MTA 98-367 Security Fundamentals pt2
What are the best two things can you to do protect yourself from viruses and other forms of malware?
Keep Windows up-to-date with the newest security updates and use an up-to-date anti-virus software package. Some viruses, worms, rootkits, spyware, and adware gain access to a system by exploiting security holes in Windows, Internet Explorer, Microsoft Office, or some other software package. Therefore, the first step you should take to protect yourself against malware is to keep your system up-to-date with the latest service packs, security patches, and other critical fixes. Second, use an up-to-date antivirus software package.
What limits how fast a password for an encrypted file is cracked?
The speed of your computer, particularly your processor Passwords stored in an encrypted state are harder to break than passwords stored in clear text or in a hashed state. However, with today's computing power, even encrypted password stores are being compromised by password-cracking attacks.
What steps can you do to prevent someone from hacking your password?
Use strong passwords and change them frequently. Dictionary and brute-force attacks tend to be most successful when a password's length is seven characters or less. Each additional character adds a significant number of possible passwords. Such attacks are often successful because users sometimes use common words with the first letter capitalized and then append a number to meet the complexity guidelines. These are the easiest passwords for users to remember, but they are also the easiest for an attacker to compromise.
What might happen if you require passwords to be too long?
Users will try to circumvent the password. A 14-character password is difficult for most users to remember. When passwords become this long, users often start breaking out the note paper and writing down their passwords, which defeats any security benefits you may have established by requiring a 14-character password in the first place.
Which IPsec protocol provides integrity protection for packet headers, data, and user authentication but does not encrypt the data load? a) AH b) ESP c) IKE d) LDAP
a) AH Authentication Header (AH) provides integrity protection for packet headers, data, and user authentication. It can optionally provide replay protection and access protection. AH cannot encrypt any portion of packets. For AH to work with NAT, the IP protocol number 51 needs to be allowed across the firewall.
What special area serves as a buffer area between the Internet and the internal network and can be used to hold web servers that are accessed from the Internet? a) DMZ b) NAT c) VLAN d) PLC
a) DMZ In computer networking, a demilitarized zone (DMZ) is a firewall configuration used to secure hosts on a network segment. In most DMZs, the hosts on the DMZ are connected behind a firewall that is connected to a public network such as the Internet. Another common configuration is to have the firewall connected to an extranet that has connections to customers, vendors, or business partners. DMZs are designed to provide access to systems without jeopardizing the internal network.
Which tab in Internet Explorer settings would you use to delete history and cookies? a) General b) Privacy c) Security d) Advanced
a) General When you use a browser to access the Internet, you may be revealing personal information and a great deal about your personality. Therefore, you need to take steps to ensure that this information cannot be read or used without your knowledge. A cookie is a piece of text stored by a user's web browser. To clean out history, temporary files, and cookies, open the Internet Options and select the General tab.
What seven-layer model is often used to describe networking technologies and services? a) OSI b) TCP/IP c) IPX/SPX d) DIX
a) OSI The OSI model is a conceptual model, created by the International Organization for Standardization (ISO) in 1978 and revised in 1984, to describe a network architecture that allows the passage of data between computer systems. Although never fully utilized as model for a protocol, the OSI model is nonetheless the standard for discussing how networking works.
What host firewall is included with Windows 7? a) Windows Firewall b) Windows Defender c) Microsoft Protector d) Microsoft Safety Net
a) Windows Firewall Microsoft recommends that you always use Windows Firewall. However, because some security packages and antivirus packages include their own firewalls, you can choose to run an alternative firewall—but you should use only one firewall.
What type of attack tries to guess passwords by trying common words? a) dictionary attack b) brute-force attack c) man-in-the-middle attack d) smurf attack
a) dictionary attack A dictionary attack uses a dictionary containing an extensive list of potential passwords that the attacker then tries with a user ID in an attempt to guess the appropriate password. The earliest versions of this type of attack actually used lists of words from the dictionary as the basis of logon attempts.
Which type of routing protocol sends the entire routing table to its neighbors? a) distance vector b) link state c) scalable driven d) infinity
a) distance vector Distance vector-based routing protocols require that each router inform its neighbors of its routing table. This is done by sending the entire routing table when the router boots and then resending it at scheduled intervals. Each router takes the updates from its neighboring routers and then updates its own routing table based on this information. RIP is one example of a distance vector-based routing protocol that is supported by Windows Server 2008.
What type of device isolates a network by filtering the packets that can enter it? a) firewall b) bridge c) gateway d) switch
a) firewall A firewall is a system designed to protect a computer or computer network from network-based attacks. A firewall does this by filtering the data packets traversing the network.
What type of server would you install that would be used to trap a hacker? a) honeypot b) NAT c) IPS d) IDS
a) honeypot Honeypots, honey nets, and padded cells are complementary technologies to IDS/IPS deployments. A honeypot is designed to distract hackers from real targets, detect new vulnerabilities and exploits, and learn about the identity of attackers.
You have several Internet web servers that need to communicate with a SQL server. Where would you place the SQL server? a) internal network b) DMZ c) Internet d) isolated VLAN
a) internal network Web servers are the most common servers found in DMZ networks. Accessed via HTTP over port 80 or HTTPS over port 443 for secure access, web servers are commonly Internet-accessible. However, because the SQL server needs more security, it needs to be placed in the internal network.
What prevents users from changing a password multiple times so that they can change it to their original password? a) minimum password age b) maximum password age c) password history d) account lockout
a) minimum password age The minimum password age setting controls how many days users must wait before they can reset their password. This setting can be a value from one to 998 days. If set to 0, passwords can be changed immediately. Although this seems to be a fairly innocent setting, too low a value could allow users to defeat your password history settings.
What do spammers and hackers look for when they want to send email through your network? a) open SMTP servers b) open web servers c) open POP3 servers d) open FTP servers
a) open SMTP servers Simple Mail Transfer Protocol (SMTP), one of the primary email protocols, is used to transfer email from one server to another and is responsible for outgoing mail transport. SMTP uses TCP port 25. Although you may think your email servers function only for users to send and retrieve email, they also may be used to relay email. For example, web and application servers may relay email through their email servers, such as when you order something over the Internet and a confirmation email is sent to you.
What type of firewall filters packets based on IP address and ports? a) packet-filtering b) circuit-filtering c) application-level d) stateful
a) packet-filtering When you configure a packet-filtering firewall rule, you generally use one or more of the following TCP/IP attributes: • Source IP addresses • Destination IP addresses • IP protocol (telnet, ftp, http, https, etc.) • Source TCP and UDP ports (e.g., the http protocol runs on TCP port 80) • Destination TCP and UDP ports • The inbound firewall network interface • The outbound firewall network interface
What malware gives administrator-level control over a computer system? a) rootkit b) Trojan horse c) worm d) spyware
a) rootkit A rootkit is a software or hardware device designed to gain administrator-level control over a computer system without being detected. Rootkits can target the BIOS, hypervisor, boot loader, kernel, or (less commonly) libraries or applications.
What do you call multiple Windows updates that have been packaged together as one installation and are well tested? a) service packs b) cumulative packs c) critical update d) optional update
a) service packs A service pack is a tested cumulative set of hotfixes, security updates, critical updates, and updates, as well as additional fixes for problems found internally since the release of the product.
What do you call unsolicited junk email? a) spam b) j-mail c) junkettes d) Infected mail
a) spam Email has become an essential service for virtually every corporation. Unfortunately, much of the email received by company employees consists of unsolicited messages called spam or junk email, some of which can carry malware and may lead to fraud or scams.
Which type of malware can copy itself and infect a computer without the user's consent or knowledge? a) virus b) Trojan horse c) rootkit d) backdoor
a) virus A computer virus is a program that can copy itself and infect a computer without the user's consent or knowledge. Early viruses were usually some form of executable code that was hidden in the boot sector of a disk or as an executable file (that is, a filename with an .exe or .com extension). Later, viruses mutated enough to affect data documents that included macro languages.
What do you call a message warning you to delete an essential Windows file? a) virus hoax b) keylogger c) backdoor d) worm
a) virus hoax A virus hoax is a message warning recipients of a nonexistent computer virus threat, usually sent as a chain email that tells the recipient to forward it to everyone they know. This is a form of social engineering that plays on people's ignorance and fear.
What is used to prevent someone from guessing a password multiple times?
account lockout settings The account lockout settings are a critical defense against guessing a password, because an account lockout will either slow or even stop a brute-force attack in its tracks after the configured number of incorrect logon attempts is reached.
How many firewalls would you use to create a sandwich DMZ? a) 1 b) 2 c) 3 d) 4
b) 2 A sandwich DMZ model uses both an outer firewall and an inner firewall. The outer firewall secures the DMZ network segment from the external (insecure) network. Servers that are meant to be accessed from the external network (such as the Internet) have the appropriate rules configured to permit secure access.
What OSI layer do switches and bridges use? a) 1 b) 2 c) 3 d) 4
b) 2 The Data Link layer (Layer 2) connects the data layer to the physical layer so that data can be transmitted across the network. The Data Link layer handles error detection, error correction, and hardware addressing (that is, the address of a network interface card). Switches and bridges are devices that work with the destination MAC addresses to determine where to forward a packet.
Which type of system detects unauthorized intruders and then takes action to stop them from proceeding? a) IDS b) IPS c) VLAN d) NAT
b) IPS An intrusion prevention system (IPS) is similar to an IDS, except that in addition to detecting and alerting, an IPS can also take action to prevent a breach from occurring.
What Microsoft technology can verify that a client has the newest Windows updates and has an updated antivirus software package before being allowed access to the network? a) IPsec b) NAP c) SCCM d) SCOM
b) NAP Recognizing the need for administrators to have more granular control over what systems connect to a network, Microsoft introduced Network Access Protection (NAP) as part of the Windows Server 2008 operating system. NAP is a solution that allows administrators a more powerful way to control access to network resources. NAP's controls are based on the client computer's identity and whether that computer complies with the configured network governance policies.
What email validation system is designed to stop spam that uses source address spoofing? a) Foremost Relay System b) Sender Policy Framework c) Spam Checking Networking d) Spoof Checker
b) Sender Policy Framework Sender Policy Framework (SPF) is an email validation system designed to stop spam that uses source address spoofing. SPF allows administrators to specify in DNS SPF records in the public DNS which hosts are allowed to send email from a given domain. If email for a domain is not sent from a host listed in the DNS SPF, it will be considered spam and blocked.
What malware looks like a useful or desired executable program but is in reality program that is supposed to cause harm to your computer or steal information from your computer? a) virus b) Trojan horse c) worm d) backdoor
b) Trojan horse A Trojan horse is an executable program that appears as a desirable or useful program. Because it appears to be desirable or useful, users are tricked into loading and executing it on their systems. After the program is loaded, it might cause a user's computer to become unusable, or it might bypass the user's system security, allowing private information (including passwords, credit card numbers, and Social Security numbers) to be accessible by an outside party. In some cases, a Trojan horse may even execute adware.
What technology allows a user at home to connect to the corporate network? a) NAT b) VPN c) DMZ d) PLC
b) VPN VPN (Virtual Private Network) is a technology that uses encrypted tunnels to create secure connections across public networks such as the Internet. VPNs are commonly used by remote employees for access to the internal network, to create secure network-to-network connections for branch offices or business partner connections, or even to create secure host-to-host connections for additional security and isolation on an internal network. VPNs utilize encryption and authentication to provide confidentiality, integrity, and privacy protection for data.
What server can be used to install Windows updates for your organization? a) SCOM b) WSUS c) IIS d) WDS
b) WSUS For corporations, you can also use Windows Server Update Service (WSUS) or System Center Configuration Manager (SCCM) to keep your systems updated. The advantage of using one of these two systems is that it allows you to test the patch, schedule the updates, and prioritize client updates. After you determine a patch is safe, you can enable it for deployment.
What software component comes with Windows Vista and Windows 7 to defend against spyware? a) Windows Firewall b) Windows Defender c) UAC d) Windows Anti-virus
b) Windows Defender Windows Defender is a software product from Microsoft that is intended to prevent, remove, and quarantine spyware in Microsoft Windows. This program helps protect your computer against pop-ups, slow performance, and security threats caused by spyware and other unwanted software by detecting and removing known spyware from your computer.
What type of attack tries to guess passwords by every combination of characters? a) dictionary attack b) brute-force attack c) man-in-the-middle attack d) smurf attack
b) brute-force attack Another, more crude type of attack—called a brute-force attack—doesn't rely on lists of passwords, but rather tries all possible combinations of permitted character types. Although this type of attack was historically considered ineffective, improvements in processor and network performance have made it more useful, although not nearly as effective as a dictionary attack.
What setting forces users to change their password? a) minimum password age b) maximum password age c) password history d) account lockout
b) maximum password age The maximum password age setting controls the maximum period of time that can elapse before you are forced to reset your password. This setting can range from one to 999 days, or it can be set to 0 if you never want passwords to expire.
A _____________ is a program that give someone remote, unauthorized control or a system or initiates an unauthorized task.
backdoor A backdoor is a program that gives someone remote, unauthorized control of a system or initiates an unauthorized task. Some backdoors are installed by viruses or other forms of malware. Other backdoors may be created by programs on commercial applications or with a customized application made for an organization.
What port does SMTP use? a) 21 b) 23 c) 25 d) 443
c) 25 Simple Mail Transfer Protocol (SMTP) is used to relay and deliver email. It uses TCP port 25.
On which OSI layer do routers function? a) 1 b) 2 c) 3 d) 4
c) 3 The Network layer is primarily responsible for routing. This layer defines the mechanisms that allow data to be passed from one network to another. How the data is passed is defined by the routing protocols. As a result, a router is typically known as a Layer 3 device.
What port does LDAP use? a) 25 b) 443 c) 389 d) 3389
c) 389 Lightweight Direct Access Protocol (LDAP) is a common directory service used to locate and access resources on a network. Users TCP port 389.
What is the generally accepted minimum password length? a) 4 b) 6 c) 8 d) 12
c) 8 The length of a password is a key component of its strength. Password length is the number of characters used in a password. A password with two characters is considered highly insecure, because a very limited set of unique passwords can be made using two characters. Therefore, a two-character password is considered easy to guess. On the other side of the spectrum is the 14-character password. Although extremely secure relative to a two-character password, a 14-character password is difficult for most users to remember. The generally accepted minimum password length is eight characters.
What type of firewall is also known as a proxy server? a) packet-filtering b) circuit-filtering c) application-level d) stateful
c) application-level Application-level firewalls (also known as proxy servers) work by performing a deep inspection of application data as it traverses the firewall. Rules are set by analyzing client requests and application responses, and then by enforcing correct application behavior. Application-level firewalls can block malicious activity, log user activity, provide content filtering, and even protect against spam and viruses. Microsoft Internet Security and Acceleration Server is an example of an application-level firewall.
Which of the following servers would you not place on the DMZ? a) Internet web server b) email relay servers c) email mailbox servers d) proxy servers
c) email mailbox servers In computer networking, a DMZ is a firewall configuration used to secure hosts on a network segment. You should place Internet web servers, email relay servers, and reverse proxy servers on a DMZ. SQL servers and mailbox servers should be on the internal networks.
What malicious software captures every keystroke and sends it to a hacker? a) dictionary software b) password leaker c) keylogger d) sniffer
c) keylogger Anytime your computer can be physically accessed by an attacker, that computer is at risk. Physical attacks on your computer can completely bypass almost all security mechanisms, such as by capturing the passwords and other critical data directly from the keyboard when a software or hardware keylogger is used. In fact, if your encryption key passes through a keylogger, you might find that even your encrypted data is jeopardized.
What type of device looks at a packet and forwards it based on its destination IP address? a) bridge b) switch c) router d) VLAN
c) router When a router receives a packet that must be forwarded to a destination host, the router has to determine whether it can deliver the packet directly to the destination host, or whether it needs to forward the packet to another router. To make this determination, the router examines the destination network address.
What are the only passwords that should not expire? a) administrator accounts b) power users c) service accounts d) standard user
c) service accounts Passwords should always expire, except in extremely unique circumstances, such as service accounts for running applications. Although this may add administrative overhead to some processes, passwords that don't expire can be a serious security issue in virtually all environments.
Which Internet Explorer zone is the least secure? a) Internet zone b) local intranet zone c) trusted sites zone d) restricted sites zone
c) trusted sites zone The trusted sites zone contains sites from which you believe you can download or run files without damaging your system. You can assign sites to this zone. The default security level for the trusted sites zone is Low, which means Internet Explorer will allow all cookies from websites in this zone to be saved on your computer and read by the website that created them. The next least secure is the local intranet, which is configured as Medium-Low.
What type of self-replicating program copies itself to other computers on a network without any user intervention and consumes bandwidth and computer resources? a) virus b) Trojan horse c) worm d) backdoor
c) worm A worm is a self-replicating program that copies itself to other computers on a network without any user intervention. Unlike a virus, a worm does not corrupt or modify files on the target computer. Instead, it consumes bandwidth and processor and memory resources, slowing the system down or causing it to be unusable. Worms usually spread via security holes in operating systems or TCP/IP software implementations.
n which OSI layer do TCP and UDP function? a) 1 b) 2 c) 3 d) 4
d) 4 The Transport layer does exactly what its name implies: It provides the mechanisms for carrying data across a network. This layer uses three main mechanisms to accomplish this task: segmentation, service addressing, and error checking. TCP and UDP are Layer 4 protocols.
What Windows feature notifies you when something tries to make changes to your computer without your knowledge? a) WDS b) NAT c) Windows Defender d) UAC
d) UAC User Account Control (UAC) is a feature that started with Windows Vista and is included with Windows 7. UAC helps prevent unauthorized changes to your computer and, in doing so, helps protect your system from malware.
What technology can you use to isolate a network of servers so that they cannot interact with other servers? a) bridge b) switch c) router d) VLAN
d) VLAN Accordingly, virtual LANs (VLANs) were developed as an alternate solution to deploying multiple routers. VLANs are logical network segments used to create separate broadcast domains, but they still allow the devices on the VLAN to communicate at Layer 2 without requiring a router. VLANs are created by switches, and traffic between VLANs is switched rather than routed, which creates a much faster network connection because a routing protocol isn't needed. Even though the hosts are logically separated, the traffic between them is switched directly as though they were on the same LAN segment.
What technique is used to send you to a fake, but realistic-looking, website to verify your account information? a) spoofing b) smurfing c) man-in-the-middle d) phishing
d) phishing Phishing is a technique based on social engineering. With phishing, users are asked (usually through email or websites) to supply personal information in one of two ways: • By replying to an email asking for their username, password, and other personal information, such as account numbers, PINs, and Social Security number • By navigating to a convincing-looking website that urges them to supply their personal information, such as passwords and account numbers
What type of software can you use to view usernames and passwords broadcasted over the network? a) dictionary software b) password leaker c) keylogger d) sniffer
d) sniffer Sniffers are specially designed software (and in some cases hardware) applications that capture network packets as they traverse a network, displaying them for the attacker. Sniffers are valid forms of test equipment, used to identify network and application issues, but the technology has been rapidly co-opted by attackers as an easy way to grab logon credentials.
What malware collects a user's personal information or details about your browsing habits without your knowledge? a) virus b) Trojan horse c) worm d) spyware
d) spyware Spyware is a type of malware that is installed on a computer to collect a user's personal information or details about browsing habits, often without the user's knowledge. Spyware can also install additional software, redirect your web browser to other sites, or change your home page. One example of spyware is the keylogger, which records every key a user presses.
What type of firewall looks at the previous conversations to determine if a packet should enter a network? a) packet-filtering b) circuit-filtering c) application-level d) stateful
d) stateful Stateful inspection takes packet filtering to the next level. In addition to examining the header information of the packets traversing the firewall, a stateful inspection firewall considers other factors when determining whether traffic should be permitted across the firewall. Stateful inspection also determines whether a packet is part of an existing session, and that information can be used to decide whether to permit or deny a packet.
Which of the following should users not do when dealing with passwords? a) Avoid allowing other users from seeing you type in your password. b) Write down your password on a piece of paper and keep it near your computer. c) Do not use names of children and pets. d) Do not give your password to your co-workers e) b, c, and d
e) b, c, and d Don't use common items that represent you, such as names of children, spouses, girlfriends, and pets. Protect your password by not giving it to other people and avoid allowing people from seeing you type in your password. Don't write your password on paper.
______________ is software that is designed to infiltrate or affect a computer system without the owner's informed consent.
malware Malicious software, sometimes called malware, is software designed to infiltrate or affect a computer system without the owner's informed consent. The term malware is usually associated with viruses, worms, Trojan horses, spyware, rootkits, and dishonest adware. As a network administrator or computer technician, you need to know how to identify malware, remove it, and protect a computer from it.