Lesson 17 A Managing Security Settings// Browser Security // Workstations security// Workstation Security Issues
Cryptomining software
A cryptominer hijacks the resources of the host to perform cryptocurrency mining. This is also referred to as cryptojacking.
keylogger
A keylogger is spyware that actively attempts to steal confidential information by recording keystrokes.
2. What type of account management policy can protect against password-guessing attacks?
A lockout policy disables the account after a number of incorrect sign-in attempts.
A server administrator helps the human resources department whitelist the internal website for their new training platform. What will the administrator need to do to ensure the web page shows up as secure? Adjust the firewall. Configure browser sign-in. Add trusted certificates. Whitelist in the web application firewall.
Add trusted certificates
Which of the following best describes group policy? File and folder permissions An administrative tool for updating anti-virus An administrative tool for enforcing settings A special type of anti-virus
An administrative tool for enforcing settings
What is an eicar file? An anti-virus testing tool A malicious virus A macro virus A scanner exclusion
An anti-virus testing tool
Apps
Apps support document editing in the context of the browser. They are essentially a means of opening a document within a cloud app version of a word processor or spreadsheet.
A security manager sets up a defense in depth mechanism and sets up monitoring to catch communications from the attacker to the malware. What is the manager monitoring for? A.Spyware B.C2 C.Keylogger D.Rootkit
C2
Why is DNS configuration a step in the malware remediation process?
Compromising domain-name resolution is a very effective means of redirecting users to malicious websites. Following malware infection, it is important to ensure that DNS is being performed by valid servers.
A server administrator notices that a few servers in their screened subnet (demilitarized zone) went from around 5% central processing unit (CPU) utilization to 95%. They also notice the machines lack many patches. If malware infects the servers, what is the likely cause? A.Crypto-ransomware B.Cryptomining software C.Rogue antivirus D.RAT
Cryptomining software
You are completing a checklist of security features for workstation deployments. Following the CompTIA A+ objectives, what additional item should you add to the following list, and what recommendation for a built-in Windows feature or features can you recommend be used to implement it?
Data-at-rest encryption. In Windows, this can be configured at file level via the Encrypting File System (EFS) or at disk level via BitLocker.
What is a path exclusion? Defines a folder location to always scan Defines a file to always scan Defines a file to never scan Defines a folder location to never scan
Defines a folder location to never scan
A security analyst baselines web activity and notices several caveats with browsers. For example, they notice that when a user types in a query, a query is actually made after every typed key. The analyst is trying to group browser activity together. Which browser is based on the same code as Chrome? Edge Internet Explorer Safari FireFox
Edge
A manager is responsible for client laptops, and is concerned about exposing data on the disks to a different OS and the permissions becoming overridden. What will help prevent this possible attack? A.Windows Defender Firewall B.Windows Defender Antivirus C.Encrypting File System D.Execution control
Encrypting File System
A developer wants to create functionality for a web browser by making API calls on the back end. What should the developer build? Plug-ins Extension Apps Themes
Extension
Extensions add or change a browser feature via its application programming interface (API). The extension must be granted specific permissions to make configuration changes. With sufficient permissions, they can run scripts to interact with the pages the developer is looking at.
Extensions
A security administrator wants to set up anomalistic monitoring around behavioral-based user activity. Which of the following could the administrator implement for monitoring? (Select all that apply.) A.Failed attempts B.Login times C.Concurrent logins D.Screen lock
Failed attempts Login times Concurrent logins
1. True or false? An organization should rely on automatic screen savers to prevent lunchtime attacks.
False. A lunchtime attack is where a threat actor gains access to a signed-in user account because the desktop has not locked. While an automatic screensaver lock provides some protection, there may still be a window of opportunity for a threat actor between the user leaving the workstation unattended and the screensaver activating. Users must lock the workstation manually when leaving it unattended.
True or false? Using a browser's incognito mode will prevent sites from recording the user's IP address.
False. Incognito mode can prevent the use of cookies but cannot conceal the user's source IP address. You do not need to include this in your answer, but the main way to conceal the source IP address is to connect to sites via a virtual private network (VPN).
A security analyst receives a notification of possible malware based on common indicators. They run several different antivirus software against the disk, and the scans indicate no malware. What is the analyst's computer likely infected with? A.Fileless malware B.Worm C.Boot sector virus D.Viruses
Fileless malware
You receive a support call from a user who is "stuck" on a web page. She is trying to use the Back button to return to her search results, but the page just displays again with a pop-up message. Is her computer infected with malware?
If it only occurs on certain sites, it is probably part of the site design. A script running on the site can prevent use of the Back button. It could also be a sign of adware or spyware though, so it would be safest to scan the computer using up-to-date anti-malware software.
Why might a PC infected with malware display no obvious symptoms?
If the malware is used with the intent to steal information or record behavior, it will not try to make its presence obvious. A rootkit may be very hard to detect even when a rigorous investigation is made.
Early in the day, a user called the help desk saying that his computer is running slowly and freezing up. Shortly after this user called, other help desk technicians who overheard your call also received calls from users who report similar symptoms. Is this likely to be a malware infection?
It is certainly possible. Software updates are often applied when a computer is started in the morning, so that is another potential cause, but you should investigate and log a warning so that all support staff are alerted. It is very difficult to categorize malware when the only symptom is performance issues. However, performance issues could be a result of a badly written Trojan, or a Trojan/backdoor application might be using resources maliciously (for DDoS, Bitcoin mining, spam, and so on).
Another user calls to say he is trying to sign-on to his online banking service, but the browser reports that the certificate is invalid. Should the bank update its certificate, or do you suspect another cause?
It would be highly unlikely for a commercial bank to allow its website certificates to run out of date or otherwise be misconfigured. You should strongly suspect redirection by malware or a phishing/pharming scam.
A security manager is setting up a password policy for users. Which of the following is the best security practice when it comes to passwords? Password expiration Length Character mix Memorable Solution
Length
RAT
Modern malware is usually designed to implement some type of backdoor, also referred to as a remote access Trojan (RAT).
A security consultant has recommended blocking end-user access to the chrome://flags browser page. Does this prevent a user from changing any browser settings?
No. The chrome://flags page is for advanced configuration settings. General user, security, and privacy settings are configured via chrome://settings.
A user visits a news site that they go to frequently and the news seems to be the same as it was the previous day. The user also hears complaints about people not having internet which is odd since they are on their normal news site. What is most likely going on? A.User is in private mode. B.There are pop-up blockers. C.User is on a different switch. D.Page is cached.
Page is cached
PII
Paper copies of personal and confidential data must not be left where they could be read or stolen. A clean desk policy ensures that all such information is not left in plain sight.
A developer is reading their email and comes across a new memorandum from the security department about a clean desk policy. Why does security need to publish this? A.Personal identifiable information (PII) protection B.Secure critical hardware C.Prevent lunchtime attack D.Protect UEFI
Personal identifiable information )PII) protection
Plug-ins
Plug-ins play or show some sort of content embedded in a web page, such as Flash, Silverlight, or other video/multimedia format.
When configuring the home web server, the destination port was set to 80. What specific type of configuration would have been achieved by setting the destination port to 8080? Port mapping Port triggering UPnP DMZ host
Port Mapping
A helpdesk operator is reviewing a notification that a user clicked links in a very suspicious email. What is the second step the operator should take? A.Disable System Restore. B.Look for missing or renamed files. C.Look for services masquerading as legitimate services. D.Quarantine.
Quarantine
Crypto Ransomware
Ransomware is a type of malware that tries to extort money from the victim. Crypto-ransomware attempts to encrypt files on any fixed, removable, and network drive.
Rogue antivirus
Rogue antivirus is a particularly popular way to disguise a Trojan. In the early versions of this attack, a website would display a pop-up disguised as a normal Windows dialog box with a fake security alert.
Spyware
Spyware is malware that can perform browser reconfigurations, such as allowing tracking cookies, changing default search providers, opening arbitrary pages at startup, adding bookmarks, and so on.
2. A security consultant has recommended more frequent monitoring of the antivirus software on workstations. What sort of checks should this monitoring perform?
That the antivirus is enabled, is up to date with scan engine components and definitions, and has only authorized exclusions configured.
What primary indicator must be verified in the browser before using a web form?
That the browser address bar displays the lock icon to indicate that the site uses a trusted certificate. This validates the site identity and protects information submitted via the form from interception.
A company must deploy custom browser software to employees' workstations. What method can be used to validate the download and installation of this custom software?
The package can be signed using a developer certificate issued by a trusted certificate authority. Alternatively, a cryptographic hash of the installer can be made, and this value can be given to each support technician. When installing the software, the technician can make his or her own hash of the downloaded installer and compare it to the reference hash.
Themes
Themes change the appearance of the browser using custom images and color schemes
A security manager in charge of the vulnerability program for the enterprise is looking at mobile security. They are reading about a "walled garden" approach. What does this entail? Autorun Antivirus Concurrent logins Trusted source
Trusted source
A security manager wants to set up a program where they can proactively mitigate malware infection as much as possible. Which of the following is least helpful in this endeavor? A.User training B.Scheduled scans C.Update trusted root certificates D.On-access scanning
Update trusted root certificates
rootkit
When dealing with a rootkit, administrators should be aware that there is the possibility that it can compromise system files and programming interfaces so that local shell processes no longer reveal their presence.
Add trusted certificates
When using enterprise certificates for internal sites and a third-party browser, the administrator must ensure that the internal CA root certificate is added to the browser.
Why might you need to use a virus encyclopedia?
You might need to verify symptoms of infection. Also, if a virus cannot be removed automatically, you might want to find a manual removal method. You might also want to identify the consequences of infection— whether the virus might have stolen passwords, and so on.
A Firefox user wants to open up their browser settings to configure their intranet as the home page. How can the Firefox user access the settings? chrome://settings edge://settings firefox://settings about:preferences
about:preferences
What is the command to force a refresh of group policies? gpupdate /force updatepolicy /now grouppol /force updpolicy /now
gpupdate /force