• Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off
Reading...
Front

Card Range To Study

through

image

Play button

image

Play button

image

Progress

1/50

Click to flip

Use LEFT and RIGHT arrow keys to navigate between flashcards;

Use UP and DOWN arrow keys to flip the card;

H to show hint;

A reads text to speech;

50 Cards in this Set

  • Front
  • Back
An administrator has implemented a new SMTP service on a server. A public IP address translates to the internal SMTP server. The administrator notices many sessions to the server, and gets notification that the server’s public IP address is now reported in a spam real-time block list. Which of the following is wrong with the server?
a. SMTP open relaying is enabled.
b. It does not have a spam filter.
c. The amount of sessions needs to be limited.
d. The public IP address is incorrect.
a. SMTP open relaying is enabled.
Which of the following practices is MOST relevant to protecting against operating system security flaws?
a. Network intrusion detection
b. Patch management
c. Firewall configuration
d. Antivirus selection
b. Patch management
Which of the following allows a technician to correct a specific issue with a solution that has not been fully tested?
a. Patch
b. Hotfix
c. Security roll-up
d. Service pack
b. Hotfix
An administrator suspects that multiple PCs are infected with a zombie. Which of the following tools could be used to confirm this?
a. Antivirus
b. Recovery agent
c. Spyware
d. Port scan
a. Antivirus
Users on a network report that they are receiving unsolicited emails from an email address that does not change. Which of the following steps should be taken to stop this from occurring?
a. Configure a rule in each users router and restart the router.
b. Configure rules on the users host and restart the host.
c. Install an anti-spam filter on the domain mail servers and filter the email address.
d. Install an ACL on the firewall to block traffic from the sender and filter the IP address.
c. Install an anti-spam filter on the domain mail servers and filter the email address.
A company’s website allows customers to search for a product and display the current price and quantity available of each product from the production database. Which of the following would invalidate an SQL injection attack launched from the lookup field at the web server level?
a. Security template
b. Buffer overflow protection
c. NIPS
d. Input validation
d. Input validation
A technician is testing the security of a new database application with a website front-end. The technician notices that when certain characters are input into the application it will crash the server. Which of the following does the technician need to do?
a. Utilize SSL on the website
b. Implement an ACL
c. Lock-down the database
d. Input validation
d. Input validation
An administrator in a small office environment has implemented an IDS on the network perimeter to detect malicious traffic patterns. The administrator still has a concern about traffic inside the network originating between client workstations. Which of the following could be implemented?
a. HIDS
b. A VLAN
c. A network router
d. An access list
a. HIDS
Antivirus software products detect malware by comparing the characteristics of known instances against which of the following type of file sets?
a. Signature
b. Text
c. NIDS signature
d. Dynamic Library
a. Signature
Which of the following is a software bundle containing multiple security fixes?
a. Patch management
b. A hotfix
c. Service pack
d. A patch
c. Service pack
Which of the following is an installable package that includes several patches from the same vendor for various applications?
a. Hotfix
b. Patch template
c. Service pack
d. Patch rollup
c. Service pack
Which of the following is a collection of patches?
a. A security template
b. A service pack
c. A security hotfix
d. A security baseline
b. A service pack
Which of the following uses a sandbox to manage a programs ability to access system resources?
a. Java
b. ActiveX
c. JavaScript
d. Cold Fusion
a. Java
A user reports that a web based application is not working after a browser upgrade. Before the upgrade, a login box would appear on the screen and disappear after login. The login box does not appear after the upgrade. Which of the following BEST describes what to check FIRST?
a. That the software based firewall application trusts this site
b. That the pop-up blocker application trusts this site
c. That the antivirus application trusts this site
d. That the anti-spam application trusts this site
b. That the pop-up blocker application trusts this site
Which of the following scenarios is MOST likely to benefit from using a personal software firewall on a laptop?
a. Remote access user connecting via SSL VPN
b. Office laptop connected to the enterprise LAN
c. Remote access user connecting via corporate dial-in server
d. Office laptop connected to a home users network
d. Office laptop connected to a home users network
Three generally accepted activities of patch management are: determining which patches are needed, applying the patches and which of the following?
a. Updating the firewall configuration to include the patches
b. Running a NIDS report to list the remaining vulnerabilities
c. Auditing for the successful application of the patches
d. Backing up the patch file executables to a network share
c. Auditing for the successful application of the patches
In which of the following situations would it be appropriate to install a hotfix?
a. A patch in a service pack fixes the issue, but too many extra patches are included.
b. A patch is not available and workarounds do not correct the problem.
c. A patch is available, but has not yet been tested in a production environment.
d. A patch is too large to be distributed via a remote deployment tool.
b. A patch is not available and workarounds do not correct the problem.
An administrator notices that a PC is sending an unusual amount of email at odd times of the day. Which of the following should the administrator check for FIRST?
a. A S/MIME buffer overflow
b. A POP3 protocol exception
c. DNS poisoning
d. A SMTP open relay
d. A SMTP open relay
Some examples of hardening techniques include all of the following EXCEPT:
a. applying security templates.
b. running weekly spyware applications.
c. network-based patch management.
d. disabling all non-required services.
b. running weekly spyware applications
Which of the following describes software that is often written solely for a specific customers application?
a. Rootkit
b. Hotfix
c. Service pack
d. Patch
b. Hotfix
Which of the following reduces the attack surface of an operating system?
a. Patch management
b. Installing antivirus
c. Installing HIDS
d. Disabling unused services
d. Disabling unused services
Which of the following is LEAST effective when hardening an operating system?
a. Configuration baselines
b. Limiting administrative privileges
c. Installing HIDS
d. Install a software firewall
c. Installing HIDS
Which of the following provides the MOST control when deploying patches?
a. Hotfix
b. Remote desktop
c. Patch management
d. Service packs
c. Patch management
A large amount of viruses have been found on numerous domain workstations. Which of the following should the technician implement?
a. Decentralized antivirus
b. Host based intrusion detection
c. Centralized antivirus
d. Spyware detection
c. Centralized antivirus
Which of the following allows attackers to gain control over the web camera of a system?
a. ActiveX component
b. SQL injection
c. Cross-site scripting
d. XML
a. ActiveX component
Which of the following is the BEST solution to implement to reduce unsolicited email?
a. Pop-up blocker
b. Anti-spam
c. Antivirus
d. Personal software firewall
b. Anti-spam
Which of the following is a BEST practice when implementing a new system?
a. Disable unneeded services.
b. Use group policies.
c. Implement open source alternatives.
d. Use default installations.
a. Disable unneeded services.
Which of the following BEST describes a way to prevent buffer overflows?
a. Apply all security patches to workstations.
b. Apply security templates enterprise wide.
c. Apply group policy management techniques.
d. Monitor P2P program usage through content filters.
a. Apply all security patches to workstations.
Which of the following systems is BEST to use when monitoring application activity and modification?
a. RADIUS
b. OVAL
c. HIDS
d. NIDS
c. HIDS
Which of the following would MOST likely prevent a PC application from accessing the network?
a. Virtualization
b. Host-based firewall
c. Antivirus
d. HIDS
b. Host-based firewall
When testing a newly released patch, a technician should do all of the following EXCEPT:
a. verify the integrity of the patch.
b. deploy immediately using Patch Management.
c. verify the patch is relevant to the system.
d. test it in a non-production environment.
b. deploy immediately using Patch Management
Which of the following is a method to apply system security settings to all workstations at once?
a. Policy analyzer
b. Patch management
c. Configuration baseline
d. A security template
d. A security template
Installing an application on every desktop in a companys network that watches for possible intrusions would be an example of:
a. a HIDS.
b. a personal software firewall.
c. hardening.
d. a NIDS.
a. a HIDS.
Which of the following is the BEST way to mass deploy security configurations to numerous workstations?
a. Security hotfix
b. Configuration baseline
c. Patch management
d. Security templates
d. Security templates
Which of the following would be disabled to prevent SPIM?
a. P2P
b. ActiveX controls
c. Instant messaging
d. Internet mail
c. Instant messaging
A vulnerability has recently been identified for a servers OS. Which of the following describes the BEST course of action?
a. Shutdown all affected servers until management can be notified.
b. Visit a search engine and search for a possible patch.
c. Wait for an automatic update to be pushed out to the server from the manufacturer.
d. Visit the operating system manufacturers website for a possible patch.
d. Visit the operating system manufacturers website for a possible patch.
Which of the following overwrites the return address within a program to execute malicious code?
a. Buffer overflow
b. Rootkit
c. Logic bomb
d. Privilege escalation
a. Buffer overflow
Heaps and stacks are susceptible to which of the following?
a. Cross-site scripting
b. Rootkits
c. Buffer overflows
d. SQL injection
c. Buffer overflows
Which of the following, if intercepted, could allow an attacker to access a users email information?
a. Browser cookies
b. Cross-site scripting
c. Cell traffic
d. SMTP traffic
a. Browser cookies
Which of the following is the MOST effective application to implement to identify malicious traffic on a server?
a. Personal software firewall
b. Enterprise software firewall
c. Antivirus software
d. HIDS software
d. HIDS software
Which of the following is a way for a technician to identify security changes on a workstation?
a. Group policy management
b. Service pack application
c. Security templates
d. Configuration baseline
d. Configuration baseline
Which of the following is a way to correct a single security issue on a workstation?
a. A patch
b. A service pack
c. Patch management
d. Configuration baseline
a. A patch
Which of the following protects a home user from the Internet?
a. HIDS
b. Personal firewall
c. Anti-malware software
d. Antivirus application
b. Personal firewall
Which of the following can prevent malicious software applications from being introduced while browsing the Internet?
a. Pop-up blockers
b. Anti-spyware scanners
c. Input validation
d. Strong authentication
a. Pop-up blockers
Which of the following should be checked if an email server is forwarding emails for another domain?
a. DNS zone transfers
b. SMTP open relay
c. Cookies
d. ActiveX controls
b. SMTP open relay
Which of the following would be used to push out additional security hotfixes?
a. Patch management
b. Configuration baseline
c. Cookies
d. Local security policy
a. Patch management
Which of the following is MOST effective in preventing adware?
a. Firewall
b. HIDS
c. Antivirus
d. Pop-up blocker
d. Pop-up blocker
A HIDS is installed to monitor which of following?
a. CPU performance
b. NIC performance
c. System files
d. Temporary Internet files
c. System files
When choosing an antivirus product, which of the following are the MOST important security considerations? (Select TWO).
a. The frequency of signature updates
b. The ability to scan encrypted files
c. The availability of application programming interface
d. The number of emails that can be scanned
e. The number of viruses the software can detect
a. The frequency of signature update
e. The number of viruses the software can detect s
When installing and securing a new system for a home user which of the following are best practices? (Select THREE).
a. Use a strong firewall.
b. Block inbound access to port 80.
c. Apply all system patches.
d. Use input validation.
e. Install remote control software.
f. Apply all service packs.
a. Use a strong firewall. c. Apply all system patches.
f. Apply all service packs.