CTI - 120 Final

Ace your homework & exams now with Quizwiz!

stateful inspection

- In addition to examining the header information of the packets traversing the firewall, a stateful inspection firewall considers other factors when determining whether traffic should be permitted across the firewall. Stateful inspection also determines whether a packet is part of an existing session, and that information can be used to decide whether to permit or deny a packet.

You are setting up your first secure Windows workstation and you are setting the password history. What are the minimum and maximum settings you can use?

0, 24

What OSI layer is used by switches and bridges?

2

SMTP uses TCP port:

25

On which OSI layer do TCP and UDP function?

4

When using Internet Explorer, how many content zones are there?

4

The highest setting that account lockout duration can use is _______________.

99,999

What is the maximum setting for Minimum Password Age?

998

digital signature

A mathematical scheme that is used to demonstrate the authenticity of a digital message or document. It is also used to prove that the message or document has not been modified.

cracked password

A password that gets access to an encrypted password file from a workstation or server. Once he or she has access, the attacker starts running password cracking tools against the file, with an eye toward breaking as many passwords as possible and leveraging them to further compromise the company's network and systems

Windows Firewall

A software component included with Windows that can help prevent hackers or malicious software from gaining access to your computer through network or the internet

IEEE 802.1x

A standard that authenticates users on a per-switch port basis by permitting access to valid users but effectively disabling the port if authentication fails.

SPI

A stateful inspection packet filtering that keeps track and make decisions based of the collected data

The three common types of protocol spoofing are [___] spoofing, [____] spoofing, and [_____] address spoofing.

ARP Soofing DNS Spoofing IP address Spoofing

If a user is deploying technologies to restrict access to a resource, they are practicing the __________ security principle.

Access Control

windows store

Access to purchase and download apps that use the Windows 8 interface.

The number of incorrect logon attempts permitted before a system will lock an account is known as the _______________________.

Account Lockout Threshold

Which setting should be applied to ensure that a possible dictionary attack against a Windows application server has a limited chance at success?

Account Lockout Threshold

When the user has exceeded the number of incorrect logon attempts this setting will determine how long they must wait before attempting to logon again.

Account lockout duration

encrypt the offline files

Add the address or domain for these emails to the white list

Before entering a username, password or credit card information on a web site you should verify the following about the website:

Address bar shows correct URL and HTTPS

Symptoms of malware are: (Select the best answer)

All of the above

The benefits of a VLAN are: (Select the best answer)

All of the above

Microsoft account

Allows a user to access resources on a computer and on Microsoft cloud computing services.

digital certificate

An electronic document that contains an identity, such as a user or organization name, along with a corresponding public key. Because a digital certificate is used to prove a person's identity, it can also be used for authentication.

stateless inspection

An inspection of data based on source and destination IP address, packet type, and port number. Session state is stored and return traffic is allowed.

Which of the following is used to stop a program from running on a Windows 10 system?

AppLocker

A sales team for a medium-sized manufacturing company has just deployed a new e-commerce application to allow for the direct sale of products to its customers. To secure this application, an application firewall is deployed. At what layer of the OSI model does the application firewall occur?

Application

attack surface analysis

Application attack surface network attack surface employee attack surface helps to identify the attack surface that an organization may be susceptible to

Which type of key has one key for encryption and a different key for decryption?

Asymmetric

zero day attack

Attack that exploits previously unknown vulnerabilities, so victims have no time (zero days) to prepare for or defend against the attack.

To track a user's activities in Windows, you need to enable ___________________

Auditing

This core security principle of ___________ describes a resource being accessible to a user, application or system. Fault tolerance and redundancy are primary methods for protection.

Availability

Which of the following refers to the process of eliminating a risk by choosing to not engage in an action or activity?

Avoidance

Which technology is used to encrypt an an entire disk?

BitLocker

Which of the following are password-based attacks (Choose all that apply)

Brute force Dictionary

CHAP

Challenge Handshake Authentication Protocol authentication to protocol using PPP servers to validate identity of the clients

This cloud deployment model is used when two similar organizations with shared concerns use the same cloud computing resources.

Community Cloud

_____________ is the characteristic of a resource that ensures that access is restricted to only permitted users, applications, or computer systems.

Confidentiality

The information security acronym CIA stands for which of the following?

Confidentiality, Integrity, Availability

CM

Connection manager remote access client that allows an administrator to build a remote access configuration package to be distributed to the admin remote users

What do you do if someone you know sends you a suspicious email?

Contact the individual by phone and confirm if they sent the email

Which of the following are common types of password attacks? (Choose three answers)

Cracked Keylogging Brute Force

Which of the following is an attack that relies on having a user execute a malicious script embedded in a web page? (Choose the best answer.)

Cross-site scripting

The goal of this attack is to overwhelm the network or host with a high volume of traffic causing it to shut down or become unable to serve legitimate users.

DDoS

The VPN server has been configured and is running properly. However, it has not been configured to hand out IP addresses to clients. When a VPN server is configured this way, the clients obtain their IP addresses from a _____ server.

DHCP

A manager wants to set up an area that is not on the LAN but not quite on the Internet. This area will house servers that will serve requests to users who are connecting to your web server. What type of network area or zone should be set up?

DMZ

The IT director has asked you to install a firewall. Which of the following is not a type of firewall?

DMZ

A network administrator that has been put in charge of registering your company's domain name and setting up the DNS so that people on the Internet can get to the website should use ___________ to ensure that DNS entries are not poisoned by an attacker.

DNSSEC

A small business owner has purchased a new wireless access point and wants to ensure that only his systems are able to connect to the wireless network. He enables MAC address filtering and put the MAC addresses for all his computers in the permitted table. The filtering occurs at what layer of the OSI model?

Data-link

As the Chief Security Officer for a small medical records processing company, you have just finished setting up the physical security for your new office. You have made sure that the parking lot is illuminated, that you have guards at the door as well as doing periodic patrols, and you have badge readers throughout the building at key locations. You also have put biometric access technology on the data center door. And of course, you have cameras in the parking lot, building entrances, and the data center entrances. This is an example of which security concept ?

Defense in depth

DMZ

Demilitarized Zone a network that separates public and private networks. They often contain web servers, email servers, and proxy servers

DoS

Denial of Service attack floods the network being attacked with overwhelming amounts of traffic, shutting down the network infrastructure like a route or firewall

Which of the following refers to a form of brute force password attack that uses an extensive list of pre-defined passwords?

Dictionary

A type of attack that uses an extensive list of potential passwords based on common words is known as a(n) __________________

Dictionary Attack

Which of the following are common types of routing protocols? (Choose all that apply.)

Distance vector Link state

DDoS

Distributed Denial of Service Attack the use of multiple even hundreds of different computers to conduct a DoS

The _____________ stores a copy of the centralized database ( accounts and security information of a domain) used in Active Directory.

Domain Controller

DNSSEC

Domain Name System Security adds security provisions to DNS so that computers can verify that they have been directed to the proper servers

The two common types of Network Address Translation are [_____] and [___].

Dynamic Static

A client wants to use smart cards with the VPN. Which authentication protocol should be used?

EAP

Which technology is used to encrypt an individual file on an NTFS volume?

EFS

Which IPsec protocol provides confidentiality, authentication, integrity and anti-replay for the data.

ESP

Which of the following is not a method for authentication?

Encryption

Which type of permission is granted directly to a file or folder?

Explicit

An authentication server on a DMZ that will allow only users from a partner company. Which type of network is being configured?

Extranet

When selecting a biometric method you must consider potential issues with valid users who are incorrectly denied access. The term used to describe this issue is called:

FRR

A potential employee has arrived for an interview. They have spilled coffee on their resume. They have their resume on a flash drive and ask you to open the resume from the flash drive and print out a copy. It is a best practice to grant their request and print the resume.

False

For a more secure environment, all users should be administrators of their computer and not a standard user.

False

If you want to use a local AppLocker rule on all computers in your business, you have to recreate the the rule on every computer. You cannot export the local policy and import to a GPO.

False

Wi-Fi Internet Connections are more secure than cable Internet connections.

False

Which NTFS permission is needed to change attributes and permissions?

Full Control

GPO

Group Policy Object a windows tool which is used to control rights for users and organizational units Rights and permissions are assigned to the group rather than to each user individually. Allows an administrator granular control over the configuration of objects in Active Directory, including user accounts, operating systems, applications, and other AD objects.

A set of rules that allows an administrator granular control over the configuration of objects in Active Directory (AD), including user accounts, operating systems, applications, and other AD objects, is known as a(n) _____________.

Group Policy Object (GPO)

_______________ is a one-way encryption. After data is encrypted it cannot be decrypted. It is often used for storing passwords and digital signatures.

Hash function

A(n) ______ can be deployed to distract an attacker from the critical systems on your network.

Honeypot

Which of the following elements and issues should be considered when deciding whether to use a software solution for a firewall? (Choose all that apply.)

Host operating system Other Applications Stability

WPA/WPA2 can use an external authentication server with EAP to enable strong authentication for connection to the WLAN. This mode is called:

IEEE 802.1x

The ________ defines DNS.

IETF

To use VPN Reconnect, which VPN protocol should be used?

IKEv2

Which of the following pieces of information are typically examined by a stateless inspection firewall? (choose all that apply)

IP address of the sending host IP address of the recieving host Data packet type

Which system can detect, alert and prevent a breach from occurring? (Choose the best answer)

IPS

Which type of system detects unauthorized intruders, activities, attacks and network compromises and then takes action to stop them from proceeding?

IPS

The two most common protocols you can use to create a VPN are [___] and [_____].

IPsec SSL/TLS

All of the following are steps in threat modeling EXCEPT:

Identify the strategy for growth

The user's ability to control when, how and to what extent information about themselves will be collected, used and shared is called _____________.

Information Privacy

Which types of network traffic originates from outside the network routers and proceeds toward a destination inside the network?

Ingress

The ______________ permissions flow from a parent object to the child object

Inherited

The consistency, accuracy, and validity of data or information is called __________. Hashing is often used to ensure this.

Integrity

IKEv2

Internet Key Exchange Version 2 (IKEv2) is a tunneling protocol which has a connection that stays up and is automatically reestablished as a client moves from network to network.

A network zone that allows remote access for employees of a company is set up. This is known as an __________

Intranet

A physical object that can be connected to the Internet and controlled that way:

IoT device

What is the primary authentication method used on Microsoft Active Directory?

Kerberos

A business traveler notices there is an extra connector between the keyboard and the computer, in a business center. She has most likely encountered a(n) _______________

Keylogger

A client wants to install a VPN server that can offer unencrypted tunnels by default, or encrypted tunnels by using IPSec. Which of the following services should be used?

L2TP

A VPN server that uses inbound port 1701 is installed. The server is utilizing the _________ protocol.

Layer 2 Tunneling Protocol (L2TP)

L2TP/IPsec

Layer 2 Tunneling Protocol over IPsec VPN technology that has quickly gaining popularity dues to its inclusion of IPsec as the security protocol

Which of the following are benefits of SSL/TLS VPNs over IPsec VPNs? (Select all that apply)

Less expensive Browser and OS independent NAT Support

LOB App

Line of business app programs and software that are essential to running a business

Which Administrative Tool should be used to configure password control settings on a Windows 10 Workstation?

Local Security Policy

When traveling on business and headed out to dinner with a client, which of the following should be done to secure a laptop? (Choose the best answer.)

Lock it in the car trunk

_______________ is software that is designed to infiltrate or infect a computer, usually with ill intent.

Malware

Which of the following are not valid password controls? (Choose all that apply.)

Maximum Password Length Account Lockout Count

Which of the following are considered removable devices or drives? (Choose all that apply.)

Memory card USB flash drive External hard drive

Which type of account is used with outlook.com and OneDrive and can be used to synchronize a desktop across multiple computers?

Microsoft Account

MBSA

Microsoft Baseline security analyzer a software tool released by MS to determine the security state of a system by assessing missing security updates and less secure security settings within MS windows components

MS-CHAPv2

Microsoft Challenge Handshake authentication protocol An improvement over MS-CHAP which includes mutual authentication.

Which of the following is a two-factor authentication that uses an enrolled device and Windows Hello?

Microsoft Passport

MAPS

Microsoft active protection service the network of windows defender and Microsoft security essentials users that help determine which programs are classified as spyware

A customer desires a device that can detect network anomalies and report them to an administrator. What type of device is necessary?

NIDS

An issue with one of the ports on the firewall is suspected. Which of the following is the appropriate tool to use to scan the ports?

NMAP

Which of the following file systems offers the best security?

NTFS

_______________ is a file system that supports large volumes, is more tolerant than previous systems and has the ability to assign permissions to files and folders.

NTFS

Which of the following uses an ACL? (Choose two)

NTFS folder Active Directory user

At which layer of the OSI model does routing occur?

Network

An attack that relies on access to a physical LAN segment is known as a(n) ____________ attack

Network Sniffing

_________________ are copies of network files that are stored on your computer so that a user can access them when they are not connected to the network.

Offline Files

When you cannot access a folder because someone removed the permissions so that no one can access it, you must take __________ of the folder.

Ownership

Which authentication protocol should not be used because it is the least secure?

PAP

The master time keeper and master for password changes in an Active Directory domain is:

PDC emulator

A(n) _____________ is a secret numeric password shared between a user and a system that can be used to authenticate the user to the system.

PIN

Which infrastructure is used to assign and validate digital certificates?

PKI

After setting up a default VPN in Windows Server 2016, the supervisor is not satisfied with the level of security. She would rather have L2TP combined with IPsec. What tunneling protocol is used with the default settings and is less secure than L2TP with IPsec?

PPTP

When setting up a VPN that allows connections on inbound port 1723, which of the following tunneling protocols should be used?

PPTP

This cloud computing service model is often used by developers. The vendor supplies a complete infrastructure for application development (development tools, operating system, servers, storage, networking resources) while the developers manage the applications.

PaaS

Which of the following are valid firewall types? (Choose all that apply)

Packet Filtering Application

Which of the following would be considered appropriate security measures for a building's external security perimeter? (Choose all that apply.)

Parking lot lights Security guards

PAP

Password Authentication Protocol

The setting that determines the number of unique passwords that must be used before a password can be re-used is the _____________

Password History

Which two features in Windows Server 2008 and later permit the use of fine-grained password policies? (Choose two.)

Password Settings Container Password Settings Object

Which of the following is not a biometric device?

Password reader

inherited permission

Permissions granted to a folder (parent object or container) that flows into child objects (subfolders or files) inside that folder.

Which of the following are layers of the OSI model? (Choose all that apply.)

Physical Application Network

Which type of DoS attack uses large ICMP packets to cause an overflow of the memory buffers allocated for packets?

Ping of death

PPTP

Point-to-Point Tunneling Protocol a commonly used VPN protocolwhich less secure then L2TP with IPsec

PEAP

Protected Extensible Authentication Protocol

A client wants a server installed that can cache web pages in order to increase the speed of commonly accessed Web sites. What type of server is required?

Proxy

Which of the following services is used for centralized authentication, authorization, and accounting?

RADIUS

A(n) ____________________ is a full replication of the domain database and is located in places where a domain controller is needed but where physical security of the domain controller cannot be guaranteed.

RODC (Read-only Domain Controller)

Proseware, Inc., wants you to set up a VPN server. Which of the following services in Windows Server 2016 should be used?

RRAS

Which of the following refers to the process of disabling unneeded services and ports to make the system more secure?

Reducing the attack surface area

The centralized database that holds most of the Windows configurations is known as the _____________

Registry

Which of the following are common uses for a VPN? (Choose all that apply)

Remote access Secure network-to-network connections

An attack that records a stream of data, modifies it, and then resends it is known as a(n) _________ attack.

Replay attack

The __________________ option needs to be less than or equal to the Account Lockout Duration.

Reset Account Lockout Counter After

The risk that remains after measures have been taken to reduce the likelihood or minimize the effect of a particular event.

Residual risk

_____________ refers to the risk of an event that remains after measures have been taken to reduce the likelihood or minimize the effect of the event.

Residual risk

A Risk Manager for a medium-sized pharmaceutical company who is asked to perform a formal risk analysis would most likely record the results of the risk assessment in a(n) ______________________

Risk Register

Local user accounts are found in:

SAM

A client wants to use a Windows Server 2016 server as a VPN server. However, the networking team allows only HTTPS through the firewall. Which VPN protocol should be used?

SSTP

When a user is notified of an attempt by programs to make changes to their computer, the desktop will be dimmed. This dimming indicates the computer is in ___________________ mode, because other programs can't run until the changes are approved or disapproved.

Secure Desktop

SSTP

Secure Socket Tunneling Protocol. A tunneling protocol that encrypts VPN traffic using SSL over port 443.

SSL

Secure socket layer a cryptographic system that uses two keys to encrypt data, a public key and a private key the public key is the digital cert

Which of the following is a collection of security settings that can be used to configure client settings?

Security Baseline

Which of the following is a free tool that allows administrators to quickly configure and manage desktops and users using Group Policy?

Security Compliance Manager

SCM 4.0

Security Compliance Manager is a free tool from microsoft that can be used to quickly configure and manage your desktops, traditional data center and private cloud using Group Policy and System Center Configuration Manager

A physical device such as a key fob that is given to a user for authentication. It can generate a second code that gets entered during authentication.

Security token

_____________ is an email validation system that is designed to verify if an email is coming from the proper email server.

Sender Policy Framework

SPF

Sender Policy Framework an email validation system designed to prevent emails spam that uses source address spoofing. SPF allows administrators to specific in DNS SPF records in the public DNS which hosts are allowed to send email from given domain

When designing access to a payroll system, it is a good idea to split the functions among multiple employees. This is an example of the principle of ______________ and can limit fraud, theft and errors.

Separation of duties

Which physical device is used to authenticate users based on what a user has?

Smart card

When you use special software to read data as it is broadcast on a network, you are ___________ the network.

Sniffing

_____________ is a method to gain access to data, systems, or networks, primarily through misrepresentation.

Social engineering

The type of attack that relies on a weakness in an operating system or an application is known as a(n) _____________.

Software vulnerability attack

_____________ is another name for junk email

Spam

In the acronym STRIDE, the "S" stands for ______________________________

Spoofing

Which type of malware collects personal information or browsing history, often without the user's knowledge?

Spyware

A firewall that accepts or rejects packets based on a set of rules is installed. This firewall keeps track of the state of the network connection. It is running a type of packet filtering known as _________________________

Stateful packet filtering

Which of the following technologies could be used to help ensure the confidentiality of proprietary manufacturing techniques for an auto parts manufacturing business? (Choose two answers.)

Strong encryption Strong authentication

Which of the following would be an acceptable password on a Windows 10 Pro system with Password Complexity enabled and Minimum Password Length set to 8? (Choose all that apply.)

Summer2010 ^^RGood4U St@rTr3k

NAT filtering

Technology that can filter traffic according to ports (TCP and UDP)

kerberos

The default domain computer network authentication protocol, which allows hosts to prove their identity over a non-secure network in a secure manner.

threat modeling

The process of identifying threats and vulnerabilities and then defining countermeasures to prevent them.

threat and risk management

The process of identifying, assessing, and prioritizing threats and risks.

When copying a file or folder to a new volume, which permissions are acquired?

The same permissions as the target folder.

Which of the following explains why a minimum password age would be set?

To make sure a user does not reset a password multiple times until he or she can reuse his or her original password

Which of the following are valid risk responses? (Choose all that apply.)

Transfer Mitigation Avoidance

A user may access files on a server over a network using a shared folder instead of logging directly on to a server to access the files.

True

An example of PII is a person's social security number.

True

When a website is using HTTPS, you will see a lock icon on the address bar.

True

Windows Defender can scan a computer on a regular basis and remove or quarantine malware.

True

What technology is used by Windows to prevent unauthorized changes to your system?

UAC

When attempting to change the computer's display settings, which of the following causes a pop-up asking that prompts if a user wants to continue?

UAC

For antivirus software to be effective, it must be kept ___________.

Updated

UAC

User account control a feature that started with Windows Vista and is included with Windows 7. UAC helps prevent unauthorized changes to your computer in doing so it helps protect your system from malware

UDP protocol

User datagram protocol user for transporting video and time sensitive object

Which of the following describes the easiest way to set up a VPN client on a computer for a user who is not technically savvy?

Using CMAK to create an executable to install

All of the following are examples of tunneling protocols used with a VPN EXCEPT:

VPTP

You are working at the company help desk and have received a phone call from a user that forgot their password. Which of the following should you do ?

Verify the identity of the user with multiple pieces of information some or which are only known to the user

In Windows 10, which component is used by Device Guard and Credential Guard to protect the PC?

Virtual secure mode

Which type of malware reproduces itself on a computer without the owner's consent and will often delete or corrupt files?

Virus

An example of a(n) ____________ is a message that states you should delete the win.com file, because it is a virus.

Virus Hoax

If you are setting up a WLAN in a corporate environment and you want to use 802.1x and a RADIUS server to secure the connections, you need to use __________ keys.

WPA/WPA2

What is the best security method for wireless networks?

WPA2

The ____________ is an enormous system of interlinked hypertext documents.

WWW

________ allows users to interact with each other and contribute to Web sites.

Web 2.0

The Windows feature that provides support for biometric technologies allowing control of device drivers, device settings and the ability to enable, disable or limit the use of biometric data through the control panel is _______________________

Windows Biometric Framework

Microsoft's built-in antivirus and antispyware program is _____________.

Windows Defender

Which host-based firewall software comes with today's version of Windows?

Windows Firewall

Which program can be used to configure IPsec on a computer running Windows Server 2016?

Windows Firewall with Advanced Security

A two-factor authentication that consists of an enrolled device and an Windows Hello (biometric) or PIN.

Windows Passport

To control which updates get pushed to clients within an organization, an administrator would use [__] or [____].

Windows Server Update Service System Center Configuration Manager

windows store for business

Windows Store for Business provides a distribution of line-of-business applications to be deployed in an organization. It enables the owner to manage and maintain these custom apps in the same way as you do commercially available apps.

The Windows feature to keep the Windows operating system up to date with patches to security issues is called ______________.

Windows Update

A(n) ________ is a computer program that uses a network to self-replicate.

Worm

Which of the following is most likely the problem when a computer seems to be slow and a different default web page displays?

Your computer has been infected with malware.

Microsoft Edge

a browser made by Microsoft for windows

network firewall

a category software firewall consist of applications that are installed on servers used to protect network segments from other network segments

registry

a central, secure database i which windows stores all hardware configuration information, software configuration information, and system security policies. components that use the registry include, windows kernel, device drivers, setup programs, hardware profiles and user profiles

security template

a collection of configuration settings stored as a text file with and .inf extension

rule collection

a collection of rules used in windows defender

security baseline

a collection of security configuration settings that are to be applied to a particular host in the enterprise

group

a collection or list of user accoutns or computer accounts

pop up window

a component used on web pages that can be used as part of a useful website controls, but can also be used for annoying advertisements and few may attempt to load spyware or other malicious programs

back to back configuration

a configuration that has a DMZ situated between two firewall devices, which could be black box appliances or MS internet security and acceleration servers

back to back configuration

a configuration that has a DMZ that supports address and port translation and checks whether the type of application traffic is allowed

3-leg perimeter configuration

a configuration whereby the DMZ is usually attached to a separate connection of the company firewall. there for the firewall has three connections one to the company LAN one to DMZ and one to the internet

backdoor

a conveniences sometimes installed by designers so that they can easily make changes but it can be taken advantage of as the attacker uses it to circumvent security protocols

firewall

a device or serer that is primarily used to protect one network from another

mobile device

a device that has portable computing and processing ability

removable device

a device which can easily be added to and removed form a computer including - cd - thumb drive - external drive - removable memory card

application level firewall

a firewall filtering method which analyzes data at layer 5 of the OSI (session layer)

application level gateway

a firewall technology that supports address and port translation and checks whether the type of application traffic allowed

dictionary attack

a form of attack which attempts all words in or more dictionaries

Extensible authentication protocol

a frame work of authentication protocols

keylogger

a hardware or software based device used by attackers to record keystrokes

owner

a identity that controls an object including what permissions are set on the object and to whome permissions are granted

defense in depth

a layered security approach that controls who can physically access resources of an organization

risk register

a list of analyzed threats and risk impacts A document that contains results of various risk management processes, often displayed in a table or spreadsheet format

user account

a logical object that enables a user to log on to a computer and domain

computer account

a logical object that provides a means of authenticating and audting a computers access to windows network as well as its access to domain resources

virus hoax

a message warning the recipient of a nonexistent computer virus threat, usually sent as a chain email that tells the recipient to forward it to everyone he or she knows

honey net

a network of honey pot

firewall

a network security system and or hardware device which controls any incoming and outgoing network traffic based on a set of rules provided by and administrator

Bit locker to go

a new feature in windows 7 that enables uses encrypt removable USB devices such as flash drives and external hard disk

strong password

a password that is hard to guess because it is long and has a mix of different types of characters. Also random enough where it could not be easily guessed

security token

a physical device that an authorized computer services user is given to ease authentication

cookie

a piece of text stored by a users web browser. this file can be used for a wide range of purposes - user identification - authentication - storing site preferences - shopping cart contents

smart card

a pocket sized card with embedded integrated circuits consisting of nonvolatile memory storage components and perhaps dedicated security logic

intranet

a private computer network or single website that an organization implements in order to share data with employees around the world

virus

a program that can copy itself and infect a computer without the users consent or knowledge

password

a secret series of characters that enables a user to access a particular file, computer or program

principle of least privilege

a security concept in which people have the privileges they need for data and systems but no more than that

worm

a self replicating program that copies itself to other computer on a network without any user interventio

caching proxy

a server or device that tries to serve client request without actually contacting the remote server

Proxy server

a server that acts as an intermediary between a LAN and the Internet

member server

a server that is not running as a domain controller

password policy

a set of rules designed to enhance computer security by encouraging users to use strong passwords in the proper way

administrative share

a shared folder typically used for admin pruposed

rootkit

a software or hardware device designed to gain administrator level control over a computer system without being detected

windows defender

a software product from Microsoft that is intended to prevent, remove, and quarantine spyware in Microsoft Windows

Bayesian filtering

a special algorithm that uses key words to determine whether an email is considered as spam

sniffers

a specially designed software (and in some cases hardware) applications that capture network packets as they traverse a network, displaying them for the attacker

syslog

a standard for logging program messages that can be accessed by devices that would not otherwise have a method for communications

IPsec

a suite of protocols that provides a mechanism for data integrity, authentication, and privacy for the internet protocol. it is used to protect data that is sent between hosts on a network by creating secure electronic tunnels between two machines or devices. used for remote access, VPN, sever connections, LAN connections or WAN connections

phishing

a technique base on social engineering where users are asked to supply personal information

honey pot

a trap for hackers to study them

brute force attacks

a type of attacks that tires as many possible combinations of characters as time and money permit

pack filtering

a type of firewall that inspects each packet that passes through the firewall and accepts or rejects it based on a set of rules such as IP address and ports

spywayre

a type of malware that is installed on a computer to collect a uses personal information or details about his or her browsing habits, often without the users knowledge

host firewall

a type of software firewall installed on a host and used to protect the host from network based attacks

personal firewall

a type of software installed on a host and used to protect the host from network based attacks

domain user

a user account stored on the domain controller and allows you to gain access to resources with in the domain, assuming you have been granted permission to access those objects

local user account

a user account that is stored in the Security account manager database on the local computer

WPA2

a version of wi fi protected access which uses the IEEE 802.11 standards and is more secure

remote code execution attack

a vulnerabilty allowing an attacker to run code with system privileges on a server that possesses the appropriate weakness

domain controller

a windows server that stores a replica of the account and security information of a domain and defines the domain boundaries

internet

a world wide system of connected computer networks. connecting using TCP/IP protocol suite

acl

access control list a list of all users and groups tat have access to an object

What settings are used to keep track of incorrect logon attempts and lock the account if too many attempts are detected within a certain set time?

account lockout

effective permissions

actual permission when logging in and accessing a file or folder. they consist of explicit permissions plus any inherited permissions

auditing

aka accounting the process of keeping track of a users activity while accessing network resources including amount of time spent in the network, the services accessed, the amount of data transferring during each session

VPN Reconnect

allows a connection to remain open during a brief interruption of internet service

extranet

allows access to users that are outside the authorized network

fine grained password policy

allows you to specify multiple password policies within a single domain so that different settings for password and account lockout policies can be applied to different sets of users in the domain

accounting

also known as auditing, the process of keeping track of a users activity while accessing network resources including amount of time spent in the network, the services accessed, the amount of data transferring during each session

certificate chain

also known as the certification path, a list of certificates used to authenticate an entity. it begins with the certificate of the entity and ends with the root CA certificate

threat

an action of occurrence that could result in a breach in security, outage, or corruption of a system b

polymorphic virus

an armored virus that can changes upon execution to many different forms

DNS poisoning

an attack against the cached information of a DNS server

pharming

an attack aimed at redirecting a websites traffic to a bogus website

zero day attack

an attack that the vulnerability was never known of

biometrics

an authentication method that identifies and recognizes peple based on physical traits, such as finger prints, facial rec, retinal scans and voice rec

WWW

an enormous system of interlinked hypertext documents that can be accessed with web browser

trojan horse

an executable program that appears as a desirable or useful program. As it appears to be desirable or useful use are tricked into loading and executing the program on their system

ARP spoofing

an imposter like misuse of a network protocol for purpose of attack a network

SQL injection

an injection of script that bypasses a web browsers security mechanism

Web 2.0

an interactive type of web experience compared to the previous version 1.0. Web 2.0 allows users interact with each other and act as contributors to Web sites as well

replay attack

an interception of data begin transferred. Data can be capture and or manipulated on the way to a destination

tunneling

an internet key exchange that causes the initial encryption between two points

buffer overflow attack

an overloading of a reserved space of data. this causes a system to slow down freeze, or crash. Could be an attack as code is redirected to a different starting point when coming back

hash function

as a one-way encryption, which means that after something has been encrypted with this method, it cannot be decrypted.

In Windows, what do you use to create a record of details such as which users have logged in and what resources those users tried to access.

auditing

What technology is not used to implement confidentiality?

auditing

What do you call the process in which a user is identified via a username and password?

authentication

What is the process of giving individual access to a system or resource based on their identity?

authorization

The core security principle of ____________, means that when a user needs to get to information it is available to them. This principle includes actions in case of outages due to equipment failure, software or natural disasters.

availabilty

These are attacks against an opening left in a functional piece of software that allows access into a system or software application without the owner's knowledge. Many times these are left by the application developer or system accounts created by administrators that they can use if they leave the company.

back door

A ______ allows someone access by circumventing normal security precautions for the application. This gives a remote user unauthorized control of a system or automatically initiates an unauthorized task. This could be created by malware or could be created by developers.

backdoor

BYOD

bring your own device

When a hacker attempts to crack a password by trying as many combinations of characters as time and money permits is called a(n) _______________ attack.

brute force

What type of attack tries to guess passwords by every combination of characters?

brute-force attack

Viruses and worms often exploit _________________. This can occur when more data is sent than the buffer can hold.

buffer overflows

key

can be thought of as a password, is applied mathematically to plain text to provide cipher or encrypted text.

CRL

certificate revocation list a list of certificates (serial numbers that have been revoked or are no longer valid and therefore should not be relied on

CMAK

connection manager administration kit a tool that you can use to customize the remote connection experience for users on your network by creating predefined connections

applocker

controls how users access and use programs and files and extend the functionality originally provided by the software restriction policy found in earlier versions of Windows. In Windows 10, AppLocker is located in the Local Group Policy Editor

offline files

copies of network files that are stored on your computer so you can access them when you arent connected to the network

An example of a __________________ attack, hackers get access to an encrypted password file. Then they run password tools against the file to try to break as many passwords as possible.

cracked password

XXS

cross site scripting attack an attack in the code of an webpage or plugin is created making it a vulnerability for those who are browsing the web page

Which of the following is used to provide protection when one line of defense is breached?

defense in depth

permission

defines the type of access that is granted to an object or object attribute

SSL is a cryptographic system that uses two keys to encrypt data. The public key is stored in a(n) ____________.

digital certificate

Active directory

directory service technology created by MS that provides a variety of network services, including LDAP, kerberos, SSO, DNS based naming and other network information and a central location for network administration and delegations of authority

What type of server runs Active Directory storing a copy of the account and security information?

domain controller

This type of NAT maps an a private address to a public address. The public address is assigned from a pool of addresses at the time of the translation.

dynamic

Which of the following is considered the most effective way to protect against social engineering?

employee awareness

Which of the following tasks is recommended if sensitive or confidential information stored in offline files?

encrypt the offline files

To protect sensitive and confidential information in offline files they should be _____________.

encrypted

What is the process of converting data into a format that cannot be read by another user?

encryption

In stateless inspection, the firewall determines if a packet traversing the firewall is part of an existing session/conversation and uses that information to determine whether to permit or deny the packet.

false

windows update

fixes, patches and service packs and update device drivers that should be applied to a windows system. by adding fixes and patches windows will be kept stable and secure

UDP Flood

floods random ports on a remote host with numerous UDP packets

When you assign permissions to a folder, you should first grant permissions to __________ rather than users.

groups

device guard

helps harden a computer system against malware by running only trusted applications, thereby preventing malicious code form running

A honeynet is a collection of ___________________.

honeypots

This type of firewall is designed to protect a one computer from network-based attacks. An example is Windows firewall.

host firewall

IDS

intrusion detection system a solution designed to detect unauthorized user activates, attacks and network compromises

IPS

intrusion prevention system a solution designed to detect unauthorized user activities, attacks, and network compromises that can also take action to prevent a breach from occurring

egress traffic

is network traffic that BEGINS INSIDE a network and proceeds through its routers to its destination somewhere OUTSIDE the network

credential guard

isolates and hardens key systems and user security information Windows 10 enterprise

spam

junk email that is usually sent unsolicited

Which of the following is the best thing to do to protect a computer against malware, besides installing an antivirus software package? (Choose the best answer)

keep your machine up to date with the latest security patches

A(n) ________________ is an input to an encryption algorithm. Different values will produce different encrypted output when applied to the same plain text. This is needed for encryption and decryption.

key

backdoor attack

malware used t do unauthorized tasks on a system through and opening in the system

Which of the following is an attack that relies on the attacker being able to trick the sending host into thinking his or her system is the receiving host, and the receiving host into thinking his or her system is the sending host? (Choose the best answer.)

man in the middle

What prevents users from changing a password multiple times in the same day?

minimum password age

A VPN can ______________ connecting to a public WiFi network.

mitigate the risk of

NIPS

network intrusion prevention system a device designed to inspect traffic and based on its configuration or security policy it can remove, detain or redirect malicious traffic in addition to simply detecting it

NIDS

network intrusions detection system a device that can detect malicous network activities by constantly monitoring network traffic. NIDS reprot issues to network admin

NTFS

new technology file system the preferred file system fro today's windows operating system

separation of duties

not giving one person total control of one department or critical tasj

DNS spoofing

occurs when an attacker is able to intercept a DNS request and respond to the request before the DNS server is able to often changing the domain that will be pointed to and corelated with the ip address

OSI

open systems interconnect a conceptual model create by is to describe a network architecture that allows the passage of data between computer systems

circuit level firewall

operate at the transport and session lays of the OSI model to monitor the open sessions for filtering

organizational units

ou a container used in active directory to help organize objects within a domain and minimize the number of domains

What type of firewall filters packets based on rules using attributes like IP address, protocols and ports?

packet filtering

What is the most common form of authentication?

password

PSO

password settings object password settings

Which of the following servers would you not place on the DMZ?

payroll database server

A(n) ___________ defines the type of access over an object or the properties of an object such as an NTFS file or printer

permission

When you grant access to print to a file or folder, what are you granting?

permission

shared permissions

permissions assigned to shared folders or drives

explicit permission

permissions granted directly to a file or folder

NTFS permissions

permissions that allow you to control whih users and groups can gain access to files and folders on an NTFS volume

PIN

personal identification number a secret numeric password shared between a user and a system that can be used to authenticate the user to the system

A(n) ______________ attack redirects a website's traffic to a bogus website.

pharming

What technique is used to send you to a fake, but realistic-looking, website to verify your account information?

phishing

Which of the following refers to a social engineering technique in which a user receives an email stating that his account has just expired and he should log on to a legitimate-looking website to fix the problem?

phishing

acceptable use policy

policy that sets out what users are and are not allowed to do with IT systems

flash drive

portable stroage media device

nonrepudation

prevents one party from denying the actions it has carried out

social engineering

psychological tricking and impersonation the act of trying to get information from people through through trying to look like a legitimate entity

assymetric encryption

public key cryptography uses two mathematically related keys for encryption. one to encrypt one to decrypt

PKI

public key infrastructure consist of - hardware - software - policies - procedures able to ... digital certificates - create - manage - distribute - use - store - revoke

This fast growing form of malware, encrypts data files and then requests payment from the user to decrypt the files. This type of malware is called ______________.

ransomware

RODC

read only domain controller allows a read only copy of the AD to be stored

This attack occurs when an attacker is able to capture a data stream from the network using a network sniffer, modify parts of the data stream and then replay the traffic back to to the network.

replay

A(n) __________ authorizes a user to perform certain actions on a computer.

right

The probability or likelihood that an event will occur is called _____________.

risk

You are in the local coffee shop and need to connect to your work system. You are connected through the coffee shop public unsecured Wi-Fi. You decide to use VPN when connecting to your work system. This is an example of:

risk mitigation

What malware gives administrator-level control over a computer system without being detected?

rootkit

This process forwards packets based on the packet's destination IP address. It uses a table to make the decision of where to forward the packet.

routing

SAM

security account manager a local security database found on most windows computers

A(n) _______ is a collection of security settings stored in a text file that can be used to save security configurations, deploy the security settings to a computer or group policy or to analyze compliance of a computer to the desired configuration.

security template

A device that may provide a second password to log in to a system is a(n) __________

security token

A _________ account is one type of account you can configure so that the password does not expire.

service

Which of the following refers to a thoroughly tested, cumulative set of hotfixes and other patches?

service pack

SSO

single sign on technology that allows you to log on once and access multiple related but independent software systems without logging in again

Which of the following is NOT a factor in password strength?

sniffability

ransomware

software that encrypts a computer so that it cannot be used and to be unlocked a price must be paid

malicious software malware

software that is designed to infiltrate's or affect a computer system without the owner's informed consent. The term malware is usually associate with viruses, worms, trojan horses, spyware, rootkits and dishonest adware

internet content filter

technology that can filter out various types of internet activites, such as website, IM and so on

IP proxy

technology that secures a network that by keeping machines behind it anonymous, it does this through the use of NAT

circuit level gateway

technology used within firewall that, once the connection has been made, packets can flow between the host without further checking. hides information about private network

risk acceptance

the acknowledgement of the existence of a risk. no action is taken on the risk

risk avoidance

the act of doing nothing about a risk and not engagin

Confidentiality

the act of keeping data and systems secure from unauthorized access

risk mitigation

the act of lessening a risk and or the impact of the risk

access control

the act of restricting both physicals and file and server access so those who need it have it but those who do not need do not have it

social engineering

the act of trying to get information form people through tryign to look like a legitimate entity

email DoS

the attempt to send massive volumes of emails to an address

NTLM

the default authentication protocol for Windows NT, stand alone computers that are no part of a domain, and situations in which you are authenticating to a server using that IP address

built in groups

the default groups that are included with in Windows or active directory

spoofing

the misuse of a network protocol to perpetrate a hoax on a host or a network device

availability

the part of the CIA triangle that ensure data is accessible by those who need it when they need it

intergrity

the part of the CIA triangle that involves ensuring data is accurate, valid, and protected against unauthorized changes

MAC address

the physical or hardware address burned into each NIC 48 bits

risk

the probability a threat will become reality

decryption

the process of converting data from encrypted format back to tis original format

encryption

the process of converting data into a format that cannot be read by another user. once a user has encrypted a file, theat file automatically remains encrypted when it is stored on teh disk

authorization

the process of giving individuals access to system objects based on their identity

authentication

the process of identifying an individual usually based on a username and password

risk assesment

the process of identifying hazards and risk factors that have the potential to cause harm

account lockout

the process of preventingan account from logging on after a number of incorrect logon attempts

A central, secure database in which Windows stores hardware and software configuration information and system security policies is ______________________. This includes information about device drivers, setup programs, hardware profiles and user profiles.

the registry

residual risk

the remaining amount of risk after mitigation takes place

risk transfer

the sharing of a risk burden transfer to insurance

attack surface

the totality of ways in which a system can be attacked

ICMP ping flood

this type of attack can consume both outgoing and incoming bandwidth because the victim servers often attempt to respond with ICMP echo reply packets

An action or occurrence that could result in the breach, outage, or corruption of a system by exploiting known or unknown vulnerabilities is a(n) _____

threat

ingress traffic

traffic that originates from outside the networks routers and proceeds towards a destination inside the network

UWP

universal windows platform app the Microsoft app

HTTP flood

use of many GET or POST request to attack a web server application

security policy

used to address the constraints on behavior of its members as well as constraints imposed on mechanical physicals objects

DREAD

used to measure and rank the threats risk level Damage potential reproducibility exploitability affected users discoverability

symmetric encryption

uses a single key to encrypt and decrypt data

VPN

virtual private network technology that links two computers through a wide are network such as the internet. to keep the connection secure, the data sent between the two computers is encapsulated and encrypted

VPN

virtual private network a connection between two or more computers or devices that are not on the same private network

VSM

virtual secure mode used by device guard and credential guard virtualization used to organized windows 10 in multiple containers Windows runs one container; and the Active Directory security tokens that allow access to your organization's resources run in another container. Each container is isolated from the other and encrypted.

Which of the following uses the processor's virtualization to protect the PC, including data and credential tokens on the system's disks?

virtual secure mode (VSM)

STRIDE

well known attacks - spoofing - tampering - repudiation - information disclosure - DoS - elevation of privilege's

SYN flood

when a attacker sends syn packets from a fake ip address and then the server sends a syn ack back but since the address is fake it waits endlessly for a response

IP address spoofing

when an IP address is incorrectly changed by attacker

man in the middle attack

when an attacker is able to intercept and alter or record a transmission that is sent from a client to server

ping of death

when an attacker sends IP fragments with oversized fragment offsets, which cause the IP to be larger than 65,535 bytes after reassembly at the receiver, overflowing the memory buffers

multifactor authentication

when two or more authentication methods are used to authenticate someone

WPA

wi fi protected access uses a shared key to secure wireless networks

WEP

wireless equivalent privacy encryption method which should be used because it repeats to often and is easily cracker

windows server update

wsus a software system that can keep you systems updated with the newest windows and office updates

Attacks based on unknown or recently announced vulnerabilities are _____________. The attack occurs before the developer knows about or has a chance to fix the vulnerability.

zero-day

content zone

zones used to define and help manage security when visiting sites


Related study sets

Chapter 21 Globalization and Protectionism

View Set

Texas Life Insurance - Uses/Retirement

View Set

psych 160 final exam/claire lyons

View Set

Life Missouri statutes, rules, and regulations

View Set

How to use the GAP (Grade Adjustment Policy)

View Set

Accident and Health Insurance Basics Test Questions

View Set

Cambridge Academic English Advanced Vocabulary - Unit 1

View Set

organizational behavior chapter 1

View Set

Chapter 15 network pro Practice exam

View Set