Chapter 10
A technician is installing a new SOHO wireless router. Which of the following is the FIRST thing the technician should do to secure the router?
Change the router's default password
An accountant needs to send an email with sensitive information to a client and wants to prevent someone from reading the email if it is intercepted in transit. The client's email system does not allow them to receive attachments due to their company security policies. Which of the following should the accountant use to send the email?
Cipher text
What is a disadvantage of using the cloud for data storage?
Cloud storage backups require a reliable internet connection.
Identifies a set of rules or standards that define personal behaviors.
Code of Ethics
What is the surest way to prevent the loss of important information on your mobile device if it is lost, stolen, destroyed, or there is a natural disaster?
Configure your device to remotely backup important data to the Cloud.
You work for a company that offers their services through the Internet. Therefore, it is critical that your website performs well. As a member of the IT technician staff, you receive a call from a fellow employee who informs you that customers are complaining that they can't access your website. After doing a little research, you have determined that you are a victim of a denial-of-service attack. As a first responder, which of the following is the next BEST step to perform?
Contain the problem.
Why is it better to use a credit card than a debit card for online purchases?
Credit cards have better fraud protection
Forensics experts need to be thoroughly familiar with which of the following?
Data encryption methods, operating systems, and programming languages
Mark received an email from a software company claiming his account will be disabled soon. The email contains several spelling errors, an attachment, and states he should open the attachment for further instructions. What should Mark do?
Delete the email without opening the attachment.
Ted, an employee in the Sales department has asked a coworker, Ann, in the Production department to update the product descriptions contained in a Sales document. Ann can open the file but, after making changes, can't save the file. Which of the following digital security methods is MOST likely preventing this?
Directory permission
In which of the following situations should you expect total privacy?
Financial transactions
Which of the following security measures is a form of biometrics?
Fingerprint scanner
Which of the following would best prevent an unauthorized person from remotely accessing your computer?
Firewall
The CEO of a small business travels extensively and is worried about having the information on their laptop stolen if the laptop is lost or stolen. Which of the following would BEST protect the data from being compromised if the laptop is lost or stolen?
Full disk encryption
Which Internet protocol is used to transmit encrypted data?
HTTPS
Which of the following BEST describes a system administrator?
He or she is typically responsible for securing networks and responding to intrusions in smaller organizations.
Which of the following is a common form of social engineering attack?
Hoax virus information emails.
You are the PC technician for a company. An employee has gone to a meeting while you fix the computer in her office. She accidentally left a report open next to her computer which states that a friend of yours in accounting will be submitted for review if their poor work performance continues. Which of the following is the BEST action to take?
Ignore the paper and tell no one of its contents.
You have implemented a regular backup schedule for a Windows system, backing up data files every night and creating a system image backup once a week. For security reasons, your company has decided to not store a redundant copy of the backup media at an offsite location. Where would be the next best place to keep your backup media?
In a locked fireproof safe
A security analyst does which of the following?
Inspects the company's network for security breaches and recommends measures to prevent future attacks.
Which of the following are the BEST steps you can take to avoid having your mobile device exploited by a hacker or infected by a virus? (Select two.)
Lock the screen with some form of authentication, Keep the operating system up to date
You are configuring the local security policy of a Windows system. You want to prevent users from reusing old passwords. You also want to force them to use a new password for at least 5 days before changing it again. Which of the following policies are BEST to configure? (Select TWO).
Minimum password age, Enforce password history
You are configuring the local security policy of a Windows system. You want to require users to create passwords that are at least 10 characters long. You also want to prevent log on after three unsuccessful logon attempts. Which of the following policies are BEST to configure? (Select TWO).
Minimum password length, Account lockout threshold
Which of the following is the system administrator's MOST important task?
Monitoring and maintaining system security
After entering a user ID and password, an online banking user must enter a PIN that was sent as a text message to the user's mobile phone. Which of the following digital security methods is being used?
Multifactor authentication
Your company has surveillance cameras in your office, uses strong authentication protocols, and requires biometric factors for access control. These are all examples of what principle?
Non-repudiation
Provides a high-level overview of the organization's security program.
Organizational Security Policy
Your company wants to use multifactor authentication. Which of the following would you most likely suggest?
PIN and smart card
Specifies that user accounts should be locked after a certain number of failed login attempts.
Password Policy
The password policy below incorporates the following: Passwords must include at least one capital letter Passwords must include a mix of letters and numbers Passwords must be different from the past eight passwords Passwords must contain at least one non-alphanumeric character Which of the following password best practices are being used? (Select TWO).
Password complexity, Password history
A user reports that her system is running slow when saving files. You determine that you will need to upgrade her hard disk. You identify the components that are required and schedule the repair for later that afternoon. Which of the following steps have you forgotten in your troubleshooting process?
Perform a backup.
In which of the following should you expect some privacy?
Personally identifiable information entered into a human resource database
A user has opened a web browser and accessed a website where they are creating an account. The registration page is asking the user for their username (email address) and a password. The user looks at the URL and the protocol being used is HTTP. Which of the following describes how the data will be transmitted from the webpage to the webserver?
Plain text
A technician walks into the office with a UPS. What sort of threat will this device prepare a system for?
Power outage
A technician assists Joe, an employee in the Sales department, who needs access to the client database by granting Joe administrator privileges. Later, Joe discovers he has access to the salaries in the payroll database. Which of the following security practices was violated?
Principle of least privilege
Your company has a disaster recovery plan that says the order to restore data is customer data, financial system, then email. This is an example of what?
Prioritization
Which of the following would you do as a computer forensics expert?
Recover digital evidence, some of which may have been damaged or deleted from storage devices.
Which of the following disaster recovery concepts applies when a server needs to be online and accessible at all times?
Redundancy
Even if you perform regular backups, what must be done to ensure that you are protected against data loss?
Regularly test restoration procedures.
Which of the following access controls gives only backup administrators access to all servers on the network?
Role-based
Sets expectations for user privacy when using company resources.
Acceptable Use Policy
If a malicious user gains access to the system, which component of the framework lets administrators know how they gained access and what exactly they did?
Accounting
Which of the following describes a Man-in-the-Middle attack?
An attacker intercepts communications between two network hosts by impersonating each host.
Which of the following components of a successful access control framework is the process of proving that you are who you say you are?
Authentication
What do biometrics use to perform authentication of identity?
Biological attributes
You've just received an email message that indicates a new, serious malicious code threat is ravaging across the Internet. The message contains detailed information about the threat, its source code, and the damage it can inflict. The message states that you can easily detect whether or not you have already been a victim of this threat by the presence of three files in the \Windows\System32 folder. As a countermeasure, the message suggests that you delete these three files from your system to prevent further spread of the threat. Based on the email message, which of the following are the next BEST actions to complete? (Select two.)
Run a full anti-malware scan., Verify the information on well-known malicious code threat management Web sites.
A technician is tasked to add a valid certificate to a mobile device so that encrypted emails can be opened.Which of the following email protocols is being used?
S/MIME
Which of the following protocols can be enabled so email is encrypted on a mobile device?
SSL
Which of the following is not a form of biometrics?
Smart card
Unwanted, unsolicited emails containing advertisements, political rhetoric, hoaxes, or scams are collectively known as _________.
Spam
You have purchased new computers and will be disposing of your old computers. Instead of recycling the computers, you decide to resell them by placing an ad on the Internet. These computers were previously used for storing sensitive information. To properly protect the accidental discovery of the company's sensitive information, which of the following steps MUST be completed prior to getting rid of the computers?
Use data wiping software to clear the hard drives
What is the best countermeasure against social engineering?
User awareness training
A technician is tasked to configure a mobile device to connect securely to the company network when the device is used at offsite locations where only internet connectivity is available. Which of the following should the technician configure?
VPN
Gloria is concerned that her online banking transactions could be intercepted if she uses public WiFi. Which of the following could she use to prevent access to her online transactions?
VPN
A small business wants to make sure their wireless network is using the strongest encryption to prevent unauthorized access. Which of the following wireless encryption standards should be used?
WPA2
While configuring a wireless access point device, a technician is presented with several security mode options. Which of the following options will provide the most secure access?
WPA2 and AES
Which software is Microsoft's anti-malware product that is preinstalled on most new computers?
Windows Defender
A large number of compromised computers are infected with malware that allows an attacker (herder) to control them to spread email spam and launch denial-of-service attacks. Which of the following does this security threat describe?
Zombie/botnet