Review 4.3

If your anti-spam software identifies a legitimate email message as spam and moves it to your junk folder, what is this misidentification known as? Email whitelist False negative False positive Spam signature

To misidentify a legitimate message as spam is known as a false positive. The spam filter contains settings that examine messages for patterns that identify it as spam. It is not 100 percent effective.

Why would you set up a host-based intrusion detection system (IDS) on a particular server? To monitor log files for errors To monitor which users connect to and use the system To provide an audit trail of users who might be stealing data To monitor for drastic changes to the system's state

To monitor for drastic changes to the system's state

Because the landscape of security constantly changes for every operating system on your network, what must you do to maintain security for those operating systems? Set up host-based firewalls on every system and set them to be extremely restrictive Set up a list of policies and procedures for monitoring all systems on your network Set up automatic updates for all operating systems Stay up-to-date with the latest available operating-system-level vulnerabilities

You have to stay current with all operating system vulnerabilities and threats. Set up the best security practices for your network and its operating systems and stay current and vigilant with all your systems.

Which of the following options is not a host system security control? Cable locks to secure hardware components Creating a virtual machine to replace a physical one Storage in a locked cabinet or safe The use of strong passwords

Creating a virtual machine to replace a physical one is not a host system security control.

Which of the following describes an operating system that has been subjected to rigorous tests and security profiles to certify it as secure enough for government use? Government standards operating system Whitelisted operating system Government vetted operating system Trusted operating system

A trusted operating system is one that has passed multiple levels of scrutiny and hardening for government use. The process can be lengthy, taking up to two years and at a cost of hundreds of thousands of dollars.

Security policies always stipulate that users should keep their antivirus software signatures up-to-date. What is a virus signature? Virus naming patterns Virus types, such as an application virus The actions that define a virus, such as a boot sector virus Strings of malicious code that identify a virus

A virus signature is a string of malicious code that is part of the identifying fingerprint of a virus.

Some anti-spyware software also contains which other type of software? Geo-tagging Anti-adware Anti-spam Viruses

Anti-adware

Which of the following solutions is MOST effective for limiting undesirable applications that users can install on their computers? Application whitelisting Intrusion detection system (IDS) Antivirus software Application blacklisting

Application whitelisting is the most effective against allowing users to install applications on their computers. The reason is that the only applications that can be installed are in the whitelist.

If a spam message that also contains a virus appears in your inbox, what is this misidentification known as? False negative False positive Firewall breach Double false positive

Both your antivirus software and your spam filter missed this message; therefore, it is a false negative. This happens most often with email messages from friendly sources who have contracted a virus.

Which of the following would you install on all end-user devices, such as laptops, docking stations, and monitors, to prevent the devices from being stolen? Warning labels Global positioning system (GPS) tracking devices Intrusion detection systems (IDSs) Cable locks

Cable locks

Identify two common sources of spyware. Malicious websites and open source software Email and malicious websites Email and commercial software Commercial software and file sharing

Email and malicious websites

Security personnel typically install anti-spam software in two places in the network. Identify those two locations. Email servers and firewalls Network routers and personal firewalls Email servers and users' computers Users' computers and firewalls

Email servers and users' computers

Security personnel typically install anti-spam software in two places in the network. Identify those two locations. Network routers and personal firewalls Users' computers and firewalls Email servers and firewalls Email servers and users' computers

Email servers and users' computers. Security personnel install anti-spam software on the email server to filter spam as it enters the server. The user never sees it, and it is never moved to a user's computer or junk folder. Security personnel also install anti-spam software on users' computers, in the email client software, as a set of rules to move spam to the junk folder as a precaution because spam filters sometimes move email that is not spam. By moving it to a junk folder, the user can check it, move it back to the inbox, and effectively change the spam rule.

What is the process of altering the base install of any operating system to heighten its security called? Baselining Blacklisting Whitelisting Hardening

Hardening

If you encounter an application that you believe might contain some malicious software, how can you isolate it? Install the software on an isolated virtual machine Install the software on a limited number of systems that include intrusion detection system (IDS) software Install the software on a single laptop Install the software in your test environment

Install the software on an isolated virtual machine

Easily stolen hardware components such as laptops, mobile phones, and tablet computers should be properly secured. Identify the correct option for securing these devices when not in use. Desk drawer Locking cabinet or safe In a laptop bag or briefcase Hidden behind permanent structures

Locking cabinet or safe

In general anti-malware software protects you from which of the following? Application security vulnerabilities Hackers Phishing Malicious software

Malicious software

Virtual environments are a special case of host security because you have virtual machines that rely on the underlying host system, and each virtual machine has its own operating system that must be patched. What is a primary concern when applying patches to a virtual environment? Regression testing Regularly scheduled patches Patch compatibility Downtime for virtual machines

Patch compatibility

What type of patch must you apply if a security threat appears between regular patch intervals? Clandestine Emergency Impromptu Out-of-band (OOB)

Patches that fix security threats that aren't on a regular patch schedule, such as Microsoft's Patch Tuesday, are known as out-of-band patches.

What is your best defense against websites that host ads that appear as new browser windows, either in front of or behind your main browser window? Anti-spam software Pop-up blockers Antivirus software Site whitelists

Pop-up blockers

Which process can you perform on virtualized systems so that you can quickly and easily return a system to its state prior to a compromise or security breach? Clone Backup Snapshot P2V

Snapshot

In running a virtualized environment, you might run an elastic environment where some hosts, when not needed, are spun down and not used until needed. What security problem might this cause? Elastic hosts being brought up after patching might cause them to be incompatible with the other hosts until they are patched. If the hosts are unavailable for an extended period of time, they could miss patches that would then make them vulnerable. Elastic hosts that might be infected and then come online could infect other hosts and virtual machines. If the hosts become available during an attack, their additional processing power could cause more damage to the network.

Sometimes elastic hosts miss critical patch cycles, which leaves them vulnerable when they come online. If the hosts are unavailable for an extended period of time, they could miss patches that would then make them vulnerable.

Security policies always stipulate that users should keep their antivirus software signatures up-to-date. What is a virus signature? Strings of malicious code that identify a virus Virus naming patterns The actions that define a virus, such as a boot sector virus Virus types, such as an application virus

Strings of malicious code that identify a virus

Identify the system that does NOT require antivirus software. Windows server computer Android phone MacBook Pro Chromebook

The Chromebook is the only device that does not require an antivirus program running on it. Even if the web browser, the Chromebook's only available attack vector, becomes infected, a reboot will reset the system. It is also possible to factory reset a Chromebook back to its original state if, by chance, something goes extremely wrong.

Which tool would you use to establish a host security baseline for Windows systems? MBSA Wireshark Windows Firewall Nessus

The Microsoft Baseline Security Analyzer (MBSA) is an easy-to-use tool that Microsoft supplies to help businesses determine their security state compared to Microsoft's recommendations. The tool offers remediation guidance.

What are the three types of Windows Firewall rules you need to modify to protect your Windows systems, but still allow for functionality on a network? Active, passive, and restrictive Inbound, outbound, and connection Internet Protocol (IP) filtering, Media Access Control (MAC) filtering, and host-based Inbound, outbound, and filtered

The Windows Firewall allows you to modify three types of rules: inbound, outbound, and connection. Inbound rules protect against data coming into the system, outbound rules protect against unauthorized communications from the system, and connection security rules define the type of authentication required for communication between systems.

Why do application blacklists offer limited control over applications that users can install? Blacklisted applications are based on executable names only. Even the least skilled user can easily bypass blacklists. To be denied, the application has to be in the blacklist. Blacklists have a small maximum number of items that can be listed.

The problem with application blacklists is that the application has to be in the list, but new applications that users shouldn't install are released on a daily basis.