CTI - 120 Final
stateful inspection
- In addition to examining the header information of the packets traversing the firewall, a stateful inspection firewall considers other factors when determining whether traffic should be permitted across the firewall. Stateful inspection also determines whether a packet is part of an existing session, and that information can be used to decide whether to permit or deny a packet.
You are setting up your first secure Windows workstation and you are setting the password history. What are the minimum and maximum settings you can use?
0, 24
What OSI layer is used by switches and bridges?
2
SMTP uses TCP port:
25
On which OSI layer do TCP and UDP function?
4
When using Internet Explorer, how many content zones are there?
4
The highest setting that account lockout duration can use is _______________.
99,999
What is the maximum setting for Minimum Password Age?
998
digital signature
A mathematical scheme that is used to demonstrate the authenticity of a digital message or document. It is also used to prove that the message or document has not been modified.
cracked password
A password that gets access to an encrypted password file from a workstation or server. Once he or she has access, the attacker starts running password cracking tools against the file, with an eye toward breaking as many passwords as possible and leveraging them to further compromise the company's network and systems
Windows Firewall
A software component included with Windows that can help prevent hackers or malicious software from gaining access to your computer through network or the internet
IEEE 802.1x
A standard that authenticates users on a per-switch port basis by permitting access to valid users but effectively disabling the port if authentication fails.
SPI
A stateful inspection packet filtering that keeps track and make decisions based of the collected data
The three common types of protocol spoofing are [___] spoofing, [____] spoofing, and [_____] address spoofing.
ARP Soofing DNS Spoofing IP address Spoofing
If a user is deploying technologies to restrict access to a resource, they are practicing the __________ security principle.
Access Control
windows store
Access to purchase and download apps that use the Windows 8 interface.
The number of incorrect logon attempts permitted before a system will lock an account is known as the _______________________.
Account Lockout Threshold
Which setting should be applied to ensure that a possible dictionary attack against a Windows application server has a limited chance at success?
Account Lockout Threshold
When the user has exceeded the number of incorrect logon attempts this setting will determine how long they must wait before attempting to logon again.
Account lockout duration
encrypt the offline files
Add the address or domain for these emails to the white list
Before entering a username, password or credit card information on a web site you should verify the following about the website:
Address bar shows correct URL and HTTPS
Symptoms of malware are: (Select the best answer)
All of the above
The benefits of a VLAN are: (Select the best answer)
All of the above
Microsoft account
Allows a user to access resources on a computer and on Microsoft cloud computing services.
digital certificate
An electronic document that contains an identity, such as a user or organization name, along with a corresponding public key. Because a digital certificate is used to prove a person's identity, it can also be used for authentication.
stateless inspection
An inspection of data based on source and destination IP address, packet type, and port number. Session state is stored and return traffic is allowed.
Which of the following is used to stop a program from running on a Windows 10 system?
AppLocker
A sales team for a medium-sized manufacturing company has just deployed a new e-commerce application to allow for the direct sale of products to its customers. To secure this application, an application firewall is deployed. At what layer of the OSI model does the application firewall occur?
Application
attack surface analysis
Application attack surface network attack surface employee attack surface helps to identify the attack surface that an organization may be susceptible to
Which type of key has one key for encryption and a different key for decryption?
Asymmetric
zero day attack
Attack that exploits previously unknown vulnerabilities, so victims have no time (zero days) to prepare for or defend against the attack.
To track a user's activities in Windows, you need to enable ___________________
Auditing
This core security principle of ___________ describes a resource being accessible to a user, application or system. Fault tolerance and redundancy are primary methods for protection.
Availability
Which of the following refers to the process of eliminating a risk by choosing to not engage in an action or activity?
Avoidance
Which technology is used to encrypt an an entire disk?
BitLocker
Which of the following are password-based attacks (Choose all that apply)
Brute force Dictionary
CHAP
Challenge Handshake Authentication Protocol authentication to protocol using PPP servers to validate identity of the clients
This cloud deployment model is used when two similar organizations with shared concerns use the same cloud computing resources.
Community Cloud
_____________ is the characteristic of a resource that ensures that access is restricted to only permitted users, applications, or computer systems.
Confidentiality
The information security acronym CIA stands for which of the following?
Confidentiality, Integrity, Availability
CM
Connection manager remote access client that allows an administrator to build a remote access configuration package to be distributed to the admin remote users
What do you do if someone you know sends you a suspicious email?
Contact the individual by phone and confirm if they sent the email
Which of the following are common types of password attacks? (Choose three answers)
Cracked Keylogging Brute Force
Which of the following is an attack that relies on having a user execute a malicious script embedded in a web page? (Choose the best answer.)
Cross-site scripting
The goal of this attack is to overwhelm the network or host with a high volume of traffic causing it to shut down or become unable to serve legitimate users.
DDoS
The VPN server has been configured and is running properly. However, it has not been configured to hand out IP addresses to clients. When a VPN server is configured this way, the clients obtain their IP addresses from a _____ server.
DHCP
A manager wants to set up an area that is not on the LAN but not quite on the Internet. This area will house servers that will serve requests to users who are connecting to your web server. What type of network area or zone should be set up?
DMZ
The IT director has asked you to install a firewall. Which of the following is not a type of firewall?
DMZ
A network administrator that has been put in charge of registering your company's domain name and setting up the DNS so that people on the Internet can get to the website should use ___________ to ensure that DNS entries are not poisoned by an attacker.
DNSSEC
A small business owner has purchased a new wireless access point and wants to ensure that only his systems are able to connect to the wireless network. He enables MAC address filtering and put the MAC addresses for all his computers in the permitted table. The filtering occurs at what layer of the OSI model?
Data-link
As the Chief Security Officer for a small medical records processing company, you have just finished setting up the physical security for your new office. You have made sure that the parking lot is illuminated, that you have guards at the door as well as doing periodic patrols, and you have badge readers throughout the building at key locations. You also have put biometric access technology on the data center door. And of course, you have cameras in the parking lot, building entrances, and the data center entrances. This is an example of which security concept ?
Defense in depth
DMZ
Demilitarized Zone a network that separates public and private networks. They often contain web servers, email servers, and proxy servers
DoS
Denial of Service attack floods the network being attacked with overwhelming amounts of traffic, shutting down the network infrastructure like a route or firewall
Which of the following refers to a form of brute force password attack that uses an extensive list of pre-defined passwords?
Dictionary
A type of attack that uses an extensive list of potential passwords based on common words is known as a(n) __________________
Dictionary Attack
Which of the following are common types of routing protocols? (Choose all that apply.)
Distance vector Link state
DDoS
Distributed Denial of Service Attack the use of multiple even hundreds of different computers to conduct a DoS
The _____________ stores a copy of the centralized database ( accounts and security information of a domain) used in Active Directory.
Domain Controller
DNSSEC
Domain Name System Security adds security provisions to DNS so that computers can verify that they have been directed to the proper servers
The two common types of Network Address Translation are [_____] and [___].
Dynamic Static
A client wants to use smart cards with the VPN. Which authentication protocol should be used?
EAP
Which technology is used to encrypt an individual file on an NTFS volume?
EFS
Which IPsec protocol provides confidentiality, authentication, integrity and anti-replay for the data.
ESP
Which of the following is not a method for authentication?
Encryption
Which type of permission is granted directly to a file or folder?
Explicit
An authentication server on a DMZ that will allow only users from a partner company. Which type of network is being configured?
Extranet
When selecting a biometric method you must consider potential issues with valid users who are incorrectly denied access. The term used to describe this issue is called:
FRR
A potential employee has arrived for an interview. They have spilled coffee on their resume. They have their resume on a flash drive and ask you to open the resume from the flash drive and print out a copy. It is a best practice to grant their request and print the resume.
False
For a more secure environment, all users should be administrators of their computer and not a standard user.
False
If you want to use a local AppLocker rule on all computers in your business, you have to recreate the the rule on every computer. You cannot export the local policy and import to a GPO.
False
Wi-Fi Internet Connections are more secure than cable Internet connections.
False
Which NTFS permission is needed to change attributes and permissions?
Full Control
GPO
Group Policy Object a windows tool which is used to control rights for users and organizational units Rights and permissions are assigned to the group rather than to each user individually. Allows an administrator granular control over the configuration of objects in Active Directory, including user accounts, operating systems, applications, and other AD objects.
A set of rules that allows an administrator granular control over the configuration of objects in Active Directory (AD), including user accounts, operating systems, applications, and other AD objects, is known as a(n) _____________.
Group Policy Object (GPO)
_______________ is a one-way encryption. After data is encrypted it cannot be decrypted. It is often used for storing passwords and digital signatures.
Hash function
A(n) ______ can be deployed to distract an attacker from the critical systems on your network.
Honeypot
Which of the following elements and issues should be considered when deciding whether to use a software solution for a firewall? (Choose all that apply.)
Host operating system Other Applications Stability
WPA/WPA2 can use an external authentication server with EAP to enable strong authentication for connection to the WLAN. This mode is called:
IEEE 802.1x
The ________ defines DNS.
IETF
To use VPN Reconnect, which VPN protocol should be used?
IKEv2
Which of the following pieces of information are typically examined by a stateless inspection firewall? (choose all that apply)
IP address of the sending host IP address of the recieving host Data packet type
Which system can detect, alert and prevent a breach from occurring? (Choose the best answer)
IPS
Which type of system detects unauthorized intruders, activities, attacks and network compromises and then takes action to stop them from proceeding?
IPS
The two most common protocols you can use to create a VPN are [___] and [_____].
IPsec SSL/TLS
All of the following are steps in threat modeling EXCEPT:
Identify the strategy for growth
The user's ability to control when, how and to what extent information about themselves will be collected, used and shared is called _____________.
Information Privacy
Which types of network traffic originates from outside the network routers and proceeds toward a destination inside the network?
Ingress
The ______________ permissions flow from a parent object to the child object
Inherited
The consistency, accuracy, and validity of data or information is called __________. Hashing is often used to ensure this.
Integrity
IKEv2
Internet Key Exchange Version 2 (IKEv2) is a tunneling protocol which has a connection that stays up and is automatically reestablished as a client moves from network to network.
A network zone that allows remote access for employees of a company is set up. This is known as an __________
Intranet
A physical object that can be connected to the Internet and controlled that way:
IoT device
What is the primary authentication method used on Microsoft Active Directory?
Kerberos
A business traveler notices there is an extra connector between the keyboard and the computer, in a business center. She has most likely encountered a(n) _______________
Keylogger
A client wants to install a VPN server that can offer unencrypted tunnels by default, or encrypted tunnels by using IPSec. Which of the following services should be used?
L2TP
A VPN server that uses inbound port 1701 is installed. The server is utilizing the _________ protocol.
Layer 2 Tunneling Protocol (L2TP)
L2TP/IPsec
Layer 2 Tunneling Protocol over IPsec VPN technology that has quickly gaining popularity dues to its inclusion of IPsec as the security protocol
Which of the following are benefits of SSL/TLS VPNs over IPsec VPNs? (Select all that apply)
Less expensive Browser and OS independent NAT Support
LOB App
Line of business app programs and software that are essential to running a business
Which Administrative Tool should be used to configure password control settings on a Windows 10 Workstation?
Local Security Policy
When traveling on business and headed out to dinner with a client, which of the following should be done to secure a laptop? (Choose the best answer.)
Lock it in the car trunk
_______________ is software that is designed to infiltrate or infect a computer, usually with ill intent.
Malware
Which of the following are not valid password controls? (Choose all that apply.)
Maximum Password Length Account Lockout Count
Which of the following are considered removable devices or drives? (Choose all that apply.)
Memory card USB flash drive External hard drive
Which type of account is used with outlook.com and OneDrive and can be used to synchronize a desktop across multiple computers?
Microsoft Account
MBSA
Microsoft Baseline security analyzer a software tool released by MS to determine the security state of a system by assessing missing security updates and less secure security settings within MS windows components
MS-CHAPv2
Microsoft Challenge Handshake authentication protocol An improvement over MS-CHAP which includes mutual authentication.
Which of the following is a two-factor authentication that uses an enrolled device and Windows Hello?
Microsoft Passport
MAPS
Microsoft active protection service the network of windows defender and Microsoft security essentials users that help determine which programs are classified as spyware
A customer desires a device that can detect network anomalies and report them to an administrator. What type of device is necessary?
NIDS
An issue with one of the ports on the firewall is suspected. Which of the following is the appropriate tool to use to scan the ports?
NMAP
Which of the following file systems offers the best security?
NTFS
_______________ is a file system that supports large volumes, is more tolerant than previous systems and has the ability to assign permissions to files and folders.
NTFS
Which of the following uses an ACL? (Choose two)
NTFS folder Active Directory user
At which layer of the OSI model does routing occur?
Network
An attack that relies on access to a physical LAN segment is known as a(n) ____________ attack
Network Sniffing
_________________ are copies of network files that are stored on your computer so that a user can access them when they are not connected to the network.
Offline Files
When you cannot access a folder because someone removed the permissions so that no one can access it, you must take __________ of the folder.
Ownership
Which authentication protocol should not be used because it is the least secure?
PAP
The master time keeper and master for password changes in an Active Directory domain is:
PDC emulator
A(n) _____________ is a secret numeric password shared between a user and a system that can be used to authenticate the user to the system.
PIN
Which infrastructure is used to assign and validate digital certificates?
PKI
After setting up a default VPN in Windows Server 2016, the supervisor is not satisfied with the level of security. She would rather have L2TP combined with IPsec. What tunneling protocol is used with the default settings and is less secure than L2TP with IPsec?
PPTP
When setting up a VPN that allows connections on inbound port 1723, which of the following tunneling protocols should be used?
PPTP
This cloud computing service model is often used by developers. The vendor supplies a complete infrastructure for application development (development tools, operating system, servers, storage, networking resources) while the developers manage the applications.
PaaS
Which of the following are valid firewall types? (Choose all that apply)
Packet Filtering Application
Which of the following would be considered appropriate security measures for a building's external security perimeter? (Choose all that apply.)
Parking lot lights Security guards
PAP
Password Authentication Protocol
The setting that determines the number of unique passwords that must be used before a password can be re-used is the _____________
Password History
Which two features in Windows Server 2008 and later permit the use of fine-grained password policies? (Choose two.)
Password Settings Container Password Settings Object
Which of the following is not a biometric device?
Password reader
inherited permission
Permissions granted to a folder (parent object or container) that flows into child objects (subfolders or files) inside that folder.
Which of the following are layers of the OSI model? (Choose all that apply.)
Physical Application Network
Which type of DoS attack uses large ICMP packets to cause an overflow of the memory buffers allocated for packets?
Ping of death
PPTP
Point-to-Point Tunneling Protocol a commonly used VPN protocolwhich less secure then L2TP with IPsec
PEAP
Protected Extensible Authentication Protocol
A client wants a server installed that can cache web pages in order to increase the speed of commonly accessed Web sites. What type of server is required?
Proxy
Which of the following services is used for centralized authentication, authorization, and accounting?
RADIUS
A(n) ____________________ is a full replication of the domain database and is located in places where a domain controller is needed but where physical security of the domain controller cannot be guaranteed.
RODC (Read-only Domain Controller)
Proseware, Inc., wants you to set up a VPN server. Which of the following services in Windows Server 2016 should be used?
RRAS
Which of the following refers to the process of disabling unneeded services and ports to make the system more secure?
Reducing the attack surface area
The centralized database that holds most of the Windows configurations is known as the _____________
Registry
Which of the following are common uses for a VPN? (Choose all that apply)
Remote access Secure network-to-network connections
An attack that records a stream of data, modifies it, and then resends it is known as a(n) _________ attack.
Replay attack
The __________________ option needs to be less than or equal to the Account Lockout Duration.
Reset Account Lockout Counter After
The risk that remains after measures have been taken to reduce the likelihood or minimize the effect of a particular event.
Residual risk
_____________ refers to the risk of an event that remains after measures have been taken to reduce the likelihood or minimize the effect of the event.
Residual risk
A Risk Manager for a medium-sized pharmaceutical company who is asked to perform a formal risk analysis would most likely record the results of the risk assessment in a(n) ______________________
Risk Register
Local user accounts are found in:
SAM
A client wants to use a Windows Server 2016 server as a VPN server. However, the networking team allows only HTTPS through the firewall. Which VPN protocol should be used?
SSTP
When a user is notified of an attempt by programs to make changes to their computer, the desktop will be dimmed. This dimming indicates the computer is in ___________________ mode, because other programs can't run until the changes are approved or disapproved.
Secure Desktop
SSTP
Secure Socket Tunneling Protocol. A tunneling protocol that encrypts VPN traffic using SSL over port 443.
SSL
Secure socket layer a cryptographic system that uses two keys to encrypt data, a public key and a private key the public key is the digital cert
Which of the following is a collection of security settings that can be used to configure client settings?
Security Baseline
Which of the following is a free tool that allows administrators to quickly configure and manage desktops and users using Group Policy?
Security Compliance Manager
SCM 4.0
Security Compliance Manager is a free tool from microsoft that can be used to quickly configure and manage your desktops, traditional data center and private cloud using Group Policy and System Center Configuration Manager
A physical device such as a key fob that is given to a user for authentication. It can generate a second code that gets entered during authentication.
Security token
_____________ is an email validation system that is designed to verify if an email is coming from the proper email server.
Sender Policy Framework
SPF
Sender Policy Framework an email validation system designed to prevent emails spam that uses source address spoofing. SPF allows administrators to specific in DNS SPF records in the public DNS which hosts are allowed to send email from given domain
When designing access to a payroll system, it is a good idea to split the functions among multiple employees. This is an example of the principle of ______________ and can limit fraud, theft and errors.
Separation of duties
Which physical device is used to authenticate users based on what a user has?
Smart card
When you use special software to read data as it is broadcast on a network, you are ___________ the network.
Sniffing
_____________ is a method to gain access to data, systems, or networks, primarily through misrepresentation.
Social engineering
The type of attack that relies on a weakness in an operating system or an application is known as a(n) _____________.
Software vulnerability attack
_____________ is another name for junk email
Spam
In the acronym STRIDE, the "S" stands for ______________________________
Spoofing
Which type of malware collects personal information or browsing history, often without the user's knowledge?
Spyware
A firewall that accepts or rejects packets based on a set of rules is installed. This firewall keeps track of the state of the network connection. It is running a type of packet filtering known as _________________________
Stateful packet filtering
Which of the following technologies could be used to help ensure the confidentiality of proprietary manufacturing techniques for an auto parts manufacturing business? (Choose two answers.)
Strong encryption Strong authentication
Which of the following would be an acceptable password on a Windows 10 Pro system with Password Complexity enabled and Minimum Password Length set to 8? (Choose all that apply.)
Summer2010 ^^RGood4U St@rTr3k
NAT filtering
Technology that can filter traffic according to ports (TCP and UDP)
kerberos
The default domain computer network authentication protocol, which allows hosts to prove their identity over a non-secure network in a secure manner.
threat modeling
The process of identifying threats and vulnerabilities and then defining countermeasures to prevent them.
threat and risk management
The process of identifying, assessing, and prioritizing threats and risks.
When copying a file or folder to a new volume, which permissions are acquired?
The same permissions as the target folder.
Which of the following explains why a minimum password age would be set?
To make sure a user does not reset a password multiple times until he or she can reuse his or her original password
Which of the following are valid risk responses? (Choose all that apply.)
Transfer Mitigation Avoidance
A user may access files on a server over a network using a shared folder instead of logging directly on to a server to access the files.
True
An example of PII is a person's social security number.
True
When a website is using HTTPS, you will see a lock icon on the address bar.
True
Windows Defender can scan a computer on a regular basis and remove or quarantine malware.
True
What technology is used by Windows to prevent unauthorized changes to your system?
UAC
When attempting to change the computer's display settings, which of the following causes a pop-up asking that prompts if a user wants to continue?
UAC
For antivirus software to be effective, it must be kept ___________.
Updated
UAC
User account control a feature that started with Windows Vista and is included with Windows 7. UAC helps prevent unauthorized changes to your computer in doing so it helps protect your system from malware
UDP protocol
User datagram protocol user for transporting video and time sensitive object
Which of the following describes the easiest way to set up a VPN client on a computer for a user who is not technically savvy?
Using CMAK to create an executable to install
All of the following are examples of tunneling protocols used with a VPN EXCEPT:
VPTP
You are working at the company help desk and have received a phone call from a user that forgot their password. Which of the following should you do ?
Verify the identity of the user with multiple pieces of information some or which are only known to the user
In Windows 10, which component is used by Device Guard and Credential Guard to protect the PC?
Virtual secure mode
Which type of malware reproduces itself on a computer without the owner's consent and will often delete or corrupt files?
Virus
An example of a(n) ____________ is a message that states you should delete the win.com file, because it is a virus.
Virus Hoax
If you are setting up a WLAN in a corporate environment and you want to use 802.1x and a RADIUS server to secure the connections, you need to use __________ keys.
WPA/WPA2
What is the best security method for wireless networks?
WPA2
The ____________ is an enormous system of interlinked hypertext documents.
WWW
________ allows users to interact with each other and contribute to Web sites.
Web 2.0
The Windows feature that provides support for biometric technologies allowing control of device drivers, device settings and the ability to enable, disable or limit the use of biometric data through the control panel is _______________________
Windows Biometric Framework
Microsoft's built-in antivirus and antispyware program is _____________.
Windows Defender
Which host-based firewall software comes with today's version of Windows?
Windows Firewall
Which program can be used to configure IPsec on a computer running Windows Server 2016?
Windows Firewall with Advanced Security
A two-factor authentication that consists of an enrolled device and an Windows Hello (biometric) or PIN.
Windows Passport
To control which updates get pushed to clients within an organization, an administrator would use [__] or [____].
Windows Server Update Service System Center Configuration Manager
windows store for business
Windows Store for Business provides a distribution of line-of-business applications to be deployed in an organization. It enables the owner to manage and maintain these custom apps in the same way as you do commercially available apps.
The Windows feature to keep the Windows operating system up to date with patches to security issues is called ______________.
Windows Update
A(n) ________ is a computer program that uses a network to self-replicate.
Worm
Which of the following is most likely the problem when a computer seems to be slow and a different default web page displays?
Your computer has been infected with malware.
Microsoft Edge
a browser made by Microsoft for windows
network firewall
a category software firewall consist of applications that are installed on servers used to protect network segments from other network segments
registry
a central, secure database i which windows stores all hardware configuration information, software configuration information, and system security policies. components that use the registry include, windows kernel, device drivers, setup programs, hardware profiles and user profiles
security template
a collection of configuration settings stored as a text file with and .inf extension
rule collection
a collection of rules used in windows defender
security baseline
a collection of security configuration settings that are to be applied to a particular host in the enterprise
group
a collection or list of user accoutns or computer accounts
pop up window
a component used on web pages that can be used as part of a useful website controls, but can also be used for annoying advertisements and few may attempt to load spyware or other malicious programs
back to back configuration
a configuration that has a DMZ situated between two firewall devices, which could be black box appliances or MS internet security and acceleration servers
back to back configuration
a configuration that has a DMZ that supports address and port translation and checks whether the type of application traffic is allowed
3-leg perimeter configuration
a configuration whereby the DMZ is usually attached to a separate connection of the company firewall. there for the firewall has three connections one to the company LAN one to DMZ and one to the internet
backdoor
a conveniences sometimes installed by designers so that they can easily make changes but it can be taken advantage of as the attacker uses it to circumvent security protocols
firewall
a device or serer that is primarily used to protect one network from another
mobile device
a device that has portable computing and processing ability
removable device
a device which can easily be added to and removed form a computer including - cd - thumb drive - external drive - removable memory card
application level firewall
a firewall filtering method which analyzes data at layer 5 of the OSI (session layer)
application level gateway
a firewall technology that supports address and port translation and checks whether the type of application traffic allowed
dictionary attack
a form of attack which attempts all words in or more dictionaries
Extensible authentication protocol
a frame work of authentication protocols
keylogger
a hardware or software based device used by attackers to record keystrokes
owner
a identity that controls an object including what permissions are set on the object and to whome permissions are granted
defense in depth
a layered security approach that controls who can physically access resources of an organization
risk register
a list of analyzed threats and risk impacts A document that contains results of various risk management processes, often displayed in a table or spreadsheet format
user account
a logical object that enables a user to log on to a computer and domain
computer account
a logical object that provides a means of authenticating and audting a computers access to windows network as well as its access to domain resources
virus hoax
a message warning the recipient of a nonexistent computer virus threat, usually sent as a chain email that tells the recipient to forward it to everyone he or she knows
honey net
a network of honey pot
firewall
a network security system and or hardware device which controls any incoming and outgoing network traffic based on a set of rules provided by and administrator
Bit locker to go
a new feature in windows 7 that enables uses encrypt removable USB devices such as flash drives and external hard disk
strong password
a password that is hard to guess because it is long and has a mix of different types of characters. Also random enough where it could not be easily guessed
security token
a physical device that an authorized computer services user is given to ease authentication
cookie
a piece of text stored by a users web browser. this file can be used for a wide range of purposes - user identification - authentication - storing site preferences - shopping cart contents
smart card
a pocket sized card with embedded integrated circuits consisting of nonvolatile memory storage components and perhaps dedicated security logic
intranet
a private computer network or single website that an organization implements in order to share data with employees around the world
virus
a program that can copy itself and infect a computer without the users consent or knowledge
password
a secret series of characters that enables a user to access a particular file, computer or program
principle of least privilege
a security concept in which people have the privileges they need for data and systems but no more than that
worm
a self replicating program that copies itself to other computer on a network without any user interventio
caching proxy
a server or device that tries to serve client request without actually contacting the remote server
Proxy server
a server that acts as an intermediary between a LAN and the Internet
member server
a server that is not running as a domain controller
password policy
a set of rules designed to enhance computer security by encouraging users to use strong passwords in the proper way
administrative share
a shared folder typically used for admin pruposed
rootkit
a software or hardware device designed to gain administrator level control over a computer system without being detected
windows defender
a software product from Microsoft that is intended to prevent, remove, and quarantine spyware in Microsoft Windows
Bayesian filtering
a special algorithm that uses key words to determine whether an email is considered as spam
sniffers
a specially designed software (and in some cases hardware) applications that capture network packets as they traverse a network, displaying them for the attacker
syslog
a standard for logging program messages that can be accessed by devices that would not otherwise have a method for communications
IPsec
a suite of protocols that provides a mechanism for data integrity, authentication, and privacy for the internet protocol. it is used to protect data that is sent between hosts on a network by creating secure electronic tunnels between two machines or devices. used for remote access, VPN, sever connections, LAN connections or WAN connections
phishing
a technique base on social engineering where users are asked to supply personal information
honey pot
a trap for hackers to study them
brute force attacks
a type of attacks that tires as many possible combinations of characters as time and money permit
pack filtering
a type of firewall that inspects each packet that passes through the firewall and accepts or rejects it based on a set of rules such as IP address and ports
spywayre
a type of malware that is installed on a computer to collect a uses personal information or details about his or her browsing habits, often without the users knowledge
host firewall
a type of software firewall installed on a host and used to protect the host from network based attacks
personal firewall
a type of software installed on a host and used to protect the host from network based attacks
domain user
a user account stored on the domain controller and allows you to gain access to resources with in the domain, assuming you have been granted permission to access those objects
local user account
a user account that is stored in the Security account manager database on the local computer
WPA2
a version of wi fi protected access which uses the IEEE 802.11 standards and is more secure
remote code execution attack
a vulnerabilty allowing an attacker to run code with system privileges on a server that possesses the appropriate weakness
domain controller
a windows server that stores a replica of the account and security information of a domain and defines the domain boundaries
internet
a world wide system of connected computer networks. connecting using TCP/IP protocol suite
acl
access control list a list of all users and groups tat have access to an object
What settings are used to keep track of incorrect logon attempts and lock the account if too many attempts are detected within a certain set time?
account lockout
effective permissions
actual permission when logging in and accessing a file or folder. they consist of explicit permissions plus any inherited permissions
auditing
aka accounting the process of keeping track of a users activity while accessing network resources including amount of time spent in the network, the services accessed, the amount of data transferring during each session
VPN Reconnect
allows a connection to remain open during a brief interruption of internet service
extranet
allows access to users that are outside the authorized network
fine grained password policy
allows you to specify multiple password policies within a single domain so that different settings for password and account lockout policies can be applied to different sets of users in the domain
accounting
also known as auditing, the process of keeping track of a users activity while accessing network resources including amount of time spent in the network, the services accessed, the amount of data transferring during each session
certificate chain
also known as the certification path, a list of certificates used to authenticate an entity. it begins with the certificate of the entity and ends with the root CA certificate
threat
an action of occurrence that could result in a breach in security, outage, or corruption of a system b
polymorphic virus
an armored virus that can changes upon execution to many different forms
DNS poisoning
an attack against the cached information of a DNS server
pharming
an attack aimed at redirecting a websites traffic to a bogus website
zero day attack
an attack that the vulnerability was never known of
biometrics
an authentication method that identifies and recognizes peple based on physical traits, such as finger prints, facial rec, retinal scans and voice rec
WWW
an enormous system of interlinked hypertext documents that can be accessed with web browser
trojan horse
an executable program that appears as a desirable or useful program. As it appears to be desirable or useful use are tricked into loading and executing the program on their system
ARP spoofing
an imposter like misuse of a network protocol for purpose of attack a network
SQL injection
an injection of script that bypasses a web browsers security mechanism
Web 2.0
an interactive type of web experience compared to the previous version 1.0. Web 2.0 allows users interact with each other and act as contributors to Web sites as well
replay attack
an interception of data begin transferred. Data can be capture and or manipulated on the way to a destination
tunneling
an internet key exchange that causes the initial encryption between two points
buffer overflow attack
an overloading of a reserved space of data. this causes a system to slow down freeze, or crash. Could be an attack as code is redirected to a different starting point when coming back
hash function
as a one-way encryption, which means that after something has been encrypted with this method, it cannot be decrypted.
In Windows, what do you use to create a record of details such as which users have logged in and what resources those users tried to access.
auditing
What technology is not used to implement confidentiality?
auditing
What do you call the process in which a user is identified via a username and password?
authentication
What is the process of giving individual access to a system or resource based on their identity?
authorization
The core security principle of ____________, means that when a user needs to get to information it is available to them. This principle includes actions in case of outages due to equipment failure, software or natural disasters.
availabilty
These are attacks against an opening left in a functional piece of software that allows access into a system or software application without the owner's knowledge. Many times these are left by the application developer or system accounts created by administrators that they can use if they leave the company.
back door
A ______ allows someone access by circumventing normal security precautions for the application. This gives a remote user unauthorized control of a system or automatically initiates an unauthorized task. This could be created by malware or could be created by developers.
backdoor
BYOD
bring your own device
When a hacker attempts to crack a password by trying as many combinations of characters as time and money permits is called a(n) _______________ attack.
brute force
What type of attack tries to guess passwords by every combination of characters?
brute-force attack
Viruses and worms often exploit _________________. This can occur when more data is sent than the buffer can hold.
buffer overflows
key
can be thought of as a password, is applied mathematically to plain text to provide cipher or encrypted text.
CRL
certificate revocation list a list of certificates (serial numbers that have been revoked or are no longer valid and therefore should not be relied on
CMAK
connection manager administration kit a tool that you can use to customize the remote connection experience for users on your network by creating predefined connections
applocker
controls how users access and use programs and files and extend the functionality originally provided by the software restriction policy found in earlier versions of Windows. In Windows 10, AppLocker is located in the Local Group Policy Editor
offline files
copies of network files that are stored on your computer so you can access them when you arent connected to the network
An example of a __________________ attack, hackers get access to an encrypted password file. Then they run password tools against the file to try to break as many passwords as possible.
cracked password
XXS
cross site scripting attack an attack in the code of an webpage or plugin is created making it a vulnerability for those who are browsing the web page
Which of the following is used to provide protection when one line of defense is breached?
defense in depth
permission
defines the type of access that is granted to an object or object attribute
SSL is a cryptographic system that uses two keys to encrypt data. The public key is stored in a(n) ____________.
digital certificate
Active directory
directory service technology created by MS that provides a variety of network services, including LDAP, kerberos, SSO, DNS based naming and other network information and a central location for network administration and delegations of authority
What type of server runs Active Directory storing a copy of the account and security information?
domain controller
This type of NAT maps an a private address to a public address. The public address is assigned from a pool of addresses at the time of the translation.
dynamic
Which of the following is considered the most effective way to protect against social engineering?
employee awareness
Which of the following tasks is recommended if sensitive or confidential information stored in offline files?
encrypt the offline files
To protect sensitive and confidential information in offline files they should be _____________.
encrypted
What is the process of converting data into a format that cannot be read by another user?
encryption
In stateless inspection, the firewall determines if a packet traversing the firewall is part of an existing session/conversation and uses that information to determine whether to permit or deny the packet.
false
windows update
fixes, patches and service packs and update device drivers that should be applied to a windows system. by adding fixes and patches windows will be kept stable and secure
UDP Flood
floods random ports on a remote host with numerous UDP packets
When you assign permissions to a folder, you should first grant permissions to __________ rather than users.
groups
device guard
helps harden a computer system against malware by running only trusted applications, thereby preventing malicious code form running
A honeynet is a collection of ___________________.
honeypots
This type of firewall is designed to protect a one computer from network-based attacks. An example is Windows firewall.
host firewall
IDS
intrusion detection system a solution designed to detect unauthorized user activates, attacks and network compromises
IPS
intrusion prevention system a solution designed to detect unauthorized user activities, attacks, and network compromises that can also take action to prevent a breach from occurring
egress traffic
is network traffic that BEGINS INSIDE a network and proceeds through its routers to its destination somewhere OUTSIDE the network
credential guard
isolates and hardens key systems and user security information Windows 10 enterprise
spam
junk email that is usually sent unsolicited
Which of the following is the best thing to do to protect a computer against malware, besides installing an antivirus software package? (Choose the best answer)
keep your machine up to date with the latest security patches
A(n) ________________ is an input to an encryption algorithm. Different values will produce different encrypted output when applied to the same plain text. This is needed for encryption and decryption.
key
backdoor attack
malware used t do unauthorized tasks on a system through and opening in the system
Which of the following is an attack that relies on the attacker being able to trick the sending host into thinking his or her system is the receiving host, and the receiving host into thinking his or her system is the sending host? (Choose the best answer.)
man in the middle
What prevents users from changing a password multiple times in the same day?
minimum password age
A VPN can ______________ connecting to a public WiFi network.
mitigate the risk of
NIPS
network intrusion prevention system a device designed to inspect traffic and based on its configuration or security policy it can remove, detain or redirect malicious traffic in addition to simply detecting it
NIDS
network intrusions detection system a device that can detect malicous network activities by constantly monitoring network traffic. NIDS reprot issues to network admin
NTFS
new technology file system the preferred file system fro today's windows operating system
separation of duties
not giving one person total control of one department or critical tasj
DNS spoofing
occurs when an attacker is able to intercept a DNS request and respond to the request before the DNS server is able to often changing the domain that will be pointed to and corelated with the ip address
OSI
open systems interconnect a conceptual model create by is to describe a network architecture that allows the passage of data between computer systems
circuit level firewall
operate at the transport and session lays of the OSI model to monitor the open sessions for filtering
organizational units
ou a container used in active directory to help organize objects within a domain and minimize the number of domains
What type of firewall filters packets based on rules using attributes like IP address, protocols and ports?
packet filtering
What is the most common form of authentication?
password
PSO
password settings object password settings
Which of the following servers would you not place on the DMZ?
payroll database server
A(n) ___________ defines the type of access over an object or the properties of an object such as an NTFS file or printer
permission
When you grant access to print to a file or folder, what are you granting?
permission
shared permissions
permissions assigned to shared folders or drives
explicit permission
permissions granted directly to a file or folder
NTFS permissions
permissions that allow you to control whih users and groups can gain access to files and folders on an NTFS volume
PIN
personal identification number a secret numeric password shared between a user and a system that can be used to authenticate the user to the system
A(n) ______________ attack redirects a website's traffic to a bogus website.
pharming
What technique is used to send you to a fake, but realistic-looking, website to verify your account information?
phishing
Which of the following refers to a social engineering technique in which a user receives an email stating that his account has just expired and he should log on to a legitimate-looking website to fix the problem?
phishing
acceptable use policy
policy that sets out what users are and are not allowed to do with IT systems
flash drive
portable stroage media device
nonrepudation
prevents one party from denying the actions it has carried out
social engineering
psychological tricking and impersonation the act of trying to get information from people through through trying to look like a legitimate entity
assymetric encryption
public key cryptography uses two mathematically related keys for encryption. one to encrypt one to decrypt
PKI
public key infrastructure consist of - hardware - software - policies - procedures able to ... digital certificates - create - manage - distribute - use - store - revoke
This fast growing form of malware, encrypts data files and then requests payment from the user to decrypt the files. This type of malware is called ______________.
ransomware
RODC
read only domain controller allows a read only copy of the AD to be stored
This attack occurs when an attacker is able to capture a data stream from the network using a network sniffer, modify parts of the data stream and then replay the traffic back to to the network.
replay
A(n) __________ authorizes a user to perform certain actions on a computer.
right
The probability or likelihood that an event will occur is called _____________.
risk
You are in the local coffee shop and need to connect to your work system. You are connected through the coffee shop public unsecured Wi-Fi. You decide to use VPN when connecting to your work system. This is an example of:
risk mitigation
What malware gives administrator-level control over a computer system without being detected?
rootkit
This process forwards packets based on the packet's destination IP address. It uses a table to make the decision of where to forward the packet.
routing
SAM
security account manager a local security database found on most windows computers
A(n) _______ is a collection of security settings stored in a text file that can be used to save security configurations, deploy the security settings to a computer or group policy or to analyze compliance of a computer to the desired configuration.
security template
A device that may provide a second password to log in to a system is a(n) __________
security token
A _________ account is one type of account you can configure so that the password does not expire.
service
Which of the following refers to a thoroughly tested, cumulative set of hotfixes and other patches?
service pack
SSO
single sign on technology that allows you to log on once and access multiple related but independent software systems without logging in again
Which of the following is NOT a factor in password strength?
sniffability
ransomware
software that encrypts a computer so that it cannot be used and to be unlocked a price must be paid
malicious software malware
software that is designed to infiltrate's or affect a computer system without the owner's informed consent. The term malware is usually associate with viruses, worms, trojan horses, spyware, rootkits and dishonest adware
internet content filter
technology that can filter out various types of internet activites, such as website, IM and so on
IP proxy
technology that secures a network that by keeping machines behind it anonymous, it does this through the use of NAT
circuit level gateway
technology used within firewall that, once the connection has been made, packets can flow between the host without further checking. hides information about private network
risk acceptance
the acknowledgement of the existence of a risk. no action is taken on the risk
risk avoidance
the act of doing nothing about a risk and not engagin
Confidentiality
the act of keeping data and systems secure from unauthorized access
risk mitigation
the act of lessening a risk and or the impact of the risk
access control
the act of restricting both physicals and file and server access so those who need it have it but those who do not need do not have it
social engineering
the act of trying to get information form people through tryign to look like a legitimate entity
email DoS
the attempt to send massive volumes of emails to an address
NTLM
the default authentication protocol for Windows NT, stand alone computers that are no part of a domain, and situations in which you are authenticating to a server using that IP address
built in groups
the default groups that are included with in Windows or active directory
spoofing
the misuse of a network protocol to perpetrate a hoax on a host or a network device
availability
the part of the CIA triangle that ensure data is accessible by those who need it when they need it
intergrity
the part of the CIA triangle that involves ensuring data is accurate, valid, and protected against unauthorized changes
MAC address
the physical or hardware address burned into each NIC 48 bits
risk
the probability a threat will become reality
decryption
the process of converting data from encrypted format back to tis original format
encryption
the process of converting data into a format that cannot be read by another user. once a user has encrypted a file, theat file automatically remains encrypted when it is stored on teh disk
authorization
the process of giving individuals access to system objects based on their identity
authentication
the process of identifying an individual usually based on a username and password
risk assesment
the process of identifying hazards and risk factors that have the potential to cause harm
account lockout
the process of preventingan account from logging on after a number of incorrect logon attempts
A central, secure database in which Windows stores hardware and software configuration information and system security policies is ______________________. This includes information about device drivers, setup programs, hardware profiles and user profiles.
the registry
residual risk
the remaining amount of risk after mitigation takes place
risk transfer
the sharing of a risk burden transfer to insurance
attack surface
the totality of ways in which a system can be attacked
ICMP ping flood
this type of attack can consume both outgoing and incoming bandwidth because the victim servers often attempt to respond with ICMP echo reply packets
An action or occurrence that could result in the breach, outage, or corruption of a system by exploiting known or unknown vulnerabilities is a(n) _____
threat
ingress traffic
traffic that originates from outside the networks routers and proceeds towards a destination inside the network
UWP
universal windows platform app the Microsoft app
HTTP flood
use of many GET or POST request to attack a web server application
security policy
used to address the constraints on behavior of its members as well as constraints imposed on mechanical physicals objects
DREAD
used to measure and rank the threats risk level Damage potential reproducibility exploitability affected users discoverability
symmetric encryption
uses a single key to encrypt and decrypt data
VPN
virtual private network technology that links two computers through a wide are network such as the internet. to keep the connection secure, the data sent between the two computers is encapsulated and encrypted
VPN
virtual private network a connection between two or more computers or devices that are not on the same private network
VSM
virtual secure mode used by device guard and credential guard virtualization used to organized windows 10 in multiple containers Windows runs one container; and the Active Directory security tokens that allow access to your organization's resources run in another container. Each container is isolated from the other and encrypted.
Which of the following uses the processor's virtualization to protect the PC, including data and credential tokens on the system's disks?
virtual secure mode (VSM)
STRIDE
well known attacks - spoofing - tampering - repudiation - information disclosure - DoS - elevation of privilege's
SYN flood
when a attacker sends syn packets from a fake ip address and then the server sends a syn ack back but since the address is fake it waits endlessly for a response
IP address spoofing
when an IP address is incorrectly changed by attacker
man in the middle attack
when an attacker is able to intercept and alter or record a transmission that is sent from a client to server
ping of death
when an attacker sends IP fragments with oversized fragment offsets, which cause the IP to be larger than 65,535 bytes after reassembly at the receiver, overflowing the memory buffers
multifactor authentication
when two or more authentication methods are used to authenticate someone
WPA
wi fi protected access uses a shared key to secure wireless networks
WEP
wireless equivalent privacy encryption method which should be used because it repeats to often and is easily cracker
windows server update
wsus a software system that can keep you systems updated with the newest windows and office updates
Attacks based on unknown or recently announced vulnerabilities are _____________. The attack occurs before the developer knows about or has a chance to fix the vulnerability.
zero-day
content zone
zones used to define and help manage security when visiting sites
