True/False
Indicate whether the
statement is true or false.
|
|
|
1.
|
Antivirus software, once installed, will always catch all viruses.
|
|
|
2.
|
Some spyware is adware therefor all adware is spyware.
|
|
|
3.
|
Passwords are the most stringent form of authentication.
|
|
|
4.
|
The main difference between a worm and a virus is that a worm does not require a
host file to propagate.
|
|
|
5.
|
A local password policy applies when a user is logged into the local
machine.
|
Multiple Choice
Identify the
choice that best completes the statement or answers the question.
|
|
|
6.
|
This form of social engineering is often orchestrated by someone who knows you
are angry or arguing with another person. They set it up so they can be the hero.
a. | Heroism | c. | Creating trust | b. | Creating mistrust | d. | Hero complex |
|
|
|
7.
|
This is a file that tracks your website preferences and usage
a. | Cookie | c. | Trojan | b. | Sandwich | d. | Virus |
|
|
|
8.
|
This is a common name for a program that can replicate itself, has no useful
purpose, and often destroys things in the process.
a. | Malware | c. | Trojan | b. | Adware | d. | Virus |
|
|
|
9.
|
This monitors actions on a system and sends that information back to its
originating source
a. | Spyware | c. | Trojan | b. | Adware | d. | Virus |
|
|
|
10.
|
A friend gives you a program to install that sends random jokes to your screen.
It looks fun and legit. A few days later your computer starts acting strange. Your CD tray opens and
closes every now and again. You also notice you’re getting more spam. What might this
be?
a. | Spyware | c. | Grayware | b. | Adware | d. | Trojan Horse |
|
|
|
11.
|
You’ve been researching car stereos lately. Today it seems like every site
you visit has a popup related to music, cars, stereos, and MP3 players. What should you do?
a. | Enable pop up blocker | c. | Check your system for adware | b. | Check your system
for Trojans | d. | Reinstall your
OS |
|
|
|
12.
|
This is a form of social engineering that tricks people into providing passwords
or other private information through an email and/or spoofed website.
a. | Dumpster diving | c. | Phishing | b. | Piggybacking | d. | Shoulder
surfing |
|
|
|
13.
|
All of a sudden a bunch of company secrets have been posted in the Internet. The
boss is livid, and the stocks are falling. When the culprits were caught, they found a bunch of CDs
and even an old hard drive in their “lair” of evil. What is the most likely way they
obtained this information?
a. | Dumpster diving | c. | Phishing | b. | Piggybacking | d. | Shoulder
surfing |
|
|
|
14.
|
This is a form of social engineering that tricks people into allowing an
unauthorized person into a building or secure area.
a. | Dumpster diving | c. | Phishing | b. | Piggybacking | d. | Shoulder
surfing |
|
|
|
15.
|
This is a form of social engineering that tricks people into allowing an
unauthorized person into a building or secure area or giving private information when a person
pretends to be someone he/she is not.
a. | Masquerading | c. | Phishing | b. | Piggybacking | d. | Shoulder
surfing |
|
|
|
16.
|
Which would be the best countermeasure against social engineering?
a. | Strong policies | c. | Secure passwords | b. | User awareness and
training | d. | Auditing of data
access |
|
|
|
 Image 8-2
|
|
|
17.
|
Stich would like to set it up so that if someone comes in and tries to brute
force a password, the account will lock after a given number of tries. Which one would he
choose?
a. | Account lockout duration | c. | Account lockout
counter | b. | Account lockout threshold | d. | Password policy |
|
|
|
18.
|
What do biometrics use to authenticate an identity?
a. | Possession of a device | c. | Ability to perform tasks | b. | Human
characteristics | d. | Knowledge
of passwords |
|
|
|
19.
|
You want to ensure no one can change the CMOS settings. What should you
do?
a. | Set a BIOS administrator password | c. | Use TPM | b. | Set a user BIOS
password | d. | Set up chassis
intrusion |
|
|
|
20.
|
You want to ensure a server will not boot if someone changes or reconfigures the
hardware. What should you do?
a. | Set a BIOS administrator password | c. | Use TPM | b. | Set a user BIOS
password | d. | Set up chassis
intrusion |
|
|
|
21.
|
You want a security solution that encrypts the entire hard drive, preventing
access even if the drive is moved to another computer.
a. | IPSec | c. | EFS | b. | Bitlocker | d. | VPN |
|
|
|
22.
|
Which is the most effective form of wireless encryption
|
|
|
23.
|
Which protocol ensures secure connection over HTTP?
|
|
|
24.
|
What protocol would you use if you wanted to have a file that you don’t
want other users to read?
a. | Bitlocker | c. | EFS | b. | EHS | d. | SSH |
|
|
|
25.
|
This control panel is accesssed in Windows XP to configure the
screensaver
a. | Display | c. | Screen Saver | b. | Personalization | d. | Personalize |
|
|
|
26.
|
This control panel is accesssed in Windows Vista to configure the
screensaver
a. | Display | c. | Screen Saver | b. | Personalization | d. | Personalize |
|
|
|
27.
|
You have a salesman who constantly walks off, leaving his laptop on his desk in
an area open to clients. How should you secure this laptop?
a. | Use cable locks | c. | Use a screensaver | b. | Use keyboard locks | d. | Shut it edown |
|
|
|
28.
|
You are throwing away a bunch of old stuff from a storage room. You find some
CDs and DVDs, but aren’t sure if the data is sensitive or not. What should you do?
a. | Throw them away in a locked bin. | c. | Use a third party disk-wiping
program to delete the data | b. | Degauss them | d. | Shred them |
|
|
|
29.
|
You have really locked down the ports on your computer. You can surf the net,
but keep getting errors when you try to purchase things, or go to websites that start with HTTPS. You
can’t figure out what’s going on. What port should you open?
|
|
|
30.
|
This is a program that often looks like something useful, but then delivers a
negative payload that destroys things in the process.
a. | Malware | c. | Trojan | b. | Adware | d. | Virus |
|
Multiple Response
Identify one
or more choices that best complete the statement or answer the question.
|
|
|
31.
|
What does virus software do to protect your system? Choose two
|
|
|
32.
|
Viruses can hide in:
|
|
|
33.
|
What are two ways virus protection detect viruses?
|
|
|
34.
|
What are some problems with password authentication?
|
|
|
35.
|
Which of the following are examples of social engineering?
|
|
|
36.
|
Which requirements must be met if a local password complexity policy is
enabled?
|
|
|
Image 8-2
|
|
|
37.
|
What are the security policies applied in 8-2?
|
|
|
38.
|
You want to prevent users from reusing old passwords, and you don’t want
them to change their password more than every seven days. (Why? Because then they forget them and
they bug you.) Which would you choose?
|
|
|
39.
|
You are configuring a local password policy. You want users to use at least 10
characters in their password, and you want to lock their accounts after 3 incorrect tries. Which two
policies would you define?
|
|
|
40.
|
Which of the following would work in the event you lose a drivelock
password?
|
|
|
41.
|
Which security feature encrypts the entire contents of a hard drive?
|
|
|
42.
|
Which of the following protocols allow secure communications to a remote network
over the internet?
|
|
|
43.
|
Uses a username and password for access to the wireless network
|
|
|
44.
|
As a best practice, what three things can keep you from having unauthorized
access to your computer when you step away for a few minutes?
|
|
|
45.
|
You are configuring your firewall to allow SMTP out and POP3 in. Which ports
would you open? Select two
|
|
|
46.
|
You are configuring your firewall and want to block people on your computer from
using FTP. Which ports would you block? Choose two.
|
|
|
47.
|
You want to be able to access your computer from other networks. What two things
would you do?
|
|
|
48.
|
Which two actions will dramatically increase your security on a workstation or
laptop?
|
|
|
49.
|
You set up a server that is going to provide email and web services. Which of
the following ports need to be opened?
|
|
|
50.
|
Which of the following can be considered social engineering?
|
Completion
Complete each
statement.
|
|
|
51.
|
A virus must be ________ in order to cause damage.
|
|
|
52.
|
VOIP stands for
|
|
|
53.
|
This is software that is often installed by a trojan that collects every
keystroke you type and transmits it to a remote computer.
|
|
|
54.
|
This is software that is secretly installed on a computer and monitors the user
activity and/or interferes with user control over his or her computer.
|
|
|
55.
|
This is designed to allow someone else to control your computer.
|
|
|
56.
|
This is malicious software that can be used to gather information about what you
do on the internet.
|
|
|
 Img 8-3
|
|
|
57.
|
The image in 8-3 is an example of ______
|
|
|
58.
|
This is the art of getting someone to do something because of their nature as a
human being.
|
Matching
|
|
|
Spam/Spim?Spit a. | Electronic junk mail | d. | Low | b. | Junk sent via
instant messaging | e. | Extremely
high | c. | Spam sent over internet telephony | f. | Medium |
|
|
|
59.
|
The prevalence of spam/spim/spit is
|
|
|
60.
|
spam
|
|
|
61.
|
spit
|
|
|
62.
|
spim
|
|
|
Spoofing, Phishing, and Pharming a. | spoofing | e. | high | b. | phishing | f. | low | c. | pharming | g. | Worst case damage | d. | extremely high | h. | Don’t click on links in emails from
unknown users. Verify with banks and companies before opening an email with a link in it. Never give
out your passwords or credit card information over the phone unless you called them
first. |
|
|
|
63.
|
Best way to prevent phishing, pharming, or spoofing
|
|
|
64.
|
An attack in which a person or program masquerades or pretends to be someone
else or another program or a valuable program.
|
|
|
65.
|
Personal information is acquired and identity is stolen. Bank accounts can be
drained, credit can be ruined. Victims can be locked out of their own accounts.
|
|
|
66.
|
Phony webpage, usually accessed through a link in a phony email, that looks
like it belongs to a legitimate company. Crooks try to trick users into entering usernames and
passwords for bank accounts, Paypal accounts, and other accounts where they can shop or access their
money or credit/debit card information to steal it to use or sell to others.
|
|
|
67.
|
An attack where a hacker takes over a legit website but redirects traffic to
another bogus website to exploit the victim’s computer, collect banking or credit card data,
etc.
|
|
|
a. | adware | f. | antispyware | b. | spyware | g. | DDoS | c. | keylogging | h. | passwords, credit card numbers | d. | firewall | i. | antivirus software | e. | Botnet |
|
|
|
68.
|
Software that automatically plays or displays advertising
|
|
|
69.
|
Usually not very effective against keyloggers
|
|
|
70.
|
Software that is the most effective against adware
|
|
|
71.
|
Software that can be very dangerous because it can send sensitive data back to
rogue systems.
|
|
|
72.
|
Botnets are often used to launch these
|
|
|
73.
|
Capturing keystrokes and sending them to a rogue website or person
|
|
|
74.
|
Things that can be delivered by keyloggers
|
|
|
Authentication Matching a. | this is an electronic
"passport" that allows a person, computer or organization to exchange information securely
over the Internet using the PKI | e. | This supports the distribution and creation of public encryption so
users and computers can exchange data over networks securely and verify the identity of the other
party | b. | The entity that ensures that certificates are valid. | f. | a mathematical technique used to validate the
authenticity and integrity of a message, software or digital document. | c. | Maintain lists of
trusted CA root certificates so they can easily verify certificates that the CA’s have verified
and signed. | g. | Many digital
certificates conform to this standard. | d. | Giving someone permission to do something on a
computer or network. | h. | the
process of determining whether someone or something is, in fact, who or what it is declared to
be. |
|
|
|
75.
|
Certificate Authority
|
|
|
76.
|
Digital certificate
|
|
|
77.
|
authentication
|
|
|
78.
|
Digital signature
|
|
|
79.
|
Operating systems and browsers
|
|
|
80.
|
X.509
|
|
|
81.
|
Authorization
|
|
|
a. | TPM | d. | BIOS user password | b. | Chassis Intrusion Detection | e. | DriveLock admin password | c. | BIOS Administrator
password |
|
|
|
82.
|
Tells you if the cover has been recovered
|
|
|
83.
|
If you lose this password, there is no way to boot the system
|
|
|
84.
|
Required to start the system, but can’t change CMOS settings
|
|
|
85.
|
Required to change the CMOS
|
|
|
86.
|
If you lose this password, there are two ways to reset the system to get
in
|
|
|
87.
|
Generates and stores cryptographic keys
|
|
|
88.
|
Can be used to keep the system from booting if hardware has changed
|
|
|
89.
|
Can reset this warning in the BIOS
|
|
|
Match the service to the port it comes in on a. | FTP | g. | POP3 | b. | SSH | h. | HTTP
WITH SSL | c. | Telnet | i. | IMAP4 | d. | HTTP | j. | UDP | e. | SSL | k. | TCP | f. | SMTP |
|
|
|
90.
|
20 TCP
|
|
|
91.
|
22 UDP & TCP
|
|
|
92.
|
80 TCP
|
|
|
93.
|
21 TCP
|
|
|
94.
|
443 TCP & UDP
|
|
|
95.
|
443 UDP AND TCP
|
|
|
96.
|
More secure, more headers, less data, slower, used most often
|
|
|
97.
|
110 TCP
|
|
|
98.
|
143 TCP AND UDP
|
|
|
99.
|
23 TCP
|
|
|
100.
|
Faster, less secure, used for streaming audio/video, DoS, and some trojans.
More data in each packet.
|