CompTIA A+ Core 2 Lesson 8 Quiz - Managing Security Settings
A security analyst baselines web activity and notices several caveats with browsers. For example, they notice that when a user types in a query, a query is actually made after every typed key. The analyst is trying to group browser activity together. Which browser is based on the same code as Chrome? A) Edge B) Internet Explorer C) Safari D) FireFox
A) Edge Edge, Microsoft's replacement browser, now uses the same underlying Chromium codebase as Google Chrome.
A security manager is setting up a password policy for users. Which of the following is the best security practice when it comes to passwords? A) Password expiration B) Length C) Character mix D) Memorable
B) Length Length is preferable to the use of highly cryptic mixing of character types. It will take an attacker significantly longer to crack a passphrase rather than a much shorter but complex password.
A security administrator wants to set up anomalistic monitoring around behavioral-based user activity. Which of the following could the administrator implement for monitoring? (Select all that apply.) A) Failed attempts B) Login times C) Concurrent logins D) Screen lock
A) Failed attempts, B) Login times & C) Concurrent logins Monitoring login times are typically used to see if an account is logging in at an unusual time of the day or night or during the weekend. Concurrent logins are another behavioral-based monitoring mechanism. Most users should only need to sign in to one computer at a time, so this sort of policy can help to prevent or detect misuse of an account. Failed attempts can be a sign of malicious activity.
A security analyst receives a notification of possible malware based on common indicators. They run several different antivirus software against the disk, and the scans indicate no malware. What is the analyst's computer likely infected with? A) Fileless malware B) Worm C) Boot sector virus D) Viruses
A) Fileless malware Fileless malware refers to malicious code that uses the host's scripting environment, such as Windows PowerShell or PDF JavaScript, to create new malicious processes in memory.
A developer is reading their email and comes across a new memorandum from the security department about a clean desk policy. Why does security need to publish this? A) Personal identifiable information (PII) protection B) Secure critical hardware C) Prevent lunchtime attack D) Protect UEFI
A) Personal identifiable information (PII) protection Paper copies of personal and confidential data must not be left where they could be read or stolen. A clean desk policy ensures that all such information is not left in plain sight.
A security manager sets up a defense in depth mechanism and sets up monitoring to catch communications from the attacker to the malware. What is the manager monitoring for? A) Spyware B) C2 C) Keylogger D) Rootkit
B) C2 Whether a backdoor is used as a standalone intrusion mechanism or to manage bots, the threat actor must establish a connection from the compromised host to a command and control (C2 or C&C) host or network.
A server administrator notices that a few servers in their screened subnet (demilitarized zone) went from around 5% central processing unit (CPU) utilization to 95%. They also notice the machines lack many patches. If malware infects the servers, what is the likely cause of the high CPU utilization? A) Crypto-ransomware B) Cryptomining software C) Rogue antivirus D) RAT
B) Cryptomining software A cryptominer hijacks the resources of the host to perform cryptocurrency mining. This is also referred to as cryptojacking.
A developer wants to create functionality for a web browser by making API calls on the back end. What should the developer build? A) Plug-ins B) Extension C) Apps D) Themes
B) Extension Extensions add or change a browser feature via its application programming interface (API). The extension must be granted specific permissions to make configuration changes. With sufficient permissions, they can run scripts to interact with the pages the developer is looking at.
A server administrator helps the human resources department whitelist an external website for their new training platform. What will the administrator need to do to ensure the web page shows up as secure? A) Adjust the firewall. B) Configure browser sign-in. C) Add trusted certificates. D) Whitelist in the web application firewall.
C) Add trusted certificates. When using enterprise certificates for internal sites and a third-party browser, the administrator must ensure that the internal CA root certificate is added to the browser.
A manager is responsible for client laptops, and is concerned about exposing data on the disks to a different OS and the permissions becoming overridden. What will help prevent this possible attack? A) Windows Defender Firewall B) Windows Defender Antivirus C) Encrypting File System D) Execution control
C) Encrypting File System The Encrypting File System (EFS) feature of the New Technology File System (NTFS) supports file and folder encryption. EFS is not available in the Home edition of Windows.
A security manager wants to set up a program where they can proactively mitigate malware infection as much as possible. Which of the following is least helpful in this endeavor? A) User training B) Scheduled scans C) Update trusted root certificates D) On-access scanning
C) Update trusted root certificates Updating trusted root certificates is helpful in the overall defense-in-depth security strategy, but is least helpful in this scenario in preventing malware. It does play its part though.
A user visits a news site that they go to frequently, and the news articles are not updated but are the same as the day before. The user also hears complaints about people not having internet, which is odd since they are on their normal news site. What is most likely going on? A) User is in private mode. B) There are pop-up blockers. C) User is on a different switch. D) Page is cached.
D) Page is cached By default, the browser will maintain a history of pages visited, cache files to speed up browsing, and save text typed into form fields. The page is most likely cached from the previous visit.
A helpdesk operator is reviewing a notification that a user clicked links in a very suspicious email. What is the second step the operator should take? A) Disable System Restore. B) Look for missing or renamed files. C) Look for services masquerading as legitimate services. D) Quarantine.
D) Quarantine After verifying the symptoms of malware, the host should be placed in quarantine, where it is not able to communicate on the main network.
A security manager in charge of the vulnerability program for the enterprise is looking at mobile security. They are reading about a "walled garden" approach. What does this entail? A) Autorun B) Antivirus C) Concurrent logins D) Trusted source
D) Trusted source Mobile OS vendors use this "walled garden" model of software distribution as well. Apps are distributed from an approved store, such as Apple's App Store or the Windows Store.
A Firefox user wants to open up their browser settings to configure their intranet as the home page. How can the Firefox user access the settings? A) chrome://settings B) edge://settings C) firefox://settings D) about:preferences
D) about:preferences Users can open the internal URL for Firefox by going to about:preferences. Each browser maintains its own settings that are accessed via its Meatball (...) or Hamburger (☰) menu button as well.