Security

You are designing a security policy for mobile phones on your network. Which of the following are common methods of biometric authentication used with mobile devices today? (Choose two.) A. Fingerprint lock B. Face lock C. Swipe lock D. DNA lock

A, B. Biometric authentication requires identification of a physical feature of the user, such as a fingerprint or facial scan. DNA is considered a form of biometric authentication, but it's not commonly used today with mobile devices. (Imagine your phone needing to collect blood or saliva to authenticate you—no thanks!)

You are responsible for physically destroying several old hard drives with confidential information on them. Which methods are acceptable? (Choose two.) A. Incineration B. Power drill C. Degaussing D. Drive wipe

A, B. If your intent is to physically destroy the drive, you have a few options. They include shredders (not the paper kind but ones that can handle metal), a drill or hammer, and incineration. Although these methods can be fun, they can also be dangerous, so be sure to use adequate safety measures.

You are setting up a new wireless router for a home office. Which of the following should you change when initially configuring the network? (Choose two.) A. The router administrator's username and password B. The default SSID C. The radio power level D. The WPS setting

A, B. When configuring a new wireless router, always change the username and password first. This prevents would-be hackers from having easy access to the router. Then change the default SSID.

Which of the following are examples of physical security methods? (Choose two.) A. Biometrics B. Multifactor authentication C. Privacy filters D. Firewalls

A, C. Biometrics and privacy filters are physical security methods. Multifactor authentication may require a physical device (for example, something you have) but not necessarily. Firewalls can be hardware devices but can also be software packages.

Which types of security threats are direct attacks on user passwords? (Choose two.) A. Brute force B. Zombie/botnet C. Dictionary attack D. Spoofing

A, C. Password attacks occur when an account is attacked repeatedly. This is accomplished by using applications known as password crackers, which send possible passwords to the account in a systematic manner. Two types of password attacks are brute-force and dictionary attacks.

Which of the following file attributes are turned on by default for system files on a Windows 8.1 workstation? (Choose two.) A. Hidden B. Archive C. System D. Read-only

A, C. System files are critical to the operating system working properly and should not be changed or deleted. By default, the Hidden and System attributes are set. Some are also set to Read-only, but not all. For example, the virtual memory file (pagefile.sys) is a system file but is not Read-only.

Which of the following security methods will prove to be ineffectual when trying to prevent software-based attacks? (Choose two.) A. Mantrap B. Firewall C. Anti-malware D. Privacy filter

A, D. A mantrap and privacy filters are physical security methods. They will not prevent software-based attacks. Firewalls can block malicious network traffic, and anti-malware can block malicious software such as viruses and worms.

Which type of malware is designed to look like a different program and, when installed, create a back door for an attacker to access the target system? A. Trojan B. Spyware C. Virus D. Worm

A. Trojan horses are programs that enter a system or network under the guise of another program. A Trojan horse may be included as an attachment or as part of an installation program. The Trojan horse can create a back door or replace a valid program during installation. It then accomplishes its mission under the guise of another program.

A network administrator wants to block all incoming network traffic on port 80. On which security mechanism can she disable port 80 traffic? A. Firewall B. VPN C. DLP D. Anti-malware

A. A firewall operating as a packet filter passes or blocks traffic to specific addresses based on the type of application and the port used. The packet filter doesn't analyze the data of a packet; it decides whether to pass it based on the packet's addressing information. For instance, a packet filter may allow web traffic on port 80 and block Telnet traffic on port 23. This type of filtering is included in many routers.

Which type of malware will directly attack your antivirus software, attempting to disable the software so it can infect the target system? A. Retrovirus B. Stealth virus C. Polymorphic virus D. Multipartite virus

A. A retrovirus attacks or bypasses the antivirus software installed on a computer. You can consider a retrovirus to be an anti-antivirus. Retroviruses can directly attack your antivirus software and potentially destroy the virus definition database file. When this information is destroyed without your knowledge, you would be left with a false sense of security. The virus may also directly attack an antivirus program to create bypasses for itself.

Which type of security device often incorporates RFID technology to grant access to secure areas or resources? A. Smart card B. Security token C. Mantrap D. Key fob

A. A smart card is a type of badge or card that gives you access to resources, including buildings, parking lots, and computers. It contains information about your identity and access privileges. Each area or computer has a card scanner or a reader in which you insert your card. Radio Frequency Identification (RFID) is the wireless, no-contact technology used with these cards and their accompanying reader.

Someone has configured an external server with an IP address that should belong to one of your sister company's servers. With this new computer, they are attempting to establish a connection to your internal network. What type of attack is this? A. Spoofing B. Man-in-the-middle C. Zombie/botnet D. Noncompliant system

A. A spoofing attack is an attempt by someone or something to masquerade as someone else. This type of attack is usually considered an access attack. The most popular spoofing attacks today are IP spoofing, ARP spoofing, and DNS spoofing. This is an example of IP spoofing, where the goal is to make the data look as if it came from a trusted host when it didn't (thus spoofing the IP address of the sending host).

Which digital security method makes use of encapsulation to transfer data across networks? A. VPN B. Firewall C. Email filtering D. DLP

A. A virtual private network (VPN) is a private network connection that occurs through a public network. VPNs make use of tunneling, which sends private data across a public network by placing (encapsulating) that data into other packets. Even though a VPN is created through the Internet or other public networks, the connection logically appears to be part of the local network.

You use your mobile phone for email and extensive Internet browsing. You want to add an additional level of security to always verify your identity online when accessing various accounts. Which type of app do you need? A. Authenticator app B. Trusted source app C. Biometric authentication app D. Account encryption app

A. An authenticator app can help securely verify your identity online, regardless of the account you want to log in to. Different apps work in different ways, but the general procedure is that the app will generate a random code for you to type in along with your username and password. The random code helps identify you and tells the site you are logging into that you really are who you say you are.

Which type of digital security needs to have constant updates to best protect your network or computer? A. Antivirus B. Firewall C. Access control list D. Directory permissions

A. Antivirus software is an application that is installed on a system to protect it and to scan for viruses as well as worms and Trojan horses. Most viruses have characteristics that are common to families of viruses. Antivirus software looks for these characteristics, or fingerprints, to identify and neutralize viruses before they impact you. Antivirus software needs to be constantly updated to ensure that it can detect the most current viruses.

An administrator is transferring confidential files from one Windows 8 Pro workstation to another, using a flash drive. Policy dictates that he encrypt the files on the flash drive. Which technology should he use? A. BitLocker To Go. B. BitLocker. C. EFS. D. Windows 8 does not allow for the encryption of files on a flash drive.

A. BitLocker allows you to use drive encryption to protect files—including those needed for startup and logon. This is available only with more complete editions of Windows 8 (Pro and Enterprise), Windows 7 (Enterprise and Ultimate), and Windows Vista (Enterprise and Ultimate). For removable drives, BitLocker To Go provides the same encryption technology to help prevent unauthorized access to the files stored on them.

Which of the following prevention methods will best deter the usefulness of Dumpster diving for confidential materials? A. Document shredding B. Privacy filters C. Cable locks D. Firewalls

A. Companies normally generate a huge amount of paper, most of which eventually winds up in Dumpsters or recycle bins. Dumpsters may contain information that is highly sensitive in nature, and attackers may seek it out by practicing Dumpster diving. In high-security and government environments, sensitive papers should be either shredded or burned.

It appears as though someone is trying to log in to a user account by guessing the password. Which account management policy will help prevent this type of attack? A. Setting failed attempts lockout B. Disabling autologin C. Requiring strong passwords D. Setting password expiration

A. Configure user account settings so that there are a limited number of login attempts (three is a good number) before the account is locked for a period of time. Legitimate users who need to get in before the block expires can contact the administrator and explain why they weren't able to give the right password three times in a row, and illegitimate users will go away in search of another system to try to enter.

You are installing a small office wired network. The manager is concerned that employees will visit websites with objectionable material. Which feature should you look for in a router to help prevent such access? A. Content filtering B. Disabling ports C. VPN access D. Port forwarding/mapping

A. Content filtering is the process of blocking objectionable content, from either websites or email. Many routers and firewalls will provide content filtering services. In many cases, a reference service is used to block websites, and filters can be implemented to scan emails for prohibited content.

Your iPhone requires a passcode to unlock it. Because of recent phone thefts around your office, you want to set your phone so that all data is destroyed if incorrect passcodes are entered 10 times in a row. Which feature allows you to do this? A. Failed login attempts restrictions B. Screen locks C. Remote wipes D. Locator applications

A. Failed login attempt restrictions will destroy all local data on the phone if incorrect passcodes are entered 10 times in a row. While this is recommended for users with phones that contain sensitive data and that are frequently taken into public venues or placed in compromising positions, the casual user should not turn on this feature unless they can be sure there will always be a recent backup available in iTunes.

Which security mechanism specifies permissions for users and groups as well as the type of activities the users or groups can perform? A. ACL B. DLP C. AUP D. VPN

A. File systems such as NTFS, and security devices such as firewalls, can track security in access control lists (ACLs). ACLs can hold permissions for local users and groups, and each entry in the ACL can also specify what type of access is given. This allows a great deal of flexibility in setting up a network.

What type of physical security explicitly relies upon a security guard or other personnel to determine who can access the facility? A. Entry control roster B. Mantrap C. ID badges D. Biometrics

A. If you have an open-access building but then need people to access a secured area, one way to provide security is through a guard. An access list or entry control roster should then exist to identify specifically who can enter and can be verified by the guard or someone with authority.

Which type of network attack involves an intermediary hardware device intercepting data and altering it or transmitting it to an unauthorized user? A. Man-in-the-middle B. Noncompliant system C. Zombie/botnet D. Spoofing

A. Man-in-the-middle attacks clandestinely place something (such as a piece of software or a rogue router) between a server and the user, and neither the server's administrator nor the user is aware of it. The man-in-the-middle intercepts data and then sends the information to the server as if nothing is wrong. The man-in-the-middle software may be recording information for someone to view later, altering it, or in some other way compromising the security of your system and session.

Which of the following security methods is a physical device that users carry around that provides access to network resources? A. Security token B. ID badge C. Biometrics D. Privacy filter

A. Security tokens are anything that a user must have on them to access network resources, and they are often associated with devices that enable the user to generate a one-time password authenticating their identity. SecurID, from RSA, is one of the best-known examples of a physical security token. ID badges can have security mechanisms built in, but not all do.

You receive an email from an overseas bank, notifying you that a relative has left you a large sum of money. You need to respond with your bank routing information so they can electronically transfer the funds directly to your account. What is this most likely an example of? A. Phishing B. Ransomware C. Spoofing D. Spear phishing

A. Social engineering is a process in which an attacker attempts to acquire information about your network and system by social means, such as talking to people in the organization. A social engineering attack may occur over the phone, by email, or in person. When the attempt is made through email or instant messaging, this is known as phishing, and it's often made to look as if a message is coming from sites where users are likely to have accounts (banks, eBay, and PayPal are popular).

You recently noticed a change on your computer. Now when you open your web browser, no matter what you search for, you get a dozen unsolicited pop-up windows offering to sell you items you didn't ask for. What type of problem does your computer have? A. Spyware B. Ransomware C. Zombie/botnet D. Trojan

A. Spyware differs from other malware in that it works—often actively—on behalf of a third party. Rather than selfreplicating, like viruses and worms, spyware is spread to machines by users who inadvertently ask for it. The users often don't know they have asked for it but have done so by downloading other programs, visiting infected sites, and so on. The spyware program monitors the user's activity and responds by offering unsolicited pop-up advertisements (sometimes known as adware), gathers information about the user to pass on to marketers, or intercepts personal data such as credit card numbers.

Which user account on a Microsoft Windows workstation has the least restrictive permissions by default? A. Administrator B. Root C. Guest D. Standard User

A. The Administrator account is the most powerful of all: it has the power to do everything from the smallest task all the way up to removing the operating system. Because of the power it wields, you should rename the account and assign it a strong password.

Several workstations on your network have not had their operating systems updated in more than a year, and your antivirus software is also out-of-date. What type of security threat does this represent? A. Noncompliant systems B. Zombie/botnet C. Zero-day attack D. Brute forcing

A. The systems are not up-to-date and therefore are more vulnerable to attacks. These systems are considered noncompliant systems. It's a violation of security best practices to fail to keep all software on your network up-to-date.

You are configuring a wireless network for a small office. What should you enable for the best encryption possible for network transmissions? A. WPA2 B. WEP C. WPA D. WPS

A. There are generally three wireless encryption methods available. From least to most secure, they are WEP, WPA, and WPA2. Always go with WPA2 unless strange circumstances prevent you from doing so.

You receive an email from one of your friends. In it, she includes a link telling you to click it to see some recent pictures she took of you. It's been several weeks since you've seen this friend, and you are suspicious. What could this be an example of? A. Spear phishing B. Zombie/botnet C. Social engineering D. Zero-day attack

A. This is an example of spear phishing, which is a specific form of social engineering. With spear phishing, the attacker uses information that the target would be less likely to question because it appears to be coming from a trusted source. (When, in reality, the attacker in this case has hacked a friend's email account.) Because it appears far more likely to be a legitimate message, it cuts through your standard defenses like a spear, and the likelihood that you would click this link is higher.

Aadi is trying to access a folder named Projects on a local NTFS volume. His user account is in the Developers group. The Developers group has Read & Execute permissions to the folder, and Aadi's user account has Full Control. What is Aadi's effective access to the Projects folder? A. Full Control B. Read & Execute C. Read D. No access

A. When there are conflicting NTFS permissions, generally they are combined, and the most liberal is granted. This holds true for conflicting permissions between groups or between a user's account and group memberships.

What does the NTFS file system use to track users and groups and their level of access? A. ACLs B. Tokens C. Badges D. Control rosters

A. With NTFS, files, directories, and volumes can each have their own security. NTFS tracks security in access control lists (ACLs), which can hold permissions for local users and groups, and each entry in the ACL can specify what type of access is given—such as Read & Execute, List Folder Contents, or Full Control. This allows a great deal of flexibility in setting up a network.

An administrator has granted a user Read & Execute permissions to the C:\files folder. Which of the following statements are true regarding subfolders of C:\files? (Choose two.) A. The user will have no access to subfolders of C:\files. B. The user will have Read & Execute access to subfolders of C:\files. C. Explicit permissions assigned to C:\files\morefiles will override those set on C:\files. D. Explicit permissions assigned to C:\files files override those set on C:\files\morefiles.

B, C. Inheritance is the default behavior throughout the permission structure, unless a specific setting is created to override it. For example, a user who has Read and Write permissions in one folder will have that in all the subfolders unless a change has been made specifically to one of the subfolders. Explicit permissions at a more granular level will apply instead of those set at a higher level of the directory tree.

You are implementing new password policies for your network, and you want to follow guidelines for password best practices. Which of the following will best help improve the security of your network? (Choose two.) A. Require passwords to expire every 180 days. B. Require passwords to be at least eight characters long. C. Require passwords to have a special character. D. Require passwords to be no more than 10 characters long.

B, C. Setting strong passwords is critical to network security. They should be as long as possible. Eight or ten characters is a good minimum. Users should also need to use a combination of uppercase and lowercase letters, a number, and a special character such as #, @, &, or others. Passwords should also expire, but 180 days is too long. Having a 42-day or 90-day requirement would be better.

Which types of security threats involve the attacker attempting to directly contact a potential victim? (Choose two.) A. Spoofing B. Phishing C. Social engineering D. Brute forcing

B, C. Social engineering is a process in which an attacker attempts to acquire information about your network and system by social means, such as talking to people in the organization. When this is done via email or instant messaging, it's called phishing.

You want to recycle some hard drives that your company no longer uses but do not want other people to have access to the data. Which methods of removing the data are acceptable for your purposes? (Choose two.) A. Formatting the drive B. Using an overwrite utility C. Using a drive wipe utility D. Using electromagnetic fields

B, C. The best methods are either overwrite or drive wipe. Overwriting the drive entails copying over the data with new data. A common practice is to replace the data with 0s. Drive wipes do a similar thing. Formatting the drive does not guarantee that others can't read the data. Using electromagnetic fields (or degaussing) isn't reliable and can damage the hard drive. (Not to mention it won't work at all on SSDs!)

Which of the following are advantages of using NTFS permissions over using Share permissions? A. NTFS permissions will override Share permissions if there is a conflict. B. NTFS permissions affect users at the local computer, but Share permissions do not. C. NTFS permissions are more restrictive in their access levels than Share permissions. D. NTFS permissions can be set at the file level, but Share permissions cannot.

B, D. NTFS permissions affect users regardless of if they are at the local computer or accessing the resource across the network. They can also be applied to individual files, whereas Share permissions can be applied only to folders. One set of permissions is not inherently more restrictive than the other, as either type can be used to deny access in a given situation (at least when accessing across the network).

You have installed a Windows 8.1 workstation into a HomeGroup. Which of the following are recommended best practices for maximizing security regarding the Administrator account? (Choose two.) A. Disable the Administrator account. B. Rename the Administrator account. C. Remove the Administrator account from the Administrators group. D. Require a strong password.

B, D. You should rename the default account and always require strong passwords. In Windows, you are unable to disable the Administrator account or remove it from the Administrators group.

You have instructed users on your network to not use common words for their passwords. What type of attack are you trying to prevent? A. Brute forcing B. Dictionary attack C. Social engineering D. Shoulder surfing

B. A dictionary attack uses a dictionary of common words to attempt to find the user's password. Dictionary attacks can be automated, and several tools exist in the public domain to execute them. As an example of this type of attack, imagine guessing words and word combinations found in a standard English-language dictionary. The policy you have recommended could also help thwart those who may try to look over a shoulder to see a user's password, but they can still see it whether it's a common word or not.

Which type of security method allows you to get your security device in close proximity to a reader (but doesn't require touching) to validate access? A. Key fob B. RFID card C. Security token D. Biometrics

B. A smart card is a type of badge or card that gives you access to resources, including buildings, parking lots, and computers. It contains information about your identity and access privileges. Each area or computer has a card scanner or a reader in which you insert your card. Radio Frequency Identification (RFID) is the wireless, no-contact technology used with these cards and their accompanying reader.

You are at work and receive a phone call. The caller ID indicates it's coming from your manager's desk. You can see your manager's desk and no one is sitting there. What is likely happening? A. A zombie/botnet attack B. A spoofing attack C. A zero-day attack D. A phishing attack

B. A spoofing attack is an attempt by someone or something to masquerade as someone else. You might think of spoofing attacks as affecting network systems, but they can affect phone systems as well.

Which type of malware is designed to replicate itself and spread, without the need for inadvertent user action to help it do this? A. Virus B. Worm C. Trojan D. Spyware

B. A worm is different from a virus in that it can reproduce itself, it's self-contained, and it doesn't need a host application to be transported. Many of the so-called viruses that have made the news were actually worms. Worms can use TCP/IP, email, Internet services, or any number of possibilities to reach their target.

You have been hired to implement new network security practices. One of the things you need to do is create a document describing the proper usage of company hardware and software. What is this type of document called? A. DLP B. AUP C. ACL D. Least privilege

B. Acceptable use policies (AUPs) describe how the employees in an organization can use company systems and resources, both software and hardware. This policy should also outline the consequences for misuse. In addition, the policy (also known as a use policy) should address the installation of personal software on company computers and the use of personal hardware such as USB devices.

Robert has joined your company as a network administrator. His user account name is RobertS. What is the recommended way to give Robert the administrative privileges he needs? A. Add the RobertS user account to the Administrators group. B. Create an account called AdminRobertS. Add that account to the Administrators group. Have Robert use the RobertS account unless he needs administrative rights, in which case he should use the other account. C. Copy the Administrator account and rename it to RobertS. D. Add the RobertS user account to the Power Users group.

B. Adding RobertS to the Administrators group will certainly work, but it's not the recommended approach. Since members of the Administrators group have such power, they can inadvertently do harm (such as accidentally deleting a file that a regular user could not). To protect against this, the practice of logging in with an Administrators group account for daily interaction is strongly discouraged. Instead, system administrators should log in with a user account (lesser privileges) and change to the Administrators group account (elevated privileges) only when necessary.

Which type of security method is worn by employees and usually has a picture on it? A. Key fobs B. ID badges C. Smart card D. Biometrics

B. An ID badge is worn by employees to identify them. Some companies use different colored badges to indicate different functions or security privileges. Most ID badges have a picture of the user on them to prevent unauthorized use.

You have a Windows 7 Enterprise workstation and want to encrypt the entire hard drive, including startup files. Which technology best meets your needs? A. Windows 7 Enterprise does not allow for the encryption of startup files. B. BitLocker. C. BitLocker To Go. D. EFS.

B. BitLocker allows you to use drive encryption to protect files—including those needed for startup and logon. This is available only with more complete editions of Windows 8 (Pro and Enterprise), Windows 7 (Enterprise and Ultimate), and Windows Vista (Enterprise and Ultimate). For removable drives, BitLocker To Go provides the same encryption technology to help prevent unauthorized access to the files stored on them.

A security consultant for your company recommended that you begin shredding or burning classified documents before disposing of them. What security risk is the consultant trying to protect the company from? A. Shoulder surfing B. Dumpster diving C. Social engineering D. Brute forcing

B. Companies normally generate a huge amount of paper, most of which eventually winds up in Dumpsters or recycle bins. Dumpsters may contain information that is highly sensitive in nature, and attackers may seek it out by practicing Dumpster diving. In high-security and government environments, sensitive papers should be either shredded or burned.

Your network has recently been hit with a significant amount of spam messages. What should you implement to help reduce this nuisance? A. Firewall B. Email filtering C. Access control list D. A trusted software source list

B. Email filtering, as the name implies, involves filtering email before passing it on. This can be done with messages intended both to enter and to leave the network, and it can head off problems before they can propagate. One of the simplest filters is the spam filter included with most email programs.

Sue is an administrator on the network and is logged in with an account in the Users group but not the Administrators group. She needs to run SFC on the computer, which requires administrative privileges. What is the easiest way for her to do this? A. Log off and back on again with an account that is part of the Administrators group. Then open a command prompt and run SFC. B. Open a command prompt by choosing Run As Administrator and then run SFC. C. Right-click the SFC icon in Control Panel and choose Run As Administrator. D. Reboot the computer. Log on with an account that is part of the Administrators group. Then open a command prompt and run SFC.

B. If you attempt to run some utilities (such as SFC) from a standard command prompt, you will be told that you must be an administrator running a console session in order to continue. Rather than opening a standard command prompt, choose Start ➢ All Programs ➢ Accessories and then right-click Command Prompt and choose Run As Administrator. The UAC will prompt you to continue, and then you can run SFC without a problem.

Which type of malware will often cause critical files to disappear, often while displaying a taunting message, and requires user intervention (usually inadvertent) to spread from computer to computer? A. Worm B. Virus C. Trojan D. Rootkit

B. Many viruses will announce that you're infected as soon as they gain access to your system. They may take control of your system and flash annoying messages on your screen or destroy your hard disk. When this occurs, you'll know that you're a victim. Other viruses will cause your system to slow down, cause files to disappear from your computer, or take over your disk space. Many viruses today are spread using email. The infected system attaches a file to any email that you send to another user. The recipient opens this file, thinking it's something that you legitimately sent them. When they open the file, the virus infects the target system.

You are configuring NTFS and Share permissions on a Windows 7 workstation. Which of the following statements is true regarding permissions? A. Both NTFS and Share permissions can be applied only at the folder level. B. NTFS permissions can be applied at the file or folder level, and Share permissions can be applied only at the folder level. C. NTFS permissions can be applied only at the folder level, and Share permissions can be applied at the file or folder level. D. Both NTFS and Share permissions can be applied at the file or folder level.

B. NTFS permissions are able to protect you at the file level as well as the folder level. Share permissions can be applied to the folder level only.

After installing a wireless router, a technician notices that he is able to get a network signal in the parking lot. The manager is afraid of potential attackers performing war driving. What can the technician do to reduce the risk of this? A. Disable the SSID broadcast. B. Reduce the radio power level. C. Enable WPS. D. Assign static IP addresses.

B. On the chance that the signal is actually traveling too far, some access points include power level controls that allow you to reduce the amount of output provided.

Larissa is trying to access the Flatfiles folder on a remote NTFS volume. She is a member of the Datateam group. The Datateam group has NTFS permissions of Allow Read & Execute. The folder is shared with the Datateam group, but there are no explicit Allow or Deny permissions checked. What is Larissa's access level to the Flatfiles folder? A. Full Control B. Read & Execute C. Read D. No access

B. Share and NTFS permissions are both consulted when accessing an NTFS resource across the network. The most restrictive permission set between the two is applied. If there are no explicit Allow or Deny share permissions set, though, then only the NTFS permissions apply.

Alexandra is working on a Windows 7 workstation, formatted with NTFS. Her user account is a member of the Finance group. The Finance group has Read and Write NTFS permissions on the D:\reports folder. The folder is shared, and the Finance group has Read permission. What is Alexandra's effective permissions on the D:\reports folder? A. Full Control B. Read and Write C. Read D. No access

B. Since Alexandra is sitting at the computer, only NTFS permissions are in effect. Share permissions apply only when accessing the shared resource over the network. Therefore, her effective permission level is Read and Write.

Fiona is trying to access a folder on an NTFS volume on her local computer. She is a member of the Dev group. The Dev group's NTFS permissions are Allow Read & Execute. The share permissions for the Dev group are Deny Full Control. What is Fiona's effective permissions to this folder? A. Full Control B. Read & Execute C. Read D. No access

B. Since the user and the volume are on the same computer, only NTFS permissions are in effect. Share and NTFS permissions are both consulted only when accessing an NTFS resource across the network. Then, the most restrictive permission set between the two is applied.

You have a corporate iPhone. Today, you notice that there is a new iOS update available for your device. For the best security, which of the following is recommended? A. Wait until Corporate IT approves the change before updating your OS. B. Update your OS immediately. C. Wait one week to ensure that the OS update has no issues and then update your device. D. Ignore the update until you confirm with Corporate IT that it's not a Trojan or other malware.

B. The best rule of thumb is that if your OS vendor provides an update, you should install it as soon as possible. Some companies do want their corporate IT groups to vet the update first, but it's still always a best practice to update sooner rather than later.

A system administrator is concerned about workstation security. He wants to be sure that workstations are not compromised when users are away from them during the workday. What should he implement? A. Login time restrictions B. Screen lock/timeout and screensaver passwords C. BIOS/UEFI passwords D. Restrictive user permissions

B. Users should lock their computers when they leave their desks, but there should also be a screen lock/timeout setting configured on every workstation to prevent them from inadvertently becoming an open door to the network. A password should be required before the user can begin their session again.

Your office has recently experienced several laptop thefts. Which security mechanism is designed to protect mobile devices from theft? A. Security token B. Cable lock C. Key fob D. Privacy filter

B. Users should never leave a company notebook computer, tablet computer, or smartphone in a position where it can be stolen or compromised while they are away from the office. Cable locks should be used to keep notebook computers securely in place whenever users are not near their devices.

For users to log on to your network from a remote location, they are required to supply a username and password, as well as a code from an RSA token. What type of security is this an example of? A. Using a firewall B. Using multifactor authentication C. Using an access control list D. Using the principle of least privilege

B. When users log on to a computer or network, they are generally required to provide credentials such as a username or password. In multifactor authentication, the user is required to provide two or more items. These items are generally from two of three categories: something they know (such as a password), something they have (such as a code from a security token), or something they are (biometric screening).

On a Windows 8 workstation, there are two NTFS volumes. The Managers group has Modify access to the D:\mgmt directory. You move the folder to the D:\keyfiles folder, to which the Managers group has Read access. What level of permissions will the Managers group have to the new D:\keyfiles\mgmt directory? A. Full Control B. Modify C. Read & Execute D. Read

B. When you move a file or folder on the same NTFS volume, it will keep its original permissions. If you copy it or move it to a different volume, it will inherit permissions from its new parent directory.

A user on your network reported that his screen went blank and a message popped up. It's telling him that his files are no longer accessible, and if he wants them back, he needs to enter a credit card number and pay a $200 fee. Which type of malware has infected his system? A. Rootkit B. Ransomware C. Trojan D. Spyware

B. With ransomware, software—often delivered through a Trojan horse—takes control of a system and demands that a third party be paid. The "control" can be accomplished by encrypting the hard drive, by changing user password information, or via any of a number of other creative ways. Users are usually assured that by paying the extortion amount (the ransom), they will be given the code needed to revert their systems to normal operations. Even among malware, ransomware is particularly nasty.

Which of the following statements are true regarding file attributes on a Windows 7 workstation? (Choose two.) A. File attributes are available only on NTFS volumes. B. Only members of the Administrators group can change file attributes. C. The attrib command modifies file attributes. D. Compression is enabled as a file attribute.

C, D. The four common file attributes are Read-only, Archive, System, and Hidden (remember the acronym RASH). They can be implemented on FAT32 or NTFS volumes and changed by anyone with proper access. On NTFS volumes, you can also compress or encrypt files as part of Advanced attributes. At a command prompt, the attrib command is used to change attributes. In Windows, right-click the file, choose Properties, and look for Attributes on the General tab.

You have been asked to dispose of several old magnetic hard drives. What is the name of the process of using a large magnet to clear the data off a hard drive? A. Overwriting B. Zero writing C. Degaussing D. Incineration

C. A large electromagnet can be used to destroy any magnetic media, such as a hard drive or backup tape set. The most common of these is the degaussing tool. Degaussing involves applying a strong magnetic field to initialize the media (this is also sometimes referred to as disk wiping). This process helps ensure that information doesn't fall into the wrong hands.

You and your family members all have iPhones. Someone generally forgets where they put their phone, and it would be nice to easily find it. In addition, you want to see where other family members are when they are around town. Which type of app will allow you to do this? A. Trusted source app B. Remote control app C. Locator app D. Firewall app

C. A locator app is what you need. Apple supplies a free app called Find My iPhone that, together with iCloud, allows multiple mobile devices and Macs to be located if powered on and attached to the Internet (via 4G, 3G, Wi-Fi, Ethernet, and so on). The app allows the device to be controlled remotely to lock it, play a sound (even if audio is off), display a message, or wipe it clean.

Which type of malware will attack different parts of your system simultaneously, such as your boot sector, executable files, and data files? A. Phage virus B. Polymorphic virus C. Multipartite virus D. Retrovirus

C. A multipartite virus attacks your system in multiple ways. It may attempt to infect your boot sector, infect all your executable files, and destroy your application files. The hope here is that you won't be able to correct all the problems and will allow the infestation to continue.

You have a Windows 8.1 workstation and want to prevent a potential hacker from booting to a CD from the optical drive. What should you do to help prevent this? A. Require strong Windows passwords. B. Restrict user permissions. C. Set a BIOS/UEFI password. D. Disable autorun.

C. A strong Windows password will help protect Windows but does not protect the computer in general. If a user can get into the BIOS, then he can change the boot sequence, boot to a CD, and do some damage to the system. The way to protect against this is to implement a BIOS/UEFI password.

You are examining shared folders on a Windows 7 workstation. You notice that there is a shared folder named c$ that you didn't create. What is the most likely explanation for this share? A. An attacker has compromised the workstation and is using the share to control it. B. It's a local share that all users have access to. C. It's an administrative share that requires administrative privileges to access. D. It's an administrative share that all users have access to.

C. Administrative shares are created on servers running Windows on the network for administrative purposes. These shares can differ slightly based on which OS is running, but they always end with a dollar sign ($) to make them hidden. There is one for each volume on a hard drive (c$, d$, and so on), as well as admin$ (the root folder—usually c:\winnt) and print$ (where the print drivers are located). These are created for use by administrators and usually require administrator privileges to access.

You read corporate email on your iPhone and do not want others to access the phone if you leave it somewhere. What is the first layer of security that you should implement to keep others from using your phone? A. Multifactor authentication B. Full device encryption C. Screen lock D. Remote wipe software

C. All the options will increase the security of an iPhone. For just the basic level of security, though, enable a screen lock. A user will need to enter a code to gain access to the device. It's typically enough to thwart casual snoops and would-be hackers.

Your corporate IT department has decided that to enhance security, they want to configure all mobile devices to require both a passcode and fingerprint scan to unlock a mobile device for use. What is this an example of? A. Authenticator application B. Biometric authentication C. Multifactor authentication D. Full device encryption

C. Any time there is more than one authentication method required, it's multifactor authentication. In this case, it does involve using biometrics, but the passcode is not a biometric factor. Multifactor authentication usually requires two of the following three types of inputs: something you know (password), something you have (smart token), or something you are (biometrics).

Graham is working on a Windows 7 workstation. His user account is a member of the Managers group. He is trying to access a folder named reports, located on a different computer. The NTFS permissions for the reports shared folder on that computer for the Managers group are Read and Write. The folder's shared permissions for the Managers group is Read permission. What is Graham's effective permissions on the reports folder? A. Full Control B. Read and Write C. Read D. No access

C. Because Graham is accessing the NTFS-based resource over the network, both NTFS and Share permissions are applied. If there is a difference between the two of them, the most restrictive permissions are used. Therefore, Graham has Read access only.

Which type of security system uses physical characteristics to allow or deny access to locations or resources? A. ID badges B. Mantrap C. Biometrics D. Tokens

C. Biometric devices use physical characteristics to identify the user. Biometric systems include fingerprint/palm/hand scanners, retinal scanners, and soon, possibly, DNA scanners. To gain access to resources, you must pass a physical screening process.

You have just installed a new wireless router for a small office network. You changed the username and password and the default SSID. Which other step should you take to increase the security of the wireless router? A. Enable WPS. B. Assign static IP addresses. C. Update the firmware. D. Enable port forwarding.

C. Changing the default username, password, and SSID are all good measures to take when installing a new router. Another good step is to update the firmware. It's possible that new firmware was introduced while your device was sitting on a shelf somewhere, and it's always smart to be up-to-date.

A system administrator is concerned about Windows users inadvertently installing malware from CD- or DVD-ROMs that contain malicious code. What can she do to help prevent this from happening? A. Set restrictive user permissions. B. Enable BIOS/UEFI passwords. C. Disable autorun. D. Enable data encryption.

C. It is never a good idea to put any media in a workstation if you do not know where it came from or what it is. The simple reason is that said media (CD, DVD, USB) could contain malware. Compounding matters, that malware could be referenced in the AUTORUN .INF file, causing it to be summoned when the media is inserted in the machine and requiring no other action.

Which default Windows group was designed to have more power than normal users but not as much power as administrators? A. Superuser B. Standard user C. Power user D. Advanced user

C. Microsoft wanted to create a group in Windows that was not as powerful as the Administrators group, which is how the Power Users group came into being. The idea was that membership in this group would be given read/write permission to the system, allowing members to install most software but keeping them from changing key operating system files.

You are configuring NTFS and Share permissions on a Windows 8.1 workstation. Which of the following statements is true regarding permissions? A. NTFS and Share permissions apply only when you are accessing a resource on the local machine. B. NTFS and Share permissions apply only when you are accessing a resource across the network. C. NTFS permissions apply when you are accessing a resource on the local machine or across the network. Share permissions apply only when you are accessing a resource across the network. D. NTFS permissions apply only when you are accessing a resource across the network. Share permissions apply when you are accessing resources on the local machine or across the network.

C. NTFS permissions can affect users logged on locally or across the network to the system where the NTFS permissions are applied. Share permissions are in effect only when the user connects to the resource via the network.

Your office is in a building with several other companies. You want to configure the wireless network so that casual users in the building are not able to easily see your network name. What should you do to configure this? A. Enable WPA2. B. Enable MAC filtering. C. Disable SSID broadcasts. D. Reduce radio power levels.

C. One method of "protecting" the network that is often recommended is to turn off the SSID broadcast. The access point is still there and can still be accessed by those who know of it, but it prevents those who are looking at a list of available networks from finding it. This should be considered a weak form of security because there are still ways, albeit a bit more complicated, to discover the presence of the access point besides the SSID broadcast.

On your network, there are multiple systems that users need to access, such as a Windows domain, a Box (cloud) site for storage, and SAP. You want to configure the network such that users do not need to remember separate usernames or passwords for each site; their login credentials will be good for different systems. Which technology should you use? A. EFS B. BTG C. SSO D. DLP

C. One of the big problems larger systems must deal with is the need for users to access multiple systems or applications. This may require a user to remember multiple accounts and passwords. The purpose of a single sign-on (SSO) is to give users access to all the applications and systems that they need when they log on. Some of the systems may require the user to enter their credentials again, but the username and password will be consistent between systems.

Your network has 20 Windows 8.1 workstations. When it comes to managing patches and updates, which of the following is the best practice? A. Apply patches and updates only after they have received good reviews on the Internet. B. Apply patches and updates once per month. C. Apply patches and updates immediately after they become available. D. Apply patches and updates only if they fix a critical security flaw.

C. Patches and updates should be applied, regardless of the severity of the issue. In addition, they should be applied immediately. Use Windows Update to manage the process for you.

A user is worried about others peering over her shoulder to see sensitive information on her screen. What should she use to help avoid this problem? A. Mantrap B. Email filtering C. Privacy filter D. Smart card

C. Privacy filters are either film or glass add-ons that are placed over a monitor or laptop screen to prevent the data on the screen from being readable when viewed from the sides. Only the user sitting directly in front of the screen is able to read the data.

Which type of security threat gains administrative-level access for an attacker to perform another attack and then hides its presence from system management tools? A. Virus B. Spyware C. Rootkit D. Ransomware

C. Rootkits are software programs that have the ability to hide certain things from the operating system; they do so by obtaining (and retaining) administrative-level access. With a rootkit, there may be a number of processes running on a system that don't show up in Task Manager, or connections that don't appear in a Netstat display may be established or available—the rootkit masks the presence of these items.

A user on your network reported that he got a telephone call from Diane in the IT department saying that he needed to reset his password. She offered to do it for him if he could provide her with his current one. What is this most likely an example of? A. The IT department needs to reset the user's password. B. A spoofing attack. C. A social engineering attack. D. A man-in-the-middle attack.

C. Social engineering is a process in which an attacker attempts to acquire information about your network and system by social means, such as talking to people in the organization. A social engineering attack may occur over the phone, over email, or in person. The intent is to acquire access information, such as user IDs and passwords.

Your company's website has been hit by a DDoS attack, coming from several hundred different IP addresses simultaneously. What type of attack did the hacker run first to enable this DDoS attack? A. Brute forcing B. Zero-day attack C. Zombie/botnet D. Noncompliant system

C. Software running on infected computers called zombies is often known as a botnet. Bots, by themselves, are but a form of software that runs automatically and autonomously and are not harmful. Botnet, however, has come to be the word used to describe malicious software running on a zombie and under the control of a bot-herder. Denial of service attacks—DoS and DDoS—can be launched by botnets, as can many forms of adware, spyware, and spam (via spambots).

You are planning security protocols for your company's new server room. What's the simplest way to help keep potential attackers away from your servers? A. Install a mantrap. B. Use cable locks. C. Lock the doors. D. Implement biometrics.

C. Sometimes the obvious solutions are the best ones! A key aspect of access control involves physical barriers. One of the easiest ways to prevent those intent on creating problems from physically entering your environment is to lock your doors and keep them out.

Software was installed on a laptop without the user's knowledge. The software has been tracking the user's keystrokes and has transmitted the user's credit card information to an attacker. What type of threat is this? A. Zombie/botnet B. Spoofing C. Spyware D. Ransomware

C. Spyware differs from other malware in that it works—often actively—on behalf of a third party. Rather than selfreplicating, like viruses and worms, spyware is spread to machines by users who inadvertently ask for it. The users often don't know they have asked for it but have done so by downloading other programs, visiting infected sites, and so on. The spyware program monitors the user's activity and responds by offering unsolicited pop-up advertisements (sometimes known as adware), gathers information about the user to pass on to marketers, or intercepts personal data such as credit card numbers.

Several employees at your company have been tailgating to gain access to secure areas. Which of the following security methods is the best choice for stopping this practice? A. Lock doors B. Entry control roster C. Mantrap D. ID badges

C. Tailgating refers to being so close to someone when they enter a building that you are able to come in right behind them without needing to use a key, a card, or any other security device. Using mantraps, which are devices such as small rooms that limit access to one or a few individuals, is a great way to stop tailgating.

A user needs to download a new video card driver for her HP laptop. She finds the driver on the HP site and asks if she can download it. The HP site is an example of what? A. Part of an access control list B. An authenticator website C. A trusted software source D. An untrusted software source

C. There are trusted software sources that you know and work with all the time (such as Microsoft or HP) and there are untrusted sources, and you should differentiate between them. Don't use or let your users use untrusted software sources. Generally, common sense can be your guide.

You are planning a wireless network for a small office. Which of the following is a good rule of thumb when considering access point placement? A. Place them in walls or ceilings for protection. B. Place them near metal objects so the signal will reflect better. C. Place them in the center of the network area. D. Place them at the edge of the network area and focus them in the proper direction.

C. There isn't any one universal solution to wireless access point placement; it depends a lot on the environment. As a general rule, the greater the distance the signal must travel, the more it will attenuate, but you can lose a signal quickly in a short space as well if the building materials reflect or absorb it. You should try to avoid placing access points near metal (which includes appliances) or near the ground. They should be placed in the center of the area to be served and high enough to get around most obstacles. Note that of all current 802.11 standards, only 802.11ac offers directional antennae. All other standards are omnidirectional, meaning that the signal transmits in all directions.

You are disposing of used hard drives, and a network administrator recommends performing a low-level format. What is the difference between a low-level format and a standard format? A. Low-level formats are performed at the factory, and standard formats are performed using the format command. B. Standard formats are performed at the factory, and low-level formats are performed using the format command. C. A low-level format records the tracks and marks the start of each sector on each track. A standard format creates the file allocation table and root directory. D. A standard format records the tracks and marks the start of each sector on each track. A low-level format creates the file allocation table and root directory.

C. What is known as a low-level format now is drastically different than it was years ago. The intent is the same, though, and that is to erase all data on the hard drive so it's not recoverable. Technically, the low-level format needs to happen first. Think of it as laying out walls for a building. Once the walls are laid out, the standard format can come along and decide what goes where.

On the Internet, you get a news flash that the developer of one of your core applications found a security flaw. They will issue a patch for it in two days. Before you can install the patch, it's clear that the flaw has been exploited and someone has illegally accessed your network. What type of attack is this? A. Zombie/botnet B. Noncompliant system C. Zero-day attack D. Brute forcing

C. When a hole is found in a web browser or other software and attackers begin exploiting it the very day it is discovered by the developer (bypassing the one- to two-day response time that many software providers need to put out a patch once the hole has been found), it is known as a zero-day attack (or exploit).

You have just transformed a Windows workgroup into a small domain and are configuring user accounts. Which of the following is considered a best practice for managing user account security? A. Require every user to log on as a Guest user. B. Allow all users Read and Write access to all server files. C. Follow the principle of least privilege. D. Place all user accounts in the Power Users group.

C. When assigning user permissions, follow the principle of least privilege; give users only the bare minimum that they need to do their job. Assign permissions to groups rather than users, and make users member of groups (or remove them from groups) as they change roles or positions.

A new user named Jelica has joined your company as a network administrator. Which of the following statements is most correct regarding her network access? A. She should have just one user account, with administrator-level permissions. B. She should have just one user account, with standard user-level permissions. C. She should have two user accounts, one with user-level permissions and one with administrator-level permissions. D. She should have thee user accounts, one with user-level permissions, one with administrator-level permissions, and one with remote access administrator-permissions.

C. When creating user accounts, follow the principle of least privilege: give users only the permissions they need to do their work and no more. This is especially true with administrators. Users who need administrative-level permissions should be assigned two accounts: one for performing nonadministrative, day-to-day tasks and the other to be used only when performing administrative tasks that specifically require an administrative-level user account. Those users should be educated on how each of the accounts should be used.

Priscila is working at a Windows 8.1 workstation, formatted with NTFS. She is a member of the Dev group and the Ops group. The Dev group has Read access to the projects folder, and the Ops group has Write access. What is Priscila's effective permissions for the projects folder? A. Full Control B. Read C. Read and Write D. No access

C. When users are granted NTFS permissions from multiple groups, their effective permissions are cumulative, or the most liberal of the permissions assigned. In this case, Write also gives the ability to Read; therefore, the user has both.

You read an article on the Internet about a hacker who bragged about creating a program that can try to log in by guessing one million passwords per second. What type of attack is he attempting? A. Dictionary attack B. Zombie/botnet C. Phishing D. Brute forcing

D. A brute-force attack is an attempt to guess passwords until a successful guess occurs. Because of the nature of this attack, it usually occurs over a long period of time, but automated programs can do it quickly. In this situation, you might have been tempted to choose a dictionary attack, but the defining characteristic of those attacks is the use of common words, which was not part of this question. (Brute force can be combined with dictionary attacks as well.)

You have been instructed to destroy several old hard drives that contained confidential information, so you take them to a local company that specializes in this process. The IT director wants confirmation that the drives were properly destroyed. What do you need to provide him with? A. Hard drive fragments B. Photos of the destroyed hard drives C. A notarized letter from the disposal company D. A certificate of destruction

D. A certificate of destruction (or certificate of recycling) may be required for audit purposes. Such a certificate, usually issued by the organization carrying out the destruction, is intended to verify that the asset was properly destroyed and usually includes serial numbers, type of destruction done, and so on.

Which type of digital security is designed to protect your network from malicious software programs? A. Firewall B. DLP C. VPN D. Anti-malware

D. Anti-malware software will help protect computers from malicious programs. Typically, anti-malware does everything that antivirus software does as well as identifying threats beyond just viruses. A lot of anti-malware software is marketed as antivirus software.

You are creating a BYOD policy for mobile phones at your company. Which of the following are typically included in such a policy? A. Limits of proper use and authorized users B. Limits of proper use, authorized users, and software and security requirements C. Limits of proper use, authorized users, software and security requirements, and procedures for termination of employment D. Limits of proper use, authorized users, software and security requirements, procedures for termination of employment, and reimbursement policies

D. BYOD policies are becoming more common in corporate environments. Be sure to have a policy in place to clearly spell out security requirements and user expectations before the employee brings their own device. Most companies require the employee to sign the agreement to acknowledge that they have read and understand it.

Which type of digital security method would you use if you wanted to monitor who is using data and transmitting it on the network? A. VPN B. Firewall C. Access control system D. DLP

D. Data loss prevention (DLP) systems monitor the contents of systems (workstations, servers, and networks) to make sure that key content is not deleted or removed. They also monitor who is using the data (looking for unauthorized access) and transmitting the data. DLP systems share commonalities with network intrusion prevention systems.

You are configuring a router for a small office network. The network users should be able to access regular and secure websites and send and receive email. Those are the only connections allowed to the Internet. Which security precaution should you take to prevent additional traffic from coming through the router? A. Enable MAC filtering. B. Enable content filtering. C. Enable port forwarding/mapping. D. Disable ports.

D. Disable all unneeded protocols/ports. In this case, ports 80 and 443 are needed for HTTP and HTTPS access, and ports 25, 110, and 143 may be needed for email. That's it. If you don't need them, remove the additional protocols, software, or services or prevent them (disable them, or block them, as the setting is typically called on a router) from loading. Ports not in use present an open door for an attacker to enter.

Venkat wants to encrypt a few files on the NTFS volume on his Windows 7 workstation. He does not have administrative rights to the computer. Which of the following statements is correct? A. He can't encrypt files without administrative rights. B. He can use BitLocker. C. He can use BitLocker To Go. D. He can use EFS.

D. Encrypting File System (EFS) is available in most editions of Windows, and it allows for encryption/decryption of files stored in NTFS volumes. All users can use EFS, whereas only administrators can turn on BitLocker. It does not require any special hardware, while BitLocker benefits from having the Trusted Platform Module (TPM). As an additional distinction, EFS can encrypt just one file, if so desired, while BitLocker encrypts the whole volume and whatever is stored on it.

Which type of security solution generally functions as a packet filter and can perform stateful inspection? A. VPN B. DLP C. Antivirus/anti-malware D. Firewall

D. Firewalls are among the first lines of defense in a network. The basic purpose of a firewall is to isolate one network from another. Firewalls function as one or more of the following: packet filter, proxy firewall, or stateful inspection firewall.

You have a Windows 7 workstation with one volume, C:, that is formatted with FAT32. What is the easiest way to enable this volume to have file- and folder-level security permissions? A. Reformat the volume with NTFS and restore all of the data from backup. B. Enable file and folder permissions in System Properties. C. At a command prompt, type reformat c: /fs:ntfs. D. At a command prompt, type convert c: /fs:ntfs.

D. If you're using FAT32 and want to change to NTFS, the convert utility will allow you to do so. For example, to change the E: drive to NTFS, the command is convert e: /FS:NTFS.

You have a Windows domain network and want to ensure that users are required to maintain strong passwords. What is the best way to implement this on the network? A. Use a firewall. B. Use a VPN. C. Use DLP. D. Use Group Policy.

D. In a Windows domain, password policies can be configured at the domain level using Group Policy objects. Variables that you can configure include password complexity and length and the time between allowed changes to passwords.

Which type of security device displays a randomly generated code that the user enters for access to computer resources? A. ID badge B. RFID badge C. Smart card D. Key fob

D. Key fobs are named after the chains that used to hold pocket watches to clothes. They are security devices that you carry with you; they display a randomly generated code that you can then use for authentication. This code usually changes very quickly (every 60 seconds is probably the average), and you combine this code with your PIN for authentication. RSA is one of the most well-known vendors of key fobs. These may also be called security tokens.

Dianne is typing her password in to her workstation and notices her co-worker Todd hovering nearby. When she glances up at him, it appears as though he was watching her type, and he quickly looks away. What is this an example of? A. Phishing B. Spoofing C. Tailgating D. Shoulder surfing

D. One form of social engineering is shoulder surfing, and it involves nothing more than watching someone when they enter their sensitive data. They can see you entering a password, typing in a credit card number, or entering any other pertinent information. The best defense against this type of attack is simply to survey your environment before entering personal data.

Someone has placed an unauthorized wireless router on your network and configured it with the same SSID as your network. Users can access the network through that router, even though it's not supposed to be there. What type of security threat could this lead to? A. Zombie/botnet B. Spoofing C. Noncompliant system D. Man-in-the-middle

D. Placing an unauthorized router with a seemingly legitimate configuration is specifically known as an evil twin. Those can lead to man-in-the-middle attacks, which involve clandestinely placing something (such as a piece of software or a rogue router) between a server and the user, and neither the server's administrator nor the user is aware of it. The man-inthe-middle intercepts data and then sends the information to the server as if nothing is wrong. The man-in-the-middle software may be recording information for someone to view later, altering it, or in some other way compromising the security of your system and session.

Which type of malware will attempt to hide itself by encrypting parts of itself, therefore changing its signature, to avoid detection? A. Retrovirus B. Stealth virus C. Phage virus D. Polymorphic virus

D. Polymorphic (literally, many forms) viruses change form to avoid detection. These types of viruses attack your system, display a message on your computer, and delete files on your system. The virus will attempt to hide from your antivirus software. Frequently, the virus will encrypt parts of itself to avoid detection. When the virus does this, it's referred to as mutation. The mutation process makes it hard for antivirus software to detect common characteristics of the virus.

Jennie uses her security badge to enter the building through a secured door. Tim tries to enter the building behind her before the door closes, without swiping a badge. What type of behavior is Tim demonstrating? A. Shoulder surfing B. Man-in-the-middle C. Brute force D. Tailgating

D. Tailgating refers to being so close to someone when they enter a building that you are able to come in right behind them without needing to use a key, a card, or any other security device. Using mantraps, which are devices such as small rooms that limit access to one or a few individuals, is a great way to stop tailgating. Revolving doors can also help prevent tailgating.

You want to grant LaCrea the ability to change permissions for others on the Equity folder, which is on an NTFS volume. Which level of NTFS permission do you need to grant her? A. Modify B. Read & Execute C. Change Permissions D. Full Control

D. The Full Control permission gives the user all the other permissions and the ability to change permissions for others. The user can also take ownership of the directory or any of its contents. There is no Change Permissions standard NTFS permission.

You have created a user account for a contract employee, who will be with the company for one month. Which user group should this user's account be placed in? A. Power Users B. Administrators C. Standard Users D. Guest

D. The Guest account is created by default (and should be disabled) and is a member of the Guests group. For the most part, members of Guests have the same rights as Users except they can't get to log files. The best reason to make users members of the Guests group is to access the system only for a limited time. There is no group named Standard Users by default. There is a Users group, Administrators, Power Users, Guests, and a few others.

You are setting up a wireless router for a small office. They want to set up the network so only specific computers are allowed to join, and they will provide you with a list. What can you enable to achieve this? A. WPS B. Static IP addresses C. Port mapping D. MAC filtering

D. When MAC filtering is used, the administrator compiles a list of the MAC addresses associated with the users' computers and enters them. When a client attempts to connect, an additional check of the MAC address is performed. If the address appears in the list, the client is allowed to join; otherwise, they are forbidden from so doing. Many consider this a form of security, but when used by itself, it's pretty weak. Someone with a packet sniffer could spoof a MAC address and join the network.

You have just installed a Windows 8.1 workstation. For better security, which user account should you disable? A. Default User B. Administrator C. Power User D. Guest

D. When Windows is installed, one of the default accounts it creates is Guest, and this represents a weakness that can be exploited by an attacker. While the account cannot do much, it can provide initial access to a system, and the attacker can use that to find another account or acquire sensitive information about the system. To secure the system, disable all accounts that are not needed, especially the Guest account.

Which of the following types of security threats are generally not detectable by anti-malware software and consequently difficult to stop? A. Ransomware B. Trojans C. Rootkits D. Zero-day attack

D. When a hole is found in a web browser or other software and attackers begin exploiting it the very day it is discovered by the developer (bypassing the one- to two-day response time that many software providers need to put out a patch once the hole has been found), it is known as a zero-day attack (or exploit). Because the vulnerability is so new, developers have not had a chance to patch the issue, and anti-malware software will not yet be updated to detect the attack signature.

On a Windows 7 workstation, there is one volume formatted with NTFS. The Developers group has Modify access to the C:\dev directory. You copy the folder to the C:\operations folder, to which the Developers group has Read access. What level of permissions will the Developers group have to the new C:\operations\dev directory? A. Full Control B. Modify C. Read & Execute D. Read

D. When copying a file or folder on NTFS volumes, the new file or folder will inherit its permissions from its new parent folder. The old permissions will be discarded.

Luana is a member of the Dev group and the HR group. She is trying to access a local resource on an NTFS volume. The HR group has Allow Full Control permission for the payroll folder, and the Dev group has Deny Read permission for the same folder. What is Luana's effective access to the payroll folder? A. Full Control B. Read C. Write D. No access

D. When there are conflicting NTFS permissions, generally they are combined, and the most liberal is granted. The exception to that is when there is an explicit Deny. That overrides any allowed permissions.