Chapter 10 Study Guide
Which of the following describes a Man-in-the-Middle attack?
An attacker intercepts communications between two network hosts by impersonating each host.
A technician is installing a new SOHO wireless router. Which of the following is the FIRST thing the technician should do to secure the router?
Change the router's default password
An accountant needs to send an email with sensitive information to a client and wants to prevent someone from reading the email if it is intercepted in transit. The client's email system does not allow them to receive attachments due to their company security policies. Which of the following should the accountant use to send the email?
Cipher text
What is a disadvantage of using the cloud for data storage?
Cloud storage backups require a reliable internet connection.
You work for a company that offers their services through the Internet. Therefore, it is critical that your website performs well. As a member of the IT technician staff, you receive a call from a fellow employee who informs you that customers are complaining that they can't access your website. After doing a little research, you have determined that you are a victim of a denial-of-service attack. As a first responder, which of the following is the next BEST step to perform?
Contain the problem.
Ted, an employee in the Sales department has asked a coworker, Ann, in the Production department to update the product descriptions contained in a Sales document. Ann can open the file but, after making changes, can't save the file. Which of the following digital security methods is MOST likely preventing this?
Directory permission
Which of the following security measures is a form of biometrics?
Fingerprint scanner
Which of the following would best prevent an unauthorized person from remotely accessing your computer?
Firewall
Which Internet protocol is used to transmit encrypted data?
HTTPS
Which of the following is a common form of social engineering attack?
Hoax virus information emails.
You have implemented a regular backup schedule for a Windows system, backing up data files every night and creating a system image backup once a week. For security reasons, your company has decided to not store a redundant copy of the backup media at an offsite location. Where would be the next best place to keep your backup media?
In a locked fireproof safe.
You are configuring the local security policy of a Windows system. You want to require users to create passwords that are at least 10 characters long. You also want to prevent log on after three unsuccessful logon attempts. Which of the following policies are BEST to configure? (Select TWO).
Minimum password length Account lockout threshold
After entering a user ID and password, an online banking user must enter a PIN that was sent as a text message to the user's mobile phone. Which of the following digital security methods is being used?
Multifactor authentication
Your company has surveillance cameras in your office, uses strong authentication protocols, and requires biometric factors for access control. These are all examples of what principle?
Non-repudiation
Your company wants to use multifactor authentication. Which of the following would you most likely suggest?
PIN and smart card
The password policy below incorporates the following: Passwords must include at least one capital letter Passwords must include a mix of letters and numbers Passwords must be different from the past eight passwords Passwords must contain at least one non-alphanumeric character Which of the following password best practices are being used? (Select TWO)
Password complexity Password history
A user reports that her system is running slow when saving files. You determine that you will need to upgrade her hard disk. You identify the components that are required and schedule the repair for later that afternoon. Which of the following steps have you forgotten in your troubleshooting process?
Perform a backup.
In which of the following should you expect some privacy?
Personally identifiable information entered into a human resource database
A technician assists Joe, an employee in the Sales department, who needs access to the client database by granting Joe administrator privileges. Later, Joe discovers he has access to the salaries in the payroll database. Which of the following security practices was violated?
Principle of least privilege
Your company has a disaster recovery plan that says the order to restore data is customer data, financial system, then email. This is an example of what?
Prioritization
Which of the following disaster recovery concepts applies when a server needs to be online and accessible at all times?
Redundancy
Even if you perform regular backups, what must be done to ensure that you are protected against data loss?
Regularly test restoration procedures.
You've just received an email message that indicates a new, serious malicious code threat is ravaging across the Internet. The message contains detailed information about the threat, its source code, and the damage it can inflict. The message states that you can easily detect whether or not you have already been a victim of this threat by the presence of three files in the \Windows\System32 folder. As a countermeasure, the message suggests that you delete these three files from your system to prevent further spread of the threat. Based on the email message, which of the following are the next BEST actions to complete? (Select two.)
Run a full anti-malware scan. Verify the information on well-known malicious code threat management Web sites.
A technician is tasked to add a valid certificate to a mobile device so that encrypted emails can be opened.Which of the following email protocols is being used?
S/MIME
Which of the following protocols can be enabled so email is encrypted on a mobile device?
SSL
What is the best countermeasure against social engineering?
User awareness training
A technician is tasked to configure a mobile device to connect securely to the company network when the device is used at offsite locations where only internet connectivity is available. Which of the following should the technician configure?
VPN
A small business wants to make sure their wireless network is using the strongest encryption to prevent unauthorized access. Which of the following wireless encryption standards should be used?
WPA2
A large number of compromised computers are infected with malware that allows an attacker (herder) to control them to spread email spam and launch denial-of-service attacks. Which of the following does this security threat describe?
Zombie/botnet
