Testout Security Chapter 7
Arrange the Group Policy Objects (GPOs) in the order in which they are applied
1. The local group policy on the computer 2. GPOs linked to the domain that contains the user or computer object 3. GPOs linked to the organizational unit that contains the object
You want to close all ports associated with NetBIOS on your network firewalls to prevent attacks directed against NetBIOS. Which ports should you close?
135. 137-139
Which of the following ports does FTP use to establish sessions and manage traffic?
20, 21
To transfer files to your company's internal network from home, you use FTP. The admin has recently implemented a firewall at the network perimeter and disabled as many ports as possible. Now you can no longer make an FTP connection. You suspect the firewall is causing the issue. Which ports need to remain open so you can still transfer the files? (select two)
21 20
To increase security on your company's internal network, the administrator has disabled as many ports as possible. Now, however, though you can browse the Internet, you are unable to perform secure credit card transactions. Which port needs to be enabled to allow secure transactions?
443
What is the main difference between a worm and a virus?
A worm is restricted to one system, while a virus can spread from system to system. >>A worm can replicate itself, while a virus requires a host for distribution A worm requires an execution mechanism to start, while a virus can start itself A worm tries to gather info, while a virus tries to destroy data
What does the netstat -a command show?
All listening and non-listening sockets
You have heard about a new malware program that presents itself to user as a virus scanner. When users run the software, it installs itself as a hidden program that has administrator access to various system components. The program then tracks system activity and allows an attacker to remotely gain administrator access to the computer. Which of the ff. terms best describes this software?
Botnet Spyware Trojan horse Privilege escalation >>Rootkit
To tightly control the anti-malware settings on your computer, you elect to update the signature file manually. Even though you vigilantly update the signature file, the machine becomes infected with a new type of malware. Which of the following actions would best prevent this scenario from occurring again?
Carefully review open firewall ports and close any unnecessary ports >>Configure the software to automatically download the virus definition files as soon as they become available Switch to a more reliable anti-virus software Create a scheduled task to run *sfc.exe* daily
You decide to use syslog to send log entries from multiple servers to a central logging server. Which of the following are the most important considerations for your implementation? (select two.)
Clock synchronization between all devices Disk space on the syslog server
What is the purpose of audit trails?
Detect security-violating events
When securing a newly deployed server, which of the following rules of thumb should be followed?
Determine unneeded services and their dependencies before altering the system
Why do attackers prefer to conduct distributed network attacks in static environments? (Select two.)
Devices tend to employ much weaker security than traditional network devices. Devices are, typically, more difficult to monitor than traditional network devices.
Which of the following actions should you take to reduce the attack surface of a server?
Disable unused services
Match the IT audit activity on the left with the appropriate description on the right.
Documents incidents for security violations and incident response. >>Usage auditing Identifies inefficient IT strategies, such as weak policies and procedures >>Risk evaluation Verifies the appropriate use of accounts and privileges >>Escalation auditing Checks user/group rights and privileges to identify cases of creeping privileges >>Privilege auditing Determines whether privilege-granting processes are appropriate and whether computer use and escalation processes are in place and working. >>User access and rights review
What is the most common means of virus distribution?
Which of the following is *not* an advantage when using an internal auditor to examine security systems and relevant documentation?
Finding in the audit and subsequent summations are viewed objectively
You have heard about a Trojan horse program where the compromised systems sends personal information to a remote attacker on a specific TCP port. You want to be able to easily tell whether any of your systems are sending data to the attacker. Which log would you monitor?
Firewall
You suspect that some of your computers have been hijacked and are being used to perform denial of service attacks directed against other computers on the Internet. Which log would you check to see if this is happening?
Firewall
You have multiple users who are computer administrators. You want each administrator to be able to shut down systems and install drivers.
Grant the group the necessary user rights. Create a security group for the administrators and add all user accounts to the group.
Which of the following statements about the use of anti-virus software is correct?
If you install anti-virus software, you no longer need a firewall on your network Anti-virus software should be configured to download updated virus definition files as soon as they become available Once installed, anti-virus software needs to be updated on a monthly basis If servers on a network have anti-virus software installed, workstations do not need anti-virus software installed
What is the primary distinguishing characteristic between a worm and a logic bomb?
Incidental damage to resources >>Self-replication Masquerades as a useful program Spreads via email
You manage the information systems for a large manufacturing firm. Supervisory control and data acquisition (SCADA) devices are used on the manufacturing floor to manage your organization's automated factory equipment. The SCADA devices use embedded smart technology, allowing them to be managed using a mobile device app over an internet connection. You are concerned about the security of these devices. What can you do to increase their security posture? (Select two.)
Install the latest firmware updates from the device manufacturer. Verify that your network's existing security infrastructure is working properly.
Which of the following best describes spyware?
It monitors the actions you take on your machine and sends the information back to its originating source.
You suspect that your web server has been the target of a denial-of-service attack. You would like to view information about the number of connections to the server over the past three days. Which log would you most likely examine?
Performance
Properly configured passive IDS and system audit logs are an integral part of a comprehensive security plan. Which step must be taken to ensure that the information is useful in maintaining a secure environment?
Periodic reviews must be conducted to detect malicious activity or policy violations.
Users in your organization receive email messages informing them that suspicious activity has been detected on their bank accounts. They are directed to click a link in the email to verify their online banking user name and password. The URL in the link is in the .ru top-level DNS domain.What kind of attack has occurred?
Phishing
The auditing feature of an operating system servers as what form of control when users are informed that their actions are being monitored?
Preventative
Match each bring your own device (BYOD) security issue on the right with a possible remedy onthe left. Each remedy may be used once, more than once, or not at all.
Preventing malware infections >>Implement a network access control solution Supporting mobile device users >>specify who users can call for help with mobile device apps in your acceptable use policy Preventing loss of control of sensitive data >>Enroll devices in a mobile device management system Preventing malicious insider attacks >>Specify where and when mobile devices can be possessed in your acceptable use policy Applying the latest anti-malware definitions >>Implement a network access control solution
What does hashing of log files provide?
Proof that the files have not been altered
What is another name for a logic bomb?
Pseudo flaw >>Asynchronous attack Trojan horse DNS poisoning
Which of the following password attacks uses preconfigured matrices of hashed dictionary words?
Rainbow Table
You want to use a protocol for encrypting emails that uses a PKI with X.509 certificates. Which method should you choose?
S/MIME
Which of the following could easily result in a denial of service attack if the victimized system had too little free storage capacity?
Spam
Which of the following is a standard for sending log messages to a central logging server?
Syslog
A collection of zombie computers have been setup to collect personal information. What type of malware do the zombie computers represent?
>>Botnet Trojan Spyware Logic bomb
You have just purchased a new network device and are getting ready to connect it to your network. Which of the following actions should you take to increase its security? (Choose two)
>>Change default account passwords implement separation of duties Conduct privilege escalation >>Apply all patches and updates Remove any backdoors
You have installed anti-virus software on the computers on your network. You update the definition and engine files and configure the software to update those files every day. What else should you do to protect your systems from malware?
>>Educate users about malware >>Schedule regular full system scans Enable chassis intrusion detection Enable account lockout Disable UAC
Which of the following are characteristics of a rootkit?
>>Hides itself from detection Uses cookies saved o the hard drive to track user preferences >>Requires Admin-level privileges for installation Monitors user actions and opens pop-ups based on user preference
Which of the following are disadvantages to server virtualization?
A compromised host system might affect multiple servers
Which of the following are disadvantages of server virtualization?
A failure in one hardware component could affect multiple servers.
Users in the Sales department perform many of their daily tasks, such as emailing and creating sales presentations, on personal tablets. The chief information officer worries that one of these users might also use their tablet to steal sensitive information on the organization's network. Your job is to implement a solution that can insiders from accessing sensitive information on personal devices. Which of the following should you implement?
A guest wireless network that is isolated from your organization's production network
Smart devices are attractive targets for cyber criminals because they typically have minimal security and are not protected with anti-malware software. This makes it easier to exploit these types of devices and perpetrate attacks. Many smart devices can be utilized to conduct a single coordinated attack. What is this type of attack usually called?
A highly distributed attack
Which of the following describes a configuration baseline?
A list of common security settings that a group or all devices share
Users in the sales department perform many of their daily tasks, such as emailing and creating sales presentations, on company-owned tablets. These tablets contain sensitive information. If one of these tablets is lost or stolen, this information could end up in the wrong hands. The chief information officer wants you to implement a solution that can be used to keep sensitive information from getting into the wrong hands if a device is lost or stolen. Which of the following should you implement?
A mobile device management infrastructure
In a variation of the brute force attack, an attacker may use a predefined list (dictionary) of commonly used usernames and passwords to gain access to existing user accounts. Which countermeasure best addresses this issue?
A strong password policy
You have a shared folder named Reports. Members of the Managers group have been given write access to the shared folder.Mark Mangum is a member of the Managers group. He needs access to the files in the Reports folder, but should not have any access to the Confidential.xls file. What should you do?
Add Mark Mangum to the ACL for the Confidential.xls file with Deny permissions.
You have been receiving a lot of phishing emails sent from the domain kenyan.msn.pl. Links within these emails open new browser windows at youneedit.com.pl.You want to make sure that these emails never reach your inbox, but you want to make sure that emails from other senders are not affected. What should you do?
Add kenyan.msn.pl to the email blacklist
Which of the following strategies can protect against a rainbow table password attack?
Add random bits to the password before hashing takes place
Many popular operating systems allow quick and easy file and printer sharing with other network members. Which of the following is not a means by which file and printer sharing is hardened?
Allowing NetBIOS traffic outside of your secured network
Which of the following is the best recommendation for applying hotfixes to your servers?
Apply only the hotfixes that affect the software running on your systems
Which of the following is a collection of recorded data that may include details about logons, object access, and other activities deemed important by your security policy that is often used to detect unwanted and unauthorized user activities?
Audit trail
A recreation of historical events is made possible through?
Audit trails
Which of the following terms identifies the process of reviewing log files for suspicious activity and threshold compliance?
Auditing
You want to store your computer-generated audit logs in case they are needed in the future for examination or to be used as evidence in the event of a security incident. Which method can you use to ensure that the logs you put in storage have not been altered when you go to use them in the future?
Create a hash of each log
You want to give all managers the ability to view and edit a certain file. To do so, you need to edit the discretionary access control list (DACL) associated with the file. You want to be able to easily add and remove managers as their job positions change. What is the best way to accomplish this?
Create a security group for the managers. Add all users as members of the group. Add the group to the file's DACL.
Which of the following are advantages of virtualization? (Select two.)
Easy migration of systems to different hardware Centralized administration
Match the virtualization feature on the right with the appropriate description on the left.
Flexibility >>Moving virtual machines between hypervisor hosts Testing >>Verifying that security controls are working as designed Server consolidation >>Performing a physical-to-virtual migration (P2V) Sandboxing >>Isolation a virtual machine from the physical network
For users who are members of the sales team, you want to force their computers to use a specific desktop background and remove access to administrative tools from the Start menu. Which solution should you use?
Group Policy
Which of the following solutions would you use to control the actions that users can perform on a computer, such as shutting down the system, logging on through the network, or loading and unloading device drivers?
Group Policy
You have contracted with a vendor to supply a custom application that runs on Windows workstations. As new application versions and patches are released, you want to be able to automatically apply these to multiple computers. Which tool would be the best choice to use?
Group policy
By definition, what is the process of reducing security exposure and tightening security controls?
Hardening
Which of the following terms describes a Windows operating system patch that corrects a specific problem and is released on a short-term, periodic basis (typically monthly)?
Hotfix
You manage information systems for a large co-location data center. Networked environmental controls are used to manage the temperature within the data center. These controls use embedded smart technology that allows them to be managed over an internet connection using a mobile device app. You are concerned about the security of these devices. What can you do to increase their security posture? (Select two.)
Install the latest firmware updates from the device manufacturer Verify that your network's existing security infrastructure is working properly
You notice a growing number of devices, such as environmental control systems and wearable devices, are connecting to your network. These devices, known as smart devices, are sending and receiving data via wireless network connections. Which of the following labels applies to this growing ecosystem of smart devices?
Internet of things
The Development group has been given the Write permission to the Design folder.• The Sales group has been given the Write permission to the Products folder.No other permissions have been given to either group.User Mark Tillman needs to have the Read permission to the Design folder and the Write permission to the Products folder.You want to use groups as much as possible.What should you do?
Make Mark a member of the Sales group; add Mark's user account directly to the ACL for the Design folder.
You have a file server named Srv3 that holds files used by the Development department. You want to allow users to access the files over the network and control access to files accessed through the network or a local logon.Which solution should you implement?
NTFS and share permissions
Which of the following is *not* included in a system level audit event? (Select two.)
Names of accessed files Any actions performed by the user
You install a new Linux distribution on a server in your network. The distribution includes an SMTP daemon that is enabled by default when the system boots. The SMTP daemon does not require authentication to send email messages.Which type of email attack is this server susceptible to?
Open SMTP relay
You have placed an FTP server in your DMZ behind your firewall. The FTP server will be used to distribute software updates and demonstration versions of your products. Users report that they are unable to access the FTP server.What should you do to enable access?
Open ports 20 and 21 for inbound and outbound connections
Which of the following is most vulnerable to a brute force attack?
Password authentication
Which of the following is an advantage of a virtual browser?
Protects the host operating system from malicious downloads
You have a development machine that contains sensitive information relative to your business. You are concerned that spyware and malware might be installed while users browse websites, which could compromise your system or pose a confidentiality risk. Which of the following actions would best protect your system?
Run the browser within a virtual environment
Which of the following mechanisms can you use to add encryption to email? (Select two.)
S/MIME PGP
Which of the following network services or protocols uses TCP/IP port 22?
SSH
FTPS uses which mechanism to provide security for authentication and data transfer?
SSL
If your anti-virus software does not detect and remove a virus, what should you try first?
Set the read-only attribute of the file you believe to be infected Scan the computer using another virus detection program Search for and delete the file you believe to be infected >>Update your virus detection software
Which type of virus conceals its presence by intercepting system requests and altering service outputs?
Slow >>Stealth Retro Polymorphic
Match the Group Policy type on the left with the function that it can perform on the right. (Each item can be used more than once.)
Software that should be installed on a specific computer >>Computer Configuration Software that should be installed for a specific user. >>User Configuration Scripts that should run at startup or shutdown. >>Computer Configuration Scripts that should run at logon or logoff. >>User Configuration Network communication security settings. >>Computer Configuration
An attacker sends an unwanted and unsolicited email message to multiple recipients with an attachment that contains malware.What kind of attack has occurred in this scenario?
Spam
If an SMTP server is not properly and securely configured, it can be hijacked and used maliciously as a SMTP relay agent. Which activity could result if this happens?
Spamming
Which type of malicious activity can be described as numerous unwanted and unsolicited email messages sent to a wide range of victims?
Spamming
Over the past few days, a server has gone offline and rebooted automatically several times. You would like to see a record of when each of these restarts has occurred. Which log type should you check?
System
You have recently experienced a security incident with one of your servers. After some research, you determine that hotfix #568994 that has recently been released would have protected the server. Which of the ff. recommendations should you follow when applying the hotfix?
Test the hotfix and then apply it to all servers
If a user's BYOD device, such as a tablet or phone, is infected with malware, that malware can be spread if that user connects to your organization's network. One way to prevent this event is to use a network access control (NAC) system. How does an NAC protect your network from being infected by a BYOD device?
The NAC remediates devices before allowing them to connect to your network.
Which of the following is a snap-in that allows you to apply a template or compare a template to the existing security settings on your computer?
The Security Configuration and Analysis snap-in
You have installed anti-malware software that checks for viruses in email attachments. You configure the software to quarantine any files with problems. You receive an email with an important attachment, but the attachment is not there. Instead, you see a message that the file has been quarantines by the anti-malware software. What has happened to the file?
The infection has been removed, and the file has been saved to a different location. It has been deleted from your system The file extension has been changed to prevent it from running >>It has been moved to a secure folder on your computer
Which of the following best describes an audit daemon?
The trusted utility that runs a background process whenever auditing is enabled
A user named Bob smith has been assigned a new desktop workstation to complete his day-to-day work. the computer runs Windows 7. When provisioning Bob's user account in your organization's Romain, you assigned an account name of BSmith with an initial password of bw2Fs3D. On first logon, Bob is prompted to change his password, so he change it to Fido, the name of his dog. What should you do to increase the security of Bob's account?(select two) Require users to set a stronger password upon initial logon. Configure user account names that are easy to guess. Upgrading the workstation to windows 8 Do not allow users to change their own passwords. Train user not to use password that are easy to guess
Train users not to use passwords that are easy to guess Use Group Policy to require strong passwords on user accounts
You are concerned that an attacker can gain access to your web server, make modifications to the system, and alter the log files to hide his actions. Which of the following actions would best protect the log files?
Use syslog to send log entries to another server
Match each bring your own device (BYOD) security concern on the right with a possible remedyon the left. Each remedy may be used once, more than once, or not at all.
Users take pictures of proprietary processes and procedures >>Specify where and when mobile devices can be possessed in your acceptable use policy Devices with a data plan can email stolen data >>Specify where and when mobile devices can be possessed in your acceptable use policy Devices have no PIN or password configured >>Enroll devices in a mobile device management system Anti-malware software is not installed >>Implement a network access control solution A device containing sensitive data may be lost >>Enroll devices in a mobile device management system
Which of the following describes Privilege auditing?
Users' and groups' rights and privileges are checked to guard against creeping privileges.
Which of the following tools can you use on a Windows network to automatically distribute and install software and operating system patches on workstations? (Select two)
WSUS Group Policy
Which of the following is undetectable software that allows administrator-level access?
Worm >>Rootkit Trojan Horse Spyware Logic bomb
Which is a program that appears to be a legitimate application, utility, game, or screensaver, and performs malicious activities surreptitiously?
Worm Outlook Express >>Trojan Horse ActiveX control
Which command should you use to display both listening and non-listening sockets on your Linux system? (Tip: Enter the command as if at the command prompt.)
netstat -a
Which command should you use to scan for open TCP ports on your Linux system? (Tip: Enter the command as if at the command prompt.)
nmap -sT
You want to make sure no unneeded software packages are running on your Linux server. Select the command from the drop-down list that you can use to see all installed RPM packages.
yum list installed
