EC: C2 Deep Pt.5

88問 • 1年前

問題一覧

The term "Data-at-rest encryption" refers to the encryption process that is applied to data residing in persistent storage (e.g., internal storage drive inside computer case)

True

The importance of changing default usernames and passwords can be illustrated on the example of certain network devices (such as routers) which are often shipped with default and well-known admin credentials that can be looked up on the web.

True

The two factors that are considered important for creating strong passwords are: (Select 2 answers)

Password length, Password complexity

A strong password that meets the password complexity requirement should contain: (Select the best answer)

A combination of characters from at least 3 character groups

Which of the following password examples is the most complex?

G$L3tU8wY@z

An account policy setting that forces users to produce a new password every time they are required to change their old password is known as:

Password history

Which of the account policy settings listed below prevents users from reusing old passwords?

Password history

Which password policy setting prevents users from repeatedly changing their passwords to bypass the password history policy setting and get back to their original/preferred password?

Minimum password age setting

Which of the following password policy settings prevents attackers using cracked passwords from gaining permanent access to a Windows workstation?

Maximum password age setting

BIOS/UEFI passwords improve the security of a computer host. These low-level passwords may, for example, prevent unauthorized users to proceed when the computer is powered on (Supervisor/Administrator password), or restrict the scope of changes a user can make in the BIOS/UEFI interface (User password).

False

The practice of implementing a computer screen lock is one of the end-user security best practices. The screen lock can be implemented as a password-protected screensaver that activates when the computer has been idle for a specific amount of time. In MS Windows, users can manually block unauthorized access by invoking the sign-in screen with the Windows logo + L key combination whenever they're about to leave their computer desk. Screen locks can also be used as a countermeasure against brute-force attacks as they can be set to block computer access after a specified number of failed login attempts. The use of screensaver locks is an implementation of a more general security best practice which is logging off whenever the system is not in use.

True

In Microsoft Windows 10, screen lock settings can be accessed via:

Settings > Personalization > Lock screen

Which of the answers listed below refers to a physical security measure against laptop theft?

Cable lock

USB locks are mechanical devices used for blocking a computer's USB ports from unauthorized access. USB locks can also be used to prevent the removal of an external USB device attached to the computer.

True

Privacy filter (a.k.a. privacy screen) is a protective overlay placed on the computer screen that narrows the viewing angle, so the screen content is only visible directly in front of the monitor and cannot be seen by others nearby. Privacy filter is one of the countermeasures against shoulder surfing.

True

A sticky note with a password kept on sight in user's cubicle would be a violation of which of the following policies?

Clean desk policy

The category of account management security best practices includes the practice of restricting user administrative privileges to operating systems and applications based on user duties. Operating systems simplify this process by introducing the concept of user groups equipped with different types of permissions which allow system administrators to simultaneously manage permissions of multiple user accounts based on group membership.

True

Which of the following account management security measures narrows down a user's computer access to specified hours?

Because the Guest account in MS Windows allows a user to log on to a network, browse the Internet, and shut down the computer, it is recommended to keep it disabled when it isn't being used.

True

Which account management security solutions provide countermeasures against brute-force attacks? (Select 2 answers)

Timeout period between login attempts, Failed login attempts lockout

An MS Windows component enabling automatic execution of code contained on a newly mounted storage media is called AutoPlay.

False

In MS Windows, AutoRun is a system component that displays a dialog box containing applicable options for a newly mounted storage media.

False

Which sequence of steps in Windows 10 provides access to the AutoPlay settings menu? (Select 3 answers)

Settings > Devices > AutoPlay, Windows Control Panel (icon view) > AutoPlay, Windows Control Panel (category view) > Hardware and Sound > AutoPlay

Examples of storage media drive physical destruction methods include:

All of the above

One of the ways to prevent data recovery from a hard drive is to overwrite its contents. The data overwriting technique is used by drive wipe utilities which might employ different methods (including multiple overwriting rounds) to decrease the likelihood of data retrieval. As an example, a disk sanitization utility might overwrite the data on the drive with the value of one in the first pass, change that value to zero in the second pass, and finally perform five more passes, overwriting the contents with random characters (the Schneier method).

True

Which of the terms listed below is used to describe the initial hard drive formatting typically performed at the factory by the drive manufacturer?

Low-level format

Which formatting type(s) would typically be performed by a user intending to reinstall an OS? (Select all that apply)

Quick format, Standard format, High-level format

Which format type in MS Windows does not erase disk data?

Quick format

Which formatting type in MS Windows prevents data recovery by overwriting the contents of hard drive sectors?

Standard format

Certificate of destruction is a document issued by companies that conduct secure device/document disposal. The certificate verifies proper asset destruction and can be used for auditing purposes. In case of device disposal, the document includes a list of all the items that have been destroyed along with their serial numbers. It may also describe the destruction method, specify location (on-site/off-site), or list the names of witnesses who oversaw the entire process.

True

Because wireless routers are shipped with default credentials, the process of securing a SOHO network should include changing the default username and password on a Wireless Access Point (WAP).

True

What type of network traffic filtering criteria can be set on a router?

All of the above

Which of the answers listed below refers to an application software that selectively blocks access to websites?

Content filter

Which of the following answers refers to an example of content filtering configuration setting on a SOHO router?

Parental controls

The term "Unified Threat Management" (UTM) refers to a network security solution, commonly in the form of a dedicated device (called UTM appliance or web security gateway), which combines the functionality of a firewall with additional features such as URL filtering, content inspection, spam filtering, gateway antivirus protection, IDS/IPS function, or malware inspection.

True

An optimal Wireless Access Point (WAP) antenna placement provides a countermeasure against:

War driving

Which of the WAP settings listed below allows for adjusting the boundary range of a wireless signal?

Power level controls

A DHCP server's IP exclusion configuration option allows network administrators to remove a single IP address or a range of IP addresses from the pool of addresses being assigned automatically to the requesting DHCP client computers. IP exclusion prevents other DHCP clients from requesting an IP address statically assigned to other essential network hosts (e.g., servers, or wireless printers).

True

A type of architecture that simplifies networking by allowing devices to dynamically join a network, autoconfigure, and learn about the presence and capabilities of other devices is known as:

UPnP

Which of the following answers refers to the concept of zero-configuration networking?

UPnP

Examples of technologies that should not be used due to their known vulnerabilities or other security risks include: (Select 2 answers)

UPnP, WEP

A lightly protected subnet (a.k.a. DMZ) consisting of publicly available servers placed on the outside of the company's firewall is called:

Screened subnet

Service Set Identifier (SSID) is a unique identifier (a.k.a. wireless network name) for a WLAN. Wireless networks advertise their presence by regularly broadcasting SSID in a special packet called beacon frame. In wireless networks with disabled security features, knowing the network SSID is enough to get access to the network. SSID also pinpoints the wireless router that acts as a Wireless Access Point (WAP). Wireless routers from the same manufacturer are frequently configured with default (well-known) SSID names. Since multiple devices with the same SSID displayed on the list of available networks create confusion and encourage accidental access by unauthorized users (applies to networks that lack security), changing the default SSID is a recommended practice.

True

Disabling SSID broadcast:

Makes a WLAN harder to discover

For a wireless client to be able to connect to a network, the security type (e.g., WEP, WPA, WPA2, or WPA3) and encryption type (e.g., TKIP or AES) settings on the connecting host must match the corresponding wireless security settings on a Wireless Access Point (WAP).

True

A type of wireless network that provides access to the Internet, but not to the internal network is referred to as guest WiFi network. Setting up a separate network for visitors (handled by a dedicated access point) protects the internal network against risks related to unauthorized activities and malware infections.

True

In the context of implementing secure network designs, the term "Port security" may apply to:

All of the above

Port mirroring allows an administrator to inspect traffic passing through a network switch. On a switch that supports port mirroring, a packet analyzer can be connected to an empty port and the switch can be configured to pass a copy of the data sent over one or multiple ports on that switch to the packet sniffer port allowing the administrator to monitor contents of the traffic passing through the switch.

True

Which of the answers listed below refers to an OS that uses web browser as its main user interface?

Chrome OS

Installing web browser extensions and plug-ins from trusted sources (e.g., Microsoft Store for Microsoft Edge, or Google Play for Google Chrome) instead of third-party sites decreases malware-related security risks.

False

Which of the following allows to check digital certificate validity?

Web browser padlock icon menu

Which of the MS Windows utilities provides access to configuration options of a built-in pop-up blocker?

Internet Properties (inetcpl.cpl)

The term "Web browsing data" refers to:

All of the above terms

Web caching improves:

Page loading speed

Private-browsing mode (InPrivate browsing in Microsoft Edge / Incognito mode in Google Chrome) is a privacy feature that prevents the web browser from storing data about a browsing session. Private browsing window (which can be launched with the Ctrl + Shift + N key combination) provides protection against website and ISP tracking and clears all the web browsing data associated with the session when the session is closed.

True

The term "Browser synchronization" refers to a cloud service provided by a web browser vendor for sharing browser settings and data across all web browser instances installed on devices that are signed-in to the main account (e.g., Google Account, or Microsoft account).

True

Which of the Windows Internet Properties applet tabs contains an option for managing web browser extensions?

Programs

Which tab of the Windows Internet Properties applet provides an option to reset the built-in web browser to its default state (i.e., roll back all the configuration settings to the state they were in when the browser was first installed)?

Advanced

The Security tab of the Internet Properties applet in MS Windows allows to impose restrictions on web content allowed in the built-in web browser.

True

An HTML5 VPN portal is an example of clientless VPN implementation where an HTML5-compliant web browser along with TLS encryption can be used instead of a dedicated VPN client software.

True

Which of the following answers can be used to describe characteristics of an XSS attack? (Select 3 answers)

Exploits the trust a user's web browser has in a website, A malicious script is injected into a trusted website, User's browser executes attacker's script

An Internet browser redirecting a user to a website other than intended indicates a security issue related to:

DNS

The Blue Screen of Death (BSoD) (a.k.a. stop error screen) in MS Windows indicates a fatal error that the system cannot fix on the fly to continue operate safely. BSOD provides technical information that might be of help for advanced users in solving the cause of the stop error. In older versions of Microsoft OSs, information displayed on the screen when Windows encountered this type of error typically included error code, memory address where it occurred, and the name of the driver that caused it. Starting from Windows 8, the error screen contains a stop code accompanied by a URL and QR code pointing to relevant troubleshooting resources on the Internet. BSOD requires a system reboot, which happens either automatically, or can be performed manually with the Ctrl + Alt + Delete key combination, or by pressing the computer's power button.

True

"Pinwheel" is an informal term used for describing stop error in:

macOS

In Microsoft OSs, Performance tab in Windows Task Manager allows to identify hardware components affecting system performance. In a similar fashion, Task Manager's Processes tab can be used to identify compute-intensive applications and processes that can be the cause of sluggish system performance.

True

Which of the following could be of help while troubleshooting a system that attempts to boot to incorrect device? (Select 2 answers)

Disconnecting any removable drives, Updating boot order in BIOS

During system boot, a user receives "Windows Boot Configuration Data file is missing required information" error message. Which of the following command-line commands should be used by a technician to troubleshoot this error?

bootrec /rebuildbcd

Which of the answers listed below describe(s) (the) possible cause(s) of the "Missing operating system" error message displayed during Windows system boot? (Select 4 Answers)

Damaged storage drive, BIOS does not detect the storage drive, System partition not set as active, Corrupt Master Boot Record (MBR)

Which of the following actions would be of help in troubleshooting the "Missing operating system" error message displayed during Windows system boot?

All of the above

Which of the answers listed below refer to probable causes of the "NTLDR is missing" error message displayed during system boot? (Select 2 answers)

Corrupt NTLDR file, Attempt to boot from a non-bootable drive

Which of the following solutions would be of help in troubleshooting the "NTLDR is missing" error message displayed during system boot? (Select all that apply)

Disconnecting any external drives, Safe Mode troubleshooting, Adjusting the boot sequence in CMOS setup utility, Startup Repair utility

One of the fixes for the "NTLDR is missing" error message during system boot relies on replacing the corrupt NTLDR file with the same file copied from another MS Windows host using the same OS version. Copying the NTLDR file manually requires access to the command-line interface available as one of the advanced troubleshooting options in Windows Safe Mode (which can be accessed by holding the Shift key and selecting Restart from the Power menu). After gaining access to the CLI, the NTLDR file can be restored with the copy command from an external storage device (e.g., USB flash drive) to the root folder (typically C:\) of the drive containing the corrupt version of the file.

True

In MS Windows, Services (services.msc) is a system applet used for managing background applications and processes. The applet interface can be accessed by pressing Windows logo + R key combination, typing in services.msc in the Run dialog box and pressing Enter. Double-clicking on a service opens its Properties menu (which can also be displayed by right-clicking on the service and selecting Properties from the context menu). The General tab of the Properties menu contains all the basic options necessary for manual service management (i.e., Start, Stop, Pause, and Resume buttons). If a service fails to start, automatic system response can be set on the Recovery tab. Another way of troubleshooting such problem is to check whether all required components for a given service are also up and running. The list of all connected services for a given service can be found on the Dependencies tab.

True

Which of the Windows tools listed below provides options to uninstall, change, or repair applications?

Programs and Features (appwiz.cpl)

When a program installed in Windows stops responding or encounters an error, logs describing the error can be examined with the use of:

Event Viewer (eventvwr.msc)

Which of the following steps provide access to Windows Reliability Monitor (perfmon /rel)? (Select 2 answers)

Control Panel (category view) > System and Security > Security and Maintenance > Maintenance > View reliability history, Control Panel (icon view) > Security and Maintenance > Maintenance > View reliability history

The basic, recommended steps to solve or prevent low memory issues in MS Windows include: (Select all that apply)

Adding more RAM, Closing resource-intensive apps/processes, Increasing virtual memory size

The common causes of USB controller resource warnings include USB devices exceeding the number of available endpoints (a.k.a. data buffers) or drawing too much power. In MS Windows, troubleshooting solutions that can be applied to solve such problems include disconnecting USB devices that are not in use, connecting devices with USB 2.0 ports, or reinstalling USB controllers.

True

Which of the answers listed below refers to a common solution for troubleshooting slow profile load on a Windows domain?

Rebuilding Windows profiles

The problem of the so-called time drift in Windows OS (i.e., the problem of the system clock going out of sync) can be solved manually in the Windows Settings menu (Windows Start > Settings > Time & Language > Date & time > Sync now button), or by setting up automatic time synchronization task in Windows Task Scheduler (Windows logo key + R > type in: taskschd.msc + press Enter > Task Scheduler Library > Microsoft > Windows > Time Synchronization > Create Task).

True

Which of the following would be the easiest step to troubleshoot the Blue Screen of Death (BSoD) in MS Windows?

System reboot

Restarting Windows regularly might be of help in resolving slower performance issues as it shuts down all background processes and clears out the system memory.

True

Restarting Windows regularly might be of help in resolving slower performance issues as it shuts down all background processes and clears out the system memory.

True

Which of the system recovery options in Windows 10 provides an option to keep or remove personal files before reinstalling Windows?

Reset

If a recently installed app, driver, or update for Windows has a degrading effect on the system performance, Windows Restore can be used to undo system changes by reverting the computer to a restore point. Methods for accessing Windows Restore include:

All of the above

If personal files, such as email, documents, or photos are lost or deleted, Windows System Restore can be used to recover such files.

False

If personal files, such as email, documents, or photos are lost or deleted, Windows System Restore can be used to recover such files.

False

A Windows 10 interface that enables update rollback can be accessed via:

All of the above steps

DION#1

Mixtapes øf Hanna · 90問 · 1年前

DION#1