CC6003 Digital Crime Investigation quiz 6, CC6003 Digital Crime Investigation quiz 4, Digital Crime Investigation quiz 5, CC6003 Digital Crime Investigation quiz 3, DCI Review Questions 2, DCOM258: Quiz6: Networking Protocols and Threats(Ch7)
Which of the following should be used to filter out activities such as instant messaging? A. IP proxy B. Application-level gateway C. Internet content filter D. Honeypot
C. Internet content filters are used to filter out activities such as instant messaging, email, and websites accessed. IP proxies are used to secure networks by keeping the computers behind it anonymous. Application-level gateways apply security mechanisms to specific applications. Honeypots are used to attract and trap potential attackers.
Which of the following can detect malicious packets and discard them? A. Proxy server B. NIDS C. NIPS D. PAT
C. NIPS, or a network intrusion prevention system, can detect and discard malicious packets. A NIDS only detects them and alerts the administrator. A proxy server acts as a go-between for clients sending data to systems on the Internet. PAT is a port-based address translation.
Which of the following is the best file system to use in Windows? A. FAT32 B. FAT C. NTFS D. FAT1639
C. NTFS is the best file system to use in Windows because it is more secure, enables logging, and enables larger partition sizes. You should consider converting FAT partitions to NTFS.
Which of the following port numbers is used by the Character Generator? A. 21 B. 7 C. 19 D. 53
C. Port 19 is used by the Character Generator (CHARGEN). Port 21 is used by FTP. Port 7 is used by echo. Port 53 is used by DNS.
To use the Lightweight Directory Access Protocol (LDAP) in a secure fashion, what port should be used? A. 443 B. 3389 C. 636 D. 389
C. Port 636 is used by Lightweight Directory Access Protocol (LDAP) over TLS/SSL. Port 443 is used by Hypertext Transfer Protocol Secure. Port 3389 is used by Remote Desktop Protocol. Port 389 is used by the standard Lightweight Directory Access Protocol.
What are Snort and Bro examples of? A. Firewalls B. Proxy servers C. IDS D. SPI
C. Snort and Bro are examples of IDS.
Which of the following should you include as general browser security practices? (Select the two best answers.) A. Use the latest browser. B. Use a proxy server. C. Train your users. D. Use multiple web browsers.
B and C. By using a proxy server, users are shielded from the Internet; the proxy server acts as a go-between for the user's web browser and the web server. Training your users is always a good idea to increase security. Using the latest browser is usually not a good idea, especially if updates have not been released for it. It's a good idea to use a single web browser platform for all the client computers. Multiple web browsers can cause confusion and can create a less secure environment.
Which of the following ranges comprise the well-known ports category? A. 1024-49,151 B. 0-1023 C. 49,152-65,535 D. 10.0.0.0-10.255.255.255
B. 0-1023 is the port range for the category called well-known ports. 1024-49,151 is the port range for the category known as registered ports. 49,152-65,535 is the port range for a dynamic and private ports. 10.0.0.0-10.255.255.255 is the range of private Class A IP addresses.
Which of the following occurs when an IDS identifies legitimate activity as something malicious? A. False-negative B. False-positive C. Monitoring positive D. Misidentification
B. A false positive is when an IDS identifies legitimate activity as something malicious. It is a type of misidentification. False negatives are when the IDS lets an attack intruder on the network thinking it is legitimate. Monitoring positive is another name for an event that was monitored that is known to be true, but this terminology is not often used when referring to an IDS.
Which of the following attacks uses a JavaScript image tag in an email? A. SQL injection B. Cross-site scripting C. Cross-site request forgery D. Directory traversal
B. Cross-site scripting (XSS) can be initiated on web forms or through email. It often uses JavaScript to accomplish its means. SQL injection is when code (SQL-based) is inserted into forms or databases. Cross-site request forgery (CSRF) is when a user's browser sends unauthorized commands to a website, without the user's consent. Directory traversal is when an attacker attempts to gain access to higher directories in an OS.
How can Internet Explorer be centrally managed for several computers? A. In the Advanced tab of the Internet Options dialog box B. By way of a group policy C. By creating an organizational unit D. In the Registry
B. Group policies can be used in a domain environment to centrally manage Internet Explorer running on multiple computers. The Internet Options dialog box in Internet Explorer enables a user to configure settings for that individual browser. Group policies should be linked to an organizational unit. The Registry can manage Internet Explorer for a single computer but no more than that.
Which of the following devices should you use to keep machines behind it anonymous? (Select the best answer.) A. Caching proxy B. IP proxy C. Circuit-level gateway D. Firewall
B. IP proxy secures a network by keeping the computers behind it anonymous. Caching proxies store HTTP or other information so that clients don't have to actually contact a remote server. Circuit-level gateways apply security mechanisms when connections are established; they are a type of filtering. Firewalls protects the LAN, and although some firewall devices include an IP proxy, they won't necessarily do so.
James has detected an intrusion in his company. What should he check first? A. DNS logs B. Firewall logs C. Event Viewer D. Performance logs
B. If there were an intrusion, the first thing you should check are the firewall logs. DNS logs in the event viewer and the performance logs will most likely not show intrusions to the company. The best place to look first is the firewall logs.
Which type of firewall filter can match incoming traffic to the corresponding outbound IP address connection by way of IP address and port? A. Packet filtering B. NAT filtering C. Application-level gateway D. Circuit-level gateway
B. NAT filtering matches incoming traffic to the corresponding outbound IP address connection. Packet filtering inspects each packet passing through the firewall and accepts or rejects it based on rules. Application-level gateways apply security mechanisms to specific applications. Circuit-level gateways apply security mechanisms whenever TCP or UDP connections are established.
Which of the following type of virus can change every time it is executed in an attempt to avoid antivirus detection? A. Macro B. Polymorphic C. Armored D. Boot sector
B. Polymorphic viruses can change every time they are executed. Macro-based viruses are usually placed in documents and then emailed to users. Armored viruses protect themselves from antivirus programs by tricking the program into thinking that they are located in a different place. Boot sector viruses load into the first sector of the hard drive; afterward, the virus loads into memory when the computer boots.
What is the most common port used when connecting an Internet Explorer browser to a proxy server for use with HTTP connections? A. 53 B. 80 C. 443 D. 21
B. Port 80 is the most common port used for making proxy connections to web servers. Port 53 is the port associated with DNS. Port 443 is associated with HTTPS. Port 21 is associated with FTP. Although Port 21 and Port 443 can be used when making proxy connections, Port 80 is by far the most common.
Which of the following can best be described as the exploitation of a computer session in an attempt to gain unauthorized access to data? A. DoS B. Session hijacking C. Null session D. Domain name kiting
B. Session hijacking is the exploitation of a computer session in an attempt to gain unauthorized access to data or other resources on a computer. DoS (denial-of-service) is any attack that attempts to make computer resources unavailable. A null session is a type of exploit that makes unauthenticated NetBIOS connections to a target computer. Domain name kiting is the process of deleting a domain name during a five-day grace period.63
8. Which one of the following navigational paths shows the current service pack level to the user? A. Click Start, right-click Network, and select Properties. B. Click Start, right-click Computer, and select Properties. C. Click Start, right-click Computer, and select Manage. D. Click Start, right-click Network, and select Manage.
B. To find out the current service pack level, click Start, right-click Computer, and select Properties in Windows.
Which of the following is an example of a personal software firewall? A. Proxy server B. ZoneAlarm C. Microsoft ISA server D. Antivirus software
B. ZoneAlarm is an example of a personal software firewall. Other examples include Windows Firewall and ipfirewall. A proxy server is a computer placed between the LAN and the Internet that acts as a go-between; it usually caches HTTP requests. Microsoft ISA server is a corporate version of a software-based firewall. Antivirus software might have a built-in firewall, but it might not. Its primary function is to search for and quarantine viruses.
Which of the following is placed in an application by programmers either knowingly or inadvertently to bypass normal authentication? A. Input validation B. Sandbox C. Back door D. Virus
C. A backdoor is placed within applications, operating systems, and network devices to bypass normal authentication. Input validation is a process that ensures the correct usage of data and is commonly used by programmers and developers. A sandbox is when a web script runs in its own environment. A virus is a malicious piece of code that can cause damage to a computer if opens and executed by a user.
Which of the following is an inline device that checks all packets? A. Host-based intrusion detection system B. Statistical anomaly C. Network intrusion detection system D. Personal software firewall
C. A network intrusion detection system (NIDS) is an inline device that checks all the packets that flow through it. It is meant to detect attacks and intrusions for the entire network. A host-based intrusion detection system analyzes what happens on that individual computer but not the rest of the network. Statistical anomaly monitoring establishes a performance baseline on an IDS. Personal software firewalls attempt to prevent access to the network.
Which of the following methods of malware delivery is used in computer programs to bypass normal authentication? A. Privilege escalation B. Active interception C. Backdoor D. Rootkit
C. Backdoors bypass normal authentication. They are used by attackers to make changes to network devices, websites, or other programs. Privilege escalation is the act of exploiting a bug or design flaw in software. Active interception is the capturing of information by a computer placed between the sender and the receiver. A rootkit is software designed to gain administrator-level control over a computer system without being detected.
10. What is baselining? A. The act of securing an operating system and updating it B. A group of updates, bug fixes, and security fixes C. The process of measuring changes in networking devices, hardware, and software D. A type of patch management40
C. Baselining is the process of measuring changes in devices or computers. The acts of securing an operating system and updating it are 41 components of hardening the operating system. A group of updates, bug fixes, and security fixes is a service pack. Patch management is the planning, testing, implementing, and auditing of patches.
Of the following, which can be a security benefit when using virtualization? A. Patching a computer patches all virtual machines running on the computer. B. If one virtual machine is compromised, none of the other virtual machines can be compromised. C. If a virtual machine is compromised, the adverse effects can be compartmentalized. D. Virtual machines cannot be affected by hacking techniques.
C. By using a virtual machine (which is one example of a virtual instance), any ill effects can be compartmentalized to that particular virtual machine, usually without any ill effects to the main operating system on the computer. Patching a computer does not automatically patch virtual machines existing on the computer. Other virtual machines can be compromised, especially if nothing is done about the problem. Finally, virtual machines can definitely be affected by hacking techniques. Be sure to secure them!
Which of the following should be your primary line of defense? A. Proxy server B. NIPS C. Firewall D. Protocol analyzer
C. Firewalls should be your primary line of defense. Although intrusion detection/prevention systems are important, a firewall should be installed first. Proxy servers can also help to protect computers on the LAN and should be considered. Protocol analyzers investigate packets that are sent across the network.
. Which of the following should you implement to keep a well-maintained computer? (Select the three best answers.) A. Update the firewall. B. Update the BIOS. C. Use a surge protector. D. Remove the unnecessary firewall.
. A, B, and C. To keep a well-maintained computer, a user should use a surge protector or UPS, update the BIOS, update Windows, update antimalware, update the firewall, and maintain the disks. It is extremely rare that there will be an unnecessary firewall.
Which tab in the Internet Options dialog box of Internet Explorer enables a person to make secure connections through a VPN? A. Advanced tab B. Content tab C. Programs tab D. Connections tab
. D. The connections tab enables a user to make secure connections through a VPN and also may enable connections via a proxy server. The Advanced tab has many security settings, including configuring SSL certificates and what type of SSL is used. The Content tab enables parental controls. The Programs tab can manage add-on programs such as ActiveX controls.
. What is the best option to use to isolate an operating system? A. Host-based intrusion detection system B. Network-based intrusion detection system C. Antivirus software D. Virtualization software
. D. Virtualization software should be used to isolate operating systems from attacks and other types of threats. The other three answers help to protect an operating system but do not isolate it completely.
One way to defend against a double-tagging attack is to put unplugged ports on the switch into an unused VLAN.
. False—Putting unplugged ports on the switch into an unused VLAN is one way of defending against switch spoofing. Ways to defend against double tagging include upgrading firmware and picking an unused VLAN as the default VLAN.
1. Hardening is the act of configuring an OS securely, updating it, and removing unnecessary applications.
. True—The hardening of an operating system is the act of configuring it securely, updating it, creating rules and policies, removing unnecessary applications, and stopping unnecessary services.
Which of the following ways can help secure a modem? (Select the two best answers.) A. Use the callback feature. B. Mount the modem to the floor. C. Use telnet. D. Used strong passwords.
1. A. and D. Using the callback feature enables you to set the modem to call a specific person back at a preset phone number. Strong passwords and some type of authentication scheme can also help to secure a modem. Modems are generally not bolted to the floor; however, a PBX device might be. Telnet is an insecure application and protocol; it should be substituted with SSH.
. Timothy complains about a lot of pop-up Windows when he uses Internet Explorer. Which key combination should you tell him to use to close the pop-up Windows? A. Ctrl+Alt+Del B. Alt+F4 C. Ctrl+Shift+Esc D. Windows key
1. B. Alt+F4 is the key combination a user should use to close pop-up windows, instead of clicking the window. Ctrl+Alt+Del either brings up the task manager or the security dialog box, depending on the version of Windows and the way it is configured. Ctrl+Shift+Esc opens the task manager, and the Windows key opens the Start menu.
. Which of the following are examples of virtualization? (Select the three best answers.) A. Microsoft Virtual PC B. Microsoft Virtual Server C. VMware D. Microsoft Visio
3. A, B, and C. Microsoft Virtual PC, Microsoft Virtual Server, and VMware are all examples of virtualization. Microsoft Visio is a program within the Microsoft Office suite used to create diagrams and flow charts.
To accept fewer cookies, you would add them to the Restricted Sites zone.
4. False—Web addresses (or URLs) are added to the Restricted Sites zone. To accept fewer cookies, a user can adjust the slider in the Privacy tab of IE.
ActiveX controls can run on any browser platform.
5. False—ActiveX controls run on IE, whereas Java applets can run on any platform.
The Network tab in Firefox is used to connect to a proxy server.
6. True—To connect to a proxy server through the Firefox web browser, you would access the Network tab and select the Manual proxy configuration radio button.
Adblock Plus is an add-on to IE used to block third-party advertisement pop-ups.
7. False—Adblock Plus is an add-on to Firefox, but it does block third-party ads and pop-ups when installed to that browser.
Which of the following can help to secure the BIOS of a computer? (Select the two best answers.) A. Use a case lock. B. Use a BIOS supervisor password. C. Configure a user password. D. Disable USB ports.
A and B. By using a case lock or other type of locking mechanism for the computer case, a person cannot open the system and reconfigure the BIOS jumper. By configuring a BIOS supervisor password, only people who know the password can access the BIOS. User passwords can be configured for the BIOS, but these passwords are used only to prevent people who do not know the password from accessing the operating system. Disabling USB ports might be a good idea and will prevent persons from booting the system by way of a USB flash drive or other similar device but will not help to secure the BIOS.
Which of the following should be done to maintain and harden a hard disk? (Select the two best answers.) A. Defragment the drive. B. Consider a whole disk encryption. C. Install third-party applications. D. Sanitize the drive.
A and B. Defragmenting the hard drive is a good way to maintain the drive. Using whole disk encryption can harden the hard disk. It is unknown whether third-party applications can help to maintain or harden a hard disk; chances are they will do neither. Sanitizing the drive is the act of removing all the data.
Which of the following can help to prevent spam? (Select the two best answers.) A. Use a spam filter. B. Run a Trojan scan. C. Close open mail relays. D. Consider technologies that discourage spyware.
A and C. Closing open mail relays and using spam filters are two ways to help prevent spam. Other ways include configuring whitelists and blacklists, and train your users.
What are two ways of discouraging bluesnarfing? (Select the two best answers.) A. Select a difficult-to-guess pairing key. B. Turn off the device. C. Use infrared. D. Set the device to undiscoverable.29
A and D. When selecting a pairing key for the Bluetooth-enabled device, it should be difficult to guess, and don't use the default key. Also, by setting the device to undiscoverable, new devices cannot connect or pair to the Bluetooth-enabled device; however, devices that have already been connected and paired can continue to function. Turning off the device is not the best answer because the user will lose functionality. Using infrared as drawbacks including limited distance data can send information. In addition, this doesn't necessarily mean that Bluetooth has been turned off.
Which of the following are examples of protocol analyzers? (Select the two best answers.) A. Wireshark B. HTTP proxy C. NAT filter D. Network Monitor
A and D. Wireshark and Network Monitor are examples of protocol analyzers. HTTP proxies cache information for client computers. NAT filtering is a type of filtering that firewalls can accomplish if configured.
Of the following, what are three ways to increase the security of Microsoft Outlook? (Select the three best answers.) A. Password protect .PST files. B. Increase the junk email security level. C. Set macro security levels. D. Install the latest service pack.
A, B, and D. The .PST file contains all the information of an individual's Microsoft Outlook profile; by password protecting it, the file cannot be copied and used elsewhere unless the other user can crack the password. By increasing the junk email security level, less spam will be let through into the inbox in Outlook, decreasing the chances of a user clicking on a malicious email. Installing the latest service pack for Microsoft Office is important; it is done in much the same manner as service pack installations for Windows. Setting macro security levels is something that is usually done in Microsoft Excel.
Which of the following are ways to help defend against distributed denial-of-service attacks? (Select the three best answers.) A. Update firewalls. B. Carefully select applications.
A, B, and D. Ways to help defend against distributed denial-of-service attacks include updating firewalls, using intrusion prevention systems, and using a clean pipe from your Internet service provider. You should always be careful when selecting applications; however, DDoS attacks will usually be perpetuated on specific servers that run specific applications that need to be functional. It is not the best answer, but you should always watch which applications you run.
Where would a NIDS sit on a network? (Select the best answer.) A. Inline B. On the extranet C. On the DMZ D. Back to back
A. A NIDS normally sits inline on the network. It could be before or after the firewall but more commonly is on the side closer to the Internet. Although it is possible to put a NIDS on the extranet or on a DMZ, it is far less common. Back to back is a phrase used when an organization implements to firewalls.
James doesn't want people to see where he browsed to on the Internet. What is a good way to clear his Internet browsing history? A. Checkmark the Empty Temporary Internet Files Folder When the Browser Is Closed check box. B. Use cross-site scripting. C. Use the disk defragmenter. D. Clear all cookies in the Advanced Privacy Settings dialog box.
A. By checkmarking the Empty Temporary Internet Files Folder When the Browser Is Closed check box, all temporary Internet files will be cleared as long as the user closes the browser. Cross-site scripting is when the attacker manipulates a client computer into executing code. Disk defragmenter rearranges the contents of a hard disk but does not delete temporary Internet files. Clearing cookies is a good idea; however, all the actual HTML files will still be stored on the hard drive.
Which of the following commands can be used to turn off a service? A. Net stop B. Net start C. Sc config D. # chkconfig <service> off
A. Net stop is used to turn off the service in the command line within Windows. Net start is used to turn on a service from the command line in Windows. Sc config can be used to disable services. # chkconfig <service> off is used to disable services in Linux.
If a server has inbound Port 21 open, what service is it running? A. File Transfer Protocol B. Simple Mail Transfer Protocol C. Hypertext Transfer Protocol D. Kerberos
A. Port 21 corresponds to the File Transfer Protocol (FTP). The Simple Mail Transfer Protocol (SMTP) uses Port 25. The Hypertext Transfer Protocol (HTTP) uses Port 80. Kerberos uses Port 88.
9. Which command lists the hotfixes installed to Windows? A. systeminfo B. gpedit.msc C. cmd.exe D. sc config
A. systeminfo lists all the hotfixes that have previously been installed to Windows. Gpedit.msc displays the Local Group Policy Editor console window. Cmd.exe opens the Command Prompt in Windows. Sc config can be used for a variety of things, including disabling services.
. Which of the following is an example of whole disk encryption? A. Windows Vista Ultimate B. AES C. Bluesnarfing D. BitLocker
D. BitLocker is a program available on Windows Vista Ultimate, Enterprise, and versions of Windows 7. It encrypts an entire disc. The Advanced Encryption Standard (AES) is a symmetric key encryption algorithm; it is used within BitLocker to encrypt the data on the disk. Bluesnarfing is the unauthorized access of information from a wireless device through a Bluetooth connection
Your boss wants you to make changes to the Internet Explorer programs on 20 computers. To do this quickly, what is the best solution? A. Use a proxy server. B. Create an organizational unit. C. Create a script. D. Create and use a template.
D. By creating and using a security template and pushing the information from that template to each computer, you can quickly make changes to all the computers' Internet Explorer web browsers. This can also be done in a domain by using a policy associated with an organizational unit. It is possible to write a script, but this will probably not be as quick as a template.
Your boss wants you to secure your web server's transactions. Which protocol and port number should you use to accomplish this? A. POP3-110 B. LDAP-389 C. RDP-3389 D. HTTPS-44361
D. HTTPS (Hypertext Transfer Protocol Secure) should be used; it corresponds to Port 443. POP3 is used by email servers. LDAP is used by domain controllers. RDP is used by terminal servers.
Which of the following is the best option to use to prevent spyware? A. Personal software firewall B. Whitelists C. Antivirus software D. Windows Defender
D. Windows Defender is an example of antispyware software. Personal software firewalls prevent intrusions to the individual computer. Whitelists can prevent spam. Antivirus software can prevent viruses; however, many antivirus program suites include antispyware software as well.
A client computer uses the IP address 10.254.254.189. It has made a connection to a web server by opening the outbound port 1589. The server uses the IP address 65.19.28.154. You want to filter out any HTTP packets coming from the server. Which IP address and port should you specify to be filtered on the firewall? A. 10.254.254.189:1589 B. 10.254.254.189:80 C. 65.19.28.154: 1589 D. 65.19.28.154:80
D. You should filter the packets coming from the server's IP and its inbound port: 65.19.28.154:80. It would be difficult to filter Port 1589 because this port is assigned dynamically to the outbound connection of the client computer; it will change every time a new session starts. The client computer should not use Port 80 because it is not the computer acting as a web server. The web server will most likely not use Port 1589. The connection from the client computer on outbound Port 1589 is made to the web server on inbound Port 80.
7. D. sc config can be used to disable a service in the command line. Services can be started and stopped with the net start and net stop commands, respectively. Net disable is not about command.
D. sc config can be used to disable a service in the command line. Services can be started and stopped with the net start and net stop commands, respectively. Net disable is not about command.
The network 10.0.0.0 is a Class B private IP network.
False—10.0.0.0 is a network within the Class A private IP range. Class B is between 172.16.0.0 and 172.31.255.255.
A MAC flood is when a person accesses a single port of a switch that was not physically secured.
False—A MAC flood is when numerous packets are sent to a switch, each with a different source MAC address, in an attempt to use up all the memory on the switch and causing a change of state known as failopen mode.
A NIDS can inspect traffic and possibly remove, detain, or redirect malicious traffic.
False—A NIDS attempts to detect malicious network activities by monitoring network traffic and alerts the administrator in the case that it finds any. A NIPS can inspect traffic and remove, detain, or redirect that traffic.
Active interception is the act of exploiting a bug or design flaw in software.
False—Active interception usually includes a computer placed between the sender and the receiver to capture and possibly modify information. Privilege escalation is the act of exploiting a bug or design flaw in software.
Alt+F8 is the key combination that closes pop-up windows.
False—Alt+F4 is the key combination used to close pop-up windows. Alt+F8 would open macros in many programs.
An intranet enables sister companies to access a secure area of a company's network.
False—An intranet is usually used for remote employees of an organization. Sister companies and partner companies would usually connect to an extranet.
One way to protect a WAN is to place all the computers behind a router.
False—By placing all the computers behind a router, you can protect the LAN. Ways to protect the wide area network include firewalling and monitoring.
A honeypot is a device that caches information for hackers.
False—Honeypots are usually single computers that are used to attract and trap potential attackers. Normally, you would not cache information for a hacker, but you would cache information for legitimate users by way of a caching proxy.
An IP proxy serves client requests by caching HTTP information.
False—IP proxies secure networks by keeping the machines behind it anonymous. Caching proxies serve client requests such as caching hypertext information among other types of information.
Viruses self-replicate, whereas worms do not.
False—It is the opposite. Worms self-replicate, whereas viruses do not. A user needs to execute the virus for it to replicate.
Logic bombs are platonic.
False—Logic bombs are malicious and can cause damage to computers. They are related to the platonic Easter egg but can definitely cause damage when they are set off.
Opening mail relays can decrease the amount of spam that an organization receives on its email server.
False—Mail relays should be closed on SMTP servers. If the mail relay is open, anyone on the Internet can send email through the SMTP server.
NAT filtering accepts or rejects packets based on rules.
False—NAT filtering filters traffic according to ports such as TCP or UDP. A firewall that incorporates packet filtering inspects each packet passing through the firewall and accepts or rejects it based on rules.
6. The option Never Check for Updates is recommended by Microsoft.
False—Never Check for Updates is not recommended by Microsoft because it can be a security risk. One of the three other options should be selected.
One way of protecting Microsoft Outlook is to use a password for opening or modifying documents.
False—Passwords used in association with documents are a way of safeguarding Microsoft Word or Excel files. In Microsoft Outlook, the .PST file can be password protected.
. To turn off services, you would access the Programs and Features section of the Control Panel.
False—Services can be shut off within the services section of Computer Management or within the command line. The Programs and Features section of the Control Panel is where you would uninstall unnecessary programs.
The convert command converts FAT32 partitions to NTFS.38
False—The convert command converts FAT32 partitions to NTFS.
The love bug is an example of a rootkit.
False—The love bug is an example of a virus, not a rootkit.
3. The net stop commands disable services in Windows.
False—The net stop commands stop a service in Windows. To disable a service in the command line, you need to use the sc config command.
To open the Local Group Policy Editor console window, a user should type gpedit.msc. MMC opens a new Microsoft Management Console.
False—To open the Local Group Policy Editor console window, a user should type gpedit.msc. MMC opens a new Microsoft Management Console.
A master computer controls a botnet.
True—A botnet is controlled by a master computer, which sends out instructions to many other computers that have been compromised, known as zombies.
Honeynets are one or more computers or servers used to counteract attempts at unauthorized access to a network.
True—A honeynet is one or more computers, servers, or an area of a network; these are used when a single honeypot is not sufficient to trap potential attackers.
4. A service pack is a group of updates, bug fixes, updated drivers, and security fixes.
True—A service pack is one downloadable package that includes a group of updates (hotfixes), bug fixes, updated drivers, and security fixes.
Access control lists enable or deny traffic and can be configured to help secure a router.
True—Access control lists can be implemented on a router and within firewalls; they enable or deny connections.
Back Orifice is an example of a backdoor.
True—Back Orifice is an example of a backdoor program and is commonly installed by a Trojan horse.
Circuit level gateways work at the Session Layer of the OSI model.
True—Circuit level gateways do work at the Session Layer of the OSI model and apply security mechanisms whenever TCP or UDP connections are established.
. A firewall can use NAT and packet filters.
True—Firewalls can use packet filtering, NAT filtering, application level gateways, and circuit level gateways.
An IP proxy can be the victim of denial-of-service attacks.
True—IP proxies can indeed be the victim of denial-of-service attacks and should be monitored periodically and updated regularly.
. Input validation is a process that ensures the correct usage of data.
True—If data is not validated correctly, it can lead to security vulnerabilities and data corruption. Input validation ensures the correct usage of data.
True/False Questions 1. Malware is software designed to infiltrate a computer system without the user's consent.
True—Malware is software designed to intrude upon a computer system without that user's knowledge or consent.
NAT filtering matches incoming traffic to corresponding outbound IP connections by matching the IP address and port.
True—NAT filtering matches incoming and outgoing traffic by way of IP addresses and port numbers.
NAT is also known as IP masquerading.
True—NAT, which stands for network address translation, is also known as IP masquerading. It is the process of changing an IP address while it is in transit across a router.
Network access control sets rules by which network connections are governed
True—Network access control (NAC) helps control your network in a secure fashion by setting rules by which connections to the network are governed. One example of NAC is 802.1X.
Subnetting increases security by compartmentalizing a network.
True—One of the reasons that subnetting is implemented is to increase security by compartmentalizing the network. It is also used to make more efficient use of IP address space and reduce broadcast traffic and collisions.
To make changes to Internet Explorer policies that correspond to an OU, you need a domain controller.
True—Organizational units (OUs) are parts of the Active Directory on a domain controller.
A RAT is an example of a Trojan horse.
True—RAT stands for remote access Trojan and is an example of a Trojan horse attack.
A stateless packet filter is vulnerable to IP spoofing attacks.
True—Stateless packet filters are vulnerable to IP spoofing attacks. Firewalls running stateful packet inspection are not vulnerable because they keep track of the state of network connections.
7. The systeminfo commands show a list of hot fixes that have been installed to the operating system.
True—Systeminfo is a command used to list the hot fixes that have previously been installed to Windows.
A DMZ is a special area of the network accessed by clients on the Internet.
True—The DMZ, which stands for demilitarized zone, might include servers such as FTP, email, and Web that are accessible from people on the Internet, without enabling those people access to the LAN.
. The second step in a patch management strategy is testing.
True—The four steps of a patch management strategy include planning, testing, implementing, and auditing.
By turning on the phishing filter, a person can prevent spyware
True—The phishing filter in Internet Explorer can help to prevent spyware. This can be turned on by clicking Turn on Automatic Website Checking.
A proxy server acts as a go-between of a client computer's web browser and the web server.
True—The proxy server is the mediator between the client and the server. In this case, the server would be an HTTP proxy.
UAC keeps every user in standard mode instead of in administrator mode by default.
True—User Account Control (UAC) keeps every user (besides the actual Administrator account) in standard user mode instead of as an administrator with full administrative rights—even if they are a member of the administrators group.
5. The Windows Update program can be accessed by clicking Start > All Programs.
True—Windows Update can be accessed by navigating to Start > All Programs.
Which of the following is not a denial-of-service attack? A. Smurf attack B. Teardrop attack C. Replay attack D. Fork bomb
C. The replay attack is a network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed. It is not within the realm of denial-of-service attacks. All the other answers are types of denial-of-service attacks.
