Chapter 11 - Review Questions
Which of the following is a guideline for creating a security policy? a. A security policy should be enforceable. b. A security policy should have different provisions depending on the user. c. A security policy should be general so rules can be clarified if there is a breach. d. A security policy should be encrypted so black hats can't read it.
a. A security policy should be enforceable. A security policy should be enforceable. A rule that can't be reasonably enforced will almost always be broken.
Which command adds a rule to the Linux netfilter firewall that prevents incoming ping packets from being processed? a. iptables -A INPUT -p icmp -j DROP b. iptables -D INPUT -p icmp -j DENY c. iptables -A INPUT -dport icmp -j DROP d. iptables -D INPUT -dport icmp -j DENY
a. iptables -A INPUT -p icmp -j DROP The command iptables -A INPUT -p icmp -j DROP is valid syntax for adding a netfilter rule that prevents incoming ping packets from being processed.
In multifactor authentication, which of the following is a credential category? (Choose all that apply.) a. knowledge b. inherence c. encryption d. certificates
a. knowledge AND b. inherence Knowledge and Inherence are credential categories.
Which of the following questions must be answered before determining how much security your operating systems need? (Choose two.) a. What tools are used to attack the network? b. What costs are associated with security being breached? c. How likely is it that a threat will actually occur? d. How much data is on the network?
b. What costs are associated with security being breached? AND c. How likely is it that a threat will actually occur? You should know the costs associated with a security breach. You should also know how likely it is that a threat will occur.
Which of the following backup methods backs up any files that have changed since the last full or incremental backup? a. copy b. incremental c. daily d. differential
b. incremental An incremental backup backs up files that have changed since the last full or incremental backup.
This morning you modified five large data files in your home folder in Linux, and now you want to find and delete the files because you no longer need them. Which of the following commands can you use to list and sort files based on the time they were modified? a. locate -d b. ls -t c. rm -m d. df -d
b. ls -t ls -t lists and sorts files based on the time they were modified.
You have a password policy that users must change their password every 90 days. You don't want them to re-use a password for at least 10 passwords. What option should you set on a Windows system to ensure that users can't re-use a recent password? a. Password complexity b. Minimum password age c. Account lockout retries d. Enforce password history
d. Enforce password history The Enforce password history setting ensures that users can't re-use a recent password.
Which of the following is a Windows Defender Firewall profile? (Choose two.) a. Domain b. Realm c. Incoming d. Private
a. Domain and d. Private Domain, Private, and Public are Windows Defender Firewall profiles.
Which of the following is an element of a security policy? (Choose all that apply.) a. authentication policy b. privacy policy c. network address policy d. Active Directory policy
a. authentication policy and b. privacy policy The authentication policy describes how users identify themselves to gain access to network resources. The privacy policy describes what staff, customers, and business partners can expect for monitoring and reporting operating system use.
Which of the following forms of authentication involves a CA to verify a computer or user's identity? a. digital certificate b. preshared key c. biometric d. Kerberos
a. digital certificate A certification authority (CA) verifies a certificate applicant's authenticity.
Which backup scheme requires the fewest tapes to perform a full restore? a. full backup plus differential b. full backup plus daily c. daily backup plus incremental d. full backup plus incremental
a. full backup plus differential A full backup plus differential requires the fewest tapes because it only requires the tapes for the full backup and the last differential backup.
What should you install on an operating system to prevent potentially harmful network packets from entering or leaving the OS? a. host firewall b. digital certificate c. protocol analyzer d. Kerberos
a. host firewall A host firewall protects an OS from harmful packets that enter or leave the OS.
Bill Smith has just been prompted to change his password. He has a list of possible passwords he is considering. Which of the following passwords is considered the most secure? a. B!11$miTh b. I L!kE H0cky c. Bbb1111 d. Abcde!@#$
b. I L!kE H0cky I L!kE H0cky is the most secure because it is a passphrase that has uppercase and lowercase letters, numbers, and special characters.
Your organization's Windows Server 2016 server has 8 GB of RAM but has been running a little slow, so you decide to check the virtual memory configuration. You find that the paging file is located on the C: drive, where Windows is installed. The paging file is about 12 GB. Is there anything you can do to configure the paging file for optimal performance? a. Decrease the paging file size to 4 GB. b. Move it to another disk. c. Increase the paging file size to 24 GB. d. No, it is configured optimally.
b. Move it to another disk Because the paging file is extensively used, you should locate it on a separate physical disk from the Windows system disk.
Which of the following should be a common element in any security policy? a. passwords of at least 12 characters b. malware protection c. encryption of all documents d. network access that is limited to working hours
b. malware protection Malware protection should be a common element in any security policy because malware can affect any system.
Your Linux workstation runs slowly when you use certain applications. You decide to determine how much virtual memory is used when you run these applications. Which of the following commands enables you to determine virtual memory usage? a. sfiles b. vmstat c. netstat d. vfiles -s
b. vmstat The vmstat command monitors paging, which tells you the virtual memory usage.
In Linux, you are preparing to delete the tprice user account because the user has just left the company. However, before you delete the account, you want to list all files owned by tprice so you can decide which files to keep. What command enables you to view all files owned by the tprice account? a. ls -owner tprice b. lsuser tprice c. find / -user tprice d. scan -owner tprice
c. find / -user tprice find / -user tprice will list all files owned by the tprice account.
What is the default Windows Update configuration in Windows 10? a. Manually download, automatic install b. Automatically download, prompt to install c. Disabled d. Automatically download and install
d. Automatically download and install The default Windows Update configuration in Windows 10 is Automatically download and install.
Your boss has asked that you secure communication between the server that holds personal identifying information of your clients and all other computers. Which of the following technologies can you use? a. EFS b. BitLocker c. RADIUS d. IPsec
d. IPsec IPsec protects data that is transferred through network communication.
You have a medium-sized business of over 300 Windows 10 computers and 15 Windows Server 2016 and 2019 servers. You have found that the computers are using a lot of bandwidth every night when they check for updates on Microsoft's update servers. In addition, you have no easy way of knowing which computers are up to date with the latest security patches. What is the best way to reduce the bandwidth usage and more easily document which computers have the proper updates? a. Download updates and burn them to a DVD, and use the DVD to install the updates on each computer. The DVD will also serve as documentation. b. Create a script to stagger when computers perform updates and send a list of installed updates to a server. c. Configure the computers to compress the updates they receive from Microsoft. d. Install Windows Server Update Services on one of your servers.
d. Install Windows Server Update Services on one of your servers. Windows Server Update Services (WSUS) can reduce bandwidth usage caused by Windows updates because only the update server has to access the Internet. Plus, WSUS can produce reports on updates.