Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
24 Cards in this Set
- Front
- Back
|
Most of your network cabling is routed through secure cable runs. The network is wired with unshielded twisted pair (UTP) cable. But one segment of the cable will have to pass through an unsecured area as a backbone between two offices. What can you do to keep communication secure?
a – Route the cable for the unsecured segment through metal conduit b - Use fiber optic cable to wire the unsecured segment c - use shielded twisted pair (STP) cable to wire the unsecured segment d - route the cable for the unsecured segment through the ceiling |
B
You should use fiber optic cable to wire the unsecured segment. The risk is that someone could tap into a wired-type cable and collect any data passing between the offices. Using fiber optic cable eliminates this risk because data packets are transmitted as light waves instead of electromagnetic waves, so theyh can't be sniffed by wire tapping devices. |
|
|
To control what software can be run by specific users logging onto computers in a network you manage what measures can you take? (choose 2)
a - Software restriction policies b - network access protection c - a firewall filter d - applocker e - smartscreen filtering |
a and d
Software restriction policies are used to control what software users are allowed to install and run. Applocker is a newer feature that provides more flexibility than software restriction policies, but also allows you to control what software the users are allowed to install and run. |
|
|
Network Access Protection (NAP) is able to check the status of:
a - windows updates, and firewall, spyware, and antivirus protections b - password policies c - user type and effective user permissions d - file and folder access permissions |
A
|
|
|
For what purpose would you deploy a RODC?
a - to allow a server that contains sensitive information to only be accessed by specific users b - to secure dynamic DNS updates c - to prevent illegal DNS zone transfers d - to restrict domain controller access for a physically unsecure remote location |
D
Active Directory objects are stored on the Read Only Domain Controller but can only be read and not written to. If changes need to be made, they have to be made on a writable DC then replicated to the RODC. |
|
|
What benefit do SPF records provide?
a - ensure that all network users have antivirus software installed b - provide e-mail protection from spoofing and phishing c - prevent unauthorized clients from logging on d - provide protection from brute force attacks./ |
B
Often emails used in phishing scams use spoofed email addresses to give the appearance of legitimacy by using false sender addresses. SPF records can be used as part of the Sender ID Framework (SIDF) to specify the computers in the domain that are allowed to send email from the domain, thus reducing the likelihood that a malicious users can send mail appearing to originate from that domain. |
|
|
To deploy network access protection (NAP), you must have
a - a NAP health policy server b - a WSUS server c - a software firewall d - all clients configured to use dynamic IP addresses |
A
A NAP health policy server is a Windows 2008 server that has been configured to use NAP, a service that is used to tightly control which clients access which network resources, and to ensure that client computers meet specific compliance requirements before being allowed network access. |
|
|
You want to ensure that mobile clients receive timely operating system updates. Some clients rarely connect to the internal business network. Which should you use?
a - windows server update services (WSUS) b - configuration manager c - windows update agent (WUA) d - systems management server (SMS) |
C
WUA contacts the MS Windows update website directly and checks for updates. You can control whether or not the updateare downloaded and installed automatically for each client on an individual basis. You should not use the other options because they are network-based and many of your users do not connect very often to the internal network to benefit from them. |
|
|
Is Windows Firewall stateful or stateless?
|
It is stateful. A firewall is said to be stateful if it keeps track of the state of the connections and can log information about them.
|
|
|
Which is a feature of the SmartScreen filter?
a - it blocks content and files from known malicious websites b - it encrypts data communication with the web server c - it prevents the computer from logging the browser history d - it protects against cross-site request forgery (CSRF) attacks. |
A
Smartscreen does nothing to prevent against CSRF attacks and does not encrypt data communications (a function of secure sockets layer (SSL) and the website) Browser history blocking would be a web browser feature |
|
|
Which represents a security threat to your DNS environment?
a - nonreupdiation b - SSID broadcasting c - footprinting d - rogue access point |
C
Footprinting refers to the process of maliciously gaining info about domains which can then be used in a malicious attack such as a DoS attack. |
|
|
A laptop computer running windows server 08 does not have Trusted Platform Module (TPM) installed. You want to protect the data on the computer in case it's stolen. Which action should you take?
a - manually encrypte all system files b - install and configure TPM c - configure Encrypting File System (EFS) d - install and configure Bitlocker |
D
You can still install Bitlocker without TPM (a feature which is part of the motherboard). In such a case a USB startup key is required to start or resume the computer. |
|
|
You add all users to the Deny logon Locally policy for a domain controller in a satellite office. What is the result?
a - no users will be able to physically log on to the domain controller b - Active Directory Rights Management Services (AD RMS) will be enabled c - only backup operators will be able to log on to the domain controller |
A
This prevents anyone physically present at the remote site from being able to physically access the domain controller. |
|
|
You are a network administrator who needs to minimize the attack surface of the network. Which would help in this?
a - enable audit logging b - creating shared folders c - ensuring that only required features are enabled d - installing a physical lock to protect the servers |
C
"Attack surface" refers to the software that is made available and can be compromised in some way. To minimize it, you enable only features that are needed. A lock is a good physical security measure but does not involve the attack surface. |
|
|
Which wireless security method uses Temporal Key Integrity Protocol (TKIP) encryption?
a - MAC filtering b - WPA2 c - WPA d - WEP |
C
WPA uses and requires TKIP encryption. WPA2 uses AES encryption instead of TKIP. WEP uses WEP encryption. |
|
|
What is an example of least privilege?
a - Logging on as administrator for administrative tasks and web browsing only b - ensuring that all services run under the LocalSystem account c - assigning administrator privileges to applications instead of to users d - logging on as a limited user instead of an administrator to run applications |
D
Users should be granted only the privileges required for them to do their jobs. Admins should also have a limited user account and should log in with the limited account unless the actions they need to perform require logging in as an admin. |
|
|
You have a wireless network and need to make sure that only specific client computers can access it. What should you do?
a - relocate the WAP b - disable SSID broadcasting c - implement MAC filtering d - use a software restriction policy |
C
MAC filtering allows you to configure a list of clients that are allowed access. |
|
|
The principle of least privilege ensures that
a - availability is limited b - users can only perform required tasks c - all users must use complex passwords d - data is encrypted |
B
the principle of least privilege ensures (among many other things - they can compose a dozen questions from it) that users can only perform required tasks. A major part of this principle is authentication - making sure users are who they say they are. You can then allow them permission to do only what they are supposed to. |
|
|
Which DNS record is used to prevent hackers from using your network's email servers as a platform for sending spam with your domain address?
a - SOA b - CNAME c - SPF d - PTR e - MX |
C
You would add a Sender Policy Framework (SPF) record to prevent spam being sent with your domain name. It lets you identify by IP address the clients who are authorized to send mail through your mail server. While this does not eliminate spoofed IP addresses, it significantly reduces the possibility of unauthorized access to your mail server. a - a start of authority record identifies the authoritative name server for a DNS zone b - A canonical name record does not prevent spam with spoofed names. c - a pointer record enables you to look up a computer's host name if its IP address is known d - a mail exchange record does not prevent spam with a spoofed name, but provides information about how incoming mail should be handled by the network. |
|
|
What are two features of a public key in asymmetric encryption (choose 2)?
a - it is not related to any private key b - it is distributed by a certificate c - it is used to encrypt data d - it is seen only by the key's owner e - it is used to decrypt data |
B and C
|
|
|
What is used for the sole purpose of intrusion detection?
a - a honeypot b - a security group c - a distribution group d - an encryption algorithm |
A
a honeypot is a system or program that has no real functional value other than to detect intrusion. |
|
|
Kerberos helps prevent
a - dictionary attacks b - pharming c - reproduction attacks d - phishing |
C
Kerberos: - allows the host to prove its identiy in an unsecured network in a safe manner - provides mutual authentication (both user and server verify their identity to each other) - Kerberos protocol messages are protected against espionage and replication attacks |
|
|
What infrastructure is used to assign and validate digital certificates?
a - asymmetric algorithm b - active directory c - PKI d - VPN |
C
public key infrastructure is a system that creates, manages, uses, stores, and revokes digital certificates |
|
|
To audit user access to files and folders you must first implement
a - privilege use b - permit files c - object access d - object tracking |
C
object access determines if the OS audits the user when they attempt to access objects that are not in the Active Directory - this includes files, folders, and printers. |
|
|
What program would you use to configure IPsec on a PC running windows server 08?
a - Windows Firewall with IPsec plugin b - Windows with Advanced Security c - IPsec d - IPsec Configuration Console |
B
|
