Which of the following is the one example of verifying new software changes on a test system?

When it comes to information security, what is the I in CIA? (CH1)

A user receives an e-mail but the e-mail client software says that the digital signature is invalid and the sender of the e-mail cannot be verified. The would-be recipient is concerned about which of the following concepts? (CH1)

What does the A in CIA stand for when it comes to IT security? (CH1)

What individual uses code with little knowledge of how it works? (CH1)

What is the greatest risk when it comes to removable storage? (CH1)

When is a system completely secure? (CH1)

Cloud environments often reuse the same physical hardware (such as hard drives) for multiple customers. These hard drives are used and reused when customer virtual machines are created and deleted over time. What security concern does this bring up implications for? (CH1)

Tom sends out many e-mails containing secure information to other companies. What concept should be implemented to prove that Tom did indeed send the e-mails? (CH1)

To protect against malicious attacks, what should you think like? (CH1)

You are developing a security plan for your organization. Which of the following is an example of a physical control? (CH1)

Confidentiality, Integrity, Availability (CIA)

In information security, what are the three main goals? (CH1)

What is idea of ensuring that a person or group cannot refute the validity of your proof against them? (CH1)

What is the building up and layering of security measures that protect data from inception, on through storage and network transfer, and lastly to final disposal? (CH1)

What is an individual with little technical skill that reuses code and scripts that are freely available on the Internet? (CH1)

What is an attacker who has an agenda that may or may not be benign? (CH1)

A criminal enterprise run by well-funded and sophisticated people motivated mainly by money, using computer systems and hacking techniques to gain access to company information and secrets. (CH1)

Advanced persistent threat (APT)

A set of computer-attacking processes that targets private organizations or nation states. Also refers to a group (often a government) that persistently targets a specific entity. (CH1)

Dan is a network administrator. One day he notices that his DHCP server is flooded with information. He analyzes it and finds that the information is coming from more than 50 computers on the network. Which of the following is the most likely reason? (CH2)

Which of the following is not an example of malicious software? (CH2)
a) Rootkits b) Spyware c) Virsuses d) Broswer

Which type of malware does not require a user to execute a program to distribute the software? (CH2)

Whitelisting, blacklisting, and closing open relays are all mitigation techniques addressing what kind of threat? (CH2)

How do most network-based viruses spread? (CH2)

Worms self-replicate but Trojan horses do not.

What defines the difference between a Trojan horse and a worm? (CH2)

Which virus hides its code to mask itself? (CH2)

What type of malware appears to the user as legitimate but actually enables unauthorized access to the user's computer? (CH2)

a) Technical support resources are consumed by increased user calls c) Users are tricked into changing the system configuration.

Which of the following would be considered detrimental effects of a virus hoax? (CH2)
a) Technical support resources are consumed by increased user calls. b) Users are at risk for identity theft. c) Users are tricked into changing the system configuration. d) The e-mail server capacity is consumed by message traffic.

One of your co-workers complains of very slow system performance and says that a lot of antivirus messages are being displayed. The user admits to recently installing pirated software and downloading and installing an illegal keygen to activate the software. What type of malware has affected the user's computer? (CH2)

One of your users was not being careful when browsing the Internet. The user was redirected to a warez site where a number of pop-ups appeared. After clicking one pop-up by accident, a drive-by download of unwanted software occurred. What does the download most likely contain? (CH2)

You are the security administrator for your organization and have just completed a routine server audit. You did not notice any abnormal activity. However, another network security analyst finds connections to unauthorized ports from outside the organization's network. Using security tools, the analyst finds hidden processes that are running on the server. Which of the following has most likely been installed on the server? (CH2)

A group of compromised computers that have software installed by a worm or Trojan is known as which of the following? (CH2)

What computer security threat can be updated automatically and remotely? (CH2)

DDoS, or distributed denial-of-service, attack uses multiple computers to make its attack, usually perpetuated on a server.

Which type of attack uses more than one computer? (CH2)

A logic bomb is a malicious attack that executes at a specific time.

What is a malicious attack that executes at the same time every week? (CH2)

Active interception normally includes a computer placed between the sender and the receiver to capture information.

Which of these is a true statement concerning active interception? (CH2)
a) When a computer is put between a sender and receiver b) When a person overhears a conversation c) When a person looks through files d) When a person hardens an operating system

The computer is probably now part of a botnet. The reason the system is running slowly is probably due to the fact that there are hundreds of outbound connections to various websites.

A user complains that they were browsing the Internet when the computer started acting erratically and crashed. You reboot the computer and notice that performance is very slow. In addition, after running a netstat command you notice literally hundreds of outbound connections to various websites, many of which are well-known sites. Which of the following has happened? (CH2)

You should use a recovery environment. Many manufacturers suggest using this, and more specifically Safe Mode.

You have been given the task of scanning for viruses on a PC. What is the best method for doing this? (CH2)

Pop-up windows are common to spyware.

What is a common symptom of spyware? (CH2)

Malware scanners can locate rootkits and other types of malware. These types of scanners are often found in anti-malware software from manufacturers such as McAfee, Symantec, and so on.

Which of the following types of scanners (adware, malware, etc.) can locate a rootkit on a computer? (CH2)

The chain messages are e-mails (similar to the archaic chain letter) that are being spammed on the network. Therefore, anti-spam security controls need to be implemented.

You are the network administrator for a small organization without much in the way of security policies. While analyzing your servers' performance you find various chain messages have been received by the company. Which type of security control should you implement to fix the problem? (CH2)

Software designed to infiltrate a computer system and possibly damage it without the user's knowledge or consent (CH2)

Code that runs on a computer without the user's knowledge; it infects the computer when the code is accessed and executed. (CH2)

Self-replicating code that runs on a computer without the user's knowledge. (CH2)

An application that appears to perform desired functions but is actually performing malicious functions behind the scenes. (CH2)

Remote access Trojan (RAT)

A type of Trojan used to gain back-end access to a server, taking control of it, often for malicious purposes. (CH2)

A type of malware that restricts access to a computer system and demands a ransom be paid to restore access. (CH2)

A type of malicious software either downloaded unwittingly from a website or installed along with some other third-party software.

Type of spyware that pops up advertisements based on what it has learned about the user. (CH2)

A general term used to describe applications that are behaving improperly but without serious consequences; often describes types of spyware. (CH2)

A type of software designed to gain administrator-level control over a computer system without being detected. (CH2)

The abuse of electronic messaging systems such as e-mail, broadcast media, and instant messaging. (CH2)

The method a threat uses to gain access to a target computer. (CH2)

The path or means by which an attacker gains access to a computer. (CH2)

Also called URL hijacking, a method used by attackers that takes advantage of user typos when accessing websites. Instead of the expected website, the user ends up at a website with a similar name but often malicious content. (CH2)

A group of compromised computers used to distribute malware across the Internet; the members are referred to as "bots" and are usually zombies. (CH2)

An individual compromised computer in a botnet. (CH2)

Normally refers to placing a computer between the sender and the receiver in an effort to capture and possibly modify information. (CH2)

The act of exploiting a bug or design flaw in a software or firmware application to gain access to resources that normally would've been protected from an application or user. (CH2)

Used in computer programs to bypass normal authentication and other security mechanisms in place. (CH2)

Code that has, in some way, been inserted into software; it is meant to initiate some type of malicious function when specific criteria are met. (CH2)

A Trojan programmed to set off on a certain date. (CH2)

Also known as an SMTP open relay, enables anyone on the Internet to send e-mail through an SMTP server. (CH2)

Host-based intrusion detection systems (HIDSs) run within the operating system of a computer. Because of this, they can slow a computer's performance. Most HIDS do not detect network attacks well (if at all). However, a HIDS can detect operating system attacks and will usually have a high level of detection for those attacks.

What are some of the drawbacks to using a Host-based intrusion detection system (HIDS) instead of a NIDS on a server? (Select the two best answers.) (CH3)
a) A HIDS may use a lot of resources, which can slow server performance. b) A HIDS cannot detect operating system attacks. c) A HIDS has a low level of detection of operating system attacks. d) A HIDS cannot detect network attacks.

When using an IDS, particular types of traffic patterns refer to signature-based IDS.

Your manager wants you to implement a type of intrusion detection system (IDS) that can be matched to certain types of

. What kind of IDS is this? (CH3)

To meet regulations, a properly configured host-based firewall will be required on the computers that will be transacting business by credit card over the Internet.

You oversee compliance with financial regulations for

. You need to block out certain

on the

that do these transactions. What should you implement to best achieve your goal? (CH3)

The USB mass storage device would be the most likely asset to be considered for data loss prevention (DLP). It's the only device listed in the answers that should have any real organizational data!

Which of the following would most likely be considered for data-loss prevention (DLP)? (CH3)
a) proxy server b) print server c) USB storage device d) application server content

Configuring a supervisor password in the BIOS disallows any other user to enter the BIOS and make changes. Also, setting the hard drive first in the BIOS boot order disables any other devices from being booted off, including floppy drives, optical drives, and USB flash drives.

What are two ways to secure the computer within the BIOS? (CH3)

By disabling all USB devices in the BIOS, a user cannot use his flash drive. Also, the user cannot use the device if you disable the USB root hub within the operating system.

What are the two ways in which you can stop employees from using USB flash drives? (CH3)

A TPM, or trusted platform module, is a chip that resides on the motherboard of the laptop. It generates cryptographic keys that allow the entire disk to be encrypted, as in full disk encryption (FDE) and does not require additional hardware.

You are tasked with implementing a solution that encrypts the CEO's laptop. However, you are not allowed to purchase additional hardware or software. Which of the following solutions should you implement? (CH3)
a) HSM (hardware security module) b) TPM (trusted platform module) c) HIDS (host-based intrusion detection system) d) USB encryption

Bluesnarfing and bluejacking are the names of two common Bluetooth threats.

What are two common Bluetooth threats? (CH3)

A password should be set on the phone, and the phone should lock after a set period of time. When the user wants to use the phone again, the user should be prompted for a password.

To mitigate risks when users access company e-mail with their smartphone, what security policy should be implemented? (CH3)

Device encryption is the best solution to protect the confidentiality of data. By encrypting the data, it makes it much more difficult for a malicious person to make use of the data.

You are the security administrator for your organization. You want to ensure the confidentiality of data on mobile devices. What is the best solution? (CH3)

If the device has been lost and you need to be 100% sure that data cannot be retrieved from it, then you should remotely sanitize (or remotely "wipe") the device. This removes all data to the point where it cannot be reconstructed by normal means.

A smartphone has been lost. You need to ensure 100% that no data can be retrieved from it. What should you do? (CH3)

Geotagging is a concern based on a user taking pictures with a mobile device such as a smartphone. This is because the act of geotagging utilizes GPS, which can give away the location of the user.

What is a common concern based on a user taking pictures with a smartphone? (CH3)

Remote wipe and encryption are the best methods to protect a stolen device's confidential or sensitive information.

A smartphone is an easy target for theft. What are the two best methods to protect the confidential data on the device? (CH3)

When encrypting a smartphone, the security administrator should encrypt internal memory and any long-term storage such as removable media cards.

Carl is the security administrator for a transportation company. What two parts of the phone should he encrypt to protect the data on the smartphone? (CH3)

By implementing individual file encryption (such as EFS) on files that are stored on a disk encrypted with whole disk encryption, the files will remain encrypted (through EFS) even if they are copied to a separate drive that does not use whole disk encryption.

What is an advantage of implementing individual file encryption on a hard drive that already uses whole disk encryption? (CH3)

Host-based intrusion detection system (HIDS)

A type of system loaded on an individual computer that analyzes and monitors what happens inside that computer—for example, if any changes have been made to file integrity. (CH3)

An application that protects an individual computer from unwanted Internet traffic; it does so by way of a set of rules and policies. (CH3)

An application or add-on to a web browser that blocks pop-up windows that usually contain advertisements. (CH3)

Ways of blocking and

out unwanted advertisements; pop-up blockers and content filters are considered to be __ _________ methods. (CH3)

Individual computer programs that block external files that use JavaScript or images from loading into the browser. (CH3)

A set of code and functions, usually embedded into a trusted platform module, that allows or denies tasks such as booting and drive encryption. (CH3)

Takes

of the secure

, signs those results with a TPM, and reports those measurements to a trusted third party such as a remote attestation service. (CH3)

The act of verifying whether a process is secure; for example, the secure boot process of a UEFI-based system. (CH3)

Security

put in place to protect the data residing on USB flash drives and other

, and to protect the systems that they connect to. (CH3)

When a system or component (such as a RAID array) is continuously operational for an extended period of time. The component should have an average 99.9% uptime or higher. (CH3)

Self-encrypting drive (SED)

Hard drives that encrypt all of the contents held within using encryption keys that are maintained independently from the CPU of the housing computer. (CH3)

Hardware security module (HSM)

A physical device that deals with the encryption of authentication processes, digital signings, and payment processes.

The sending of unsolicited messages to Bluetooth-enabled devices such as mobile phones and tablets. (CH3)

The unauthorized access of information from a wireless device through a Bluetooth connection. (CH3)

When two or more networks have a relationship where users from one network can gain access to resources on the other. (CH3)

A method of restricting users to specific allowed applications. (CH3)

A method of disallowing one or more applications from use. (CH3)

A clear separation of organizational and personal information, applications, and other content. (CH3)

Mobile device management (MDM)

A centralized software solution that allows for the control and configuration of mobile devices. (CH3)

The loading of third-party apps from a location outside of the official application store for that device. Can occur either by direct Internet connection (usually disabled by default), by connecting to a second mobile device via USB OTG or Bluetooth, or by copying apps directly from a microSD card. (CH3)

The Network and Sharing Center is where you can disable file sharing in Windows. It can be accessed indirectly from the Control Panel as well.

Where would you turn off file sharing in Windows? (CH4)

To hide bootmgr, you either need to click the radio button for Don't Show Hidden Files, Folders, or Drives or enable the Hide Protected Operating System Files checkbox.

Which option enables you to hide the bootmgr file? (CH4)

Two ways to harden an operating system include installing the latest updates and installing Windows Defender.

What should be implemented to harden an operating system? (CH4)

New Technology File System (NTFS) is the most secure file system for use with today's Windows.

What is the best (most secure) file system to use in Windows? (CH4)

The 'convert' command is used to upgrade FAT and FAT32 volumes to the more secure New Technology File System (NTFS) without loss of data. HPFS is the High Performance File System developed by IBM and is not used by Windows. ext4 is the fourth extended filesystem used by Linux.

A customer's SD card uses FAT32 as its file system. What file system can you upgrade it to when using the 'convert' command? (CH4)

The New Technology File System (NTFS) and FAT32 support the

, so this is not an advantage of NTFS.

What is not an advantage of NTFS over FAT32? (CH4)

The System State needs to be backed up on a domain controller to recover the Active Directory database in the future. The System State includes

but does not include the entire operating system.

What needs to be backed up on a domain controller to recover Active Directory? (CH4)

A patch can fix a single security issue on a computer.

What should you implement to fix a single security issue on the computer? (CH4)

Disabling unnecessary services. By conducting an analysis of which services are necessary and which are unnecessary, an administrator can find out which ones need to be disabled, thereby reducing the attack surface.

An administrator wants to reduce the size of the attack surface of a Windows Server. What is the best action to accomplish this? (CH4)

Patch management is an example of verifying any new changes in software on a test system (or live systems for that matter). Verifying the changes (testing) is the second step of the

.

What is one example of verifying new software changes on a test system? (CH4)

Updating the host-based intrusion prevention system (HIPS) is important. Without the latest signatures, the HIPS will not be at its best when it comes to protecting against malware. Also, disabling unused services will reduce the attack surface of the OS, which in turn makes it more difficult for attacks to access the system and run malicious code.

You have been tasked with protecting an operating system from malicious software. What two steps should you take? (CH4)

The best way to establish host-based security for your organization's workstations is to implement GPOs (Group Policy objects). When done properly from a server, this can harden the operating systems in your network, and you can do it from a central location without having to configure each computer locally.

You are attempting to establish host-based security for your organization's workstations. Which of the following is the

way to do this? (CH4)

Of the answers listed, the only one that will

show the version number is wf.msc. That brings up the

.

In Windows, which of the following commands will not show the version number? (CH4)
a) Systeminfo b) Wf.msc c) Winver d) Msinfo32.exe

By using a virtual machine (which is one example of a virtual instance), any ill effects can be compartmentalized to that particular virtual machine, usually without any ill effects to the main operating system on the computer.

Virtualization technology is often implemented as operating systems and applications that run in software. Often, it is implemented as a virtual machine. What can be a security benefit when using virtualization? (CH4)

Virtualization

enables a person to install operating systems (or applications) in an isolated area of the computer's hard drive, separate from the computer's main operating system.

Eric wants to install an isolated operating system. What is the best tool to use? (CH4)

The biggest risk of running a virtual computer is that it will go offline immediately if the server that it is housed on fails.

What is the deadliest risk of a virtual computer? (CH4)

The beauty of a virtualized browser is that regardless of whether a virus or other malware damages it, the underlying operating system will remain unharmed.

Virtualized browsers can protect the OS that they are installed within from which of the following? (CH4)

Virtualization of computer servers enables a network administrator to isolate the various network services and roles that a server may play.

Which of the following is a security reason to implement virtualization in your network? (CH4)

If you migrate some of these low-resource servers to a virtual environment (a very smart thing to do), you could end up spending more on licensing, but less on hardware, due to the very nature of virtualization. In fact, the goal is to have the gains of hardware savings outweigh the losses of licensing.

During an audit of your servers, you have noticed that most servers have large amounts of free disk space and have low memory utilization. What is a benefit of migrating some of the servers to a virtual environment? (CH4)

The act of configuring an OS securely, updating it, creating rules and policies to help govern the system in a secure manner, and removing unnecessary applications and services. (CH4)

When a computer is configured to only allow required functions, applications, services, ports, and protocols. (CH4)

Trusted Operating System (TOS)

A system that adheres to criteria for multilevel security and meets government regulations. (CH4)

Originally defined as a patch to an individual OS or application to fix a single problem, installed live while the system was up and running, and without a reboot necessary. However, this term has changed over time and varies from vendor to vendor. (CH4)

The planning, testing, implementing, and auditing of patches. (CH4)

Used in Microsoft environments to govern user and computer accounts through a set of rules. (CH4)

Groups of policies that can be loaded in one procedure. (CH4)

The process of measuring changes in networking, hardware, software, and so on. (CH4)

The creation of a virtual entity, as opposed to a true or actual entity. (CH4)

An operating system (or application) created by virtual machine software that runs within a hosting operating system. (CH4)

The portion of virtual machine software that allows multiple virtual operating systems (guests) to run at the same time on a single computer. (CH4)

Application containerization

A virtualization method that allows an organization to run applications without launching an entire virtual machine. Also known simply as containerization. (CH4)

When a user (or malware) is able to break out of a VM's isolation (or lack thereof) and gain access to the hosting computer. (CH4)

Also known as VM sprawl, when there are too many VMs for an administrator to manage effectively. (CH4)

Alt+F4 is the key combination that is used to close an active window.

What key combination should be used to close a pop-up window? (CH5)

SPA (Secure Password Authentication) is a Microsoft protocol used to authenticate e-mail clients.

Which protocol can be used to secure the e-mail login from an Outlook client using POP3 and SMTP? (CH5)

By increasing the Internet zone security level to High, you employ the maximum safeguards for that zone. ActiveX controls can be used for malicious purposes; disabling them makes it so that they do not show up in the browser.

What are two ways to secure a Microsoft-based web browser? (CH5)

Cookies, which can be used for authentication and session tracking and can be read as plain text, should be removed. They can be used by spyware and can track people without their permission.

As part of your user awareness training, you recommend that users remove which of the following when they finish accessing the Internet? (CH5)

To have the capability to run Java applets, a web browser must have that option enabled in the settings.

What is needed to run Java applets? (CH5)

A tracking cookie will be used, or misused, by spyware in an attempt to access a user's activities. Tracking cookies are also known as

or

, or simply cookies.

In an attempt to collect information about a user's activities, what will be used by spyware? (CH5)

In general, the user should click the padlock in the browser; this will show the certificate information.

How can you train a user to easily determine whether a web page has a valid security certificate? (CH5)

The windows that are being displayed are most likely pop-ups. Standard pop-up blockers will prevent most of these.

You are the security administrator for a multimedia development company. Users are constantly searching the Internet for media, information, graphics, and so on. You receive complaints from several users about unwanted windows appearing on their displays. What should you do? (CH5)

Anti-spyware applications

can be used to trigger security alerts in case a user's web browser accesses a web page that includes a tracking cookie.

What will allow the triggering of a security alert because of a tracking cookie? (CH5)

Configuration management encompasses application patch management and other ways of hardening an OS or application.

What process encompasses application patch management? (CH5)

Input validation is the best practice to use when coding applications.

To code applications in a secure manner, what is the best practice to use? (CH5)

You should employ application hardening. This means

and in general,

of the application securely.

Many third-party programs have security settings disabled by default. What should you as the security administrator do before deploying new software? (CH5)

Heaps and stacks are data structures that can be affected by buffer overflows. The buffer overflow might be initiated by certain inputs and can be prevented by bounds checking.

Heaps and stacks can be affected by which of the following attacks? (CH5)

Backdoors were originally created to ease administration. However, attackers quickly found that they could use these backdoors for a malicious attack.

What programming concept can ease administration but can be the victim of a malicious attack? (CH5)

When a web script runs in its own environment for the express purpose of not interfering with other processes, it is known as running in a

or VM.

What is it known as when a web script runs in its own environment and does not interfere with other processes? (CH5)

A gray-box test is when you are given limited information about the system you are testing.

An organization hires you to test an application that you have limited knowledge of. You are given a login to the application but do not have access to source code. What type of test are you running? (CH5)

This is a case of

the attacker was attempting to gain access to the password file within the /etc directory.

You check the application log of your web server and see that someone attempted unsuccessfully to enter the text below into an HTML form field. Which attack was attempted? (CH5)
"test; etc/passwd"

A buffer overflow can be initiated when a string variable is not programmed correctly—for example, if the variable allows for more than the standard amount of bytes.

An attacker takes advantage of a vulnerability in programming that allows the attacker to copy more than 16 bytes to a standard 16-byte variable. Which attack is being initiated? (CH5)

Input validation is the best way to prevent SQL injection attacks on web servers and database servers (or combinations of the two).

What's the best way to prevent SQL injection attacks on web applications? (CH5)

Cross-site scripting (XSS) can be initiated on web forms or through e-mail. It often uses JavaScript to accomplish its means.

What attack uses a JavaScript image tag in an e-mail? (CH5)

Of the listed answers, secure code review should happen first in the software development life cycle (SDLC).

Which of the following should occur first when developing software? (CH5)
a) Fuzzing b) Penetration testing c) Secure code review d) Patch management

Which statement are the example of application hardening techniques?

Which of the following should you implement to fix a single security issue on the computer?

Which of the following are examples of virtualization select the three best answers?

Which of the following is a security benefit of virtualization?