Chapter 5 set
Terms in this set (20)
Your organization wants to improve the security posture of internal database servers. Of the
following choices, what provides the BEST solution?
A. Opening ports on a server's firewall
B. Disabling unnecessary services
C. Keeping systems up to date with current patches
D. Keeping systems up to date with current service packs
B. Disabling unnecessary services helps reduce threats, including threats from zero-day
vulnerabilities. It also reduces the threat from open ports on a firewall if the associated services are
disabled, but opening ports won't reduce threats. Keeping systems up to date with patches and
service packs protects against known vulnerabilities and is certainly a good practice. However, by
definition, there aren't any patches or service packs available for zero-day vulnerabilities.
You need to monitor the security posture of several servers in your organization and keep a security
administrator aware of their status. Which of the following tasks will BEST help you meet this goal?
A. Establishing baseline reporting
B. Determining attack surface
C. Implementing patch management
D. Enabling sandboxing
A. Establishing baseline reporting processes allows you to monitor the systems and identify any
changes from the baseline that might affect their security posture. You would determine the attack
surface prior to establishing a baseline. Patch management is important, but it doesn't monitor the
overall security posture of systems. Sandboxing allows you to isolate systems for testing, but isn't
used for online production systems.
Maggie is compiling a list of approved software for desktop operating systems within a company.
What is the MOST likely purpose of this list?
A. Host software baseline
B. Baseline reporting
C. Application configuration baseline
D. Code review
A. A host software baseline (also called an application baseline) identifies a list of approved
software for systems and compares it with installed applications. Baseline reporting is a process that
monitors systems for changes and reports discrepancies. An application configuration baseline
identifies proper settings for applications. A code review looks at the actual code of the software,
and doesn't just create a list.
Your organization wants to ensure that employees do not install or play operating system games,
such as solitaire and FreeCell, on their computers. Which of the following is the BEST choice to
A. Security policy
B. Application whitelisting
C. Anti-malware software
D. Antivirus software
B. Application whitelisting identifies authorized applications and prevents users from installing or
running any other applications. Alternately, you can use a blacklist to identify specific applications
that cannot be installed or run on a system. A security policy (such as an acceptable use policy) can
state a rule to discourage this behavior, but it doesn't enforce the rule by preventing users from
installing or running the software. Anti-malware software and antivirus software can detect and block
malware, but not applications.
An IT department recently had its hardware budget reduced, but the organization still expects them
to maintain availability of services. Of the following choices, what would BEST help them maintain
availability with a reduced budget?
A. Failover clusters
B. Virtualization provides increased availability because it is much easier to rebuild a virtual
server than a physical server after a failure. Virtualization supports a reduced budget because virtual
servers require less hardware, less space in a data center, less power, and less heating and air
conditioning. Failover clusters are more expensive. Bollards are physical barriers that block
vehicles. Hashing provides integrity, not availability.
You are preparing to deploy a new application on a virtual server. The virtual server hosts another
server application that employees routinely access. Which of the following is the BEST method to use
when deploying the new application?
A. Take a snapshot of the VM before deploying the new application.
B. Take a snapshot of the VM after deploying the new application.
C. Apply blacklisting techniques on the server for the new applications.
D. Back up the server after installing the new application.
A. Taking a snapshot of the virtual machine (VM) before deploying it ensures that the VM can be
reverted to the original configuration if the new application causes problems. Taking a snapshot after
the installation doesn't allow you to revert the image. Blacklisting prevents an application from
running, so it isn't appropriate for a new application deployed on a server. Backing up the server
might be appropriate before installing the new application but not after.
A recent risk assessment identified several problems with servers in your organization. They
occasionally reboot on their own and the operating systems do not have current security fixes.
Administrators have had to rebuild some servers from scratch due to mysterious problems. Which of
the following solutions will mitigate these problems?
D. Patch management
D. Patch management procedures ensure that systems are kept up to date with current security fixes
and patches and help eliminate problems with known attack methods. The scenario indicates that
these systems have been attacked, exploiting the vulnerabilities caused by not patching them.
Virtualization will have the same problems if the systems are not kept up to date. Sandboxing isolates
systems for testing, but there isn't any indication these servers should be isolated. An intrusion
detection system (IDS) might identify some attacks, but the systems will still be exploited if they
Administrators ensure server operating systems are updated at least once a month with relevant
patches, but they do not track other software updates. Of the following choices, what is the BEST
choice to mitigate risks on these servers?
A. Application change management
B. Application patch management
C. Whole disk encryption
D. Application hardening
B. Application patch management practices ensure that applications are kept up to date with
relevant patches, similar to how the operating systems are kept up to date with patches. Application
change management helps control changes to the applications. Whole disk encryption helps protect
confidentiality, but is unrelated to this question. Application hardening secures the applications when
they are deployed, but doesn't keep them up to date with current patches.
Homer noticed that several generators within the nuclear power plant have been turning on without
user interaction. Security investigators discovered that an unauthorized file was installed and causing
these generators to start at timed intervals. Further, they determined this file was installed during a
visit by external engineers. What should Homer recommend to mitigate this threat in the future?
A. Create an internal CA.
B. Implement WPA2 Enterprise.
C. Implement patch management processes.
D. Configure the SCADA within a VLAN.
D. The generators are likely controlled within a supervisory control and data acquisition (SCADA)
system and isolating them within a virtual local area network (VLAN) will protect them from
unauthorized access. An internal certificate authority (CA) issues and manages certificates within a
Public Key Infrastructure (PKI), but there isn't any indication certificates are in use. Wi-Fi Protected
Access II (WPA2) secures wireless networks, but doesn't protect SCADA networks. Patch
management processes help ensure systems are kept up to date with patches, but this doesn't apply in
Your company has recently provided mobile devices to several employees. A security manager
has expressed concerns related to data saved on these devices. Which of the following would BEST
address these concerns?
A. Disabling the use of removable media
B. Installing an application that tracks the location of the device
C. Implementing a BYOD policy
D. Enabling geo-tagging
A. Disabling the use of mobile media on the devices will reduce the potential of data loss from
these devices. It would make it more difficult to copy data to and from the devices. Tracking the
location won't affect data. The devices are provided by the company, so a bring your own device
(BYOD) policy isn't relevant. Geo-tagging only refers to geographic location information attached to
pictures posted on social media sites
Which of the following is the MOST likely negative result if administrators do not implement
access controls correctly on an encrypted USB hard drive?
A. Data can be corrupted.
B. Security controls can be bypassed.
C. Drives can be geo-tagged.
D. Data is not encrypted
B. If access controls are not implemented correctly, an attacker might be able to bypass them and
access the data. The incorrect implementation of the access controls won't corrupt the data. Files
such as pictures posted on social media can be geo-tagged, but this is unrelated to a hard drive. The
scenario says the drive is encrypted, so the data is encrypted.
Your company provides electrical and plumbing services to homeowners. Employees use tablets
during service calls to record activity, create invoices, and accept credit card payments. Which of the
following would BEST prevent disclosure of customer data if any of these devices are lost or stolen?
A. Mobile device management
B. Disabling unused features
C. Remote wiping
D. GPS tracking
C. Remote wiping sends a signal to a device and erases all data, which would prevent disclosure
of customer data. Mobile device management helps ensure devices are kept up to date with current
patches. Disabling unused features is a basic hardening step for mobile devices, but doesn't help if
the device is lost. Global positioning system (GPS) tracking helps locate the device, but doesn't
necessarily prevent data disclosure if the device cannot be retrieved.
Key personnel in your organization have mobile devices, which store sensitive information. What
can you implement to prevent data loss from these devices if a thief steals one?
A. Asset tracking
B. Screen lock
C. Mobile device management
D. GPS tracking
B. A screen lock helps prevent data loss in the event of theft of a mobile device storing sensitive
information. Other security controls (not listed as answers in this question) that help prevent loss of
data in this situation are account lockouts, full device encryption, and remote wipe capabilities. Asset
tracking is an inventory control method. Mobile device management helps keep systems up to date
with current patches. Global positioning system (GPS) tracking helps locate the device.
Which of the following represents a primary security concern when authorizing mobile devices on
A. Cost of the device
D. Data security
D. Protecting data is a primary security concern when authorizing mobile devices on a network,
often because mobile devices are more difficult to manage. The cost of the devices is trivial when
compared with the cost of other network devices and the value of data. Compatibility issues aren't a
major concern and typically only affect the ability to use an application. Virtualization techniques can
be used with mobile devices allowing users to access virtual desktops, but these enhance security.
Your company is planning on implementing a policy for users so that they can connect their mobile
devices to the network. However, management wants to restrict network access for these devices.
They should have Internet access and be able to access some internal servers, but management wants
to ensure that they do not have access to the primary network where company-owned devices operate.
Which of the following will BEST meet this goal?
A. WPA2 Enterprise
D. A virtual local area network (VLAN) provides network segmentation and can prevent
employee owned devices from accessing the primary network. WPA2 Enterprise provides strong
security for the devices by ensuring they authenticate through an 802.1x server, but this doesn't
segment them on a separate network. A virtual private network (VPN) allows remote employees to
connect to a private network, but is unrelated to this question. A global positioning system (GPS) is
useful for locating lost devices but not segmenting network traffic.
Your organization hosts a web site with a back-end database. The database stores customer data,
including credit card numbers. Which of the following is the BEST way to protect the credit card
A. Full database encryption
B. Whole disk encryption
C. Database column encryption
D. File-level encryption
C. Database column (or field) encryption is the best choice because it can be used to encrypt the
fields holding credit card data, but not fields that don't need to be encrypted. Full database encryption
and whole disk encryption aren't appropriate because everything doesn't need to be encrypted to
protect the credit card data. File-level encryption isn't appropriate on a database and will often make
it inaccessible to the database application.
Bart copied an encrypted file from his desktop computer to his USB drive and discovered that the
copied file isn't encrypted. He asks you what he can do to ensure files he's encrypted remain
encrypted when he copies them to a USB drive. What would you recommend as the BEST solution to
A. Use file-level encryption.
B. Convert the USB to FAT32.
C. Use whole disk encryption on the desktop computer.
D. Use whole disk encryption on the USB drive.
D. The best solution is to use whole disk encryption on the USB drive. The scenario indicates
Bart is using file-level encryption (such as NTFS encryption) on the desktop computer, but the USB
drive doesn't support it, possibly because it's formatted as a FAT32 drive. The result is that the
system decrypts the file before copying it to the USB drive. Another solution is to convert the USB to
NTFS. Whole disk encryption on the desktop computer wouldn't protect files copied to the USB
You are comparing different encryption methods. Which method includes a storage root key?
D. A Trusted Platform Module (TPM) includes a storage root key. The TPM generates this key
when a user activates the TPM. A hardware security module (HSM) uses RSA keys, but not a storage
root key. NT File System (NTFS) supports encryption with Encrypting File System (EFS). A virtual
storage area network (VSAN) is a virtualization technique, and it doesn't provide encryption.
Management wants to ensure that employees do not print any documents that include customer PII.
Which of the following solutions would meet this goal?
D. A data loss prevention (DLP) solution can limit documents sent to a printer to be printed using
content filters. A hardware security module (HSM) and a Trusted Platform Module (TPM) both
provide full disk encryption, but cannot block documents sent to a printer. A virtual local area
network (VLAN) segments traffic, but isn't selective about documents sent to a printer.
Of the following choices, which one is a cloud computing option that allows customers to apply
patches to the operating system?
A. Hybrid cloud
B. Software as a Service
C. Infrastructure as a Service
C. Infrastructure as a Service (IaaS) is a cloud computing option where the vendor provides
access to a computer, but customers must manage the system, including keeping it up to date with
current patches. A hybrid cloud is a combination of a public cloud and a private cloud. Software as a
Service (SaaS) provides access to applications, such as email. An IaaS solution can be public,
private, or a hybrid solution.