SECURITY (IT Fundamentals portion of CompTIA ITF)

You are configuring the local security policy of a Windows system. You want to require users to create passwords that are at least 10 characters long. You also want to prevent log on after three unsuccessful logon attempts. What two policy's are the BEST to configure?

Account lockout threshold, and minimum password length

Martin just purchased a new computer and wants to surf the web. He is afraid his new computer might get infected by automatically installing viruses. What should he do to protect his computer?

Change browser settings to notify before downloading

Joe, a bookkeeper, works in a cubicle environment and is often called away from his desk. Joe doesn't want to sign out of his computer each time he leaves. What are the BEST two solutions for securing Joe's workstation?

Configure a screen saver to require a password, and or configure the screen lock to be applied after short period of nonuse

Mark received and email from a software company claiming his account will be disabled soon. The email contains several spelling errors, an attachment, and states that he should open the attachment for further instructions. What should Mark do?

Delete the email without opening the attachment

Ted, an employee in the Sales department has asked a coworker, Ann, in the Production department to update the product descriptions contained in a Sales document. Ann can open that file but, after making changes, can't save the file. What digital security method is MOST likely preventing this?

Directory Permission

You are a PC technician for a company. An employee has gone to a meeting while you fix the computer in her office. She accidentally left a report open next to her computer which states that a friend of yours in accounting will be submitted for review if their poor work performance continues. What is the BEST action to take?

Ignore the paper and tell no one of its contents

You recently charged $70 to one of your bank accounts but the amount now appears as $700. What may have occurred?

Man-in-the-Middle Attack

Phishing

Online attack that involves pretending to be a legitimate company to get sensitive information

Your company wants to use multifactor authentication. What would you MOST likely suggest?

PIN and Smart card

Your friend Andrew has confirmed someone has been using his password to log in to his social media account. He believes that two bank accounts may also have been compromised. What password policy has Andrew MOST likely violated?

Password Reuse

In which of the following should you expect privacy: Metadata stored by a web browser? Personally identifiable information entered into a Human Resource database? Emailing an important document to a friend using an employer email system? Sharing a photo through a mobile phone app?

Personally identifiable information entered into a Human Resource database

A user within your organization received an email relating how an account containing a large sum of money has been frozen by the government of a small African nation. The user was offered a 25% share of this account if she would help the sender transfer it to a bank in the United States. The user responded to the sender and was instructed to send her bank account number so that it could be used to facilitate the transfer. She complied, and then the sender used the information to drain her bank account. What type of attack occurred?

Phishing

What is a form of attack that tricks victims into providing confidential information, such as identity information or logon credentials, through emails or Websites that impersonate an online Entity that the victim trusts, such as financial institution or well-known e-commerce site?

Phishing

Your company has a disaster recovery plan that says the order to restore data is customer data, financial system, then email. This is an example of what?

Prioritization

Even if you perform regular backups, what must be done to ensure that you are protected against data loss?

Regularly test restoration procedures

A technician is tasked with configuring a mobile device to connect securely to the company network when the device is used at offsite locations where only Internet connectivity is available. What should the technician configure?

VPN

What security measure is a form of biometrics?

Fingerprint Scanner

The CEO of a small business travels extensively and is worried about having the information on their laptop stolen if the laptop is lost or stolen. What would BEST protect the data from being compromised if the laptop is lost or stolen?

Full-Disk Encryption

What is NOT a drawback of social media?

Social media makes it difficult to keep in touch with friends and family

Spam

Unwanted, unsolicited emails containing advertisements, political rhetoric, hoaxes, or scams