Michelle's Awesome Security Plus Chapter 5 Boot Camp
Which description best defines a computer virus? A computer program that replicates itself A file with a .vbs file extension A computer program that gathers user information A computer program that runs malicious actions
A computer program that runs malicious actions
Cable Lock
A device that can be inserted into the security slot of a portable device and rotated so that the cable lock is secured to the device to prevent it from being stolen.
Proximity
A device that detects an emitted signal in order to identify the owner.
Mantrap
A device that monitors and controls two interlocking doors to a small room (a vestibule), designed to separate secure and nonsecure areas.
Security Policy
A document or series of documents that clearly defines the defense mechanisms an organization will employ to keep information secure.
Deadbolt Lock
A door lock that extends a solid metal bar into the door frame for extra security.
Host-Based Software Firewall
A firewall that runs as a program on a local system to protect it against attacks.
Patch
A general software security update intended to cover vulnerabilities that have been discovered.
Access Log
A log that can provide details regarding requests for specific files on a system.
Audit Log
A log that can track user authentication attempts.
Log
A record of events that occur.
Botnets can be used to set what type of coordinated attack in motion?
DDoS
Firewall (Packet Filtering)
Hardware or software that is designed to prevent malicious packets from entering or leaving computers.
What is the difference between a rootkit and privilege escalation?
Privilege escalation is the result of a rootkit.
While attempting to access documents in a folder on your computer, you notice all of your files have been replaced with what appear to be random filenames. In addition, you notice a single text document containing payment instructions that will result in the decryption of your files. What type of malicious software is described in this scenario?
Ransomware
Refer to Figure 5-1. (flip the card) Which two items should be configured? (Choose two.) Real-time protection should be enabled. A custom scan should be configured. Virus and spyware definitions should be updated. The last scan should have been in the evening.
Real-time protection should be enabled. Virus and spyware definitions should be updated.
After installing a new piece of software from an online web site and then reviewing system logs, you notice that programs have been running without your consent. You also realize that files have also been added and removed at times when you were not using the computer. Which of the following items were most likely used to result in these logged messages? (Choose two.) Remote administration tool Adware Logic bomb Backdoor
Remote administration tool Backdoor
Managers within your organization want to implement a secure boot process for some key computers. During the boot process, each computer should send data to a remote system to check the computer's configuration. Which of the following will meet this goal? Trusted Platform Module, Hardware root of trust, Remote attestation, Trusted operating system
Remote attestation
The Stuxnet attack was discovered in June 2010. Its primary function was to hide its presence while reprogramming industrial computer systems (called PLCs), specifically nuclear centrifuges in an Iranian nuclear power plant. The malware was spread through USB flash drives, with which it transmits copies of itself to other hosts. Which of the following apply to Stuxnet? Choose 2 Rootkit Spam Worm Adware
Rootkit Worm
A software vendor recently developed a patch for one of its applications. Before releasing the patch to customers, the vendor needs to test it in different environments. Which of the following solutions provides the BEST method to test the patch in different environments? Baseline image, BYOD, Sandbox, Change management
Sandbox
A new mobile device security policy has authorized the use of employee-owned devices, but mandates additional security controls to protect them if they are lost or stolen. Which of the following meets this goal? Screen locks and GPS tagging, Patch management and change management, Screen locks and device encryption, Full device encryption and laaS
Screen locks and device encryption
Fencing
Securing a restricted area by erecting a barrier.
The Springfield Nuclear Power Plant has created an online application teaching nuclear physics. Only students and teachers in the Springfield Elementary school can access this application via the cloud. What type of cloud service model is this?
Software as a Service (SaaS)
Hotfix
Software that addresses a specific customer situation and often may not be distributed outside that customer's organization.
Input Validation
Verifying a user's input to an application.
Access List
A record or list of individuals who have permission to enter a secure area, the time that they entered, and the time they left the area.
Safe
A ruggedized steel box with a lock.
Locking Cabinet
A secure storage unit that can be used for storing portable devices.
Fuzz Testing (Fuzzing)
A software testing technique that deliberately provides invalid, unexpected, or random data as inputs to a computer program.
Data Loss Prevention (DLP)
A system that can identify critical data, monitor how it is being accessed, and protect it from unauthorized users.
Remove Wipe/Sanitation
A technology that can remotely erase data from a portable device and reset it to its default factory settings.
Your company has recently provided mobile devices to several employees. A security manager as expressed concerns related to data saved on these devices. Which would best address these concerns? A. Disabling the use of removable media B. Installing an application that tracks the location of the device C. Implementing a BYOD policy D. Enabling geo-tagging
A. Disabling the use of removable media
You need to monitor the security posture of several servers in your organization and keep a security admin aware of their status. Which is best to meet the goal? A. Establishing baseline reporting B. Determining attack surface C. Implementing patch management D. Enabling sandboxing
A. Establishing baseline reporting
Maggie is compiling a list of approved software for desktop OSs within a company. What is the most likely purpose of this list? A. Host software baseline B. Baseline reporting C. Application configuration baseline D. Code review
A. Host software baseline
You are preparing to deploy a new application on a virtual server. The virtual server hosts another server application that employees routinely access. Which of the following is the best method to use when deploying the new application? A. Take a snapshot of the VM before deploying the new application B. Take a snapshot of the VM after deploying the new application C. Apply blacklisting techniques on the server for the new applications D. Back up the server after installing the new application
A. Taking a snapshot of the VM before deploying the new application
One of your users, Christine, reports that when she visits web sites, pop-up advertisements appear incessantly. After further investigation, you learn one of the web sites she had visited had infected Flash code. Christine asks what the problem was. What do you tell her caused the problem? Cross-site scripting attack Worm Adware Spyware
Adware
Cross-Site Request Forgery (XSRF)
An attack that uses the user's Web browser settings to impersonate the user.
Your organization wants to ensure that employees do not install any unauthorized software on their computers. Which of the following is the BEST choice to prevent this? Master image, Application whitelisting, Anti-malware software, Antivirus software
Application whitelisting
Administrators ensure server OS are updated at least once a month with relevant patches, but they don't track other software updates. Of the following choices, which is best to mitigate risks on these servers? A. Application change management B. Application patch management C. Whole disk encryption D. Application hardening
B. Application patch management
Your organization wants to ensure that employees don't install or play OS games, such as solitaire and FreeCell, on their computers. Which is the best choice to prevent this? A. Security policy B. Application whitelisting C. Anti-malware software D. Antivirus software
B. Application whitelisting
Your organization wants to improve the security posture of internal database servers. Of the choices, what provides the best solution? A. Opening ports on a server's firewall B. Disabling unnecessary services C. Keeping systems up to date with current patches D. Keeping systems up to date with current service packs
B. Disabling unnecessary services
Key personnel in your organization have mobile devices, which store sensitive information. What can you implement to prevent data loss from these devices if a thief steals one? A. Asset tracking B. Screen lock C. Mobile device management D. Device tracking
B. Screen lock (other security controls that prevent data loss: account lockouts, full device encryption, remote wipe capabilities)
Which of the following is most likely the negative result if administrators don't implement access controls correctly on an encrypted USB hard drive? A. Data can be corrupted B. Security controls can be bypassed C. Drives can be geo-tagged D. Data is not encrypted
B. Security controls can be bypassed
An IT dept. recently had its hardware budget reduced, but the organization still expects them to maintain availability of services. Which would be best to maintain availability with reduced budget? A. Failover clusters B. Virtualization C. Bollards D. Hashing
B. Virtualization
A piece of malicious code uses dictionary attacks against computers to gain access to administrative accounts. The code then links compromised computers together for the purpose of receiving remote commands. What term best applies to this malicious code?
Botnet
Ahmid is a software developer for a high-tech company. He creates a program that connects to a chat room and waits to receive commands that will gather personal user information. Ahmid embeds this program into an AVI file for a current popular movie and shares this file on a P2P file-sharing network. Once Ahmid's program is activated as people download and watch the movie, what will be created?
Botnet
Your organization hosts a web site with a back-end database. The database stores customer data, including credit card numbers. Which of the following is the best way to protect the credit card data? A. Full database encryption B. Whole disk encryption C. Database column encryption D. File-level encryption
C. Database column encryption (also called field encryption) can encrypt the fields holding the data and not the rest
Of the following choices, which one is a cloud-computing option that allows customers to apply patched to the operating system? A. Hybrid cloud B. Software as a Service C. Infrastructure as a Service D. Private
C. Infrastructure as a Service (IaaS) cloud-computing option where the vendor provides access to a computer, but customers must manage the system, including keeping it up to date with current patches
Your company provides electrical and plumbing services o homeowners. Employees use tablets during service calls to record activity, create invoices, and accept credit card payments. Which of the following would best prevent disclosure of customer data if any of these devices are stolen or lost? A. Mobile device management B. Disabling unused features C. Remote wiping D. GPS tracking
C. Remote wiping
You are hosting an IT security meeting regarding physical server room security. A colleague, Syl, suggests adding CMOS hardening to existing server security policies. What kind of security threat is Syl referring to?
Changing the boot order
A user complains that his system has suddenly become unresponsive and ads for various products and services are popping up on the screen and cannot be closed. Which user actions could have led to this undesirable behavior? (Choose all that apply.) Clicking a web search result Viewing a web page Watching a movie in AVI file format Inserting a USB flash drive;
Clicking a web search result Viewing a web page Watching a movie in AVI file format Inserting a USB flash drive;
Management within your company wants to implement a method that will authorize employees based on several elements, including the employee's identity, location, time of day, and type of device used by the employee. Which of the following will meet this need? Geofence, Containerization, Tethering, Context-aware authentication
Context-aware authentication
Heuristic Detection
Creating a virtualized environment to simulate the central processing unit (CPU) and memory of the computer to check for the presence of a virus.
A server at your place of work has had all of its files encrypted after an attacker compromised a device on the network. Which attack has taken place? Virus Worm Crypto-malware Keylogger
Crypto-malware
Homer noticed that several generators within the nuclear power plant have been turning without user interaction. Security investigators discovered that an unauthorized file was installed and causing these generators to start at timed intervals. Further, they determined this file was installed turing a visit by external engineers. What should Homer recommend to mitigate this threat in the future? A. Create an internal CA B. Implement WPA2 Enterprise C. Implement patch management processes D. Configure the SCADA with VLAN
D. Configure the SCADA with VLAN
Management wants to ensure that employees don't print any documents that include customer PII. Which of the following solutions would meet this goal? A. HSM B. TPM C. VLAN D. DLP
D. DLP (Data Loss Prevention)
Which of the following represents a primary security concern when authorizing mobile devices on a network? A. Cost of device B. Compatibility C. Virtualization D. Data security
D. Data security
A recent risk assessment identified several problems with the servers in your organization. They occasionally reboot on their own and the operating systems don't have current security fixes. administrators have had to rebuild some servers from scratch due to mysterious problems. Which of the following will mitigate these problems? A. Virtualization B. Sandboxing C. IDS D. Patch management
D. Patch Management
You are comparing different encryption methods. Which method includes a storage root key? A. HSM B. NTFS C. VSAN D. TPM
D. TPM (Trusted Platform Module)
Bart copied an encrypted file from his desktop computer to his USB drive and discovered that the copied file isn't encrypted. He asks you what he can do to ensure files he's encrypted remain encrypted when he copies them t a USB drive. What would you recommend? A. Use file-level encryption B. Convert the USB to FAT32 C. Use whole disk encryption on the desktop computer D. Use whole disk encryption on the USB drive
D. Use whole disk encryption on the USB drive
Your company is planning on implementing a policy for users so that they can connect their mobile devices to the network. However, management wants to restrict network access for these devices. They should have Internet access and be able to access some internal servers, but management wants to ensure they don't have access to the primary network where company-owned devices operate. Which is best to meet his goal? A. WPA2 Enterprise B. VPN C. GPS D. VLAN
D. VLAN It provides network segmentation and can prevent employee-owned devices from accessing the primary network
Management within your organization wants to prevent users from copying documents to USB flash drives. Which of the following can be used to meet this goal? DLP, HSM, COPE, SED
DLP
Your organization hosts a web site with a back-end database. The database stores customer data, including credit card numbers. Which of the following is the BEST way to protect the credit card data? Full database encryption, Whole disk encryption, Database column encryption, File-level encryption
Database column encryption
You are the IT security officer for a government department. You are amending the USB security policy. Which items apply to USB security? (Choose two.) Disallow external USB drives larger than 1TB. Disable USB ports. Prevent corporate data from being copied to USB devices unless USB device encryption is enabled. Prevent corporate data from being copied to USB devices unless USB port encryption is enabled.
Disable USB ports. Prevent corporate data from being copied to USB devices unless USB device encryption is enabled.
Attackers recently attacked a web server hosted by your organization. Management has tasked administrators with configuring the servers following the principle of least functionality. Which of the following will meet this goal? Disabling unnecessary services, Installing and updating antivirus software, Identifying the baseline, Installing a NIDS
Disabling unnecessary services
Pop-Up Blocker
Either a program or a feature incorporated within a browser that stops pop-up advertisements from appearing.
Which of the following actions would not reduce the likelihood of malware infection? (Choose all that apply.) Keeping virus definitions up to date Scanning removable media Encrypting hard disk contents Using NAT-capable routers
Encrypting hard disk contents Using NAT-capable routers
Errors (Exeptions)
Faults in a program that occur while the application is running.
Management within your company wants to restrict access to the Bizz app from mobile devices. If users are within the company's property, they should be granted access. If they are not within the company's property, their access should be blocked. Which of the following answers provides the BEST solution to meet this goal? Geofencing, Geolocation, GPS tagging, Containerization
Geofencing
Which of the following are not considered serious cell phone threats? (Choose two.) Hackers with the right equipment posing as cell towers Having Bluetooth enabled Changing the boot order Ransomware
Having Bluetooth enabled Changing the boot order
Security experts want to reduce risks associated with updating critical operating systems. Which of the following will BEST meet this goal? Implement patches when they are released, Implement a change management policy, Use only trusted operating systems, Implement operating systems with secure configurations.
Implement a change management policy
Network administrators have identified what appears to be malicious traffic coming from an internal computer, but only when no one is logged on to the computer. You suspect the system is infected with malware. It periodically runs an application that attempts to connect to web sites over port 80 with Telnet. After comparing the computer with a list of applications from the master image, you verify this application is very likely the problem. What allowed you to make this determination? Least functionality Sandbox Blacklist Integrity measurements
Integrity measurements - (run against baseline master image)
Which of the following is true regarding Trojan software? It secretly gathers user information. It is self-replicating. It can be propagated through peer-to-peer file-sharing networks. It automatically spreads through Windows file- and print-sharing networks.
It can be propagated through peer-to-peer file-sharing networks.
Juanita uses the Firefox web browser on her Linux workstation. She reports that her browser home page keeps changing to web sites offering savings on consumer electronic products. Her virus scanner is running and is up to date. What is causing this problem?
Juanita's browser configuration is being changed by adware.
A user reports USB keyboard problems. You check the back of the computer to ensure the keyboard is properly connected and notice a small connector between the keyboard and the computer USB port. After investigating, you learn that this piece of hardware captures everything a user types in. What type of hardware is this?
Keylogger
Discovered in 1991, the Michelangelo virus was said to be triggered to overwrite the first 100 hard disk sectors with null data each year on March 6, the date of the Italian artist's birthday. What type of virus is Michelangelo?
Logic bomb
Security Logs
Logs that are considered the primary source of log data.
Audit Records
Logs that are the second common type of security-related operating system logs.
Event Logs
Logs that can document any unsuccessful events and the most significant successful events.
Which of the following items are affected by spyware? (Choose two.) Memory IP address Computer name Network bandwidth
Memory Network bandwidth
Which technology separates storage from the server? Router Switch NAS Wireless router
NAS (Network Attached Storage)
An organization has a critical SCADA network it is using to manage a water treatment plant for a large city. Availability of this system is important. Which of the following security controls would be MOST relevant to protect this system? DLP, TPM, EMP, NIPS
Network Intrusion Prevention System (NIPS)
You are responsible for determining what technologies will be needed in a new office space. Employees will need a single network to share data, traditional voice calls, VoIP calls, voice mailboxes, and other services such as call waiting and call transfer. What type of service provides this functionality?
PBX (Private Branch Exchange)
Which type of threat is mitigated by shredding paper documents? Rootkit Spyware Shoulder surfing Physical
Physical
What type of malware dynamically alters itself to avoid detection?
Polymorphic malware
An exploit connects to a specific TCP port and presents the invoker with an administrative command prompt. What type of attack is this?
Privilege escalation
Windows 8 User Account Control (UAC) enables users to change Windows settings but displays prompts when applications attempt to configure the operating system. Which of the following is addressed by UAC? Privilege escalation Adware Spyware Worms
Privilege escalation
Anti-Virus (AV)
Software that can examine a computer for any infections as well as monitor computer activity and scan new documents that might contain a virus.
Anti-Spyware
Software that helps prevent computers from becoming infected by different types of spyware.
Service Pack
Software that is a cumulative package of all security updates plus additional features.
What is defined as the transmission of unwelcome bulk messages?
Spam
Bayesian Filtering
Spam filtering software that analyzes the contents of every word in an email and determines how frequently a word occurs in order to determine if it is spam.
Bizzfad is planning to implement a CYOD deployment model. You're asked to provide input for the new policy. Which of the following concepts are appropriate for this policy? SCADA access, Storage segmentation, Database security, Embedded RTOS
Storage segmentation (better input? change your company's name)
Lisa does not have access to the project.doc file, but she needs access to this file for her job. Homer is the system administrator and he has identified the following permissions for the file: "rwx rw—" What should Homer use to grant Lisa read access to the file?
The chmod command
Which of the following are true regarding backdoors? (Choose two.) They are malicious code. They allow remote users access to TCP port 26. They are made accessible through rootkits. They provide access to the Windows root account.
They are malicious code. They are made accessible through rootkits.
As a Windows administrator, you configure a Windows networking service to run with a specially created account with limited rights. Why would you do this?
To prevent a hacker from receiving elevated privileges because of a compromised network service.
GPS Tracking
Using the Global Positioning System (GPS) to detect the location of a portable device.
Closed-Circuit Television (CCTV)
Using video cameras to transmit a signal to a specific and limited set of receivers used for surveillance in areas that require security monitoring.
Which of the following statements are true? (Choose two.) Worms log all typed characters to a text file. Worms propagate themselves to other systems. Worms can carry viruses. Worms infect the hard disk MBR.
Worms propagate themselves to other systems. Worms infect the hard disk MBR.
