Unit 12
1.Provides a high-level overview of the organization's security program. 2.Defines an employee's rights to use company property 3.Identifies the requirements for credentials used to authenticate to company-owned systems 4.Identifies a set of rules or standards that define personal behaviors 5.Sets expectations for user privacy when using company resources 6. Specfies that user accounts should be locked after a certain number of failed login attempts
1.Organizational Security policy 2.Acceptable use policy 3.Password policy 4.Code of ethics 5.Acceptable use policy 6.Password policy
What is a cookie?
A file saved on your hard drive that tracks Web site preferences and use
You are configuring the local security policy of a Windows system. You want to require users to create passwords that are at least 10 characters long. You also want to prevent logon after three unsuccessful logon attempts. Which policies should you configure?
Account lockout threshold Minimum password length
While browsing the Internet, you notice that your browser displays pop-ups containing advertisements that are related to recent keyword searches you have performed.
Adware
Which security practice is an example of the Principle of Least Privilege?
All users on a Windows workstation are limited users except for one user who is responsible for maintaining the system.
You want to configure your computer so that a password is required before the operating system will load.
Configure a user password in the BIOS/UEFI
Which of the following functions are performed by the TPM?
Create a hash based on installed system copmonets
You just bought a new notebook. This system uses UEFI firmware and comes with Windows 10 preinstalled. However, you want to use Linux on this system. You download your favorite distribution and install it on the system, removing all Windows partitions on the hard disk in the process. When the installation is complete, you find that the operating system won't load when the system is rebooted. What should you do?
Disable SecureBoot in the UEFI configureation
Your client has hired you to evaluate their wired network security posture. As you tour their facility, you note the following: -Server systems are kept in a locked server room. -User accounts on desktop systems have strong passwords assigned. -A locked door is used to control access to the work area. Users must use ID badges to enter the area. -Users connect their personal mobile devices to their computers using USB cables. -Users work in three 8-hour shifts per day. Each computer is shared by three users. Each user has a limited account on the computer they use. Based on this information, what should you recommend your client do to increase security?
Disable the USB ports in user's workstations
One of the Windows workstations you manage has four user accounts defined on it. Two of the users are limited users while the third (your account) is an administrative user. The fourth account is the Guest user account, which has been enabled to allow management employees convenient workstation access. Each limited and administrative user has been assigned a strong password. File and folder permissions have been assigned to prevent users from accessing each other's files. Autorun has been disabled on the system. What should you do to increase the security of this system?
Disable the guest account
After installing new software a few days ago, your DVD drive tray randomly began to open and close. Today, you were called into your boss's office to discuss why you are calling 900 numbers while at work. Which type of malware would create these symptoms?
Grayware
You are configuring the local security policy of a Windows system. You want to prevent users from reusing old passwords. You also want to force them to use a new password for at least 5 days before changing it again. Which policies should you configure? (Select two.)
Minimum password age Enforce password history
You need to enable a screen saver password on the Windows workstations in your organization. Which Control Panel option should you use to do this?
Personaliztion
Several users have forwarded you an e-mail stating that your company's health insurance provider has just launched a new web site for all employees. To access the site they are told in the e-mail to click a link and provide their personal information. Upon investigation, you discover that your company's health insurance provider did not send this e-mail.
Phishing
Which of the following is a form of attack that tricks victims into providing confidential information, such as identity information or logon credentials, through emails or Websites that impersonate an online entity that the victim trusts, such as a financial institution or well-known e-commerce site?
Phising
You have purchased new computers and will be disposing of your old computers. These computers were previously used for storing highly-sensitive customer order information, including credit card numbers.
Physically destroy the hard drives with a hammer
The chain of custody is used for what purposes?
Retaining evidence integrity by identifying people coming into contact with evidence
Which of the following security technologies stores identification information in either a magnetic strip, radio frequency transmitter, or hardware contacts to authorize access to a computer?
Smart card
An intruder waits near an organization's secured entrance until an employee approaches the entrance and unlocks it with a security badge. The intruder falls in line behind the employee, who assumes the intruder is another employee and holds the door open for her.
Tailgating
You just bought a new computer. This system uses UEFI firmware and comes with Windows 10 preinstalled. You recently accessed the manufacturer's support website and saw that a UEFI firmware update has been released. You download the update. However, when you try to install the update, an error message is displayed indicating the digital signature on the update file is invalid. Why did this happen?
The update file has been tampered with
Which of the following is not a form of biometrics?
Token device
Which of the following components, used with BitLocker, is a special hardware chip included on the computer motherboard that contains software in firmware that generates and stores cryptographic keys. ?
Trusted Platform Module (TPM)
You manage two computers with the following user accounts: -Wrk1 has user accounts Mary and Admin. The Mary account does not have a password set; the Admin account does. -Wrk2 has user accounts Mary and Julia. The Mary account has a password set; the Julia account does not. You are working from Wrk2 and would like to access a shared folder on Wrk1. What credentials should you use to access the shared folder?
Type Admin for the username and specify the password
While trying to log on, a user accidentally typed the wrong password three times, and now the system is locked because he entered too many incorrect passwords. He still remembers his password, but he just typed it wrong. He needs access as quickly as possible. What should you do?
Unlock the account
What is the best countermeasure against social engineering?
User awareness training
Which of the following is the most common form of authentication?
Username and password
Which of the following is an important aspect of evidence gathering?
Backing up all log files and audit trails
You want a security solution that protects the entire hard drive, preventing access even when it is moved to another system. Which solution would you choose?
BitLocker
You have been asked to draft a document related to evidence gathering that contains details about personnel in possession and control of evidence from the time of discovery up through the time of presentation in court.
Chain of custody
Which of the following would indicate when a system case cover is removed?
Chassis intrusion detection
Following Windows installation, you enabled the built-in Administrator account. You remove the password for this account. You enable Remote Desktop on your computer using the default settings. From home, you try to access your computer using Remote Desktop using the Administrator account, but you are unable to log on. What should you do?
Configure a password for the Administrator account
To tightly control the anti-malware settings on your computer, you elect to update the signature file manually. Even though you vigilantly update the signature file, the machine becomes infected with a new type of malware.
Configure the software to automatically download the definition file updates as soon as they become available
You have just installed anti-malware software on all computers on your company's network. Which additional actions should you take to help protect systems from malicious software? (Select two.)
Configure the software to automatically update its definition files Train users to scan removable storage devices before copying files
You are a security consultant and have been hired to evaluate an organization's physical security practices. All employees must pass through a locked door to enter the main work area. Access is restricted using a biometric fingerprint lock. A receptionist is located next to the locked door in the reception area. She uses an iPad application to log any security events that may occur. She also uses her iPad to complete work tasks as assigned by the organization's CEO. Network jacks are provided in the reception area such that employees and vendors can access the company network for work-related purposes. Users within the secured work area have been trained to lock their workstations if they will be leaving them for any period of time. What recommendations would you make to this organization to increase their security
Disable the network jacks in the reception area Train the reception to keep her iPad in a locked drawer when not in use
When conducting a forensic investigation, and assuming that the attack has been stopped, which of the following actions should you perform first?
Document what's on the screen
You have installed anti-malware software on a computer that only you use. You want to protect the computer from files that you download from the Internet. What should you do next to make sure that there aren't any existing files on your system that are infected?
Download the latest definition files Run a full scan
Which of the following are examples of social engineering?
Dumpster dicing Shoulder surfing
Which of the following security solutions would prevent a user from reading a file which she did not create?
EFS
Which of the following actions directly improves system security on Windows systems?
Enable the windows firewall Install anti-malware software
Which type of biometric authentication uses the ridges of your skin?
Fingerprint
Which of the following security measures is a form of biometrics?
Fingerprint scanner
Which TCP/IP protocol is a secure form of HTTP that uses SSL as a sublayer for security?
HTTPS
Which of the following are common forms of social engineering attack?
Hoax virus information e-mails
What do biometrics use to perform authentication of identity?
Human characteristics
Which of the following protocols establish a secure connection and encrypt data for a VPN?
IPSec PPTP L2TP
Which of the following best describes spyware?
It monitors the actions you take on your machine and sends the information back to its originating source.
What are the most common means of virus distribution?
Malicious web sites E-mail
While reviewing video files from your organization's security cameras, you notice a suspicious person using piggy-backing to gain access to your building. The individual in question did not have a security badge.
Mantraps
A malicious person calls an employee from a cell phone. She tells the employee that she is the vice president over the Accounting department in the employee's company. She relates that she has forgotten her password demands that the employee give her his password so that she can access the reports she needs for an upcoming presentation. She threatens to fire the employee if he does not comply.
Masquerading
You have purchased a used computer from a computer liquidator. When you boot the computer, you find that there has been a password set on the BIOS. You need to clear the password so that you can edit the CMOS settings. What should you do?
Move the motherboard jumper
You are responsible for disposing of several old workstations formerly used by accountants in your organization's Finance department. Before being shipped to a computer recycler, you decide to make sure any old data on the hard drives is erased. To do this, you use the Windows XP Installation CDs that came with these systems to delete all partitions from the hard drives. Have you properly prepared theses systems for disposal?
No, you should use disk wiping software to fully erase the drives
A user within your organization received an email relating how an account containing a large sum of money has been frozen by the government of a small African nation. The user was offered a 25% share of this account if she would help the sender transfer it to a bank in the United States. The user responded to the sender and was instructed to send her bank account number so that it could be used to facilitate the transfer. She complied, and then the sender used the information to drain her bank account.
Phishing
While running a full system scan using your anti-malware software, three files have been identified as possible problems. You want to keep the files intact so you can review them later, but you also need to ensure they can't harm anything else on your computer. What action should you take?
Quarantine the files
The immediate preservation of evidence is paramount when conducting a forensic analysis. What will destroy critical evidence
Rebooting the system
You provide desktop support at the branch office of a bank. One of the Windows workstations you manage is used by a bank employee to set up new customer accounts and fill out customer loan applications. Each user account on the system has been assigned a strong password. A cable lock has been installed to prevent it from being stolen.
Remove the optical drive Disable all USB ports in the BIOS/UEFI firmware configuration
One of the Windows workstations you manage has three user accounts defined on it. Two of the users are limited users while the third (your account) is an administrative user. Each limited and administrative user has been assigned a strong password. File and folder permissions have been assigned to prevent users from accessing each other's files. What else could you do to increase the security of this system?
Set screensaver password Disable autorun on the system
A user is trying to log into her notebook computer. She enters the correct password for her user account, but the system won't let her authenticate, claiming the wrong password has been entered. What's causing the problem?
She has enabled Numb Lock, causing numbers to sent from the keyboard instead of letters
You have a set of DVD-RW discs that have been used to archive files for your latest development project. You need to dispose of the discs. Which of the following methods should you use to best prevent extracting data from the discs?
Shredding
Which type of malicious activity can be described as numerous unwanted and unsolicited e-mail messages sent to a wide range of victims?
Spamming
A security incident is currently occurring on the company network. You discover that the attack involves a computer system that is attached to the network. You're not sure yet exactly what kind of damage is being done to the network systems or data. What action should you take first?
Stop the attack and contain the damage by disconnecting the system from the network.
A VPN is used primary for what purpose?
Support secured communications over an untrusted network
You are a security consultant and an organization has hired you to review their security measures. They are chiefly concerned that they could become the victim of a social engineering attack.
Teach users how to recognize and respond to social engineering attacks
Which security measure can be used to generate and store cryptographic keys?
Trusted Platform Module (TPM)
You have 5 salespersons who work out of your office and who frequently leave their laptops laying on their desk in their cubicles. You are concerned that someone might walk by and take one of these laptops. Which of the following is the best protection to implement to address your concerns?
Use cable locks to chain the laptops to the desks
You have purchased new computers and will be disposing of your old computers. Instead of recycling the computers, you decide to resell them by placing an ad on the Internet. These computers were previously used for storing sensitive information. What should you do prior to getting rid of the computers?
Use data wiping software to clear the hard drives
Which of the following wireless security methods uses a common shared key configured on the wireless access point and all wireless clients?
WEP, WPA Personal, and WPA2 Personal
Which of the following provides security for wireless networks?
WPA2
Which of the following forms of networking is highly susceptible to eavesdropping (data interception) and must be secured accordingly?
Wireless
Which of the following is an example of a strong password?
a8bT11$yi
Which are examples of a strong password?
il0ve2EatIceCr3am TuxP3nguinsRn0v3l
You provide desktop support at the branch office of a bank. One of the Windows workstations you manage is used by a bank employee to set up new customer accounts and fill out customer loan applications. Each user account on the system has been assigned a strong password. File and folder permissions have been assigned to prevent users from accessing each other's files. What else could you do to increase the security of this system?
install a privacy filter on the monitor Secure the system to the desk with a cable lock
