Chapter 8 Host Defense

Which of the following describes a configuration baseline? The minimum services required for a server to function A set of performance statistics that identifies normal operating performance A list of common security settings that a group or all devices share A collection of security settings that can be automatically applied to a device

A list of common security settings that a group or all devices share

Which of the following describes a logic bomb? -A program that has no useful purpose, but attempts to spread itself to other systems and often damages resources on the systems where it is found -A program that performs a malicious activity at a specific time or after a triggering event -A type of malicious code, similar to a virus, whose primary purpose is to duplicate itself and spread, while not necessarily intentionally damaging or destroying resources-

A program that performs a malicious activity at a specific time or after a triggering event.

In a variation of the brute force attack, an attacker may use a predefined list (dictionary) of commonly used usernames and passwords to gain access to existing user accounts. Which countermeasure best addresses this issue? VLANs 3DES Encryption A strong password policy AES Encryption

A strong password policy

What is the main difference between a worm and a virus? A worm is restricted to one system while a virus can spread from system to system. A worm can replicate itself, while a virus requires a host for distribution. A worm requires an execution mechanism to start, while a virus can start itself. A worm tries to gather information, while a virus tries to destroy data.

A worm can replicate itself, while a virus requires a host for distribution.

You have a shared folder named Reports. Members of the Managers group have been given Write access to the shared folder. Mark Mangum is a member of the Managers group. He needs access to the files in the Reports folder, but should not have any access to the Confidential.xls file. What should you do? Add Mark Mangum to the ACL for the Reports directory with Deny permissions. Remove Mark Mangum from the Managers group. Add Mark Mangum to the ACL for the Confidential.xls file with Deny permissions. Configure NTFS permissions for the Confidential.xls to allow Read only.

Add Mark Mangum to the ACL for the Confidential.xls file with Deny permissions.

While browsing the Internet, you notice that the browser displays ads that are targeted towards recent keyword searches you have performed. What is this an example of? Zombie Logic bomb Adware Worm Explanation

Adware

Many popular operating system allow for quick and easy sharing of files and printers with other network members. Which of the following is not a means by which file and printer sharing is hardened? Allowing NetBIOS traffic outside of your secured network Hosting all shared resources on a single centralized and secured server Logging all activity Imposing granular access control via ACLs

Allowing NetBIOS traffic outside of your secured network.

Which of the following measures are you most likely to implement to protect against a worm or Trojan horse? Password policy IPSec Firewall Antivirus software

Anti-virus software

Which of the following statements about the use of anti-virus software is correct? Antivirus software should be configured to download updated virus definition files as soon as they become available. If servers on a network have antivirus software installed, workstations do not need antivirus software installed. If you install antivirus software, you no longer need a firewall on your network.

Anti-virus software should be configured to download update virus definition files as soon as they become available.

Which of the following is the best recommendation for applying hotfixes to your servers? Apply hotfixes immediately as they are released Apply only the hotfixes that apply to software running on your systems Apply all hotfixes before applying the corresponding service pack Wait until a hotfix becomes a patch, then apply it

Apply only the hotfixes that apply to software running on your systems

What is another name for a logic bomb? Asynchronous attack Trojan horse Pseudo flaw DNS poisoning

Asynchronous attack

Developers in your company have created a Web application that interfaces with a database server. During development, programmers created a special user account that bypasses the normal security. What is this an example of? SMTP open relay Default account Backdoor Privilege escalation

Backdoor

NetBus and Back Orifice are remote control tools. They allow you to connect to a remote system over a network and operate it as if you were sitting at its local keyboard. Unfortunately, these two programs are also examples of what type of security concern? IPSec filters Packet sniffers Backdoor trojans Viruses

Backdoor Trojans

A collection of zombie computers have been setup to collect personal information. What type of malware do the zombie computers represent?

Botnet

You have just purchased a new network device and are getting ready to connect it to your network. Which of the following should you do to increase its security? select two Apply all patches and updates Conduct privilege escalation Remove any backdoors Change default account passwords

Change default account passwords apply all patches and updates

You have multiple users who are computer administrators. You want each administrator to be able to shut down systems and install drivers. What should you do? select two Grant the group the necessary user rights. Add the group to the SACL. Create a security group for the administrators; add all user accounts to the group. Add the group to the DACL. Create a distribution group for the administrators; add all user accounts to the group.

Create a security group for the administrators; add all user accounts to the group. Grant the group the necessary user rights.

You want to give all managers the ability to view edit a certain file. To do so, you need to edit the discretionary access control list (DACL) associated with the file. You want to be able to easily add and remove managers as their job positions change. What is the best way to accomplish this? -Create a distribution group for the managers. Add all users as members of the group. Add the group to the file's DACL. -Add one manager to the DACL granting all permissions. Have this user add other managers as required. -Add each user account to the file's DACL. -Create a security group for the managers. Add all users as members of the group. Add the group to the file's DACL.

Create a security group for the managers. Add all users as members of the group. Add the group to the file's DACL.

When securing a newly deployed server, which of the following rules of thumb should be followed? Disable all services not associated with supporting shared network services. Determine the unneeded services and their dependencies before altering the system. Disable all unused services. Disable each service in turn, then test the system for negative effects

Determine the unneeded services and their dependencies before altering the system.

Which of the following actions should you take to reduce the attack surface of a server? Install antimalware software Disable unused services Install the latest patches and hotfixes Install a hostbased IDS

Disable unused services

For users who are member of the Sales Team, you want to force their computers to use a specific desktop background and remove access to administrative tools from the Start menu. Which solution should you use? Account restrictions Group Policy File screens Account policies

Group Policy

Which of the following solutions would you use to control the actions that users can perform on a computer, such as shutting down the system, logging on through the network, or loading and unloading device drivers? Account restrictions Account policies Group Policy NTFS permissions

Group Policy

You have contracted with a vendor to supply a custom application that runs on Windows workstations. As new application versions and patches are released, you want to be able to automatically apply these to multiple computers. Which tool would be the best choice to use? Security Configuration and Analysis Group Policy Security Templates WSUS

Group Policy

By definition, what is the process of reducing security exposure and tightening security controls? Social engineering Hardening Passive reconnaissance Active scanning

Hardening

Which of the following terms describes a Windows operating system patch that corrects a specific problem and is release on a short-term, periodic basis (typically monthly)? Service pack Targeted software patch Kernel fix kit Hotfix

Hotfix

Which of the following best describes spyware? It is a malicious program that is disguised as legitimate software. It monitors the actions of the user that would denote their personal preferences, then sends popups and ads to the user that match their tastes. It monitors the actions you take on your machine and sends the information back to its originating source. It is a program that attempts to damage a computer system and replicate itself to other computer systems.

It monitors the actions you take on your machine and sends the information back to its originating source.

You have two folders that contain documents used by various departments: • The Development group has been given the Write permission to the Design folder. • The Sales group has been given the Write permission to the Products folder. No other permissions have been given to either group. User Mark Tillman needs to have the Read permission to the Design folder and the Write permission to the Products folder. You want to use groups as much as possible. What should you do? Make Mark a member of the Development and Sales groups. Add Mark's user account directly to the ACL for both the Design and Products folder. Make Mark a member of the Development group; add Mark's user account directly to the ACL for the Products folder. Make Mark a member of the Sales group; add Mark's user account directly to the ACL for the Design folder.

Make Mark a member of the Sales group add Mark's user account directly to the ACL for the Design folder.

You have a file server named Srv3 that holds files used by the Development department. You want to allow users to access the files over the network, and control access to files when files are accessed through the network or through a local logon. Which solution should you implement? NTFS permissions and file screens Share permissions and file screens NTFS and share permissions Share permissions and quotas

NTFS and share permissions

You have placed an FTP server in your DMZ behind your firewall. The FTP server will be used to distribute software updates and demonstration versions of your products. Users report that they are unable to access the FTP server. What should you do to enable access? Move the FTP outside of the firewall Install a VPN Open ports 20 and 21 for inbound and outbound connections Define user accounts for all external visitors

Open ports 20 and 21 for inbound and outbound connections.

Which of the following is most vulnerable to a brute force attack? Twofactor authentication Password authentication Challenge response token authentication Biometric authentication

Password authentication

Which of the following password attacks uses preconfigured matrices of hashed dictionary words? Hybrid Rainbow table Dictionary Brute force

Rainbow table

You recently discovered several key files of your antivirus program have been deleted. You suspect that a virus has deleted the files. Which type of virus deletes key antivirus program files? Slow Retro Polymorphic Stealth

Retro

You have heard about a new malware program that presents itself to user as a virus scanner. When users run the software, it installs itself as a hidden program that has administrator access to various system components. The program then tracks system activity and allows an attacker to remotely gain administrator access to the computer. Which of the following terms best describes this software? Botnet Trojan horse Privilege escalation Rootkit Spyware

Rootkit

FTPS uses which mechanism to provide security for authentication and data transfer? SSL AES SSH TLS

SSL

Match the Group Policy type on that left with the function that it can perform on the right. Software that should be installed on a specific computer- Software that should be installed for a specific user- Scripts that should run at startup and shutdown- Scripts that should run at logon or logoff- Network communication security settings- Computer Configuration User Configuration

Software that should be installed on a specific computer- Computer Configuration Software that should be installed for a specific user- User Configuration Scripts that should run at startup and shutdown- Computer configuration Scripts that should run at logon or logoff- User Configuration Network communication security settings- Computer Configuration

Which type of virus intercepts system requests and alters service outputs to conceal its presence? Polymorphic Retro Stealth Slow

Stealth

You have recently experienced a security incident with one of your servers. After some research, you determine that hotfix #568994 that has recently been released would have protected the server. Which of the following recommendations should you follow when applying the hotfix? Apply the hotfix immediately to all servers. Apply the hotfix immediately to the server; apply the hotfix to other devices only as the security threat manifests itself. Test the hotfix, then apply it to the server that had the problem. Test the hotfix, then apply it to all servers.

Test the hotfix, then apply it to all servers.

Arrange the Group Policy Objects (GPOs) in the order in which they are applied GPOs linked to the domain that contains the user or computer object. GPOs linked to the organizational unit(s) that contain(s) the object The Local Group Policy on the computer.

The local group policy on the computer GPOs linked to the domain that contains the user or computer objects GPOs linked to the organizations unit that contains the object

Why do attackers prefer static environment devices to conduct distributed network attacks? select two These devices tend to employ much weaker security than traditional network devices. These devices are typically installed in the DMZ outside an organization's perimeter firewall. These devices are typically more difficult to monitor than traditional network devices. Smart device vendors tend to proactively protect their products against security threats. It is difficult to update the virus definitions used to protect these devices.

These devices are typically more difficult to monitor than traditional network devices These devices tend to employ much weaker security than traditional network devices

What is a program that appears to be legitimate application, utility, game or screensaver and that performs malicious activities surreptitiously? ActiveX control Worm Outlook Express Trojan horse

Trojan horse

A user named Bob Smith has been assigned a new desktop workstation to complete his day-to-day work. The computer runs Windows 7. What should you do to increase the security of Bobs account? select two Do no allow users to change their own passwords. Train users not to use passwords that are easy to guess. Use a stronger initial password when creating user accounts. Use Group Policy to require strong passwords on user accounts. Configure user account names that are not easy to guess.

Use Group Policy to require strong passwords on user accounts Train users not to use passwords that are easy to guess

Which of the following tools can you use on a Windows network to automatically distributed and install software and operating system patches on workstations? select two Security Templates WSUS Group Policy Security Configuration and Analysis

WSUS Group Policy

What will the netstat -a command show? All connected hosts All listening and nonlistening sockets All listening sockets All network users

all listening and non-listening sockets

You manage the information system fro a large co-locations data center... Networked environmental controls are used to manage the temperature within the data center. These controls use embedded smart technology allowing them to be managed using a mobile device app over an Internet connection You are concerned about the security. select two Verify that your network's existing security infrastructure is working properly. Enroll each device in a mobile device management system. Rely on the device manufacturer to maintain device security with automated firmware updates. Install the latest firmware updates from the device manufacturer

install the latest firmware updates from the device manufacturer verify that you networks existing security infrastructure is working properly

You have installed anti-malware software that checks for viruses in e-mail attachments. You configure the software to quarantine any files with problems.... what happened to the file? The infection has been removed, and the file has been saved to a different location. It has been deleted from your system. The file extension has been changed to prevent it from running. It has been moved to a secure folder on your computer

it has been moved to a secure folder on your computer.

Which command should you use to display both listening and non-listening sockets on your linux system? tip; enter the command as if at the command prompt netstat -s netstat -r netstat -a

netstat -a

You need to increase the security of your linux system by finding and closing open ports. Which of the following commands should you uses to locate open ports? netstat nmap traceroute nslookup

nmap

Which command should you use to scan for open TCP ports on your linux system? Tip, enter the command as if at the command prompt. nmap -sT nmap -sU

nmap -sT

You manage the information system for a large manufacturing firm. Supervisory control and data acquisition (SCADA) devices are used on the manufacturers floor... The SCADA devices use embedded smart technology, allowing them to be managed using a mobile device app over an Internet connection. you are concerned about the security of these devices. What can you do to increase their security posture. select two Enroll each device in a mobile device management system. Verify that your network's existing security infrastructure is working properly. Install antimalware software on each device. Install a network monitoring agent on each device. Install the latest firmware updates from the device manufacturer.

verify that you networks existing security infrastructure is working properly install the latest firmware updates from the device manufacturer