B.3.6 FC0-U61 Domain 6: Security Study Set
A system engineer is helping to design new security measures for company headquarters. Which of the following authentication factors could be included as a solution for Type 2 (something you have) authentication? (Select two.)
A fob, A physical location
Which of the following are examples of impersonation social engineering tactics? (Select two.)
A hacker uses TCP session hijacking to trick a server. A hacker pretends to be a member of senior management to gain access to a system.
You have authenticated to your company network, checked your current time-off balance, and entered a ticket to request an external hard drive for your company laptop computer. However, when you try to delete an image of an old company logo from the marketing site, you receive an error message that you are not authorized to perform this action. Which of the following is the MOST likely reason for the error message?
A network access control list only grants you rights to view the file.
Which of the following are examples of event logging? (Select two.)
A network keeping track of a user signing in and out of an account., A web browser storing visited URLs in its history.
Meredith is a medical office manager for a clinic and is training a new employee in handling highly sensitive information. Which of the following could Meredith use as examples of high-level information that should not be shared? (Select two.)
A patient's medical record, Clinic employees' home addresses
Which of the following will improve the security of sensitive information on your device if it is lost or stolen? (Select all that apply.)
A screen lock Remote wipe Locator applications
Which of the following scenarios is an example of using a software token for security authorization?
A smartphone app generates a code used for authentication to the company intranet website.
As a system administrator, you are trying to keep track of who does what on the company network. Which of the following describes this access control process?
Accounting
Which of the following helps a system administrator ensure that users cannot deny having performed an action on the network by tracking computer and network events?
Accounting logs
Which of the following should be done to protect your identity when creating a social media profile?
Always review and set privacy settings.
Which of the following describes a Man-in-the-Middle attack?
An attacker intercepts communications between two network hosts by impersonating each host.
Which of the following are common risks of using social media? (Select two.)
Anonymity can lead some people to post harmful comments., Online information that you post is difficult to remove.
Which of the following is the BEST solution to secure your computer against viruses, spyware, and adware?
Anti-malware software
Which of the following components of a successful access control framework is the process of proving that you are who you say you are?
Authentication
Which of the following are legitimate sources for obtaining software installation files for a device? (Select three.)
Authorized resellers Google Play store Merchant app stores
What do biometrics use to perform authentication of identity?
Biological attributes
Which of the following is an advantage to using biometric scanners over hardware tokens?
Biometric scanners are harder to fool than hardware tokens.
Martin just purchased a new computer and wants to surf the web. He is afraid his new computer may get infected by automatically installing viruses. What should he do to protect his computer?
Change browser settings to notify before downloading.
As a systems engineer, which of the following is the BEST way to secure a new wireless access point or router that you have just installed?
Change the device's default password.
A system administrator needs to update a printer driver on the few remaining Windows 7 company laptops. Microsoft no longer offers support for Windows 7, so the administrator has found a third-party website with the driver available for download. Which of the following should the administrator do before downloading and installing the driver? (Select two.)
Check online forums for others who have tried installing the driver., Search for references from others on the website's validity.
Joe, a bookkeeper, works in a cubicle environment and is often called away from his desk. Joe doesn't want to sign out of his computer each time he leaves. Which of the following are the BEST solutions for securing Joe's workstation? (Select two).
Configure the screen lock to be applied after a short period of non-use., Configure the screen saver to require a password.
Why is it better to use a credit card than a debit card for online purchases?
Credit cards have better fraud protection
A federal government agency is working on updating their employee handbook to specifically cover employee internet usage. Which of the following are topics that should be covered under this section in the handbook? (Select three.)
Data protection, Workplace surveillance, Social media and email
A systems engineer is maintaining a large network. A critical financial application service is down, and the issue has been escalated to the engineer. They've discovered that the network server hard disk from which the service is running has failed. Which of the following would help the systems engineer make sure that this is not an issue in the future?
Data redundancy
Mark received an email from a software company claiming his account will be disabled soon. The email contains several spelling errors, an attachment, and states he should open the attachment for further instructions. What should Mark do?
Delete the email without opening the attachment.
Ted, an employee in the Sales department has asked a coworker, Ann, in the Production department to update the product descriptions contained in a Sales document. Ann can open the file but, after making changes, can't save the file. Which of the following digital security methods is MOST likely preventing this?
Directory permission
Ryan has a Google Docs account and has created a family history spreadsheet to manage important family dates (such as birthdays and anniversaries). He has given full access to the spreadsheet to several family members to keep the information updated. Which of the following BEST describes this type of access model?
Discretionary access control
Which digital communication medium consists of top-level posts with threads of response posts?
Discussion board
A systems engineer has discovered an attack on the network, which is threatening to shut down a web service by overloading it with bogus requests. The attacker is using bot malware to enlist compromised systems (called zombies) to remotely manipulate them. Which of the following is the threat being utilized by the attacker?
Distributed denial-of-service attack
Maintaining confidentiality in the workplace is important for building and maintaining trust and for ensuring an open and honest communication between customers, clients, and employees. Which of the following threatens data confidentiality?
Dumpster diving
Which of the following are examples of social engineering? (Select two.)
Dumpster diving, Shoulder surfing
An IT administrator is informed by a security consultant that an attacker is capturing data being transmitted over the company network's wired connections. Which of the following confidentiality concerns describes the security threat that is happening?
Eavesdropping
Employees complain to the company IT division that they are spending considerable time and effort discarding unwanted junk email. Which of the following should be implemented?
Email filtering
Samantha is being cyber-bullied by someone who is spreading lies about her involvement in a failed business. Which of the following are recommended actions that Samantha should take to help diffuse the situation? (Select two.)
Encourage friends and relatives to ignore the bullying. Respond to the bully in a calm, clear, and constructive manner.
Social engineering attacks use deception to gain personal and/or private information. Which of the following are examples of social engineering techniques? (Select three.)
Familiarity, Shoulder surfing, Dumpster diving
In which of the following situations should you expect total privacy?
Financial transactions
Which of the following security measures is a form of biometrics?
Fingerprint scanner
Which of the following would best prevent an unauthorized person from remotely accessing your computer?
Firewall
Which of the following is an advantage to using a hardware token over password authentication?
Hardware tokens need to be physically stolen or copied to be used.
Which of the following is a common form of social engineering attack?
Hoax virus information emails.
What are the two main types of firewall? (select two)
Host-based Firewall, Network Firewall
Using an administrator account, a company employee copies the personally identifiable information (PII) for several other employees. Using that information, the employee then opens up several credit card accounts to purchase expensive electronic equipment for personal use. Which of the following could have helped prevent the employee from opening up the credit card accounts?
Identity checks
You are the PC technician for a company. An employee has gone to a meeting while you fix the computer in her office. She accidentally left a report open next to her computer which states that a friend of yours in accounting will be submitted for review if their poor work performance continues. Which of the following is the BEST action to take?
Ignore the paper and tell no one of its contents.
Janet is a systems engineer who is helping to design and implement a secure network for a new company. She wants to make sure critical data is protected from unauthorized changes during and after transmission. Which of the following BEST describes Janet's concerns about making sure the critical data arrives intact and unaltered at its intended location on the network?
Integrity concerns
Which of the following are the BEST steps you can take to avoid having your mobile device exploited by a hacker or infected by a virus? (Select two.)
Keep the operating system up to date, Lock the screen with some form of authentication
Which of the following do cybercriminals frequently use to alter or compromise data integrity?
Malware attack
You recently charged $70 to one of your bank accounts, but the amount now appears as $700. Which of the following may have occurred?
Man-in-the-middle attack
Which of the following is an example of using security clearance levels to decide which users can access which network resources?
Mandatory access control
Which of the following BEST describes valuable data about your web browsing habits extracted by companies such as Facebook and Instagram for advertising purposes?
Metadata
After entering a user ID and password, an online banking user must enter a PIN that was sent as a text message to the user's mobile phone. Which of the following digital security methods is being used?
Multifactor authentication
Your company has surveillance cameras in your office, uses strong authentication protocols, and requires biometric factors for access control. These are all examples of what principle?
Non-repudiation
A business is requesting confidential information from a customer to complete an online transaction. Which of the following is the MOST important action the business should take as part of their information request?
Obtain permission from the customer to process and store the confidential information.
A system administrator is part of an IT team planning to install virtual private network (VPN) connection software on all company laptops and desktops. Which of the following is the MOST important precaution that should be taken before installing the software?
Obtain the installation files from a legitimate source.
Which of the following is the MOST effective way to store confidential company information?
On a company network hard drive as encrypted data
Personnel management policies provided by Human Resources contribute significantly to security in a company. Which of the following is the personnel management policy type that communicates the importance of security to employees?
Operation
Which of the following is the BEST place to find software updates?
Original equipment manufacturer (OEM) websites
Your company wants to use multifactor authentication. Which of the following would you most likely suggest?
PIN and smart card
Which of the following is the basic difference between a password and a passphrase?
Passphrases are longer than passwords and can include spaces.
As a systems administrator, you've received a Help ticket from an employee who wants to reset their password for the company's intranet site. Security policy requires that you confirm the employee's identity through a telephone call. Which type of security information could help you confirm the employee's identity over the phone?
Personally identifiable information (PII)
Which of the following are examples of Type 1 (something you know) identification? (Select two.)
Personally identifiable information (PII) Single-use passwords
In which of the following should you expect some privacy?
Personally identifiable information entered into a human resource database
A user within your organization received an email relating how an account containing a large sum of money has been frozen by the government of a small African nation. The user was offered a 25% share of this account if she would help the sender transfer it to a bank in the United States. The user responded to the sender and was instructed to send her bank account number so that it could be used to facilitate the transfer. She complied, and then the sender used the information to drain her bank account. What type of attack occurred?
Phishing
Joe, a user, receives an email from a popular video streaming website urging him to renew his membership. The email appears official, but Joe has never had a membership before. When Joe looks closer, he discovers that a hyperlink in the email points to a suspicious URL. Which of the following security threats does this describe?
Phishing
Which kind of online attack involves pretending to be a legitimate company to get sensitive information?
Phishing
Which of the following is a form of attack that tricks victims into providing confidential information, such as identity information or logon credentials, through emails or Websites that impersonate an online entity that the victim trusts, such as a financial institution or well-known e-commerce site?
Phishing
When protecting your online identity, which of the following is an internet security threat you need to be aware of?
Phishing attempts
A technician walks into the office with a UPS. What sort of threat will this device prepare a system for?
Power outage
A technician assists Joe, an employee in the Sales department, who needs access to the client database by granting Joe administrator privileges. Later, Joe discovers he has access to the salaries in the payroll database. Which of the following security practices was violated?
Principle of least privilege
As a system administrator, you are modifying access control lists to make sure that company employees are only given access to company resources that they need to do specific tasks. Which of the following BEST describes this process of limiting access rights?
Principle of least privilege
You are using your smartphone at work during a break to send personal email and social network messages. You are using the company-provided Wi-Fi to connect to the internet. Which of the following is the level of privacy you can expect from your company when you send private communications through the company network?
Private emails and messages may be stored and monitored.
In addition to having a good backup that can restore files that have been encrypted as a result of a ransomware attack, which of the following is one of the BEST ways to avoid being threatened to pay a ransom?
Protect confidential company information
Which of the following can be configured at the border of your network to control the flow of network traffic and protect systems from unauthorized network connections? (Select two.)
Proxy servers, Network firewalls
A user is unable to read their computer files. A pop-up explains that the files have been encrypted and gives instructions on how to purchase a decryption key. Which of the following BEST describes this malware?
Ransomware
Nora is a new employee in an international trading company. She works at company headquarters, which requires a security badge to enter the building. She sometimes sees individuals in the building who are not wearing a security badge. Which of the following is the MOST effective way to find out if this is an official, acceptable behavior?
Refer to the employee handbook for guidelines on wearing badges.
A user has purchased a new computer with several pre-installed software programs that are not needed. What is the BEST way to deal with the unwanted software?
Remove (uninstall) all unwanted software.
Rebecca has noticed that her new computer is beginning to run slower than when she first purchased it, especially when using business applications from her hard drive. Which of the following would be the BEST solution to help speed up the processing time on the new computer?
Remove (uninstall) any unnecessary software.
Which of the following access controls gives only backup administrators access to all servers on the network?
Role-based
You've just received an email message that indicates a new, serious malicious code threat is ravaging across the Internet. The message contains detailed information about the threat, its source code, and the damage it can inflict. The message states that you can easily detect whether or not you have already been a victim of this threat by the presence of three files in the \Windows\System32 folder. As a countermeasure, the message suggests that you delete these three files from your system to prevent further spread of the threat. Based on the email message, which of the following are the next BEST actions to complete? (Select two.)
Run a full anti-malware scan., Verify the information on well-known malicious code threat management Web sites.
Jacob, a systems engineer, is working with his team to upgrade user security on the company network. One of his concerns is compromising several employee services and websites at the same time. Which of the following authentication types could potentially cause this issue?
Single sign-on
Which of the following methods falls under Type 1 authentication?
Single-use passwords
Which of the following is not a form of biometrics?
Smart card
Jamie is a customer service representative with an office at company headquarters who often has confidential customer information displayed on her computer while editing customer accounts. When she leaves her office for a few minutes, she fails to make sure her computer screen is locked. Which of the following is the MOST likely data confidentiality threat for the customer information on Jamie's computer?
Snooping
You receive a call from a person who identifies himself as a technician at Microsoft. He says your computer is infected and needs to be cleaned. Which of the following is this phone call MOST likely an example of?
Social engineering
Dana is an IT administrator who is working on a company-wide initiative to address confidentiality concerns about secure information being revealed to unauthorized individuals. Which of the following would be topics on the team agenda? (Select two.)
Social engineering, Snooping
Unwanted, unsolicited emails containing advertisements, political rhetoric, hoaxes, or scams are collectively known as _________.
Spam
There are many social media platforms available today. What are the top two primary ways that social media platforms generate revenue? (Select two.)
Targeted ads Selling user-generated data to other companies
You are a security consultant and an organization has hired you to review their security measures. They are chiefly concerned that they could become the victim of a social engineering attack. Which of the following would you MOST likely recommend they do to mitigate the risk?
Teach users how to recognize and respond to social engineering attacks.
Anna, a user, downloaded a free pdf editing application from the internet. Now the laptop constantly displays desktop popups and several applications won't start. Anna was the victim of which of the following?
Trojan horse
Which of the following authentication types include security questions as a factor for providing security?
Type 1 authentication
A system administrator has Windows 10 running on all company laptops and desktops and is using Windows Defender as the default firewall on each individual computer system. However, the IT department has just purchased a third-party firewall to install and use on company laptops and desktops. Which of the following is a best practice that the system administrator should perform to make sure that the new third-party firewall works properly?
Uninstall Windows Defender to avoid conflicts.
Which of the following should you do on a regular basis to secure your device from cybercriminal attacks?
Update and patch your OS files, driver software, and firmware.
Human Resources and IT are looking for ways to minimize inappropriate internet usage at work without significantly increasing company costs. Which of the following actions would MOST closely meet the Human Resource and IT requirements?
Update the acceptable use policy and have employees agree to follow the policy guidelines.
You have purchased new computers and will be disposing of your old computers. Instead of recycling the computers, you decide to resell them by placing an ad on the Internet. These computers were previously used for storing sensitive information. To properly protect the accidental discovery of the company's sensitive information, which of the following steps MUST be completed prior to getting rid of the computers?
Use data wiping software to clear the hard drives
What is the best countermeasure against social engineering?
User awareness training
Adam is a marketing manager for a financial advisory firm and is sitting in an airport terminal waiting for a connecting flight. Adam is connected from his laptop to the free Wi-Fi service available in the terminal, has just finished a client's financial statement, and wants to upload it to a cloud-based company document storage server. Which of the following is the BEST solution for Adam to securely upload the file?
Wait until he has access to a secured network service before uploading the financial statement.
Which software is Microsoft's anti-malware product that is preinstalled on most new computers?
Windows Defender
Which application makes sure your computer has the most recent versions of its system software?
Windows Update
You work for a large company as the IT administrator. With the many external attacks being perpetrated in the form of security breaches being found in applications, you are concerned that your Windows 10 computers may be vulnerable. You also want to ensure that Windows is using the latest features. Which of the following would BEST protect your computers?
Windows updates
Your company is having issues with employees who write down their passwords on sticky notes, paper notepads, and other types of paper. Even though they're often hidden in drawers or behind computer equipment, it is still a high security risk for the company. As the managing IT administrator for your company, what is the BEST solution to reduce or eliminate this issue?
Work with Human Resources to provide security training.
A large number of compromised computers are infected with malware that allows an attacker (herder) to control them to spread email spam and launch denial-of-service attacks. Which of the following does this security threat describe?
Zombie/botnet
