. A HIDS cannot detect operating system attacks.

C. A HIDS has a low level of detection of operating system attacks.

D. A HIDS cannot detect network attacks.

Answer

A

A and D. Host-based intrusion detection systems (HIDSs) run within the operating system of a computer. Because of this, they can slow a computer’s performance. Most HIDS do not detect network attacks well (if at all). However, a HIDS can detect operating system attacks and will usually have a high level of detection for those attacks.

Question 56

Q

What are two ways to secure the computer within the BIOS? (Select the two best answers.)

A. Configure a supervisor password.

B. Turn on BIOS shadowing.

C. Flash the BIOS.

D. Set the hard drive first in the boot order.

Answer

A

A and D. Configuring a supervisor password in the BIOS disallows any other user to enter the BIOS and make changes. Setting the hard drive first in the BIOS boot order disables any other devices from being booted off, including floppy drives, optical drives, and USB flash drives. BIOS shadowing doesn’t have anything to do with computer security, and although flashing the BIOS may include some security updates, it’s not the best answer.

Question 57

Q

What are the two ways in which you can stop employees from using USB flash drives? (Select the two best answers.)

A. Utilize RBAC.

B. Disable USB devices in the BIOS.

C. Disable the USB root hub.

D. Enable MAC filtering.

Answer

A

B and C. By disabling all USB devices in the BIOS, a user cannot use his flash drive. Also, the user cannot use the device if you disable the USB root hub within the operating system. RBAC, which stands for role-based access control, defines access to networks by the person’s role in the organization (we will cover this more later in the book). MAC filtering is a method of filtering out computers when they attempt to access the network (using the MAC addresses of those computers).

Question 58

Q

Which of the following are Bluetooth threats? (Select the two best answers.)

A. Bluesnarfing

B. Blue bearding

C. Bluejacking

D. Distributed denial-of-service

Answer

A

A and C. Bluesnarfing and bluejacking are the names of a couple of Bluetooth threats. Another attack could be aimed at a Bluetooth device’s discovery mode. To date there is no such thing as blue bearding, and a distributed denial-of-service attack uses multiple computers to attack one host.

Question 59

Q

To mitigate risks when users access company e-mail with their smartphone, what security policy should be implemented?

A. Data connection capabilities should be disabled.

B. A password should be set on the smartphone.

C. Smartphone data should be encrypted.

D. Smartphones should be only for company use.

Answer

A

B. A password should be set on the phone, and the phone should lock after a set period of time. When the user wants to use the phone again, the user should be prompted for a password. Disabling the data connection altogether would make access to e-mail impossible on the smartphone. Smartphone encryption of data is possible, but it could use a lot of processing power that may make it unfeasible. Whether the smartphone is used only for company use is up to the policies of the company.

Question 60

Q

Your manager wants you to implement a type of intrusion detection system (IDS) that can be matched to certain types of traffic patterns. What kind of IDS is this?

A. Anomaly-based IDS

B. Signature-based IDS

C. Behavior-based IDS

D. Heuristic-based IDS

Answer

A

B. When using an IDS, particular types of traffic patterns refer to signature-based IDS.

Question 61

Q

You are the security administrator for your organization. You want to ensure the confidentiality of data on mobile devices. What is the best solution?

A. Device encryption

B. Remote wipe

C. Screen locks

D. AV software

Answer

A

A. Device encryption is the best solution listed to protect the confidentiality of data. By encrypting the data, it makes it much more difficult for a malicious person to make use of the data. Screen locks are a good idea but are much easier to get past than encryption. Antivirus software will not stop an attacker from getting to the data once the mobile device has been stolen. Remote sanitization (remote wipe) doesn’t keep the data confidential; it removes it altogether! While this could be considered a type of confidentiality, it would only be so if a good backup plan was instituted. Regardless, the best answer with confidentiality in mind is encryption. For example, if the device was simply lost, and was later found, it could be reused (as long as it wasn’t tampered with). But if the device was sanitized, it would have to be reloaded and reconfigured before being used again.

Question 62

Q

You are tasked with implementing a solution that encrypts the CEO’s laptop. However, you are not allowed to purchase additional hardware or software. Which of the following solutions should you implement?

A. HSM

B. TPM

C. HIDS

D. USB encryption

Answer

A

B. A TPM, or trusted platform module, is a chip that resides on the motherboard of the laptop. It generates cryptographic keys that allow the entire disk to be encrypted, as in full disk encryption (FDE). Hardware security modules (HSMs) and USB encryption require additional hardware. A host-based intrusion detection system requires either additional software or hardware.

Question 63

Q

A smartphone has been lost. You need to ensure 100% that no data can be retrieved from it. What should you do?

A. Remote wipe

B. GPS tracking

C. Implement encryption

D. Turn on screen locks

Answer

A

A. If the device has been lost and you need to be 100% sure that data cannot be retrieved from it, then you should remotely sanitize (or remotely “wipe”) the device. This removes all data to the point where it cannot be reconstructed by normal means. GPS tracking might find the device, but as time is spent tracking and acquiring the device, the data could be stolen. Encryption is a good idea, but over time encryption can be deciphered. Screen locks can be easily circumvented.

Question 64

Q

Which of the following is a concern based on a user taking pictures with a smartphone?

A. Application whitelisting

B. Geotagging

C. BYOD

D. MDM

Answer

A

B. Geotagging is a concern based on a user taking pictures with a mobile device such as a smartphone. This is because the act of geotagging utilizes GPS, which can give away the location of the user. Application whitelisting is when there is an approved list of applications for use by mobile devices. Usually implemented as a policy, if the mobile device attempts to open an app that is not on the list, the process will fail, or the system will ask for proof of administrative identity. BYOD stands for bring your own device, a technological concept where organizations allow employees to bring their personal mobile devices to work and use them for work purposes. MDM stands for mobile device management, a system that enables a security administrator to configure, update, and secure multiple mobile devices from a central location.

Answer 59

A

A and E. Remote wipe and encryption are the best methods to protect a stolen device’s confidential or sensitive information. GPS can help to locate a device, but it can also be a security vulnerability in general; this will depend on the scenario in which the mobile device is used. Passwords should never be e-mailed and should not be associated with e-mail. Tethering is when a mobile device is connected to another computer (usually via USB) so that the other computer can share Internet access, or other similar sharing functionality in one direction or the other. This is great as far as functionality goes, but more often than not can be a security vulnerability. Screen locks are a decent method of reducing the chance of login by the average person, but they are not much of a deterrent for the persistent attacker.

Answer 60

A

B and E. When encrypting a smartphone, the security administrator should encrypt internal memory and any long-term storage such as removable media cards. The admin must remember that data can be stored on both. Public keys are already encrypted; it is part of their inherent nature. Smartphones don’t necessarily use an MBR the way Windows computers do, but regardless, if the internal memory has been encrypted, any boot sector should be secured. Images based on steganography, by their very nature, are encrypted through obfuscation. It is different from typical data encryption, but it’s a type of cryptography nonetheless.

Answer 61

A

A. By implementing individual file encryption (such as EFS) on files that are stored on a disk encrypted with whole disk encryption, the files will remain encrypted (through EFS) even if they are copied to a separate drive that does not use whole disk encryption. However, running two types of encryption will usually increase processing overhead, not reduce it. NTFS permissions aren’t relevant here; however, if files are copied to an external drive, those files by default lose their NTFS permissions and inherit new permissions from the parent folder on the new drive. We’ll discuss NTFS permissions more in Chapter 11. We shouldn’t call this double encryption—rather, the files are encrypted twice separately. The bit strength is not cumulative in this example, but there are two layers of encryption, which is an example of defense in depth and security layering.

Answer 62

A

C. To meet regulations, a properly configured host-based firewall will be required on the computers that will be transacting business by credit card over the Internet. All of the other answers—antivirus updates, NIDS, and HIPS—are good ideas to secure the system (and/or network), but they do not address the core issue of filtering ports, which is the primary purpose of the firewall. Also, a network-based firewall will often not be secure enough to meet regulations, thus the need for the extra layer of protection on the individual computers.

Answer 63

A

C. Of the answers listed, the USB mass storage device would be the most likely asset to be considered for data loss prevention (DLP). It’s the only device listed in the answers that should have any real organizational data! A proxy server temporarily caches such data as HTTP and FTP. A print server forwards printed documents to the correct printer (again the data is usually held temporarily). An application server contains programs, but usually doesn’t store organizational data files. It’s the devices and computers that store actual company data files that we are primarily concerned with.

Answer 64

A

C. By using a virtual machine (which is one example of a virtual instance), any ill effects can be compartmentalized to that particular virtual machine, usually without any ill effects to the main operating system on the computer. Patching a computer does not automatically patch virtual machines existing on the computer. Other virtual machines can be compromised, especially if nothing is done about the problem. Finally, virtual machines can definitely be affected by hacking techniques. Be sure to secure them!

Answer 65

A

A. Virtualization enables a person to install operating systems (or applications) in an isolated area of the computer’s hard drive, separate from the computer’s main operating system.

Answer 66

A

C. The Network and Sharing Center is where you can disable file sharing in Windows. It can be accessed indirectly from the Control Panel as well. By disabling file sharing, you disallow any (normal) connections to data on the computer. This can be very useful for computers with confidential information, such as an executive’s laptop or a developer’s computer.

Answer 67

A

A. To hide bootmgr, you either need to click the radio button for Don’t Show Hidden Files, Folders, or Drives or enable the Hide Protected Operating System Files checkbox.

Answer 68

A

A and B. Two ways to harden an operating system include installing the latest updates and installing Windows Defender. However, virtualization is a separate concept altogether; it can be used to create a compartmentalized OS, but needs to be secured and hardened just like any other OS. PHP scripts will generally not be used to harden an operating system. In fact, they can be vulnerabilities to websites and other applications.

Answer 69

A

B. NTFS is the most secure file system for use with today’s Windows. FAT and FAT32 are older file systems, and DFS is the distributed file system used in more advanced networking.

Answer 70

A

A. The convert command is used to upgrade FAT and FAT32 volumes to the more secure NTFS without loss of data. HPFS is the High Performance File System developed by IBM and is not used by Windows. ext4 is the fourth extended filesystem used by Linux. NFS is the Network File System, something you would see in a storage area network.

Answer 71

A

D. NTFS and FAT32 support the same number of file formats, so this is not an advantage of NTFS. However, NTFS supports file encryption, larger file sizes, and larger volumes, making it more advantageous in general in comparison to FAT32, and is capable of higher levels of security, most especially down to the file level.

Answer 72

A

D. The biggest risk of running a virtual computer is that it will go offline immediately if the server that it is housed on fails. All other virtual computers on that particular server will also go offline immediately.

Answer 73

A

D. The beauty of a virtualized browser is that regardless of whether a virus or other malware damages it, the underlying operating system will remain unharmed. The virtual browser can be deleted and a new one can be created; or if the old virtual browser was backed up before the malware attack, it can be restored. This concept applies to entire virtual operating systems as well, if configured properly.

Answer 74

A

D. The System State needs to be backed up on a domain controller to recover the Active Directory database in the future. The System State includes user data and system files but does not include the entire operating system. If a server fails, the operating system would have to be reinstalled, and then the System State would need to be restored. Consider backing up the system state in the command-line.

Answer 75

A

C. A patch can fix a single security issue on a computer. A service pack addresses many issues and rewrites many files on a computer; it may be overkill to use a service pack when only a patch is necessary. Also, only older Windows operating systems (for example, Windows 7 and Windows Server 2008 R2 and previous) use service packs. You might obtain the patch from a support website. A baseline can measure a server or a network and obtain averages of usage.

Answer 76

A

C. Often, operating system manufacturers such as Microsoft refer to the attack surface as all the services that run on the operating system. By conducting an analysis of which services are necessary and which are unnecessary, an administrator can find out which ones need to be disabled, thereby reducing the attack surface. Updates, service packs, antivirus software, and network intrusion detection systems (NIDSs) are good tools to use to secure an individual computer and the network but do not help to reduce the size of the attack surface of the operating system.

Answer 77

A

A. Virtualization of computer servers enables a network administrator to isolate the various network services and roles that a server may play. Analyzing network traffic would have to do more with assessing risk and vulnerability and monitoring and auditing. Adding network services at lower costs deals more with budgeting than with virtualization, although, virtualization can be less expensive. Centralizing patch management has to do with hardening the operating systems on the network scale.

Answer 78

A

C. Patch management is an example of verifying any new changes in software on a test system (or live systems for that matter). Verifying the changes (testing) is the second step of the standard patch management strategy. Application hardening might include updating systems, patching them, and so on, but to be accurate, this question is looking for that particular second step of patch management. Virtualization is the creating of logical OS images within a working operating system. HIDS stands for host-based intrusion detection system, which attempts to detect malicious activity on a computer.

Answer 79

A

B and D. Updating the host-based intrusion prevention system is important. Without the latest signatures, the HIPS will not be at its best when it comes to protecting against malware. Also, disabling unused services will reduce the attack surface of the OS, which in turn makes it more difficult for attacks to access the system and run malicious code. Disabling the data loss prevention (DLP) device would not aid the situation, and it would probably cause data leakage from the computer. Installing a perimeter firewall won’t block malicious software from entering the individual computer. A personal firewall would better reduce the attack surface of the computer, but it is still not meant as an anti-malware tool. Updating the NIDS signatures will help the entire network, but might not help the individual computer. In this question, we want to focus in on the individual computer, not the network. In fact, given the scenario of the question, you do not even know if a network exists.

Answer 80

A

A. The best way to establish host-based security for your organization’s workstations is to implement GPOs (Group Policy objects). When done properly from a server, this can harden the operating systems in your network, and you can do it from a central location without having to configure each computer locally. It is the only answer that deals with the client operating systems. The other answers deal with database and web servers, and firewalls that protect the entire network.

Answer 81

A

B. Of the answers listed, the only one that will not show the version number is wf.msc. That brings up the Windows Firewall with Advanced Security. All of the other answers will display the version number in Windows.

Answer 82

A

A. If you migrate some of these low-resource servers to a virtual environment (a very smart thing to do), you could end up spending more on licensing, but less on hardware, due to the very nature of virtualization. In fact, the goal is to have the gains of hardware savings outweigh the losses of licensing. Load balancing and clustering deals with an OS utilizing the hardware of multiple servers. This will not be the case when you go virtual, nor would it have been the case anyway, because clustering and load balancing is used in environments where the server is very resource-intensive. Baselining, unfortunately, will remain the same; you should analyze all of your servers regularly, whether they are physical or virtual. These particular servers should not encounter latency or lowered throughput because they are low-resource servers in the first place. If, however, you considered placing into a virtual environment a Windows Server that supports 5,000 users, you should definitely expect latency.

Brainscape's Knowledge GenomeTM

Topic 1: Network and security basics Flashcards

Brainscape's Knowledge Genome^TM