Security Fundamentals v1.0 (98-367)

Page:    1 / 12   
Total 168 questions

HOTSPOT -
For each of the following statements, select Yes if the statement is true. Otherwise, select No. Each correct selection is worth one point.
Hot Area:




Answer :

Humongous Insurance is an online healthcare insurance company. During an annual security audit a security firm tests the strength of the company's password policy and suggests that Humongous Insurance implement password history policy.
What is the likely reason that the security firm suggests this?

  • A. Past passwords were easily cracked by the brute force method.
  • B. Past passwords of users contained dictionary words.
  • C. Previous password breaches involved use of past passwords.
  • D. Past passwords lacked complexity and special characters.


Answer : B

The WPA2 PreShared Key (PSK) is created by using a passphrase (password) and salting it with the WPS PIN.
Select the correct answer if the underlined text does not make the statement correct. Select "No change is needed" if the underlined text makes the statement correct.

  • A. Service Set Identifier (SSID)
  • B. Admin password
  • C. WEP key
  • D. No change is needed


Answer : A

What are three major attack vectors that a social engineering hacker may use? (Choose three.)

  • A. Telephone
  • B. Reverse social engineering
  • C. Waste management
  • D. Honey pot systems
  • E. Firewall interface


Answer : ABC

Which two security settings can be controlled by using group policy? (Choose two.)

  • A. Password complexity
  • B. Access to the Run... command
  • C. Automatic file locking
  • D. Encrypted access from a smart phone


Answer : AB

Reference:
http://technet.microsoft.com/en-us/library/cc875814.aspx

Cookies impact security by enabling: (Choose two.)

  • A. Storage of Web site passwords.
  • B. Higher security Web site protections.
  • C. Secure Sockets Layer (SSL).
  • D. Web sites to track browsing habits.


Answer : AD

Reference:
http://en.wikipedia.org/wiki/HTTP_cookie

To keep third-party content providers from tracking your movements on the web, enable InPrivate Browsing.
Select the correct answer if the underlined text does not make the statement correct. Select "No change is needed'' if the underlined text makes the statement correct.

  • A. InPrivate Filtering
  • B. SmartScreen Filter
  • C. Compatibility Mode
  • D. No change is needed


Answer : A

Which enables access to all of the logged-in user's capabilities on a computer?

  • A. Java applets
  • B. ActiveX controls
  • C. Active Server Pages (ASP)
  • D. Microsoft Silverlight


Answer : B

HOTSPOT -
For each of the following statements, select Yes if the statement is true. Otherwise, select No. Each correct selection is worth one point.
Hot Area:




Answer :

You need to install a domain controller in a branch office. You also need to secure the information on the domain controller. You will be unable to physically secure the server.
Which should you implement?

  • A. Read-Only Domain Controller
  • B. Point-to-Point Tunneling Protocol (PPTP)
  • C. Layer 2 Tunneling Protocol (L2TP)
  • D. Server Core Domain Controller


Answer : A

Explanation:
A read-only domain controller (RODC) is a new type of domain controller in the Windows Server® 2008 operating system. With an RODC, organizations can easily deploy a domain controller in locations where physical security cannot be guaranteed. An RODC hosts read-only partitions of the Active Directory® Domain
Services (AD DS) database.
References:
http://technet.microsoft.com/en-us/library/cc732801(v=ws.10).aspx

E-mail spoofing:

  • A. Forwards e-mail messages to all contacts
  • B. Copies e-mail messages sent from a specific user
  • C. Obscures the true e-mail sender
  • D. Modifies e-mail routing logs


Answer : C

Reference:
http://www.microsoft.com/mscorp/safety/technologies/senderid/technology.mspx

What is the primary advantage of using Active Directory Integrated Zones?

  • A. Zone encryption
  • B. Password protection
  • C. Non-repudiation
  • D. Secure replication


Answer : D

Reference:
http://books.google.com/books?id=CXy-2LBZCVgC&pg=PA201&dq=%22Active+Directory+Integrated+Zones%22,+Secure+replication&hl=en&sa=X&ei=9s92U- v1KI-zyASjzILIDg&ved=0CE0Q6AEwAQ#v=onepage&q=%22Active%20Directory%20Integrated%20Zones%22%2C%20Secure%20replication&f=false

Which two are included in an enterprise antivirus program? (Choose two.)

  • A. Attack surface scanning
  • B. On-demand scanning
  • C. Packet scanning
  • D. Scheduled scanning


Answer : BD

Phishing is an attempt to:

  • A. Obtain information by posing as a trustworthy entity.
  • B. Limit access to e-mail systems by authorized users.
  • C. Steal data through the use of network intrusion.
  • D. Corrupt e-mail databases through the use of viruses.


Answer : A

Explanation:
Phishing is the act of attempting to acquire sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity in an electronic communication.

Humongous Insurance needs to set up a domain controller in a branch office. Unfortunately, the server cannot be sufficiently secured from access by employees in that office, so the company is installing a Primary Domain Controller.
Select the correct answer if the underlined text does not make the statement correct. Select "No change is needed" if the underlined text makes the statement correct.

  • A. Read-Only Domain Controller
  • B. Backup Domain Controller
  • C. Active Directory Server
  • D. No change is needed.


Answer : A

Page:    1 / 12   
Total 168 questions