Security+ Module 8

In the /ect/shadow file, which character is the password field indicates that a standard user account is locked?

!.

Which chage option keeps a user from changing their password every two weeks?

-m 33.

Which file should you edit to limit the amount of concurrent logins for a specific user?

/ect/security/limits.conf.

Which of the following best describes Active Directory?

A centralized database that contains user account and security information.

Which of the is the strongest form of multi-factor authentication?

A password, a biometric scan, and a token device.

Which of the following terms describes the component that is generated following authentication and is used to gain access to resources following login?

Access token.

You are configuring the local security policy of a Windows system. You want to require users to create passwords that are at least 10 characters long. You also want to prevent login after three unsuccessful login attempts. Which policies should you configure? (Select two.)

Account lockout threshold. Minimum password length.

What is the most important aspect of a biometric device?

Accuracy.

You manage several Windows systems. Desktop users access an in-house application that is hosted on your intranet web server. When a user clicks a specific option in the application, they receive an error message that the pop-up was blocked. You need to configure the security settings so that users can see the pop-up without comprising overall security. What should you do?

Add the URL of the website to the Local intranet zone.

You manage several Windows systems. All computers are members of a domain. You use an internal website that uses Integrated Windows Authentication. You attempt to connect to the website and are prompted for authentication. You verify that your user account has permission to access the website. You need to ensure that you are automatically authenticated when you connect to the website. What should you do?

Add the internal website to the Local intranet zone.

Which access control model is based on assigning attributes to objects and using Boolean logic to grant access based on the attributes of the subject?

Attribute-Based Access Control (ABAC).

A remote access user needs to gain access to resources on the server. Which of the following processes are performed by the remote access server to control access to resources?

Authentication and authorization.

Which of the following is the term for the process of validating a subject's identity?

Authentication.

A programmer that fails to check the length of input before processing leaves his code vulnerable to what form of common attack?

Buffer overflow.

Having a poor software development practices and failing to program input validation checks during development of custom software can result in a system vulnerable to which type of attack?

Buffer overflow.

Which type of attack is the act of exploiting a software program's free acceptance of input in order to execute arbitrary code on a target?

Buffer overflow.

You want to prevent your browser from running JavaScript commands that are potentially harmful. Which of the following would you restrict to accomplish this?

Client-side scripts.

Which of the following is a password that relates to thing that people know, such as a mother's maiden name or the name of a pet?

Cognitive.

During the application development cycle, an application tester creates multiple virtual machines on a hypervisor, each with a different version and edition of Windows installed. She then installs the latest build of the application being developed on each virtual machine and evaluates each installation for security vulnerabilities. Which assessment technique was used in this scenario?

Configuration testing.

For users on your network, you want to automatically lock user accounts if four incorrect passwords are used within 10 minutes. What should you do?

Configure account lockout policies in Group Policy.

You want to make sure that all users have passwords over eight characters in length and that passwords must be changed every 30 days. What should you do?

Configure account policies in Group Policy.

You have hired 10 new temporary workers who will be with the company for 3 months. How can you make sure that these users can only log on during regular business hours?

Configure day/time restrictions in the user accounts.

Which access control type is used to implement short-term repairs to restore basic functionality following an attack?

Corrective.

You manage an Active Directory domain. All users in the domain are required by a GPO linked to the domain to use passwords with at least eight characters, but you want to ensure that users in the Administrators OU are required to use passwords with at least 10 characters. What should you do?

Create a GPO computer policy for the Administrator OU.

You want to ensure that all users in the Development OU have a common set of network communication security settings applied. Which action should you take?

Create a GPO computer policy for the computers in the development OU.

You manage an Active Directory domain. All users in the domains have a standard set of internet options configured by a GPO linked to the domain. But you want users in the Administrators OU to have a different set of internet options. What should you do?

Create a GPO user policy for the administrators OU.

Which form of access control enforces security based on user identities and allows individual users to define access controls over owned resources?

DAC.

You have a system that allows the owner of a file to identify users and their permissions to the file. Which type of access control model is implemented?

DAC.

You've been assigned to evaluate NoSQL databases as part of a big data analysis initiative in your organization. You've downloaded an open source NoSQL database from the internet and installed it on a test system in an isolated lab environment. Which of the following are likely to be true about this test systems? (Select two.)

Data is stored in the database in an unencrypted format. The data base admin user has no password assigned.

Which of the following defines an object as an entity in the context of access control?

Data, applications, systems, networks, and physical space.

Which of the following are subject to SQL injection attacks?

Database servers.

Active Directory is a hierarchical database. Hierarchical directory databases have several advantages over flat file database structures. Which of the following is not an advantage of Active Directory's hierarchical database structure?

Decentralization.

Audit trails produced by auditing activities are which type of security control?

Detective.

You've been assigned to evaluate NoSQL databases as part of a big data analysis initiative in your organization. You've downloaded an open source NoSQL database from the internet and installed it on a test system in an isolated lab environment. What should you do to harden this database before implementing it in a production environment? (select two.)

Disable anonymous access. Implement an application-layer protocol to encrypt data prior to saving it in the database.

What should you do to a user account if the user goes on an extended vacation?

Disable the account.

When you browse to a website, a pop-up window tells you that your computer has been infected with a virus. You click on the window to see what the problem is. Later, you find out that the window has installed spyware on your system. What type of attack has occurred?

Drive-by download.

Which of the following is not an important aspect of password management?

Enable account lockout.

You are configuring the local security policy of a Windows system. You want to prevent users from reusing old passwords. You also want to force them to use a new password for at least five days before changing it again. Which policies should you configure? (Select two.)

Enforce password history. Minimum password age.

Which of the following enters random data to the inputs of an application?

Fuzzing.

You have a group named Research on your system that needs a new password because a member of the group has left the company. Which of the following commands should you use?

Gpasswd Research.

You are the administrator for a small company. You need to add a new group of users to the system. The group's name is sales. Which command will accomplish this?

Groupadd sales.

You have a group named temp_sales on your system. The group is no longer needed, and you should remove the group. Which of the following commands should you use?

Groupdel temp_sales.

Due to a merger with another company, standardization is now being imposed throughout the company. As a result of this, the sales group must be renamed marketing. Which of the following commands will accomplish this?

Groupmod -n marketing sales.

You want to see which primary and secondary groups the dredford user belongs to. Enter the command you would use to display group memberships for dredford.

Groups dredford.

Marcus White has just been promoted to a manager. To give him access to the files that he needs, you make his user account a member of the Managers group, which has access to a special share folder. Later that afternoon, Marcus tells you that he is still unable to access the files reserved for the Managers group. What should you do?

Have Marcus log off and log back in.

Computer policies include a special category called user rights. Which action does user rights allow an administrator to perform?

Identify users who can perform maintenance tasks on computers in an OU.

Which statement is true regarding application of GPO settings?

If a setting is defined in the Local Group policy on the computer and not defined in the GPO linked to the OU, the setting is applied.

An attacker inters SQL database commands into a data input field of an order form used by a Web-based application. When submitted, these commands are executed on the remote database server, causing customer contact information from the database to be sent to the malicious user's Web browser. Which practice would have prevented this exploit?

Implementing client-side validation.

While using a Web-based order form, an attacker enters an unusually large value in the Quantity field. The value she entered is so large that it exceeds the maximum value supported by the variable type used to store the quantity in the Web application. This causes the value of the quantity variable to wrap around to the minimum possible value, which is a negative number. As a result, the Web application processes the order as a return instead of a purchase, and the attacker's account is refunded a large sum of money. Which practices would have prevented this exploit? (Select two.)

Implementing client-side validation. Implementing server-side validation.

Which of the following is specifically meant to ensure that a program operates on clean, correct, and useful data?

Input validation.

While using a Web-based order form, an attacker enters an unusually large value in the Quantity field. The value she entered is so large that it exceeds the maximum value supported by the variable type used to store the quantity in the Web application. This causes the value of the quantity variable to wrap around to the minimum possible value, which is a negative number. As a result, the Web application processes the order as a return instead of a purchase, and the attacker's account is refunded a large sum of money. What type of attack has occurred in this scenario?

Integer overflow.

Which of the following is an example of a single sign-on authentication?

Kerberos.

Within the /ect/security/limits.conf file, you notice the following entry: @guests hard maxlogins 3 What effect does this line have on the Linux system?

Limits the number of logins from the Guest group to three.

While using a Web-based game created by using Adobe Flash, a Flash cookie is set on a user's computer. The game saves legitimate data in the Flash cookie, such as statistics and user preferences. However, the game creator also programmed the game to track the Web sites that the user visits while the game is running and save them in the Flash cookie. This data is transferred to a server over an Internet connection without the user's permission. What type of exploit has occurred in this scenario?

Locally shared object (LSO) exploit.

Which of the following is the single best rule to enforce when designing complex passwords?

Longer passwords.

Which access control model is based on multilevel security where objects are assigned a security classification and subjects are granted a security clearance which allows them to access objects at or below that security classification?

Mandatory Access Control (MAC).

Which of the following best describes one-factor authentication?

Multiple authentication credentials may be required, but they are all the same type.

You are the network administrator of a small nonprofit organization. Currently, an employee named Craig Jenkins handles all help desk calls for the organization. In recent months, the volume of help desk calls has exceeded what Craig can manage alone, so an additional help desk employee has been hired to carry some of the load. Currently, permissions to network resources are assigned directly to Craig's user object. Because the new employee needs exactly the same level of access, you decide to simply copy Craig's Active Directory domain user object and rename it with the new employee's name. Will this strategy work?

No, permissions are not copied when a user account is copied.

What is another term for the type of login credentials provided by a token device?

One-time password.

What type of password is maryhadalittlelamb?

Pass phrase.

You suspect that the gshant user account is locked. Enter the command you use at the command prompt to show that status pf the user account.

Passwd -S gshant.

Which of the following is the most common form of authentication?

Password.

You have implemented an access control method that only allows users who are managers to access specific data. Which type of access control modal is used?

RBAC.

A router access control list uses information in a packet, such as the destination IP address and port number, to make allow or deny forwarding decisions. This is an example of which kind of access control model?

RSBAC.

What form of access control is based on job descriptions?

Role-based access control (RBAC).

Which access control model manages rights and permissions based on job descriptions and responsibilities?

Role-based access control (RBAC).

Which of the following is an example of a Rule Based Access Control (RBAC)?

Router access control lists that allows or denies traffic based on the characteristics of an IP packet.

Which of the following are examples of single sign-on authentication solutions? (Select two.)

SESAME. Kerberos.

You have a website that accepts input from users for creating customer accounts. Input on the form is passed to a database server where the user account information is stored. An attacker is able to insert database commands in the input fields and have those commands execute on the server. Which type of attack has occurred?

SQL injection.

What is the effect of the following command? Chage -M 60 -W 10 jsmith.

Sets the password for jsmith to expire after 60 days and gives a warning 10 days before it expires.

Which of the following is a hardware device that contains identification information and can be used to control building access or computer logon?

Smart card.

You are teaching new users about security and passwords. Which of the following is the best example of secure password?

T1a73gZ9!.

Encryption is which type of access control?

Technical.

You have implemented account lockout with a clipping level of 4. What will be the effect of this setting?

The account will be locked after four incorrect attempts.

Which of the following advantages can single sign-in (SSO) provide? (Select two.)

The elimination of multiple user accounts and passwords for each individual. Access to all authorized resources with a single instance of authentication.

Which of the following defines the crossover error rate for evaluating biometric systems?

The point where the number of false positives matches the number of false negatives in a biometric system.

Which of the following is not a form of biometric?

Token device.

Upon running a security audit in your organization, you discover that several sales employees are using the same domain user account to log in the update the company's customer database. Which action should you take? (Select two.)

Train sales employees to use their own user accounts to update the customer database. Delete the account that the sales employees are currently using.

Which of the following is stronger than any biometric authentication factor?

Two-factor authentication.

Recently, a Web site named www.vidshare.com has become extremely popular with users around the world. An attacker registers the following domain names: *www.videoshare.com, *www.vidshar.com, *www.vidsshare.com. Each of these URLs points to a phishing Web site that tricks users into supplying their vidshare.com usernames and passwords. What type of attack has occurred in this scenario?

Typosquatting.

Which of the following information is typically not included in an access token?

User account password.

A user the account name larry has just been terminated from the company. There is good reason to believe that the user will attempt to access and damage files in the systems in the very near future. Which of the following commands will disable or remove the user account form the system and remove his home directory?

Userdel -r larry.

An employee named Bob Smith, whose user name is bsmith, has left the company. You have been instructed to delete his user account and home directory. Which of the following commands would produce the required outcome? (Choose all that apply.)

Userdel bsmith;rm -rf /home/bsmith. Userdel -r bsmith.

You have performed an audit and have found an active account for an employee with the username joer. This user no longer works for the company. Which command can you use to disable this account?

Usermod -L joer.

One of your users, Karen Scott, has recently married and is now Karen Jones. She has requested that her username be changed from kscott to kjones, but no other values change. Which of the following commands will accomplish this?

Usermod -l kjones kscott.

Which of the following utilities could you use to lock a user account? (Select two. Each answer represents an independent solution.)

Usermod. Passwd.

You have just configured the password policy and set the minimum password are to 10. What will be the effect of this configuration?

Users cannot change the password for 10 days.

Which of the following is an example of a decentralized privilege management solution?

Workgroup.

Which of the following is an attack that injects malicious scripts into Web pages to redirect users to a fake website or gather personal information?

XSS.