TestOut Security Pro Section 8.1-8.14 Quiz Questions
The BrewerNash security model is designed primarily to prevent which activity?
*Conflicts of interest* False acceptance Denial of service attacks Inference attacks
The ClarkWilson security model is primarily based on which element?
*Controlled intermediary access applications* A matrix Dynamic access controls A directed graph
Drag the Active Directory terms on the left to their corresponding definition on the right.
(Top to Bottom) *Domain Controller* *Organizational Unit* *Domain* *Objects*
In the /etc/shadow file, which character in the password field indicates that a standard user account is locked? (Fill in the blank)
*!*
Which chage option keeps a user from changing password every two weeks?
*-m 33*
Which file should you edit to limit the amount of concurrent logins for a specific user?
*/etc/security/limits.conf*
You want to allow e-commerce web sites that you visit to keep track of your browsing history for shopping carts and other information, but want to prevent that information from being tracked by sites linked to the sites you explicitly visit. How should you configure the browser settings?
*Allow first party cookies, but block third-party cookies* Enable the phishing filter to check all embedded links in webpages you visit Prevent ActiveX controls and Java on linked websites Block cross-site scripting (XSS)
Which of the following is the term for the process of validating a subject's identity?
*Authentication* Auditing Authorization Identification
To help prevent browser attacks, users of public computers should do which of the following?
*Clear the browser cache* Ensure the public login credentials are unique Turn the public computer off immediately after use Not use any public computer that has been used in the last 30 minutes
For users on your network, you want to automatically lock their user accounts if four incorrect passwords are used within 10 minutes. What should you do?
*Configure account lockout policies in Group Policy*
You want to make sure that all users have passwords over eight characters in length and that passwords must be changed every 30 days. What should you do?
*Configure account policies in Group Policy*
You have hired 10 new temporary workers who will be with the company for 3 months. You want to make sure that these users can only log on during regular business hours. What should you do?
*Configure day/time restrictions in the user accounts*
Which of the following is a text file provided by a website to a client that is stored on a user's hard drive in order to track and record information about the user?
*Cookie* Certificate Mobile Code Digital Signature
You manage an Active Directory domain. All users in the domain are required by a GPO linked to the domain to use passwords with at least eight characters, but you want to ensure that users in the Administrators OU are required to use passwords with at least 10 characters. What should you do?
*Create a GPO computer policy for the Administrators OU*
You want to ensure that all users in the Development OU have a common set of network communication security settings applied. Which action should you take?
*Create a GPO computer policy for the computers in the Development OU*
You manage an Active Directory domain. All users in the domain have a standard set of internet options configured by a GPO linked to the domain. But you want users in the Administrators OU to have a different set of internet options. What should you do?
*Create a GPO user policy for the Administrators OU*
You are configuring the local security policy of a Windows system. You want to prevent users from reusing old passwords. You also want to force them to use a new password for at least five days before changing it again. Which policies should you configure? (Select two.)
*Enforce password history* *Minimum password age*
Computer policies include a special category called user rights. Which action do they allow an administrator to perform?
*Identify users who can preform maintenance tasks on computers in the OU*
Which statement is true regarding the application of GPO settings?
*If a setting is defined in the Local Group policy on the computer and not defined in the GPO linked to the OU, the setting is applied.*
Which of the following are examples of single signon authentication solutions? (Select two.)
*Kerberos* RADIUS DIAMETER Biometrics Digital certificates *SESAME*
Within the /etc/security/limits.conf file, you notice the following entry: @guests hard maxlogins 3 What effect does the line have on the Linux system?
*Limits the number of logins from the Guest group to three*
Which of the following is the single best rule to enforce when designing complex passwords?
*Longer passwords*
You are configuring the local security policy on a Windows system. You want to require users to create passwords that are at least 10 characters long. You also want to prevent login after three unsuccessful attempts. Which policies should you configure? (Select two.)
*Minimum password length* *Account lockout threshold*
As you browse the Internet, you notice that when you go to some sites, multiple additional windows are opened automatically. Many of these windows contain advertisements for products that are inappropriate for your family to view. Which tool can you implement to prevent these windows from showing?
*Popup blocker* Anti-adware Anti-spyware Phishing filter Antivirus
What is the effect of the following command? *chage -M 60 -W 10 jsmith
*Sets the password for jsmith to expire after 60 days and gives a warning 10 days before it expires*
Encryption is which type of access control?
*Technical* Restrictive Physical Administrative
Which security mechanism uses a unique list that meets the following specifications: • The list is embedded directly in the object itself • The list defines which subjects have access to certain objects • The list specifies the level or type of access allowed to certain objects
*User ACL* Kerberos Hashing Mandatory access control
You have just configured the password policy and set the minimum password age to 10. What will be the effect of this configuration?
*Users cannot change the password for 10 days.*
Which of the following is an example of decentralized privilege management solution?
*Workgroup* Active Directory RADIUS TACACS+
Which of the following is an attack that injects malicious scripts into Web pages to redirect users to fake websites or gather personal information?
*XSS* SQL injection Driveby download DLL injection
What "chage" command should you use to set the password for jsmith to expire after 60 days and give a warning 10 days before it expires? (Tip: Enter the command as if at the command prompt.)
*chage -M 60 -W 10 jsmith*
You have a group named temp_sales on your system. The group is no longer needed, and you should remove the group. Which of the following commands should you use?
*groupdel temp_sales* groupmod -n temp_sales newgroup -R temp_sales groupmod -R temp_sales
You want to see which primary and secondary groups the dredford user belongs to. Enter the command you would use to display the group memberships for dredford. (Fill in the blank)
*groups dredford*
You suspect that the gshant user account is locked. Enter the command you use at the command prompt to show the status of the user account. (Fill in the blank)
*passwd -S gshant*
An employee named Bob Smith, with a user name of bsmith, has left the company. You have been instructed by your supervisor to delete his user account along with his home directory. Which of the following commands would produce the required outcome?
*userdel -r bsmith* userdel bsmith userdel -h bsmith *userdel bsmith;rm -rf /home/bsmith*
A user with the account name larry has just been terminated from the company. There is good reason to believe that the user will attempt to access and damage files in the system in the very near future. Which of the following commands will disable or remove the user account from the system and remove his home directory?
*userdel -r larry* userdel -h larry usedel -home larry userdel larry
Which of the following utilities could you use to lock a user account? (Select two)
*usermod* useradd userdel *passwd*
Which of the following is stronger than any biometric authentication factor?
A dynamic asynchronous token device without a PIN *Twofactor authentication* A 47character password A USB device hosting PKI certificates
Which of the following best describes Active Directory?
A group of related domains that share the same contiguous DNS namespace An administratively-defined collection of network resources that share a common directory database and security policies A collection of related domain trees that establishes the relationship between trees that have different DNS namespaces *A centralized database that contains user account and security information*
A router access control list uses information in a packet, such as the destination IP address and port number, to make allow or deny forwarding decisions. This is an example of which kind of access control model?
DAC *RSBAC * RBAC MAC
Which of the following are subject to SQL injection attacks?
ActiveX controls Web servers serving static content Browsers that allow clientside scripts *Database servers*
Marcus White has just been promoted to a manager. To give him access to the files that he needs, you make his user account a member of the Managers group, which has access to a special shared folder. Later that afternoon, Marcus tells you that he is still unable to access the files reserved for the Managers group. What should you do?
Add his user account to the ACL for the shared folder Manually refresh Group Policy settings on his computer Manually refresh Group Policy settings on the file server *Have Marcus log off and log back in*
What is a cookie?
An executable file that runs in the background and tracks internet use A malicious program that runs when you read an email attachment *A file saved on your hard drive that tracks website preferences and use* A malicious program that disguises itself as a useful program
Which of the following is specifically meant to ensure that a program operates on clean, correct, and useful data?
Application hardening Process spawning Error and exception handling *Input validation*
A remote access user needs to gain access to resources on the server. Which of the following processes are performed by the remote access server to control access to resources?
Authentication and accounting Identity proofing and authorization Authorization and accounting *Authentication and authorization * Identity proofing and authentication
A programmer that fails to check the length of input before processing leaves his code vulnerable to what form of common attack?
Backdoor Session hijacking Privilege escalation *Buffer overflow*
What is another term for the type of login credentials provided by a token device?
Biometric Mutual authentication Twofactor authentication *Onetime password*
Recently, a Web site named www.vidshare.com has become extremely popular with users around the world. An attacker registers the following domain names: • www.videoshare.com • www.vidshar.com • www.vidsshare.com Each of these URLs points to a phishing Web site that tricks users into supplying their vidshare.com user names and passwords. What type of attack has occurred in this scenario?
Buffer overflow Watering hole *Typosquatting * Command injection
While using a Webbased game created using Adobe Flash, a Flash cookie is set on a user's computer. The game saves legitimate data in the Flash cookie, such as statistics and user preferences. However, the game creator also programmed the game to track the Web sites that that user visits while the game is running and save them in the Flash cookie. This data is transferred to a server over an Internet connection without the user's permission. What type of exploit has occurred in this scenario?
Buffer overflow Zeroday *Locally shared object (LSO) exploit * Header manipulation
What is the most important aspect of a biometric device?
Enrollment time Size of the reference profile Throughput *Accuracy*
You have implemented an access control method that only allows users who are managers to access specific data. Which type of access control model is used?
DACL DAC MAC *RBAC*
What type of password is maryhadalittlelamb?
Cognitive Static *Pass phrase* Composition
Which access control type is used to implement shortterm repairs to restore basic functionality following an attack?
Compensative *Corrective* Recovery Detective
You manage several windows systems. All computers are a members of a domain. You use an internal website that uses Integrated Windows Authentication. You attempt to connect to the website and are prompted for authentication. You verify that your user account has permission to access the website. You need to ensure that you are automatically authenticated when you connect to the website. What should you do?
Create a complex password for your user account Add the internal website to the Trusted sites zone *Add the internal website to the Local intranet zone.* Open Credential Manager and modify your credentials.
When you browse to a website, a popup window tells you that your computer has been infected with a virus. You click on the window to see what the problem is. Later, you find out that the window has installed spyware on your system. What type of attack has occurred?
DLL injection *Driveby download * SQL injection Trojan horse
Which type of attack is the act of exploiting a software program's free acceptance of input in order to execute arbitrary code on a target?
Data diddling *Buffer overflow* Covert channel exploitation TOC/TOU
What should you do to a user account if the user goes on an extended vacation?
Delete the account *Disable the account* Monitor the account more closely Remove all rights from the account
Which of the following is the most common form of authentication?
Digital certificate on a smart card Fingerprint *Password * Photo ID
Which of the following is an example of a single signon authentication solution?
Digital certificates *Kerberos * RADIUS Biometrics
You've been assigned to evaluate NoSQL databases as a part of a big data analysis initiative in your organization. You've downloaded an Open Source NoSQL database from the Internet and installed it on a test system in an isolated lab environment. What should you do to harden this database before implementing it in a production environment?
Enable anonymous access Enable data encryption in the database configuration *Implement an application-layer protocol to encrypt data prior to saving it in the database* Implement an IDS to detect SQL injection attacks on the database *Disable anonymous access*
Which of the following advantages can single signon (SSO) provide? (Select two.)
Enhanced password complexity requirements Secure remote access *The elimination of multiple user accounts and passwords for each individual * *Access to all authorized resources with a single instance of authentication*
Use of which of the following is a possible violation of privacy?
FTP HTTP VPNs *Cookies*
During the application development cycle, an application tester creates multiple virtual machines on a hypervisor, each with a different version and edition of Windows installed. she then installs the latest build of the application being developed on each virtual machine and evaluates each installation for security vulnerabilities. Which assessment technique was used in this scenario?
Fuzzing Code review *Configuration testing* Baseline reporting
Lori Redford, who has been a member of the Project Management group, was recently promoted to manager of the team. She has been added as a member of the Managers group. Several days after being promoted, Lori needs to have performance reviews with the team she manages but she cannot access the performance management system. As a member of the Managers group, she should have the Allow permission to access this system. What is most likely preventing her from accessing this system?
Her user object has been assigned an explicit Allow permission to the performance management system, but she inherits the Deny permission assigned to the Project Management group (which she still belongs to). Inherited Deny permissions override explicit Allow permissions. *She is still a member of the Project Management group, which has been denied permission to this system. Deny permissions always override Allow permissions.* Her user object has been assigned an explicit Deny permission to the performance management system. She is still a member of the Project Management group, which has been denied permission to this system. However, being a member of the Managers group should allow her to access this system. Allow permissions always override Deny permissions. There must be an explicit permission entry that is preventing her from accessing the management system.
Which of the following best describes onefactor authentication?
Only a single authentication credential is submitted. *Multiple authentication credentials may be required, but they are all of the same type.* Only Type 1 authentication credentials are accepted. A user name without any additional credentials is accepted.
You manage several Windows systems. Deskstop users access an in-house application that is hosted on you intranet Web server. When a user clicks a specific option in the application, they receive an error message that the popup was blocked. You need to configure the security settings so that users can see the pop-up without compromising overall security. What should you do?
In Internet Options, use the privacy tab to turn off Pop-up Blocker Change the filter level in Pop-up Blocker to High Change the filter level in Pop-up Blocker to Medium *Add the URL of the website to the Local intranet zone*
During the application development cycle, a developer asks several of his peers to assess the portion of the application he was assigned to write for security vulnerabilities. Which assessment technique was used in this scenario?
Input validation Fuzzing Baseline Reporting *Code review*
An attacker inserts SQL database commands into a data input field of an order form used by a Webbased application. When submitted, these commands are executed on the remote database server, causing customer contact information from the database to be sent to the malicious user's Web browser. Which practice would have prevented this exploit?
Installing antivirus, antispyware, popup blockers, and firewall software. Implementing a script blocker. *Implementing clientside validation.* Using the latest browser version and patch level.
Which form of access control enforces security based on user identities and allows individual users to define access controls over owned resources?
MAC RBAC *DAC * TBAC
What form of access control is based on job descriptions?
Mandatory access control (MAC) Locationbased access control (LBAC) *Rolebased access control (RBAC) * Discretionary access control (DAC)
Click on the object in the TESTOUTDEMO.com Active Directory domain that is used to manage desktop workstation access.
MarketingManagers PermMarketing TempMarketing *CORPWS7* Marketing Tom Plask
Which of the following is the star property of the BellLaPadula security model?
No write up No read up *No write down* No read down
You are the network administrator of a small nonprofit organization. Currently, an employee named Craig Jenkins handles all help desk calls for the organization. In recent months, the volume of help desk calls has exceeded what Craig can manage alone, so an additional help desk employee has been hired to carry some of the load. Currently, permission to network resources are assigned directly to Craig's user object. Because the new employee needs exactly the same level of access, you decide to simply copy Craig's Active Directory domain user object and rename it with the new employee's name. Will this strategy work?
No. Active Directory does not permit you to copy an existing user account. Yes. This strategy will be successful No. Making a copy of an existing user causes both accounts to have the same security identifier (SID) *No. Permissions are not copied when a user account is copied*
Which of the following is a password that relates to things that people know, such as a mother's maiden name or the name of a pet?
Onetime Dynamic Pass phrase *Cognitive*
Audit trails produced by auditing activities are which type of security control?
Preventative Deterrent *Detective* Directive
Which of the following terms describes the component that is generated following authentication and is used to gain access to resources following login?
Proxy Account policy *Access token * Cookie
You have a system that allows the owner of a file to identify users and their permissions to the file. Which type of access control model is implemented?
RBAC (based on rules) MAC *DAC* RBAC (based on roles)
Active Directory is a hierarchical database. Hierarchical directory databases have several advantages over flat file database structures. Which of the following is *not* an advantage of Active Directory's hierarchical database structure?
Replication *Decentralization* Delegation Organization Scalability
Which of the following defines an object as an entity in the context of access control?
Resources, policies, and systems. *Data, applications, systems, networks, and physical space.* Users, applications, or processes that need to be given access. Policies, procedures, and technologies that are implemented within a system.
Which of the following is a hardware device that contains identification information and can be used to control building access or computer logon?
SSID WAP *Smart card * Biometric Security policy
Tom Plask's user account has been locked because he entered too many incorrect passwords. You need to unlock the account. Click the tab in the properties of the Tom Plask user object you would use to unlock his account.
Select the *Account* Tab
Tom Plask was recently transferred to the Technical Support department. He now needs access to the network resources used by Support employees. To do this, you need to add Tom Plask's user account to the Support group in the Active Directory domain.
Select the *Member Of* Tab
You are creating a new Active Directory domain user account for the Rachek McGaffey user account. During the account setup process, you assigned a password to the new account. However, you know that the system administrator should not know any user's password for security reasons. Only the user should know his or her own password--no one else. Click the option you would use in the New Object - User dialog to remedy this situation.
Select the *User must change password at next logon* option
You want to prevent your browser from running JavaScript commands that are potentially harmful. Which of the following would you restrict to accomplish this?
Serverside scripts *Clientside scripts* ActiveX CGI
Having poor software development practices and failing to program input validation checks during development of custom software can result in a system vulnerable to which type of attack?
Superzapping Denial of service Dictionary *Buffer overflow*
Which of the following is not true regarding cookies?
They can collect user information They can help a hacker spoof a user's identity *They operate within a security sandbox* They can retain connection and session information
You've been assigned to evaluate NoSQL databases as a part of a big data analysis initiative in your organization. You've downloaded an Open Source NoSQL database from the Internet and installed it on a test system in an isolated lab environment. Which of the following are likely to be true about this test system?(Select two.)
The database is more susceptible to SQL injection attacks than tradition SQL databases. *Data is stored in the database in an unencrypted format* By default, data is stored in the database in an encrypted format. *The database admin user has no password assigned* The default admin user password is admin
Which of the following defines the crossover error rate for evaluating biometric systems?
The rate of people who are given access that should be denied access. The rate of people who are denied access that should be allowed access. *The point where the number of false positives matches the number of false negatives in a biometric system.* The number of subjects or authentication attempts that can be validated.
Which of the following is the strongest form of multifactor authentication?
Twofactor authentication A password and a biometric scan *A password, a biometric scan, and a token device* Two passwords
While using a Webbased order form, an attacker enters an unusually large value in the Quantity field. The value she entered is so large that it exceeds the maximum value supported by the variable type used to store the quantity in the Web application. This causes the value of the quantity variable to wrap around to the minimum possible value, which is a negative number. As a result, the Web application processes the order as a return instead of a purchase, and the attacker's account is refunded a large sum of money. What type of attack has occurred in this scenario?
URL hijacking *Integer overflow* Watering hole Buffer overflow
Which of the following information is typically not included in an access token?
User security identifier User rights Group membership *User account password*
While using a Webbased order form, an attacker enters an unusually large value in the Quantity field. The value she entered is so large that it exceeds the maximum value supported by the variable type used to store the quantity in the Web application. This causes the value of the quantity variable to wrap around to the minimum possible value, which is a negative number. As a result, the Web application processes the order as a return instead of a purchase, and the attacker's account is credited with a large sum of money. Which practices would have prevented this exploit? (Select two.)
Using the latest browser version and patch level. *Implementing serverside validation.* *Implementing clientside validation.* Installing antivirus, antispyware, popup blockers, and firewall software. Installing the latest operating system updates.
Which of the following enters random data to the inputs of an application?
Validation Rules Routines *Fuzzing* Application hardening
You are the administrator for a small company. You need to add a new group of users to the system. The group's name is sales. Which command will accomplish this?
addgroup sales addgroup -x sales groupadd -r sales *groupadd sales*
Due to a merger with another company, standardization is now being imposed throughout the company. As a result of this, the sales group must be renamed marketing. Which of the following commands will accomplish this?
grpchange marketing sales *groupmod -n marketing sales* groupadd -c marketing sales grpconv marketing sales
You have a group named Research on your system that needs a new password because a member of the group has left the company. Which of the following commands should you use?
newpasswd Research groupmod -p Research *gpasswd Research* gpasswd research
You have preformed an audit and have found an active account for an employee with the username joer. This user no longer works for the company. Which command can you use to disable this account?
usermod -u joer usermod -d joer *usermod -L joer* usermod -l joer
One of your users, Karen Scott, has recently married and is now Karen Jones. She has requested that her username be changed from kscott to kjones, but no other values change. Which of the following commands will accomplish this?
usermod -u kscott kjones usermod -u kjones kscott *usermod -l kjones kscott* usermod -l kscott kjones