Questions, MTA 98-367: Security Fundamentals Overview
A ___________ is generally defined as the probability that an event will occur that can cause harm to a computer system, service, or network.
risk A risk is generally defined as the probability that an event will occur. In reality, businesses are concerned about only risks that would negatively affect the computing environment. For instance, you might risk winning the lottery on Friday—but that's not a risk your company is going to actively address, because it would be something positive.
A ____________ is an authentication example using the something you have factor.
smart card
Kerberos clients must have their time within five minutes of each other to prevent a _____________ error.
time skew
You can reduce risk by reducing
vulnerabilities
Which are common symptoms of a virus infection? (2 answers)
1. New icons appear spontaneously on the desktop. 2. An installed antivirus program is disabled and will not restart.
Which of the following can protect email from potential threats? (Choose all that apply.) A. Antivirus software B. Disabling automatic display of graphics C. Enabling pharming D. Educating users (use spaces between the letters )
A (Antivirus software) B (Disabling automatic display of graphics ) D (Educating users)
What are the three As (AAA) of security? A. Authentication, authorization, and accounting B. Authentication, accountability, and accounting C. Accountability, access control, and accounting D. Authorization, access control, and auditing
A (Authentication, authorization, and accounting)
Of the following choices, what is the best method to protect against malware? A. Installing antivirus software and keeping it up to date B. Disabling unneeded services C. Removing unnecessary protocols D. Enabling a firewall
A (Installing antivirus software and keeping it up to date)
Which Audit Policy selection records any time a user logs onto a local system? A. Logon Events B. Account Logon Events C. System Events D. Process Tracking
A (Logon Events)
You want to provide public access to a Web Server. Visitors to the Web Server should not have access to your internal network. You need to configure what?
A perimeter network. (Basically a DMZ)
To implement multifactor authentication you should :
A smart card and a pin
Of the following choices, which authentication protocol is the weakest? A. Kerberos B. LM C. NTLMv1 D. NTLMv2
B (LM)
What kind of DNS record resolves an IP address to a host name? A. A record B. PTR record C. SPF record D. MX record
B (PTR record)
What is meant by reducing the attack surface of a system? A. Disabling needed services B. Removing unneeded protocols C. Keeping a system up to date D. Disabling the firewall
B (Removing unneeded protocols)
Which of the following is a type of malware that appears to be something else? A. Buffer overflow B. Trojan horse C. Virus D. Worm
B (Trojan horse)
The majority of spam is sent out by _____________.
Botnets
___________ represent a real threat today.
Botnets
What is the primary difference between a virus and a worm? A. There is none. They're both the same. B. A worm requires user intervention to spread, but a virus doesn't. C. A virus requires user intervention to spread, but a worm doesn't. D. A virus is malware, but a worm is antivirus software.
C (A virus requires user intervention to spread, but a worm doesn't)
What is the difference between identification and authentication? A. Nothing. They're the same. B. Identification proves an identity. C. Authentication proves an identity. D. Identification authenticates an individual, and authentication provides authorization.
C (Authentication proves an identity.)
You want to deploy a domain controller to a branch office. However, the branch office has very little physical security. What should you do? A. Don't deploy the domain controller. B. Deploy DNS with the domain controller, and use secure dynamic updates. C. Deploy a read-only domain controller (RODC). D. Remove Administrator accounts before deploying the domain controller.
C (Deploy a read-only domain controller (RODC))
4. Which Audit Policy selection records modifications to Active Directory? A. Privilege Use B. Account Management Events C. Directory Service Access D. Policy Change
C (Directory Service Access)
What tool can you use for free on Windows Server 2008 to check for and remove many types of malware threats? (Choose all that apply.) A. Security Essentials 2010 B. Microsoft Security Essentials C. Microsoft Windows Malicious Software Removal Tool D. Microsoft Forefront
C (Microsoft Windows Malicious Software Removal Tool)
What tool can you use to create a comprehensive security policy as an XML file on a Windows Server 2008 system? A. Microsoft Baseline Security Analyzer (MBSA) B. System Center Configuration Manager (SCCM) C. Security Configuration Wizard (SCW) D. Windows Server Update Services (WSUS)
C (Security Configuration Wizard (SCW))
One method of conducting pharming is through DNS _____________.
Cache Poisoning
An implementation of which security principle ensures that secrets stay secret
Confidentiality
Your Active Directory domain's network computers access the Internet through a Network Address Translation (NAT) server deployed on a perimeter network. You need to ensure that the same Internet Explorer (IE) browser security policies are used by tall clients. What should you do?
Create a domain-level Group Policy (GPO).
Which of the following can't be used to update a system? A. Automatic Updates B. WSUS C. SCCM D. DNS
D (DNS)
Which of the following choices can be used to automatically collect events on a single server from multiple servers? A. Process Tracking Events auditing B. MBSA C. Automatic archiving D. Event subscriptions
D (Event subscriptions)
Which one of the following is the strongest password? A. password B. Password C. PAssWord D. Pa$$w0rd
D (Pa$$w0rd)
Of the following choices, what isn't a valid use of a RADIUS server A. Authenticate VPN clients B. Authenticate wireless clients C. Provide port-based authentication D. Provide authentication for 802x database servers
D (Provide authentication for 802x database servers)
Which is used to validate DNSsec responses?
Digital signature
You are a network administrator. You need to minimize the attack surface for your network. What would this involve?
Ensuring that only required features are enabled.
What tool can you use to view audited events?
Event viewer
True FALSE: After Microsoft has released security updates, clients are no longer vulnerable to the exploits that the updates resolve.
False
True false: If you want to audit all access to a folder, all you have to do is enable Object Access auditing in the Audit Policy.
False
True or false If files are encrypted on a server using EFS, they're automatically encrypted when a user uses offline folders.
False
True or false You should separate DNS from Active Directory Domain Services for enhanced security.
False
Which represents a security threat to your DNS environment?
Footprinting, the process of maliciously gaining info about domains.
You can enforce a password policy through_________
Group Policy
Microsoft Security Baseline Analyzer (MSBA) is used to?
Identify security misconfigurations and missing security updates on network computers.
You have a wireless network. You need to ensure that only specific client computers are able to access the wireless network. What should you do?
Implement MAC filtering.
The implementation of techniques that map to which security principle help to ensure that an unauthorized change to data is detected
Integrity
Which type of security service is concerned with preventing or detecting any tampering with data?
Integrity.
What is the advantage of preventing a wireless access point (WAP) from broadcasting its Service Set Identifier (SSID)?
It prevents the WAP from appearing in the list of available wireless networks.
Which authentication protocol uses time-stamped tickets to minimize the likelihood of replay attacks?
Kerberos
Which protocol is used for smart card interactive logon to the local WIndows Active Directory domain?
Kerberos
___________ can detect weak passwords for accounts on Microsoft systems.
MBSA
Microsoft has created an antivirus tool for desktop operating systems. It's available for free for home and small-business users and provides real-time protection. What is this tool?
Microsoft security essentials
If users forget their password, they can reset the password with a _____________, as long as they created it before forgetting their password.
Password- reset disk
A brute-force attack is one of many methods used to discover _____________.
Passwords
Which type of certification authority (CA) issues its own certificates?
Root CA.
What factor of authentication is used when a user's fingerprints are checked?
Something you are
If you want to ensure that an audit-log entry records each time a system is shut down, you should enable Successful entries for _____________ auditing.
System events
What will happen when you move a file you encrypted through the encrypting file system (EFS) to an unencrypted folder on an NTFS partition?
The file remains encrypted.
What is the primary purpose of a firewall?
To protect the network by restricting incoming and outgoing network traffic.
True or false You should separate Terminal Services from Active Directory Domain Services for enhanced security.
True
True or false: You can enable secure dynamic updates only on DNS servers installed on a domain controller.
True
What causes the Windows 7 Desktop to dim when a user attempts an action requiring administrative approval?
UAC
Which is the role of Health Registration Authority (HRA) in Network Access Protection (NAP)?
Validating and requesting a health certificate for compliant clients.
You can secure audit logs with _________ media.
WORM (WRITE ONCE READ MANY)
Which wireless security method uses Temporary Key Integrity Protocol (TKIP) encryption?
WPA uses and requires TKIP.
You want to ensure that mobile clients receive timely operating system updates. Some clients rarely connect to the internal business network. Which should you use?
Windows Update Agent (WUA).
Network Access Protection (NAP) is able to check the status of?
Windows updates, firewall protection, spyware protection, and antivirus protection.
Malicious software that masquerades as a beneficial utility is known as?
a trojan horse.
What do you call the process in which a user is identified via a username and password? a) authentication b) authorization c) accounting d) auditing
a) authentication Authentication is the process of identifying an individual, usually based on a username and password. After a user is authenticated, he can access network resources based on his authorization.
What is the process of identifying an individual? a) authentication b) authorization c) accounting d) auditing
a) authentication In the world of information security, AAA (authentication, authorization, and accounting) is a leading model for access control. Here, authentication is the process of identifying an individual. After a user is authenticated, she can access network resources based on her authorization.
What is used to identify a person before giving access? a) authentication b) encryption c) access control d) auditing
a) authentication Site security must address the need to identify and authenticate the people who are permitted access to an area. The first step is authentication, which proves that a person who is logging on is actually that person.
Which of the following terms indicates that information is to be read only by those people for whom it is intended? a) confidentiality b) integrity c) availability d) accounting
a) confidentiality Confidentiality is a concept we deal with frequently in real life. For instance, we expect our doctors to keep our medical records confidential, and we trust our friends to keep our secrets confidential. The business world defines confidentiality as the characteristic of a resource that ensures access is restricted only to permitted users, applications, or computer systems.
What is used to provide protection when one line of defense is breached? a) defense in depth b) attack surface c) principle of least privilege d) risk mitigation
a) defense in depth The term defense in depth means using multiple layers of security to defend your assets. That way, even if an attacker breaches one layer of your defense, you have additional layers to keep that person out of the critical areas of your environment.
What type of electronic document contains a public key? a) digital certificate b) biometrics c) PIN d) PAN
a) digital certificate A digital certificate is an electronic document that contains an identity, such as a user or organization name, along with a corresponding public key. Because a digital certificate is used to prove a person's identity, it can also be used for authentication.
What is the first line of defense when setting up a network? a) physically secure the network b) configure authentication c) configure encryption d) configure an ACL
a) physically secure the network If someone can get physical access to a server where confidential data is stored, with the right tools and enough time, that person can bypass any security the server uses to protect the data.
What method used by a hacker relies on the trusting nature of the person being attacked? a) social engineering b) attack surface c) principle of least privilege d) risk avoidance
a) social engineering Social engineering is a method used to gain access to data, systems, or networks, primarily through misrepresentation. This technique typically relies on the trusting nature of the person being attacked. In a typical social engineering attack, the attacker will try to appear as harmless or respectful as possible. These attacks can be perpetrated in person, through email, or via phone. Attackers will try techniques ranging from pretending to be a help desk or support department staffer, claiming to be a new employee, or (in some cases) even offering credentials that identify them as an employee of the company.
What authentication type is the default for Active Directory? a) NTLM b) Kerberos c) MS-CHAP d) MS-CHAPv2
b) Kerberos Kerberos is the default computer network authentication protocol that allows hosts to securely prove their identity over a nonsecure network. It can also provide mutual authentication so that both the user and server verify each other's identity. To ensure security, Kerberos protocol messages are protected against eavesdropping and replay attacks.
What do you call the scope that hacker can use to break into a system? a) defense in depth b) attack surface c) principle of least privilege d) risk mitigation
b) attack surface An attack surface consists of the set of methods and avenues an attacker can use to enter a system and potentially cause damage. The larger the attack surface of a particular environment, the greater the risk of a successful attack.
What is the process of giving individual access to a system or resource? a) authentication b) authorization c) accounting d) auditing
b) authorization Authorization is the process of giving individuals access to system objects based on their identities. Of course, before authorization is to occur, authentication must occur.
Which of the following makes sure that data is not changed when it not supposed to be? a) confidentiality b) integrity c) availability d) accounting
b) integrity In the information security context, integrity is defined as the consistency, accuracy, and validity of data. One goal of a successful information security program is to ensure that data is protected against any unauthorized or accidental changes.
What is needed to highly secure a system? a) lots of time b) more money c) system update d) disabled administrator account
b) more money Security costs money. Typically, the more money you spend, the more secure your information or resources will be (up to a point). So, when looking at risk and threats, you need to consider how valuable certain confidential data or resources are to your organization and also how much money you are willing to spend to protect those data or resources.
What item, about the size of a credit card, allows access to a network and its resources? a) digital certificate b) smart card c) security token d) biometric
b) smart card A smart card is a pocket-sized card with embedded integrated circuits consisting of nonvolatile memory storage components and perhaps dedicated security logic. Nonvolatile memory is memory that does not forget its content when power is discontinued. This kind of memory may contain digital certificates to prove the identity of the person who is carrying the card, and it may also contain permissions and access information.
SYSKEY improves physical security by requiring a password or special floppy disk to?
boot the server.
Which concept determines what resources users can access after they log on? a) authentication b) auditing c) access control d) defense in depth
c) access control Access control is a key concept when thinking about physical security. It can also be a little confusing, because you frequently hear the phrase used when discussing information security. In the context of physical security, access control is the process of restricting access to a resource to only permitted users, applications, or computer systems.
What is the process of keeping track of a user's activity? a) authentication b) authorization c) accounting d) authoring
c) accounting Accounting, also known as auditing, is the process of keeping track of a user's activity while accessing network resources, including the amount of time spent in the network, the services accessed while there, and the amount of data transferred during each session.
What technology is not used to implement confidentiality? a) encryption b) access controls c) auditing d) authentication
c) auditing Confidentiality is particularly critical in today's environment. Several technologies support confidentiality in an enterprise security implementation: • Strong encryption • Strong authentication • Stringent access controls
What type of authentication method identifies and recognizes people based on physical traits such as fingerprints? a) digital certificates b) WEP c) biometrics d) RADIUS
c) biometrics Biometrics is an authentication method that identifies and recognizes people based on physical traits, such as fingerprints, facial recognition, iris recognition, retinal scans, and voice recognition. Many mobile computers include a finger scanner. Installing biometric devices on doors and cabinets is relatively easy to ensure that only authorized people enter secure areas.
What is the best way to protect against social engineering? a) stronger encryption b) stronger authentication c) employee awareness d) risk mitigation
c) employee awareness The key to thwarting a social engineering attack is employee awareness. If your employees know what to watch for, an attacker will find little success.
What type of device can be easily lost or stolen or can be used for espionage? a) processors b) RAM chips c) removable devices d) servers
c) removable devices A removable storage device or drive is designed to be taken out of a computer without turning the computer off. Three basic types of security issues are associated with removable storage: loss, theft, and espionage. The loss of a storage device is one of the most common security issues you will encounter.
What do the initials CIA stand for in relation to security?
confidentiality, integrity, and availability When you are working in the information security field, one of the first acronyms you will encounter is CIA, but don't confuse this with a government agency. Rather, in this context, CIA represents the core goals of an information security program: Confidentiality, Integrity, and Availability.
Which of the following is a secret numeric password used for authentication? a) security token b) digital certificate c) digital signature d) PIN
d) PIN A personal identification number (PIN) is a secret numeric password shared between a user and a system that can be used to authenticate the user to the system. Because they consist of only digits and are relatively short (usually four digits), PINs are used for relatively low-security scenarios, such as gaining access to a system, or in combination with another method of authentication.
What is used to verify that an administrator is not accessing data that he should not be accessing? a) authentication b) encryption c) access control d) auditing
d) auditing Site security must also provide the ability to audit activities within the facility. This can be done by reviewing camera footage, badge reader logs, visitor registration logs, or other mechanisms.
What is a physical or logical device used to capture keystrokes? a) USB flash drive b) PDA c) Smartphone d) keylogger
d) keylogger A keylogger is a physical or logical device used to capture keystrokes. An attacker will either place a device between the keyboard and the computer or install a software program to record each keystroke taken, and then she can use software to replay the data and capture critical information such as user IDs and passwords, credit-card numbers, Social Security numbers, or even confidential emails or other data.
What process prevents someone from denying that she accessed a resource? a) accounting b) authorization c) sniffing d) nonrepudiation
d) nonrepudiation Nonrepudiation prevents one party from denying the actions it has carried out. If you have established proper authentication, authorization, and accounting, appropriate mechanisms of nonrepudiation should be in place, and no user should be able to deny the actions she has carried out while in your organization's system.
Which of the following is not a response when dealing with a risk? a) avoidance b) mitigation c) transfer d) patching
d) patching After you prioritize your risks, you can choose from among the four generally accepted responses to these risks: • Avoidance • Acceptance • Mitigation • Transfer
What do you call the security discipline that requires that a user is given no more privilege necessary to perform his or her job? a) defense in depth b) reduction of attack surface c) risk transfer d) principle of least privilege
d) principle of least privilege The principle of least privilege is a security discipline that requires that a particular user, system, or application be given no more privilege than necessary to perform its function or job. The principle of least privilege has been a staple in the security arena for a number of years, and many organizations have struggled to implement it successfully.
In dealing with risks, which response is done by buying insurance to protect your bottom line if such a disaster or threat is realized? a) risk avoidance b) risk acceptance c) risk mitigation d) risk transfer
d) risk transfer Risk transfer is the act of taking steps to move responsibility for a risk to a third party through insurance or outsourcing. For example, you risk having an accident while driving your car. You transfer this risk by purchasing insurance so that in the event of an accident, your insurance company is responsible for paying most of the associated costs.
TRUE FALSESecurity Essentials 2010 is a type of Trojan horse known as rogueware
false
You can use ____________ to configure all computers in a domain to use automatic updates.
group policy
A computer that is designed to entice hackers to attack it is known as a?
honeyspot
A basic security principle states that users, resources, and applications should be granted only the rights and permissions needed to perform a task. the principle of ______________ ____________.
least privilege
A buffer-overflow attack can gain access to a system's _________
memory.
Where can you get MBSA? FREE FROM _________
microsoft
Over the last couple of years, small ___________________ devices have been become one of the largest challenges facing security professionals.
mobile Mobile devices are one of the largest challenges facing many security professionals today. Mobile devices such as laptops, PDAs (personal digital assistants), and smartphones are used to process information, send and receive mail, store enormous amounts of data, surf the Internet, and interact remotely with internal networks and systems.
