TESTOUT : 14.1 Security Best Practices
Match each incident detection method on the left with the appropriate description on the right. (Each method may be selected more than once.) Drag Passive Active Proactive Drop 1. An organization looks for existing security flaws in their system. 2. A network intrusion detection system (IDS) detects malicious traffic. 3. A technician performing maintenance on a computer discovers prohibited content. 4. A device or practice helps determine how and why a security incident occurred.
1. Proactive 2. Active 3. Passive 4. Passive
Which of the following does Windows use to manage and enforce what a user is authorized to access? Answer Soft token Multi-factor authentication Certificate Manager Access control list
Access control list
You have just created an account for your web browser, and you want to be able to access the bookmarks you create on your home laptop with the same web browser on your company workstation. Which of the following can you use to make these bookmarks accessible on both computers? Answer Pop-up blocker Private Browsing Mode Data cache clearing Browser synchronization
Browser synchronization
What should be created when you destroy a hard drive? Answer Outsourcing Record Record of Format Certificate of Destruction Chain of Custody
Certificate of Destruction
Which of the following would be a reason to outsource hard drive destruction? Answer Required COD Availability of low-level formatting Against the law to do it internally Cost of special equipment
Cost of special equipment
You want to set up a service on your company network that can be configured with a list of valid websites. The service should give employees a certificate warning if they try to visit a version of an untrusted site. Which of the following services is designed to provide this functionality? Answer Extensions Hashing DNS server DHCP server
DNS server
Which hard drive destruction method uses a strong magnetic pulse to destroy data? Answer Disk shredder Incineration Drilling Degaussing
Degaussing
One of the Windows workstations you manage has three user accounts defined on it. Two of the users are Limited users, while the third (your account) is an Administrative user. Each Limited and Administrative user has been assigned a strong password. File and folder permissions have been assigned to prevent users from accessing each other's files. Which of the following would MOST likely increase this system's security? (Select two.) Answer Enable the Guest account. Change the two Limited user accounts to Restricted users. Assign each user a simple password so that they won't be tempted to write it down. Disable Autorun on the system. Set a screen saver password.
Disable Autorun on the system. Set a screen saver password.
A technician was able to stop a security attack on a user's computer. Which of the following actions should be performed FIRST when conducting the subsequent forensic investigation? Answer Turn off the system. Document what is on the screen. Remove the hard drive. Stop all running processes.
Document what is on the screen.
Which of the following hard drive destruction methods only works with mechanical hard drives? Answer Low-level format Disk shredder Incineration Drilling
Drilling
You have just visited a website on your mobile device when your web browser locks up, and you receive a warning that your device has a virus. You are given a phone number to call to remove the virus. Which of the following describes the type of malware symptom that you are MOST likely experiencing? Answer Connectivity issue Spoofed application False security warning Increased data usage
False security warning
You have accepted a position working in a local hospital's IT department. Which of the following government regulations would be the most important for the hospital to be in compliance with? Answer GDPR FERPA PCI DSS HIPAA
HIPAA
Which of the following are risks of implementing a BYOD policy? (Select three.) Answer Increased productivity Lower costs Work flexibility Data leakage Employee satisfaction Improper disposal
Number of different devices Improper disposal Data leakage
Which of the following is a form of attack that tricks victims into providing confidential information, such as identity information or logon credentials, through emails or websites that impersonate an online entity that the victim trusts, such as a financial institution or well-known e-commerce site? Answer Social engineering Impersonation Evil twin attack Phishing
Phishing
Which authentication category does a username and password fall under? Answer Soft token Something you are Something you have Something you know
Something you know
Which of the following is a program that appears to be a legitimate application, utility, game, or screen saver, but performs malicious activities surreptitiously? Answer Ransomware Trojan horse Scareware Worm
Trojan horse
What do you call a system that has no anti-malware or firewall installed? Answer Unpatched Unprotected End-of-life Compliant
Unprotected
You have five salespeople who work out of your office and who frequently leave their laptops laying on their desks in their cubicles. You are concerned that someone might walk by and take one of these laptops. Which of the following is the BEST protection method to address your concerns? Answer Require strong passwords in the Local Security Policy. Implement screen saver passwords. Encrypt all company data on the hard drives. Use cable locks to chain the laptops to the desks.
Use cable locks to chain the laptops to the desks.
Which of the following proxy server roles allows users to connect to the internet anonymously with their data encrypted during transmission? Answer Sharing Internet Connections Firewall VPN Caching
VPN
Which of the following attacks exploits a vulnerability in software that has not been discovered by the developer? Answer XSS attack Brute force attack Insider threat Zero-day attack
Zero-day attack
You want to configure a Windows workstation with your network proxy server's IP address from Control Panel using the Internet Properties window. Click on the tab in the Internet Properties window that you would use to do this.
connections
You connect your computer to a wireless network available at the local library. You find that you cannot access several websites on the internet. Which of the following is the MOST likely cause of this problem? Answer The router has not been configured to perform port forwarding. A proxy server is filtering access to websites. A firewall is blocking ports 80 and 443. Port triggering is redirecting traffic to the wrong IP address.
A proxy server is filtering access to websites.
Which of the following provides a set of rules that specify which types of network traffic are allowed through a firewall? Answer Circuit-layer gateway Application-level gateway ACL Packet filtering
ACL
Which type of file is commonly used by trusted websites to create installation software for mobile devices? Answer EXE file SYS file APK file BAT file
APK file --APK files. These files have signatures on them that only allow the vendor to install software on the manufacturers' devices. ---A BAT file is a DOS batch file used to execute commands within Windows Command Prompt (cmd.exe). A BAT file is not used for mobile devices. ---An EXE file is an executable program that you can run in Microsoft Windows. It includes either Windows applications or application installers. It is not used for mobile devices. ---A SYS file is a system file used by Windows to store system settings, variables, and functions to run the operating system.
While reviewing video files from your organization's security cameras, you notice a suspicious person using piggybacking to gain access to your building. The individual in question did not have a security badge. Which of the following security measures would you MOST likely implement to keep this from happening in the future? Answer Cable locks Door locks with card readers Access control vestibule Lo-jack recovery service
Access control vestibule
While browsing the internet, you notice that your browser displays pop-ups containing advertisements that are related to recent keyword searches that you have performed. Which of the following is this an example of? Answer Worm Trojan Grayware Adware
Adware
Which type of DoS attack exhausts the target's resources by overloading a specific program or service? Answer Amplification Distributed Protocol Application layer
Application layer --The goal of an Application layer DoS is to exhaust the target's resources by overloading a specific program or service. --A distributed DoS attack uses multiple computers to generate the necessary traffic. --A protocol DoS targets different protocols, such as TCP flags, to overload a network device, such as a firewall. --An amplification DoS attack consumes the bandwidth between the target server and the internet, effectively cutting off the target.
which of the following processes is used to prove a user's identity? Answer Logical security Certificate Manager Authorization Authentication
Authentication
Which of the following is an example of a soft token? Answer Smart card USB security device Key fob Correct Answer: Authentication app
Authentication app Explanation --A soft token is any digital authentication key that is used to authenticate a user. Of these options, only the authentication app is a soft token, since an authentication app is a digital app on a phone or tablet. All the other options are examples of hard tokens, which are hardware devices that authenticate users.
Which of the following is an important aspect of evidence gathering in response to a security incident? Answer Monitor user access to compromised systems. Restore damaged data from backup media. Purge transaction logs. Back up all log files and audit trails.
Back up all log files and audit trails.
Which Windows feature can you use to encrypt a hard drive volume? Answer BitLocker to Go BitLocker NTFS EFS
BitLocker --BitLocker was introduced in Windows Vista and is used to encrypt an entire volume (not just individual files and folders). BitLocker is designed to protect all data on a volume, even if the hard drive is moved to another computer. --BitLocker to Go is used to encrypt USB drives (not a hard drive volume). --Encrypting File System (EFS) is a component of the NTFS file system that allows file encryption. EFS is not a Windows feature that is used to encrypt a hard drive volume. ---NTFS is the file system that is used in modern Windows operating systems. It is not a Windows feature that is used to encrypt a hard drive volume.
Which of the following functions are performed by proxy servers? (Select two.) Answer Block employees from accessing certain websites. Cache web pages. Store client files. Block unwanted packets from entering your private network. Filter unwanted email.
Block employees from accessing certain websites. Cache web pages.
Which of the following proxy server roles stores frequently accesses data so that a user's request never has to leave the network for retrieval? Answer Sharing Internet Connections VPN Firewall Caching
Caching
What is issued to a website in order for it to be validated as a trusted website? Answer DNS Extension Hash code Certificate authority
Certificate authority
Which of the following identifies who had possession of a hard drive and for how long before it was actually destroyed? Answer Certificate of Destruction Chain of Custody Outsourcing Record Record of Format
Chain of Custody
As part of the response to a security incident on your company network, you have been asked to draft a document related to evidence gathering that contains details about personnel in possession and control of evidence from the time of discovery up to the time of presentation in court. Which document have been asked to draft? Answer Chain of custody FIPS-140 Rules of evidence CPS (Certificate Practice Statement)
Chain of custody --The chain of custody is a document related to evidence gathering that contains details about personnel in possession and control of evidence from the time of discovery up to the time of presentation in court. --- CPS (Certificate Practice Statement) is a document written by a certificate authority that outlines certificate handling, management, and administrative procedures. ---FIPS-140 is a government standard that defines procedures, hardware, and software that can be employed when performing forensic cybercrime investigations. ---Rules of evidence are the restrictions that must be adhered to in order to ensure the admissibility of collected evidence in court.
Which of the following is a firewall type that scans network traffic based on TCP or UDP transmission? Answer Application-level gateway Circuit-layer gateway Packet filtering Access control list
Circuit-layer gateway --A circuit-layer gateway scans network traffic based on TCP or UDP transmission. If the transmission is detected as legitimate, the packet is granted access while the link remains established. ---Packet filtering is one of the most common types of firewalls. It scans all packets and reads the source and destination IP addresses along with port numbers. Then, based on the ACL, the firewall rejects any packet that does not belong to that network. ---An application-level gateway monitors packet contents. Each packet has information about what application can use that data. The ACL then dictates whether that data is denied or allowed on the network. ---An access control list (ACL) is not a type of firewall. It is a set of rules utilized by the firewall to filter network traffic.
While browsing the internet, you notice that your browser performance is continually slowing down. Which of the following would MOST likely increase the overall performance of your web browser? Answer Enable a pop-up blocker. Clear the data cache. Switch to Private Browsing Mode. Synchronize your web browser data.
Clear the data cache.
Which of the following are the FIRST settings you should check if you suspect that a malware attack has impacted your internet connection? (Select two.) Answer Internet Connection Sharing settings VPN settings DNS settings BIOS settings Proxy settings
DNS settings Proxy settings --adjusting the proxy settings can redirect the user to another location where the attacker can then integrate penetration tools to find vulnerabilities. A DNS server can be reconfigured to take a user outside the network and on to a similar web page.
You have been tasked with removing malware from an infected system. You have confirmed that there is an infection, and you continue running scans and removing the malware, but every time the system is rebooted, the malware comes back. Which of the following should you do to help prevent this from happening? Answer Disable Windows System Restore Use a different anti-malware program Quarantine the system Boot into Safe Mode
Disable Windows System Restore ---in the remediation process is to disable Windows System Restore. Many malware programs embed copies of themselves in the System Restore files so that if the computer is rebooted or a System Restore is attempted, the malware simply reinfects the machine. By disabling System Restore, the malware copy is removed and should not be able to reinfect the system. Malware scans should be done in Safe Mode, but booting into ---Safe Mode will not prevent the malware from reinfecting the system upon a reboot. ---Quarantining the system will not prevent the malware from reinfecting the system upon a reboot. --Using a different anti-malware program does not solve this problem.
One of the Windows workstations you manage has four user accounts defined on it. Two of the users are Limited users, while the third (your account) is an Administrative user. The fourth account is the Guest user account, which has been enabled to allow management employees convenient workstation access. Each Limited and Administrative user has been assigned a strong password. File and folder permissions have been assigned to prevent users from accessing each other's files. Autorun has also been disabled on the system. Which of the following actions is MOST likely to increase this system's security? Answer Enable Autorun on the system. Change the two Limited user accounts to Administrative users. Disable the Guest account. Change your user account to a Limited user.
Disable the Guest account.
You are an IT technician for your company. Vivian, an employee, has been receiving error messages, indicating that some of her Windows system files are corrupt or missing. To fix this issue, you ran the Windows System File Checker tool (SFC.exe). Shortly after the files were repaired, Vivian called again because she is still having the same issue. You now suspect that a corruption or a renaming of the system files is being caused by malware. Which of the following is the FIRST step you should take to remove any malware on the system? Answer Disable System Restore. Back up Vivian's critical files and perform a clean install of Windows. Perform a scan using anti-malware software. Disconnect Vivian's computer from the network.
Disconnect Vivian's computer from the network.
Which of the following keeps track of various network devices while ensuring that the software is secure? Answer All-in-one security appliance Syslog server Endpoint management server Firewall
Endpoint management server
At company headquarters, several employees are having issues with their Wi-Fi access suddenly dropping and then reconnecting to the same wireless network. You decide to investigate and determine that someone has set up a rogue access point near company headquarters and is using it to capture sensitive data from the company network. Which type of social engineering attack is being used? Answer Phishing Evil twin Eavesdropping Impersonation
Evil twin --An evil twin attack involves an attacker setting up a rogue Wi-Fi access point, using a jamming or disassociation attack to knock users off the legitimate network, and then having users reconnect to the rogue access point in order to gain access to sensitive data.
You have been hired to help assess the security of your client's organization. During your assessment, you have found a rogue wireless access point that is configured to look identical to the legitimate wireless network. Which of the following attacks was MOST likely being carried out? Answer Evil twin attack HTTPS spoofing Session hijacking DNS spoofing
Evil twin attack
the principal of a private school, you have discovered that an office assistant has shared a student's home address with an unauthorized individual. Which of the following regulations is your school in violation of? Answer FERPA CCPA HIPAA SOX
FERPA--Family Educational Rights and Privacy Act, defines who student records can be shared with --The school would not be in violation of Health Insurance Portability and Accounting Act (HIPAA) medical regulations, as your school is not a primary health care provider. ---The California Consumer Privacy Act (CCPA) allows California citizens to have control over the personal information that businesses collect on them. Your school would not be in violation of the CCPA in this scenario. ---The Sarbanes-Oxley Act (SOX) applies to any company that is publicly traded and regulates how financial records are maintained and secured. Your school would not be in violation of SOX in this scenario.
You are trying to connect from outside the company network to a server inside the company network using RDP (Remote Desktop Connection). However, the connection is failing. Which network device does your network administrator MOST likely need to configure to allow this connection? Answer Switch Access point Hub Firewall
Firewall --A firewall filters network traffic based on a set of rules (ACL). The network administrator most likely needs to configure the company's network firewall to allow RDP traffic. --A switch maintains a table of MAC addresses by port and forwards network frames to only the port that matches the MAC address. ---An access point grants Wi-Fi access to a network. ---A hub transmits a data frame to every port except the port that received the data frame.
For some time now, you have been using an application on your Windows 11 computer at home and while in the office. This application communicates with the internet. Today, your team lead decides to have a special team meeting at a local hotel. During this meeting, you obtain access to the internet using the hotel's network, but when you try to run your application, it cannot communicate with the internet. Which of the following Windows settings is MOST likely causing this behavior? Answer Windows permissions Bluetooth & devices Firewall & security Network & internet
Firewall & security
As a network administrator for your company, you want to set up a network device that manages traffic leaving and entering your network from the outside. Which of the following would BEST meet your requirements? Answer Content filter VPN Reverse proxy server Forward proxy server
Forward proxy server ---A forward proxy server manages traffic leaving and entering your network from the outside. ---A reverse proxy server is placed between the servers and client machines internally to monitor traffic between them. ---A content filter is a role of a proxy server that is designed to block traffic by regulating incoming and outgoing connection requests. This prevents users from accessing websites they shouldn't have access to. ---A VPN (or website proxy) allows users to connect to the internet anonymously. All data is encrypted, and not even the ISP can see the contents of the traffic.
Which of the following statements is true regarding hard tokens? Answer Hard tokens are inexpensive to implement. Hard tokens provide protection even if they are lost or stolen. Hard tokens provide a higher level of security. Hard tokens are easy to replace if they are lost or stolen.
Hard tokens provide a higher level of security.
Which of the following password manager features converts a password into a jumbled string of symbols and letters before storing it in the account? Answer Cloud access Hashing Two-factor authentication Extensions
Hashing
Which of the following should you perform when disposing of a computer? Answer High-level format of the hard drive. Lock the hard drive in storage. Run the motherboard through a shredder. Document the Chain of Custody.
High-level format of the hard drive. --the process of setting up an empty file system on a disk partition or a logical volume and for PCs, installing a boot sector. This is often a fast operation, and is sometimes referred to as quick formatting. Data can also be recovered using special software.
Which formatting method leaves data on a drive in a state that can be recovered using special software? Answer Low-level formatting Full format High-level formatting Deep format
High-level formatting --the process of setting up an empty file system on a disk partition or a logical volume and for PCs, installing a boot sector. This is often a fast operation, and is sometimes referred to as quick formatting.
Two employees are unable to access any websites on the internet, but they can still access servers on the local network, including those residing on other subnets. Other employees are not experiencing the same problem. Which of the following actions would BEST resolve this issue? Answer Identify the filter settings on the proxy server for specific internet sites. Identify the proxy server name and port number in Internet Options. Reconfigure the clients to send all traffic directly to the ISP, bypassing the proxy server. Use ipconfig to confirm that APIPA has not assigned an IP address.
Identify the proxy server name and port number in Internet Options.
Which of the following are common symptoms of a compromised mobile device? (Select two.) Answer An increase in junk email Increased data usage Wi-Fi spoofing Connectivity issues Screen flickering
Increased data usage connectivity issues
You would like to control internet access based on user, time of day, and websites visited. Which of the following actions would BEST meet your criteria? Answer Configure each system's Local Security Policy to add access restrictions based on time of day and content. Configure internet zones using Internet Options. Install a proxy server. Allow internet access only through the proxy server. Configure a packet-filtering firewall. Add rules to allow or deny access based on time of day and content. Enable Windows Firewall on each system. Add or remove exceptions to control access based on time of day and content.
Install a proxy server. Allow internet access only through the proxy server.
You have been hired to evaluate a client's building security. In your walkthrough, you notice the following: A high fence is installed around the property. Security cameras are installed on all buildings. The parking lot has light poles installed in all areas. Vehicles are able to drive straight to the building entrance itself. Which of the following would you MOST likely recommend that your client do to increase security based on this information? Answer Install barbed wire on the fence. Install bollards. Upgrade the security cameras to a better quality option. Upgrade the light poles to LED lights.
Install bollards. --Bollards should be installed to prevent vehicles from driving straight to the building entrance. Bollards are metal poles that are secured into the ground to prevent vehicle access. Bollards should be placed near the front of any building to prevent vehicles from getting too close.
You have been hired to evaluate a client's building security. In your walkthrough, you notice the following: All pieces of equipment have cable locks installed. Server racks are locked and have alarms. The WAP for the guest Wi-Fi is located on the receptionist's desk. Biometric locks are installed on high security rooms. Which of the following would you MOST likely recommend that your client do to increase security based on this information? Answer Upgrade the equipment cable locks. Install biometric locks on the server racks. Install the WAP on the ceiling or inside of a special locked box. Replace the biometric locks with standard locks.
Install the WAP on the ceiling or inside of a special locked box.
Which of the following all-in-one security appliance (UTM) functions detects intrusions and alerts the network but does not block traffic? Answer Intrusion detection VPN Anti-spam Intrusion protection
Intrusion detection
Which of the following should you do FIRST when you suspect a malware infection? Answer Investigate and verify the malware symptoms. Quarantine the infected system. Run a deep malware scan. Disable Windows System Restore.
Investigate and verify the malware symptoms.
Which of the following is an issue with using an adblocker extension on your web browser? Answer It can prevent the web browser from retaining password information. It can cause certain sites and browsers to no longer work on specific web pages. It can be a security risk to your stored password information. It can prevent you from synchronizing bookmarks from one computer to the next.
It can cause certain sites and browsers to no longer work on specific web pages.
Which of the following describes spyware? Answer It is a program that attempts to damage a computer system and replicate itself to other computer systems. It is a malicious program that is disguised as legitimate software. It monitors the actions of a user and then sends pop-up ads to the user that match their tastes. It monitors the actions you take on your machine and sends the information back to the originating source.
It monitors the actions you take on your machine and sends the information back to the originating sourc
Which mobile device vulnerability results in a user unlocking all of a mobile device's features and capabilities? Answer An APK signature Spoofed application Jailbreaking Developer Mode
Jailbreaking
Which of the following can be paired with a motion sensor to improve security? Answer Door lock Cable lock Magnetometer Lights
Lights
hich formatting method is done by the manufacturer to write new sectors and tracks to a hard drive? Answer Deep format Low-level formatting Full format High-level formatting
Low-level formatting --A low-level format writes new sectors and tracks to the drive and is typically done by the manufacturer when the drive is first assembled. When performing a low-level format, the sectors and tracks are recreated, and all empty space is filled with zeroes. --A high-level format is performed using the tools in the operating system. This method removes the pointers to files, but the data remains on the drive itself and can be recovered using special software. --Full or deep formats are not valid format types.
Which of the following should be installed inside the entrance to the building to prevent weapons or unauthorized equipment being brought into the building? Answer Access control vestibule Badge reader Magnetometer Cable lock
Magnetometer
Which of the following are the most common means of virus distribution? (Select two.) Answer Malicious websites Floppy disks Email Music files from the internet Commercial software CDs
Malicious websites Email
Which of the following must be included in a hard drive's Certificate of Destruction? Answer Name of security administrator Method of destruction Location of destruction Cost of destruction
Method of destruction
Which of the following should you implement to monitor and manage the risks of a BYOD policy? Answer Security management Mobile application management Mobile device management Bring Your Own Device
Mobile device management
Your company has recently implemented a BYOD policy. To protect the network, users must install an app on their devices that allows the security administrator to enforce the security policies. Which of the following is this an example of? Answer Mobile device management Certificate Manager Access control list Soft token
Mobile device management
You are working at the local hospital in the IT department. You have just received a promotion to junior network technician. Part of your new role involves troubleshooting network communication issues. Which of the following user groups should your account be added to? Answer Remote Desktop Users Network Configuration Operator Administrator Cryptographic Operator
Network Configuration Operator
fter a malware infection has been fully remediated, you should re-enable System Restore and run a full system backup. Which of the following is the BEST place to save this backup? Answer On the main hard drive on your computer On an external drive In the cloud On the secondary drive on your computer
On an external drive
You want to be able to access your home computer using Remote Desktop while traveling. You enable Remote Desktop, but you find that you cannot access your computer outside of your home network. Which of the following is the BEST solution to your problem? Answer Move your home computer outside of the firewall. Open the firewall port for the Remote Desktop protocol. Configure a VPN connection to your computer. Open the Telnet and SSH ports in your firewall.
Open the firewall port for the Remote Desktop protocol.
Which of the following authentication combinations is an example of multi-factor authentication? Answer Smart card and one-time code Fingerprint and retinal scan Username and password PIN and authentication app
PIN and authentication app
Which of the following is a type of firewall? Answer FTP hosting Packet filtering Packet rearranging Protocol converting Encrypting
Packet filtering ---FTP hosting is a storage space for storing files associated with an FTP server. ---Encrypting involves converting data from a readable format into an encoded format. ---Packet rearranging (or reordering) is an issue with packets arriving at a destination in the wrong order. ---Protocol converting enables the protocol of a sending device to be recognized by a receiving device that might be using a different communication protocol.
You have been hired to evaluate your client's building security. In your walkthrough, you notice the following:A high fence is installed around the property.Visitors are able to enter the building and are checked in by a receptionist.Security cameras are installed on all buildings.Server racks are locked and have alarms. Which of the following would you MOST likely recommend that your client do to increase security based on this information? Answer Install biometric locks on all server racks. Place a security guard at the entrance gate with an access list to control who comes on the property. Upgrade the security cameras. Install barbed wire around the top of the fence.
Place a security guard at the entrance gate with an access list to control who comes on the property.
While browsing the internet, you are constantly being bombarded by small advertisements with links attached to the web page. Which of the following can you use to prevent these advertisements from appearing? Answer Pop-up blocker Data cache clearing Private Browsing Mode Browser synchronization
Pop-up blocker
You have been hired to assess a client's security. During your testing, you discover that users have access to other departments' files. Which of the following should you recommend that the company implement? Answer Mobile device management Principle of least privilege Certificate Manager Bring Your Own Device
Principle of least privilege
During an airline flight, a laptop user makes last-minute changes to a presentation that contains sensitive company information. Which of the following would make it difficult for other passengers to view this information on the laptop display? Answer Mantrap Privacy filter Smart card Cable lock
Privacy filter
While browsing the internet, you want to make sure that the browser you are using does not store your search history, cookies, or password information. Which of the following can you enable to prevent this from happening? Answer Pop-up blocker Private Browsing Mode Data cache clearing Browser synchronization
Private Browsing Mode
An after-school care center allows children to browse the internet. They want to limit the websites that the children can access. Which of the following network hosts would MOST likely provide this service? Answer Print server DHCP server Web server Proxy server
Proxy server
Which of the following should you do immediately after a malware infection is confirmed? Answer Disable Windows System Restore. Quarantine the infected system. Run a deep malware scan. Boot to a Windows Pre-installation Environment (WinPE).
Quarantine the infected system.
Which of the following are likely symptoms of a malware infection? (Select two.) Answer Renamed system files. Changed file permissions. Receipts of phishing emails in your inbox. Operating system updates that were installed without your knowledge. Cookies placed by a recently visited website.
Renamed system files. Changed file permissions. --Common symptoms of a malware infection include the following: Slow computer performance Internet connectivity issues Operating system lockups Windows update failures Renamed system files Disappearing files Changed file permissions Access denied errors --Cookies are commonly placed by legitimate websites and aren't considered a major security threat.
You are assisting the security administrator and discover that a user was logged in to their workstation after hours. After further investigation, you discover that the user's account was compromised, and someone used the account to steal sensitive data. Which of the following could have BEST prevented this from happening? Answer Implement a password reset policy. Require a stronger password. Restrict the user's login times to work hours only. Implement a screen saver lock.
Restrict the user's login times to work hours only.
As a network administrator for your company, you want to set up a network device that manages internal traffic between servers and clients. Which of the following would BEST meet your requirements? Answer Forward proxy server Content filter VPN Reverse proxy server
Reverse proxy server --A reverse proxy server is placed between the servers and client machines internally to monitor traffic between them. ---A forward proxy server manages traffic that is leaving and entering the network from the outside. ---A content filter is a role of a proxy server that is designed to block traffic by regulating incoming and outgoing connection requests. This prevents users from accessing websites they shouldn't have access to. ---A VPN (or website proxy) allows users to connect to the internet anonymously. All data is encrypted, and not even the ISP can see the contents of the traffic.
While browsing the internet, a pop-up browser window comes up, warning you that your system is infected with a virus. You are directed to click a link to remove the virus. Which of the following are the BEST next actions to take? (Select two.) Answer Run a full system scan using the anti-malware software installed on your system. Click on the link provided to scan for and remove the virus. Use an online search engine to learn how to manually remove the virus. Close the pop-up window and ignore the warning. Update the virus definitions for your locally installed anti-malware software.
Run a full system scan using the anti-malware software installed on your system. Update the virus definitions for your locally installed anti-malware software.
You have been hired to investigate a recent cybersecurity attack. You have discovered that the attacker was able to send commands to the server using the login fields and steal user credentials from the database. Which of the following attacks was your client MOST likely the victim of? Answer Cross-site scripting Brute force SQL injection On-path
SQL injection ---SQL is the most common database language and is used by most websites. All sorts of sensitive data, such as user credentials, are stored in these databases. If the SQL database is not properly configured, an attacker can input SQL commands into text fields on a website to gain access to the data. The attacker can steal, edit, or even destroy the data contained in the database. ----A cross-site scripting (XSS) attack takes advantage of improperly configured input fields on the website. The attacker can hide malicious code inside of a legitimate input field and send it to the server. If the server processes the request, the malicious code will also be processed and carry out the attack. ---An XSS attack is not used to gain access to the database. In an on-path attack, the hacker places themselves between two devices and intercepts all communications. It is not used to gain access to the database. ----In a brute force attack, the attacker attempts to guess the password by using a cracking tool that submits every possible letter, number, and symbol combination in a short amount of time. This attack is not used to gain access to the database.
You work for a company that offers their services through the internet. It is critical that your website performs well. As a member of the IT technician staff, you receive a call from a fellow employee who informs you that customers are complaining that they can't access your website. After doing a little research, you have determined that you are a victim of a denial-of-service attack. As a first responder, which of the following is the next step you need to perform in response to the security incident? Answer Identify the issue further. Eradicate the issue. Secure the affected system. Investigate how the attack occurred.
Secure the affected system.
A security technician is conducting a forensic analysis. Which of the following actions is MOST likely to destroy critical evidence? Answer Restricting physical access to the system Copying the contents of memory to removable media Shutting down the system Disconnecting the system from the network
Shutting down the system
Which of the following is a risk associated with using a web browser password manager? Answer Web browser password managers cannot store complex passwords. You are limited to the number of passwords you can store in a web browser password manager. Passwords stored in the password manager may not work on newer web pages. Signing in with the browser password gives a hacker control over all passwords stored on the browser.
Signing in with the browser password gives a hacker control over all passwords stored on the browser.
Which of the following is an example of personal, government-issued information? Answer Social security number Credit score Healthcare records Student records
Social security number
An employee calls to complain that their browser keeps opening up to a strange search engine page, and a toolbar has been added to their browser. Which of the following malware issues are MOST likely causing the problem? Answer Software issues Internet setting issues Altered file issues Internet connectivity issues
Software issues
You are working as a junior network technician at the local hospital. The security administrator has just finished rolling out a new security policy that requires users to log in to workstations using a fingerprint scanner. Which authentication category does this fall under? Answer Something you are Something you know Soft token Something you have
Something you are
A security incident is currently occurring on your company's network. You discover that the attack involves a computer system that is attached to the network. You are unsure what kind of damage is being done to the network systems or data. Which of the following actions should you take FIRST? Answer Determine whether you have the expertise to conduct an investigation or whether you need to call in additional help. Document and photograph the entire crime scene, including the current state of the attached computer system. Stop the attack and contain the damage by disconnecting the system from the network. Examine the active computer system to analyze the live network connection, memory contents, and running programs.
Stop the attack and contain the damage by disconnecting the system from the network.
Which of the following BEST describes authorization? Answer The resources that a user can access. The policy of allowing employees to use their own devices for work purposes. The process of giving users access to only the resources they need. The process of verifying a user's identity.
The resources that a user can access.
You are a security consultant and have been hired to evaluate an organization's physical security practices. All employees must pass through a locked door to enter the main work area. Access is restricted using a biometric fingerprint lock. A receptionist is located next to a locked door in the reception area. They use an iPad application to log any security events that may occur. They also use their iPad to complete work tasks as assigned by the organization's CEO. Network jacks are provided in the reception area so that employees and vendors can access the company network for work-related purposes. Users within the secured work area have been trained to lock their workstations if they will be leaving them for any period of time. Which of the following recommendations are you MOST likely to make to this organization to increase their security? (Select two.) Answer Replace the biometric locks with smart cards. Train the receptionist to keep their iPad in a locked drawer when not in use. Disable the network jacks in the reception area. Move the receptionist's desk to the secured area. Require users to use screen saver passwords.
Train the receptionist to keep their iPad in a locked drawer when not in use. Disable the network jacks in the reception area.
Which database encryption method can you use to encrypt data at rest? Answer Application-level encryption Transparent data encryption Trusted Platform Module Column-level encryption
Transparent data encryption --Transparent data encryption (TDE) encrypts the entire database and all backups. TDE encrypts data at rest, which is data that is not currently being used. --Column-level encryption allows the administrator to encrypt each column separately. This method does not encrypt data at rest. ---application-level encryption, the program that was used to create or modify the data is responsible for encrypting the data as well. This method does not encrypt data at rest. ---A Trusted Platform Module (TPM) chip is built onto a motherboard and generates and stores encryption keys to protect boot files. The TPM chip does not encrypt data at rest.
Anna, a user, downloaded a free PDF editing application from the internet. Now her laptop constantly displays desktop pop-ups, and several applications don't start. Which of the following types of malware was Anna the victim of? Answer Worm Social engineering Spyware Trojan
Trojan
Your company is creating a financial application that you want to first test on mobile devices. Several customers have asked to be part of the beta testing process. What do the employees need to do on their mobile devices in order to be able to participate in the beta test? Answer Enable authentication on their mobile devices. Jailbreak their mobile devices. Install and use a password manager. Turn on Developer Mode.
Turn on Developer Mode
You have logged into your banking website using a password, but now the website indicates that it sent you an email with a confirmation code that you need to retrieve and enter before you can continue to access the website. Which of the following security measures is being used? Answer Hash code Two-factor authentication Certificate authority Extensions
Two-factor authentication
A malicious person calls an employee from a cell phone. She tells the employee that she is the vice president over the accounting department in the employee's company. She relates that she has forgotten her password and demands that the employee give her his password so that she can access the reports she needs for an upcoming presentation. She threatens to fire the employee if he does not comply. Which of the following BEST describes the type of attack that just occurred? Answer Vishing Eavesdropping Phishing Tailgating
Vishing --Vishing involves an attacker convincing authorized personnel over the phone to grant them access to protected information by pretending to be someone who is authorized and/or requires that access. Often, the attacker poses as a member of senior management. A sense of urgency is typically fabricated to motivate the user to act quickly.
You are troubleshooting a malware infection. As part of the remediation process, you have used a USB drive to boot into a lightweight version of Windows. Which of the following did you MOST likely boot into? Answer WinPE Safe Mode Sheep dip computer System Restore
WinPE --you have most likely booted into a WinPE environment. A Windows Pre-Installation environment (WinPE) is a lightweight version of Windows that boots from a USB drive and is typically used to help deploy Windows in an enterprise environment or to troubleshoot Windows issues. ---Safe Mode boots Windows with the minimal drivers and applications. Safe Mode is not what was described in this scenario. ---System Restore is used to roll Windows back to a previous image. System Restore is not what was described in this scenario. ---A sheep dip computer is a special computer that is used for malware analysis and remediation. A sheep dip computer is not what was described in this scenario.
A local dentist has contracted with you to implement a network in her new office. Because of security concerns related to patient privacy laws, she has asked that the new network meet the following criteria and be cost effective: No one from the internet should be able to access her internal network. Email messages should be scanned for spam, phishing attacks, and malware before they reach users' workstations. Employees access to non-work-related websites, especially sites that contain inappropriate content, should be blocked. A system should be put in place to detect and prevent external attacks on her network. Which of the following would BEST meet your client's criteria? Answer Implement an intrusion prevention system (IPS). Implement an email security appliance. Implement a firewall. Implement a content filter. Implement an all-in-one UTM security appliance.
implement an all-in-one UTM security appliance.
In which of the following situations should you install a firewall? Answer You want internet users to see a single IP address when accessing your company network. You want to implement a password system for internet users who access your private website. You want to improve internet performance by saving popular websites locally. You want to restrict internet users from accessing private data on your network.
you want to restrict internet users from accessing private data on your network.