IT Applications - Lesson 8 Practice Questions
A security analyst baselines web activity and notices several caveats with browsers. For example, they notice that when a user types in a query, a query is actually made after every typed key. The analyst is trying to group browser activity together. Which browser is based on the same code as Chrome? A.Edge B.Internet Explorer C.Safari D.FireFox
A.Edge Edge, Microsoft's replacement browser, now uses the same underlying Chromium codebase as Google Chrome. IE itself is no longer supported. Microsoft's Internet Explorer (IE) used to be dominant in the browser market. As the browser is a security-critical type of software, it is particularly important to use a trusted source, such as an app store. Apple's Safari browser is tightly integrated with macOS and iOS. In some scenarios, it might be appropriate to choose a browser that is different from these mainstream versions. FireFox is a free and open-source modern web browser. It is currently developed by the Mozilla Foundation.
A security administrator wants to set up anomalistic monitoring around behavioral-based user activity. Which of the following could the administrator implement for monitoring? (Select all that apply.) A.Failed attempts B.Login times C.Concurrent logins D.Screen lock
A.Failed attempts B.Login times C.Concurrent logins Monitoring login times are typically used to see if an account is logging in at an unusual time of the day or night or during the weekend. Concurrent logins are another behavioral-based monitoring mechanism. Most users should only need to sign in to one computer at a time, so this sort of policy can help to prevent or detect misuse of an account. Failed attempts can be a sign of malicious activity. The timeout/screen lock locks the desktop if the system detects no user-input device activity. This is a sensible, additional layer of protection.
A security analyst receives a notification of possible malware based on common indicators. After conducing several analyses, the analyst learns the malware used Windows PowerShell to create new malicious processes in the computer's memory. What is the analyst's computer likely infected with? A.Fileless malware B.Worm C.Boot sector virus D.Viruses
A.Fileless malware Fileless malware refers to malicious code that uses the host's scripting environment, such as Windows PowerShell or PDF JavaScript, to create new malicious processes in memory. Worms replicate between processes in system memory rather than infecting an executable file stored on a disk. Boot sector viruses infect the boot sector code or partition table on a disk drive. While this could be a possible option, memory-based malware running inside the code of another program is quite common. Viruses are concealed within the code of an executable process image stored as a file on a disk. In Windows, executable code has extensions such as .EXE, .MSI, .DLL, .COM, .SCR, and .JAR.
A developer is reading their email and comes across a new memorandum from the security department about a clean desk policy. Why does security need to publish this? A.Personal identifiable information (PII) protection B.Secure critical hardware C.Prevent lunchtime attack D.Protect UEFI
A.Personal identifiable information (PII) protection Paper copies of personal and confidential data must not be left where they could be read or stolen. A clean desk policy ensures that all such information is not left in plain sight. A clean desk policy does not help with securing critical assets. Portable computers can be secured though to a desk using a cable lock. When in public, users must keep laptop cases insight. A lunchtime attack is where a threat actor is able to access a computer that has been left unlocked. A system user password is one that is required before any operating system can boot. The system password can be configured by the basic input/output system (BIOS) or unified extensible firmware interface (UEFI) setup program.
A security manager sets up a defense in depth mechanism and sets up monitoring to catch communications from the attacker to the malware. What is the manager monitoring for? A.Spyware B.C2 C.Keylogger D.Rootkit
B.C2 Whether a backdoor is used as a standalone intrusion mechanism or to manage bots, the threat actor must establish a connection from the compromised host to a command and control (C2 or C&C) host or network. Spyware is malware that can perform browser reconfigurations, such as allowing tracking cookies, changing default search providers, opening arbitrary pages at startup, adding bookmarks, and so on. A keylogger is spyware that actively attempts to steal confidential information by recording keystrokes. When dealing with a rootkit, administrators should be aware that there is the possibility that it can compromise system files and programming interfaces so that local shell processes no longer reveal their presence.
A server administrator notices that a few servers in their screened subnet (demilitarized zone) went from around 5% central processing unit (CPU) utilization to 95%. They also notice the machines lack many patches. If malware infects the servers, what is the likely cause of the high CPU utilization? A.Crypto-ransomware B.Cryptomining software C.Rogue antivirus D.RAT
B.Cryptomining software A cryptominer hijacks the resources of the host to perform cryptocurrency mining. This is also referred to as cryptojacking. Ransomware is a type of malware that tries to extort money from the victim. Crypto-ransomware attempts to encrypt files on any fixed, removable, and network drive. Rogue antivirus is a particularly popular way to disguise a Trojan. In the early versions of this attack, a website would display a pop-up disguised as a normal Windows dialog box with a fake security alert. Modern malware is usually designed to implement some type of backdoor, also referred to as a remote access Trojan (RAT).
A developer wants to create functionality for a web browser by making API calls on the back end. What should the developer build? A.Plug-ins B.Extension C.Apps D.Themes
B.Extension Extensions add or change a browser feature via its application programming interface (API). The extension must be granted specific permissions to make configuration changes. With sufficient permissions, they can run scripts to interact with the pages the developer is looking at. Plug-ins play or show some sort of content embedded in a web page, such as Flash, Silverlight, or other video/multimedia format. Apps support document editing in the context of the browser. They are essentially a means of opening a document within a cloud app version of a word processor or spreadsheet. Themes change the appearance of the browser using custom images and color schemes.
A security manager is setting up a password policy for users. Which of the following is the best security practice when it comes to passwords? A.Password expiration B.Length C.Character mix D.Memorable
B.Length Length is preferable to the use of highly cryptic mixing of character types. It will take an attacker significantly longer to crack a passphrase rather than a much shorter but complex password. The latest National Institute of Standards and Technology (NIST) guidance also deprecates password expiration except when a breach is discovered. Requiring a mix of character types forces users into selecting easily masked substitutions (zero for the letter O, for instance) or makes passwords impossible to remember and causes users to write them down. Users should choose a memorable phrase, but should not use any personal information in the password.
A server administrator helps the human resources department whitelist an external website for their new training platform. What will the administrator need to do to ensure the web page shows up as secure? A.Adjust the firewall. B.Configure browser sign-in. C.Add trusted certificates. D.Whitelist in the web application firewall.
C.Add trusted certificates. When using enterprise certificates for internal sites and a third-party browser, the administrator must ensure that the internal CA root certificate is added to the browser. Unless the site is running a non-standard port, the firewall would not need to be adjusted. Normal web traffic operates off ports 80 and 443. A browser sign-in allows the user to synchronize settings between instances of the browser software on different devices. The site is external and so the administrator would not be able to adjust the training platform's web application firewall. However, even if they could, this should not need to be configured.
A manager is responsible for client laptops, and is concerned about exposing data on the disks to a different OS and the permissions becoming overridden. What will help prevent this possible attack? A.Windows Defender Firewall B.Windows Defender Antivirus C.Encrypting File System D.Execution control
C.Encrypting File System The Encrypting File System (EFS) feature of the New Technology File System (NTFS) supports file and folder encryption. EFS is not available in the Home edition of Windows. The Windows Defender Firewall with Advanced Security console allows the configuration of a custom inbound and outbound filtering rule. Antivirus is software that can detect malware and prevent it from executing. The primary means of detection is to use a database of known virus patterns called definitions, signatures, or patterns. Execution control refers to logical security technologies designed to prevent malicious software from running on a host regardless of what the user account privileges allow.
A security manager wants to set up a program where they can proactively mitigate malware infection as much as possible. Which of the following is least helpful in this endeavor? A.User training B.Scheduled scans C.Update trusted root certificates D.On-access scanning
C.Update trusted root certificates Updating trusted root certificates is helpful in the overall defense-in-depth security strategy, but is least helpful in this scenario in preventing malware. It does play its part though. An essential malware prevention follow-up action is effective user training. Untrained users represent a serious vulnerability because they are susceptible to social engineering and phishing attacks. All security software supports scheduled scans. These scans can impact performance, however, so it is best to run them when the computer is otherwise unused. Almost all security software is now configured to scan on-access. On-access means that the antivirus (A-V) software intercepts an operating system (OS) call to open a file and scans the file before allowing or preventing it from being opened.
A user visits a news site that they go to frequently, and the news articles are not updated but are the same as the day before. The user also hears complaints about people not having internet, which is odd since they are on their normal news site. What is most likely going on? A.User is in private mode. B.There are pop-up blockers. C.User is on a different switch. D.Page is cached.
D.Page is cached. By default, the browser will maintain a history of pages visited, cache files to speed up browsing, and save text typed into form fields. The page is most likely cached from the previous visit. Private/incognito browsing mode disables the caching features of the browser so that no cookies, browsing history, form fields, passwords, or temp files will be stored when the session is closed. Pop-up blockers prevent a website from creating dialogs or additional windows. The pop-up technique was often used to show fake antivirus and security warnings or other malicious and nuisance advertising. While the user may be on a different switch than those complaining about not having internet, it is more likely that the user's page is cached.
A helpdesk operator is reviewing a notification that a user clicked links in a very suspicious email. What is the second step the operator should take? A.Disable System Restore. B.Look for missing or renamed files. C.Look for services masquerading as legitimate services. D.Quarantine.
D.Quarantine. After verifying the symptoms of malware, the host should be placed in quarantine, where it is not able to communicate on the main network. Once the infected system is isolated, the next step is to disable System Restore and other automated backup systems, such as File History. Looking for missing or renamed files could be one of the many steps in investigating after a computer has been quarantined. Identification of these techniques could help scan the enterprise to see how far it spread. Another good step after isolation is to look for additional executable files with names similar to those of authentic system files and utilities, such as scvhost.exe or ta5kmgr.exe.
A security manager in charge of the vulnerability program for the enterprise is looking at mobile security. They are reading about a "walled garden" approach. What does this entail? A.Autorun B.Antivirus C.Concurrent logins D.Trusted source
D.Trusted source Mobile OS vendors use this "walled garden" model of software distribution as well. Apps are distributed from an approved store, such as Apple's App Store or the Windows Store. One of the problems with legacy versions of Windows is that when an optical disc is inserted or a USB drive is attached, Windows would automatically run commands defined in an autorun.inf file. Antivirus is software that can detect malware and prevent it from executing. The primary means of detection is to use a database of known virus patterns called definitions, signatures, or patterns. Concurrent logins are another behavioral-based monitoring mechanism. Most users should only need to sign in to one computer at a time.
A Firefox user wants to open up their browser settings to configure their intranet as the home page. How can the Firefox user access the settings? A.chrome://settings B.edge://settings C.firefox://settings D.about:preferences
D.about:preferences Users can open the internal URL for Firefox by going to about:preferences. Each browser maintains its own settings that are accessed via its Meatball (...) or Hamburger (☰) menu button as well. In Chrome, the setting option is listed under chrome://settings. Browsers also have advanced settings that are accessed via a URL such as chrome://flags or about:config. In Edge, the URL for settings is at edge://settings. Internet Explorer (IE) should not be used for general web browsing or to access modern web applications. firefox://settings is not the correct option for Firefox. A browser sign-in allows the user to synchronize settings between instances of the browser software on different devices.