98-367 #4 Understanding Security Software, 98-367 #1 Understanding Security Layers, 98-367 #2 Understanding Operating System Security, 98-367 #3 Understanding Network Security
An undocumented administrative portal:
Backdoor
A keylogger
records every user keystroke.
What is used for the sole purpose of intrusion detection?
A honeypot
How does a worm differ from other viruses?
A worm is self-replicating.
You work as a security analyst for your company. As part of the company's latest security initiative, all users are required to authenticate to network resources with a second authentication method. All user computers run Windows 8.1 Enterprise Edition. The company's CIO states that she wants to implement virtual smart cards for all corporate employees. You need to analyze the existing environment to identify solution prerequisites. Which of the following is a requirement for implementing virtual smart cards?
All computers must have an onboard TPM chip.
You need to ensure that users attempting to log in are automatically blocked from logging in after a specific number of failed login attempts. What should you create?
An account lockout policy
Which example best illustrated the IT security principle of least privilege?
An administrator logged onto her workstation with a standard user account
What is an example of malware?
An unauthorized program that gathers information about the user.
Which Microsoft technology employs application whitelisting to protect a network?
AppLocker
Which technology is used to provide file encryption for removable storage devices?
BitLocker To Go
Which contains a list of e-mail addresses and domains that the anti-spam filter should always assume to be spam?
Blacklist
What is the minimum shared folder permission that is required for a user to delete a file?
Change
You are the security administrator for your company. All users have company-issued laptop computers running Windows 10 Enterprise Edition. The corporate network is organized as a single Active Directory Domain Services (AD DS) domain. You need to enforce a new security policy that requires that all locally cached corporate network data is protected against unauthorized access. What should you do?
Configure Group Policy to encrypt Offline Files
Your Active Directory domain's network computers access the Internet through a Network Address Translation (NAT) server deployed on a perimeter network. You need to ensure that the same Internet Explorer (IE) browser security policies are used by all clients.
Create a domain-level Group Policy object (GPO).
You want to prevent users who are running Windows Vista and Windows 7 on your corporate network from copying sensitive data to removable media. What should you do?
Define a group policy to control write access to removable media.
You support a Windows Server 2003 Active Directory forest with multiple domains. Each domain stores user accounts for users at a specific geographic location. You need to apply a consistent password policy to Active Directory users through group policy. You want to keep the effort needed to apply and maintain the policy to a minimum. What should you do?
Define password policy at the domain level in each domain.
Which users can administer a read-only domain controller (RODC)?
Delegated standard domain users and domain administrators
You need to implement security measures to provide maximum protection for client computers. What is one thing you should do?
Ensure that all computers have the most recent updates.
You are a network administrator. You need to minimize the attack surface for your network. What would this involve?
Ensuring that only required features are enabled.
Which is an example of example of biometric security?
Fingerprint scan
What represents a security threat to your DNS environment?
Foot printing
You want to implement a consistent audit policy for your Active Directory domain. What should you use?
Group Policy editor
The process of making changes to the operating system, network, or applications in order to reduce vulnerability is referred to as:
Hardening
You have a wireless network. You need to ensure that only specific client computers are able to access the wireless network. What should you do?
Implement MAC filtering.
What should you use to ensure that specific Web sites do not have access to user browsing patterns?
InPrivate Filtering
You use Microsoft Outlook as the e-mail client for your company. You use an external e-mail server provided by your Internet service provider (ISP). You want to prevent virus infection on computers in your Active Directory domain. What action would be the most effective?
Install an antivirus program on each client computer.
A laptop computer running Windows Server 2008 does not have Trusted Platform Module (TPM) installed. You want to protect the data on the computer in case the computer is stolen. Which action should you take?
Install and configure BitLocker.
What is affected when data is modified by mistake?
Integrity
Which type of security service is concerned with preventing or detecting any tampering with data?
Integrity
Which is a feature of the SmartScreen Filter?
It blocks content and files from known malicious Web sites.
What are two features of a public key in asymmetric encryption? (Each correct answer presents a complete solution. Choose two.)
It is distributed by certificate and It is used to encrypt data.
What is the advantage of preventing a wireless access point (WAP) from broadcasting its service set identifier (SSID)?
It prevents the WAP from appearing in the list of available wireless networks.
Which protocol is used for smart card interactive logon to the local Windows Active Directory domain?
Kerberos
You work as a network security consultant. One of your clients reports that he suspects some of this electronic correspondence is being captured by a competitor. A security audit of the client's Windows 10 workstation's software environment resulted in no suspicious findings. You need to verify the security of the client's computer. What should you look for on the client's computer?
Keylogger
Which is an example of least privilege?
Logging on as a limited user instead of an administrator to run applications.
Which would you audit to detect attempts to guess user passwords?
Logon/logoff failures
You need to ensure that all security updates have been applied to one of your servers. What should you use?
Microsoft Baseline Security Analyzer.
A website requires a user to enter both a password and a text message-based personal identification number (PIN). Which type of authentication does that website use?
Multifactor authentication
What are common symptoms of a virus infection?
New icons appear spontaneously on the desktop and An installed antivirus program is disabled and will not restart.
You administer your company's Window Server 2012 R2 file server. The files server has two NTFS data volumes, D: and E:/ You move a file from drive D: to drive E:. What happens to the file's original permissions?
Permissions are inherited from the destination folder.
Which would be an example of a social engineering attack?
Phishing
You regularly do business with the Web site www.bcdtrain.com. You receive an e-mail addressed from bcdtrain.com with a link to verify your account information. When you check the link, you find it actually points to www.fi-print.com. Which type of attack is this?
Phishing
When you implement a security auditing policy:
Policies are applied at the computer level.
Which protocol can centralize authentication for dial-up, Virtual Private Network (VPN), and IEEE 802.11 Wi-Fi access connections?
RADIUS
You work as a security consultant. One of your clients informs you that as of today he is unable to access any of his personal files on his Windows 10 computer. The user's computer displays a message box that prompts him to submit a Bitcoin payment to a third party in exchange for a decryption key that will unlock his files. What type of malware has infected the user's computer?
Ransomware
What would be the best approach to minimize the likelihood of a client computer being infected with a virus?
Restrict the attachments that an e-mail user can receive.
Which type of certificate authority (CA) issues its own certificates?
Root CA
Which DNS record is sued to prevent hackers from using your network's e-mail servers as a platform for sending spam with your domain address?
SPF
Which technology provides security for data that is transmitted over the Internet?
SSL
You set the Passwords must meet complexity requirements policy to Enabled. Minimum password length is set to 8. Which is a valid password?
SSPwd##!99
You enable the audit of successful and failed policy changes. Where can you view entries related to policy change attempts?
Security event log.
You have a training room with 10 computers. You need to be able to control what software can be run by specific users logging on to the computers. What should you use?
Software restriction policies; AppLocker.
You need to create a password policy to ensure that domain account passwords must be reset every two weeks. What should you do?
Specify a maximum password age.
Which firewall inspection method logs outgoing connections and checks incoming traffic against that log?
Stateful inspection
All users have been denied all permissions to a file. You need to access the file as quickly as possible. You are logged on as an administrator. What should you do first?
Take ownership of the file
You work as a domain administrator for your company. All user computers in the organization run Windows 10 Enterprise Edition. One of the company's employees modified the NTFS permissions on her network-based project folder in such a way that no administrator has access. You need to ensure that you and other domain administrators can access the employee's project folder. What should you do first?
Take ownership of the folder.
You are a network administrator. You have enabled encryption for a file that is located in a shared folder. What does this ensure?
That the file can only be read by users who are allowed to do so
What will happen when you move a file you encrypted through the encrypting file system (EFS) to an unencrypted folder on an NTFS partition?
The file remains encrypted.
For what reason is physical security extremely important with laptops and other mobile devices?
They can be lost or stolen.
What benefit do SPF records provide?
They provide e-mail protection from spoofing and phishing.
How are software restriction policies used?
To control which software a user can execute.
For what purpose would you use security auditing to audit logon events?
To detect a possible password attack.
In what situation would you use a Class 1 firewall?
To provide protection for an individual client.
For what purpose would you deploy an RODC?
To restrict domain controller access for a physically unsecure remote location
Which feature can provide elevation of privileges if an action requires administrative level access?
UAC (User Account Control)
You normally log on as a standard user. You need to occasionally run programs that require administrator privileges. You want to keep the potential security risk to a minimum. What should you do?
Use Run As to launch the programs.
Most of your network cabling is routed through secure cable runs. The network is wired with unshielded twisted pair (UTP) cable. One segment of cable will have to pass through an unsecured area as a backbone between two offices. Which action should you take to keep communication secure?
Use fiber optic cable to wire the unsecured segment.
Which is the best way to prevent security compromises through social engineering?
User training
Malware that requires a host file to propagate:
Virus
Which provides the highest level of security?
WPA
In which situation would you typically use a stand-alone certificate authority (CA) in your public key infrastructure (PKI) design?
When issuing certificates to users outside of your domain
Which wireless security method uses Temporal Key Integrity Protocol (TKIP) encryption?
Wi-Fi Protected Access (WPA)
You want to ensure that mobile clients receive timely operating system updates. Some clients rarely connect to the internal business network. Which should you use?
Windows Update Agent (WUA)
Which type of malware replicates itself without reliance on a host file?
Worm
You are a systems administrator for your company. All employees have desktop computers that run Windows 10 Enterprise Edition. Currently the network is organized as a peer-to-peer workgroup. You need to configure a client computer named KIOSK1 to produce an alert when apps try to install software or make Windows settings changes to that computer. Which Control Panel option should you use?
You should use the Change User Account Control settings option.
An exploit on an unknown vulnerability:
Zero-day attack
Malicious software that masquerades as a beneficial utility is known as:
a Trojan horse.
A Trojan Horse is an example of:
a computer virus.
With regard to computer security, a worm refers to:
a self-replicating computer virus.
To implement multifactor authentication you should use:
a smart card and a PIN.
When you enable User Access Control (UAC):
all standard and administrative users run standard applications with standard application permissions
You would use a security group to:
allow only specific users to access specific network resources
Smart cards:
are typically used as part of a multifactor authentication solution.
SYSKEY improves physical security by requiring a password or a special floppy disk to:
boot the server.
Implementing security auditing allows you to:
determine if a security breach has occurred.
A brute force attack is used to:
discover passwords
Using Trusted Platform Module (TPM) ensures:
hardware encryption of data
Microsoft Security Baseline Analyzer (MSBA) is used to:
identify security misconfigurations and missing security updates on network computers.
To ensure that users cannot connect to a rogue wireless access point, you should:
install a wireless intrusion prevention system.
A wireless network that implements WEP:
is less secure than one that implements WPA or WPA2.
A strong password contains:
letters, numbers, and special characters.
Creating an antivirus quarantine area causes:
potential viruses to be isolated.
When securing your network, you would disable inheritance to:
prevent folder permissions on a folder from being used for subfolders.
Password history is used to enforce:
restrictions on password reuse.
A spoofed e-mail is a message
that has a false sender address.
In e-mail, spoofing occurs when:
the sender uses a fake From address.
The term mutual authentication refers to:
users being authenticated with the server and vice versa.
The principle of least privilege ensures that:
users can only perform required tasks.
When you disable SSID broadcasting:
users must know the SSID to be able to connect to your wireless network.
Object access auditing is used to monitor:
which users open specific files.