A+ pc pro ch 13 security
A user reports that his machine will no longer boot properly. After asking several questions to determine the problem, you suspect the user unknowingly downloaded malware from the internet, and that the malware corrupted the boot block. Based on your suspicions, which of the following actions would you MOST likely take to correct the problem? (Select TWO.)
-Boot from the windows installation DVD and use the recovery environment to run a startup repair. -Reimage the machine
You provide desktop support at the branch office of a bank. One of the Windows workstations you manage is used by a bank employee to set up new customer accounts and fill out customer loan applications. Each user account on the system has been assigned a strong password. A cable lock has been installed to prevent it from being stolen. Which of the following steps could be completed to BEST increase the security of this system? (Select TWO).
-Disable all USB ports in the BIOS/UEFI firmware configuration -Remove the optical drive
One of the Windows workstations you manage has three user accounts defined on it. Two of the users are limited users while the third (your account) is an administrative user. Each limited and administrative user has been assigned a strong password. File and folder permissions have been assigned to prevent users from accessing each other's files. Which of the following would MOST likely increase the security of this system? (Select TWO).
-Disable autorun on the system -Set a screensaver password
You provide desktop support at the branch office of a bank. One of the Windows workstations you manage is used to set up new customer accounts and fill out customer loan applications. Each user account on the system has been assigned a strong password. File and folder permissions have been assigned to prevent users from accessing each other's files. Which of the following would MOST likely increase the security of this system? (Select TWO. Each option is a complete solution.)
-Install a privacy filter on the monitor -Secure the computer system to the desk with a cable lock
Anna, a home office user, employs a technician to check the security on a computer that was hacked. The technician discovers that the user's password is the name of Anna's dog and hasn't been changed in over a year. Which of the following security best practices should the technician recommend? (Select TWO).
-Require a strong password -Set a password expiration period
First Responder tasks
-contain the damage or incident as much as possible. -do not damage any evidence. -initiate an escalation procedure to ensure that the right people are informed and that the right people are brought to the incident site. -initiates the documentation of the incident.
Which of the following are examples of social engineering? (Select TWO).
1) Dumpster diving 2) Shoulder surfing
What are the most common means of virus distribution? (Select TWO).
1) Malicious web sites 2) E-mail
Cloud-based protection
A feature that provides real-time protection by sending information to microsoft about potential security threats discovered by Windows Defender. Requires automatic sample submissions to be enabled.
What is a cookie?
A file saved on your hard drive that tracks Web site preferences and use.
Organizational security policy
A high-level overview of the organizations security program.Written by security professionals, supported by senior management. Identifies: -roles and responsibilities to support and maintain the elements of the security program. -what is acceptable and unacceptable regarding security management -rules and responsibilities for enforcement of the policy.
LoJack
A mechanism that is used to secure systems that are prone to being stolen such as notebook systems. Implanted within a chi[ on the motherboard itself and you can use it to recover a stolen system by: Report its current location using GPS query LoJack HQ to see if that systems been reported as stolen.
Trusted Platform Module (TPM)
A mechanism used to secure systems that are vulnerable to theft. Special chip on motherboard that generates and stores cryptographic keys.
Chassis intrusion detection
A motherboard feature that helps you identify when a system case has been opened.
Privacy Filter
A polarized sheet of plastic to restrict screen visibility
User Education and Awareness Policy
A policy with provisions for user education and awareness training. train users to not: -click links in phishing email -visit malicious sites and downloading unauthorized software. -responding to social engineering attempts. Designed to: -familiarize employees tin organizations security policy. -communicate standards, procedures, and baselines that apply to the employees job. -facilitate employee ownership and recognition of security responsibilities. -explain how to respond to security events.
Rootkit
A set of software tools used by an attacker to hide the actions or presence of other types of malicious software.
Automatic sample protection
A software feature that allows windows defender to send information to microsoft for use in analyzing and identifying new malware.
Real-time protection
A software function that alerts you when spyware/unwanted software attempts to install itself or run on your computer.
Offline scanning
A system feature that causes the system to reboot and Windows Defender to run a scan in an offline state. Allows some types of malware to be removed that normally cant be removed from a running system.
Scheduled scanning
A system feature that checks computer files for malware. Quick scan:checks file system locations that are most likely infected by spyware. Full scan: checks al files in file system, registry, all currently running applications and other critical areas of OS. Custom scan: only locations you specify.
Rainbow table
A table of hash values and their corresponding plaintext values that can be used to look up password values if an attacker is able to steal a system's encrypted password file.
Denial-of-service attack
AKA DoS or DDos. when a device or an application is overwhelmed with remote connections from bonnets and it crashes because it cannot process all of them.
While browsing the internet, you notice that your browser displays pop-ups containing advertisements that are related to recent keyword searches you have performed. What is this an example of?
Adware
Which of the following security practices are the BEST example of the principle of least privilege?
All users on a Windows workstation are limited users except for one user who is responsible for maintaining the system.
Which of the following is an important aspect of evidence gathering?
Backing up all log files and audit trails
Your anti-malware software has detected a virus on your Windows 10 system. However, the anti-malware software is unable to remove it. When you try to delete the files, you can't because they are in use. Which of the following actions would be BEST to try first?
Boot into Safe Mode and try removing the malware
You have been asked to draft a document related to evidence gathering that contains details about personnel in possession and control of evidence from the time of discovery up through the time of presentation in court. What type of document is this?
Chain of custody
Which of the following indicates that a system case cover has been removed?
Chassis intrusion detection
You want to configure your computer so that a password is required before the operating system will load. What should you do?
Configure a user password in the BIOS/UEFI
Jose, a medical doctor, has a mobile device that contains sensitive patient information. He is concerned about unauthorized access to the data if the device is lost or stolen. Which of the following is the BEST option to prevent this from happening?
Configure the device to remote wipe as soon as it reported lost.
Joe, a bookkeeper, works in a cubicle environment and is often called away from his desk. Joe doesn't want to sign out of his computer each time he leaves. Which of the following are the BEST solutions for securing Joe's workstation? (Select TWO).
Configure the screen lock to be applied after a short period of nonuse. Configure the screen saver to require a password.
You work for a company that offers their services through the internet. Therefore, it is critical that your website performs well. As a member of the IT technician staff, you receive a call from a fellow employee who informs you that customers are complaining that they can't access your website. After doing a little research, you have determined that you are a victim of a denial of service attack. As a first responder, which of the following is the next BEST step to perform?
Contain the issue.
Masquerading
Convincing personnel to grant access to sensitive information by pretending to be someone who is authorized.
Which of the following functions are performed by the TPM?
Create a hash based on installed system components.
Acceptable use Policy (AUP)
Defines an employee's rights to use company property such as: -using computer equipment -accessing data stored on company computers -using the company's network. -accessing the internet through the organizations network.
You just bought a new notebook. This system uses UEFI firmware and came with Windows 10 preinstalled. However, you want to use Linux on this system. You download your favorite distribution and install it on the system, removing all Windows partitions on the hard disk in the process. When the installation is complete, you find that the operating system won't load when the system is rebooted. Which of the following would allow your computer to boot to Linux?
Disable SecureBoot in the UEFI configuration.
Autorun
Disable autorun
Employees in a small business have a habit of transferring files between computers using a USB flash drive and often bring in files from outside the company. Recently, a computer was infected with malware from a USB flash drive even though the employee did not access any files. Which of the following options would prevent this issue in the future?
Disable autorun
One of the Windows workstations you manage has four user accounts defined on it. Two of the users are limited users while the third (your account) is an administrative user. The fourth account is the Guest user account, which has been enabled to allow management employees convenient workstation access. Each limited and administrative user has been assigned a strong password. File and folder permissions have been assigned to prevent users from accessing each other's files. Autorun has been disabled on the system. Which of the following actions is MOST likely to increase the security of this system?
Disable the Guest account
Your client has hired you to evaluate their wired network security posture. As you tour their facility, you note the following: Server systems are kept in a locked server room. User accounts on desktop systems have strong passwords assigned. A locked door is used to control access to the work area. Users must use ID badges to enter the area. Users connect their personal mobile devices to their computers using USB cables. Users work in three 8-hour shifts per day. Each computer is shared by three users. Each user has a limited account on the computer they use. Based on this information, which of the following would you MOST likely recommend your client do to increase security?
Disable the USB ports on user's workstations.
A technician was able to stop a security attack on a user's computer. When conducting a forensic investigation, which of the following actions should be performed FIRST?
Document what's on the screen
A technician upgrades the hard drive on a computer in the accounting department and decides to donate the old drive to a local trade school. Which of the following is the BEST method to ensure that the accounting data can't be recovered?
Drive wipe
A technician wants to destroy the data on a hard drive and repurpose it as a spare drive. Which of the following data destruction methods allow the reuse of the hard drive?
Drive wipe
You have implemented a regular backup schedule for a Windows system, backing up data files every night and creating a system image backup once a week. For security reasons, your company has decided to not store a redundant copy of the backup media at an offsite location. Where would be the next best place to keep your backup media?
In a locked fireproof safe.
You have recently had an issue where a user's Windows computer was infected with a virus. After removing the virus from the computer, which of the following is the NEXT step you should take?
Install all OS updates
You have installed anti-malware software that checks for viruses in e-mail attachments. You configure the software to quarantine any files with problems. You receive an email with an important attachment, but the attachment is not there. Instead, you see a message that the file has been quarantined by the anti-malware software. Which of the following BEST describes what happened to the file?
It has been moved to a folder on your computer
Which of the following best describes spyware?
It monitors the actions you take on your machine and sends the information back to its originating source.
Shoulder surfing
Looking over the shoulder of someone working on a computer.
While reviewing video files from your organization's security cameras, you notice a suspicious person using piggy-backing to gain access to your building. The individual in question did not have a security badge. Which of the following would you MOST likely implement to keep this from happening in the future?
Mantraps
A malicious person calls an employee from a cell phone. She tells the employee that she is the vice president over the accounting department in the employee's company. She relates that she has forgotten her password and demands that the employee give her his password so that she can access the reports she needs for an upcoming presentation. She threatens to fire the employee if he does not comply. Which of the following BEST describes the type of attack that just occurred?
Masquerading
You are configuring the local security policy of a Windows system. You want to require users to create passwords that are at least 10 characters long. You also want to prevent logon after three unsuccessful logon attempts. Which of the following policies are BEST to configure? (Select TWO).
Minimum password length Account lockout threshold
Forensic investigation
Performed to gather evidence and identify the methods used in the attack. Performed by -Live analysis: examines a running computer system to analyze the live network connection. -Dead analysis: examines data at rest, such as analyzing hard drive contents.
A user within your organization received an email relating how an account containing a large sum of money has been frozen by the government of a small African nation. The user was offered a 25 percent share of this account if she would help the sender transfer it to a bank in the United States. The user responded to the sender and was instructed to send her bank account number so that it could be used to facilitate the transfer. She complied, and then the sender used the information to drain her bank account. What type of attack occurred?
Phishing
Joe, a user, receives an email from a popular video streaming website. The email urges him to renew his membership. The message appears official, but Joe has never had a membership before. When Joe looks closer, he discovers that a hyperlink in the email points to a suspicious URL. Which of the following security threats does this describe?
Phishing
Several users have forwarded you an email stating that your company's health insurance provider has just launched a new website for all employees. To access the site, they are told to click a link in the email and provide their personal information. Upon investigation, you discover that your company's health insurance provider did not send this email. Which of the following BEST describes the type of attack that just occurred?
Phishing
Which of the following is a form of attack that tricks victims into providing confidential information, such as identity information or logon credentials, through emails or websites that impersonate an online entity that the victim trusts, such as a financial institution or well-known e-commerce site?
Phishing
You have purchased new computers and will be disposing of your old computers. These computers were previously used for storing highly-sensitive customer order information, including credit card numbers. To properly protect the accidental discovery of the company's sensitive information, which of the following steps MUST be completed prior to getting rid of the computers?
Physically destroy the hard drives with a hammer.
A technician assists Joe, an employee in the sales department who needs access to the client database, by granting him administrator privileges. Later, Joe discovers he has access to the salaries in the payroll database. Which of the following security practices was violated?
Principle of least privilege.
Written by security professionals, supported by senior management. Identifies: -roles and responsibilities to support and maintain the elements of the security program. -what is acceptable and unacceptable regarding security management -rules and responsibilities for enforcement of the policy.
Privacy filter.
You have purchased a used computer from a computer liquidator. When you boot the computer, you find that there has been a password set on the BIOS. You need to clear the password so that you can edit the CMOS settings. What should you do?
Remove the motherboard battery for a few seconds.
Password policy
Requirements for passwords used to authenticate to company owned systems.
The chain of custody is used for what purposes?
Retaining evidence integrity by identifying people coming into contact with evidence
You have a computer that runs Windows 10. Where would you go to verify that the system has recognized the anti-malware software installed on the system?
Security and Maintenance
Which of the following are common forms of social engineering attacks?
Sending hoax virus information emails.
Code of Ethics
Set of rules that define ethical behavior. Requires everyone to: -conduct themselves in accordance with the highest standards of moral, ethical, and legal behavior. -not commit or be a party to any unlawful or unethical act that may negatively affect their professional reputation or of the organization. -openly cooperate with ongoing investigations.
Drive locking
Setting a password on the system hard disk
While organizing a storage cabinet, a technician discovers a box of hard drives that are incompatible with current hardware and may contain sensitive data. Which of the following is the BEST method for disposing of these drives?
Shredding
You have a set of DVD-RW discs that have been used to archive files for your latest development project. You need to dispose of the discs. Which of the following methods should you use to BEST prevent extracting data from the discs?
Shredding
A security technician is conducting a forensic analysis. Which of the following actions is MOST likely to destroy critical evidence?
Shutting down the system
Most anti-malware software that protects a single host uses a _____ ____ scanning system
Signature-based
Joe, an executive, receives an email that appears to be from the financial institution that provides his company credit card. The text of the email includes Joe's name and the company name and states that there is a problem with Joe's credit card. The email provides a link to verify the credit card, but when Joe hovers over the link, he thinks the web address seems strange. Which of the following BEST describes this type of attack?
Social engineering
Which type of malicious activity can be described as numerous unwanted and unsolicited email messages sent to a wide range of victims?
Spamming
A security incident is currently occurring on the company network. You discover that the attack involves a computer system that is attached to the network. You're unsure what kind of damage is being done to the network systems or data. Which of the following actions should you take FIRST?
Stop the attack and contain the damage by disconnecting the system from the network.
An intruder waits near an organization's secured entrance until an employee approaches the entrance and unlocks it with a security badge. The intruder falls in line behind the employee, who assumes the intruder is another employee and holds the door open for her. Which of the following BEST describes the type of attack that just occurred?
Tailgating
An unauthorized person gains access to a secured area by following an authorized person through a door controlled by a badge reader. Which of the following security threats does this sentence describe?
Tailgating
You are a security consultant. An organization has hired you to review their security measures. The organization is chiefly concerned that it could become the victim of a social engineering attack. Which of the following actions would you MOST likely recommend to mitigate the risk?
Teach users how to recognize and respond to social engineering attacks
incident response
The actions taken to deal with an incident during and after the incident. Involves: -identification and containment of the problem -investigation of how the problem occurred and the forensics to preserve the evidence that may be used in a criminal investigation. -removal and eradication of the cause of the incident. -recovery and repair of any damages. -documentation and report of the incident and implantation of countermeasures and processes to reduce the likelihood of a future attack.
Damage containment
The first step in responding to an incident should be to take actions to stop the attack and contain the damage. For example, if the attack involves a computer system attached to the network, the first step might be to disconnect it from the network. Although you want to preserve as much information as possible to assist in later investigations, it might be better to stop the attack, even if doing so alerts the attacker or results in the loss of evidence regarding the attack.
You just bought a new computer. This system uses UEFI firmware and comes with Windows 10 preinstalled. You recently accessed the manufacturer's support website and saw that a UEFI firmware update has been released. You download the update. However, when you try to install the update, an error message is displayed that indicates the digital signature on the update file is invalid. Which of the following is MOST likely caused this to happen?
The update file has been tampered with.
You are a security consultant and have been hired to evaluate an organization's physical security practices. All employees must pass through a locked door to enter the main work area. Access is restricted using a biometric fingerprint lock. A receptionist is located next to the locked door in the reception area. She uses an iPad application to log any security events that may occur. She also uses her iPad to complete work tasks as assigned by the organization's CEO. Network jacks are provided in the reception area such that employees and vendors can access the company network for work-related purposes. Users within the secured work area have been trained to lock their workstations if they will be leaving them for any period of time. Which of the following recommendations are you MOST likely to make to this organization to increase their security? (Select TWO).
Train the receptionist to keep her iPad in a locked drawer when not in user Disable the network jacks in the reception area.
What is a program that appears to be a legitimate application, utility, game, or screensaver, but performs malicious activities surreptitiously?
Trojan horse
A _______ is a malicious program that disguised as a legitimate or desirable software.
Trojan horse. Usually hidden within useful software such as games. Cannot replicate itself Relies on user decisions and actions to spread. Often contains spy or back door functions that allow a computer to be remotely controlled from the network.
Which security measure can be used to generate and store cryptographic keys?
Trusted Platform Module (TPM)
While trying to log on, a user accidentally typed the wrong password three times, and now the system is locked because he entered too many incorrect passwords. He still remembers his password, but he just typed it wrong. He needs access as quickly as possible. Which of the following would allow the user to log on?
Unlock the account
You have 5 salespersons who work out of your office and who frequently leave their laptops laying on their desk in their cubicles. You are concerned that someone might walk by and take one of these laptops. Which of the following is the BEST protection to implement to address your concerns?
Use cable locks to chain the laptops to the desks
You have purchased new computers and will be disposing of your old computers. Instead of recycling the computers, you decide to resell them by placing an ad on the Internet. These computers were previously used for storing sensitive information. To properly protect the accidental discovery of the company's sensitive information, which of the following steps MUST be completed prior to getting rid of the computers?
Use data wiping software to clear the hard drives
You are responsible for disposing of several old workstations formerly used by accountants in your organization's Finance department. Before being shipped to a computer recycler, you decide to make sure any old data on the hard drives is erased. To do this, you use the Windows XP Installation CDs that came with these systems to delete all partitions from the hard drives. Which of the following BEST describes what needs to be done before the systems are ready to be recycled?
Use disk wiping software to fully erase the drives on the systems
What is the best countermeasure against social engineering?
User awareness training
Principle If least privilege
Users should have only the necessary degree of access to the workstation.
A _____ is a program that attempts to damage a computer system and replicate itself to other computer systems
Virus. Requires a replication mechanism which is a file that it uses as a host. replicates only when an activation mechanism is triggered. Programmed with an objective which usually is to destroy, compromise or corrupt data.
A ____ is a self-replicating program
Worm. Doesn't require a host file to propagate. Automatically replicated itself without an activation mechanism. Can travel across networks without user assistance.
A large number of compromised computers are infected with malware that allows an attacker (herder) to control them to spread email spam and launch denial-of-service attacks. Which of the following does this security threat describe?
Zombie/botnet
Which of the following is an example of a strong password?
a8bT11$yi
Bob calls and complains that he has suddenly started getting a lot of unwanted email. Which of the following is the BEST type of software to install to help solve Bob's problem?
anti-spam
A public library has purchased a new laptop computer to replace their older desktop computers and is concerned that they are vulnerable to theft. Which of the following laptop features should be used to physically secure the laptop?
cable lock
Which are examples of a strong password? (Select TWO).
il0ve2EatIceCr3am TuxP3nguinsRn0v3l
Which of the following is the process of fixing problems detected by anti-virus software so that the computer is restored to its original state?
remediation
Phishing
uses an email and spoofed website to gain sensitive information.
What is the common name for a program that has no useful purpose, but attempts to spread itself to other systems and often damages resources on the systems where it is found?
virus
