Windows Security Test 2

2. Windows checks for new or updates GPOs every ________ minutes.

90-120

1. The Windows Group Policy feature provides a centralized set of rules that govern the way Windows operates. A. True B. False

A.

10. Which of the following features allows you to restrict the groups to which a GPO applies? A. Security filter B. WMI filter C. GPO link D. OU list

A.

11. What is the best first step to take when malware is discovered soon after installing new software? A. Uninstall the new software. B. Scan for malware. C. Update the new software. D. Install additional anti-malware software.

A.

14. Which type of malware covertly primarily collects pieces of information? A. Spyware B. Trojan C. Virus D. Rootkit

A.

3. Which Microsoft tool analyzes a computer's settings and compares its configuration with a baseline? A. SCA B. MBSA C. OpenVAS D. SCT

A.

5. Which of the following terms means identifying malware based on past experience? A. Heuristic analysis B. Log file analysis C. Signature analysis D. Historical analysis

A.

5. Which tool would you most likely use to edit Group Policy settings in a stand- alone computer? A. Local Group Policy Editor B. Registry Editor C. Group Policy Management Console D. Resultant Set of Policy Editor

A.

6. Which command-line tool provides the same scanning capability as SCA? A. Secedit B. Mbsacli C. Scacli D. Mbsaedit

A.

7. Which of the following best describes RTO? A. The goal for how much time a recovery effort should take B. The maximum time a recovery effort can take C. The minimum time a recovery effort should take D. The maximum downtime an organization can sustain

A.

8. MBSA automatically ranks vulnerabilities by severity. A. True B. False

A.

8. Which of the following anti-malware components is also referred to as a real- time scanner? A. Shield B. Scanner C. Heuristic engine D. Antivirus software

A.

9. The wbadmin command-line utility performs the same functions as the Microsoft Windows Backup and Restore utility on Windows workstations. A. True B. False

A.

Which type of malware is a stand-alone program that replicates and sends itself to other computers? A. Worm B. Virus C. Rootkit D. Trojan

A.

2. Which of the following options are valid approaches to recovering from lost data? (Select two.) A. Manually reconstruct lost data. B. Reinstall the operating system and application software. C. Restore from a backup. D. Use anti-malware software to heal infections.

A. C.

7. Defining GPOs in ________ gives you the ability to centralize security rules and control how Windows applies each rule.

Active Directory

1. A baseline is the initial settings in a newly installed system. A. True B. False

B.

1. A valid backup is all an organization needs to recover from a disaster. A. True B. False

B.

10. Only the Microsoft Backup utilities can create valid backup images for Windows computers. A. True B. False

B.

11. Which of the following features allows you to restrict the types of operating systems to which a GPO applies? A. Security filter B. WMI filter C. GPO link D. OU list

B.

11. Which vulnerability scanner discussed in this chapter makes its source code available? A. Retina B. nexpose C. Nessus D. OpenVAS

B.

12. Which of the following terms refers to an alternate recovery site that has the basic infrastructure in place, but no configured hardware and no software installed? A. Warm site B. Cold site C. Hot site D. Initial site

B.

12. Windows will automatically cause a user logoff or system reboot after applying new or changed GPOs. A. True B. False

B.

13. Which of the following statements best describe the relationship between profiling and auditing? A. Auditing is often a part of profiling. B. Profiling is often a part of auditing. C. Profiling and auditing are interchangeable terms. D. If auditing is in place, profiling is not necessary.

B.

14. Virtual image snapshots can back up only virtual machines that are not running. A. True B. False

B.

4. Which term describes a unique set of instructions that identify malware code? A. Fingerprint B. Signature C. Rule set D. Heuristic

B.

4. Who holds the primary responsibility to ensure the security of an organization's information? A. IT security B. Management C. Information system users D. Human Resources

B.

6. The only valid uses for restoring a backup image are to recover lost data and quickly load programs and files on completely new computers. A. True B. False

B.

6. You can only edit user-specific Group Policy settings in the Windows Registry Editor. A. True B. False

B.

7. Which of the following terms describes a secure location to store identified malware? A. Safe B. Vault C. Signature database D. Secure storage

B.

8. Which folder does Windows use to store AD GPOs on the domain controller? A. Windows B. Policies C. GPO D. ADdata

B.

8. Which of the following do you not need to tell the Microsoft Windows Backup and Restore utility? A. What to back up (files, folders, volumes, etc.) B. What type of backup (full, incremental, blocks versus files) C. Where to store the backup (local disk or shared network folder) D. When to back up (date and time, frequency)

B.

9. Which command-line tool provides the same scanning capability as MBSA? A. Secedit B. Mbsacli C. Scacli D. Mbsaedit

B.

13. A recovery strategy that installs the operating system and all software and data on a completely new physical computer is called a ________ .

Bare metal recovery

13. The Morris worm exploited this vulnerability:

Buffer overflow

12. Which security scanner runs in a web browser and doesn't require that you install a product before scanning? A. MBSA B. OpenVAS C. SCT D. PSI

C.

15. What is the main purpose of an audit? A. To uncover problems B. To catch errors C. To validate compliance D. To standardize configurations

C.

15. Which of the following resources is installed with Windows? A. Group Policy Settings Reference B. Security Compliance Management Toolkit C. Group Policy Best Practices Analyzer D. GPOAccelerator

C.

2. Which type of malware modifies or replaces parts of the operating system to hide the fact that the computer has been compromised? A. Worm B. Virus C. Rootkit D. Trojan

C.

3. Which of the following is the focus of data availability? A. Backup plan B. Backup schedule C. Recovery plan D. Disaster response plan

C.

3. Which of the following statements best describes the relationship between security policy and Group Policy? A. Security policy should implement Group Policy. B. Security policy is derived from Group Policy. C. Group Policy should implement security policy. D. Group Policy supersedes security policy.

C.

4. Stored settings that make up a baseline are stored in which type of files? A. Baseline configuration B. Baseline database C. Security template D. Security object

C.

7. Which of the following products does MBSA not analyze? A. IIS B. SQL Server C. Adobe Acrobat D. Windows 7

C.

9. Which anti-malware tool is included with Windows 10? A. Windows AntiVirus B. Windows Doctor C. Windows Defender D. Windows Sweeper

C.

10. Which of the following best describes a zero-day attack? A. Malware that no longer is a threat B. Malware that can exploit a vulnerability but has not yet been released C. Malware that is actively exploiting vulnerabilities on computers that have not applied the latest patches D. Malware that is actively exploiting an unknown vulnerability

D.

10. Which security scanner commonly runs as a Linux virtual machine? A. SCA B. OpenVAS C. Retina D. MBSA

D.

11. Which type of plan addresses minor interruptions such as a power outage lasting several hours? A. RTO B. DRP C. VSS D. BCP

D.

12. What is the best first step to take if initial actions to remove malware are not successful? A. Install additional anti-malware software. B. Rescan for malware. C. Update the signature database. D. Disconnect the computer from the network.

D.

13. Which of the following tools lists information about deployed GPOs and other computer specific attributes? A. Gpupdate.exe B. RSOP C. Gpedit.msc D. Gpinventory.exe

D.

15. Why is a rootkit so difficult to detect? A. Most anti-malware tools don't scan for rootkits. B. A rootkit gives administrator privileges to an attacker. C. A rootkit does not run in memory. D. A rootkit may have modified the tools used to detect it.

D.

3. Which type of malware disguises itself as a useful program? A. Worm B. Virus C. Rootkit D. Trojan

D.

6. A signature database that is 1 month old may potentially expose that computer to how many new threats? A. 360,000 B. 2,500,000 C. 1,080,000 D. 10,800,000

D.

5. Using removable media for backups generally ________data confidentiality, as opposed to using internal disks.

Decreases

9. Windows stores each GPO in a subfolder with the same name as the ________ of the GPO.

GUID

4. Using removable media for backups generally _______ data availability, as opposed to using internal disks.

Increases

5. The Security Configuration and Analysis tool operates as a snap-in to the ________.

MMC

14. When designing an audit strategy, you should log access attempts on the ________ number of objects.

Minimum

14. You can use the ________ tool to view the effective settings after all current GPOs are applied to a specific user.

RSOP

2. A baseline, also called a ________, is a collection of settings at a specific point in time.

Snapshot