110 terms

MTA 98-367 Security Fundamentals

STUDY
PLAY

Terms in this set (...)

Which of the following terms indicates that information is to be read only by those people for whom it is intended?
a) confidentiality
b) integrity
c) availability
d) accounting
a) confidentiality
Confidentiality is a concept we deal with frequently in real life. For instance, we expect our doctors to keep our medical records confidential, and we trust our friends to keep our secrets confidential. The business world defines confidentiality as the characteristic of a resource that ensures access is restricted only to permitted users, applications, or computer systems.
What technology is not used to implement confidentiality?
a) encryption
b) access controls
c) auditing
d) authentication
c) auditing
Confidentiality is particularly critical in today's environment. Several technologies support confidentiality in an enterprise security implementation:
• Strong encryption
• Strong authentication
• Stringent access controls
Which of the following makes sure that data is not changed when it not supposed to be?
a) confidentiality
b) integrity
c) availability
d) accounting
b) integrity
In the information security context, integrity is defined as the consistency, accuracy, and validity of data. One goal of a successful information security program is to ensure that data is protected against any unauthorized or accidental changes.
Which of the following is not a response when dealing with a risk?
a) avoidance
b) mitigation
c) transfer
d) patching
d) patching
After you prioritize your risks, you can choose from among the four generally accepted responses to these risks:
• Avoidance
• Acceptance
• Mitigation
• Transfer
What do you call the security discipline that requires that a user is given no more privilege necessary to perform his or her job?
a) defense in depth
b) reduction of attack surface
c) risk transfer
d) principle of least privilege
d) principle of least privilege
The principle of least privilege is a security discipline that requires that a particular user, system, or application be given no more privilege than necessary to perform its function or job. The principle of least privilege has been a staple in the security arena for a number of years, and many organizations have struggled to implement it successfully.
What do you call the scope that hacker can use to break into a system?
a) defense in depth
b) attack surface
c) principle of least privilege
d) risk mitigation
b) attack surface
An attack surface consists of the set of methods and avenues an attacker can use to enter a system and potentially cause damage. The larger the attack surface of a particular environment, the greater the risk of a successful attack.
What method used by a hacker relies on the trusting nature of the person being attacked?
a) social engineering
b) attack surface
c) principle of least privilege
d) risk avoidance
a) social engineering
Social engineering is a method used to gain access to data, systems, or networks, primarily through misrepresentation. This technique typically relies on the trusting nature of the person being attacked. In a typical social engineering attack, the attacker will try to appear as harmless or respectful as possible. These attacks can be perpetrated in person, through email, or via phone. Attackers will try techniques ranging from pretending to be a help desk or support department staffer, claiming to be a new employee, or (in some cases) even offering credentials that identify them as an employee of the company.
What is the best way to protect against social engineering?
a) stronger encryption
b) stronger authentication
c) employee awareness
d) risk mitigation
c) employee awareness
The key to thwarting a social engineering attack is employee awareness. If your employees know what to watch for, an attacker will find little success.
What is needed to highly secure a system?
a) lots of time
b) more money
c) system update
d) disabled administrator account
b) more money
Security costs money. Typically, the more money you spend, the more secure your information or resources will be (up to a point). So, when looking at risk and threats, you need to consider how valuable certain confidential data or resources are to your organization and also how much money you are willing to spend to protect those data or resources.
What is the first line of defense when setting up a network?
a) physically secure the network
b) configure authentication
c) configure encryption
d) configure an ACL
a) physically secure the network
If someone can get physical access to a server where confidential data is stored, with the right tools and enough time, that person can bypass any security the server uses to protect the data.
Which concept determines what resources users can access after they log on?
a) authentication
b) auditing
c) access control
d) defense in depth
c) access control
Access control is a key concept when thinking about physical security. It can also be a little confusing, because you frequently hear the phrase used when discussing information security. In the context of physical security, access control is the process of restricting access to a resource to only permitted users, applications, or computer systems.
What is used to provide protection when one line of defense is breached?
a) defense in depth
b) attack surface
c) principle of least privilege
d) risk mitigation
a) defense in depth
The term defense in depth means using multiple layers of security to defend your assets. That way, even if an attacker breaches one layer of your defense, you have additional layers to keep that person out of the critical areas of your environment.
What is used to identify a person before giving access?
a) authentication
b) encryption
c) access control
d) auditing
a) authentication
Site security must address the need to identify and authenticate the people who are permitted access to an area. The first step is authentication, which proves that a person who is logging on is actually that person.
What is used to verify that an administrator is not accessing data that he should not be accessing?
a) authentication
b) encryption
c) access control
d) auditing
d) auditing
Site security must also provide the ability to audit activities within the facility. This can be done by reviewing camera footage, badge reader logs, visitor registration logs, or other mechanisms.
What type of device can be easily lost or stolen or can be used for espionage?
a) processors
b) RAM chips
c) removable devices
d) servers
c) removable devices
A removable storage device or drive is designed to be taken out of a computer without turning the computer off. Three basic types of security issues are associated with removable storage: loss, theft, and espionage. The loss of a storage device is one of the most common security issues you will encounter.
What is a physical or logical device used to capture keystrokes?
a) USB flash drive
b) PDA
c) Smartphone
d) keylogger
d) keylogger
A keylogger is a physical or logical device used to capture keystrokes. An attacker will either place a device between the keyboard and the computer or install a software program to record each keystroke taken, and then she can use software to replay the data and capture critical information such as user IDs and passwords, credit-card numbers, Social Security numbers, or even confidential emails or other data.
In dealing with risks, which response is done by buying insurance to protect your bottom line if such a disaster or threat is realized?
a) risk avoidance
b) risk acceptance
c) risk mitigation
d) risk transfer
d) risk transfer
Risk transfer is the act of taking steps to move responsibility for a risk to a third party through insurance or outsourcing. For example, you risk having an accident while driving your car. You transfer this risk by purchasing insurance so that in the event of an accident, your insurance company is responsible for paying most of the associated costs.
A ___________ is generally defined as the probability that an event will occur that can cause harm to a computer system, service, or network.
risk
A risk is generally defined as the probability that an event will occur. In reality, businesses are concerned about only risks that would negatively affect the computing environment. For instance, you might risk winning the lottery on Friday—but that's not a risk your company is going to actively address, because it would be something positive.
Over the last couple of years, small ___________________ devices have been become one of the largest challenges facing security professionals.
mobile
Mobile devices are one of the largest challenges facing many security professionals today. Mobile devices such as laptops, PDAs (personal digital assistants), and smartphones are used to process information, send and receive mail, store enormous amounts of data, surf the Internet, and interact remotely with internal networks and systems.
What do the initials CIA stand for in relation to security?
confidentiality, integrity, and availability
When you are working in the information security field, one of the first acronyms you will encounter is CIA, but don't confuse this with a government agency. Rather, in this context, CIA represents the core goals of an information security program: Confidentiality, Integrity, and Availability.
What is the process of identifying an individual?
a) authentication
b) authorization
c) accounting
d) auditing
a) authentication
In the world of information security, AAA (authentication, authorization, and accounting) is a leading model for access control. Here, authentication is the process of identifying an individual. After a user is authenticated, she can access network resources based on her authorization.
What do you call the process in which a user is identified via a username and password?
a) authentication
b) authorization
c) accounting
d) auditing
a) authentication
Authentication is the process of identifying an individual, usually based on a username and password. After a user is authenticated, he can access network resources based on his authorization.
What is the process of giving individual access to a system or resource?
a) authentication
b) authorization
c) accounting
d) auditing
b) authorization
Authorization is the process of giving individuals access to system objects based on their identities. Of course, before authorization is to occur, authentication must occur.
What is the process of keeping track of a user's activity?
a) authentication
b) authorization
c) accounting
d) authoring
c) accounting
Accounting, also known as auditing, is the process of keeping track of a user's activity while accessing network resources, including the amount of time spent in the network, the services accessed while there, and the amount of data transferred during each session.
What process prevents someone from denying that she accessed a resource?
a) accounting
b) authorization
c) sniffing
d) nonrepudiation
d) nonrepudiation
Nonrepudiation prevents one party from denying the actions it has carried out. If you have established proper authentication, authorization, and accounting, appropriate mechanisms of nonrepudiation should be in place, and no user should be able to deny the actions she has carried out while in your organization's system.
Which of the following is a secret numeric password used for authentication?
a) security token
b) digital certificate
c) digital signature
d) PIN
d) PIN
A personal identification number (PIN) is a secret numeric password shared between a user and a system that can be used to authenticate the user to the system. Because they consist of only digits and are relatively short (usually four digits), PINs are used for relatively low-security scenarios, such as gaining access to a system, or in combination with another method of authentication.
What type of electronic document contains a public key?
a) digital certificate
b) biometrics
c) PIN
d) PAN
a) digital certificate
A digital certificate is an electronic document that contains an identity, such as a user or organization name, along with a corresponding public key. Because a digital certificate is used to prove a person's identity, it can also be used for authentication.
What item, about the size of a credit card, allows access to a network and its resources?
a) digital certificate
b) smart card
c) security token
d) biometric
b) smart card
A smart card is a pocket-sized card with embedded integrated circuits consisting of nonvolatile memory storage components and perhaps dedicated security logic. Nonvolatile memory is memory that does not forget its content when power is discontinued. This kind of memory may contain digital certificates to prove the identity of the person who is carrying the card, and it may also contain permissions and access information.
What type of authentication method identifies and recognizes people based on physical traits such as fingerprints?
a) digital certificates
b) WEP
c) biometrics
d) RADIUS
c) biometrics
Biometrics is an authentication method that identifies and recognizes people based on physical traits, such as fingerprints, facial recognition, iris recognition, retinal scans, and voice recognition. Many mobile computers include a finger scanner. Installing biometric devices on doors and cabinets is relatively easy to ensure that only authorized people enter secure areas.
What authentication type is the default for Active Directory?
a) NTLM
b) Kerberos
c) MS-CHAP
d) MS-CHAPv2
b) Kerberos
Kerberos is the default computer network authentication protocol that allows hosts to securely prove their identity over a nonsecure network. It can also provide mutual authentication so that both the user and server verify each other's identity. To ensure security, Kerberos protocol messages are protected against eavesdropping and replay attacks.
What directory service is used with Windows domains?
a) Active Directory
b) E-Directory
c) PAM
d) Kerberos
a) Active Directory
A directory service stores, organizes, and provides access to information in a directory. It is used for locating, managing, and administering common items and network resources, such as volumes, folders, files, printers, users, groups, devices, telephone numbers, and other objects. One popular directory service used by many organizations is Microsoft's Active Directory.
What type of server runs Active Directory?
a) member server
b) file server
c) domain controller
d) NTLAN server
c) domain controller
A domain controller is a Windows server that stores a replica of the account and security information of a domain and defines the domain boundaries. To make a computer running Windows Server 2008 a domain controller, you first have to install Active Directory Domain Services. You will then have to execute the dcpromo (short for dc promotion) command to make the server a domain controller from the Search Programs and Files dialog box or from the command prompt.
When you access permissions to a folder, you should first grant permissions to __________ rather than users.
a) groups
b) computers
c) collections
d) organizational units
a) groups
A group is a collection or list of user accounts or computer accounts. Different from a container, a group does not store users or computers; rather, it just lists them. Using groups can simplify administration, especially when assigning rights and permissions.
When you create a local user on a computer running in Windows 7, where is the user account stored?
a) Active Directory
b) SAM
c) PAN
d) SQL database
b) SAM
A user account allows users to log on and gain access to the computer where the account was created. The local user account is stored in the Security Account Manager (SAM) database on the local computer. The only Windows computer that does not have a SAM database is the domain controller.
Which type of group can be granted rights and permissions?
a) security
b) distribution
c) authorizing
d) SAM
a) security
Windows Active Directory employs two types of groups: security and distribution. A security group is used to assign rights and permissions and to gain access to network resources. It can also be used as a distribution group. A distribution group is used only for nonsecurity functions, such as distributing email, and it cannot be used to assign rights and permissions.
What authorizes a user to perform certain actions in Windows such as logging on or performing a backup?
a) right
b) permission
c) accessible
d) key
a) right
A right authorizes a user to perform certain actions on a computer, such as logging on to a system interactively or backing up a system's files and directories. User rights are assigned through local policies or Active Directory group policies.
When you grant access to print to a printer, what are you granting?
a) right
b) permission
c) accessible
d) key
b) permission
A permission defines the type of access granted to an object (an object can be identified with a security identifier) or object attribute. The most common objects assigned permissions are printers, NTFS files and folders, and Active Directory objects.
Where are users and permissions stored for an NTFS folder?
a) access log
b) access file
c) registry
d) ACL
d) ACL
Information about which users can access an object and what they can do is stored in the access control list (ACL), which lists all users and groups that have access to an object.
What type of permissions are assigned directly to a file or folder?
a) explicit
b) inherited
c) encompassing
d) overriding
a) explicit
NTFS uses two types of permissions. Explicit permissions are granted directly to a file or folder, whereas inherited permissions are granted to a parent object and flow down to child objects.
What is the process of converting data into a format that cannot be read by another user?
a) encryption
b) locking
c) keying
d) registering
a) encryption
Encryption is the process of converting data into a format that cannot be read by another user. After a file is encrypted, it automatically remains encrypted when stored on disk. Decryption is the process of converting data from encrypted format back to its original format.
Which authentication sends the username and password in plain text?
a) MS-CHAP
b) CHAP
c) PAP
d) SPAP
c) PAP
Password Authentication Protocol (PAP) uses plain text (unencrypted passwords). PAP is the least secure form of authentication and is not recommended.
In Windows, what do you use to enable auditing?
a) registry
b) group policies
c) NTFS permissions
d) access log
c) NTFS permissions
Auditing is not enabled by default in Windows. To enable auditing, you must specify what types of system events to audit by using group policies or the local security policy (Security Settings\Local Policies\Audit Policy).
By default, the ____________ group has full access to all resources within a domain?
Domain Admins
Members of the Domain Admins group can perform administrative tasks on any computer within the domain. By default, the Administrator account is a member.
_____________ allows you to log on once and access multiple related by different systems without having to log on again.
Single sign-on (SSO)
Single sign-on (SSO) allows you to log on once and access multiple related but independent software systems without having to log on again. As you log on with Windows via Active Directory, you are assigned a token, which can then be used to log on to other systems automatically.
_______________ is the term used to describe two or more authentication methods used to authenticate someone.
Multifactor authentication
When two or more authentication methods are used to authenticate someone, a multifactor authentication system is said to be in place. Of course, a system that uses two authentication methods (such as smart cards and passwords) can be referred to as a two-factor authentication system.
______________ is the standard for logging program messages for UNIX and Linux machines.
Syslog
If you need to audit non-Microsoft products, you may need to use Syslog, standard for logging program messages that can be accessed by devices that would not otherwise would not have a method for communication. Cisco firewalls and routers, computers running Linux and UNIX, and many printers can use Syslog. It can be employed for computer system management and security auditing, as well as for generalized information, analysis, and debugging messages.
What is the most common form of authentication?
password
For both individual computers and entire networks, the most common method of authentication is the password. A password is a secret series of characters that enables a user to access a particular file, computer, or program.
You are told that you should not log on to your local computer running Windows 7 as a domain administrator. However, some tools run only as a domain administrator. What should you do?
Log on with your normal user account and use RUNAS to run those tools.
Because administrators have full access to individual computers or entire networks, it is recommended that you use a standard non-administrator user account to perform most tasks. Then, when you need to perform administrative tasks, you can use the Run as command or the options built into the Windows operating system.
What is the most common form of authentication?
a) password
b) PIN
c) digital certificates
d) smart cards
a) password
Much of today's data protection is based on the password. You use passwords to secure your voice mail, ATM access, email account, Facebook account, and a host of other things.
Anytime you use a password, you should make it ___________.
a) constantly changing
b) migrating
c) strong
d) simple
c) strong
One basic component of your information security program is ensuring that all employees select and use strong passwords. The strength of a password can be determined by looking at the password's length, complexity, and randomness.
What do you call a password that is at least seven characters long and uses three of the following categories (uppercase, lowercase, numbers, and special characters)?
a) healthy password
b) migrating password
c) standard password
d) complex password
d) complex password
Password complexity involves the characters used to make up a password. A complex password uses characters from at least three of the following categories:
• English uppercase characters (A through Z)
• English lowercase characters (a through z)
• Numeric characters (0 through 9)
• Nonalphanumeric characters (!, @, #, $, %, ^, &, and so on)
It should also be a minimum of six characters and not use the user's name in the password.
What do you use to define how long a password is in Windows?
a) registry
b) Users applet in the Control Panel
c) group policies
d) NTFS files
c) group policies
A Group Policy Object (GPO) is a set of rules that give an administrator granular control over the configuration of objects in Active Directory (AD), including user accounts, operating systems, applications, and other AD objects. GPOs are used for centralized management and configuration of the Active Directory environment. This will also include defining password parameters.
Which of the following is not a complex password?
a) Platter*SAN
b) John!Taylor
c) Password01
d) ThereisTimetoLive&Die
b) John!Taylor
You should never use the user name as part of the password.
What settings are used to keep track of incorrect logon attempts and lock the account if too many attempts are detected within a certain set time?
a) account lockout
b) password policy
c) authentication tracker
d) user parameters
a) account lockout
Account lockout refers to the number of incorrect logon attempts permitted before a system locks an account. Each bad logon attempt is tracked by the bad logon counter, and when the counter exceeds the account lockout threshold, no further logon attempts are permitted. This setting is critical because one of the most common password attacks involves repeatedly attempting to log on with guessed passwords.
What setting is used to prevent users from reusing the same password over and over?
a) minimum password age
b) maximum password age
c) password history
d) account lockout
c) password history
Password history is the setting that determines the number of unique passwords that must be used before a password can be reused. This setting prevents users from recycling the same passwords through a system. The more often a password is used, the greater the chances it can be compromised.
What prevents users from changing a password multiple times so that they can change it to their original password?
a) minimum password age
b) maximum password age
c) password history
d) account lockout
a) minimum password age
The minimum password age setting controls how many days users must wait before they can reset their password. This setting can be a value from one to 998 days. If set to 0, passwords can be changed immediately. Although this seems to be a fairly innocent setting, too low a value could allow users to defeat your password history settings.
What setting forces users to change their password?
a) minimum password age
b) maximum password age
c) password history
d) account lockout
b) maximum password age
The maximum password age setting controls the maximum period of time that can elapse before you are forced to reset your password. This setting can range from one to 999 days, or it can be set to 0 if you never want passwords to expire.
What type of attack tries to guess passwords by trying common words?
a) dictionary attack
b) brute-force attack
c) man-in-the-middle attack
d) smurf attack
a) dictionary attack
A dictionary attack uses a dictionary containing an extensive list of potential passwords that the attacker then tries with a user ID in an attempt to guess the appropriate password. The earliest versions of this type of attack actually used lists of words from the dictionary as the basis of logon attempts.
What type of attack tries to guess passwords by every combination of characters?
a) dictionary attack
b) brute-force attack
c) man-in-the-middle attack
d) smurf attack
b) brute-force attack
Another, more crude type of attack—called a brute-force attack—doesn't rely on lists of passwords, but rather tries all possible combinations of permitted character types. Although this type of attack was historically considered ineffective, improvements in processor and network performance have made it more useful, although not nearly as effective as a dictionary attack.
What malicious software captures every keystroke and sends it to a hacker?
a) dictionary software
b) password leaker
c) keylogger
d) sniffer
c) keylogger
Anytime your computer can be physically accessed by an attacker, that computer is at risk. Physical attacks on your computer can completely bypass almost all security mechanisms, such as by capturing the passwords and other critical data directly from the keyboard when a software or hardware keylogger is used. In fact, if your encryption key passes through a keylogger, you might find that even your encrypted data is jeopardized.
What type of software can you use to view usernames and passwords broadcasted over the network?
a) dictionary software
b) password leaker
c) keylogger
d) sniffer
d) sniffer
Sniffers are specially designed software (and in some cases hardware) applications that capture network packets as they traverse a network, displaying them for the attacker. Sniffers are valid forms of test equipment, used to identify network and application issues, but the technology has been rapidly co-opted by attackers as an easy way to grab logon credentials.
What is the generally accepted minimum password length?
a) 4
b) 6
c) 8
d) 12
c) 8
The length of a password is a key component of its strength. Password length is the number of characters used in a password. A password with two characters is considered highly insecure, because a very limited set of unique passwords can be made using two characters. Therefore, a two-character password is considered easy to guess. On the other side of the spectrum is the 14-character password. Although extremely secure relative to a two-character password, a 14-character password is difficult for most users to remember. The generally accepted minimum password length is eight characters.
What are the only passwords that should not expire?
a) administrator accounts
b) power users
c) service accounts
d) standard user
c) service accounts
Passwords should always expire, except in extremely unique circumstances, such as service accounts for running applications. Although this may add administrative overhead to some processes, passwords that don't expire can be a serious security issue in virtually all environments.
Which of the following should users not do when dealing with passwords?
a) Avoid allowing other users from seeing you type in your password.
b) Write down your password on a piece of paper and keep it near your computer.
c) Do not use names of children and pets.
d) Do not give your password to your co-workers
e) b, c, and d
e) b, c, and d
Don't use common items that represent you, such as names of children, spouses, girlfriends, and pets. Protect your password by not giving it to other people and avoid allowing people from seeing you type in your password. Don't write your password on paper.
What might happen if you require passwords to be too long?
Users will try to circumvent the password.
A 14-character password is difficult for most users to remember. When passwords become this long, users often start breaking out the note paper and writing down their passwords, which defeats any security benefits you may have established by requiring a 14-character password in the first place.
What limits how fast a password for an encrypted file is cracked?
The speed of your computer, particularly your processor
Passwords stored in an encrypted state are harder to break than passwords stored in clear text or in a hashed state. However, with today's computing power, even encrypted password stores are being compromised by password-cracking attacks.
What steps can you do to prevent someone from hacking your password?
Use strong passwords and change them frequently.
Dictionary and brute-force attacks tend to be most successful when a password's length is seven characters or less. Each additional character adds a significant number of possible passwords. Such attacks are often successful because users sometimes use common words with the first letter capitalized and then append a number to meet the complexity guidelines. These are the easiest passwords for users to remember, but they are also the easiest for an attacker to compromise.
What is used to prevent someone from guessing a password multiple times?
account lockout settings
The account lockout settings are a critical defense against guessing a password, because an account lockout will either slow or even stop a brute-force attack in its tracks after the configured number of incorrect logon attempts is reached.
What type of device isolates a network by filtering the packets that can enter it?
a) firewall
b) bridge
c) gateway
d) switch
a) firewall
A firewall is a system designed to protect a computer or computer network from network-based attacks. A firewall does this by filtering the data packets traversing the network.
What seven-layer model is often used to describe networking technologies and services?
a) OSI
b) TCP/IP
c) IPX/SPX
d) DIX
a) OSI
The OSI model is a conceptual model, created by the International Organization for Standardization (ISO) in 1978 and revised in 1984, to describe a network architecture that allows the passage of data between computer systems. Although never fully utilized as model for a protocol, the OSI model is nonetheless the standard for discussing how networking works.
On which OSI layer do routers function?
a) 1
b) 2
c) 3
d) 4
c) 3
The Network layer is primarily responsible for routing. This layer defines the mechanisms that allow data to be passed from one network to another. How the data is passed is defined by the routing protocols. As a result, a router is typically known as a Layer 3 device.
n which OSI layer do TCP and UDP function?
a) 1
b) 2
c) 3
d) 4
d) 4
The Transport layer does exactly what its name implies: It provides the mechanisms for carrying data across a network. This layer uses three main mechanisms to accomplish this task: segmentation, service addressing, and error checking. TCP and UDP are Layer 4 protocols.
What OSI layer do switches and bridges use?
a) 1
b) 2
c) 3
d) 4
b) 2
The Data Link layer (Layer 2) connects the data layer to the physical layer so that data can be transmitted across the network. The Data Link layer handles error detection, error correction, and hardware addressing (that is, the address of a network interface card). Switches and bridges are devices that work with the destination MAC addresses to determine where to forward a packet.
What port does SMTP use?
a) 21
b) 23
c) 25
d) 443
c) 25
Simple Mail Transfer Protocol (SMTP) is used to relay and deliver email. It uses TCP port 25.
What port does LDAP use?
a) 25
b) 443
c) 389
d) 3389
c) 389
Lightweight Direct Access Protocol (LDAP) is a common directory service used to locate and access resources on a network. Users TCP port 389.
What type of firewall filters packets based on IP address and ports?
a) packet-filtering
b) circuit-filtering
c) application-level
d) stateful
a) packet-filtering
When you configure a packet-filtering firewall rule, you generally use one or more of the following TCP/IP attributes:
• Source IP addresses
• Destination IP addresses
• IP protocol (telnet, ftp, http, https, etc.)
• Source TCP and UDP ports (e.g., the http protocol runs on TCP port 80)
• Destination TCP and UDP ports
• The inbound firewall network interface
• The outbound firewall network interface
What type of firewall is also known as a proxy server?
a) packet-filtering
b) circuit-filtering
c) application-level
d) stateful
c) application-level
Application-level firewalls (also known as proxy servers) work by performing a deep inspection of application data as it traverses the firewall. Rules are set by analyzing client requests and application responses, and then by enforcing correct application behavior. Application-level firewalls can block malicious activity, log user activity, provide content filtering, and even protect against spam and viruses. Microsoft Internet Security and Acceleration Server is an example of an application-level firewall.
What type of firewall looks at the previous conversations to determine if a packet should enter a network?
a) packet-filtering
b) circuit-filtering
c) application-level
d) stateful
d) stateful
Stateful inspection takes packet filtering to the next level. In addition to examining the header information of the packets traversing the firewall, a stateful inspection firewall considers other factors when determining whether traffic should be permitted across the firewall. Stateful inspection also determines whether a packet is part of an existing session, and that information can be used to decide whether to permit or deny a packet.
What Microsoft technology can verify that a client has the newest Windows updates and has an updated antivirus software package before being allowed access to the network?
a) IPsec
b) NAP
c) SCCM
d) SCOM
b) NAP
Recognizing the need for administrators to have more granular control over what systems connect to a network, Microsoft introduced Network Access Protection (NAP) as part of the Windows Server 2008 operating system. NAP is a solution that allows administrators a more powerful way to control access to network resources. NAP's controls are based on the client computer's identity and whether that computer complies with the configured network governance policies.
What technology can you use to isolate a network of servers so that they cannot interact with other servers?
a) bridge
b) switch
c) router
d) VLAN
d) VLAN
Accordingly, virtual LANs (VLANs) were developed as an alternate solution to deploying multiple routers. VLANs are logical network segments used to create separate broadcast domains, but they still allow the devices on the VLAN to communicate at Layer 2 without requiring a router. VLANs are created by switches, and traffic between VLANs is switched rather than routed, which creates a much faster network connection because a routing protocol isn't needed. Even though the hosts are logically separated, the traffic between them is switched directly as though they were on the same LAN segment.
What type of device looks at a packet and forwards it based on its destination IP address?
a) bridge
b) switch
c) router
d) VLAN
c) router
When a router receives a packet that must be forwarded to a destination host, the router has to determine whether it can deliver the packet directly to the destination host, or whether it needs to forward the packet to another router. To make this determination, the router examines the destination network address.
Which type of routing protocol sends the entire routing table to its neighbors?
a) distance vector
b) link state
c) scalable driven
d) infinity
a) distance vector
Distance vector-based routing protocols require that each router inform its neighbors of its routing table. This is done by sending the entire routing table when the router boots and then resending it at scheduled intervals. Each router takes the updates from its neighboring routers and then updates its own routing table based on this information. RIP is one example of a distance vector-based routing protocol that is supported by Windows Server 2008.
Which type of system detects unauthorized intruders and then takes action to stop them from proceeding?
a) IDS
b) IPS
c) VLAN
d) NAT
b) IPS
An intrusion prevention system (IPS) is similar to an IDS, except that in addition to detecting and alerting, an IPS can also take action to prevent a breach from occurring.
What type of server would you install that would be used to trap a hacker?
a) honeypot
b) NAT
c) IPS
d) IDS
a) honeypot
Honeypots, honey nets, and padded cells are complementary technologies to IDS/IPS deployments. A honeypot is designed to distract hackers from real targets, detect new vulnerabilities and exploits, and learn about the identity of attackers.
What special area serves as a buffer area between the Internet and the internal network and can be used to hold web servers that are accessed from the Internet?
a) DMZ
b) NAT
c) VLAN
d) PLC
a) DMZ
In computer networking, a demilitarized zone (DMZ) is a firewall configuration used to secure hosts on a network segment. In most DMZs, the hosts on the DMZ are connected behind a firewall that is connected to a public network such as the Internet. Another common configuration is to have the firewall connected to an extranet that has connections to customers, vendors, or business partners. DMZs are designed to provide access to systems without jeopardizing the internal network.
How many firewalls would you use to create a sandwich DMZ?
a) 1
b) 2
c) 3
d) 4
b) 2
A sandwich DMZ model uses both an outer firewall and an inner firewall. The outer firewall secures the DMZ network segment from the external (insecure) network. Servers that are meant to be accessed from the external network (such as the Internet) have the appropriate rules configured to permit secure access.
You have several Internet web servers that need to communicate with a SQL server. Where would you place the SQL server?
a) internal network
b) DMZ
c) Internet
d) isolated VLAN
a) internal network
Web servers are the most common servers found in DMZ networks. Accessed via HTTP over port 80 or HTTPS over port 443 for secure access, web servers are commonly Internet-accessible. However, because the SQL server needs more security, it needs to be placed in the internal network.
Which of the following servers would you not place on the DMZ?
a) Internet web server
b) email relay servers
c) email mailbox servers
d) proxy servers
c) email mailbox servers
In computer networking, a DMZ is a firewall configuration used to secure hosts on a network segment. You should place Internet web servers, email relay servers, and reverse proxy servers on a DMZ. SQL servers and mailbox servers should be on the internal networks.
What technology allows a user at home to connect to the corporate network?
a) NAT
b) VPN
c) DMZ
d) PLC
b) VPN
VPN (Virtual Private Network) is a technology that uses encrypted tunnels to create secure connections across public networks such as the Internet. VPNs are commonly used by remote employees for access to the internal network, to create secure network-to-network connections for branch offices or business partner connections, or even to create secure host-to-host connections for additional security and isolation on an internal network. VPNs utilize encryption and authentication to provide confidentiality, integrity, and privacy protection for data.
Which IPsec protocol provides integrity protection for packet headers, data, and user authentication but does not encrypt the data load?
a) AH
b) ESP
c) IKE
d) LDAP
a) AH
Authentication Header (AH) provides integrity protection for packet headers, data, and user authentication. It can optionally provide replay protection and access protection. AH cannot encrypt any portion of packets. For AH to work with NAT, the IP protocol number 51 needs to be allowed across the firewall.
Which type of malware can copy itself and infect a computer without the user's consent or knowledge?
a) virus
b) Trojan horse
c) rootkit
d) backdoor
a) virus
A computer virus is a program that can copy itself and infect a computer without the user's consent or knowledge. Early viruses were usually some form of executable code that was hidden in the boot sector of a disk or as an executable file (that is, a filename with an .exe or .com extension). Later, viruses mutated enough to affect data documents that included macro languages.
What type of self-replicating program copies itself to other computers on a network without any user intervention and consumes bandwidth and computer resources?
a) virus
b) Trojan horse
c) worm
d) backdoor
c) worm
A worm is a self-replicating program that copies itself to other computers on a network without any user intervention. Unlike a virus, a worm does not corrupt or modify files on the target computer. Instead, it consumes bandwidth and processor and memory resources, slowing the system down or causing it to be unusable. Worms usually spread via security holes in operating systems or TCP/IP software implementations.
What malware looks like a useful or desired executable program but is in reality program that is supposed to cause harm to your computer or steal information from your computer?
a) virus
b) Trojan horse
c) worm
d) backdoor
b) Trojan horse
A Trojan horse is an executable program that appears as a desirable or useful program. Because it appears to be desirable or useful, users are tricked into loading and executing it on their systems. After the program is loaded, it might cause a user's computer to become unusable, or it might bypass the user's system security, allowing private information (including passwords, credit card numbers, and Social Security numbers) to be accessible by an outside party. In some cases, a Trojan horse may even execute adware.
What malware collects a user's personal information or details about your browsing habits without your knowledge?
a) virus
b) Trojan horse
c) worm
d) spyware
d) spyware
Spyware is a type of malware that is installed on a computer to collect a user's personal information or details about browsing habits, often without the user's knowledge. Spyware can also install additional software, redirect your web browser to other sites, or change your home page. One example of spyware is the keylogger, which records every key a user presses.
What malware gives administrator-level control over a computer system?
a) rootkit
b) Trojan horse
c) worm
d) spyware
a) rootkit
A rootkit is a software or hardware device designed to gain administrator-level control over a computer system without being detected. Rootkits can target the BIOS, hypervisor, boot loader, kernel, or (less commonly) libraries or applications.
What software component comes with Windows Vista and Windows 7 to defend against spyware?
a) Windows Firewall
b) Windows Defender
c) UAC
d) Windows Anti-virus
b) Windows Defender
Windows Defender is a software product from Microsoft that is intended to prevent, remove, and quarantine spyware in Microsoft Windows. This program helps protect your computer against pop-ups, slow performance, and security threats caused by spyware and other unwanted software by detecting and removing known spyware from your computer.
What do you call a message warning you to delete an essential Windows file?
a) virus hoax
b) keylogger
c) backdoor
d) worm
a) virus hoax
A virus hoax is a message warning recipients of a nonexistent computer virus threat, usually sent as a chain email that tells the recipient to forward it to everyone they know. This is a form of social engineering that plays on people's ignorance and fear.
What server can be used to install Windows updates for your organization?
a) SCOM
b) WSUS
c) IIS
d) WDS
b) WSUS
For corporations, you can also use Windows Server Update Service (WSUS) or System Center Configuration Manager (SCCM) to keep your systems updated. The advantage of using one of these two systems is that it allows you to test the patch, schedule the updates, and prioritize client updates. After you determine a patch is safe, you can enable it for deployment.
What do you call multiple Windows updates that have been packaged together as one installation and are well tested?
a) service packs
b) cumulative packs
c) critical update
d) optional update
a) service packs
A service pack is a tested cumulative set of hotfixes, security updates, critical updates, and updates, as well as additional fixes for problems found internally since the release of the product.
What Windows feature notifies you when something tries to make changes to your computer without your knowledge?
a) WDS
b) NAT
c) Windows Defender
d) UAC
d) UAC
User Account Control (UAC) is a feature that started with Windows Vista and is included with Windows 7. UAC helps prevent unauthorized changes to your computer and, in doing so, helps protect your system from malware.
What host firewall is included with Windows 7?
a) Windows Firewall
b) Windows Defender
c) Microsoft Protector
d) Microsoft Safety Net
a) Windows Firewall
Microsoft recommends that you always use Windows Firewall. However, because some security packages and antivirus packages include their own firewalls, you can choose to run an alternative firewall—but you should use only one firewall.
What do you call unsolicited junk email?
a) spam
b) j-mail
c) junkettes
d) Infected mail
a) spam
Email has become an essential service for virtually every corporation. Unfortunately, much of the email received by company employees consists of unsolicited messages called spam or junk email, some of which can carry malware and may lead to fraud or scams.
What email validation system is designed to stop spam that uses source address spoofing?
a) Foremost Relay System
b) Sender Policy Framework
c) Spam Checking Networking
d) Spoof Checker
b) Sender Policy Framework
Sender Policy Framework (SPF) is an email validation system designed to stop spam that uses source address spoofing. SPF allows administrators to specify in DNS SPF records in the public DNS which hosts are allowed to send email from a given domain. If email for a domain is not sent from a host listed in the DNS SPF, it will be considered spam and blocked.
What do spammers and hackers look for when they want to send email through your network?
a) open SMTP servers
b) open web servers
c) open POP3 servers
d) open FTP servers
a) open SMTP servers
Simple Mail Transfer Protocol (SMTP), one of the primary email protocols, is used to transfer email from one server to another and is responsible for outgoing mail transport. SMTP uses TCP port 25. Although you may think your email servers function only for users to send and retrieve email, they also may be used to relay email. For example, web and application servers may relay email through their email servers, such as when you order something over the Internet and a confirmation email is sent to you.
Which tab in Internet Explorer settings would you use to delete history and cookies?
a) General
b) Privacy
c) Security
d) Advanced
a) General
When you use a browser to access the Internet, you may be revealing personal information and a great deal about your personality. Therefore, you need to take steps to ensure that this information cannot be read or used without your knowledge. A cookie is a piece of text stored by a user's web browser. To clean out history, temporary files, and cookies, open the Internet Options and select the General tab.
Which Internet Explorer zone is the least secure?
a) Internet zone
b) local intranet zone
c) trusted sites zone
d) restricted sites zone
c) trusted sites zone
The trusted sites zone contains sites from which you believe you can download or run files without damaging your system. You can assign sites to this zone. The default security level for the trusted sites zone is Low, which means Internet Explorer will allow all cookies from websites in this zone to be saved on your computer and read by the website that created them. The next least secure is the local intranet, which is configured as Medium-Low.
What technique is used to send you to a fake, but realistic-looking, website to verify your account information?
a) spoofing
b) smurfing
c) man-in-the-middle
d) phishing
d) phishing
Phishing is a technique based on social engineering. With phishing, users are asked (usually through email or websites) to supply personal information in one of two ways:
• By replying to an email asking for their username, password, and other personal information, such as account numbers, PINs, and Social Security number
• By navigating to a convincing-looking website that urges them to supply their personal information, such as passwords and account numbers
______________ is software that is designed to infiltrate or affect a computer system without the owner's informed consent.
malware
Malicious software, sometimes called malware, is software designed to infiltrate or affect a computer system without the owner's informed consent. The term malware is usually associated with viruses, worms, Trojan horses, spyware, rootkits, and dishonest adware. As a network administrator or computer technician, you need to know how to identify malware, remove it, and protect a computer from it.
A _____________ is a program that give someone remote, unauthorized control or a system or initiates an unauthorized task.
backdoor
A backdoor is a program that gives someone remote, unauthorized control of a system or initiates an unauthorized task. Some backdoors are installed by viruses or other forms of malware. Other backdoors may be created by programs on commercial applications or with a customized application made for an organization.
What are the best two things can you to do protect yourself from viruses and other forms of malware?
Keep Windows up-to-date with the newest security updates and use an up-to-date anti-virus software package.
Some viruses, worms, rootkits, spyware, and adware gain access to a system by exploiting security holes in Windows, Internet Explorer, Microsoft Office, or some other software package. Therefore, the first step you should take to protect yourself against malware is to keep your system up-to-date with the latest service packs, security patches, and other critical fixes. Second, use an up-to-date antivirus software package.