Module 7
Users in your organization receive email messages informing them that suspicious activity has been detected on their bank accounts. They are directed to click a link in the email to verify their online banking user name and password. The URL in the link is in the .ru top-level DNS domain. What kind of attack has occurred?
+O Phishing
You have just purchased a new network device and are getting ready to connect it to your network. Which of the following actions should you take to increase its security? (Select two.)
-Change default account passwords -Apply all patches and updates
You want to close all ports associated with NetBIOS on your network firewalls to prevent attacks directed against NetBIOS. Which ports should you close?
135, 137-139
To transfer files to your company's internal network from home, you use FTP. The administrator has recently implemented a firewall at the network perimeter and disabled as many ports as possible. Now you can no longer make the FTP connection. You suspect the firewall is causing the issue. Which ports need to remain open so you can still transfer the files? (Select two.)
20 21
Which of the following ports does FTP use to establish sessions and manage traffic?
20, 21
To increase security on your company's internal network, the administrator has disabled as many ports as possible. Now, however, though you can browse the internet, you are unable to perform secure credit card transactions. Which port needs to be enabled to allow secure transactions?
443
Which of the following are disadvantages to server virtualization?
A compromise of the host system might affect multiple servers
Which of the following are disadvantages to server virtualization?
A failure in one hardware component could affect multiple servers.
Users in the Sales department perform many of their daily tasks, such as emailing and creating sales presentations, on their personal tablets. The chief information officer worries that one of these users might also use their tablet to steal sensitive information on the organization's network. Your job is to implement a solution that can prevent insiders from accessing sensitive information stored on the organization's network from their personal devices while giving them access to the internet. Which of the following should you implement?
A guest wireless network that is isolated from your organization's production network
Smart devices are attractive targets for cyber criminals because they typically have minimal security and are not protected with anti-malware software. This makes it easier to exploit these types of devices and perpetrate attacks. Many smart devices can be utilized to conduct a single coordinated attack. What is this type of attack usually called?
A highly distributed attack
Users in the sales department perform many of their daily tasks, such as emailing and creating sales presentations, on company-owned tablets. These tablets contain sensitive information. If one of these tablets is lost or stolen, this information could end up in the wrong hands. The chief information officer wants you to implement a solution that can be used to keep sensitive information from getting into the wrong hands if a device is lost or stolen. Which of the following should you implement?
A mobile device management infrastructure
In a variation of the brute force attack, an attacker may use a predefined list (dictionary) of common user names and passwords to gain access to existing user accounts. Which countermeasure best addresses this issue?
A strong password policy
What is the main difference between a worm and a virus?
A worm can replicate itself, while a virus requires a host for distribution.
You have been receiving a lot of phishing emails sent from the domain kenyan.msn.pl. Links within these emails open new browser windows at youneedit.com.pl. You want to make sure that these emails never reach your inbox, but you want to make sure that emails from other senders are not affected. What should you do?
Add kenyan.msn.pl to the email blacklist
Which of the following strategies can protect against a rainbow table password attack?
Add random bits to the password before hashing takes place
Your organization provides its sales force with Windows 8.1 tablets to use while visiting customer sites. You manage these devices by enrolling them in a cloud-based Windows Intune account. One of your sales representatives left his notebook at a customer's site. The device contains sensitive information, and you want to change the password to prevent the data from being compromised. Which Intune portal should you use to remotely change the password?
Admin portal
What does netstat -a command show?
All listening and non-listening sockets
Match each mobile device application control term on the right with the appropriate description on the left. Each description may be used once, more than once, or not at all. Jailbreaking Sideloading Sandboxing Assigned Access
Allows apps to be installed from sources other than the App Store Allows apps to be installed from sources other than the Windows Store Prevents running app from accessing data stored by other running apps Defines whitelist of Windows Store applications
Which of the following statements about the use of anti-virus software is correct?
Anti-virus software should be configured to download updated virus definition files as soon as they become available.
Which of the following is not included in a system level audit event? (Select two.)
Any actions performed by the user. Names of accessed files.
Which of the following is the best recommendation for applying hotfixes to your servers?
Apply only the hotfixes that affect to software running on your systems
What is another name for a logic bomb?
Asynchronous attack
Which of the folowing is a collection of recorded data that may include details about logons, object access, and other activities deemed important by your security policy that is often used to detect unwanted and unauthorized user activity?
Audit trail
A recreation of historical events is made possible through?
Audit trails
A collection of zombie computers have been set up to collect personal information. What type of malware do the zombie computers represent?
Botnet
Which of the following are advantages of virtualization? (Select two.)
Centralized administration Easy migration of systems to different hardware
You decide to use syslog to send log entries from multiple are the most important considerations for your implementation? (Select two.) servers to a central logging server. Which of the following
Clock synchronization between all devices Disk space on the syslog server
Software that should be Software that should be Scripts that should run at installed on a specific installed for a specific user. startup or shutdown. computer. Scripts that should run at Network communication logon or logoff. security settings.
Computer Configuration User Configuration Computer Configuration User Configuration Computer Configuration
To bightly control the anti-malware settings on your computer, you elect to update the signature file manually. Even though you vigilantly update the signature file, the machine becomes infected with a new type of malware. Which of the following actions would best prevent this scenario from occurring again?
Configure the software to automatically download the virus definition files as soon as they become available
You have multiple users who are computer administrators. You want each administrator to be able to shut down systems and install drivers. What should you do? (Select two.)
Create a security group for the administrators and add all user accounts to the group. Grant the group the necessary user rights.
You want to give all managers the ability to view and edit a certain file. To do so, you need to edit the discretionary access control list (DACL) associated with the file. You want to be able to easily add and remove managers as their job positions change. What is the best way to accomplish this?
Create a security group for the managers. Add all users as members of the group. Add the group to the file's DACL.
What is the purpose of audit trails?
Detect security-violating events
When securing a newly deployed server, which of the following rules of thumb should be followed?
Determine unneeded services and their dependencies before altering the system
Why do attackers prefer to conduct distributed network attacks in static environments? (Select two.)
Devices are, typically, more difficult to monitor than traditional network devices. Devices tend to employ much weaker security than traditional network devices.
Which of the following actions should you take to reduce the attack surface of a server?
Disable unused services
What is the most common means of virus distribution?
Your organization recently purchased 18 iPad tablets for use by the organization's management team. These devices have iOS pre-installed on them. To increase the security of these devices, you want to apply a default set of security-related configuration settings. What is the best approach to take to accomplish this? (Select two. Each option is a part of a complete solution.) associated
Enroll the devices in a mobile device management system Configure and apply security policy settings in a mobile device management system
Which of the following is not an advantage when using an internal audītor to examine security systems and relevant documentation?
Findings in the audit and subsequent summations are viewed objectively.
You have heard about a Trojan horse program where the compromised system sends personal information to a remote attacker on a specific TCP port. You want to be able to easily tell whether any of your systems are sending data to the attacker. Which log would you monitor?
Firewall
Recently, a serious security breach occurred in your organization. An attacker was able to log in to the internal network and steal data through a VPN connection using the credentials assigned to a vice president in your organization. For security reasons, all individuals in upper management in your organization have unlisted home phone numbers and addresses. However, security camera footage from the vice president's home recorded someone rummaging through her garbage cans prior to the attack. The vice president admitted to writing her VPN login credentials on a sticky note that she subsequently threw away in her household trash. You suspect the attacker found the sticky not in the trash and used the credentials to log in to the network. You've reviewed the vice president's social media pages. You found pictures of her home posted, but you didn't notice anything in the photos that would give away her home address. She assured you that her smart phone was never misplaced prior to the attack. Which security weakness is the most likely cause of the security breach?
Geo-tagging was enabled on her smart phone.
Which of the following solutions would you use to control the actions that users can perform on a computer, such as shutting down the system, logging on through the network, or loading and unloading device drivers?
Group Policy
You have contracted with a vendor to supply a custom application that runs on Windows workstations. As new application versions and patches are released, you want to be able to automatically apply them to multiple computers. Which tool is your best choice for accomplishing this task?
Group Policy
Which of the following tools can you use on a Windows network to automatically distribute and install software and operating system patches on workstations? (Select two.)
Group Policy WSUS
By definition, what is the process of reducing security exposure and tightening security controls?
Hardening
Which of the following terms describes a Windows operating system patch that corrects a specific problem and is released on a short-term, periodic basis (typically monthly)?
Hotfx
Match each bring your own device (BYOD) security issue on the right with a possible remedy on the left. Each remedy may be used once, more than once, or not at all. Preventing malware infections Supporting mobile device users Preventing loss of control of sensitive data Preventing malicious insider attacks Applying the latest anti-malware definitions
Implement a network access control (NAC) solution. Specify who users can call for help with mobile device apps in your acceptable use policy. Enroll devices in a mobile device management system. Specify where and when mobile devices can be possessed in your acceptable use policy. Implement a network access control (NAC) solution.
You manage information systems for a large co-location data center. Networked environmental controls are used to embedded smart technology that allows them to be managed manage the temperature within the data center. These controls use over an internet connection using a mobile device app. You are concerned about the security of these devices, What can you do to increase their security posture? (Select two.)
Install the latest firmware updates from the device manufacturer. Verify that your network's existing security infrastructure is working properly.
connecting to your network. You notice a growing number of devices, such as environmental control systems and wearable devices, are These devices, known as smart devices, are sending and receiving data via wireless network connections. Which of the following labels applies to this growing ecosystem of smart devices?
Internet of things
You have installed anti-malware software that checks for viruses in email attachments. You configure the software to quarantine any files with problems. You receive an email with an important attachment, but the attachment is not there. Instead, you see a message that the file has been quarantined by the anti-malware software. What has happened to the file?
It has been moved to a secure folder on your computer.
Which of the following best describes spyware?
It monitors the actions you take on your machine and sends the information back to its originating source.
You have two folders that contain documents used by various departments: • The Development group has been given the Write permission to the Design folder. • The Sales group has been given the Write permission to the Products folder. No other permissions have been given to either group. User Mark Tillman needs to have the Read permission to the Design folder and the Write permission to the Products folder. You want to use groups as much as possible. What should you do?
Make Mark a member of the Sales group; add Mark's user account directly to the ACL for the Design folder.
Match the virtualization feature on the right with the appropriate description on the left. Rlexibility Testing Server Server consolidation Sandboxing
Moving virtual machines between hypervisor hosts Verifying that security controls are working as designed Performing a physical-to-virtual migration (P2V) Isolating a virtual machine from the physical network.
You have a file server named Srv3 that holds files used by the Development department. You want to allow users to access the files over the network and control access to files accessed through the network or a local logon. Which solution should implement?
NTFS and share permissions
Which of the following describes a configuration baseline?
O A list of common security settings that a group or all devices share
You have a shared folder named Reports. Members of the Managers group have been given write access to the shared folder. Mark Mangum is a member of the Managers group. He needs access to the files in the Reports folder, but should not have any access to the Confidential.xls file, What should you do?
O Add Mark Mangum to the ACL for the Confidential.xis file with Deny permissions.
Your organization provides its sales force with Windows RT 8.1 tablets to use while visiting customer sites. You manage these devices by enrolling them in your cloud-based Windows Intune account. One of your sales representatives left her tablet at an airport. The device contains sensitive information, and you need to remove it in case the device is compromised. Which Intune portal should you use to perform a remote wipe?
O Admin portal
compliance? Which of the following terms identifies the process of reviewing log files for suspicious activity and threshold
O Auditing
You want to store your used as evidence in the event of a security incident. computer-generated audit logs in case they are needed in the future for examination or to be storage have not been altered when you go to use them in the future? Which method can you use to ensure that the logs you put in
O Create a hash of each log.
You suspect that some of your computers have been hijacked and are being used to perform denial of service attacks directed against other computers on the Internet. Which log would you check to see if this is happening?
O Firewal
For users who are members of the sales team, you want to force computers to use a specific desktop background and remove access to administrative tools from the Start menu. Which solution should you use?
O Group Policy
You have placed an FTP server in your DMZ behind your firewall. The FTP server will be used to distribute softwar updates and demonstration versions of your products. Users report that they are unable to access the FTP server. What should you do to enable access?
O Open ports 20 and 21 for inbound and outbound connections
You suspect that your Web server has been the target of a denial of service attack. You would like to view information about the number of connections to the server over the past three days. Which log would you most likely examine?
O Performance
Your organization's security policy specifies that any mobile device that connects to your internal network must have Remote Wipe enabled, regardless of ownership. If the device is lost or stolen, then it must be wiped to remove any sensitive data from it. Your organization recently purchased several Windows RT tablets. Which should you do?
O Sign up for a Windows Intune account to manage the tablets.
Which type of malicious activity can be described as numerous unwanted and unsolicited email messages sent to a wide range of victims?
O Spamming
You have recently experienced a security incident with one of your servers. the hotfox #568994 that has recently been released would have protected the server. After some research, you determine that Which of the following recommendations should you follow when applying the hotfx?
O Test the hotfx and then apply it to all servers.
Which of the following is a snap-in that allows you to apply a template or compare a template to the existing security settings on your computer?
O The Security Configuration and Analysis snap-in
Which of the following best describes an audit daemon?
O The trusted utility that runs a background process whenever audīting is enabled.
You are concerned that an attacker can gain access to your the log files to hide his actions. Which of the following actions would best protect the log files? Web server, make modifications to the system, and alter
O Use syslog to send log entries to another server
Your organization is formulating a bring your own device (BYOD) security policy for mobile devices. Which of the following statements should be considered as you formulate your policy?
O You can't use domain-based group policies to enforce security settings on mobile devices.
Many popular operating systems allow quick and easy file and printer sharing with other network members. Which of the following is not a means by which file and printer sharing is hardened?
OAllowing NetBIOS traffic outside of your secured network
Your organization recently purchased 30 tablet devices for your traveling sales force. These devices have Windows RT preinstalled on them. To increase the security of these devices, you want to apply a default set of security-related configuration settings. What is the best approach to take to accomplish this? (Select two. Each option is part of a complete solution.)
OConfigure and apply security policy settings in a mobile device management system. Enroll the devices in a mobile device management system.
You install a new Linux distribution on a server in your network. The distribution includes an SMTP daemon that is enabled by default when the system boots. The SMTP daemon does not require authentication to send email messages. Which type of email attack is this server susceptible to?
Open SMTP relay
Which of the following mechanisms can you use to add encryption to email? (Select two.)
PGP S/MIME
Which of the folowing is most vulnerable to a brute force attack?
Password authentication
Properly configured passive IDS and system audīt logs are an integral step must be taken to ensure that the information is useful in maintaining a secure environment? part of a comprehensive security plan. Which
Periodic reviews must be conducted to detect malicious activity or policy violations.
The auditing feature of an operating system serves as what form of control when users are informed that their actions are being monitored?
Preventative
What does hashing of log files provide?
Proof that the files have not been altered
Which of the following is an advantage of a virtual browser?
Protects the host operating system from malicious downloads
Which of the following password attacks uses preconfigured matrices of hashed dictionary words?
Rainbow table
which of the folowing are characteristics of a rootkit (Select two.)
Requires administrator-level privileges for installation Hides itself from detection
Which of the folowing is undetectable software that allows administrator-level access?
Rootkit
You have heard about a new malware program that presents itself to users as a virus scanner. When users run the software, it installs itself as a hidden program that has administrator access to various operating system components. The program then tracks system activity and allows an attacker to remotely gain administrator access to the computer. Which of the terms best describes this software?
Rootkit
You have a development machine that contains sensitive information relative to your business. You are concerned that spyware and malware might be installed while users browse websites, which could compromise your system or pose a confidentiality risk. Which of the following actions would best protect your system?
Run the browser within a virtual environment
You want to use a protocol for encrypting emails that uses a PKI with X.509 certificates. Which method should you choose?
S/MIME
Which of the following network services or protocols uses TCP/IP port 22?
SSH
FTPS uses which mechanism to provide security for authentication and data transfer?
SSL
You have installed anti-virus software on the computers on your network. You update the definition and engine files and configure the software to update those files every day. What else should you do to protect your systems from malware? (Select two.)
Schedule regular full system scans Educate users about malware
What is the primary distinguishing characteristic between a worm and a logic bomb?
Self-replication
An attacker sends an unwanted and unsolicited email message to multiple recipients with an attachment that contains malware.
Spam
Which of the following could easily result in a denial of service attack if the victimized system had too little free storage capacity?
Spam
If an SMTP server is not properly and securely configured, it can be hijacked and used maliciously as a SMTP relay agent. Which activity could result if this happens?
Spamming
Match each bring your own device (BYOD) security concern on the right with a possible remedy on the left. Each remedy may be used once, more than once, or not at all. Users take pictures of proprietary processes and procedures. Devices with a data plan can email stolen data. Devices have no PIN or password configured., Anti-malware software is not installed. A device containing sensitive data may be lost.
Specify where and when mobile devices can be possessed in your acceptable use policy. Specify where and when mobile devices can be possessed in your acceptable use policy. Enroll devices in a mobile device management system. Implement a network access control (NAC) solution. Enroll devices in a mobile device management system.
Which type of virus conceals its presence by intercepting system requests and altering service outputs?
Stealth
Which of the following is a standard for sending log messages to a central logging server?
Syslog
Over the past few days, a server has gone record of when each of these restarts has occurred. offline and rebooted automatically several times. You would like to see a Which log type should you check?
System
Arrange the Group Policy ojects (GPOS) in the order in which they are applied.
The Local Group Policy on the computer. GPOS linked to the domain that contains the user or computer object. GPOS linked to the organizational unit that contains the object.
If a user's BYOD device, such as a tablet or phone, is infected with malware, that malware can be spread if that user connects to your organization's network. One way to prevent this event is to use a network access control (NAC) system. How does an NAC protect your network from being infected by a BYOD device?
The NAC remediates devices before allowing them to connect to your network.
Which is a program that appears to be a legitimate application, utility, game, or screensaver and performs malicious activities surreptitiously?
Trojan horse
If your anti-virus software does not detect and remove a virus, what should you try first?
Update your virus detection software.
Match the IT audit activity on the left with the appropriate description on the right. Documents incidents for security violations and incident response. Identifies inefficient IT strategies, such as weak policies and procedures. Verifies the appropriate use of accounts and privileges. Checks user/group rights and privileges to identify cases of creeping privileges. Determines whether privilege-granting processes are appropriate and whether computer use and escalation processes place and working.
Usage auditing Risk evaluation Escalation auditing Privilege auditing User access rights review
A user named Bob Smith has been assigned a new desktop workstation to complete his day-to-day work. When provisioning Bob's user account in your organization's domain, you assigned an account name of BSmith with an initial password of bw2Fs3d. On first login, Bob is prompted to change his password, so he changes it to the name of his dog (Fido). What should you do to increase the security of Bob's account? (Select two.)
Use Group Policy to require strong passwords on user accounts. Train users not to use passwords that are easy to guess.
Which of the following describes Privilege auditing?
Users' and groups' rights and privileges are checked to guard against creeping privileges.
You manage the information systems for a large manufacturing firm. Supervisory control and data acquisition (SCADA) devices are used on the manufacturing organization's automated factory equipment. The SCADA devices use be managed using a mobile device app over an internet connection. floor to manage your embedded smart technology, allowing them to You are concerned about the security of these devices. What can you do to increase their security posture? (Select two.)
Verify that your network's existing security infrastructure is working properly. Install the latest firmware updates from the device manufacturer.
Which command should you use to display both listening and non-listening sockets on your linux system?
netstat -a
You need to increase the security of your Linux system by finding and closing open ports. Which of the following commands should you use to locate open ports?
nmap
Which command should you use to scan for open TCP ports on your Linux system?
nmap -sT
You want to make sure no unneeded software packages are running on your Linux server. Select the command from the drop-down list that you can use to see all installed RPM packages.
yum list installed