Midterm (1-15) exam
Which item in the six steps to handling incidents includes a business continuity plan (BCP)? -Eradication -Recovery -Identification -Preparation
Recovery
Regarding incident response, a severity level of Severe may affect the ability to conduct critical operations. -True -False
True
Secure Socket Tunneling Protocol (SSTP) establishes an encrypted tunnel over a Transport Layer Security (TLS) connection. -True -False
True
Server computers provide specific types of services to client applications, either directly or indirectly. Group of answer choices -True -False
True
The File History feature on Windows workstations allows users to identify personal files and designate a location to where they will be automatically backed up. -True -False
True
The Resultant Set of Policy (RSOP) tool shows the specific settings that will result from applying GPOs to a specific user logged on to a specific computer. -True -False
True
The System Development Life Cycle (SDLC) breaks down the software development process into a number of phases with the goal of standardizing and simplifying software development management. -True -False
True
The security concern of enterprise resource planning (ERP) software is that a large portion of an organization's data is centralized. -True -False
True
The term malware refers to a collection of different types of software that share the goal of infiltrating a computer and making it do something. -True -False
True
Where a file server only stores files, a data storage server organizes data and attempts to make the data more accessible than just a list of files. -True -False
True
Pierre seeks to encrypt business-critical areas of the file server. Most important to him is the assurance that no trace of plaintext files can be identified after the encryption process. What encryption method and tool should Pierre use? -Encrypting File System (EFS) file encryption -Encrypting File System (EFS) folder encryption -BitLocker To Go -BitLocker Drive Encryption
Encrypting File System (EFS) folder encryption
Which of the following is NOT one of the problems you might encounter if you implement faulty code to a production environment? -Inconsistent interfaces with other programs -Faulty installation procedure -Properly working application -Inconsistent code and schema changes
Properly working application
Which of the following can read, write, create, or delete data on a database server? -Query -Transaction -Relationship -Proxy
Query
Which of the following is an algorithm that uses the same key to encrypt and decrypt data? -Security certificate -Cipher -Asymmetric algorithm -Symmetric algorithm
Symmetric Algorithm
A microkernel implements only the minimal required functionality in the memory-resident portion of the operating system, such as memory management. Group of answer choices -True -False
True
A service level agreement (SLA) is a contract with a vendor that guarantees replacement hardware or software within a specific amount of time. -True -False
True
A uniform resource locator (URL) contains information for a web server to know how to handle a request from a web browser. -True -False
True
A workgroup is a simple peer-to-peer network in which all computers are treated as equals. -True -False
True
Active Directory is a security control that protects data confidentiality and integrity. -True -False
True
An advantage of network backups is that copying data to another computer or device protects the backed-up data from damage to the primary computer or storage device. -True -False
True
Any event that results in a violation of an organization's security policy, or poses an imminent threat to the security policy, is an incident. -True -False
True
Attackers look for vulnerabilities, or weaknesses, in an operating system and application software. Group of answer choices -True -False
True
Because a comprehensive incident response plan may contain proprietary information, it should be available only to authorized users. -True -False
True
Defining Group Policy Objects (GPOs) in Active Directory gives you the ability to centralize security rules and control how Windows applies each rule. -True -False
True
Each new version of Microsoft Baseline Security Analyzer (MBSA) scans for more vulnerabilities than previous versions. -True -False
True
Good security practices help you react to new threats as well as existing ones. -True -False
True
In a firewall, inbound rules filter inbound network traffic, and outbound rules filter outbound network traffic. -True -False
True
In the SDLC, each phase has defined deliverables. -True -False
True
In the system/information engineering and modeling phase of the SDLC, information is collected about the environment and its requirements. -True -False
True
Kerberos is the default authentication protocol in Windows. -True -False
True
Network communication controls limit the spread of malicious software and traffic. -True -False
True
On a web server, enable auditing of failed logon attempts and failed resource requests to help identify attacks or reconnaissance. -True -False
True
One strategy for reducing a computer's attack surface is to establish controls on running programs to mitigate known vulnerabilities. -True -False
True
The list of access control rules in Windows is referred to as a discretionary access control list (DACL). -True -False
True
Mumford, the systems administrator, is aware that newer versions of Windows Server have extended capabilities to help keep data secure. Currently, with Microsoft Windows Server 2008 R2, his environment uses the feature called File Classification Infrastructure (FCI) to define classification properties for files. Mumford is now wanting to upgrade the environment to Microsoft Windows Server 2016. What additional feature would be available as a result of this upgrade? -More capability to respond to actions that result in file access denial -Enforcing file expiration policies based on classification -Automating classification of files based on location -Capability to tag special types of data, such as Social Security numbers
-Capability to tag special types of data, such as Social Security numbers
Windows applies multiple Group Policy Objects (GPOs) in a specific order, lower to higher. Of the following, which is the highest GPO in the order? -Domain GPOs -Site GPOs defined in Active Directory -Organizational unit GPOs -Local GPOs
-Organizational unit GPOs
Which of the following does Windows provide to protect data in transit? -Multifactor authentication -Public key infrastructure -BitLocker -Encrypting File System (EFS)
-Public key infrastructure
Which of the following best represents due diligence in the context of information security? -A move toward cloud-based applications and components leading to more compliance -Any one of the components, including people, information, and conditions, that support business objectives -The ongoing attention and care an organization places on security compliance -A network device or software that can analyze traffic and detect a potential intrusion based on traffic patterns
-The ongoing attention and care an organization places on security compliance
Which of the following provides a central repository for security policy settings along with the ability to deploy settings to many target locations? -BitLocker management tool -Object discretionary access control lists (DACLs) -Encrypting File System (EFS) -Active Directory
Active directory
Of the following, what makes the use of application servers faster than having applications installed on each user workstation? -Only the application servers need to be updated. -One software license supports all users on one or several servers. -Application servers tend to be closer to the database servers that store the data they need to run. -Application servers are able to more successfully filter network traffic and block suspicious messages.
Application servers tend to be closer to the database servers that store the data they need to run.
Tanya is an incident handler. She is responsible for identifying, analyzing, and responding to security attacks. An employee complains their machine runs slowly. Tanya is not able to identify any malware, but she does notice the employee is an avid fan of Bitcoin. What questions should Tanya ask the employee? -Do you have too many applications running concurrently? -Is the machine performing an antivirus scan? -Is it possible the local drive is full? -Are you running cryptomining software on the machine?
Are you running cryptomining software on the machine?
Which of the following best describes BitLocker Drive Encryption selectivity? -BitLocker can selectively encrypt folders but not individual files. -BitLocker can only be turned on or off for a volume. -BitLocker can selectively encrypt files and folders. -BitLocker can only be turned on or off for a hard drive.
BitLocker can only be turned on or off for a volume.
Which software configuration management (SCM) activity is a set of processes and approval stages required to change a configuration item's attributes and to re-baseline them? -Configuration status accounting -Configuration auditing -Configuration control -Configuration identification
Configuration control
Which of the following is NOT a common form of malware? -Rootkit -Worm -Darwin -Virus
Darwin
Which of the following is a Windows Server 2019 edition designed for large-scale employment on servers that support extensive virtualization? -Standard -Datacenter -Essentials -Web Server
Datacenter
Which of the following is a best practice regarding baselines? -Baselines help you collect and analyze the data required for auditing needs. -A baseline defines the settings and data you want to collect for later comparison and trend analysis. -Baselines can be helpful in ensuring compliance with your security policy. -Develop security templates in Security Configuration and Analysis (SCA) that contain the security settings for each type of workstation and server.
Develop security templates in Security Configuration and Analysis (SCA) that contain the security settings for each type of workstation and server.
Which of the following is NOT considered a best practice for maintaining secure access for remote clients? -Install at least one firewall between a virtual private network (VPN) endpoint and the internal network. -Use global user accounts whenever possible. -Develop a backup and recovery plan for each component in the Remote Access Domain. -Do not encrypt communications in the Remote Access Domain.
Do not encrypt communications in the Remote Access Domain.
A serious incident occurred regarding theft of medical records. After the incident was near completion, law enforcement was brought in to review the collected evidence. The case eventually went to court. Unfortunately, the evidence provided by the computer security incident response team (CSIRT) was ultimately rejected, resulting in the case being thrown out. What was the likely cause of the evidence being rejected? -Health Insurance Portability and Accountability Act (HIPAA) regulations should also have been consulted -Evidence collection was mishandled -The medical records were unrecoverable -Law enforcement was called in too early
Evidence collection was mishandled
A security guideline describes individual tasks users accomplish to comply with one or more security standards, such as the steps to change a password. -True -False
False
Business continuity plans (BCPs) and disaster recovery plans (DRPs) are not designed to be tested. -True -False
False
In the event of a major disruption, a disaster recovery plan (DRP) will rely on the business continuity plan (BCP) to provide an IT infrastructure the organization can use. -True -False
False
Mobile devices without anti-malware software installed can safely connect to an organization's network. -True -False
False
Preventing malware is often far more difficult than removing it. -True -False
False
The primary purpose of a Windows audit is to determine if a system has any malware. -True -False
False
What is an example of a physical control? Group of answer choices -Fire extinguisher -Antivirus software -Firewall rule -Company security policy
Fire Extinguisher
Which of the following is true about the Security Configuration and Analysis (SCA) tool? -It uses audit templates to store the settings that make up baselines. -It allows an administrator to analyze the configuration settings on only legacy Windows computers. -It evaluates the current security state of computers in accordance with Microsoft profiling recommendations. -It can apply a baseline to force current computer settings to match the settings defined in the baseline.
It can apply a baseline to force current computer settings to match the settings defined in the baseline.
Which of the following statements is NOT true regarding the Security Configuration and Analysis (SCA) tool? -It does not allow the use of security templates acquired from some other source. -It uses security templates to store the settings that make up baselines. -It allows an administrator to analyze a computer and compare its configuration settings with a baseline. -It can apply a baseline to force current computer settings to match the settings defined in the baseline.
It does not allow the use of security templates acquired from some other source.
Which of the following is a fast and scalable protocol that allows for secure exchange of information and has been in use since Windows 2000? -Dynamic Access Control (DAC) -Kerberos -Effective permissions -Auditing
Kerberos
Dafne is an IT manager. She needs to acquire 10 new workstation computers for employee use. She wants the workstations to have the latest client operating system. Which of the following should she select? -Microsoft Windows 10 -Microsoft Windows 8.1 -Microsoft Office 365 -Microsoft Azure
Microsoft Windows 10
Frank requires use of a vulnerability scanner. His two priorities are (1) an application that is free or open source, to avoid paying license fees, and (2) to offer full capability for up to 50 devices. Frank's environment is all virtualized. Besides being an open source product, why else would OpenVAS appeal to Frank? -OpenVAS is available as a pre-built virtual appliance. -OpenVAS originally began as a fork of the commercial product Nessus. -OpenVAS can be run in the Windows Subsystem for Linux. -Source code allows organizations to customize OpenVAS as needed.
OpenVAS is available as a pre-built virtual appliance.
Which of the following is true about operating systems? -Operating system kernels provide core services, calling external programs to provide many more operating system services. -Operating systems contain just the kernel. -Operating systems do not support information exchange between programs. -Few programs require input and produce output.
Operating system kernels provide core services, calling external programs to provide many more operating system services.
For a Group Policy Object (GPO) to become active, it must be linked to at least one computer, domain, or which of the following? -Organizational unit (OU) -Local account -Registry -Distribution server
Organizational unit (OU)
Which of the following is a Windows Server feature that forces Group Policy updates on all selected computers? -Windows Group Policy Update -Active Directory Group Policy Update -Local Group Policy Update -Remote Group Policy Update
Remote group policy update
Which of the following is NOT a sound strategy for protecting Active Directory (AD)? -Periodically change the Directory Service Restore Mode (DSRM) password. -Ensure that administrators managing AD do so using separate Administrator user accounts. -Limit the number of administrators with access to AD. -Require that administrators manage AD only from their workstations instead of dedicated terminal servers.
Require that administrators manage AD only from their workstations instead of dedicated terminal servers.
Which of the following anti-malware software component intercepts and scans incoming information for malware in real time? -Shield -Scanner -Signature database -Vault
Shield
John is the backup administrator for a growing organization. He informs his superiors that backups are taking too long to process. John's boss suggests complete backups be done less frequently. What would be the result of implementing the boss's suggestion? -The amount of data changed before completing a restore will increase -The organization will retain fewer copies of backups -The recovery time objective (RTO) will exceed the restore time -The backups will take longer the restore time
The amount of data changed before completing a restore will increase
Various contractors working at the organization all have access to a general projects folder. Unfortunately, Oscar is concerned that contractors hired for one project might be viewing project files of other contractors. What should be Oscar's next step? -Use the Integrity Control Access Control List (icacls.exe) CLI tool to track access -Use the Control Access Control List (cacls.exe) CLI tool to track access -Calculate Microsoft Windows access permissions per project -Use expression-based security audit policy to track contractors' access -Use expression-based security audit policy to track contractors' access
Use expression-based security audit policy to track contractors' access
An organization seeks to identify specific controls that provide assurance for all three security principles: confidentiality, integrity, and availability. Windows uses Kerberos as a control to protect one of the principles. What is the primary risk if Kerberos were taken away? -Users could gain unexpected access -Group Policy Objects (GPOs) could be forged -User identities could be misused -Network bandwidth would degrade or saturated
User identities could be misused
At his company, Kari is responsible for the enterprise resource planning (ERP) application, including its security. Considering the vulnerabilities common in most ERP installations, which of the following sets of controls should Kari consider most valuable to his company's ERP application? -Users use unique accounts with strong authentication, and are trained on acceptable use -Shared service accounts and auditing on all applications united by ERP -Firewall patches are up-to-date, and strong firewall rules and outbound filters for ERP traffic -Management support, particularly with capacity planning
Users use unique accounts with strong authentication, and are trained on acceptable use
Which of the following should NOT be used to secure a wireless network because it is too easily compromised? Group of answer choices -Wi-Fi protected access (WPA/WPA2/WPA3) -Firewall -Service set identifier (SSID) -Wired Equivalent Privacy (WEP)
Wired Equivalent Privacy (WEP)
By default, which of the following does Windows use to allow computers to share resources with each other on a network? -Workgroup -Active Directory -Database list -Security identifier
Workgroup
Which of the following has the largest number of potential victims? -Zero-day attack -Spyware attack -Rootkit attack -Trojan horse attack
Zero-day attack
You can delete the Administrator account but you cannot disable it. -True -False
false
Locky and WannaCry are types of ________. Group of answer choices -hacktivists -technical controls -ransomware -viruses
ransomware
