ITE 6.0 Chapter 12
Windows Firewall is blocking port 80. (The World Wide Web (HTTP) protocol uses port 80; port 23 is used by Telnet. Successful pings to other devices indicate that the network interface card is working correctly. BIOS and CMOS settings control system hardware functions, not network applications such as the World Wide Web.)
A computer can successfully ping outside the local network, but cannot access any World Wide Web services. What is the most probable cause of this problem? - Windows Firewall is blocking port 80. - Windows Firewall blocks port 23 by default. - The computer network interface card is faulty. - The BIOS or CMOS settings are blocking web access.
Immediately remove the device from the network. & Consult the company security policy to decide on actions to take against the employee. (Adding an unauthorized wireless router or access point to a company network is a serious potential security threat. The device should be removed from the network immediately in order to mitigate the threat. In addition, the employee should be disciplined. The company security policy, which employees agree to, should describe penalties for behavior that threatens the security of the company.)
A technician discovers that an employee has attached an unauthorized wireless router to the company network so that the employee can get Wi-Fi coverage while outside taking a break. The technician immediately reports this to a supervisor. What are two actions that the company should take in response to this situation? - Create a guest account for the employee to use when outside the building. - Add an authorized wireless access point to the network to extend coverage for the employee. - Make sure that the wireless router is not broadcasting an SSID. - Immediately remove the device from the network. - Consult the company security policy to decide on actions to take against the employee.
TCP/IP attacks
Examples include DoS, DDoS, spoofing, and SYN flooding.
web security
Examples include pop-up blockers, ActiveX filters, and InPrivate browsing.
firewall settings (Smartcard and file system settings do not affect network operation. MAC address settings and filtering may be used to control device network access but cannot be used to filter different data traffic types.)
For security reasons a network administrator needs to ensure that local computers cannot ping each other. Which settings can accomplish this task? - smartcard settings - firewall settings - MAC address settings - file system settings
Worms
This security can self-replicate and propagate across networks from a singular host, consuming a lot of bandwidth.
Virus
This security threat infects systems and executes malicious code.
spyware
This security threat installs on a computer without the knowledge of the user and then monitors computer activity.
Adware
This security threat is normally distributed through downloaded software and results in the exhibition of several pop-up windows on the system.
requiring employees to use a card key when entering a secure area (Encrypting data, keeping software up to date, and the use of personal firewalls are all security precautions, but will not restrict physical access to secure areas by only authorized people.)
What is an example of the implementation of physical security? - establishing personal firewalls on each computer - encrypting all sensitive data that is stored on the servers - requiring employees to use a card key when entering a secure area - ensuring that all operating system and antivirus software is up to date
It appears as useful software but hides malicious code. (The best description of Trojan horse malware, and what distinguishes it from viruses and worms, is that it appears as useful software but hides malicious code. Trojan horse malware may cause annoying computer problems, but can also cause fatal problems. Some Trojan horses may be distributed over the Internet, but they can also be distributed by USB memory sticks and other means. Specifically targeted Trojan horse malware can be some of the most difficult malware to detect.)
What is the best description of Trojan horse malware? - It is the most easily detected form of malware. - It is malware that can only be distributed over the Internet. - It is software that causes annoying but not fatal computer problems. - It appears as useful software but hides malicious code.
Download the latest signature files on a regular basis. (Having an antivirus program on a computer does not protect a PC from virus attacks unless the signature updates are done regularly in order to detect newer and emerging threats. It should be noted that if the signature update lacks a signature for a new threat, the software will be unable to protect against that threat.)
What must be done to ensure that the antivirus software on a computer is able to detect and eradicate the most recent viruses? - Download the latest signature files on a regular basis. - Schedule a scan once a week. - Schedule antivirus updates using Windows Task Manager. - Follow the firewall configuration guidelines on the antivirus manufacturer website.
implement port forwarding (Port forwarding provides a rule-based method to direct traffic between devices on separate networks. This method provides access to devices across the Internet in a less expensive way than using a DMZ.)
What security technique could provide secure access to a server located in a small office without the expense of implementing a DMZ or purchasing a hardware firewall? - implement hash encoding for all wireless devices - implement MAC address filtering - implement port forwarding - implement basic security on all wireless access points
Ensure that all applications are working. (The last step before documenting findings is to verify full system functionality. Ensuring that all of the applications are working would be an example of verifying functionality. Asking what problem is that the user is experiencing is part of the first step: identifying the problem. Disconnecting from the network and rebooting in Safe Mode are both examples of the third step: determining an exact cause.)
When a support technician is troubleshooting a security issue on a system, which action should the technician take just before documenting the findings and closing the ticket? - Boot the system in Safe Mode. - Disconnect the system from the network. - Ensure that all applications are working. - Ask what the problem is that the customer is experiencing.
when users are leaving their desk but remaining logged on (The idle timeout and screen lock feature is a great security measure that protects the computer and data accessible through it if the user steps away from the desk for a specified period of time and forgets to lock the computer or log off.)
When would a PC repair person want to deploy the idle timeout feature? - when users are inserting media and running applications not sanctioned by the company - when users are leaving their desk but remaining logged on - when users are playing music CDs and leaving them playing even after the users have left for the day - when users are surfing the Internet and not doing their job
Local Users and Groups (The guest account should be used sparingly. Also, restrictions should be applied to the guest account so that the user cannot access data or resources not needed.)
Where in Windows would a technician configure a guest account for a temporary employee? - BIOS - Device Manager - Local Users and Groups - Windows Firewall
Disconnect the host from the network. (If a network is experiencing an extremely high volume of traffic, disconnecting a host from the network may confirm that the host is compromised and is flooding traffic onto the network. The other issues are hardware issues, and not typically security-related.)
Which action could be used to determine if a host is compromised and flooding traffic onto the network? - Unseat and then reconnect the hard drive connectors on the host. - Disconnect the host from the network. - Check the host hard drive for errors and file system issues. - Examine the Device Manager on the host for device conflicts.
an unidentified person claiming to be a technician collecting user information from employees (A social engineer attempts to gain the confidence of an employee and convince that person to divulge confidential and sensitive information, such as usernames and passwords. DDoS attacks, pop-ups, and viruses are all examples of software based security threats, not social engineering.)
Which is an example of social engineering? - a computer displaying unauthorized pop-ups and adware - the infection of a computer by a virus carried by a Trojan - an anonymous programmer directing a DDoS attack on a data center - an unidentified person claiming to be a technician collecting user information from employees
Read (A local user requires the Read permission to backup files, but the Write permission is required to restore files.)
Which level of Windows security permission is required for a local user to backup files from another user? - Write - Change - Full - Read
Passwords should be a combination of upper and lower case letters, numbers, and special characters & Passwords should be changed by the user after specific periods of time. & Password reuse and lockout policies should be implemented. (Passwords should include both upper and lower case letters, numbers, and special characters. They should be at least eight characters in length. In addition, passwords should expire after a period time, such as 90 days and the reuse of passwords should be limited. In addition, computers should be configured to lock a user out after a series of failed attempts.)
Which three rules increase the level of password strength? - Passwords should never expire. - Passwords should be a combination of upper and lower case letters, numbers, and special characters - Passwords should combine user special dates and initials so that they can be alphanumeric. - Passwords should be changed by the user after specific periods of time. - Password reuse and lockout policies should be implemented. - Passwords should be short to reduce the chances of users forgetting them.
software firewall
a program that runs on a computer to allow or deny traffic between the computer and other computers to which it is connected
security policy
a set of security objectives that ensure the security of a network, the data, and the computer systems in an organization
demilitarized zone (DMZ)
a subnetwork that provides services to an untrusted network
asymmetric encryption
a technique that uses different keys to encrypt and decrypt information
symmetric encryption
a technique that uses the same key to encrypt and decrypt data
social engineering
a technique used by attackers to trick a user into revealing their account information to gain unauthorized access to network data and resources
security key fob
an authentication device that accepts a user PIN and provides a number which the user then uses to complete the two-factor authentication process
biometric security
an authentication technique that compares physical characteristics of an individual against stored profiles
smart card security
an authentication technique that uses personal information stored in a chip
malware
any software created to perform malicious acts
data threat
events or attacks that remove, corrupt, deny access to authorized users, allow access to unauthorized users, or steal information
physical threat
events or attacks that steal, damage, or destroy equipment
hardware firewall
examples include packet filter, stateful inspection, and proxy
virus
malicious code that attaches itself to a program and executes when that program is run
Trojan
malicious code that pretends to be a valid or legitimate program
least privilege
setting the permissions in a manner that provides access only to the files, folders, and devices that are required by an individual
zero-day attack
the exploitation of software vulnerabilities before they are known to, or revealed by, the software vendor
phishing
tricking a user into revealing confidential information or installing malware.
spam
unsolicited email that is used for the purpose of gaining confidential information or installing malware
encryption
using a key and a complex algorithm to transform data
