7
Which type of virus conceals its presence by intercepting system requests and altering service outputs? Retro Slow Polymorphic Stealth
Stealth
Which of the following is the best recommendation for applying hotfixes to your servers? Apply all hotfixes before applying the corresponding service pack Apply hotfixes immediately as they are released Wait until a hotfix becomes a patch, then apply it Apply only the hotfixes that affect to software running on your systems
*Apply only the hotfixes that affect to software running on your systems*
You want to close all ports associated with NetBIOS on your network firewalls to prevent attacks directed against NetBIOS. Which ports should you close? 67, 68 135, 137-139 161, 162 389, 636
*135, 137-139*
Which of the following ports does FTP use to establish sessions and manage traffic? 25, 110 20, 21 135 - 139 80, 443
*20, 21*
To increase security on your company's internal network, the administrator has disabled as many ports as possible. Now, however, though you can browse the internet, you are unable to perform secure credit card transactions. Which port needs to be enabled to allow secure transactions? 80 21 443 69 23
*443*
Which of the following are disadvantages to server virtualization? Increased hardware costs A compromised host system might affect multiple servers Systems are isolated from each other and cannot interact with other systems A compromised guest system might affect multiple servers
*A compromised host system might affect multiple servers*
To tightly control the antimalware settings on your computer, you elect to update the signature file manually. Even though you vigilantly update the signature file, the machine becomes infected with a new type of malware. Which of the following actions would best prevent this scenario from occurring again? Switch to a more reliable antivirus software Carefully review open firewall ports and close any unnecessary ports Create a scheduled task to run sfc.exe daily Configure the software to automatically download the virus definition files as soon as they become available
*Configure the software to automatically download the virus definition files as soon as they become available*
You want to give all managers the ability to view and edit a certain file. To do so, you need to edit the discretionary access control list (DACL) associated with the file. You want to be able to easily add and remove managers as their job positions change. What is the best way to accomplish this? Add one manager to the DACL that grants all permissions. Have this user add other managers as required. Create a distribution group for the managers. Add all users as members of the group. Add the group to the file's DACL. Create a security group for the managers. Add all users as members of the group. Add the group to the file's DACL Add each user account to the file's DACL.
*Create a security group for the managers. Add all users as members of the group. Add the group to the file's DACL.*
When securing a newly deployed server, which of the following rules of thumb should be followed? Disable all unused services Disable each service in turn and then test the system for negative effects Determine unneeded services and their dependencies before altering the system Disable all services not associated with supporting shared network services
*Determine unneeded services and their dependencies before altering the system *
Which of the following actions should you take to reduce the attack surface of a server? Install antimalware software Disable unused services Install the latest patches and hotfixes Install a hostbased IDS
*Disable unused services*
What is the most common means of virus distribution? Commercial software CDs Music downloaded from the internet Email Floppy disks
*Email*
Which of the following is not an advantage when using an internal auditor to examine security systems and relevant documentation? An internal auditor has knowledge of the inner workings of the organization. Findings in the audit and subsequent summations are viewed objectively. Orientation time is minimized. An internal auditor is familiar with organizational goals.
*Findings in the audit and subsequent summations are viewed objectively.*
Which of the following are disadvantages of server virtualization? Increased hardware costs. Systems are isolated from each other and cannot interact with other systems. A compromise of a guest system might affect multiple servers. A failure in one hardware component could affect multiple servers.
*A failure in one hardware component could affect multiple servers.*
Which of the following describes a configuration baseline? A set of performance statistics that identifies normal operating performance A list of common security settings that a group or all devices share The minimum services required for a server to function A collection of security settings that can be automatically applied to a device
*A list of common security settings that a group or all devices share*
In a variation of the brute force attack, an attacker may use a predefined list (dictionary) of common user names and passwords to gain access to existing user accounts. Which countermeasure best addresses this issue? A strong password policy VLANs 3DES encryption AES encryption
*A strong password policy*
What is the main difference between a worm and a virus? A worm requires an execution mechanism to start, while a virus can start itself. A worm tries to gather information, while a virus tries to destroy data. A worm can replicate itself, while a virus requires a host for distribution. A worm is restricted to one system, while a virus can spread from system to system.
*A worm can replicate itself, while a virus requires a host for distribution.*
You have a shared folder named Reports. Members of the Managers group have been given write access to the shared folder. Mark Mangum is a member of the Managers group. He needs access to the files in the Reports folder, but should not have any access to the Confidential.xls file. What should you do? Remove Mark Mangum from the Managers group. Add Mark Mangum to the ACL for the Reports directory with Deny permissions. Add Mark Mangum to the ACL for the Confidential.xls file with Deny permissions. Configure NTFS permissions for Confidential.xls to allow Read only.
*Add Mark Mangum to the ACL for the Confidential.xls file with Deny permissions.*
You have been receiving a lot of phishing emails sent from the domain *kenyan.msn.pl*. Links within these emails open new browser windows at *youneedit.com.pl.* You want to make sure that these emails never reach your inbox, but you want to make sure that emails from other senders are not affected. What should you do? Add kenyan.msn.pl to the email blacklist Add youneedit.com.pl to the email blacklist Add pl to the email blacklist Add msn.pl to the email blacklist
*Add kenyan.msn.pl to the email blacklist*
Which of the following strategies can protect against a rainbow table password attack? Encrypt the password file with oneway encryption Add random bits to the password before hashing takes place Educate users to resist social engineering attacks Enforce strict password restrictions
*Add random bits to the password before hashing takes place *
Your organization provides its sales force with Windows 8.1 tablets to use while visiting customer sites. You manage these devices by enrolling them in a cloudbased Windows Intune account. One of your sales representatives left his notebook at a customer's site. The device contains sensitive information, and you want to change the password to prevent the data from being compromised. Which Intune portal should you use to remotely change the password? Security portal Account portal Company portal Admin portal
*Admin portal*
Your organization provides its sales force with Windows RT 8.1 tablets to use while visiting customer sites. You manage these devices by enrolling them in your cloudbased Windows Intune account. One of your sales representatives left her tablet at an airport. The device contains sensitive information, and you need to remove it in case the device is compromised. Which Intune portal should you use to perform a remote wipe? Security portal Company portal Account portal Admin portal
*Admin portal*
Many popular operating systems allow quick and easy file and printer sharing with other network members. Which of the following is not a means by which file and printer sharing is hardened? Logging all activity Hosting all shared resources on a single centralized and secured server Imposing granular access control via ACLs Allowing NetBIOS traffic outside of your secured network
*Allowing NetBIOS traffic outside of your secured network*
Which of the following statements about the use of antivirus software is correct? If servers on a network have antivirus software installed, workstations do not need antivirus software installed. If you install antivirus software, you no longer need a firewall on your network. Anti-virus software should be configured to download updated virus definition files as soon as they become available. Once installed, antivirus software needs to be updated on a monthly basis.
*Anti-virus software should be configured to download updated virus definition files as soon as they become available.*
What is another name for a logic bomb? Asynchronous attack DNS poisoning Pseudo flaw Trojan horse
*Asynchronous attack*
Which of the following terms identifies the process of reviewing log files for suspicious activity and threshold compliance? CompSec Scanning Auditing Phishing
*Auditing*
A collection of zombie computers have been set up to collect personal information. What type of malware do the zombie computers represent? Botnet Logic bomb Spyware Trojan horse
*Botnet*
Recently, a serious security breach occurred in your organization. An attacker was able to log in to the internal network and steal data through a VPN connection using the credentials assigned to a vice president in your organization. For security reasons, all individuals in upper management in your organization have unlisted home phone numbers and addresses. However, security camera footage from the vice president's home recorded someone rummaging through her garbage cans prior to the attack. The vice president admitted to writing her VPN login credentials on a sticky note that she subsequently threw away in her household trash. You suspect the attacker found the sticky note in the trash and used the credentials to log in to the network. You've reviewed the vice president's social media pages. You found pictures of her home posted, but you didn't notice anything in the photos that would give away her home address. She assured you that her smart phone was never misplaced prior to the attack. Which security weakness is the most likely cause of the security breach? Sideloaded apps were installed on her smart phone. Geotagging was enabled on her smart phone. An Xmas Tree attack was executed on her smart phone. Weak passwords were used on her smart phone.
*Geotagging was enabled on her smart phone.*
You have contracted with a vendor to supply a custom application that runs on Windows workstations. As new application versions and patches are released, you want to be able to automatically apply them to multiple computers. Which tool is your best choice for accomplishing this task? WSUS Security Templates Group Policy Security Configuration and Analysis
*Group Policy*
By definition, what is the process of reducing security exposure and tightening security controls? Social engineering Passive reconnaissance Active scanning Hardening
*Hardening*
Which of the following terms describes a Windows operating system patch that corrects a specific problem and is released on a shortterm, periodic basis (typically monthly)? Kernel fix kit Hotfix Targeted software patch Service pack
*Hotfix*
You have installed antimalware software that checks for viruses in email attachments. You configure the software to quarantine any files with problems. You receive an email with an important attachment, but the attachment is not there. Instead, you see a message that the file has been quarantined by the antimalware software. What has happened to the file? It has been deleted from your system. It has been moved to a secure folder on your computer. The infection has been removed, and the file has been saved to a different location. The file extension has been changed to prevent it from running.
*It has been moved to a secure folder on your computer.*
Which of the following best describes spyware? It monitors user actions that denote personal preferences, then sends popups and ads to the user that match their tastes. It monitors the actions you take on your machine and sends the information back to its originating source. It is a malicious program disguised as legitimate software. It is a program that attempts to damage a computer system and replicate itself to other computer systems.
*It monitors the actions you take on your machine and sends the information back to its originating source.*
• The Development group has been given the Write permission to the Design folder. • The Sales group has been given the Write permission to the Products folder. No other permissions have been given to either group. User Mark Tillman needs to have the Read permission to the Design folder and the Write permission to the Products folder. You want to use groups as much as possible. What should you do? Make Mark a member of the Development group; add Mark's user account directly to the ACL for the Products folder. Add Mark's user account directly to the ACL for both the Design and Products folders. Make Mark a member of the Development and Sales groups. Make Mark a member of the Sales group; add Mark's user account directly to the ACL for the Design folder.
*Make Mark a member of the Sales group; add Mark's user account directly to the ACL for the Design folder.*
You have a file server named Srv3 that holds files used by the Development department. You want to allow users to access the files over the network and control access to files accessed through the network or a local logon. Which solution should you implement? NTFS and share permissions NTFS permissions and file screens Share permissions and quotas Share permissions and file screens
*NTFS and share permissions*
You install a new Linux distribution on a server in your network. The distribution includes an SMTP daemon that is enabled by default when the system boots. The SMTP daemon does not require authentication to send email messages. Which type of email attack is this server susceptible to? Sniffing Viruses Open SMTP relay Phishing
*Open SMTP relay*
You have placed an FTP server in your DMZ behind your firewall. The FTP server will be used to distribute software updates and demonstration versions of your products. Users report that they are unable to access the FTP server. What should you do to enable access? Define user accounts for all external visitors Open ports 20 and 21 for inbound and outbound connections Install a VPN Move the FTP outside of the firewall
*Open ports 20 and 21 for inbound and outbound* *connections*
Which of the following is most vulnerable to a brute force attack? Challenge-response token authentication Password authentication Two-factor authentication Biometric authentication
*Password authentication*
Properly configured passive IDS and system audit logs are an integral part of a comprehensive security plan. Which step must be taken to ensure that the information is useful in maintaining a secure environment? All files must be verified with the IDS checksum. Periodic reviews must be conducted to detect malicious activity or policy violations. All logs should be deleted and refreshed monthly. The accounting department must compress the logs on a quarterly basis.
*Periodic reviews must be conducted to detect malicious activity or policy violations.*
Users in your organization receive email messages informing them that suspicious activity has been detected on their bank accounts. They are directed to click a link in the email to verify their online banking user name and password. The URL in the link is in the .ru top-level DNS domain. What kind of attack has occurred? Phishing Buffer overflow Open SMTP relay Virus
*Phishing*
Which of the following is an advantage of a virtual browser? Prevents adware and spyware that monitors your internet activity Filters internet content based on ratings Prevents phishing and driveby downloads Protects the host operating system from malicious downloads
*Protects the host operating system from malicious downloads*
Which of the following password attacks uses preconfigured matrices of hashed dictionary words? Dictionary Hybrid Brute force Rainbow table
*Rainbow table*
Which of the following is undetectable software that allows administrator-level access? Spyware Rootkit Trojan horse Worm Logic bomb
*Rootkit *
You have heard about a new malware program that presents itself to users as a virus scanner. When users run the software, it installs itself as a hidden program that has administrator access to various operating system components. The program then tracks system activity and allows an attacker to remotely gain administrator access to the computer. Which of the following terms best describes this software? Rootkit Spyware Trojan horse Botnet Privilege escalation
*Rootkit*
You have a development machine that contains sensitive information relative to your business. You are concerned that spyware and malware might be installed while users browse websites, which could compromise your system or pose a confidentiality risk. Which of the following actions would best protect your system? Run the browser within a virtual environment Change the security level for the internet zone to High Configure the browser to block all cookies and popups Run the browser in protected mode
*Run the browser within a virtual environment*
You want to use a protocol for encrypting emails that uses a PKI with X.509 certificates. Which method should you choose? AES SSH IPsec S/MIME
*S/MIME*
Which of the following mechanisms can you use to add encryption to email? (Select two.) S/MIME PGP Reverse DNS HTTPS Secure Shell
*S/MIME* *PGP*
Which of the following network services or protocols uses TCP/IP port 22? TFTP NNTP IMAP4 SSH
*SSH*
FTPS uses which mechanism to provide security for authentication and data transfer? Multi-factor authentication IPsec Token devices SSL
*SSL*
What is the primary distinguishing characteristic between a worm and a logic bomb? Masquerades as a useful program Self-replication Incidental damage to resources Spreads via email
*Self-replication*
An attacker sends an unwanted and unsolicited email message to multiple recipients with an attachment that contains malware. What kind of attack has occurred in this scenario? Spam Repudiation attack Phishing Open SMTP relay
*Spam*
Which of the following could easily result in a denial of service attack if the victimized system had too little free storage capacity? Impersonation Replay attack Sniffing Spam
*Spam*
If an SMTP server is not properly and securely configured, it can be hijacked and used maliciously as a SMTP relay agent. Which activity could result if this happens? Data diddling Spamming Virus hoax Salami attack
*Spamming*
Which type of malicious activity can be described as numerous unwanted and unsolicited email messages sent to a wide range of victims? Hijacking Trojan horse Spamming Brute force
*Spamming*
You have recently experienced a security incident with one of your servers. After some research, you determine that the hotfix #568994 that has recently been released would have protected the server. Which of the following recommendations should you follow when applying the hotfix? Apply the hotfix immediately to the server; apply the hotfix to other devices only as the security threat manifests itself. Apply the hotfix immediately to all servers. Test the hotfix and then apply it to the server that had the problem. Test the hotfix and then apply it to all servers.
*Test the hotfix and then apply it to all servers.*
Which is a program that appears to be a legitimate application, utility, game, or screensaver and performs malicious activities surreptitiously? ActiveX control Worm Outlook Express Trojan horse
*Trojan horse*
If your antivirus software does not detect and remove a virus, what should you try first? Set the readonly attribute of the file you believe to be infected. Search for and delete the file you believe to be infected. Scan the computer using another virus detection program. Update your virus detection software.
*Update your virus detection software.*
Which of the following describes Privilege auditing? Users' and groups' rights and privileges are checked to guard against creeping privileges. No single user is granted sufficient privileges to compromise the security of an entire environment. An employee is granted the minimum privileges required to perform the duties of her position. Users' activities are logged to document incidents for security investigations and incident response.
*Users' and groups' rights and privileges are checked to guard against creeping privileges.*
Your organization is formulating a bring your own device (BYOD) security policy for mobile devices. Which of the following statements should be considered as you formulate your policy? Antimalware software isn't available for most mobile device operating systems. It is difficult for users to connect personal mobile devices to your organization's corporate network. Mobile devices are immune to malware threats. You can't use domainbased group policies to enforce security settings on mobile devices.
*You can't use domainbased group policies to enforce security settings on mobile devices.*
Your organization's security policy specifies that any mobile device that connects to your internal network must have Remote Wipe enabled, regardless of ownership. If the device is lost or stolen, then it must be wiped to remove any sensitive data from it. Your organization recently purchased several Windows RT tablets. Which should you do? Go to Settings Charm > Change PC settings > Privacy and enable the Remote Wipe setting. Implement Remote Wipe group policies in your domain. Sign up for a Windows Intune account to manage the tablets. Enable Remote Wipe local group policies on each device.
Sign up for a Windows Intune account to manage the tablets.