A+ 2

What is the function of a TPM in relation to Windows' BitLocker feature?

A Trusted Platform Module can store the disk encryption key to tie use of the disk to a particular computer.

What type of cryptographic key is delivered in a digital certificate?

A digital certificate is a wrapper for a subject's public key. The public and private keys in an asymmetric cipher are paired. If one key is used to encrypt a message, only the other key can then decrypt it.

What type of device would a privacy screen be used to protect?

A display device such as a monitor. A privacy screen prevents the display from being observed at any angle other than directly in front of the screen.

What distinguishes a cryptographic hash from the output of an encryption algorithm?

An encrypted ciphertext can be decrypted by using the correct key; a cryptographic hash is irreversibly scrambled.

Why should you never use a home vacuum cleaner to clean a PC?

Because they generate large amounts of static electricity that may damage sensitive components.

An attacker learns that a system policy causes passwords to be configured with a random mix of different characters but that are only five characters in length. What type of password cracking attack would work best here?

Brute force attacks are effective against short passwords (under seven characters). Dictionary attacks depend on users choosing ordinary words or phrases in a password.

What should you do before transporting a bulky object?

Check that there is a clear path to the destination point. If you cannot carry the object safely, get help or use a cart.

What general class of malware is crypto-malware an example of?

Crypto-malware is a type of ransomware. The malware encrypts files on the target and then demands a ransom be paid to release the key that can decrypt them again.

Why are the actions of a first responder critical in the context of a forensic investigation?

Digital evidence is difficult to capture in a form that demonstrates that it has not been tampered with. Documentation of the scene and proper procedures are crucial.

True or false? A factory reset preserves the user's personal data.

False. Restoring to factory settings means removing all user data and settings.

When you are sizing the load for a UPS, how would you calculate the power used by a PC component?

Multiply its Voltage (V) by the Current (I) it draws to calculate power drawn in Watts (W=V*I). You may then need to convert this to a VA rating by multiplying by 1.67. When power is supplied, some is lost through the function of inverters and capacitors. This means that the supply, measured as VA, must exceed the watts drawn by about 70%. This ratio is also described as the Power Factor (PF).

What sort of information should be recorded on an entry control roster?

Name and company being represented, date, time of entry, and time of departure, reason for visiting, and contact within the organization.

How do you unlock an AD user account?

Open Active Directory Users and Computers. and locate the user account. Right-click the user object and select Properties. Check the Unlock account box. Select OK.

What is the difference between tailgating and shoulder surfing?

Tailgating means following someone else through a door or gateway to enter premises without authorization. Shoulder surfing means observing someone type a PIN or password or other confidential data.

What type of cryptographic algorithm is AES?

The Advanced Encryption Standard (AES) is a symmetric encryption cipher. This means that the same key can be used to perform both encryption and decryption operations on a message.

What is the first step to take when an app no longer loads?

Try restarting the device. If that does not work, uninstall and then reinstall the app.

What technology mitigates against an online account being accessed from an unknown device?

Two-step verification—the site sends a code to a registered phone or alternative email address, prompting the user to verify the validity of the device.

Why might you need to use a virus encyclopedia?

Typically, if a virus cannot be removed automatically, you might want to find a manual removal method. You might also want to identify the consequences of infection—whether the virus might have stolen passwords, and so on.

If a user obtains Read permissions from a share and Deny Write from NTFS permissions, can the user view files in the folder over the network?

Yes (but he or she cannot create files).

What tests can you perform to ensure the integrity of backup settings and media?

You can perform a test restore and validate the files. You can run an integrity check on the media, such as using chkdsk on a hard drive used for backup. Backup software can often be configured to perform an integrity check on each file during a backup operation. You can also perform an audit of files included in a backup against a list of source files to ensure that everything has been included.

What is the purpose of a KB?

A Knowledge Base (KB) is a reference to assist with installing, configuring, and troubleshooting hardware and software. A KB might be created by a vendor to support their products. A company might also create an internal KB, populated with guidelines, procedures,and information from service tickets.

When might you need to consult MSDS documentation?

A Material Safety Data Sheet (MSDS) should be read when introducing a new product or substance to the workplace. Subsequently, you should consult it if there is an accident involving the substance and when you need to dispose of the substance.

What are the main components of an RFC?

A Request for Change (RFC) sets out the purpose and scope of the proposed change and a documented plan for carrying out the change. Ideally, it should perform a risk analysis of both performing the change and not performing the requested change. It should state the measures by which the change can be judged to have been completed successfully. Ideally, it would also include a backout plan for reversing the change.

What type of network access is facilitated by VPN?

A Virtual Private Network (VPN) is often deployed to provide remote access to users who cannot otherwise make a physical connection an office network. A remote access VPN means that the user can connect to a private network using a public network for transport. Encryption and authentication are used to make sure the connection is private and only available to authorized users. You might also mention that VPNs can be used to other types of access (such as connecting one network site to another). .

What is a Wi-Fi Analyzer used for?

A Wi-Fi Analyzer is used to check connectivity issues with wireless. It can check for less congested channels.

What type of computer stores Active Directory account information?

A Windows server running the Domain Controller (DC) role.

What is a change board?

A change board is a committee of stakeholders who can approve the planned change.

What is a server lock?

A computer in which the chassis can be locked shut, preventing access to physical components.

What type of account policy can protect against password-guessing attacks?

A lockout policy (disables the account after a number of incorrect logon attempts).

What type of software is typically used to perform eavesdropping on an Ethernet network?

A packet sniffer or packet capture utility. When combined with software to decode the frames, these can also be called packet analyzers or network monitors.

An attacker crafts an email addressed to a senior support technician inviting him to register for free football coaching advice. The website contains password-stealing malware. What is the name of this type of attack?

A phishing attack tries to make users authenticate with a fake resource, such as a website that appears to be a genuine online banking portal. Phishing emails are often sent in mass as spam. This is a variant of phishing called spear phishing, because it is specifically targeted at a single person, using personal information known about the subject (such as his or her hobbies).

Why might an ID badge not be restricted to use at doors and gateways?

A visible ID badge shows that someone is authorized to move around a particular zone. This means that even if they are able to slip through a door using tailgating or some other method, they can be identified and challenged for not wearing visible ID.

With what type of threat is a "zero day" associated?

A zero day is a type of software exploit. You could also say that it is associated with hacking and malware threats. The term arises because an attacker has found a means of exploiting a vulnerability in the software before the software developer has been able to create a patch or fix for the vulnerability.

In AAA architecture, what type of device might a RADIUS client be?

AAA refers to Authentication, Authorization, and Accounting. When the role is played by a Remote Access Dial-in User Service (RADIUS) server, the server processes authentication and authorization requests. The clients submitting the requests to the server are network access devices, such as routers, switches, wireless access points and VPN servers. The end user devices connecting to them are referred to as supplicants.

What attack might be launched to eavesdrop on all communications passing over a local network segment?

Address Resolution Protocol (ARP) poisoning or spoofing. This is a type of Man-in-the-Middle attack.

Describe the equipment you should use to prevent static electricity on your body from damaging the equipment on which you are working.

An anti-ESD service kit comprising an anti-ESD wrist strap, grounding cord and plug, and a conductive mat. The grounding plug should be connected to an earthed point.

What role do barcodes play in managing inventory?

An inventory is a list of assets. To compile a list of assets, you must be able to identify each asset. A barcode label is a good way of doing this. You can use a scanner to link to the asset within the inventory database automatically, avoiding delays and mistakes that might be made by typing an asset ID.

Confidentiality and integrity are two important properties of information stored in a secure retrieval system. What is the third property?

Availability—information that is inaccessible is not of much use to authorized users. For example, a secure system must protect against Denial of Service (DoS) attacks.

At which general levels are backups made to facilitate disaster recovery?

Backup levels include file, image, and critical application. File level backups allow restoration of user-generated data files in a shared folder or user profile. An image-level backup records a whole installation (OS, third-party software and drivers, and custom settings). This can be used to reinstall a computer or recover a Virtual Machine (VM). A critical application backup saves data and settings kept by a specific software product. This is likely to involve some sort of database backup.

Katie works in a high-security government facility. When she comes to work in the morning, she places her hand on a scanning device in her building's lobby, which reads her hand print and compares it to a master record of her hand print in a database to verify her identity. What type of security control is this?

Biometric authentication deployed as part of a building's entry control system.

Why is DNS configuration a step in the malware remediation process?

Compromising domain name resolution is a very effective means of redirecting users to malicious websites. Following malware infection, it is important to ensure that DNS is being performed by valid servers.

You are advising a customer on purchasing security controls. What class of security technology prevents users from sending unauthorized files as email attachments?

Data Loss Prevention (DLP).

What is the difference between a DoS and a DDoS attack?

Denial of Service (DoS) is any type of attack that halts or disrupts a network application or resource. A Distributed Denial of Service (DDoS) is a specific class of DoS attack. It means that the attacker uses multiple hosts to launch the attack. The distributed hosts are usually PCs and other devices (zombies) compromised by malware (bots) controlled by the attacker.

Why should PII be classed as sensitive or confidential?

Disclosing Personally Identifiable Information (PII) may lead to loss of privacy or identity theft. There may be legal or regulatory penalties for mishandling PII.

In which atmospheric conditions is the risk of ESD highest?

During cool, dry conditions when humidity is low. When humidity is high, the static electricity can dissipate through the moisture present in the air.

True or False? If you are using an anti-static floor mat, you do not need any other anti-ESD service equipment.

False. A mat should be used with a wrist strap. You may also need ESD-safe packaging for storing components.

True or false? Updates are not necessary for iOS devices because the OS is closed source.

False—closed source just means that the vendor controls development of the OS. It is still subject to updates to fix problems and introduce new features.

True or false? The encryption applied by EFS can be overridden by the local administrator account.

False—only the user can decrypt files, via their account password or a backup key. In a Windows domain, administrators can be configured key recovery agents but the local administrator does not have this right automatically. This means that the disk cannot be connected to a different computer to circumvent the protection afforded by encryption.

What type of biometric recognition is most suitable for integrating with a laptop computer?

Finger or thumbprint readers are generally the simplest type of device. Facial recognition using a built-in camera is also becoming popular.

What two types of biometric authentication mechanism are supported on smartphones?

Fingerprint recognition and facial recognition.

A user is assigned Read permissions to a resource via his user account and Full Control via membership of a group. What effective permission does the user have for the resource?

Full control—the most effective permissions are applied.

Which of the following components helps to protect users of electrical equipment against a short circuit? Resistor, Fuse, Power supply, or ESD wrist strap

Fuse

What are the principal environmental hazards to consider when installing PC equipment?

Heat and direct sunlight, excessive dust and liquids, and very low or high humidity. Equipment should also be installed so as not to pose a topple or trip hazard.

What would be the purpose of quarantining an infected file, rather than deleting it?

If antivirus software cannot clean a file, you may still want to investigate alternative methods of recovering data from the file. Quarantine means the antivirus software blocks access without actually removing the file from the file system.

You receive a support call from a user who is "stuck" on a web page. She is trying to use the Back button to return to her search results, but the page just displays again with a pop-up message. Is her computer infected with malware?

If it only occurs on certain sites, it is probably part of the site design. A script running on the site can prevent use of the Back button. It could also be a sign of adware or spyware though, so it would be safest to scan the computer using up to date anti-malware software.

Why might a PC infected with malware display no obvious symptoms?

If the malware is used with the intent to steal information or record behavior, it will not try to make its presence obvious. A rootkit may be very hard to detect even when a rigorous investigation is made.

What three broad types of incident documentation might a business require?

Incidents can be categorized as support/troubleshooting, security, and accident (whether to personnel or to assets). You should also consider the effect compliance with regulatory or legal requirements has on the documentation that must be kept.

What three methods of mechanically destroying a hard disk are most effective?

Incineration, degaussing, and shredding. Making the disk unusable by damaging it with a drill or hammer is likely to leave remnants that could in theory be analyzed. Note that degaussing is not effective against SSDs.

How does a smart card provide authentication?

It contains a chip that can store the user's account and credentials securely in a digital certificate that the logon provider trusts. Therefore, possession of the device is confirmation of identity.

Early in the day, a user called the help desk saying that his computer is running slowly and freezing up. Shortly after this user called, other help desk technicians who overheard your call also received calls from users who report similar symptoms. Is this likely to be a malware infection? If so, what type of malware would you suspect?

It is certainly possible. Software updates are often applied when a computer is started in the morning, so that is another potential cause, but you should investigate and log a warning, so that all support staff are alerted. It is very difficult to categorize malware when the only symptom is performance issues. You might say a virus or worm, as the malware is non-stealthy. However, it is equally possible that performance issues could be a result of a badly written Trojan, or a Trojan/backdoor application might be using resources maliciously (for DDoS, Bitcoin mining, spam, and so on).

What is the function of secpol.msc?

It is the image name of the Local Security Policy management console. You can use this to define system security policies, such as password complexity.

Another user calls to say he is trying to sign on to his online banking service, but the browser reports that the certificate is invalid. Should the bank update its certificate, or do you suspect another cause?

It would be highly unlikely for a commercial bank to allow its website certificates to run out of date or otherwise be misconfigured. You should strongly suspect redirection by malware or a phishing/pharming scam.

Your company's static IP address has been placed on a number of anti-spam blacklists. Could this be the result of external fraud or do you need to investigate your internal systems for malware?

It would be very unusual for someone to be able to insert your IP address into multiple blacklists. You should suspect that malware is being used to send spam from your network.

John brought in the new tablet he just purchased and tried to connect to the corporate network. He knows the SSID of the wireless network and the password used to access the wireless network. He was denied access, and a warning message was displayed that he must contact the IT Department immediately. What happened and why did he receive the message?

John's new tablet probably does not meet the compliance requirements for network access. Being a new device, it might not have had updates and patches applied, it might not have appropriate virus protection installed, or it does not meet some othercompliance requirement. This caused the system to appear as a non-compliant system to the network, and network access was denied.

What do all types of social engineering attack have in common?

Many different attacks can be classed as a type of social engineering, but they all exploit some weakness in the way people behave (through manipulation and deception). These weaknesses might arise from politeness and cultural norms, from habitual behavior, or from respect for authority and rank.

What is MDM?

Mobile Device Management (MDM) is a class of management software designed to apply security policies to the use of smartphones and tablets in the enterprise.

How can the use of mobile devices by employees affect the security of an organization as a whole?

Mobile devices can function much like regular computers; therefore, when they are used to send and receive corporate emails and to access systems and data within the corporate network, they are a vulnerability. If a mobile device is lost or stolen, it could be used to access sensitive data or launch attacks. Mobile devices should be secured just as any other system on the corporate network.

What sort of training should you give to end users to reduce the risk of infections?

Not to disable security applications and to be wary of emailed links, file attachments, removable media, and websites from unproven sources.

What type of file scan offers best protection for ordinary users?

On-access scans. These might reduce performance somewhat but very few users would remember to scan each file they use manually before opening.

What type of software license is locked to a single hardware device?

Original Equipment Manufacturer (OEM).

Which of the following computer components presents the most danger from electrical shock? System boards, Hard drives, Power supplies, or System unit.

Power supplies

What is PHI?

Protected Health Information (PHI) is data such as medical records, insurance forms, hospital/laboratory test results, and so on.

What constitutes a strong password?

Something easy to remember but difficult to guess. A password should be sufficiently long and mix alphanumeric and punctuation characters and case.

What are the prerequisites for joining a computer to a domain?

The computer must be running a supported edition of Windows (Professional, Enterprise, or Ultimate). The computer must be joined to the network with an appropriate IP configuration (typically configured via DHCP) and be able to access the domain's DNS server(s). An account with domain administrative credentials must be used to authorize the join operation.

What are the causes of severe battery drain?

The display, radio, and CPU are the components that draw the most power. If an app is overutilizing these resources, it could be faulty, badly written, or this could be a sign of malware activity.

What care should you take when lifting a heavy object?

The main concern is damaging your back. Lift slowly using your legs for power not your back muscles.

While you are assigning privileges to the accounting department in your organization, Cindy, a human resource administrative assistant, insists that she needs access to the employee records database so that she can fulfill change of address requests from employees. After checking with her manager and referring to the organization's access control security policy, Cindy's job role does not fall into the authorized category for access to that database. What security concept is being practiced in this scenario?

The principle of least privilege.

What is incident reporting?

The process of identifying security breaches (or attempted breaches and suspicious activity) to security management personnel.

What is the significance of a $ symbol at the end of a share name?

The share is hidden from the file browser. It can be accessed by typing a UNC. The default administrative shares are all configured as hidden.

Your organization has several tablet devices that are loaned out as needed when employees are traveling. Some users have reported problems getting the Bluetooth keyboard to work with one of the tablets. What should you do?

There are a couple of issues that can cause Bluetooth connectivity problems. First, check whether the device batteries need replacing. Another possibility is that the tablet might need a system update. Finally, the devices might not have been set to discoverable mode. For security purposes, only enable discovery mode on your mobile device when you want a Bluetooth device to find your device; otherwise, keep that setting disabled. The Bluetooth settings must be configured to allow devices to connect to the mobile device. This is also referred to as pairing.

When you set permissions on a folder, what happens to the files and subfolders by default?

They inherit the parent folder's permissions.

What are the principal characteristics of a surge protector?

This is a circuit designed to protect connected devices from the effect of sudden increases or spikes in the supply voltage and/or current. Surge protectors are rated by clamping voltage (low values are better), joules rating (higher values are better), and amperage (the maximum current that can be carried).

While you are answering a service call on a computer that is located in a common area of the office, you come across information showing that some unauthorized websites have been viewed. The activity has been linked to a particular user account. What is the appropriate action to take?

This is likely to demonstrate a clear breach of Acceptable Use Policies (AUP) and will be the subject of disciplinary action by HR. You should not over-assume or over-react, however. Take care to follow best practices for incident response, such as establishing unambiguous evidence and documenting the entire incident.

What might a locator application be used for?

To identify the location of a stolen phone (or, perhaps, members of one's family) and to provide localized services (movies, restaurants, etc).

What basic NTFS permissions do you need to move a file and to copy a file?

To move a file, you need Write permissions for the destination folder and Modify permissions for the source folder; to copy a file, you need Write permissions for the destination folder and Read permissions to the source folder.

Why should use of a smart card be protected by a PIN?

To prevent misuse of the card if it is lost or stolen.

What are the principal characteristics of Trojan malware?

Trojan malware is named after the Trojan Horse. This myth involved Greek warriors hidden in a wooden horse presented as a gift to the city of Troy. The Trojans wheeled the horse into the city and left it unguarded. At night, the Greek warriors slipped out,opened the gates, and let the Greek army in to ravage the city. A Trojan is malware disguised as legitimate software. Most Trojans establish a backdoor so that use of the computer can be subverted by a remote handler.

True or false? If you want the same policy to apply to a number of computers within a domain, you could add the computers to the same Organizational Unit (OU) and apply the policy to the OU.

True.

You are setting up a Windows 10 workstation as a file server for a small office. How many computers can connect to the file share at any one time?

Up to 20 computers.

What are the drawbacks of biometric authentication technologies?

Users find it intrusive, it is relatively expensive (compared to password-based authentication), and there are risks from false positives and false negatives. Some implementations of biometric methods can be vulnerable to spoofing, such as using a photograph to pass through a facial recognition system.

What general methods can be used to prevent a replay attack against a software token?

Using coding techniques to accept a token only once or restrict the timeframe in which a token can be used.

Why must antivirus software be kept up-to-date regularly?

While there are certain heuristic techniques, a scanner is most effective when it can detect viruses that it recognizes. The virus update contains details about new or changed virus threats. If the update is not made, it is quite unlikely that these viruses will be detected if they infect your system.

What does Chain of Custody documentation prove?

Who has had access to evidence collected from a crime scene and where and how it has been stored.

Why are documented business processes essential for effective change management?

Without documented processes, you do not have a means of measuring or specifying the effects of change. Of course, you could be introducing a change to start using documented business processes! But from that point, any project can be measured and evaluated by the changes it makes to documented procedures. Changes that are supported by documented procedures can also be communicated more clearly to staff.

Electrical injuries include electrocution, shock, and collateral injury. Could you be injured if you are not part of the electrical ground current?

Yes, you could receive a thermal burn from the head of an electric arc or electric equipment. Your clothes can catch on fire, or your skin can be burned.

What are the two main types of network topology diagrams?

You can create diagrams to show the physical topology or the logical topology. The physical topology shows the location of cabling and ports plus their bandwidth. The logical topology shows IP addresses and subnets plus security controls such as firewalls. There are lots of other types of network topology diagrams, of course, but physical and logical are the two basic distinctions you can make. It is best practice not to try to create a diagram that shows both.

In Active Directory, what are the options for running a script each time the user logs on?

You can specify scripts to run for a number of users by using group policy and attaching the policy to an appropriate container, such as an OU. You can also specify a script manually for each user account via the account properties.

The contract ended recently for several workers who were hired for a specific project. The IT department has not yet removed all of those employees' login accounts. It appears that one of the accounts has been used to access the network, and a rootkit was installed on a server. You immediately contact the agency the employee was hired through and learn that the employee is out of the country, so it is unlikely that this person caused the problem. What actions do you need to take?

You need to create an incident report, remove or disable the login accounts, isolate the infected server and possibly any user computers that communicate with the server, and remove the rootkit from the server. In terms of wider security policies, investigate why the temporary accounts were not disabled on completion of the project.

A user reports that the touchscreen on his mobile device is not responding properly. What questions should you ask, and what steps might you take to resolve the issue?

You should ask if the touch screen is greasy, wet, or dirty. If it needs cleaning, remind the user to use only a soft cloth moistened with eye glass cleaner to gently wipe the screen. If cleaning is not an issue, ask if it appears to be scratched, cracked, or otherwise damaged. If so, make arrangements to have the touch screen replaced. If there is no visible damage, recalibrate the screen for the user, and check for updates.

What is the difference between the gpupdate and gpresult commands?

gpupdate is used to refresh local policy settings with updates or changes from the policy template. gpresult is used to identify the Resultant Set of Policies (RSoP) for a given computer and/or user account.