Cybersecurity Ch 10 Fundamentals
You are configuring the local security policy of a Windows system. You want to require users to create passwords that are at least 10 characters long. You also want to prevent log on after three unsuccessful logon attempts. Which of the following policies are BEST to configure? (Select TWO).
-Account lockout threshold -Minimum password length
You are configuring the local security policy of a Windows system. You want to prevent users from reusing old passwords. You also want to force them to use a new password for at least 5 days before changing it again. Which of the following policies are BEST to configure? (Select TWO).
-Minimum password age -Enforce password history
Reconnaissance
A type of social engineering exploit that passively gathers information about a potential victim. The goal is to get the information needed to further exploit the victim.
AES stands for Advanced Encryption Standard.
AES keys can be up to 256 bits long, which would take a modern computer trillions of years to brute force.
Which of the following describes a Man-in-the-Middle attack?
An attacker intercepts communications between two network hosts by impersonating each host.
Avoid common words and phrases that are easily guessed or are too short.
Don't use part of a site's name in your password either.
The CEO of a small business travels extensively and is worried about having the information on their laptop stolen if the laptop is lost or stolen. Which of the following would BEST protect the data from being compromised if the laptop is lost or stolen?
Full disk encryption
Dictionary attacks take advantage of people who use short, common words or combinations of these words as their passwords.
It's called a dictionary attack because some hackers can literally try every word in the dictionary! This is quite a long list as there are over one million words in the English language and over 3 million combinations of six letters.
Locator app
Locator applications might help you find a misplaced device before a determined hacker does. Turning off locations services does not improve your device's security and it will make it harder to find your device if you lose it.
If someone is caught trespassing on a network or stealing data, they are probably going to say it wasn't them.
Non-repudiation is taking measures to prove that it most definitely was
Your company wants to use multifactor authentication. Which of the following would you most likely suggest?
PIN and smart card
Denial of service (DOS)
The goal of a denial of service attack is to overload a system so that the services it provides are no longer available to legitimate network clients
man-in-the-middle (MITM) attack
a hacker impersonates a website or app to convince someone to input their password, which they then steal.
POP3 (Post Office Protocol 3)
is an email protocol that will download and delete emails from a mail server.
To maintain access to data on critical systems, most businesses
maintain redundant copies of data on separate disks.
Accounting
means keeping track of who does what on a computer or network
The compromised systems, called zombies, are infected with malware that allows them to be
remotely manipulated by an attacker who's often called a zombie master.
On-path attack
(also known as a man-in-the-middle attack) is a real-time attack on a live network connection. In this type of attack, a hacker intercepts communication between a client and a server. The hacker's computer impersonates the server to the client. At the same, the hacker impersonates the client to the server. The hacker can then intercept and modify the data in transit. With the right software and the right vulnerabilities, this attack is quite easy to perform.
The password policy below incorporates the following: Passwords must include at least one capital letter Passwords must include a mix of letters and numbers Passwords must be different from the past eight passwords Passwords must contain at least one non-alphanumeric character Which of the following password best practices are being used? (Select TWO).
-Password complexity -Password history
Wiretapping
A common threat that involves the direct use of technology. In the digital world, wiretapping is a form of eavesdropping that uses programs such as packet sniffers to capture data being transmitted over a network.
Pretexting
A engineering technique that attempts to trick the victim into revealing sensitive information under false pretenses.
Email attacks
A form of social engineering that attempt to exploit a victim using email messages.
Snooping
A technique used to secretively discover private information about a person, company, or other entity. This is often an insider threat within organizations.
If a malicious user gains access to the system, which component of the framework lets administrators know how they gained access and what exactly they did?
Accounting
Anti-malware
Anti-virus apps can protect your device. Make sure to research, find, and install the most effective ones.
Which of the following components of a successful access control framework is the process of proving that you are who you say you are?
Authentication
Internet usage monitoring
Because inappropriate computer use can be a huge liability for a company, most companies require employees to agree to an acceptable use policy (AUP) or a fair use policy. These types of policies specify exactly what can be done with such things as the corporate network, website, computer/systems, and facilities.
What do biometrics use to perform authentication of identity?
Biological attributes
Browser attacks
Browser attacks are a type of social engineering. The attacker tries to convince the victim that revealing sensitive information or installing malware on the computer is a legitimate task.
A technician is installing a new SOHO wireless router. Which of the following is the FIRST thing the technician should do to secure the router?
Change the router's default password
An accountant needs to send an email with sensitive information to a client and wants to prevent someone from reading the email if it is intercepted in transit. The client's email system does not allow them to receive attachments due to their company security policies. Which of the following should the accountant use to send the email?
Cipher text
You work for a company that offers their services through the Internet. Therefore, it is critical that your website performs well. As a member of the IT technician staff, you receive a call from a fellow employee who informs you that customers are complaining that they can't access your website. After doing a little research, you have determined that you are a victim of a denial-of-service attack. As a first responder, which of the following is the next BEST step to perform?
Contain the problem.
Mark received an email from a software company claiming his account will be disabled soon. The email contains several spelling errors, an attachment, and states he should open the attachment for further instructions. What should Mark do?
Delete the email without opening the attachment.
Ted, an employee in the Sales department has asked a coworker, Ann, in the Production department to update the product descriptions contained in a Sales document. Ann can open the file but, after making changes, can't save the file. Which of the following digital security methods is MOST likely preventing this?
Directory permission EXPLANATION Directory permissions can be set to allow or deny users or groups of users from reading, writing, updating, deleting, or executing files. In this scenario, Ann has read permissions but not write permissions.
Workplace surveillance
Employers may implement guidelines and methods to monitor many aspects of the workplace.
In which of the following situations should you expect total privacy?
Financial transactions
Which of the following security measures is a form of biometrics?
Fingerprint scanner
Which of the following would best prevent an unauthorized person from remotely accessing your computer?
Firewall
Service outage
Google, Amazon, Microsoft, and other cloud hosting businesses work hard to avoid any downtime, but there will always be short periods of hardware or software failure. For this reason, businesses should keep offline copies of any critically important files or applications.
Which Internet protocol is used to transmit encrypted data?
HTTPS
Hardware failure
Hardware failures can occur for many reasons, such as power surges, power spikes, overheating, and dust accumulation
Which of the following is a common form of social engineering attack?
Hoax virus information emails.
keep a close eye on your accounts
If you notice any suspicious activity or your friends tell you that they've received strange messages from you, change your password right away.
pay attention to the kind of connection you're using
If you're using a public Wi-Fi network, any information that you transmit can easily be intercepted by hackers.
in an 8-character alphanumeric password that allows both uppercase and lowercase letters, there are over 200 trillion possible combinations!
It's easy to see why these kinds of attacks require a great deal of computing power.
Device authentication
It's important to configure your screen lock to require some sort of authentication to physically access your device.
Which of the following are the BEST steps you can take to avoid having your mobile device exploited by a hacker or infected by a virus? (Select two.)
Keep the operating system up to date Lock the screen with some form of authentication
Operating system updates
Keeping the operating systems up to date with the latest updates and patches ensures you have fixes for known security issues.
Marketing metadata
Metadata (information about information) can include where and when you use the service, the language you use, the sites you access, keywords from your posts and messages, the kind of device you're using, etc. These companies analyze the data and use it for marketing and advertising. They can also sell their metadata to other companies.
After entering a user ID and password, an online banking user must enter a PIN that was sent as a text message to the user's mobile phone. Which of the following digital security methods is being used?
Multifactor authentication
data destruction can also occur for malicious or accidental reasons
Natural disasters, acts of terrorism, and accidental coffee spills can all harm computer components and destroy data. To prepare for these events, businesses should store regular backups of data in different locations.
Your company has surveillance cameras in your office, uses strong authentication protocols, and requires biometric factors for access control. These are all examples of what principle?
Non-repudiation
Unauthorized changes
On-path attacks, replay attacks, and session hijacking are often used to gain unauthorized access to a system. With system access, hackers can steal even more confidential information. They can also alter or corrupt data. Cyber criminals often launch destructive malware attacks that compromise data integrity and disrupt communication networks.
In which of the following should you expect some privacy?
Personally identifiable information entered into a human resource database
A user has opened a web browser and accessed a website where they are creating an account. The registration page is asking the user for their username (email address) and a password. The user looks at the URL and the protocol being used is HTTP. Which of the following describes how the data will be transmitted from the webpage to the webserver?
Plain text EXPLANATION The information will be transmitted in clear text. The HTTP protocol sends and receives data as plain text, so the user shouldn't enter any private information.
A technician walks into the office with a UPS. What sort of threat will this device prepare a system for?
Power outage
A technician assists Joe, an employee in the Sales department, who needs access to the client database by granting Joe administrator privileges. Later, Joe discovers he has access to the salaries in the payroll database. Which of the following security practices was violated?
Principle of least privilege
Which of the following access controls gives only backup administrators access to all servers on the network?
Role-based
A technician is tasked to add a valid certificate to a mobile device so that encrypted emails can be opened. Which of the following email protocols is being used?
S/MIME
Which of the following protocols can be enabled so email is encrypted on a mobile device?
SSL EXPLANATION SSL, or Secure Socket Layer, can be enabled so email is encrypted on a mobile device.
Secure transactions
Safeguards include sharing a mobile device only with people you trust, never using public Wi-Fi to conduct ecommerce, using strong account passwords, verifying that all online transactions are conducted using data encryption (HTTPS), and conducting ecommerce transactions only with businesses you trust.
Social media and email
Social media, email, instant messaging, and file sharing services generally have controls that let users decide what information is available to which people
Unwanted, unsolicited emails containing advertisements, political rhetoric, hoaxes, or scams are collectively known as _________.
Spam
Data destruction
System administrators are often responsible for the disposal and destruction of sensitive data stored on old hard disks. This is particularly important when storage devices leave an organization
It's a good idea to ____ that come from senders you don't know.
avoid clicking on any email links
A VPN (Virtual Private Network)
creates an encrypted connection over a less secure network, such as the Internet. Sometimes called a tunnel, a VPN allows users to access corporate applications and resources.
Whaling
executives by using information that is tailored specifically to them. Clicking on the link could install malware that allows capture of sensitive company information.
Social engineering
hackers use their social skills to trick people into revealing access credentials or other valuable information
Single Sign-On (SSO) protocols
his means that you only need a single strong password to log into all the different company apps.
IMEI (International Mobile Equipment Identity)
is a number (usually unique) that is assigned by a manufacturer to a mobile device.
Access control
is a part of authorization and usually involves maintaining an access control list of permissions that allow users to perform specific actions.
S/MIME (Secure/Multipurpose Internet Mail Extensions)
is a protocol used to encrypt emails. It allows the sender to digitally sign and encrypt emails. An encrypted email server will encrypt email communications between the server and an email client but will store the email in an unencrypted form. A proper certificate must be used to encrypt and decrypt S/MIME emails.
Role-based Access Control (RBAC)
is a type of access control that restricts access based on the user's role in an organization.
IMAP (Internet Message Access Protocol)
is an email protocol that can be used to synchronize email between multiple email clients on multiple devices.
Physical monitoring
is often used to monitor the physical whereabouts of employees while on company property. This usually done with some type of camera (CCTV). This helps ensure the security of not only the company's assets but can also help in protecting the employees.
distributed denial of service attack (DDOS).
the attacker uses bot malware to enlist multiple systems to increase the magnitude of the attack
brute force attack
the password cracker tries every possible combination of characters
Impersonation
usually refers to a social engineering tactic where a hacker pretends to be a member of senior management who is authorized to gain access to a system. In hacking technology, it can also refer to hijacking a networking session and masquerading as another identity.
Spear Phishing
While this email appears to come from a colleague, notice that the link points to an executable file from a Russian domain name. This is probably not something a real colleague would send.
A large number of compromised computers are infected with malware that allows an attacker (herder) to control them to spread email spam and launch denial-of-service attacks. Which of the following does this security threat describe?
Zombie/botnet
keylogger attack
a hacker manages to install software on another person's computer to record that person's keystrokes. The next time someone enters their password, the hacker will have a record of which keys they pressed.
Replay attacks
a hacker sniffs the packets between a client and a server in hopes of obtaining authentication information. When the client and server are no longer communicating, the hacker resends the captured authentication material and tries to connect to the server.
If a malicious user gains access to the system, proper ____ lets administrators know how they gained access and what exactly they did. They can take steps to prevent further harm with this information.
accounting
Security assurance
allow companies to monitor the type of data employees send to ensure that they are not divulging confidential information or are compromising the company's security
traffic-interruption
attack uses software to interrupt network traffic and intercept passwords as they're passed between computers. This is easier to steal if the information isn't encrypted.
A small business wants to make sure their wireless network is using the strongest encryption to prevent unauthorized access. Which of the following wireless encryption standards should be used?
WPA2
While configuring a wireless access point device, a technician is presented with several security mode options. Which of the following options will provide the most secure access?
WPA2 and AES
Power outage
We all know that without electricity, computer systems won't work. A bigger concern is that when a computer system loses power abruptly, it can corrupt and lose data.
Screen lock
While determined hackers can find ways around a screen lock, having a lock will keep casual users from getting access to your device.
Which of the following is not a form of biometrics?
Smart card
Dictionary attacks often work when?
This type of attack only works when a site or program doesn't lock users out after a certain number of invalid attempts.
Remote wipe
This feature allows you to send a command to your mobile device to delete data. It can keep sensitive information from falling into the wrong hands.
Some of these are identity thieves who steal other people's personal and financial information for their own personal gain.
This information is often referred to as Personally Identifiable Information (PII).
use two-factor authentication
This may mean that a code is sent to you in a text that must be entered before you're allowed to log in, or it could be a personal question you must answer.
make your passwords as strong as possible
This means including a mix of uppercase and lowercase characters, special characters (such as !, ?, or *), and numbers
Monitoring data
To gain an understanding of an employee's productivity, some companies monitor and analyze data communication, such as the duration of phone calls made.
Data protection
To improve the security of sensitive information on your device if it is lost or stolen
What is the best countermeasure against social engineering?
User awareness training
A technician is tasked to configure a mobile device to connect securely to the company network when the device is used at offsite locations where only internet connectivity is available. Which of the following should the technician configure?
VPN
Gloria is concerned that her online banking transactions could be intercepted if she uses public WiFi. Which of the following could she use to prevent access to her online transactions?
VPN
