Security Test Review

Name:

Multiple Choice
Identify the choice that best completes the statement or answers the question.

This is a common name for a program that can replicate itself, has no useful purpose, and often destroys things in the process.

a.	Malware	c.	Trojan
b.	Adware	d.	Virus

This monitors actions on a system and sends that information back to its originating source

a.	Spyware	c.	Trojan
b.	Adware	d.	Virus

Its primary purpose is to replicate itself and damage systems. It does not neeed a host file.

a.	Spyware	c.	Trojan
b.	Worm	d.	Virus

A friend gives you a program to install that sends random jokes to your screen. It looks fun and legit. A few days later your computer starts acting strange. Your CD tray opens and closes every now and again. You also notice you’re getting more spam. What might this be?

a.	Spyware	c.	Grayware
b.	Adware	d.	Trojan Horse

The main danger of SPAM for a business is:

a.	Denial of service due to mailboxes filling up	c.	Clients receiving too much email from your company
b.	Users attending to emails rather than work	d.	Unwanted links in email

This is a form of social engineering that tricks people into providing passwords or other private information through an email and/or spoofed website.

a.	Dumpster diving	c.	Phishing
b.	Piggybacking	d.	Shoulder surfing

All of a sudden a bunch of company secrets have been posted in the Internet. The boss is livid, and the stocks are falling. When the culprits were caught, they found a bunch of CDs and even an old hard drive in their “lair” of evil. What is the most likely way they obtained this information?

a.	Dumpster diving	c.	Phishing
b.	Piggybacking	d.	Shoulder surfing

Shredding documents and CDs/DVDs can help avoid this type of social engineering.

a.	Dumpster diving	c.	Phishing
b.	Piggybacking	d.	Shoulder surfing

Which would be the best countermeasure against social engineering?

a.	Strong policies	c.	Secure passwords
b.	User awareness and training	d.	Auditing of data access

Image 8-1

10.

What local security policy is represented in image 8-1?

a.	Password lockout threshold	c.	Password length policy
b.	Password complexity policy	d.	Password security policy

11.

Which password meets the requirements in image 8-1?

a.	sno123	d.	sno%123
b.	Sno123	e.	none of these meet the requirements
c.	Sno%123

12.

Which password meets the requirements in image 8-1?

a.	sno12	d.	sno%1
b.	Sno12	e.	none of these meet the requirements
c.	Sno%1

13.

What do biometrics use to authenticate an identity?

a.	Possession of a device	c.	Ability to perform tasks
b.	Human characteristics	d.	Knowledge of passwords

14.

You want to ensure a password is required to boot the system. What should you do?

a.	Set a BIOS administrator password	c.	Use TPM
b.	Set a user BIOS password	d.	Set up chassis intrusion

15.

You want to ensure no one can change the CMOS settings. What should you do?

a.	Set a BIOS administrator password	c.	Use TPM
b.	Set a user BIOS password	d.	Set up chassis intrusion

16.

You want a security solution that encrypts the entire hard drive, preventing access even if the drive is moved to another computer.

a.	IPSec	c.	EFS
b.	Bitlocker	d.	VPN

17.

Which protocol ensures secure connection over HTTP?

a.	HTTP	c.	SSL
b.	HTTPS	d.	SSH

18.

This control panel is accesssed in Windows XP to configure the screensaver

a.	Display	c.	Screen Saver
b.	Personalization	d.	Personalize

19.

You have a salesman who constantly walks off, leaving his laptop on his desk in an area open to clients. How should you secure this laptop?

a.	Use cable locks	c.	Use a screensaver
b.	Use keyboard locks	d.	Shut it edown

20.

You are disposing of some old workstations. You want to make sure all the data is deleted, so you get a Windows DVD, start up in installation mode, and delete the partitions.

a.	All data is deleted from the drive, they are safe to recycle	c.	You should use a third party disk-wiping program, and then they are safe to recycle
b.	They are not safe to recycle, although all data is deleted from the drive	d.	You should reformat the drive using the OS, and then they are safe to recycle.

21.

You are throwing away a bunch of old stuff from a storage room. You find some CDs and DVDs, but aren’t sure if the data is sensitive or not. What should you do?

a.	Throw them away in a locked bin.	c.	Use a third party disk-wiping program to delete the data
b.	Degauss them	d.	Shred them

22.

Which hardware device protects your network from attacks from a public network

a.	Gateway	c.	Router
b.	Hub	d.	Firewall

23.

You have really locked down the ports on your computer. You can surf the net, but keep getting errors when you try to purchase things, or go to websites that start with HTTPS. You can’t figure out what’s going on. What port should you open?

a.	80	c.	443
b.	21	d.	143

24.

You access your company network through telnet nightly. You are configuring the firewall. Which port must you leave open to still be able to Telnet?

a.	21	c.	43
b.	23	d.	143

25.

This is a program that often looks like something useful, but then delivers a negative payload that destroys things in the process.

a.	Malware	c.	Trojan
b.	Adware	d.	Virus

26.

This is a file that tracks your website preferences and usage

a.	Cookie	c.	Trojan
b.	Sandwich	d.	Virus

27.

This is the most common way viruses are distributed

a.	MP3 files	c.	Floppy disks
b.	Email	d.	Hard disks

28.

You’ve been researching car stereos lately. Today it seems like every site you visit has a popup related to music, cars, stereos, and MP3 players. What should you do?

a.	Enable pop up blocker	c.	Check your system for adware
b.	Check your system for Trojans	d.	Reinstall your OS

29.

This is a form of social engineering that tricks people into allowing an unauthorized person into a building or secure area.

a.	Dumpster diving	c.	Phishing
b.	Piggybacking	d.	Shoulder surfing

30.

This is a form of social engineering that tricks people into allowing an unauthorized person into a building or secure area or giving private information when a person pretends to be someone he/she is not.

a.	Masquerading	c.	Phishing
b.	Piggybacking	d.	Shoulder surfing

Image 8-2

31.

Stich would like to set it up so that if someone comes in and tries to brute force a password, the account will lock after a given number of tries. Which one would he choose?

a.	Account lockout duration	c.	Account lockout counter
b.	Account lockout threshold	d.	Password policy

32.

Which of the following is a hardware device that is used for building authentication?

a.	Security policy	c.	Biometric
b.	SSID	d.	Smartcard

33.

You want to ensure a server will not boot if someone changes or reconfigures the hardware. What should you do?

a.	Set a BIOS administrator password	c.	Use TPM
b.	Set a user BIOS password	d.	Set up chassis intrusion

34.

Which is the most effective form of wireless encryption

a.	SSID	c.	WPA
b.	WEP	d.	WPA2

35.

What protocol would you use if you wanted to have a file that you don’t want other users to read?

a.	Bitlocker	c.	EFS
b.	EHS	d.	SSH

36.

This control panel is accesssed in Windows Vista to configure the screensaver

a.	Display	c.	Screen Saver
b.	Personalization	d.	Personalize

37.

Which security device would allow you to restrict access to your network from the public network?

a.	Firewall	c.	TPM
b.	Router	d.	Chassis Intrusion Detection

38.

In essence, a firewall does this task:

a.	Packet shaping	c.	Virus detection and prevention
b.	Packet filtering	d.	Protocol conversion

Multiple Response
Identify one or more choices that best complete the statement or answer the question.

39.

Which of the following are examples of social engineering?

40.

Which of the following would work in the event you lose a drivelock password?

a.	Move the hard drive to another computer	c.	Google it
b.	Contact the vendor	d.	Try to guess the password

41.

Uses a common shared key for access to the wireless network

42.

You are configuring your firewall to allow SMTP out and POP3 in. Which ports would you open? Select two

43.

Which two actions will dramatically increase your security on a workstation or laptop?

a.	Enable a firewall	c.	Use task scheduler to schedule daily backups
b.	Enable desktop support	d.	Install and keep updated a solid virus program

44.

You set up a server that is going to provide email and web services. Which of the following ports need to be opened?

Completion
Complete each statement.

45.

This is designed to allow someone else to control your computer.

46.

This is malicious software that can be used to gather information about what you do on the internet.

Img 8-3

47.

The image in 8-3 is an example of ______

48.

This is the art of getting someone to do something because of their nature as a human being.

Matching

a.	TPM	d.	BIOS user password
b.	Chassis Intrusion Detection	e.	DriveLock admin password
c.	BIOS Administrator password

49.

Tells you if the cover has been recovered

50.

If you lose this password, there is no way to boot the system

51.

Required to change the CMOS

52.

If you lose this password, there are two ways to reset the system to get in

53.

Can be used to keep the system from booting if hardware has changed

54.

Can reset this warning in the BIOS

Match the service to the port it comes in on

a.	FTP	g.	POP3
b.	SSH	h.	HTTP WITH SSL
c.	Telnet	i.	IMAP4
d.	HTTP	j.	UDP
e.	SSL	k.	TCP
f.	SMTP

55.

20 TCP

56.

80 TCP

57.

25 TCP

58.

443 TCP & UDP

59.

443 UDP AND TCP

60.

More secure, more headers, less data, slower, used most often

61.

143 TCP AND UDP

62.

23 TCP

63.

Faster, less secure, used for streaming audio/video, DoS, and some trojans. More data in each packet.

64.

22 UDP & TCP

65.

21 TCP

66.

110 TCP