Operating Systems Security
A signature database that is one month old may potentially expose that computer to how many new threats?
2,100,000
If a regular user is a member of four groups how many SID's will be stored in the user's SAT?
5
Windows checks for new or updates GPO's every _______ minutes?
90-120
Which of the following is the best description of a security control?
A mechanism that protects a resource.
Why is a rootkit do difficult to detect?
A rootkit may have modified the tools used to detect it
Defining GPO's in __________ gives you the ability to centralize security rules and control how windows applies each rule?
Active Directory
Which of the following products does MBSA not analyze?
Adobe acrobat
Which of the following is not a goal of a secure environment?
All required information is available to unauthorized users
Which type of encryption algorithm uses two related keys?
Asymmetric
What is the name of the process that proves you are who you say you are?
Authentication
Which of the following services does communication encryption not provide?
Availability
Which of the tenets of information security most directly serves the needs of authorized users?
Availability
Which type of plan addresses minor interruption such as a power outage lasting several hours?
BCP
A recovery strategy that installs the operating system and all software and data on a completely new physical computer is called a _____.
Bare Metal Recovery
Which windows feature allows you to encrypt entire volumes?
BitLocker
The Morris worm explained this vulnerability
Buffer Overflow
Which of the following terms refers to an alternate recovery site that has the basic infrastructure in place, but no configured hardware and no software installed?
Cold Site
Which of the tenets of information security is most related to need-to-know property?
Confidentiality
What structure does the windows operating system use to store collections of permissions for objects?
DACL
Which Microsoft windows server 2008 R2 edition would be most appropriate for large-scale deployment using extensive virtualization?
Datacenter
Using removable media for backups generally ______ data confidentiality, as opposed to using internal disks?
Decreases
Which windows feature uses keys based on a user's password?
EFS
A baseline is the initial settings in a newly installed system?
False
A local resource is any resource connected to the local LAN/
False
A valid backup is all an organization needs to recover from a disaster?
False
Only the Microsoft backup utilities can create valid backup images for windows computers?
False
The only valid uses for restoring a backup image are to recover lost data and quickly load programs and files on completely new computers?
False
Virtual Image snapshots can backup only virtual machines that are not running?
False
Windows will automatically cause a user logoff or system reboot after applying new or changed GPO's?
False
You can only edit user-specific group policy settings in the windows registry editor?
False
Which of the following could be classified as a logical control?
Firewall
Which type of identified was originally developed to identify ActiveX controls?
GUID
Windows stores each GPO in a subfolder with the same name as the ______ of the GPO?
GUID
Which of the following tools lists information about deployed GPO's and other computer specific attributes?
Gpinventory.exe
Which of the following resources is installed with windows?
Group Policy Best Practices Analyzer?
Which of the following statements best describes the relationship between security policy and group policy?
Group policy should implement security policy
Which of the following terms means identifying malware based on past experience?
Heuristic Analysis
Which of the following devices repeats input received to all ports?
Hub
Using removable media for backups generally _______ data availability, as opposed to using internal disks.
Increases
Which of the following is the strongest reason why operating system access controls are insufficient to secure objects?
It's possible to boot into another operating system and bypass access controls
Which protocol does the windows operating system use by default to authenticate computers to exchange security information?
Kerberos
Which term describes the central component of an operating system?
Kernel
What are the two run modes for windows programs?
Kernel mode and user mode
What piece of information is necessary to encrypt and decrypt data?
Key
Which type of the user account is designed using the principle of least privilege?
LUA
Which tool would you most likely use to edit group policy setting in a standalone computer?
Local group policy editor
Which of the following could be classified as a detective contro?
Log Monitor
Which security scanner looks for weak passwords?
MBSA
The security configuration and analysis tool operates at a snap in to the ______.
MMC
Which of the following best describes a zero-day attack?
Malware that is actively exploiting an unknown vulnerability
Who holds the primary responsibility to ensure the security of an organization's information?
Management
Which of the following options are valid approaches to recovering from lost data?
Manually reconstruct lost data & restore from a backup
Which command-line tool provides the same scanning capability as MBSA?
Mbsacli
A ________ is a network that generally spans several city blocks.
Metropolitan Area Network
Which of the following windows components resides in memory to provide the core operating system services.
Microkernel
When designing an audit strategy, you should log access attempts on the ____ number of objects?
Minimum
Does turning off a computer make the information it contains secure?
No, Because secure data must still be available to authorized users.
If a user, userA, is a member of groupA and groupB, and groupB allows read access to helloWorld.c but groupA denies read access to helloWorld.c can user A read helloWorld.c
No, because groupB denies read access to helloWorld.c
Which security scanner runs in a web browser and doesn't require that you install a product before scanning?
OSI
Which of the following statements best describe the relationship between profiling and auditing?
Profiling is often a part of auditing
Which of the following best describes UAC?
Prompts users before escalating to administrator privileges
What is the main goal of information security?
Protect information from unauthorized use
Which of the following best describes the principle of least privilege?
Providing just the necessary access required to carry out a task?
You can use the _____ tool to view the effective settings after all current GPO's are applied to a specific user.
RSOP
Which of the following is the focus of data availability?
Recovery plan
What is the best first step to take if initial actions to remove malware are not successful?
Rescan for malware
Which type of malware modifies or replaces parts of the operating system to hide the fact that the computer has been compromised?
Rootkit
Which Microsoft tool analyzes a computer's settings and computers its configuration with a baseline?
SCA
Which type of identifier is used to identify user groups?
SID
Which protocol commonly provides a secure channel for HTTPS?
SSL/TLS
Which VPN protocol has the fewest issues with NAT's and firewalls?
SSTP
What does NetChk protect limited do that MBSA does not do?
Scans legacy Microsoft products
Which command-line tool provides the same scanning capability as SCA?
Secedit
Which of the following features allows you to restrict the groups to which a GPO applies?
Security Filter
Stored setting that make up a baseline are stored in which type of files?
Security Template
Where is the most likely place a database management system would run?
Server
Which of the following anti-malware components is also referred to as a real-time scanner?
Shield
Which term describes a unique set of instructions that identify malware code?
Signature
A baseline, also called a ______, is a collection of settings at a specific point in time.
Snapshot
When viewing and object's DACL, which permission indicates that advanced permissions have been set?
Special Permissions
Which type of malware covertly primarily collects pieces of information?
Spyware
Where does BitLocker store encryption keys for transparent mode?
TPM
Which of the following best describes RTO?
The goal for how much time a recovery effort should take
According to the Microsoft EULA what is the extent of the damages that can be recovered due to a windows fault?
The price paid for the software license
What is the main purpose of an audit?
To validate compliance
Which type of malware disguises itself as a useful program?
Trojan
MBSA automatically ranks vulnerabilities by severity?
True
The windows group policy feature provides a centralized set of rules that govern the way windows operates?
True
the wbadmin command-line utility performs the same functions as the Microsoft windows backup and restore utility on windows workstations?
True
Which type of authentication is a smart card?
Type 2
What is the best first step to take when malware is discovered soon after installing new software?
Uninstall the new software
Which of the following is the best description of the defense in depth strategy?
Using multiple layers of security to protect resources
Which of the following terms describes a secure location to store identified malware?
Vault
Which of the following is the weakest wireless protocol?
WEP
Which of the following features allows you to restrict the types of operating systems to which a GPO applies?
WMI Filter
Which of the following do you not need to tell the Microsoft windows backup and restore utility?
What type of backup (full, incremental, blocks versus files)
Which folder does windows use to store AD GPO's on the domain controller?
Windows
Which anti-malware tool is included with windows 7?
Windows Defender
Which operating system does not have BitLocker enabled by default?
Windows Server 2008
Which type of malware is a standalone program that replicates and sends itself to other computers?
Worm