Midterm (1-15) exam

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

Which item in the six steps to handling incidents includes a business continuity plan (BCP)? -Eradication -Recovery -Identification -Preparation

Recovery

Regarding incident response, a severity level of Severe may affect the ability to conduct critical operations. -True -False

True

Secure Socket Tunneling Protocol (SSTP) establishes an encrypted tunnel over a Transport Layer Security (TLS) connection. -True -False

True

Server computers provide specific types of services to client applications, either directly or indirectly. Group of answer choices -True -False

True

The File History feature on Windows workstations allows users to identify personal files and designate a location to where they will be automatically backed up. -True -False

True

The Resultant Set of Policy (RSOP) tool shows the specific settings that will result from applying GPOs to a specific user logged on to a specific computer. -True -False

True

The System Development Life Cycle (SDLC) breaks down the software development process into a number of phases with the goal of standardizing and simplifying software development management. -True -False

True

The security concern of enterprise resource planning (ERP) software is that a large portion of an organization's data is centralized. -True -False

True

The term malware refers to a collection of different types of software that share the goal of infiltrating a computer and making it do something. -True -False

True

Where a file server only stores files, a data storage server organizes data and attempts to make the data more accessible than just a list of files. -True -False

True

Pierre seeks to encrypt business-critical areas of the file server. Most important to him is the assurance that no trace of plaintext files can be identified after the encryption process. What encryption method and tool should Pierre use? -Encrypting File System (EFS) file encryption -Encrypting File System (EFS) folder encryption -BitLocker To Go -BitLocker Drive Encryption

Encrypting File System (EFS) folder encryption

Which of the following is NOT one of the problems you might encounter if you implement faulty code to a production environment? -Inconsistent interfaces with other programs -Faulty installation procedure -Properly working application -Inconsistent code and schema changes

Properly working application

Which of the following can read, write, create, or delete data on a database server? -Query -Transaction -Relationship -Proxy

Query

Which of the following is an algorithm that uses the same key to encrypt and decrypt data? -Security certificate -Cipher -Asymmetric algorithm -Symmetric algorithm

Symmetric Algorithm

A microkernel implements only the minimal required functionality in the memory-resident portion of the operating system, such as memory management. Group of answer choices -True -False

True

A service level agreement (SLA) is a contract with a vendor that guarantees replacement hardware or software within a specific amount of time. -True -False

True

A uniform resource locator (URL) contains information for a web server to know how to handle a request from a web browser. -True -False

True

A workgroup is a simple peer-to-peer network in which all computers are treated as equals. -True -False

True

Active Directory is a security control that protects data confidentiality and integrity. -True -False

True

An advantage of network backups is that copying data to another computer or device protects the backed-up data from damage to the primary computer or storage device. -True -False

True

Any event that results in a violation of an organization's security policy, or poses an imminent threat to the security policy, is an incident. -True -False

True

Attackers look for vulnerabilities, or weaknesses, in an operating system and application software. Group of answer choices -True -False

True

Because a comprehensive incident response plan may contain proprietary information, it should be available only to authorized users. -True -False

True

Defining Group Policy Objects (GPOs) in Active Directory gives you the ability to centralize security rules and control how Windows applies each rule. -True -False

True

Each new version of Microsoft Baseline Security Analyzer (MBSA) scans for more vulnerabilities than previous versions. -True -False

True

Good security practices help you react to new threats as well as existing ones. -True -False

True

In a firewall, inbound rules filter inbound network traffic, and outbound rules filter outbound network traffic. -True -False

True

In the SDLC, each phase has defined deliverables. -True -False

True

In the system/information engineering and modeling phase of the SDLC, information is collected about the environment and its requirements. -True -False

True

Kerberos is the default authentication protocol in Windows. -True -False

True

Network communication controls limit the spread of malicious software and traffic. -True -False

True

On a web server, enable auditing of failed logon attempts and failed resource requests to help identify attacks or reconnaissance. -True -False

True

One strategy for reducing a computer's attack surface is to establish controls on running programs to mitigate known vulnerabilities. -True -False

True

The list of access control rules in Windows is referred to as a discretionary access control list (DACL). -True -False

True

Mumford, the systems administrator, is aware that newer versions of Windows Server have extended capabilities to help keep data secure. Currently, with Microsoft Windows Server 2008 R2, his environment uses the feature called File Classification Infrastructure (FCI) to define classification properties for files. Mumford is now wanting to upgrade the environment to Microsoft Windows Server 2016. What additional feature would be available as a result of this upgrade? -More capability to respond to actions that result in file access denial -Enforcing file expiration policies based on classification -Automating classification of files based on location -Capability to tag special types of data, such as Social Security numbers

-Capability to tag special types of data, such as Social Security numbers

Windows applies multiple Group Policy Objects (GPOs) in a specific order, lower to higher. Of the following, which is the highest GPO in the order? -Domain GPOs -Site GPOs defined in Active Directory -Organizational unit GPOs -Local GPOs

-Organizational unit GPOs

Which of the following does Windows provide to protect data in transit? -Multifactor authentication -Public key infrastructure -BitLocker -Encrypting File System (EFS)

-Public key infrastructure

Which of the following best represents due diligence in the context of information security? -A move toward cloud-based applications and components leading to more compliance -Any one of the components, including people, information, and conditions, that support business objectives -The ongoing attention and care an organization places on security compliance -A network device or software that can analyze traffic and detect a potential intrusion based on traffic patterns

-The ongoing attention and care an organization places on security compliance

Which of the following provides a central repository for security policy settings along with the ability to deploy settings to many target locations? -BitLocker management tool -Object discretionary access control lists (DACLs) -Encrypting File System (EFS) -Active Directory

Active directory

Of the following, what makes the use of application servers faster than having applications installed on each user workstation? -Only the application servers need to be updated. -One software license supports all users on one or several servers. -Application servers tend to be closer to the database servers that store the data they need to run. -Application servers are able to more successfully filter network traffic and block suspicious messages.

Application servers tend to be closer to the database servers that store the data they need to run.

Tanya is an incident handler. She is responsible for identifying, analyzing, and responding to security attacks. An employee complains their machine runs slowly. Tanya is not able to identify any malware, but she does notice the employee is an avid fan of Bitcoin. What questions should Tanya ask the employee? -Do you have too many applications running concurrently? -Is the machine performing an antivirus scan? -Is it possible the local drive is full? -Are you running cryptomining software on the machine?

Are you running cryptomining software on the machine?

Which of the following best describes BitLocker Drive Encryption selectivity? -BitLocker can selectively encrypt folders but not individual files. -BitLocker can only be turned on or off for a volume. -BitLocker can selectively encrypt files and folders. -BitLocker can only be turned on or off for a hard drive.

BitLocker can only be turned on or off for a volume.

Which software configuration management (SCM) activity is a set of processes and approval stages required to change a configuration item's attributes and to re-baseline them? -Configuration status accounting -Configuration auditing -Configuration control -Configuration identification

Configuration control

Which of the following is NOT a common form of malware? -Rootkit -Worm -Darwin -Virus

Darwin

Which of the following is a Windows Server 2019 edition designed for large-scale employment on servers that support extensive virtualization? -Standard -Datacenter -Essentials -Web Server

Datacenter

Which of the following is a best practice regarding baselines? -Baselines help you collect and analyze the data required for auditing needs. -A baseline defines the settings and data you want to collect for later comparison and trend analysis. -Baselines can be helpful in ensuring compliance with your security policy. -Develop security templates in Security Configuration and Analysis (SCA) that contain the security settings for each type of workstation and server.

Develop security templates in Security Configuration and Analysis (SCA) that contain the security settings for each type of workstation and server.

Which of the following is NOT considered a best practice for maintaining secure access for remote clients? -Install at least one firewall between a virtual private network (VPN) endpoint and the internal network. -Use global user accounts whenever possible. -Develop a backup and recovery plan for each component in the Remote Access Domain. -Do not encrypt communications in the Remote Access Domain.

Do not encrypt communications in the Remote Access Domain.

A serious incident occurred regarding theft of medical records. After the incident was near completion, law enforcement was brought in to review the collected evidence. The case eventually went to court. Unfortunately, the evidence provided by the computer security incident response team (CSIRT) was ultimately rejected, resulting in the case being thrown out. What was the likely cause of the evidence being rejected? -Health Insurance Portability and Accountability Act (HIPAA) regulations should also have been consulted -Evidence collection was mishandled -The medical records were unrecoverable -Law enforcement was called in too early

Evidence collection was mishandled

A security guideline describes individual tasks users accomplish to comply with one or more security standards, such as the steps to change a password. -True -False

False

Business continuity plans (BCPs) and disaster recovery plans (DRPs) are not designed to be tested. -True -False

False

In the event of a major disruption, a disaster recovery plan (DRP) will rely on the business continuity plan (BCP) to provide an IT infrastructure the organization can use. -True -False

False

Mobile devices without anti-malware software installed can safely connect to an organization's network. -True -False

False

Preventing malware is often far more difficult than removing it. -True -False

False

The primary purpose of a Windows audit is to determine if a system has any malware. -True -False

False

What is an example of a physical control? Group of answer choices -Fire extinguisher -Antivirus software -Firewall rule -Company security policy

Fire Extinguisher

Which of the following is true about the Security Configuration and Analysis (SCA) tool? -It uses audit templates to store the settings that make up baselines. -It allows an administrator to analyze the configuration settings on only legacy Windows computers. -It evaluates the current security state of computers in accordance with Microsoft profiling recommendations. -It can apply a baseline to force current computer settings to match the settings defined in the baseline.

It can apply a baseline to force current computer settings to match the settings defined in the baseline.

Which of the following statements is NOT true regarding the Security Configuration and Analysis (SCA) tool? -It does not allow the use of security templates acquired from some other source. -It uses security templates to store the settings that make up baselines. -It allows an administrator to analyze a computer and compare its configuration settings with a baseline. -It can apply a baseline to force current computer settings to match the settings defined in the baseline.

It does not allow the use of security templates acquired from some other source.

Which of the following is a fast and scalable protocol that allows for secure exchange of information and has been in use since Windows 2000? -Dynamic Access Control (DAC) -Kerberos -Effective permissions -Auditing

Kerberos

Dafne is an IT manager. She needs to acquire 10 new workstation computers for employee use. She wants the workstations to have the latest client operating system. Which of the following should she select? -Microsoft Windows 10 -Microsoft Windows 8.1 -Microsoft Office 365 -Microsoft Azure

Microsoft Windows 10

Frank requires use of a vulnerability scanner. His two priorities are (1) an application that is free or open source, to avoid paying license fees, and (2) to offer full capability for up to 50 devices. Frank's environment is all virtualized. Besides being an open source product, why else would OpenVAS appeal to Frank? -OpenVAS is available as a pre-built virtual appliance. -OpenVAS originally began as a fork of the commercial product Nessus. -OpenVAS can be run in the Windows Subsystem for Linux. -Source code allows organizations to customize OpenVAS as needed.

OpenVAS is available as a pre-built virtual appliance.

Which of the following is true about operating systems? -Operating system kernels provide core services, calling external programs to provide many more operating system services. -Operating systems contain just the kernel. -Operating systems do not support information exchange between programs. -Few programs require input and produce output.

Operating system kernels provide core services, calling external programs to provide many more operating system services.

For a Group Policy Object (GPO) to become active, it must be linked to at least one computer, domain, or which of the following? -Organizational unit (OU) -Local account -Registry -Distribution server

Organizational unit (OU)

Which of the following is a Windows Server feature that forces Group Policy updates on all selected computers? -Windows Group Policy Update -Active Directory Group Policy Update -Local Group Policy Update -Remote Group Policy Update

Remote group policy update

Which of the following is NOT a sound strategy for protecting Active Directory (AD)? -Periodically change the Directory Service Restore Mode (DSRM) password. -Ensure that administrators managing AD do so using separate Administrator user accounts. -Limit the number of administrators with access to AD. -Require that administrators manage AD only from their workstations instead of dedicated terminal servers.

Require that administrators manage AD only from their workstations instead of dedicated terminal servers.

Which of the following anti-malware software component intercepts and scans incoming information for malware in real time? -Shield -Scanner -Signature database -Vault

Shield

John is the backup administrator for a growing organization. He informs his superiors that backups are taking too long to process. John's boss suggests complete backups be done less frequently. What would be the result of implementing the boss's suggestion? -The amount of data changed before completing a restore will increase -The organization will retain fewer copies of backups -The recovery time objective (RTO) will exceed the restore time -The backups will take longer the restore time

The amount of data changed before completing a restore will increase

Various contractors working at the organization all have access to a general projects folder. Unfortunately, Oscar is concerned that contractors hired for one project might be viewing project files of other contractors. What should be Oscar's next step? -Use the Integrity Control Access Control List (icacls.exe) CLI tool to track access -Use the Control Access Control List (cacls.exe) CLI tool to track access -Calculate Microsoft Windows access permissions per project -Use expression-based security audit policy to track contractors' access -Use expression-based security audit policy to track contractors' access

Use expression-based security audit policy to track contractors' access

An organization seeks to identify specific controls that provide assurance for all three security principles: confidentiality, integrity, and availability. Windows uses Kerberos as a control to protect one of the principles. What is the primary risk if Kerberos were taken away? -Users could gain unexpected access -Group Policy Objects (GPOs) could be forged -User identities could be misused -Network bandwidth would degrade or saturated

User identities could be misused

At his company, Kari is responsible for the enterprise resource planning (ERP) application, including its security. Considering the vulnerabilities common in most ERP installations, which of the following sets of controls should Kari consider most valuable to his company's ERP application? -Users use unique accounts with strong authentication, and are trained on acceptable use -Shared service accounts and auditing on all applications united by ERP -Firewall patches are up-to-date, and strong firewall rules and outbound filters for ERP traffic -Management support, particularly with capacity planning

Users use unique accounts with strong authentication, and are trained on acceptable use

Which of the following should NOT be used to secure a wireless network because it is too easily compromised? Group of answer choices -Wi-Fi protected access (WPA/WPA2/WPA3) -Firewall -Service set identifier (SSID) -Wired Equivalent Privacy (WEP)

Wired Equivalent Privacy (WEP)

By default, which of the following does Windows use to allow computers to share resources with each other on a network? -Workgroup -Active Directory -Database list -Security identifier

Workgroup

Which of the following has the largest number of potential victims? -Zero-day attack -Spyware attack -Rootkit attack -Trojan horse attack

Zero-day attack

You can delete the Administrator account but you cannot disable it. -True -False

false

Locky and WannaCry are types of ________. Group of answer choices -hacktivists -technical controls -ransomware -viruses

ransomware


Ensembles d'études connexes

Quiz 1: Prevention & Care of Sports Injury

View Set

MGMT 309 Test 3:Chapter 17—Managing Interpersonal Relations and Communication

View Set

PNU 133 Honan PrepU Managing / Coordinating Care

View Set

Texas Real Estate Chapter 1 Section 9 Prep Test

View Set

MA 140 Chapter 6 Part 3 The Eye and the Sense of Sight Medical Assisting Concorde

View Set

Anatomy and Physiology Chapter 7

View Set