430
Which of the following would you use if you want an organizational unit Group Policy Object (GPO) to apply only to some computers or users in the organizational unity (OU)?
A security filter
Which of the following is a product that supports creating and running virtual machines in Windows Server 2008?
Hyper-V
Which of the following terms is used to describe providing credentials that claim a specific identity, such as a user name?
Identification
A framework of open standards for protecting communications over Internet Protocol (IP) networks is referred to as:
Internet Protocol Security (IPSec).
Which of the following is NOT true about cloud computing?
It eliminates the need for backup and recovery plan
Which of the following statements is NOT true regarding the Security Configuration and Analysis (SCA) tool?
It evaluates the current security state of computers in accordance with Microsoft security recommendations.
Which of the following statements is NOT true regarding Online Software Inspector (OSI)?
It is an expensive product designed for corporate customers.
Which of the following statements is NOT true regarding the Microsoft Baseline Security Analyzer (MBSA)?
It is expensive
Which of the following is NOT one of the limitations in the NetChk Protect Limited product?
It requires users to pay an expensive licensing fee.
Which of the following is NOT a Windows access management tool for changing DACLs for a group of objects?
Kerberos
Which of the following refers to the core part of an operating system that provides the essential services of the operating system?
Kernel
Which of the following refers to a computer designated to authenticate users and, upon authentication, issue Kerberos keys that will allow subjects to access objects?
Key distribution center (KDC)
Which of the following can be used to view and edit Group Policy settings?
Local Group Policy Editor
The two primary resources you should consult in developing a malware eradication plan are your anti-malware software's support resources and Microsoft's:
Malicious Software Removal Tool.
Which of the following terms refers to a collection of different types of software that share the goal of infiltrating a computer and making it do something?
Malware
Which of the following descriptions refers to administrative controls
Management actions, written policies, procedures, guidelines, regulations, laws, or rules of any kind
Which of the following is a tool that evaluates the current security state of computers in accordance with Microsoft security recommendations?
Microsoft Baseline Security Analyzer (MBSA)
Which of the following is a graphical user interface framework that provides a centralized method to manage software components on Windows computers?
Microsoft Management Console (MMC)
Which of the following is NOT a best practice for Group Policy and processes?
Modify the default policies as needed.
Which of the following refers to a security scanner from Shavlik that scans and analyzes the patch status of products Microsoft Baseline Security Analyzer (MBSA) does not support?
NetChk Protect
Which of the following refers to the authentication protocol used in legacy Windows systems to support secure communications across an insecure network?
Network Translation LAN Manager (NTLM)
Which of the following allows a sender to verify the source of a message?
Nonrepudiation
Which of the following is a resource to which access is controlled?
Object
Where does Windows store AD Group Policy Objects GPOs?
On the domain controller
Which of the following is NOT one of Secunia's corporate products?
Online Software Inspector (OSI)
Which of the following statements is NOT true regarding anti-spyware software?
Only one anti-spyware product should be used at a time.
Which of the following is another name for the United States Department of Defense Trusted Computer System Evaluation Criteria, one of the early formal standards for computer security?
Orange Book
Which of the following refers to AD containers that group computers either logically or functionally?
Organizational unit (OU)
Which of the following is NOT an action you can perform in the Group Policy Management Console (GPMC)?
Perform a complete scan of all hard drives
Which of the following defines what a user can do to a specific object, such as read or delete the object?
Permission
Which of the following is a consumer-based vulnerability scanner that must be installed on the computer before using it to scan for vulnerabilities?
Personal Software Inspector (PSI)
Which of the following refers to a tunneling protocol used to support VPNs?
Point-to-Point Tunneling Protocol (PPTP)
What term is used to describe a shared secret used by cryptographic algorithms to perform symmetric encryption and decryption?
Pre-shared key (PSK)
Which of the following refers to the copy of any piece of information that you use most frequently?
Primary copy
Which of the following would NOT be considered part of the basic process of a Windows security audit?
Profiling a collection of computers
Which of the following is NOT true regarding profiling?
Profiling can be considered the same process as auditing.
Malware is loosely divided into what two main categories?
Programs that spread or infect and programs that hide
Which of the following is NOT considered one of the features of Dynamic Access Control (DAC)?
Providing unrestricted access to the computer's resources
Which of the following refers to a type of malware that attempts to generate funds directly from a computer user by attacking the computer and limiting the user's ability to access it until some money is paid?
Ransomware
Which of the following is the amount of time it should take to recover a resource and bring it back to normal operation?
Recovery time objective (RTO)
Which of the following is a collection of disks organized in a way that protects data by duplicating it or writing extra information to reconstruct any damaged data?
Redundant array of independent disks (RAID)
A database on each Windows computer that stores configuration settings for the computer and users is referred to as the:
Registry
Which of the following statements is NOT true regarding the performance of malware scans?
Removable media does not need to be scanned.
A utility that shows the settings that result from existing or planned GPOs for a specific computer and user is referred to as the:
Resultant Set of Policy (RSOP) tool.
Which of the following defines tasks that a user is permitted to carry out, such as take ownership of objects or shut down the computer?
Right
Which of the following is a security feature of Windows that can encrypt files that contain tagged sensitive data without requiring user interaction?
Rights Management Services (RMS)
What term is used to describe any exposure to a threat?
Risk
Which of the following access control methods is based on permissions defined by a role (such as manager, authorized user, or guest)?
Role based access control (RBAC)
Which of the following is a type of malware that modifies or replaces one or more existing programs to hide the fact a computer has been compromised?
Rootkit
Which of the following is NOT considered a best practice for Microsoft Windows backup and recovery?
Schedule backups only after setting up a new system.
Which of the following describes the virtual private network (VPN) protocol that creates an encrypted tunnel over Secure Sockets Layer/Transport Layer Security (SSL/TLS)?
Secure Socket Tunneling Protocol (SSTP)
Which of the following refers to a unique identifier for each user and group in a Windows environment?
Security identifier (SID)
Security permissions for a selected object can be viewed and modified in the:
Security page of the object's Properties dialog box.
Which of the following refers to a text file that contains a list of configuration settings?
Security template
Which of the following is a contract with a vendor that guarantees replacement hardware or software within a specific amount of time?
Service level agreement (SLA)
Which of the following refers to an administrative program designed to run in the Microsoft Management Console (MMC)?
Snap-in
Which of the following refers to an entity requesting access to an object?
Subject
Which of the following refers to the highest privilege at which programs can run, allowing access to the physical hardware and kernel resources?
Supervisor mode
Which of the following refers to an encryption algorithm that uses a single key for both encryption and decryption?
Symmetric key
Which of the following statements is NOT true regarding a Windows security audit?
Very few tools exist to make a Windows security audit manageable.
Which of the following refers to a software implementation of a physical computer?
Virtual machine (VM)
Which of the following refers to the ability to run two or more virtual machines simultaneously on a single physical computer?
Virtualization
A defined collection of copies of files created in case the primary copies of the files are damaged or destroyed is referred to as a:
backup.
A collection of configuration settings collected and saved for the purposes of comparing to other similar collections of configuration settings is referred to as a(n):
baseline
A form of encryption in which the disk controller encrypts each block is referred to as:
Full Disk Encryption (FDE)
A method for encrypting a single partition, either physical or virtual, on a hard drive is referred to as:
Full Volume Encription (FVE).
A computer that stores digital certificates and issues them to authenticated subjects is referred to as a:
certificate authority (CA).
An algorithm for performing encryption and decryption is referred to as a(n):
cipher.
An access control method based on an object's owner and permissions granted by the owner is referred to as:
discretionary access control (DAC).
The process of transforming readable information into unreadable information in such a way that anyone with a proper key can reverse the process, making the information readable again is referred to as:
encryption
Secunia is a company that provides security scanner software products to:
extend the functionality of the Microsoft Baseline Security Analyzer (MBSA).
File Classification Infrastructure (FCI) is a(n):
feature of Windows that provides the ability to define classification properties for files
The practice of identifying malware based on previous experience is referred to as:
heuristics.
The assurance that information can be modified only by authorized users is referred to as
integrity.
The process of collecting network messages as they travel across a network in hopes of divulging sensitive information, such as passwords is referred to as:
packet sniffing.
A device (such as a fence, door, lock, or fire extinguisher) that limits access or otherwise protects a resource is a:
physical control.
Controls (such as locked doors, firewall rules, and user passwords) that stop an action before it occurs are referred to as:
preventive controls
The process of comparing real computer configurations to known baselines is called:
profiling.
A general approach to handling encryption keys using trusted entities and digital certificates is referred to as:
public key infrastructure (PKI).
An encryption key that can be shared and does not need to be kept private is referred to as a
public key.
Software that covertly monitors and records pieces of information, such as Web surfing activities, is referred to as:
spyware.
A device or process (such as user authentication, antivirus software, and firewalls) that limits access to a resource is referred to as a
technical control.
The C-I-A Triad (confidentiality, availability, and integrity) make up the three:
tenets of information security.
Any action that could lead to damage or loss is referred to as a
threat.
Current malware generally exists to fulfill all of the following purposes EXCEPT:
to perform "harmless" experiments or pranks.
Which of the following refers to a set of named entities that define a group of users for the purpose of defining permissions that apply to multiple users?
Group
Which of the following refers to centralized set of rules that govern the way Windows operates?
Group Policy
The utility for collecting deployed Group Policy Objects (GPOs) and computer information that is used to verify Group Policy implementations is referred to as:
Group Policy Inventory tool
Which of the following is a utility used to create, edit, and manage AD Group Policy Objects (GPOs)?
Group Policy Management Console (GPMC)
A named object that contains a collection of Group Policy settings is referred to as a(n):
Group Policy Object (GPO)
Which of the following Windows kernel mode components provides the actual access to physical hardware?
Hardware Abstraction Layer (HAL)
Which of the following is a complete copy of an environment at a remote site?
Hot site
In which of the following situations would you need to rely on a disaster recovery plan (DRP)?
A fire or tornado damages your datacenter.
What term is used to describe a shared database of domain users, groups, computers, resources, and other information, along with network functionality to centralize and standardize network management and interoperation?
Active directory
Which of the following refers to a set of hash functions adopted by the National Security Agency as a U.S. government information processing standard?
Advanced Encryption Standard (AES)
Which of the following statements is NOT true regarding antivirus software?
Antivirus and anti-spyware software should not be used on the same computer system.
Which of the following statements is NOT true regarding ransomware?
As Windows computers and devices become more mobile, they become less vulnerable to potential ransomware attacks
Which of the following refers to a cryptographic algorithm that uses two related keys—one key to encrypt data and another key to decrypt data?
Asymmetric algorithm
Which of the following refers to any person or program that attempts to interact with a computer information system in an unauthorized manner?
Attacker
Which of the following refers to the process of collecting performance information on what actions were taken and storing that information for later analysis?
Auditing
What name is given to the assurance that requested information is available to authorized users upon request?
Availability
Which of the following refers to a restore that includes the operating system and all configuration settings?
Bare metal recovery
Which of the following encrypts entire volumes and normally uses a computer's Trusted Platform Module (TPM) hardware to store encryption keys?
BitLocker
What name is given to a Windows feature that encrypts removable media devices?
BitLocker To Go
Which of the following refers to a condition in which a running program stores data in an area outside the memory location set aside for the data?
Buffer overflow
Which of the following is NOT a common anti-malware software component?
Buffer overflow—a location to isolate unidentified malware for deletion
Which of the following ensures an organization can survive any disruption and continue operating?
Business continuity plan (BCP)
When the Windows Registry uses GUIDs to identify objects and records many of their attributes, it can be said that the GUIDs are stored as:
Class Identifiers (CLSIDs).
Which of the following refers to a level of sensitivity (such as top secret, secret, confidential, restricted, or unclassified) assigned to an object by its owner?
Classification
Which of the following is an alternate security control that fulfills an original goal without implementing the primary control?
Compensating control
Which of the following is NOT one of the steps in the process for addressing attacks?
Confidentiality
Which of the following refers to the assurance that information can be accessed and viewed only by authorized users?
Confidentiality
What type of control repairs the effects of damage from an attack?
Corrective control
Which of the following is NOT a step in making Group Policy conform to your security policy?
Create any desired additional GPOs not covered in the policy.
Which of the following is NOT an example of a worm that has been used to attack Windows vulnerabilities?
EULA
Which of the following statements is NOT true regarding Secunia's corporate products?
Each of the products is available free to the public.
What name is given to the page within the Advanced Security Settings dialog box of Windows that displays calculated permissions for any user or group?
Effective Permissions
Which of the following provides transparent file and folder encryption, using encryption keys that are based on a user's password?
Encrypting File System (EFS)
What name is given to a security strategy that relies on multiple layers of security that require attackers to defeat multiple controls to access any protected resource?
Defense in depth
Which of the following is NOT part of a sound malware prevention strategy?
Disable boot time virus checking.
Which of the following covers the actions you must take when a disaster strikes to address the damage and return your infrastructure to a point where you can continue operations?
Disaster recovery plan (DRP)
Which of the following refers to a server computer designated to handle Active Directory requests?
Domain controller
Which of the following is NOT one of the basic permissions that can be modified for each user or group?
Take Ownership
Which of the following is an international standard for functionality and assurance of computer security that extends the concepts stated in the Orange Book?
The Common Criteria for Information Technology Security Evaluation
Which of the following should you use if you want to prevent users from launching any of their own user-installed gadgets in the sidebar of their desktop?
The Local Group Policy Editor
Which of the following refers to the practice of providing a user or process with only the necessary access required to carry out a task?
The principle of least privilege
The utility that immediately deploys and applies Group Policy Objects (GPOs) is referred to as the:
The utility that immediately deploys and applies Group Policy Objects (GPOs) is referred to as the:
A cryptographic protocol that operates at the transport network layer and provides security for communications across the Internet is referred to as:
Transport Layer Security (TLS).
Which of the following refers to software that masquerades as an apparently harmless program or data file but contains malware instructions?
Trojan horse
Which of the following refers to any user (person or program) that does not possess permission to access a resource?
Unauthorized user
The Windows feature of prompting users before escalating to administrator privileges is called:
User Account Control (UAC).
Which of the following is a software program that attaches itself to, or copies itself into, another program for the purpose of causing the computer to follow instructions that were not intended by the original program developer?
Virus
Which of the following is a Windows service that assists utilities and applications in creating snapshots of a running Windows system?
Volume Shadow Copy Service (VSS)
What term is used to describe any weakness that could allow a threat to be realized?
Vulnerability
Which of the following is a subset of SQL used to query Windows machines for management and operations data?
WMI Query Language (WQL)
Which of the following allow you to query the target environment and apply security settings only in certain situations?
WMI filters
Which of the following is the infrastructure Windows uses to maintain and exchange management and operations data?
Windows Management Instrumentation (WMI)
Which of the following is TRUE regarding Group Policy Object (GPO) linking?
You can link GPOs to specific users to customize settings for groups of users or even individual users.
Each entry in a discretionary access control list (DACL) is called a(n)
access control entry (ACE).
Windows stores access rules, or permissions, for resources (objects) in:
access control lists.
The process of providing and denying access to objects is called:
access control.
The collection of all possible vulnerabilities that could provide unauthorized access to computer resources is called the:
attack surface.
The process of proving that provided identity credentials are valid and correct is referred to as:
authentication.
A site, a domain, or an organizational unit in Active Directory is referred to as a:
container.
Any mechanism or action that prevents, detects, or addresses an attack is referred to as a(n):
control
Data that is stored on a persistent storage device, such as a disk drive, is referred to as:
data at rest.
Data that is currently being transported from one location to another, as in a transfer across a network connection, is referred to as
data in transit.
Smoke detectors, log monitors, and system audits are examples of:
detective controls
Technical controls are also referred to as:
logical controls.
Accounts that administrators can create as managed domain accounts to provide automatic password management are referred to as:
managed service accounts
An access control method based on the subject's clearance and the object's classification is referred to as:
mandatory access control (MAC).
The purpose of a Windows security audit is to:
measure how well the audited computer operation complies with your security policy.
Using three or more types of authentication is referred to as:
multi-factor authentication.
The full version of NetChk Protect:
removes the limitations of the NetChk Protect Limited product.
The process of copying secondary copies of files back to their primary locations is referred to as a:
restore operation.
A copy of information created to assist in the recovery of the information in the event the primary copy is damaged or destroyed is referred to as a:
secondary copy.
The organized collection of known malware signatures is stored in a:
signature database
The unique set of instructions that make up an instance of malware and distinguish it from other malware is referred to as its:
signature.
The entire movement toward cloud computing is based on:
virtualization
Zero-day attacks occur under any of the following conditions EXCEPT:
when the malware and the vulnerability have been identified and a fix is readily available.