OS Device and Foundation Chapter 13

A public library has purchased a new laptop computer to replace their older desktop computers and is concerned that they are vulnerable to theft. Which of the following laptop features should be used to physically secure the laptop?

A cable lock EXPLANATION A cable lock can be used to physically secure a laptop to deter theft. Biometric authentication does not physically secure a laptop. A multi-factor password policy does not physically secure a laptop. An external encryption device does not physically secure a laptop.

What is a cookie?

A file saved on your hard drive that tracks website preferences and use. EXPLANATION A cookie is a file saved on your hard drive that tracks website preferences and use. Many legitimate websites use cookies to remember your preferences and make the websites easier to use. However, other sites can use cookies to track personal information. Spyware is a program that runs in the background and reports internet use to servers on the internet. A Trojan horse is a malicious program that disguises itself as a useful program. Programs do not run when you simply read an email attachment. However, many malicious script programs are disguised as simple text files and can cause damage if you run the script file.

While browsing the internet, you notice that your browser displays pop-ups containing advertisements that are related to recent keyword searches you have performed. What is this an example of?

Adware EXPLANATION Adware monitors actions that denote personal preferences and then sends pop-ups and ads that match those preferences. Adware is: -Usually passive. -Invasive. -Installed on your machine when you visit a website or run an application. -Usually more annoying than harmful. A worm is a self-replicating virus. Grayware is software that might offer a legitimate service, but also includes features that you aren't aware of or features that could be used for malicious purposes. A Trojan horse is a malicious program that is disguised as legitimate or desirable software.

Which of the following security practices are the BEST example of the principle of least privilege?

All users on a Windows workstation are limited users except for one user, who is responsible for maintaining the system. EXPLANATION The principle of least privilege specifies that users should have only the degree of access to the workstation necessary for them to complete their work and no more. Making all users limited users except for those who need administrative access is an example of the principle of least privilege. The other practices listed are workstation security best practices, but are not necessarily examples of the principle of least privilege.

Bob calls and complains that he has suddenly started getting a lot of unwanted email. Which of the following is the BEST type of software to install to help solve Bob's problem?

Anti-spam EXPLANATION In computer terms, SPAM email (or junk email) is the unsolicited email users receive. One of the best ways to prevent receiving this type of email is to use anti-spam software. Anti-malware software helps protects a computer from software that is intentionally designed to cause harm or damage to your computer. Anti-virus software helps protect the infiltration and spread of malicious code that is designed to alter the way a computer operates. Anti-plagiarism software helps detect when someone has plagiarized someone else's material.

Which of the following features is supplied by WPA2 on a wireless network? (Select TWO).

Authentication Encryption EXPLANATION Wi-Fi Protected Access 2 (WPA2) provides encryption and authentication for wireless networks. MAC address filtering allows or rejects client connections based on the hardware address. The SSID is the network name or identifier. A wireless access point (called an AP or WAP) is the central connection point for wireless clients. A firewall allows or rejects packets based on packet characteristics (such as address, port, or protocol type).

Which of the following is an important aspect of evidence gathering?

Backing up all log files and audit trails EXPLANATION When gathering evidence, it is important to make backup copies of all log files and audit trails. These files will help reconstruct the events leading up to the security violation. They often include important clues as to the identity of the attacker or intruder. Users should not be granted access to compromised systems while evidence gathering is taking place. Damaged data should not be restored, and transaction logs should not be purged while evidence gathering is taking place.

What do biometrics use to authenticate identity?

Biological attributes EXPLANATION Biometrics is based on biological attributes. Biometrics is a strong form of authentication because each person has unique characteristics. When these unique characteristics are used for authentication, they are more reliable and stronger than the best passwords. For example, no two people have the exact same fingerprint or retina pattern.

Employees currently access a data center using RFID badges. The company is concerned that an unauthorized person could gain access using a lost or stolen badge. Which of the following could be implemented to increase the physical security?

Biometric locks EXPLANATION Biometric locks require a user to authenticate with a unique personal attribute such as their iris, fingerprint, or voice. Smart cards can be lost or stolen as easily as any other badge. Key fobs contain a security code that changes at predetermined intervals. Like badges, they can be lost or stolen. Tokens are the security components used in devices to provide the holder of the token the proper access level. They can be transmitted via card readers, magnetic swipes, or wireless communication. The company's current RFID badges would include these tokens.

You want a security solution that protects the entire hard drive, preventing access even when it is moved to another system. Which of the following is the BEST method for achieving your goals?

BitLocker EXPLANATION BitLocker is a Microsoft security solution that encrypts the entire contents of a hard drive, protecting all files on the disk. BitLocker uses a special key, which is required to unlock the hard disk. You cannot unlock/decrypt a drive simply by moving it to another computer. EFS is a Windows file encryption option, but only encrypts individual files. Encryption and decryption is automatic and dependent upon the file's creator and whether other uses have read permissions. A virtual private network (VPN) uses an encryption protocol (such as IPsec, PPTP, or L2TP) to establish a secure communication channel between two hosts or between one site and another site. Data that passes through the unsecured network is encrypted and protected.

A user stores sensitive data on a USB flash drive. Which of the following can be used to encrypt the data on this drive?

Bitlocker To Go EXPLANATION Bitlocker To Go can be used to encrypt a USB flash drive. A single sign-on permits a user and their programs to use their credentials to automatically log in to other sites and services. It's not used for encryption. Run as administrator is used to run an application with elevated privileges, not to encrypt data. An administrative share is used by administrators to access system drives. It's not used for encryption.

Your anti-malware software has detected a virus on your Windows 10 system. However, the anti-malware software is unable to remove it. When you try to delete the files, you can't because they are in use. Which of the following actions would be BEST to try first?

Boot into Safe Mode and try removing the malware. EXPLANATION If a malware process is running and you are unable to stop it, try booting into Safe Mode and then run the scanning software to locate and remove the malware (or delete the files manually). Safe Mode loads only the required drivers and processes. Anti-malware definition files are used to identify a virus; in this case, the anti-malware software has already detected the virus so the files are sufficiently up-to-date to detect the virus. Resetting the operating system might be necessary, but should only be tried after all other measures have failed. Sfc.exe checks and repairs system files.

You have been asked to draft a document related to evidence gathering that contains details about personnel in possession and control of evidence from the time of discovery up through the time of presentation in court. What type of document is this?

Chain of custody EXPLANATION The chain of custody is a document related to evidence gathering that contains details about personnel in possession and control of evidence from the time of discovery up through the time of presentation in court. A CPS (certificate practice statement) is a document written by a certificate authority outlining their certificate handling, management, and administration procedures. FIPS-140 is a government standard that defines procedures, hardware, and software that can be employed when performing forensic investigations of cyber crime. The rules of evidence are the restrictions that must be adhered to in order to ensure the admissibility of collected evidence.

You've just finished installing a wireless access point for a client. Which action best protects the access point from unauthorized tampering with its configuration settings?

Changing the default administrative password EXPLANATION To prevent administrative access to the access point, change the default administrator password. If you do not change the password, users can search the internet for the default password and use it to gain access to the access point and make configuration changes. Disabling SSID broadcast, disabling DHCP, and using MAC address filtering helps prevent unauthorized access to the wireless network.

Which of the following indicates that a system case cover has been removed?

Chassis intrusion detection EXPLANATION Chassis intrusion detection helps you identify when a system case has been opened. When the case cover is removed, an alert is recorded in the BIOS. A BIOS password controls access to the system. If set, the administrator (or supervisor or setup) password is required to enter the CMOS program to make changes to BIOS settings. A Trusted Platform Module (TPM) is a special chip on the motherboard that generates and stores cryptographic keys to verify that the hardware has not changed. This value can be used to prevent the system from booting if the hardware has changed. DriveLock is a disk encryption solution.

Following your Windows installation, you enabled the built-in Administrator account. You remove the password for this account. You enable Remote Desktop on your computer using the default settings. From home, you try to access your computer using Remote Desktop using the Administrator account, but you are unable to log on. Which of the following MUST be completed before you can access your computer using Remote Desktop?

Configure a password for the Administrator account. EXPLANATION When you access shared folders or Remote Desktop on a network computer, the user account must be configured with a password. User accounts with blank passwords cannot be used to gain network access to a computer. By default, members of the Administrators group are allowed Remote Desktop access. To allow non-administrators access, add them to the list of authorized users for Remote Desktop. The user accounts you specify are made members of the Remote Desktop Users group. Accounts are locked automatically through the account lockout settings when too many incorrect passwords have been entered. Fast user switching is only configurable on Windows XP and does not affect users' ability to log on with Remote Desktop.

You want to configure your computer so that a password is required before the operating system will load. What should you do?

Configure a user password in the BIOS/UEFI. EXPLANATION Configuring a user password in the BIOS/UEFI requires that a valid password is entered before the operating system will load. When an administrative password is set, it must be entered in order to access the firmware setup program. Chassis intrusion detection helps you identify when a system case has been opened. Password settings in the local security policy control passwords associated with user accounts that are configured within the operating system. These passwords are used after the system loads the operating system, not before.

Jose, a medical doctor, has a mobile device that contains sensitive patient information. He is concerned about unauthorized access to the data if the device is lost or stolen. Which of the following is the BEST option to prevent this from happening?

Configure the device to remote wipe as soon as it reported lost. EXPLANATION Mobile devices can be configured to be perform a factory reset or wipe when the device is reported lost or stolen. This is the BEST of the presented options. Configuring the device for multifactor authentication will make it harder to hack, but is not the best solution presented. Installing a locator application on the device makes it possible to trace, but is not the best solution presented. Configuring the device to wipe after a number of failed login attempts is a good solution, but not the best solution presented.

Joe, a bookkeeper, works in a cubicle environment and is often called away from his desk. Joe doesn't want to sign out of his computer each time he leaves. Which of the following are the BEST solutions for securing Joe's workstation? (Select TWO).

Configure the screen lock to be applied after short period of nonuse. Configure the screen saver to require a password. EXPLANATION The BEST solution is to configure the screen saver or screen lock to be applied after a short period of nonuse and to require a password to return to the desktop. Setting a strong password is a best practice, but is not the best solution in this scenario. Applying multifactor authentication will make it harder to hack the workstation, but is not the best solution in this scenario. Change the default account names and passwords will make the workstation more secure, but is not the best solution in this scenario.

You work for a company that offers their services through the internet. Therefore, it is critical that your website performs well. As a member of the IT technician staff, you receive a call from a fellow employee who informs you that customers are complaining that they can't access your website. After doing a little research, you have determined that you are a victim of a denial of service attack. As a first responder, which of the following is the next BEST step to perform?

Contain the issue. EXPLANATION You have already identified the issue, so the next step is to take actions to stop the attack and contain the damage. Although it is important to preserve as much information as possible to assist in later investigations, it might be better to stop the attack, even if doing so alerts the attacker or results in the loss of evidence regarding the attack. After the attack is contained, the forensic team should be contacted to investigate, eradicate the issue, and perform other tasks to bring this incident to a close.

Which of the following functions are performed by the TPM?

Create a hash based on installed system components. EXPLANATION A Trusted Platform Module (TPM) is a hardware cryptoprocessor that resides on the motherboard that stores and generates cryptographic keys. Using these keys, the TPM can generate a hash value based on the components installed in the system. The hash value can be used to verify that system components have not been modified when the system boots. Because each system will have a unique hash value, the hash can also be used as a form of identification for the system. Keys generated by the TPM can be used for encryption and authentication, but the TPM does not perform the actual encryption.

Which of the following measures will make your wireless network less visible to the casual attacker?

Disable SSID broadcast EXPLANATION Wireless access points are transceivers which transmit and receive radio signals on a wireless network. Each access point has a service set ID (SSID) which identifies the wireless network. By default, access points broadcast the SSID to announce their presence and make it easy for clients to find and connect to the wireless network. You can turn off the SSID broadcast to keep a wireless 802.11 network from being automatically discovered. When SSID broadcasting is turned off, users must know the SSID to connect to the wireless network. This helps to prevent casual attackers from connecting to the network, but any serious hacker with the right tools can still connect to the wireless network. Using authentication with WPA2 helps prevent attackers from connecting to your wireless network, but does not hide the network. Changing the default SSID to a different value does not disable the SSID broadcast. Implementing MAC address filtering prevents unauthorized hosts from connecting to your WAP, but it doesn't disable the SSID broadcast.

You just bought a new notebook. This system uses UEFI firmware and came with Windows 10 preinstalled. However, you want to use Linux on this system. You download your favorite distribution and install it on the system, removing all Windows partitions on the hard disk in the process. When the installation is complete, you find that the operating system won't load when the system is rebooted. Which of the following would allow your computer to boot to Linux?

Disable SecureBoot in the UEFI configuration. EXPLANATION You should disable the SecureBoot option in the UEFI configuration. SecureBoot requires the operating system installed on the hard drive to be digitally signed. If it isn't digitally signed, then the UEFI firmware will not boot it by default. Reinstalling Windows 10 doesn't meet the requirements of the scenario. If SecureBoot is already enabled, then the TPM chip on the motherboard must already be enabled. The boot order configuration is not preventing the system from booting in this scenario.

Employees in a small business have a habit of transferring files between computers using a USB flash drive and often bring in files from outside the company. Recently, a computer was infected with malware from a USB flash drive even though the employee did not access any files. Which of the following options would prevent this issue in the future?

Disable autorun. EXPLANATION Disabling autorun would prevent the malware from installing when the flash drive was attached. Setting strong passwords is a best practice, but would not prevent the malware on a flash drive from installing. BitLocker is used to encrypt drives and will not prevent malware on a flash drive from installing. Configure screen savers to require a password is a best practice, but would not prevent the malware on a flash drive from installing.

One of the Windows workstations you manage has four user accounts defined on it. Two of the users are limited users while the third (your account) is an administrative user. The fourth account is the Guest user account, which has been enabled to allow management employees convenient workstation access. Each limited and administrative user has been assigned a strong password. File and folder permissions have been assigned to prevent users from accessing each other's files. Autorun has been disabled on the system. Which of the following actions is MOST likely to increase the security of this system?

Disable the Guest account. EXPLANATION The Guest user account has no password and provides too much access to the system. Unless you have an overriding reason to do so, the Guest user account should remain disabled. Changing your administrative user account to a limited user would prevent you from completing management tasks on the workstation. Changing the two limited user accounts to administrative users would decrease the security of the system as would enabling autorun functionality.

Your client has hired you to evaluate their wired network security posture. As you tour their facility, you note the following: Server systems are kept in a locked server room. User accounts on desktop systems have strong passwords assigned. A locked door is used to control access to the work area. Users must use ID badges to enter the area. Users connect their personal mobile devices to their computers using USB cables. Users work in three 8-hour shifts per day. Each computer is shared by three users. Each user has a limited account on the computer they use. Based on this information, which of the following would you MOST likely recommend your client do to increase security?

Disable the USB ports on user's workstations. EXPLANATION Users connecting their personal mobile devices to their computers using USB cables represents a significant security risk. Malware could be spread throughout the network. They could also copy sensitive information from the network to the device. Disabling all USB ports on all workstations will prevent this from happening. You should configure the BIOS/UEFI firmware with a password to prevent users from re-enabling the ports. Moving the server to an empty cubicle and assigning simple passwords will decrease the overall security of the network. It isn't necessary for each employee to have their own dedicated computer system.

You are a security consultant and have been hired to evaluate an organization's physical security practices. All employees must pass through a locked door to enter the main work area. Access is restricted using a smart card reader. Network jacks are provided in the reception area such that employees and vendors can access the company network for work-related purposes. Users within the secured work area have been trained to lock their workstations if they will be leaving them for any period of time. Which of the following recommendations would you MOST likely make to this organization to increase their security?

Disable the switch ports connected to the network jacks in the reception area. EXPLANATION You should recommend the company disable the switch ports connected to the network jacks in the reception area. Having active network jacks in an unsecured area allows anyone who comes into the building to connect to the company's network. Smart card readers are generally considered more secure than key code locks because access codes can be easily shared or observed. Training users to lock their workstations is more secure than screensaver passwords, although this may be a good idea as a safeguard in case a user forgets.

A technician was able to stop a security attack on a user's computer. When conducting a forensic investigation, which of the following actions should be performed FIRST?

Document what's on the screen EXPLANATION Preserving evidence while conducting a forensic investigation is a trade-off. Any attempt to collect evidence may actually destroy the very data needed to identify an attack or attacker. Of the choices given, documenting what's on the screen is the least intrusive and the least likely to destroy critical evidence. Halting, disassembling, or stopping running processes may erase evidence.

A technician upgrades the hard drive on a computer in the accounting department and decides to donate the old drive to a local trade school. Which of the following is the BEST method to ensure that the accounting data can't be recovered?

Drive wipe EXPLANATION Drive wipe is a software-based method of overwriting the actual data that makes up files on the hard drive. The overwriting process is performed multiple times to remove the magnetic traces of previous data. The drive remains usable after a disk wipe. A standard format removes only the reference to files and does not remove the actual data that made up the files. Software tools can easily recover this data. Degaussing a disk removes the data, but also removes lower-level formatting making the disk unusable for the local trade school. Like a standard format, data from a disk that is repartitioned using diskpart can be recovered.

A technician wants to destroy the data on a hard drive and repurpose it as a spare drive. Which of the following data destruction methods allow the reuse of the hard drive?

Drive wipe EXPLANATION Drive wipe is a software-based method of overwriting the actual data that makes up files on the hard drive. The overwriting process is performed multiple times to remove the magnetic traces of previous data. The drive remains usable after a disk wipe. Incineration completely destroys both the data and the physical hard drive. Degaussing destroys the data on a hard drive, but also removes the low-level formatting. Degaussing can also destroy the electronic hardware in the drive. In either case, the drive will be unusable. Shredding completely destroys both the data and the physical hard drive.

Which type of biometric authentication uses the ridges of your skin?

Fingerprint EXPLANATION Fingerprint biometrics use the ridges of your skin, which are known as ridge minutiae. Retina scans use blood vein patters, facial scans use a facial pattern, and keystroke dynamics use a behavioral system.

Which of the following security solutions would prevent a user from reading a file which she did not create?

EFS EXPLANATION EFS is a Windows file encryption option that encrypts individual files so that only the user who created the file can open it. Decryption is automatic when the file owner opens it. Other users cannot open the encrypted file unless specifically authorized. BitLocker is a Microsoft security solution which encrypts the entire contents of a hard drive, protecting all files on the disk. BitLocker uses a special key which is required to unlock the hard disk. You cannot unlock/decrypt a drive simply by moving it to another computer. A virtual private network (VPN) uses an encryption protocol (such as IPSec, PPTP, or L2TP) to establish a secure communication channel between two hosts, or between one site and another site. Data that passes through the unsecured network is encrypted and protected.

A user has a file that contains sensitive data. Which of the following can be used to encrypt a single file?

EFS EXPLANATION Encrypting File Server (EFS) is a Windows feature that can be used to encrypt a single file or multiple files and folders. BitLocker is a Windows feature that encrypts an entire disk. A single sign-on permits a user and their programs to use their credentials to automatically log in to other sites and services; it's not used for encryption. An administrative share is used by administrators to access system drives; it's not used for encryption.

Which of the following security measures is a form of biometrics?

Fingerprint scanner EXPLANATION A fingerprint scanner is a type of biometrics. The fingerprint scanner uses the ridges of your skin known as ridge minutiae. A Trusted Platform Module (TPM) is a special chip on the motherboard that generates and stores cryptographic keys to verify that the hardware has not changed. This value can be used to prevent the system from booting if the hardware has changed. Chassis intrusion detection helps you identify when a system case has been opened. A BIOS password controls access to the BIOS setup program.

Your organization is frequently visited by sales reps. While on-site, they frequently plug their notebook systems into any available wall jack, hoping to get internet connectivity. You are concerned that allowing them to do this could result in the spread of malware throughout your network. Which of the following would BEST protect you from guest malware infection? (Select TWO).

Implement static IP addressing. Implement MAC address filtering. EXPLANATION You should consider enabling MAC address filtering. MAC filtering is configured on your network switches and is used to restrict network access to only systems with specific MAC addresses. You could also consider assigning static IP addresses to your network hosts. By not using DHCP, visitor laptops connected to a wired Ethernet jack won't receive a valid IP address and won't be able to communicate with other hosts on your network. Implementing SNMP traps, port analysis, or a NAT router will not prevent visitors from connecting to your network.

You have implemented a regular backup schedule for a Windows system, backing up data files every night and creating a system image backup once a week. For security reasons, your company has decided to not store a redundant copy of the backup media at an offsite location. Where would be the next best place to keep your backup media?

In a locked fireproof safe. EXPLANATION If you can't store backup tapes at an offsite location, you should make sure that the backup tapes are locked up (for security), and that measures are taken to protect the tapes from a disaster (such as a fire). Strategies such as locking the tapes in a different room, keeping them on a shelf, or storing them in a drawer do not address both concerns.

You provide desktop support at the branch office of a bank. One of the Windows workstations you manage is used to set up new customer accounts and fill out customer loan applications. Each user account on the system has been assigned a strong password. File and folder permissions have been assigned to prevent users from accessing each other's files. Which of the following would MOST likely increase the security of this system? (Select TWO. Each option is a complete solution.)

Install a privacy filter on the monitor. Secure the computer system to the desk with a cable lock. EXPLANATION Because this system is used in close proximity to customers, you should install a privacy filter on the monitor. The privacy filter prevents customers from viewing sensitive information displayed on the monitor (such as usernames, passwords, and account numbers). You should also secure this system to the desk with a cable lock. Securing the computer to the desk prevents a malicious person from stealing the computer and all of the sensitive information it contains. Enabling the Guest user account would decrease the security of the system as would assigning simple passwords to user accounts and making all users members of the Administrators group.

You have recently had an issue where a user's Windows computer was infected with a virus. After removing the virus from the computer, which of the following is the NEXT step you should take?

Install all OS updates. EXPLANATION After an infected computer has been remediated successfully, the next step in the best practice procedures for malware removal states that you should ensure that all OS updates are installed and that regular virus scans are scheduled. Following that action, you should enable system restore, create a new restore point, and educate end users on better practices.

You have installed anti-malware software that checks for viruses in e-mail attachments. You configure the software to quarantine any files with problems. You receive an email with an important attachment, but the attachment is not there. Instead, you see a message that the file has been quarantined by the anti-malware software. Which of the following BEST describes what happened to the file?

It has been moved to a folder on your computer. EXPLANATION Quarantine moves the infected file to a secure folder, where it cannot be opened or run normally. By configuring the software to quarantine any problem files, you can view, scan, and try to repair those files. Quarantine does not automatically repair files. Deleting a file is one possible action to take, but this action removes the file from your system.

Which of the following best describes spyware?

It monitors the actions you take on your machine and sends the information back to its originating source. EXPLANATION Spyware monitors the actions you take on your machine and sends the information back to its originating source. Adware monitors the actions of the user that would denote their personal preferences and then sends pop-ups and ads to the user that match their tastes. A virus is a program that attempts to damage a computer system and replicate itself to other computer systems. A Trojan horse is a malicious program that is disguised as legitimate software.

An employee working from home accesses the company network using a VPN connection. When connecting, the employee is prompted for a PIN that changes at predetermined intervals. Which of the following will the employee MOST likely use to obtain the PIN?

Key fob EXPLANATION A key fob can be issued to the employee that presents a security code or PIN that changes at predetermined intervals. This PIN is synchronized to the master security system and provides authentication to initialize the VPN connection. Security personnel can grant access to a physical area using entry control roster. Only people on the roster will be granted access. It does not provide a PIN. When presented to a reader, an RFID badge can transmit a security token. Normally, this token is static and does not change. A fingerprint reader can be used for authentication, but does not normally provide a PIN.

Which of the following protocols establish a secure connection and encrypt data for a VPN? (Select THREE).

L2TP IPSec PPTP EXPLANATION A virtual private network (VPN) uses an encryption protocol (such as IPSec, PPTP, or L2TP) to establish a secure communication channel between two hosts, or between one site and another site. Data that passes through the unsecured network is encrypted and protected. The Remote Desktop Protocol (RDP) is used by Windows Terminal Services based applications, including Remote Desktop. FTP is used for transferring files and will not establish a secure connection.

What are the most common means of virus distribution? (Select TWO).

Malicious websites Email EXPLANATION Email is the most common means of virus distribution. Often, viruses will employ self-contained SMTP servers to facilitate self-replication and distribution over the internet. Viruses are able to spread quickly and broadly by exploiting the communication infrastructure of internet email. Malicious websites are also frequently used for virus distribution. For this reason, it is important to keep your anti-virus software updated so as to block any possible attempt of viruses to infect your systems or to spread to other systems from your system. Downloaded music files and commercial software CDs all have the potential to spread viruses, but they are not as commonly employed.

While reviewing video files from your organization's security cameras, you notice a suspicious person using piggy-backing to gain access to your building. The individual in question did not have a security badge. Which of the following would you MOST likely implement to keep this from happening in the future?

Mantraps EXPLANATION You could implement mantraps at each entrance to the facility. A mantrap is a specialized entrance with two doors that creates a security buffer zone between two areas. Once a person enters into the space between the doors, both doors are locked. To enter the facility, authentication must be provided. If authentication is not provided, the intruder is kept in the mantrap until authorities arrive. Cable locks are used to secure computer hardware. Lo-jack recovery services are used to locate stolen or misplaced computer hardware. Door locks with card readers were already circumvented in this scenario using the piggy-backing technique.

A malicious person calls an employee from a cell phone. She tells the employee that she is the vice president over the accounting department in the employee's company. She relates that she has forgotten her password and demands that the employee give her his password so that she can access the reports she needs for an upcoming presentation. She threatens to fire the employee if he does not comply. Which of the following BEST describes the type of attack that just occurred?

Masquerading EXPLANATION A masquerading attack has occurred. Masquerading involves an attacker convincing authorized personnel to grant them access to protected information by pretending to be someone who is authorized and/or requires that access. Usually, the attacker poses as a member of senior management. A sense of urgency is typically fabricated to motivate the user to act quickly.

You are configuring the local security policy of a Windows system. You want to prevent users from reusing old passwords. You also want to force them to use a new password for at least five days before changing it again. Which of the following policies are BEST to configure? (Select TWO).

Minimum password age Enforce password history EXPLANATION Set the Enforce password history policy to prevent users from reusing old passwords. Set the Minimum password age policy to prevent users from changing passwords too soon. Passwords must remain the same for at least the time period specified. Use the Maximum password age policy to force periodic changes to the password. After the maximum password age has been reached, the user must change the password. Use the Password complexity to require that passwords include letters, numbers, and symbols. This makes it harder for hackers to guess or crack passwords. Minimum password length determines how how many characters must be in the password.

A user within your organization received an email relating how an account containing a large sum of money has been frozen by the government of a small African nation. The user was offered a 25 percent share of this account if she would help the sender transfer it to a bank in the United States. The user responded to the sender and was instructed to send her bank account number so that it could be used to facilitate the transfer. She complied, and then the sender used the information to drain her bank account. What type of attack occurred?

Phishing EXPLANATION A phishing attack has occurred in this scenario. This particular attack is sometimes referred to as a Nigerian 419 attack and is very common. Piggybacking occurs when an unauthorized person follows behind an authorized person to enter a secured building or area within a building. Piggybacking is also sometimes called tailgating. Eavesdropping refers to an unauthorized person listening to conversations of employees or other authorized personnel discussing sensitive topics. A man-in-the-middle attack is a technological attack where a malicious person intercepts network communications between two hosts, posing as the sender to the receiver and as the receiver to the sender.

You are configuring the local security policy of a Windows system. You want to require users to create passwords that are at least 10 characters long. You also want to prevent logon after three unsuccessful logon attempts. Which of the following policies are BEST to configure? (Select TWO).

Minimum password length Account lockout threshold EXPLANATION Set the Minimum password length policy to require a password equal to or longer than the specified length. Set the Account lockout threshold policy to lock an account after the specified number of incorrect logon attempts. Incorrect policy choices for this scenario include Enforce password history requires users to input a unique (previously unused) password when changing the password. This prevents users from reusing previous passwords. Maximum password age forces users to change the password after the specified time interval. Password complexity prevents using passwords that are easy to guess or easy to crack. It forces passwords to include letters, symbols, and numbers, and also requires passwords of at least 7 characters. However, you cannot configure a longer password length requirement with this policy. Account lockout duration determines the length of time the account will be disabled (in minutes). When the time period expires, the account will be unlocked automatically.

What is the least secure place to locate an omnidirectional access point when creating a wireless network?

Near a window EXPLANATION The least secure location for an omnidirectional wireless access point is against a perimeter wall. So, placement near a window would be the worst option from this list of selections. For the best security, omnidirectional wireless access points should be located in the center of the building. This will reduce the likelihood that the wireless network's access radius will extend outside of the physical borders of your environment. It is important to place wireless access points where they are needed, such as in a common or community work area.

A technician assists Joe, an employee in the sales department who needs access to the client database, by granting him administrator privileges. Later, Joe discovers he has access to the salaries in the payroll database. Which of the following security practices was violated?

Principle of least privilege EXPLANATION The technician violated the principle of least privilege, the practice of limiting access rights for users to the bare minimum permissions they need to perform their work. Strong passwords are recommended to prevent unauthorized access, but in this scenario, the database is not password-protected. Multifactor authentication is the process of authenticating a user by validating two or more claims presented by the user, each from a different category, such as a password and the possession of a mobile phone, or a password and a fingerprint. Security personnel can grant access to a physical area using the entry control roster. A database is not normally protected by physical security.

The chain of custody is used for what purposes?

Retaining evidence integrity by identifying people coming into contact with evidence EXPLANATION The chain of custody is used to track the people who came in contact with evidence. The chain of custody starts at the moment evidence is discovered. It lists the identity of the person who discovered, logged, gathered, protected, transported, stored, and presented the evidence. The chain of custody helps to insure the admissibility of evidence in court.

Several users have forwarded you an email stating that your company's health insurance provider has just launched a new website for all employees. To access the site, they are told to click a link in the email and provide their personal information. Upon investigation, you discover that your company's health insurance provider did not send this email. Which of the following BEST describes the type of attack that just occurred?

Phishing EXPLANATION A phishing attack has occurred. In a phishing attack, a spoofed email containing a link to a fake website is used to trick users into revealing sensitive information, such as a username, password, bank account number, or credit card number. Both the email and the website used in the attack appear to be legitimate on the surface. Piggybacking occurs when an unauthorized person follows an authorized person to enter a secured building or area within a building. Piggybacking is also sometimes called tailgating. A denial of service (DoS) attack involves using network mechanisms to flood a particular host with so many bogus requests that it can no longer respond to legitimate network requests. A Smurf attack is a distributed type of DoS attack that inserts a target system's IP address for the source address of ICMP echo request packets, causing a flood of ICMP echo response packets to be sent to a victim system.

Joe, a user, receives an email from a popular video streaming website. The email urges him to renew his membership. The message appears official, but Joe has never had a membership before. When Joe looks closer, he discovers that a hyperlink in the email points to a suspicious URL. Which of the following security threats does this describe?

Phishing EXPLANATION Phishing is an attempt to trick a user into compromising personal information or downloading malware. Most often, it involves an email containing a malicious attachment or hyperlink. A man-in-the-middle (MITM) attack intercepts communications between two systems and alters the message before sending it on to the original recipient. A zero-day attack is an exploit of an operating system or software vulnerability that is unknown and unpatched by the author. A Trojan horse, or Trojan, is a type of malware that is often disguised as legitimate software.

Which of the following is a form of attack that tricks victims into providing confidential information, such as identity information or logon credentials, through emails or websites that impersonate an online entity that the victim trusts, such as a financial institution or well-known e-commerce site?

Phishing EXPLANATION Phishing tricks victims into providing confidential information, such as identity information or logon credentials, through emails or websites that impersonate an online entity that the victim trusts, such as a financial institution or well-known e-commerce site. Phishing is a specific form of social engineering. A fraggle attack uses spoofed UDP packets to flood a victim with echo requests using a bounce network, much like a Smurf attack. Session hijacking takes over a logon session from a legitimate client, impersonating the user and taking advantage of their established communication link.

You have purchased new computers and will be disposing of your old computers. These computers were previously used for storing highly-sensitive customer order information, including credit card numbers. To properly protect the accidental discovery of the company's sensitive information, which of the following steps MUST be completed prior to getting rid of the computers?

Physically destroy the hard drives with a hammer. EXPLANATION Because the hard drives contained very sensitive information (such as credit card numbers), the best solution in this scenario is to physically destroy the drives. For example, they could be rendered useless with a hammer or hard disk shredder. Reinstalling Windows, repartitioning the drives, or even reformatting them will not remove all data remnants. Deleting data and applications from the hard drives also will not permanently remove data from the system.

Which of the following is not a form of biometrics?

Smart card EXPLANATION A smart card is used in token-based authentication, so it is not a form of biometrics. Biometrics rely on personal characteristics (such as fingerprints, facial recognition, or a retina scan) to prove identity. A smart card is an example of the something you have authentication factor.

During an airline flight, a laptop user makes last-minute changes to a presentation that contains sensitive company information. Which of the following would make it difficult for other passengers to view this information on the laptop display?

Privacy Filter EXPLANATION A privacy filter narrows the viewing angle of the laptop display so that only the person directly in front can see the display. A cable lock can be used to secure valuable items that can be easily removed from the workplace, like laptops. It would do nothing to prevent others from viewing the laptop display. Smart cards can provide authentication, but do nothing to prevent others from viewing the laptop display. A mantrap is used to control access between two areas that have different security levels. It helps prevent tailgating by requiring that the entry into the mantrap from one area close before entry to the second area is possible.

Match each security policy on the left with the appropriate description on the right. Each security policy may be used once, more than once, or not at all.

Provides a high-level overview of the organization's security program. Organizational Security Policy Defines an employee's rights to use company property. Acceptable Use Policy Identifies the requirements for credentials used to authenticate to company-owned systems. Password Policy Identifies a set of rules or standards that define personal behaviors. Code of Ethics Sets expectations for user privacy when using company resources. Acceptable Use Policy Specifies that user accounts should be locked after a certain number of failed login attempts. Password Policy EXPLANATION An Organizational Security Policy is a high-level overview of the organization's security program. An Acceptable use Policy (AUP) defines an employee's rights to use company property. The AUP should also set expectations for user privacy when using company resources. Password Policy identifies the requirements for passwords used to authenticate to company-owned systems. For example, this policy may specify that user accounts should be disabled or locked out after a certain number of failed login attempts.

A user reports that his machine will no longer boot properly. After asking several questions to determine the problem, you suspect the user unknowingly downloaded malware from the internet, and that the malware corrupted the boot block. Based on your suspicions, which of the following actions would you MOST likely take to correct the problem? (Select TWO.)

Reimage the machine. Boot from the Windows installation DVD and use the Recovery Environment to run a startup repair. EXPLANATION From the Recovery Environment, run a startup repair operation. If you have an existing image of the computer, you could also reimage the system. However, all data and applications added to the system since the image was created will be lost. Reimaging the system will typically get Windows back up and running on the computer more quickly than manually re-installing the operating system. User training is a preventative measure against malware infections; however, the training will not repair the current damage. Sfc.exe scans every system file in the operating system for altered files, but does not scan the master boot record or the volume boot record. Since the machine no longer boots properly, booting into Safe Mode is not an option in this scenario.

Which of the following is the process of fixing problems detected by anti-virus software so that the computer is restored to its original state?

Remediation EXPLANATION Remediation is the process of correcting any problems that are found. Most antivirus software remediates problems automatically or semi-automatically (you are prompted to identify the action to take). Quarantine is the process of moving an infected file or computer to a safe location so that the problem cannot affect or spread to other files or computers. Isolation is one method of performing quarantine. Scanning is the process of checking a system for infected files.

You have purchased a used computer from a computer liquidator. When you boot the computer, you find that there has been a password set on the BIOS. You need to clear the password so that you can edit the CMOS settings. What should you do?

Remove the motherboard battery for a few seconds. EXPLANATION You can clear the BIOS password by removing the motherboard battery for few seconds or, on older systems, by setting a motherboard jumper. Flashing the BIOS probably will not remove the password.

You provide desktop support at the branch office of a bank. One of the Windows workstations you manage is used by a bank employee to set up new customer accounts and fill out customer loan applications. Each user account on the system has been assigned a strong password. A cable lock has been installed to prevent it from being stolen. Which of the following steps could be completed to BEST increase the security of this system? (Select TWO).

Remove the optical drive Disable all USB ports in the BIOS/UEFI firmware configuration EXPLANATION Because this system is used in a public are in close proximity to customers, you should disable all USB ports in the BIOS/UEFI firmware configuration and also remove the optical drive if it is capable of burning optical discs. This will help prevent data from being stolen from the system if it is left unattended. Because this system is used by bank personnel to service customers, it really can't be locked in a separate room. Likewise, disconnecting from the network or disabling its network jack would also make it unable to perform its required function.

You have a computer that runs Windows 10. Where would you go to verify that the system has recognized the anti-malware software installed on the system?

Security and Maintenance EXPLANATION Use Security and Maintenance in Control Panel to check the current security status of your computer. Security and Maintenance displays whether you have anti-malware, firewall, and automatic updates configured. Use the firewall to open and close firewall ports. Use System to perform tasks such as viewing system information and enabling Remote Desktop. Use the Network and Sharing Center to view the status of your network connections.

Which of the following are common forms of social engineering attacks?

Sending hoax virus information emails. EXPLANATION Hoax virus information emails are a form of social engineering attack. This type of attack preys on email recipients who are fearful and will believe most information if it is presented in a professional manner. The victims of these attacks usually fail to double-check the information or instructions with a reputable third party anti-virus software vendor before implementing the recommendations. Usually, these hoax messages instruct the reader to delete key system files or download Trojan horses. Social engineering relies on the trusting nature of individuals to take an action or allow unauthorized action.

Anna, a home office user, employs a technician to check the security on a computer that was hacked. The technician discovers that the user's password is the name of Anna's dog and hasn't been changed in over a year. Which of the following security best practices should the technician recommend? (Select TWO).

Set a password expiration period. Require a strong password. EXPLANATION Strong passwords are harder to hack, and they should be changed frequently. Screen saver passwords may not be needed in a home office environment. Restricting user permissions for Ann will not increase security. Setting a lower number of password attempts may not be warranted in a home office environment.

One of the Windows workstations you manage has three user accounts defined on it. Two of the users are limited users while the third (your account) is an administrative user. Each limited and administrative user has been assigned a strong password. File and folder permissions have been assigned to prevent users from accessing each other's files. Which of the following would MOST likely increase the security of this system? (Select TWO).

Set a screensaver password. Disable autorun on the system. EXPLANATION You could increase the overall security of this system by disabling autorun on the system and setting a screensaver password. Enabling the Guest user account would decrease the security of the system, as would assigning simple passwords to user accounts. There's no such thing as a restricted user on Windows operating systems.

A user is trying to log into her notebook computer. She enters the correct password for her user account, but the system won't let her authenticate, claiming the wrong password has been entered. Which of the following is MOST likely causing the problem?

She has enabled Num Lock, causing numbers to be sent from the keyboard instead of letters. EXPLANATION The most likely cause of this user's problem is that the Num Lock key sequence for the notebook system has been pressed causing the keyboard to send numbers in the place of letters. Turning Num Lock off should fix the problem.

Which of the following are examples of social engineering? (Select TWO).

Shoulder surfing Dumpster diving EXPLANATION Social Engineering leverages human nature. Internal employees are often the target of trickery, and false trust can quickly lead to a serious breach of information security. Shoulder surfing and dumpster diving are examples of social engineering. Shoulder surfing is the act of looking over an authorized user's shoulder in hopes of obtaining an access code or credentials. Dumpster diving involves searching through trash or other discarded items to obtain credentials or information that may facilitate further attacks. These low-tech attack methods are often the first course of action that a hacker pursues. Port scanning and war dialing are technical attacks that seek to take advantage of vulnerabilities in systems or networks. Brute force password-cracking software tries to identify a password by trying every possible letter, number, and symbol combination until the correct one is found.

While organizing a storage cabinet, a technician discovers a box of hard drives that are incompatible with current hardware and may contain sensitive data. Which of the following is the BEST method for disposing of these drives?

Shredding EXPLANATION A physical method of destroying the hard drives is best. This includes shredding, drilling, pulverizing, degaussing, and incinerating. If not done repeatedly, overwriting may leave recoverable data on the disk. Formatting will leave recoverable data on the disk. Partitioning will leave recoverable data on the disk.

You have a set of DVD-RW discs that have been used to archive files for your latest development project. You need to dispose of the discs. Which of the following methods should you use to BEST prevent extracting data from the discs?

Shredding EXPLANATION To completely prevent reading data from discs, destroy them using a DVD shredder or crushing. Degaussing only works for magnetic media such as floppy and hard disk drives. Simply deleting data offers little protection. Overwriting the data multiple times is not efficient in this scenario as the discs can simply be destroyed.

A security technician is conducting a forensic analysis. Which of the following actions is MOST likely to destroy critical evidence?

Shutting down the system EXPLANATION Shutting down or rebooting a compromised system will erase the memory contents. An attacker may load and run a memory-resident program and immediately erase it from the disk. Shutting down or rebooting the system will destroy all evidence of the malicious program.

Which of the following security technologies stores identification information in a magnetic strip, radio frequency transmitter, or hardware contact to authorize access to a computer? Key fob

Smart card EXPLANATION A smart card contains identification information stored on a magnetic strip, radio frequency transmitter, or hardware contact that allow it to interact with a smart card reader to authorize access. The reader uses information on the card to allow or deny access. A biometric is a physical characteristic of a human that can be scanned to control access. A key fob can be used for accessing an automobile, but is not used for computer access. An ID badge can be just a picture with a name on it and may or may not also be a smart card. In Windows, the Local Security Policy is a collection of settings that control how the system behaves. The SSID is the name of a wireless network.

Joe, an executive, receives an email that appears to be from the financial institution that provides his company credit card. The text of the email includes Joe's name and the company name and states that there is a problem with Joe's credit card. The email provides a link to verify the credit card, but when Joe hovers over the link, he thinks the web address seems strange. Which of the following BEST describes this type of attack?

Social engineering EXPLANATION Social engineering is the use of deception to manipulate individuals into sharing confidential or personal information that can be used for unlawful purposes. A zero-day attack is an exploit of an operating system or software vulnerability that is unknown and unpatched by the author. Brute force can be used to crack a username, password, or other authentication using trial and error, usually by trying all possibly permutations. A man-in-the-middle (MITM) attack intercepts communications between two systems and alters the message before sending it on to the original recipient.

Which type of malicious activity can be described as numerous unwanted and unsolicited email messages sent to a wide range of victims?

Spamming EXPLANATION Spamming is a type of malicious activity in which numerous unwanted and unsolicited email messages are sent to a wide range of victims. Spam itself may or may not be malicious in nature. Unfortunately, spam accounts for 40 to 60 percent of the email traffic on the internet. Most of this activity is unsolicited.

A security incident is currently occurring on the company network. You discover that the attack involves a computer system that is attached to the network. You're unsure what kind of damage is being done to the network systems or data. Which of the following actions should you take FIRST?

Stop the attack and contain the damage by disconnecting the system from the network. EXPLANATION The first step in responding to an incident should be to take actions to stop the attack and contain the damage. If the attack involves a computer system attached to the network, the first step might be to disconnect it from the network. Although you want to preserve as much information as possible to assist in later investigations, it is better to stop the attack, even if doing so alerts the attacker or results in the loss of evidence regarding the attack. After containing the damage, subsequent steps you can take include, but are not limited to, the following: Examine the active computer system to analyze the live network connection, memory contents, and running programs. Document and photograph the entire scene of the crime, including the current state of the attached computer system. Determine whether you have the expertise to conduct an investigation, or whether you need to call in additional help.

A VPN is used primary for what purpose?

Support secured communications over an untrusted network EXPLANATION A VPN (Virtual Private Network) is used primarily to support secured communications over an untrusted network. A VPN can be used over a local area network, across a WAN connection, over the Internet, and even between a client and a server over a dial-up connection through the Internet. All of the other items listed in this question are benefits or capabilities that are secondary to this primary purpose.

An intruder waits near an organization's secured entrance until an employee approaches the entrance and unlocks it with a security badge. The intruder falls in line behind the employee, who assumes the intruder is another employee and holds the door open for her. Which of the following BEST describes the type of attack that just occurred?

Tailgating EXPLANATION A tailgating attack has occurred. Tailgating occurs when an unauthorized person follows behind an authorized person to enter a secured building or area within a building. Tailgating is also sometimes called piggybacking. In a phishing attack, a spoofed email containing a link to a fake website is used to trick users into revealing sensitive information, such as a username, password, bank account number, or credit card number. Both the email and the website used in the attack appear on the surface to be legitimate. A denial of service (DoS) attack involves using network mechanisms to flood a particular host with so many bogus requests that it can no longer respond to legitimate network requests. A Smurf attack is a distributed type of DoS attack that inserts a target system's IP address for the source address of ICMP echo request packets, causing a flood of ICMP echo response packets to be sent to a victim system.

An unauthorized person gains access to a secured area by following an authorized person through a door controlled by a badge reader. Which of the following security threats does this sentence describe?

Tailgating EXPLANATION Tailgating describes the actions of an unauthorized person closely following an authorized person to gain access to a secure area. Shoulder surfing occurs when a one person obtains usernames, passwords, and other data by looking over the shoulder of another person. Brute forcing describes the process of cracking a username, password, decryption key, or network protocols using the trial-and-error method, often by testing all possible character combinations. Phishing is an attempt to trick a user into compromising personal information or downloading malware. Most often, it involves an email containing a malicious attachment or hyperlink.

You are a security consultant. An organization has hired you to review their security measures. The organization is chiefly concerned that it could become the victim of a social engineering attack. Which of the following actions would you MOST likely recommend to mitigate the risk?

Teach users how to recognize and respond to social engineering attacks. EXPLANATION The best way to combat social engineering is to train users how to recognize and respond to social engineering attacks. For example, most organizations train employees to forward any calls or emails requesting a password or other network information to their help desk. Filtering network traffic with a firewall fails to address the human element involved in social engineering. While a written security policy is a necessary measure, it will do little to defend your network if your users don't know how to recognize social engineering attempts. Management oversight is expensive and unlikely to detect a social engineering attempt until it is too late. Raising user awareness of the issue tends to be much more effective.

You just bought a new computer. This system uses UEFI firmware and comes with Windows 10 preinstalled. You recently accessed the manufacturer's support website and saw that a UEFI firmware update has been released. You download the update. However, when you try to install the update, an error message is displayed that indicates the digital signature on the update file is invalid. Which of the following is MOST likely caused this to happen?

The update file has been tampered with. EXPLANATION UEFI requires firmware updates to be digitally signed by the hardware vendor. Using digital signatures, unauthorized changes to firmware updates (such as the insertion of malware) can be detected. The SecureBoot feature requires that operating systems be digitally signed before they can be booted on the system. The latest UEFI update most likely includes all of the changes implemented in early updates. There is no indication that the system has been infected with rootkit malware in this scenario.

You are a security consultant and have been hired to evaluate an organization's physical security practices. All employees must pass through a locked door to enter the main work area. Access is restricted using a biometric fingerprint lock. A receptionist is located next to the locked door in the reception area. She uses an iPad application to log any security events that may occur. She also uses her iPad to complete work tasks as assigned by the organization's CEO. Network jacks are provided in the reception area such that employees and vendors can access the company network for work-related purposes. Users within the secured work area have been trained to lock their workstations if they will be leaving them for any period of time. Which of the following recommendations are you MOST likely to make to this organization to increase their security? (Select TWO).

Train the receptionist to keep her iPad in a locked drawer when not in use. Disable the network jacks in the reception area. EXPLANATION You should recommend the following: - Disable the network jacks in the reception area. Having these jacks in an unsecured area allows anyone who comes into the building to connect to the company's network. - Train the receptionist to keep her iPad in a locked drawer when not in use. Tablet devices are small and easily stolen if left unattended. The receptionist's desk should remain where it is currently located because it allows her to visually verify each employee as they access the secured area. Biometric locks are generally considered more secure than smart cards because cards can be easily stolen. Training users to lock their workstations is more secure than screensaver passwords, although this may be a good idea as a safeguard in case a user forgets.

What is a program that appears to be a legitimate application, utility, game, or screensaver, but performs malicious activities surreptitiously?

Trojan EXPLANATION A Trojan horse is a program that appears to be a legitimate application, utility, game, or screensaver, but performs malicious activities surreptitiously. Trojan horses are commonly internet downloads. To keep your systems secure and free from such malicious code, you need to take extreme caution when downloading any type of file from just about any site on the internet. If you don't fully trust the site or service that is offering a file, don't download it. A worm is a type of malicious code similar to a virus. A worm's primary purpose is to duplicate itself and spread, while not necessarily intentionally damaging or destroying resources. Ransomware is a form of malware that denies access to an infected computer system until the user pays a ransom. Scareware is a scam that fools users into thinking they have some form of malware on their system. The intent of the scam is to sell the user fake antivirus software to remove malware they don't have.

Which security measure can be used to generate and store cryptographic keys?

Trusted Platform Module (TPM) EXPLANATION A Trusted Platform Module (TPM) is a special chip on the motherboard that generates and stores cryptographic keys. The TPM can be used by applications (such as Bitlocker on Windows systems) to generate and save keys that are used for encryption. DriveLock is a disk encryption solution. Chassis intrusion detection helps you identify when a system case has been opened. A BIOS/UEFI password controls access to the BIOS/UEFI setup program.

Which of the following components is a special hardware chip included on the computer motherboard that contains software in firmware that generates and stores cryptographic keys?

Trusted Platform Module (TPM) EXPLANATION A Trusted Platform Module (TPM) is a special hardware chip included on the computer motherboard that contains software in firmware that generates and stores cryptographic keys. The TPM chip must be enabled in the BIOS/UEFI. A USB device is used to save the BitLocker key on a system that does not have a TPM chip. Implementing BitLocker requires two NTFS partitions.

You manage two computers with the following user accounts: Wrk1 has user accounts Mary and Admin. The Mary account does not have a password set; the Admin account does. Wrk2 has user accounts Mary and Julia. The Mary account has a password set; the Julia account does not. You are working from Wrk2 and would like to access a shared folder on Wrk1. Which of the following credentials would BEST allow you to access the shared folder?

Type 'Admin' for the username and specify the password. EXPLANATION Type Admin for the username and specify the password. To access a shared folder or use Remote Desktop for a workgroup computer, you must supply a username and password that matches a user account configured on the computer you are trying to access. For Wrk1, you would use either Mary or Admin for the user account name. You cannot use the Mary account to access Wrk1 over the network. When accessing shared folders or Remote Desktop on a network computer, the user account must have been configured with a password. User accounts with blank passwords cannot be used to gain network access to a computer.

While trying to log on, a user accidentally typed the wrong password three times, and now the system is locked because he entered too many incorrect passwords. He still remembers his password, but he just typed it wrong. He needs access as quickly as possible. Which of the following would allow the user to log on?

Unlock the account EXPLANATION With the account lockout policy configured, an account will be locked (and cannot be used for logon) when a specified number of incorrect passwords are entered. You can unlock a locked account by editing the account properties in Local Users and Groups. Depending on the policy settings, locked accounts might be unlocked automatically after a period of time. However, to allow immediate access, manually unlock the account. A disabled account cannot be used for logon. Accounts are not disabled automatically, and enabling an account does not unlock it. Changing the password is not required because the user still remembers the correct password.

You have 5 salespersons who work out of your office and who frequently leave their laptops laying on their desk in their cubicles. You are concerned that someone might walk by and take one of these laptops. Which of the following is the BEST protection to implement to address your concerns?

Use cable locks to chain the laptops to the desks. EXPLANATION The main concern in this case is with laptops being stolen. The best protection against physical theft is to secure the laptops in place using a cable lock. Requiring strong passwords or using encryption might prevent unauthorized users from accessing data on the laptops, but does not prevent physical theft.

You have purchased new computers and will be disposing of your old computers. Instead of recycling the computers, you decide to resell them by placing an ad on the Internet. These computers were previously used for storing sensitive information. To properly protect the accidental discovery of the company's sensitive information, which of the following steps MUST be completed prior to getting rid of the computers?

Use data wiping software to clear the hard drives EXPLANATION Data wiping software will sanitize or clean a device by removing all data remnants. Sanitization is necessary because deleting, overwriting, and reformatting (even multiple times) does not remove all data remnants. Sanitization securely removes sensitive data from storage media and is designed to solve the data remanence problem for devices that will be reused. It is the best way to remove Personally Identifiable Information (PII) from a hard disk before reuse. Deleting data and applications from the hard drives or reformatting the drive will not permanently remove data from the system. Many tools can recover deleted files.

You are responsible for disposing of several old workstations formerly used by accountants in your organization's Finance department. Before being shipped to a computer recycler, you decide to make sure any old data on the hard drives is erased. To do this, you use the Windows XP Installation CDs that came with these systems to delete all partitions from the hard drives. Which of the following BEST describes what needs to be done before the systems are ready to be recycled?

Use disk wiping software to fully erase the drives on the systems. EXPLANATION You should use disk wiping software to fully erase the drives. The problem here is that partitioning and even reformatting doesn't completely remove old data from the drive. Data could potentially be recovered from the drive. To keep this from happening, you should use disk wiping software to erase the drive and write random characters multiple times to the drive to completely destroy any old data.

You have just installed a wireless access point (WAP) for your organization's network. You know that the radio signals used by the WAP extend beyond your organization's building and are concerned that unauthorized users outside may be able to access your internal network. Which of the following steps will BEST protect the wireless network? (Select TWO. Each option is a complete solution.)

Use the WAP's configuration utility to reduce the radio signal strength. Configure the WAP to filter out unauthorized MAC addresses. EXPLANATION To increase the security of the wireless network, you can use the WAP's configuration utility to reduce the radio signal strength. This will reduce or even eliminate signal emanation outside of your building. You can also configure the WAP to filter out unauthorized MAC addresses. Enabling MAC address filtering denies access to unauthorized systems.

What is the best countermeasure against social engineering?

User awareness training EXPLANATION The best countermeasure to social engineering is user awareness training. If users understand the importance of security and the restrictions on types of information, they are less likely to reveal confidential information or perform unauthorized activities at the prompting of a stranger or a claimed identity over the phone.

Which of the following is the most common form of authentication?

Username and password EXPLANATION Passwords are the most common form of authentication. Most secure systems require only a username and password to provide users with access to the computing environment. Many forms of online intrusion attacks focus on stealing passwords. This makes using strong passwords very important. Without a strong password policy and properly trained users, the reliability of your security system is greatly diminished. Photo ID, fingerprint, and digital certificate on a smart card are not the most common forms of authentication.

What is the common name for a program that has no useful purpose, but attempts to spread itself to other systems and often damages resources on the systems where it is found?

Virus EXPLANATION A virus is the common name for a program that has no useful purpose, but attempts to spread itself to other systems and often damages resources on the systems where it is found. Viruses are a serious threat to computer systems, especially if they are connected to the internet. You should install anti-malware software on every computer in your network to protect against viruses. Trojan horses are programs that claim to serve a useful purpose, but hide a malicious purpose or activity. A buffer overflow is partially correct in that a buffer overflow may be used as an insertion vector for a virus. A password attack attempts to identify the password used by a user account.

Which of the following wireless security methods uses a common shared key configured on the wireless access point and all wireless clients?

WEP, WPA Personal, and WPA2 Personal EXPLANATION Shared key authentication can be used with WEP, WPA, and WPA2. Shared key authentication used with WPA and WPA2 is often called WPA Personal or WPA2 Personal. WPA Enterprise and WPA2 Enterprise use 802.1x for authentication. 802.1x authentication uses usernames and passwords, certificates, or devices such as smart cards to authenticate wireless clients.

Which of the following is the most secure security protocol for wireless networks?

WPA2 EXPLANATION WEP, WPA, and WPA2 are all security protocols for wireless networks. However, WPA2 provides much stronger security than WEP or WPA. 802.11n is a wireless standard with specific parameters for wireless data transmission. BitLocker is a Microsoft solution that provides hard drive disk encryption.

Which of the following provides the BEST security for wireless networks?

WPA2 EXPLANATION Wi-Fi Protected Access (WPA) provides encryption and user authentication for wireless networks. Wired Equivalent Privacy (WEP) also provides security, but WPA is considered more secure than WEP. A wireless access point (WAP) is a hardware device, like a switch, that provides access to the wireless network. 802.11a is a wireless networking standard that defines the signal characteristics for communicating on the wireless network. CSMA/CD is a media access control method that controls when a device can communicate on the network.

Which of the following forms of networking is highly susceptible to eavesdropping (data interception) and must be secured accordingly?

Wireless EXPLANATION All forms of networking are potentially vulnerable to eavesdropping. Wireless networks by definition broadcast network transmissions openly and therefore can be detected by outsiders. Subsequently wireless networks should maintain data encryption to minimize the risk of transmitting information to unintended recipients.

A large number of compromised computers are infected with malware that allows an attacker (herder) to control them to spread email spam and launch denial-of-service attacks. Which of the following does this security threat describe?

Zombie/botnet EXPLANATION Devices that are infected with malware that can be remote controlled by an attacker are known as zombies. A collection of these zombies that are controlled by the same attacker are known as a botnet (robot network). Phishing is an attempt to trick a user into compromising personal information or downloading malware. Most often, it involves an email containing a malicious attachment or hyperlink. A man-in-the-middle (MITM) attack intercepts communications between two systems and alters the message before sending it on to the original recipient. Spoofing is when an entity misrepresents itself by using a fake IP address or, more commonly, a fake email address that resembles a real address. The person being spoofed may not immediately discover that the address is fake.

Which of the following is an example of a strong password?

a8bT11$yi EXPLANATION A strong password should not contain dictionary words or any part of the login name. They should include upper- and lower-case letters, numbers, and symbols. In addition, longer passwords are stronger than shorter passwords.

Which are examples of a strong password? (Select TWO).

il0ve2EatIceCr3am TuxP3nguinsRn0v3l EXPLANATION A strong password is one that: Is at least 6 characters long (longer is better) Is not based on a word found in a dictionary Contains both upper-case and lower-case characters Contains numbers Does not contain words that can be associated with you personally Is changed frequently The passwords il0ve2EatIceCr3am and TuxP3nguinsRn0v3l both meet the above criteria. The password NewYork is long enough and includes upper- and lower-case letters, but it doesn't contain numbers and could be easily dissected into a dictionary word. The password skippy is probably a pet name. The password Morganstern is probably someone's last name (perhaps a spouse's name or a maiden name).