2 - Se c u r i t y - a l l

5/23/2020 220-1002 Exam Simulation

https://www.kaplanlearn.com/education/test/print/38209496?testId=132817097 1/81

Test ID: 1328170972 - Security - all

Question #1 of 73 Question ID: 1202800

✓ A)

✓ B)

✓ C)

✗ D)

✓ E)

✓ F)

You are researching biometrics for identification and verification of employees in an organization.

Which attributes or details of an employee can be used by biometric devices? (Choose all that apply.)

hand geometry

fingerprints

signature

hair

face

iris

Explanation

You can use the following attributes of a person to recognize the person through the use of biometric devices:

Fingerprints

Face

Signature

Iris

Retina

Hand geometry

Voice

You can also use voice recognition to identify a person using biometric devices. Biometric devices use a physical or behavioral

characteristic to identify an individual. Biometrics can use a person's attributes to identify an individual, such as thumb- or fingerprints,

geometry of a hand, or the style and speed in which the person produces their signature. These attributes are stored in a database

during the enrollment process. In the identification and verification process, the individual is identified based on the attributes stored in

the database. For example, if a thumb print was stored while enrolling the user, the user would have to provide his or her thumb print

during the identification process. If the new thumb print matched the thumb print stored against the user's name, access to the resource

would be granted.

A person's hair cannot be used with biometric devices to identify users because a person's hair cannot be considered a unique

attribute. Biometric devices use fingerprints, facial features, a signature, an iris or retina, or hand geometry to identify individuals.

Biometrics is often associated with false negatives and false positives. False negatives occur when someone who is supposed to have

access to the system is denied access. While these occurrences can affect the satisfaction of personnel, they do not result in security

breaches. False positives occur when someone who is NOT supposed to have access to the system is granted access. These

occurrences result in security breaches.

For the A+ exam, you need to understand the following common prevention methods used for physical security:

Locked doors - Multiple physical barriers should be deployed. Fencing and surveillance are the first barriers. Locked doors, security

badges, and security guards are the second barriers to protect entrance to the building. These same elements can often also be



deployed as the third barriers to more secure areas, such as server rooms.

Tailgating - Tailgating occurs when an unauthorized person follows an authorized user into the building and gains access based on

the authorized user's credentials, such as a valid key, smart card, or other security device. The tailgater slips in right behind the

authorized user. Implementing mantraps prevent tailgating.

Cable locks - Cable locks secure portable devices, such as laptops, to stationary objects so that the portable devices are harder to

steal.

Securing physical documents/passwords/shredding - Dumpster diving occurs when confidential information is obtained through

documents that an organization has thrown away. The documents can contain confidential information, passwords, or

organizational secrets. Security policies should exist that detail how these documents are stored. In addition, disposal policies

should detail which documents must be shredded before being discarded. In some cases, organizations have even placed

dumpsters in locked enclosures to prevent dumpster diving.

Biometrics - Biometric devices identify users based on their unique physical characteristics, including the user's retina, iris, facial

features, and fingerprint. While the use of biometric devices is increasing, users are concerned about the security of any biometric

information that is obtained by the organization. In addition, no biometric technique is error-proof. This means that there may be

false positives and false negatives. False positives occur when unauthorized users are granted access. False negatives occur

when a valid user is denied access. False positives are more of a security concern than false negatives.

ID badges - Most organizational badges are simple identification devices that often include a photo of the employee. This type of

badge only provides security in that it allows a guard to verify that the person matches the credentials provided.

Key fobs - Key fobs are similar to smart cards. Key fobs often employ a randomly generated code and a user-entered password

that provide authentication.

RFID badges - Smart cards that use radio frequency identification (RFID) to allow the reader to read the user information when the

RFID badge is in close proximity to the reader. RFID badges can be used to secure buildings, server rooms, or even a single

server. As with ID badges and smart cards, companies must guard the physical security of an RFID badge.

Smart card - A smart card is a plastic card with a built-in processor. They are used typically for personal identification. Some ID

badges incorporate smart cards that actually provide an added level of security through the use of PINs or passwords. Companies

should use caution when including company logos and addresses on any of these devices. If the devices are lost or stolen, the lack

of logos or addresses can provide an added layer of security because the organization that issued the badge or card cannot be

easily identified.

RSA token - An RSA token is a specific type of physical token that is a one-time password that is issued by a security device. The

token is used to access network resources.

Privacy filters - Privacy filters are placed on monitors to prevent users from reading the monitor display. Only the user sitting in front

of the monitor can read what is displayed on the monitor.

Entry control roster - An entry control roster is used to control access to a specific room or section in a building. Most often these

rosters are given to security guards, who verify user identity before granting access to the restricted area, and to track users

arriving and departing. They can also be kept by digital devices that log the physical locations where users are arriving and

departing the facility.

Objective:Security

Sub-Objective:Summarize the importance of physical security measures.

References:

Biometrics, http://www.globalsecurity.org/security/systems/biometrics.htm

http://www.globalsecurity.org/security/systems/biometrics.htm%C2%A0%C2%A0




✓ A)

✗ B)

✗ C)

✗ D)


CompTIA A+ Complete Review Guide: Exam 220-1001 and Exam 220-1002, Chapter 7: Security, 2.1 Summarize the importance of

physical security measures

You are a network administrator for Nutex Corporation. Your organization implements a network. You have been tasked with designing

the end-user security training that will be given to all employees regarding the network.

Which security issue should you cover?

social engineering attacks

physical security issues

denial of service (DoS) attacks

smart card usage

Explanation

You should ensure that social engineering attacks are covered in the end-user network security training. End users should always be

aware of the social engineering techniques that can be used by hackers. A network security policy should cover end-user training on

security solutions and social engineering training.

You should not ensure that DoS attacks are covered in the end-user network security training. This information should be covered in

the IT technician and administrator network security training.

You should not ensure that physical security issues are covered in the end-user network security training. This information should be

covered in the IT technician and administrator network security training.

You should not ensure that smart card usage is covered in the end-user network security training. Smart card usage training should

only be implemented if smart cards are used on your network.

Objective:Security

Sub-Objective:Compare and contrast social engineering, threats, and vulnerabilities.

References:

Social Engineering Attacks: Common Techniques & How to Prevent an Attack, https://digitalguardian.com/blog/social-engineering-

attacks-common-techniques-how-prevent-attack

CompTIA A+ Complete Review Guide: Exam 220-1001 and Exam 220-1002, Chapter 7: Security, 2.5 Compare and contrast social

engineering, threats, and vulnerabilities

https://www.amazon.com/CompTIA-Complete-Review-Guide-220-1001/dp/1119516951/ref=as_sl_pc_qf_sp_asin_til?tag=transcender02-20&linkCode=w00&linkId=0e26599920615c2d149a1384f6211c4a&creativeASIN=1119516951

https://digitalguardian.com/blog/social-engineering-attacks-common-techniques-how-prevent-attack




✗ A)

✗ B)

✗ C)

✓ D)


Paul is the new security guard at Metroil. He is stationed at the data center where all the valuable data is stored. Entry to the data

center is controlled by two doors with a small room between them. Personnel use a smart card to open the first door. During his shift at

Metroil, Paul allows access to the data center through the second door once a user has successfully opened the first door. Which type

of physical security barrier is being used?

key fob

biometrics

ID badges

mantrap

Explanation

A mantrap is being used. A mantrap is a setup with two doors and a small room between them. The first door requires authentication to

get into the small room. Then a second verification will occur (such as a guard visually identifying the person) to allow the user through

the second door. Mantraps are typically used where very high security is needed because the second door can only open once the first

door is closed. Mantraps are excellent deterrents against tailgating.

None of the other security controls is described in the scenario. A key fob is a physical wireless remote control device that is used to

open doors. Biometrics are physical characteristics of an individual that are scanned or input to allow access. ID badges provide

identification only. However, many ID badges have smart card capabilities built in that can be used to authenticate users before

providing them access. Badges require a badge reader to be installed so that information stored on the badge

When trying to keep intruders out and physically protects devices and data, one should use the multi-barrier system approach, which

could be referred to as inner, middle, and outer barriers.

Obviously, the outer barriers should physically protect the outer area where physical access is gained, which is referred to as the

perimeter. Access is protected at the perimeter by burglar alarms, fencing and walls, and surveillance cameras. It is helpful to have an

access list to identify who can enter and who needs to be verified.

The second barrier (middle) can be secured by using ID badges, which require those entering to insert their ID into a card reader.

The third barrier (inner) can be secured by using key fobs, or physical keys. All three barriers—outer, middle, and inner—should have

locks, surveillance cameras, alarms, and can have mantraps set up as well. This is just one example of implementing multi-barrier

physical security.

Objective:Security


References:






✗ A)

✗ B)

✗ C)

✓ D)

You have stored critical information about your company in the computers in your server room. You want only authorized people to be

allowed entry into the server room.

Which method will be MOST effective to maintain the security of the server room?

Position a surveillance camera at the entrance of the server room.

Employ an IDS to alert personnel when unauthorized access occurs.

Place a safe lock on the server door and give the key only to the authorized persons.

Employ an access control system on the entrance of the server room.

Explanation

An access control system should be employed at the entrance of the server room to maintain security. An access control system will

prevent any unauthorized access to the server room. An access control system uses devices, such as smart cards or biometrics, to

provide access only to authorized persons. Therefore, unauthorized individuals cannot enter the server room.

You should not employ an intrusion detection system (IDS) because this will only detect if intrusions occur on a network or computer. It

is not a preventive measure.

Placing a safe lock on the server door and giving the key only to authorized persons is not a practical solution because there could be a

large number of authorized persons, and providing a key to every person may not be possible. Additionally, loss of a key poses a threat

to the security of the server room.

Positioning a surveillance camera at the entrance of the server room is not an effective solution because a surveillance camera can

only monitor people entering the server room. It cannot control access. To maintain the security of data stored in the server room, you

should restrict entry into the server room.

For the A+ exam, you need to understand the common prevention methods used for physical security, including the following:








steal.
















✗ A)

✗ B)

✗ C)

✓ D)










easily identified.









Objective:Security


References:

Server Room Security Measures, http://datacenterdesign.blogspot.com/2007/01/server-room-security-measures.html



Which of the following wireless authentication methods separates authentication and authorization into two different processes?

Single factor authentication

Multifactor authentication

RADIUS

TACACS

Explanation

The Terminal Access Controller Access-Control System (TACACS) protocol suite separates authentication and authorization into two

different processes, with accounting as a third process.

http://datacenterdesign.blogspot.com/2007/01/server-room-security-measures.html





✓ A)

Remote Authentication Dial-In User Server (RADIUS), which was originally designed to authenticate dial-up users, combines the

authentication and authorization steps into a single process.

The exhibit below summarizes the differences between TACACS and RADIUS:

Single-factor authentication validates a user through a single set of credentials. The most common type of single-factor authentication

is password-based authentication. Single-factor authentication will authorize you to connect to certain devices but does not really

provide authorization as a second process.

Multifactor authentication employs the use of two or more of the following authentication methods: something you have, something you

know, something you are, somewhere you are, and something you do. Multifactor authentication will authorize you to connect to certain

devices but does not really provide authorization as a second process.

Objective:Security

Sub-Objective:Compare and contrast wireless security protocols and authentication methods.

References:

RADIUS versus TACACS+, https://www.networkworld.com/article/2838882/radius-versus-tacacs.html

You are providing training on security breaches regarding passwords and encryption. Which attacks often attempt this type of breach?

(Choose all that apply.)

Rainbow attack

https://www.networkworld.com/article/2838882/radius-versus-tacacs.html



✓ B)

✓ C)

✗ D)


✓ A)

✗ B)

Brute-force attack

Dictionary attack

Man-in-the-middle attack

Explanation

Rainbow attacks, brute force attacks, and dictionary attacks often target passwords and encryption.

Dictionary attacks can contain large files from the dictionary. Their goal is to attempt to crack encrypted passwords by using the same

algorithms in the dictionary file to encrypt a users' password. Then they will compare the values to the encrypted passwords to find a

match. They perform these attacks offline so they will not violate password policies.

A rainbow table is a preconfigured table for reversing cryptographic hash functions, usually for cracking password hashes.

A brute-force attack operates by attempting to find every possible combination of characters in a password. They can do this offline or

online. Any password can be cracked, so agencies now have password policies that have time limits and require certain characters so

that they are harder to figure out. This is what makes brute force online attacks unsuccessful.

A man-in-the-middle (MiTM) attack is basically what it sounds like: a hacker will position himself on both sides of the attack so he can

secretly communicate between two sessions and devices. One MiTM trick might be to pollute the mapped IP addresses and MAC

addresses so that two users think they are sending data to each another when they are really sending it to the hacker.

Security best practices are policies about security that exist to show minimum security measures that users should expect. These

policies are developed to become acceptable use policies, and these policies describe the detail and actions allowed on or off

networks. These rules should always be designed to follow and encourage the use of security best practices. A critical component of

this document is the specification of consequences for noncompliance.

Objective:Security


References:

The Dictionary Attack and the Rainbow-Table Attack on Password Protected Systems,

https://engineering.purdue.edu/kak/compsec/NewLectures/Lecture24.pdf



You manage the Android devices issued to your mobile salesforce. Which two methods for securing Android devices would provide you

with the highest level of security? (Choose two.)

Full device encryption

Patching/OS updates

https://engineering.purdue.edu/kak/compsec/NewLectures/Lecture24.pdf




✗ C)

✓ D)

✗ E)


✗ A)

✓ B)

✗ C)

✗ D)

✗ E)

VPN

Biometric authentication

Firewalls

Explanation

Biometric authentication and full device encryption would provide you with the highest level of security for Android mobile devices.

Biometric authentication matches a user’s uniquely identifiable physical attribute to a previously stored value. Biometrics is among the

most secure physical security measures. Examples include fingerprints, iris or retinal scans, voice prints, and keyboard cadence.

Full device encryption requires that the user provide a PIN, password, or a swipe pattern in order to activate the decryption key on the

device. If the user does not provide the correct information, the data remains encrypted and inaccessible.

Patching/OS updates are always a critical concern, but it doesn’t address security for Android mobile devices. The Android OS is

typically patched or updated by the phone manufacturer or Google, and updates may be outside the control of the organization.

Ensuring that patches and updates are applied and current should be a basic component of system security.

There are firewalls for Android, but they would only protect traffic entering or exiting the device. You would want to block unauthorized

access to the device itself as the primary security measure.

There are VPN products for Android, but they would only protect traffic to and from the device. They provide no physical protection if

the device is stolen.

Objective:Security

Sub-Objective:Given a scenario, implement methods for securing mobile devices.

References:

How to Encrypt Your Android Phone (and Why You Might Want to) https://www.howtogeek.com/141953/how-to-encrypt-your-android-

phone-and-why-you-might-want-to/

Five Steps to Implement Biometric Authentication in Android, https://proandroiddev.com/5-steps-to-implement-biometric-authentication-

in-android-dbeb825aeee8

Your company has several security measures that they have implemented on all mobile devices. Which of the following is NOT a

security measure for mobile devices?

patching/updates

geotracking

passcode locks

anti-virus

login attempt restrictions

https://www.howtogeek.com/141953/how-to-encrypt-your-android-phone-and-why-you-might-want-to/

https://proandroiddev.com/5-steps-to-implement-biometric-authentication-in-android-dbeb825aeee8




✗ A)

✗ B)

✗ C)

✓ D)

Explanation

Geotracking is NOT a security measure for mobile devices. Geotracking occurs when a mobile device records the location of the device

periodically and stores the information in a central location. This is actually a security concern for many mobile device users because

law enforcement may be able to access this information. The United States Department of Homeland Security retains the right to

access this information when they deem necessary.

Screen locks (including passcode locks, fingerprint locks, PIN locks, face locks, and swipe locks), patching/updates, anti-virus, and

failed login attempt restrictions are all considered to be security measures for mobile devices. OS updates ensure that the operating

system has the latest updates from the vendor. Other security measures include antimalware, remote wipe, locator applications, and

remote backup applications. Remote wipe allows you to remotely wipe the contents of the mobile device if the mobile device is missing

or stolen. Locator applications allow you to locate a misplaced mobile device. Remote backup applications allow you to remotely

backup the contents of the mobile device.

When it comes to mobile devices, most users do not implement an anti-virus solution. Because mobile devices can become infected

with viruses, it is important to install an anti-virus solution designed for mobile devices and to keep the anti-virus application updated.

Security patches and operating system updates are as important for mobile devices as they are for desktop and laptop computers.

Objective:Security


References:

10 Quick Tips to Mobile Security, http://images.mcafee.com/en-us/advicecenter/pdf/MobileeGuide_Jan2012.pdf

CompTIA A+ Complete Review Guide: Exam 220-1001 and Exam 220-1002, Chapter 7: Security, 2.8 Given a scenario, implement

methods for securing mobile devices

Your company has adopted a new security policy that states that all computers must be locked if a user leaves his desk for any reason.

What is the quickest way to lock a Windows 7 computer?

Click Start. Click the right arrow next to Shutdown, and select Lock.

Press Ctrl+Alt+Del, and select Lock this computer.

Right-click the taskbar, and select Lock the taskbar.

Press the Windows + L keys.

Explanation

The quickest way to lock a Windows computer is to press the Windows Logo + L keys. This feature works in Windows 7 and higher.

You can also lock a Windows computer by pressing Ctrl+Alt+Del and selecting Lock this computer, but it requires more keystrokes.

http://images.mcafee.com/en-us/advicecenter/pdf/MobileeGuide_Jan2012.pdf




Another method of locking a Windows 7 computer is to click Start, click the right arrow next to Shutdown, and select Lock.

If you right-click the taskbar and select Lock the taskbar, you are locking the taskbar, not the computer. Locking the taskbar ensures

that the auto-hide feature is disabled.

When preparing for the A+ exam, you should understand security best practices to secure a workstation, including the following:

Requiring passwords - All workstations should be configured so that user accounts are required to have a password, even if the

workstation is on a peer-to-peer network. In a domain environment, you can configure the domain security policy to require all

accounts to have a password. Local security policies can be used in non-domain environments.

Setting strong passwords - Strong passwords ensure that passwords are harder to guess because they include upper- and lower-

case letters, numbers, and special characters. It is also recommended that passwords be at least eight characters in length. This

restriction can also be configured using the local security policy or domain policy.

Password expiration - Administrators should configure password expiration policies. Most organizations set a 60- or 90-day

expiration, meaning that passwords must be reset within that time limit.

BIOS/UEFI passwords - Configuring a BIOS or UEFI password ensures that the system settings stored in the BIOS or UEFI cannot

be accessed or changed by unauthorized users.

Restricting user permissions - Users should only be granted permissions that they need to complete their jobs. For users that need

administrative-level permission, the users should be given two accounts: one normal account with more restrictive permissions that

they use for day-to-day activities and one administrative account that they use when performing administrative duties. Also, as a

rule, permissions should be assigned to groups, and user accounts should be added to group accounts. This makes permission

administration much more manageable.

Changing default user names and passwords - For any default user accounts that are created when an operating system or

application is installed, the default user names and passwords should always be changed. Most IT professionals and hacker are

aware of default accounts. Renaming these accounts provides a level of protection. Always research any operating system or

application that you install to learn of any default user accounts that are created at installation. (Keep in mind that the default

Windows Administrator account cannot be renamed. It is important that this account be given a very strong password and that its

use is audited.)

Disabling guest account - All default accounts that are created should be disabled if they will not be used. This is particularly

important for the guest account. If possible, also rename the guest account. Finally, ensure that the guest account has a strong

password and that it is given a password reset policy.

Screensaver required password - Screensavers start after a period of idle time. For security reasons, a screensaver password

policy is used to ensure that a user is required to enter his password when returning to his session. In addition, many companies

have logoff policies that require users to log off from a computer when leaving for prolonged periods of time.

Timeout/screen lock - It is a good practice to configure a computer to implement a screen lock after a certain amount of time

without user interaction. This can be employed as part of the screensaver required password.

Disable Autorun - Because you are never ensured that media, including floppy disks, CDs, DVDs, and so on, are safe and

uncontaminated, you should be careful when inserting new media into a CD-ROM, DVD, or USB drive. As a precaution, you should

disable the Autorun feature that is enabled by default in older Windows operating systems. Windows 7, by default, has DISABLED

the Autorun feature. In Windows 8 and higher, the term AutoPlay became the default for AutoRun and acts the same way as

Autorun did.

Login time restrictions - Login time restrictions are configured by administrators to limit the hours during which a user can log in to a

system. This security feature, however, can cause problems if for any reason a user works outside his normal business hours.

Objective:Security




✗ A)

✓ B)

✗ C)

✗ D)

Sub-Objective:Given a scenario, implement security best practices to secure a workstation.

References:

Keyboard Shortcuts in Windows, http://support.microsoft.com/kb/294317


security best practices to secure a workstation

According to your organization's data backup policy, you must keep track of the number and location of backup versions of the

organization's data. What is the main purpose of this activity?

to restrict access to the backup versions

to ensure proper disposal of information

to create an audit trail

to demonstrate due diligence

Explanation

The main purpose of keeping track of the number and location of backup versions is to ensure proper disposal of information.

To restrict access to the backup version, you should implement the appropriate access and physical controls.

To create an audit trail, you should enable event or audit logging.

To demonstrate due diligence, you need to retain event and audit logs.

For the A+ exam, you need to understand the following data destruction or disposal methods:

Low-level format versus standard format - A standard format marks space that is occupied by data as being available, but it does

not actually erase the existing data. A low-level format completely cleans the disk, ensuring that all existing data is removed. Low-

level formats are performed by the disk manufacturer.

Hard drive sanitation methods - While the only sure method of rendering hard drive contents completely unreadable is the physical

destruction of the hard drive, there are two common methods of sanitizing hard drives that are used by technicians:

Overwrite - This sanitation method actually overwrites existing data with new data. This is often referred to as zeroization.

Drive wipe - This sanitation method erases the contents of the hard drive. This method is not foolproof. If you truly must ensure that

data cannot be retrieved, you should destroy the media.

Physical destruction methods - There are several different physical hard drive destruction methods that are used, including the

following:

Shredder - This is an accepted method for destroying CDs and DVDs. However, to shred hard drives, you would need access to an

expensive hard drive shredder.

Drill/hammer - After disassembling the physical hard drive, you could use a drill, hammer, or sander to turn the shiny surface of the

hard drive platters into dust. Make sure to wear both eye and nose protection. This process is very time- consuming.

Electromagnetic - This method uses strong magnets to destroy the magnetic media. A degaussing tool is actually a type of

electromagnetic destruction method.

http://support.microsoft.com/kb/294317%C2%A0%C2%A0





✗ A)

✓ B)

✗ C)

✗ D)

Degaussing tool - This tool is a type of electromagnetic destruction tool. They range from $500 for a wand degausser to $30,000 for

a desktop degausser.

Incineration - This destroys the drive by burning it.

Certificate of destruction - Many companies offer drive destruction services and will provide a certificate of destruction for any

drives sent to them. This is preferred for drives that contain highly classified information.

Objective:Security

Sub-Objective:Given a scenario, implement appropriate data destruction and disposal methods.

References:

Maintaining Backup Archives and Records, http://osr507doc.xinuos.com/en/OSAdminG/buD.archive.html


appropriate data destruction and disposal methods

Andrea is concerned that she is being lured to provide her financial institution's credentials on an invalid site via a message she

received. Which type of attack is most likely taking place?

data mining

email spoofing

MAC address spoofing

IP spoofing

Explanation

An email spoofing attack is most likely taking place. Email spoofing occurs when an email header to make it look like the message

came from a valid source, when in actuality it comes from someone hoping to gain access to your information or assets. These emails

may end up in your spam folder. They often attempt to get users to open attachments and/or respond to their illegal solicitation.

Spoofing can be tricky because it can appear real.

IP spoofing is a technique that hackers will use to gain unauthorized access to computers by using valid IP addresses making it appear

to be from the valid trusted host. Upgrading your routers and using firewall protection can help alleviate IP spoofing.

MAC address spoofing occurs when an attacker changes the MAC address of his computer to match that of a valid trusted host. This is

the most often attack that occurs when MAC address filtering is deployed.

Mining or data mining is a database application term that examines data to predict behavior. It is designed to help retail companies find

future customers with common interests and can appear safe. True data mining software discovers previously unknown relationships

among the data. Data mining is popular in IT departments and helps web site designers market consumers' data.

http://osr507doc.xinuos.com/en/OSAdminG/buD.archive.html





✗ A)

✓ B)

✗ C)

✗ D)

Objective:Security


References:

Minimize Your Exposure to Email Spoofing, http://www.pcworld.com/article/253305/minimize_your_exposure_to_email_spoofing.html



During a recent security audit, you discovered that several computers were infected with software that uses tracking cookies to collect

and report a user's activities. Of which type of malware infection is this an example?

Trojan horse

spyware

virus

worm

Explanation

Spyware often uses tracking cookies to collect and report a user's activities. Spyware installs itself without notifying the user.

None of the other options is correct. A virus is malicious software (malware) that relies upon other application programs to execute and

infect a system. A worm is a program that spreads itself through network connections. A Trojan horse is malware that is disguised as a

useful utility, but embeds malicious code in itself.

Adware is any application that displays, downloads, or plays advertisements after being accessed from the Internet. This type of

infection often results in bombardment of advertisements to your computer. It tracks a user's habits and displays targeted advertising or

messages.

Objective:Security

Sub-Objective:Given a scenario, detect, remove, and prevent malware using appropriate tools and methods.

References:

Spyware, http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci214518,00.html

CompTIA A+ Complete Review Guide: Exam 220-1001 and Exam 220-1002, Chapter 7: Security, 2.4 Given a scenario, detect, remove,

and prevent malware using appropriate tools and methods

http://www.pcworld.com/article/253305/minimize_your_exposure_to_email_spoofing.html


http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci214518,00.html%C2%A0%C2%A0





✗ A)

✗ B)

✗ C)

✓ D)


A hacker has called a company employee and learned the employee's user name and password by posing as a member of corporate

technical support.

Which type of attack has the company suffered?

denial of service

brute force

buffer overflow

social engineering

Explanation

The company has suffered a social engineering attack, in which a hacker poses as a company employee or contractor to gain

information about a network from legitimate company employees. A hacker typically uses social engineering to gain user names and

passwords or sensitive documents by non-technical means, such as posing as an employee or dumpster diving. A company can help

protect itself from a social engineering attack by requiring employees to attend security awareness training, which is one of the most

neglected aspects of network security. Often hackers will use flattery as a means to gain trust to obtain information.

If a user gives his credentials to someone else for any purpose, the user should then change his password because security is

compromised. Make sure that your users understand that they should never give their user names or passwords to any individuals,

whether by phone, via email, or in person. If a login is required for technical servicing, the user can log in and then turn the computer

over to the technician.

A buffer overflow attack occurs when a hacker exploits a bug in a program to force more information into computer memory than the

program was designed to handle. A hacker can use a buffer overflow to run malicious programs on a computer system. A denial of

service (DoS) attack occurs when a hacker floods a network with requests so that legitimate users cannot gain access to resources on

a computer or a network. A brute force attack occurs when a hacker tries all possible values for such variables as user names and

passwords. For example, a hacker might use a brute force attack to crack an encryption key and gain access to an encrypted file.

Objective:Security


References:

9 Best Defenses Against Social Engineering Attacks, http://www.esecurityplanet.com/views/article.php/3908881/9-Best-Defenses-

Against-Social-Engineering-Attacks.htm



http://www.esecurityplanet.com/views/article.php/3908881/9-Best-Defenses-Against-Social-Engineering-Attacks.htm




✓ A)

✗ B)

✗ C)

✗ D)

You want to define the number of days a password can be used before the user is required to change it.

Which password policy should you configure?

Maximum password age

Passwords must meet complexity requirements

Minimum password length

Enforce password history

Explanation

You should configure the Maximum password age policy to define the number of days a password can be used before the user is

required to change it. You can set the number of days between 0 and 999. If you set the policy to 0 days, then the password will never

expire. Configuring the Maximum password age policy can help prevent a computer from being hacked.

The Enforce password history policy is used to define the number of old passwords that can be remembered by a computer to prevent

a user from reusing the same password. You can set the number of passwords remembered between 0 and 24. If you set the policy to

0 passwords remembered, then the policy will be disabled.

The Minimum password length policy is used to define the minimum number of characters a password must include. You can set the

number of characters between 0 and 14. If you set the number of characters to 0, then users can have a blank password. Therefore, it

is recommended to enable this policy to have a strong password.

The Password must meet complexity requirements policy enables a user to use a strong password. A strong password must contain at

least six characters. The characters should at least include any three of the five categories: English uppercase characters (A - Z),

English lowercase characters (a - z), base 10 digits (0 - 9), non-alphanumeric characters, such as !, $, #, or %, and Unicode characters,

for example, !2Pa$swoRd.

























use is audited.)













Autorun did.



Objective:Security


References:

Maximum Password Age, http://technet.microsoft.com/en-us/library/cc736566(v=ws.10).aspx



You have recently implemented five different security solutions for a small business. Move the correct items from the left column to the

column on the right to match the security solutions on the left with the security issue that the solution BEST addresses.

{UCMS id=5679104907018240 type=Activity}

Explanation

The security issues and solutions should be matched in the following manner:

Digital security - Install antivirus software

Physical security - Implement biometrics

Social engineering - Educate users

Wireless security - Disable SSID broadcast

Data security - Destroy hard drives

http://technet.microsoft.com/en-us/library/cc736566(v=ws.10).aspx





✓ A)

✗ B)

✗ C)

✗ D)

Digital security focuses mainly on protecting your networks and devices from harmful data and malware. It includes anti-virus software,

firewalls, anti-spyware software, and user authentication with strong passwords.

Physical security focuses mainly on ensuring the buildings and server rooms are protected against physical intrusion. It includes locked

doors, guards, mantraps, securing documentation, shredding old documentation, biometrics, badgers, key fobs, RFID badges, RSA

tokens, and privacy filters.

Social engineering occurs when an attacker attempts to acquire information about a network via phone conversations or other social

settings. User gullibility is the main reason that social engineering occurs. User education is the best protection against social

engineering.

Wireless security focuses mainly on ensuring that a wireless network is protected against intrusion. It includes changing default user

names and passwords, changing SSIDs, setting encryptions, disabling SSID broadcast, enabling MAC filtering, antenna and access

point placement, power levels, and assigning static IP addresses to wireless routers.

Data security focuses mainly on protecting stored data. It includes hard drive formatting, sanitation, and physical destruction.

Objective:Security

Sub-Objective:Explain logical security concepts.

References:

CompTIA A+ Complete Review Guide: Exam 220-1001 and Exam 220-1002, Chapter 7: Security, 2.2 Explain logical security concepts

An IT technician has recently discovered an evil twin on your company’s network. What is the best description of an evil twin?

an access point with the same SSID as the legitimate access point

signals about the wireless network marked on the outside of a building

an unauthorized access point

cracking the WEP secret key using the initialization vector (IV)

Explanation

An evil twin is an access point with the same SSID as the legitimate access point. It is a special type of unauthorized access point.

A rogue access point is an unauthorized access point that allows access to a secure network. Performing a site survey is the best way

to discover rogue access points. Discovering a large number of unauthorized wireless connections in a particular area is a sign of a

rogue access point.

War chalking is leaving signals about the wireless network on the outside of a building.

An IV attack is cracking the WEP secret key using the initialization vector (IV).





✓ A)

✗ B)

✗ C)

✗ D)

Another consideration in wireless networks is interference. If an organization implements multiple wireless access points, the

organization must ensure that the access points do not interfere with each other. This can be accomplished in one of two ways: deploy

the access points on different channels within the frequency or decrease the power level of the access point.

Objective:Security

Sub-Objective:Given a scenario, configure security on SOHO wireless and wired networks.

References:

Evil twin (wireless networks), http://en.wikipedia.org/wiki/Evil_twin_(wireless_networks)

CompTIA A+ Complete Review Guide: Exam 220-1001 and Exam 220-1002, Chapter 7: Security, 2.10 Given a scenario, configure

security on SOHO wireless and wired networks

Which Active Directory logical security concept would you implement to best protect a user’s data in the event of a hard drive crash?

Folder redirection

Login script

Organizational unit

Domain membership

Explanation

Folder redirection would protect a user’s data in the event of a hard drive crash. Instead of storing the user’s data (such as the

Documents folder) on the local hard drive, folder redirection points to a network storage location, such as a server or a cloud location.

Login scripts would allow you to assign security policies to users at the time of login, but they would not inherently protect against a

hard drive crash.

Domain membership, in terms of logical security, would validate that the user, group, or device should be granted access to the domain.

Organizational units, in terms of logical security, would validate that the user, group, or device should be granted access to the

appropriate portion of the domain.

Other logical security controls including maintenance of Group Policy/updates, and the location of a user’s Home Folder.

Objective:Security


References:

http://en.wikipedia.org/wiki/Evil_twin_(wireless_networks)





✓ A)

✗ B)

✗ C)

✗ D)

Folder Redirection, Offline Files, and Roaming User Profiles overview, https://docs.microsoft.com/en-us/windows-server/storage/folder-

redirection/folder-redirection-rup-overview

You are attending a class on network identification and authentication. What is the most common form of identification and

authentication?

user identification with reusable password

two-factor authentication

smart cards

biometrics

Explanation

The most common form of identification and authentication is user identification with reusable password. User identifications (IDs) and

passwords are something you know, such as your personal information or an alphanumeric word or phrase that you memorize.

Biometrics, while not the most common form of identification and authentication, is more secure than user identification and passwords.

Biometrics is something you are, such as a fingerprint. This type of authentication would be more secure than a password, because

your fingerprint will never change.

Smart cards are not commonly implemented because of the expense; however, they are more secure than using user identification and

passwords. Smart cards, a Type 2 authentication factor, are something you have, such as a physical card that you must swipe or scan

to gain access. Smart cards require an external reader device embedded with integrated circuits or an internal PCMCIA slot for

authentication purposes.

Two-factor authentication must include two of the following three categories: something you know (Type I), some you have (Type II), or

something you are (Type III). Two-factor authentication is not as common as user identification and passwords.

When assessing identification and authentication controls, it is good practice to maintain a list of authorized users and their approved

access levels. A password policy should force users to change their passwords at predefined intervals. User accounts should be

terminated when employment is terminated, or suspended while the user is on vacation or leave. Account lockout policies can ensure

that unsuccessful login attempts will eventually result in an account being locked out. This is also referred to as failed attempts lockout.

A token device can also be used during authentication. This device displays a number or alpha-numeric pattern that changes over time.










https://docs.microsoft.com/en-us/windows-server/storage/folder-redirection/folder-redirection-rup-overview
















use is audited.)













Autorun did.



Objective:Security


References:

Greater precautions to protect vital information are available, http://www.wordinfo.info/words/index/info/view_unit/3986/?

letter=a&page=1&spage=1&s=technology



http://www.wordinfo.info/words/index/info/view_unit/3986/?letter=a&page=1&spage=1&s=technology%C2%A0%C2%A0




✗ A)

✓ B)

✓ C)

✓ D)


Several users will be using a new Windows 7 computer. You have been asked to configure the accounts in the appropriate manner to

maximize security. Which procedures should you implement? (Choose all that apply.)

Disable the Administrator account

Rename the Administrator account.

Rename the Guest account.

Disable the Guest account.

Explanation

You should rename both the Administrator and Guest accounts because these accounts are created by default. Renaming the accounts

provides an added level of security for these accounts. You should also disable the Guest account. The Guest account should only be

enabled in certain instances and should only be enabled temporarily. By default, the Guest account in Windows 7 and later is disabled,

but you should always confirm this is true.

For the A+ exam, you should be familiar with the Administrator account, the Power Users group, the Guest account, and standard

accounts.

The Power Users group is a special group that was granted some advanced permissions in Windows XP. While this group is retained in

Windows 7 for legacy purposes, it has no more privileges than a standard user.

Standard accounts or users have limited privileges on a system and cannot perform any administrative-level tasks. Windows 8, 8.1, and

10 allow you to do all the same functions, only they are accessed differently. Remember that Windows 8 and above are mostly

designed for touch screen or tablet computers, so you will need to practice swiping and typing to access the same services as in prior

editions of Windows.

Objective:Security

Sub-Objective:Compare and contrast the differences of basic Microsoft Windows OS security settings.

References:

How and Why to Change the Built-in Administrator Account Name in Windows, http://www.tekrevue.com/tip/change-built-in-

administrator-account-name/

Rename the Guest Account in Windows 7 for Enhanced Security, http://www.howtogeek.com/howto/6754/rename-the-guest-account-in-

windows-7-for-enhanced-security/

Turn the guest account on or off, http://windows.microsoft.com/en-us/windows/turn-guest-account-on-off#1TC=windows-7

CompTIA A+ Complete Review Guide: Exam 220-1001 and Exam 220-1002, Chapter 7: Security, 2.6 Compare and contrast the

differences of basic Microsoft Windows OS security settings

http://www.tekrevue.com/tip/change-built-in-administrator-account-name/

http://www.howtogeek.com/howto/6754/rename-the-guest-account-in-windows-7-for-enhanced-security/

http://windows.microsoft.com/en-us/windows/turn-guest-account-on-off




✗ A)

✗ B)

✗ C)

✓ D)

Vivian wants to set permissions on a certain folder to allow users to modify data. What is she really allowing them to do with this type of

permission?

The user can read files and view the contents of a directory and any of its subdirectories.

The user has all rights to change permissions and take ownership of the directory or any of

its subdirectories.

The user can read, write, execute, and delete everything, EXCEPT the folder.

The user can read, write, execute, and delete everything, including the folder.

Explanation

With this type of permission, the user can read, write, execute, and delete everything, including the folder. NTFS permissions set on a

file or a folder are done by accessing the folder s Properties dialog box and then opening the Security tab. In a nutshell, NTFS enable

you to set up security settings on files and folders with the following permissions:

Full Control - Grants users all permissions on the folder. Administrators have this access.

Modify - Grants users a high level of access, except the ability to take full ownership.

Read & Execute - Allows users to read files and execute executable files.

List Folder Contents - Allows users to list the contents of the folder. It does not allow them to read the individual files within that

folder. They can only see the file and folder names.

Read - Allows users to read the folder's contents.

Write - Allows user to write or edit the folder's contents.

Modify permissions combine read, write, execute, and delete permissions on everything, including the folder.

File attributes are located on the General tab of a file as shown in the following exhibit:



The attributes are as follows:

Read-only: Files with this attribute cannot be edited or saved. Safest attribute when file sharing.

Hidden: Files with this attribute can only be seen in the system by Administrators or when certain commands are used.

If you click the Advanced button, you will see the following settings:

File is ready for archiving: The archive attribute was originally used to denote files needing backup. However, this is seldom used

now unless users need to mark a file for deletion.

Allow this file to have contents indexed in addition to file properties: Controls how indexing handles the file.

Compress contents to save disk space: Compresses the file.

Encrypt contents to secure data: Encrypts the file.

The Advanced Attributes dialog box is shown in the following exhibit:




✗ A)

✗ B)

✗ C)

✓ D)

Again, setting or clearing the checkboxes will set or clear the file's attributes. These settings are used in all versions of Windows.

For the A+ exam, you must also understand the ability to run as an administrator versus as a standard user. Standard users have fewer

permissions in a system. Some commands and utilities may not be accessible by standard users. If the standard user tries to run them,

they will receive a prompt requesting administrator credentials to run. If the user has an administrative-level account, he should input

that information. Otherwise, the user will need to contact an administrator to run restricted commands and utilities.

Objective:Security


References:

Differences Between Share and NTFS Permissions, https://blog.netwrix.com/2018/05/03/differences-between-share-and-ntfs-

permissions/



Your company has decided it wants to implement multi-factor authentication. What is the BEST implementation you should deploy?

smart cards, usernames, and PIN

smart cards, usernames, and strong passwords

usernames, strong passwords, and PIN

biometrics, smart cards, and strong passwords

Explanation

https://blog.netwrix.com/2018/05/03/differences-between-share-and-ntfs-permissions/





✗ A)

✗ B)

✗ C)

✓ D)

You should deploy biometrics, smart cards, and strong passwords. This covers three different factors of authentication: something you

are (biometrics), something you have (smart cards), and something you know (passwords.)

Biometrics devices help verify users' identities against unique physical characteristics. Biometric devices include retinal scanners, hand

scanners, and fingerprint.

Smart cards, which are a type of identification badge, are used to give people access to buildings, doors and computers and parking

lots. Smart cards are inserted into a computer or a smart card reader. Although you cannot duplicate them, they can be easily stolen, so

modern smart cards have users enter passwords or PINs to activate them.

Usernames, strong passwords, and a PIN are all things you know, so this solution would not be considered multifactor authentication.

Smart cards, usernames, and strong passwords only include two factor types: something you have and something you know.

Smart cards, usernames, and PINs only include two factor types: something you have and something you know.

Objective:Security


References:

What is Multifactor Authentication, https://searchsecurity.techtarget.com/definition/multifactor-authentication-MFA


Nicola reports to the security guards that individuals are following closely when she enters buildings, using her credentials to gain

access. She knows that some of them are valid employees but is concerned that not all of the people are. What security breach is she

reporting?

shoulder surfing

zero-day attack

zombie

tailgating

Explanation

She is reporting a tailgating attack. Tailgating occurs when someone uses your credentials without your knowledge to gain entry to a

building. The unauthorized individual usually just follows closely behind you as you enter, gaining access to the building without

needing a key, a card, or other security device. Many social engineering intruders who require physical access to a site will use this

method to gain entry, and can compromise the integrity of the authorized user.

Piggybacking is the act of gaining unauthorized access to a facility by using another user's access credentials. Tailgating and

piggybacking differ in one key way: in piggybacking, the person who piggybacks does so with the knowledge of the person entering,

whereas in tailgating; the person entering does not give the intruder permission.

https://searchsecurity.techtarget.com/definition/multifactor-authentication-MFA





✗ A)

✗ B)

✓ C)

✗ D)

Shoulder surfing occurs when hackers watch or sit close to someone and memorize their sensitive data. They will watch for people

entering passwords, typing credit card numbers, or other private activities. The best way to avoid shoulder surfing is to survey the area

you will be sitting in, sit away from other people’s lines of sight, and not log in to banking sites or other sensitive sites from public

places. You can dim your screen or purchase privacy filters, but trying to avoid these types of activities in public is best.

Zero-day attacks occur when live environments become vulnerable and targeted before a fix or patch can be created by the vendor. A

zero-day attack occurs when security is breached on the same day an application is released.

A zombie is a type of malware that installs itself on many computers and infects them. Once installed, a hacker can connect to the

infected zombie. After that, the attacker controls all the zombies, also referred to as bots. The collection of zombie computers is called a

botnet, and the individual computers are called zombies. Zombies are used to carry out malicious acts.

Objective:Security


References:

Social Engineering: What is Tailgating?, https://blog.mailfence.com/what-is-tailgating/



According to your company’s new security policy, the administrator must define the number of days that a password can be kept before

the user can change it. Which password policy setting should the administrator use?

the Enforce password history setting

the Maximum password age setting

the Minimum password age setting

the Minimum password length setting

Explanation

You can configure the Minimum password age setting on a Windows computer to define number of days that a password must be kept

before the user can change it. The Minimum password age setting determines how many days a new password must be kept before

the user can change it. The Minimum password age setting is designed to work with the Enforce password history setting to prevent

users from changing back to their old passwords by quickly resetting their passwords the required number of times.

When implementing a new password policy, you should encourage the users to create their passwords by using a combination of

numbers and letters so that the passwords are difficult to guess. You should also encourage users to memorize their passwords instead

of writing them down somewhere. Passwords that are written down on a piece of paper or stored in an easily accessible file on their

computers can pose a security threat to the users' computers.

https://blog.mailfence.com/what-is-tailgating/




You cannot use the Enforce password history setting to define number of days that a password must be kept before the user can

change it. The Enforce password history setting determines the number of unique new passwords a user must use before an old

password can be reused, not the number of days that a password must be kept before the user can change it.

You cannot use the Maximum password age setting to define number of days that a password must be kept before the user can

change it. The Maximum password age setting determines number of days a password can be used before the user is required to

change it, not the number of days that a password must be kept before the user can change it.

You cannot use the Minimum password length setting to define number of days that a password must be kept before the user can

change it. The Minimum password length determines the minimum number of characters a password must have, not the number of

days that a password must be kept before the user can change it.






















use is audited.)













Autorun did.




✗ A)

✓ B)

✗ C)

✗ D)



Objective:Security


References:

Minimum password age, http://technet.microsoft.com/en-us/library/cc779758(v=ws.10).aspx



Your company has recently adopted several new security policies regarding mobile devices. Which mobile device application helps

when a mobile device is stolen, but also raises privacy concerns?

remote backup applications

locator application

remote wipe applications

passcode applications

Explanation

Locator applications help when a mobile device is stolen. Most locator applications can locate a lost device, lock the lost device, and

remote wipe the device. Locator applications also raise privacy concerns because the apps can be used to trace the mobile device.

Remote wipe applications do NOT raise privacy concerns. Remote wipe applications are capable of removing all data from a mobile

device in the event that the mobile device is lost or stolen.

Remote backup applications do NOT raise privacy concerns. Remote backup applications are capable of backing up and restoring a

mobile device without physically being connected to a computer.

Passcode applications do NOT raise privacy concerns. Passcode applications are capable of ensuring that users must enter a

passcode before being able to access the device's features and applications. Most mobile devices have a built-in passcode feature, but

there are several passcode applications available on the market. In most cases, passcode applications can be configured to lock or

wipe a device after a certain number of invalid passcode entries.

Objective:Security







✗ A)

✗ B)

✗ C)

✓ D)

References:

The Do‘s and Don‘ts of Location Aware Apps; A Case Study, https://www.synack.com/2014/09/05/the-dos-and-donts-of-location-aware-

apps-a-case-study/



Adam is new to networking and is curious about the various terms like MAC address and MAC address filtering. What would be the

best description to explain to him about the purpose of MAC address filtering?

to provide port authentication for a wireless network

to ensure that unused ports are not accessible by clients

to restrict the clients that can access a Web site

to restrict the clients that can access a wireless network

Explanation

The purpose of MAC address filtering is to restrict the clients that can access a wireless network. Access is restricted based on the

client's media access control (MAC) address, which is the unique identifier that is encoded on the network interface card (NIC).

However, this is no longer considered a major security configuration because MAC addresses can usually be obtained using a network

sniffer.

MAC address filtering is not used to restrict the clients that can access a Web site. This is most often done using access control lists

(ACLs).

802.1x provides port authentication for a wireless network using Extensible Authentication Protocol (EAP).

To ensure that unused ports are not accessible by clients, you should disable all unused ports.

Some of the methods for securing wired and wireless networks include:

Firewall settings - Configure the firewall to allow only the traffic that is needed and to deny all other traffic.

Port forwarding/mapping - Port forwarding is a function typically performed on Network Address Translation (NAT) device. One port

number is set aside on the gateway for the exclusive use of communicating with a service in the private network, located on a

specific host. External hosts must know this port number and the address of the gateway to communicate with the network-internal

service. This hides the real IP address of the destination device or server to protect it from connections outside the LAN.

Disabling ports - This prevents communication on unused ports. Ports that are not needed for communication should always be

disabled.

Content filtering / parental controls - This allows you to control the content that can be displayed on a device.

Update firmware - This ensures that the device has the most recent enhancements, including security enhancements.

Physical security - Network devices should be secure from physical access, which usually means locking them in closets

specifically designed for this type of equipment

https://www.synack.com/2014/09/05/the-dos-and-donts-of-location-aware-apps-a-case-study/





✓ A)

✓ B)

✗ C)

✓ D)

✗ E)

Objective:Security


References:

Enable MAC address filtering, http://compnetworking.about.com/cs/wirelessproducts/qt/macaddress.htm



When explaining the differences between NTFS and FAT32 to a user installing Window 7, which three benefits would you share with

them regarding NTFS?

better security

file encryption

virus protection

better disk space management

malware protection

Explanation

NTFS is the file system that comes with Windows that provides better security, file encryption, and better disk space management than

FAT32.

FAT and FAT32 are relatively stable, but if the power goes out or an unexpected system crash occurs, data is not always recoverable.

NTFS has a tracking system that manages transactions, files, directories and volumes in a more secure fashion. NTFS also holds

permissions for local users and groups and allows them to have read, write, read and execute, modify, full control, or special

permissions to both folders and files. Permissions can be configured for allow versus deny. Additionally, it allows file encryption, which

prevents hackers from accessing data easily.

NTFS does not provide malware or virus protection. Malware is malicious, invasive software installed on your computer with the intent

to harm. A virus is a specific type of malware capable of copying itself and typically has a detrimental effect on the computer on which it

is installed.

Objective:Security


References:

FAT32 vs NTFS, https://www.diffen.com/difference/FAT32_vs_NTFS

http://compnetworking.about.com/cs/wirelessproducts/qt/macaddress.htm


https://www.diffen.com/difference/FAT32_vs_NTFS




✗ A)

✗ B)

✓ C)

✗ D)


✗ A)

✗ B)

✗ C)

✓ D)



A user asks you to describe how computers are infected with viruses. Which option is NOT usually a way that a virus infection occurs?

through the Internet

through email

through vendor installation CDs

through file sharing

Explanation

Vendor installation CDs are not usually a way that a virus infection occurs. Most vendors ensure that the installation files and media are

virus free before disseminating them.

In most cases, virus infections occur through the Internet, through email, or through file sharing. Most virus scanners include a feature

that scans all files for viruses as you open them. In addition, the virus scanner email function scans email attachments for viruses,

thereby preventing the spread of worms.

Objective:Security


References:

Computer viruses vs. worms, https://usa.kaspersky.com/resource-center/threats/computer-viruses-vs-worms



Which of the following is an example of phishing?

an attack that uses drones to obtain email accounts to send spam

a program that sends out your personal information to an advertiser

a Visual Basic script attached to an email that infects your system

an email request from a financial institution asking you to log in and change your password

using the provided link

Explanation


https://usa.kaspersky.com/resource-center/threats/computer-viruses-vs-worms





✗ A)

✗ B)

✗ C)

✓ D)

An example of phishing is an email request pretending to be from a financial institution asking you to log in and change your password

using the provided link. Phishing attacks always appear to be from a legitimate source.

An example of a Trojan is a Visual Basic script attached to an email that infects your system. A virus could also infect you in this way.

An example of a botnet attack is an attack that uses drones (also referred to as zombies) to obtain email accounts to send spam. Keep

in mind that a botnet attack always uses multiple computers to carry out a coordinated attack. A zombie is the term used for any single

device that participates in a botnet attack. A denial-of-service attack is usually carried out by botnets.

Spam is unsolicited email.

An example of spyware is a program that sends out your personal information to an advertiser usually without your permission.

Objective:Security


References:

What is phishing?, http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci916037,00.html



A user’s computer is infected with a malicious program that replicates itself to computers on a network through security loopholes.

Which malware has infected this computer?

Trojan horse

email virus

boot virus

worm

Explanation

A worm is a malicious program that replicates itself to computers on a network through security loopholes. A worm infects a computer

by detecting various vulnerabilities and security loopholes on a computer. After the computer is infected, the worm attempts to replicate

itself by detecting similar security loopholes and vulnerabilities in other computers on the network.

All of the other options are malicious, but they do not self-replicate through security loopholes of computers on a network.

A boot virus is a virus that infects a hard disk, but not the programs in a computer. Typically, the Master Boot Record (MBR) of a hard

disk is infected by the boot virus. If the MBR is damaged in a hard disk and the hard disk is the bootable device, a computer will not

boot. The hard disk cannot be used until it is fixed by the MBR repair utility.

http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci916037,00.html





✗ A)

✗ B)

✓ C)

✗ D)

✓ E)

An email virus spreads through email and continues to replicate itself to a number of recipients who open the attachments contained in

the infected email.

A Trojan horse virus is typically hidden in a program that does not appear to be harmful. When the program is executed, the Trojan

horse virus executes as well and damages the programs or data stored on the computer.

A virus can be defined as a malicious program that sits in a computer system without the consent of the owner and causes damage to

the system. Many types of viruses are rampant. The Internet serves as a major entry point for a virus. Users tend to download and run

various programs without running a proper scan. This may result in the downloading of malicious viruses. A virus is capable of either

making a system unbootable or deleting valuable data and system files from the system. The implications of a virus attack on a system

differ with the type of the attacking virus.

Objective:Security


References:

What is a Computer Worm, and How Does it Work?, https://us.norton.com/internetsecurity-malware-what-is-a-computer-worm.html



After installing a software firewall on his computer, a user reports that he is unable to connect to any Web sites. The user must be able

to connect to all types of Web sites.

Which ports should you open in the firewall application? (Choose two.)

port 25

port 20

port 443

port 21

port 80

Explanation

To be able to connect to all types of Web sites, you should open port 80 and port 443 in the firewall application. Port 80 is used by

Hypertext Transfer Protocol (HTTP), the default protocol used by Web pages. Port 443 is used by Secure HTTP (HTTPS), the protocol

used by secure Web pages.

Port 20 and port 21 are used by the File Transfer Protocol (FTP), a protocol that is used to transfer files. Port 25 is used by the Simple

Mail Transfer Protocol (SMTP), a mail transfer application. None of these ports or protocols is needed to connect to Web sites.

https://us.norton.com/internetsecurity-malware-what-is-a-computer-worm.html




Disabling ports that are not used is part of any good security plan. Any ports that are left open can be used by hackers to attack devices

on the network.

For the A+ exam, you need to understand the following common prevention methods used for digital security:

Antivirus / antimalware - Deploying antivirus / antimalware software on all computers is vital to security. Technicians should always

ensure that computers have these applications installed and enabled. In addition, this software should be kept up-to-date. Most

antivirus / antimalware applications can be configured for automatic updates without user interaction.

Firewalls - Firewalls are used to protect networks and computers by permitting or denying access based on the firewall

configuration. Packet filter firewalls allow or deny traffic based on the application type, port number, or other criteria. Proxy firewalls

process communication from outside a network. Internal requests are routed through the proxy, which isolates the internal

resources from the outside network because only the proxy firewall actually sends the requests. Proxy firewalls can operate at the

application level or circuit level. Stateful inspection firewalls maintain a state table that tracks all communication. The firewall uses

the state table to make decisions on how to route traffic.

Anti-spyware - Like antivirus software, deploying antispyware software on all computers is vital to security. Technicians should

ensure that an antispyware application is installed and enabled. The antispyware application should be kept up-to-date.

User authentication - User authentication should be deployed to ensure that only authorized users have access to resources on the

network. As part of user authentication, users should provide a user name and password. Policies should be in place to ensure that

passwords are complex enough so that they are not susceptible to dictionary attacks.

Strong passwords - Strong passwords include a combination of lowercase and uppercase letters, numbers, and special characters.

Multifactor authentication - Multifactor authentication includes authentication methods from more than one category. The categories

include something you know (like a password), something you have (like a smart card), something you are (like a fingerprint), and

somewhere you are (like at a specific computer or in a specific facility). Two-factor authentication uses authentication factors from

two of the categories. Multifactor authentication uses authentication factors from at least three of the categories.

Directory permissions - These ensure that NTFS is deployed on all computers that are accessed and that directory permissions are

configured as specified by the data owners. They deploy a user authentication mechanism and employ password policies to ensure

that passwords are complex and must be changed at regular intervals.

Virtual private network (VPN) - A user connects to a VPN using a public network. The VPN has security mechanisms that protect

the traffic over the VPN. Many companies use VPNs to allow employees to remotely connect to internal resources.

Data loss prevention (DLP) - A DLP program ensures that data is protected while in use, in motion, and at rest. Most DLP devices

analyze data on the network to ensure that the data is being appropriately protected using content and context analysis.

Disabling ports - Any unused ports should be disabled to ensure that an attacker cannot use the ports to break into a system or

network. Port analysis will allow you to determine which ports are open.

Access control lists (ACLs) - ACLs are configured to limit access to files and folders. You should ensure that ACLs are configured

properly. Remember that administrative-level accounts are usually given full control permissions.

Smart cards - A smart card is a plastic card with a built-in processor. They are used typically for personal identification and are an

authentication factor (something you have).

Email filtering - An email filter allows you to configure rules that determine what is done with certain email. For example, you may

decide to send email from certain domains to its own folder so that you can later examine it. You may also decide to automatically

delete some junk email.

Trusted/untrusted software sources - Individuals and organizations often need additional software for their devices. Before installing

new software, users should ensure that the software is downloaded from a trusted source. For example, if a vendor has an

available download of an application but the application itself is owned by another vendor, it is always best to download the

application from the owner vendor. The secondary vendor may have added some malicious code to the version on their Web site.




✗ A)

✓ B)

✗ C)

✗ D)

Objective:Security


References:

List of TCP and UDP port numbers, http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers


After performing a vulnerability analysis, a security auditor alerts you that a server has been infected with a rootkit. Which statement

best defines this type of malware?

an application that uses tracking cookies to collect and report a user's activities

a collection of programs that grants a hacker administrative access to a computer or network

a program that spreads itself through network connections

a software application that displays advertisements while the application is executing

Explanation

A rootkit is a collection of programs that grants a hacker administrative access to a computer or network. The hacker first gains access

to a single system, and then uploads the rootkit to the hacked system. An example of a rootkit is a system-level kernel module that

modifies file system operations.

Adware is a software application that displays advertisements while the application is executing. Some adware is also spyware if it

monitors your Internet usage and personal information. Some adware will even allow credit card information theft.

Spyware often uses tracking cookies to collect and report a user's activities. Not all spyware is adware, and not all adware is spyware.

To define a program as spyware requires that your activities are monitored and tracked; to define a program as adware requires that

advertisements are displayed.

A worm is a program that spreads itself through network connections.

Malware is the term used to describe a group of malicious software applications that include:

Viruses

Worms

Spyware

Trojans

Rootkits

Backdoors

Logic bombs

Botnets

http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers%C2%A0%C2%A0%C2%A0%C2%A0





✓ A)

✗ B)

✗ C)

✗ D)

Objective:Security


References:

Rootkit, http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci547279,00.html



Your organization is adopting a new password policy to increase security. Which policy is the most secure password policy?

Password change requests must be made in person.

Password change requests must be made by email message.

Password change requests must be made by telephone.

Password change requests must be made in writing.

Explanation

The most secure password change request policy is to require users to make password change requests in person. The administrator

should request a user's credentials and photo identification to verify that the user is the valid user.

All other password change request policies are less secure than in-person requests. Password change requests in writing, by email

message, or by telephone could be made by people posing as authorized personnel, even if they must verify identity using preset

answers to questions.

Any time a user requests a password change, you must verify the user's identity. While the best policy is to verify the user's identity in

person, it is not always possible to do so. An alternative would be to require the user to provide answers to certain questions, such as

mother's maiden name, last four digits of a social security number, and so on. However, it is possible for hackers to exploit this solution.

You should never send a user his password information in an email message because email can be intercepted and read. You should

never give a user his password over the telephone without first verifying his identity. You should never reset a user's password without

first verifying the user's identity.

Passwords that are not used very often can be forgotten. A good process for forgotten passwords is to reset the user's password to a

system default and force the user to change his password with the next logon. Always warn users not to write down their passwords.

Automatically generated passwords decrease the chance that a user will use a password that is easily cracked or an unsecure

password.


























use is audited.)













Autorun did.



Objective:Security


References:

Best Practices for a Secure 'Forgot Password' Feature, https://fishnetsecurity.com/6labs/resource-library/white-paper/best-practices-

secure-forgot-password-feature



https://fishnetsecurity.com/6labs/resource-library/white-paper/best-practices-secure-forgot-password-feature





✗ A)

✗ B)

✗ C)

✓ D)


You manage the workstations for your organization. You are concerned about the introduction of malicious software through seemingly

harmless activities like listening to music on a flash drive. Which of the following security practices should you implement?

Data encryption

Password reset/unlock account procedures

Patch/update management

Disable autorun

Explanation

If you disable autorun, this will prevent various types of media, such as CDs, DVDs, and Blu-Ray, from automatically launching and

playing when inserted. It will also disable autorun for other types of removable media, such as portable hard drives. If this feature is not

disabled, an attack can launch from a malicious executable installed on optical media.

Password reset/unlock account procedures will not prevent malicious software from being introduced from removable media. These

procedures are often available to an attacker by simply entering the account holder’s primary or alternate email address. If the attacker

knows the email address and the email account password, a Forgot password link will provide the information needed to access the

desktop account.

Data encryption will not prevent malicious software from being introduced from removable media. Data encryption can be accomplished

using the BitLocker feature in Windows or Encrypting File System (EFS). BitLocker encrypts the hard drive, and decryption requires the

user to input a PIN. BitLocker prevents an attack from occurring offline, such as during the boot process or after the hard drive is

removed and placed into another system. BitLocker will not protect the drive when Windows is running. EFS differs from BitLocker in

that EFS encrypts individual files based on user selection, while BitLocker provides automatic drive-level encryption.

Patch/update management is always a critical concern, but it doesn’t prevent malicious software from being introduced from removable

media. Ensuring that patches and updates are applied and current should be a basic component of system security.

Objective:Security


References:

How to configure AutoPlay default settings on Windows 10 https://www.windowscentral.com/how-configure-autoplay-windows-10

You need to ensure that the data on storage media is properly classified to ensure that the appropriate data is retained. Which

operation must you undertake to avoid mishandling of tapes, CD-ROMs, floppy disks, and printed material?

https://www.windowscentral.com/how-configure-autoplay-windows-10



✗ A)

✗ B)

✓ C)

✗ D)

offsite storage

zeroization

labeling

degaussing

Explanation

Proper labeling is required to avoid mishandling of the information on storage media, such as tapes and floppy disks. Compact discs

(CD-ROMs) and floppy disks are used to store small data sets while backup tapes are used to store large numbers of data sets.

Storage media containing confidential information must be appropriately marked and labeled to ensure appropriate classification. The

storage media should also be stored in a protected area. Each media should be labeled with the following details:

Classification

Date of creation

Retention period

Volume name and version

Name of the person who created the backup

Degaussing is not a media handling technique but a media sanitization technique. Degaussing is the process of reducing or eliminating

an unwanted magnetic field of a storage media, and also refers to a method of sanitizing the storage media by using magnetic forces.

Degaussing devices generate powerful opposing magnetic fields that reduce the magnetic flux density of the storage media to zero.

Degaussing is the preferred method for erasing data from magnetic media, such as floppy disks and magnetic tapes.

Zeroization is not a media handling technique but a media sanitization technique. Zeroization implies that a storage media is repeatedly

overwritten with null values, such as multiple ones and zeros, for sanitization. Zeroization is generally used in a software development

environment. Most data wiping applications use a zeroization technique to ensure that data cannot be retrieved from the drive. This

sets the hard drive to pre-format conditions.

Data transfer to an offsite location should take place to create a backup copy of the media if there is a disaster at the primary site. Data

transferred to an offsite location acts as a backup copy of the data. The storage media should be labeled appropriately to prevent

mishandling.

For the A+ exam, you need to understand the following data destruction or disposal methods:

Low-level format versus standard format - A standard format marks space that is occupied by data as being available, but it does

not actually erase the existing data. A low-level format completely cleans the disk, ensuring that all existing data is removed. Low-

level formats are performed by the disk manufacturer.

Hard drive sanitation methods - While the only sure method of rendering hard drive contents completely unreadable is the physical

destruction of the hard drive, there are two common methods of sanitizing hard drives that are used by technicians:

Overwrite - This sanitation method actually overwrites existing data with new data. This is often referred to as zeroization.

Drive wipe - This sanitation method erases the contents of the hard drive. This method is not foolproof. If you truly must ensure that

data cannot be retrieved, you should destroy the media.

Physical destruction methods - There are several different physical hard drive destruction methods that are used, including the

following:

Shredder - This is an accepted method for destroying CDs and DVDs. However, to shred hard drives, you would need access to an

expensive hard drive shredder.

Drill/hammer - After disassembling the physical hard drive, you could use a drill, hammer, or sander to turn the shiny surface of the

hard drive platters into dust. Make sure to wear both eye and nose protection. This process is very time- consuming.




✓ A)

✗ B)

✗ C)

✗ D)

Electromagnetic - This method uses strong magnets to destroy the magnetic media. A degaussing tool is actually a type of

electromagnetic destruction method.

Degaussing tool - This tool is a type of electromagnetic destruction tool. They range from $500 for a wand degausser to $30,000 for

a desktop degausser.

Incineration - This destroys the drive by burning it.

Certificate of destruction - Many companies offer drive destruction services and will provide a certificate of destruction for any

drives sent to them. This is preferred for drives that contain highly classified information.

Objective:Security

Sub-Objective:Given a scenario, implement appropriate data destruction and disposal methods.

References:

Maintaining Backup Archives and Records, http://osr507doc.xinuos.com/en/OSAdminG/buD.archive.html


appropriate data destruction and disposal methods

Your organization issues an iPhone to every member of senior management. As dictated by the organizational security policy, you

configure the iPhones with passcode locks and enable remote wipe.

A user from your organization contacts you that a company-issued iPhone has been lost. The iPhone contained confidential

information. You need to remove all the data from this iPhone.

What should you do?

Log in to iCloud.com, and select Find My iPhone. Select the device from the Devices list,

and click Erase iPhone.

Log in to iTunes, and select Find My iPhone. Select the device from the Devices list, and

click Lock.

Log in to iTunes, and select Find My iPhone. Select the device from the Devices list, and

click Erase iPhone.

Log in to iCloud.com, and select Find My iPhone. Select the device from the Devices list,

and click Lock.

Explanation

To remove all the data from the iPhone, you should log in to iCloud.com and select Find My iPhone. Then select the device from the

Devices list and click Erase iPhone. This will perform a remote wipe on the lost device.

You should not log in to iCloud.com, select Find My iPhone, select the device from the Devices list, and click Lock. This will lock the

iPhone, but will not perform a remote wipe.

http://osr507doc.xinuos.com/en/OSAdminG/buD.archive.html





✓ A)

✗ B)

✗ C)

✗ D)

You should not log in to iTunes. This is not the application that is responsible for performing remote wipes.

To remove all the data from the Android, you will need to go to settings and tap on security and choose - encrypt data. This will

scramble all your data. If you want to recover that data using any of the Data-recovery tools, you will have to provide a specific key to

unscramble the data first. In some phones it is called Encrypt Phone so you will tap on it and in the next page you can just tap on Set

screen lock type to set the lock. Please note that this may take at least an hour, so make sure your phone is fully charged before

starting the encryption. Once you have encrypted your phone, you can reset your phone to Factory settings. This will delete everything.

For Windows Phone 8 or 7, you should go to the Home screen and swipe to the left to wipe all data. Then scroll down, choose

Settings/About, and select the Reset your phone option. For Windows Mobile 6.5, you should go to the Home screen and select Start to

wipe all data. Then choose Settings/All Settings/System Tab, and select Clear Storage. For Windows Mobile 6 or 6.1, you go to the

Home screen and select Start to wipe all data. Then choose Settings/System Tab and select Clear Storage. Type 1234, and then tap

Yes.

Objective:Security


References:

Find My iPhone, iPad, and Mac, http://www.apple.com/icloud/features/find-my-iphone.html



You need to provide a physical security measure for a data center located on the second floor of a building. Management wants you to

implement the highest level of security possible. Which physical security control should you implement?

Biometrics

Key fobs

Passwords

ID badges

Explanation

You should implement biometrics. Biometric devices help identify users' physical characteristics and include retinal scanners, hand

scanners, fingerprint scanners, and DNA scanners.

ID badges do not provide as much security as biometrics because ID badges can be stolen or cloned. ID badges would provide a

second layer of security if they were used with biometrics.

Key fobs, or physical keys, do not provide as much security as biometrics because keys can be stolen or cloned. They could, however,

be used to provide another layer of security with biometrics.

http://www.apple.com/icloud/features/find-my-iphone.html





✓ A)

✗ B)

✗ C)

✗ D)

Passwords do not provide as much security as biometrics because passwords can be stolen or discovered using brute force or

dictionary attacks. They could, however, be used to provide another layer of security in conjunction with biometrics.

When considering physical security, IT professionals should also consider securing physical documents/passwords/shredding. It is

highly recommended in companies that are not completely paperless to put policies into place to protect physical documents and

passwords. Intruders will actually dive into dumpsters to obtain highly sensitive data, so it is recommended that documents with

confidential information (especially those with passwords) be shredded or burned.

Radio Frequency Identification (RFID) is a wireless technology that does not require contact. It can be used in cards and workstations

to validate security systems. Smart cards, which are a type of identification badges, are used to give people access to buildings, doors,

computers, and parking lots. Smart cards are inserted into a computer or a smart card reader to unlock access to a resource. Although

you cannot duplicate them, they can be easily stolen, allowing the thief to have access to the card. For this reason, modern smart cards

have users enter passwords or PINs to activate them.

Tokens are physical in nature and are used when a user has one-time access via a password or identity authentication.

Privacy filters are placed over monitors, and prevent side viewing and shoulder surfing while allowing the authorized user an

unrestricted view of the screen.

Entry control rosters are useful to track users arriving and departing. They can be kept manually by a person, or digitally using device

that logs in the physical locations where users are arriving and departing the facility. Users must be authenticated against the entry

control roster. The data is dumped onto a server and backed up in case someone is not there or in case the manual log is lost.

Objective:Security


References:

What is biometrics?, https://searchsecurity.techtarget.com/definition/biometrics



Your organization is concerned with unauthorized users downloading confidential data to removable media. You decide to encrypt the

confidential data using the Encrypting File System (EFS).

You need to copy an EFS-encrypted file. The file will be copied to an NTFS volume that does not implement EFS. What is the state of

the file?

The original version of the file remains encrypted. The new version of the file is decrypted.

The original version of the file is decrypted. The new version of the file is decrypted.

The original version of the file remains encrypted. The new version of the file is encrypted.

The original version of the file is decrypted. The new version of the file is encrypted.

https://searchsecurity.techtarget.com/definition/biometrics





✗ A)

Explanation

When you copy an EFS-encrypted file to an NTFS volume that does not implement EFS, the new version of the file is decrypted.

However, the original version of the file remains encrypted.

None of the other statements is correct.

When you copy an unencrypted file to an NTFS volume that implements EFS, the original version of the file remains decrypted.

However, the new version of the file is encrypted.

When you move an encrypted file in the same NTFS volume, the file will remain encrypted. When you move an encrypted file to an

NTFS volume that does not implement EFS, the file will be decrypted. When you move an encrypted file to an NTFS volume that

implements EFS, the file will remain encrypted.

When you move an unencrypted file to an NTFS volume that implements EFS, the file will be encrypted.

To decrypt files that have been encrypted with EFS, you need the EFS recovery agent.

When you copy a file from one partition to another, the original copy will retain its permissions. The new copy will inherit the

permissions from its parent folder. When you move a file from one partition to another, the moved file will retain its original permissions.

Keep in mind, though, that this only pertains to copying or moving between NTFS permissions. Because FAT or FAT32 partitions do not

support individual file permissions, none of the NTFS file permissions can be retained in a copied file.

Organizations must implement the appropriate policies and procedures to protect corporate data and assets. Distinctions should be

made between bring-your-own-device (BYOD) policies and corporate-owned policies. Because BYOD allows use of personal devices,

you may not be able to control the security settings on the devices. However, you can control through the use of network access control

(NAC) services what assets BYOD devices can access and what actions they can perform based on their security configuration. For

corporate-owned devices, it will be easier to ensure that they have the correct settings.

If you implement NAC, you can set up security profiles that will verify the security settings for different devices. These devices can be

allowed or denied access based on the profile security requirements.

Objective:Security


References:

Breaking Down NTFS Permissions, http://www.techrepublic.com/forum/discussions/102-326370-3249880



Which option would best address the security issues surrounding a BYOD policy in the organization?

Multifactor identification

http://www.techrepublic.com/forum/discussions/102-326370-3249880




✓ B)

✗ C)

✗ D)


✗ A)

✓ B)

✗ C)

✗ D)

MDM policies

Software tokens

Smart card

Explanation

Mobile Device Management (MDM) policies would best address the security issues inherent in bring your own device (BYOD) policies

in the workplace. MDM policies can allow the organization to control the security of its assets, even assets that are not owned by the

organization, while at the same time allowing the employee the freedom of using their own personal devices, such as smart phones and

tablets.

None of the other options addresses BYOD.

Software tokens can be installed on a device to control authentication. Some advantages of a software token over a smart card include

ease of updates and decreased chance of being lost or stolen.

Multifactor authentication employs the use of two or more of the following authentication methods: something you have, something you

know, something you are, somewhere you are, and something you do.

A smart card typically has an RFID chip or some type of authentication mechanism. One example of a smart card is the Common

Access Card (CAC) issued by the US Department of Defense (DoD).

Objective:Security


References:

What is the difference between BYOD and MDM, https://centretechnologies.com/what-is-the-difference-between-byod-and-mdm/

You need to ensure that users are able to log into multiple systems using the same login credentials. Which technology should you

deploy?

two-factor authentication

SSO

VPN

multifactor authentication

Explanation

You should deploy single sign-on (SSO) to ensure that users are able to log in to multiple systems using the same login credentials.

A virtual private network (VPN) allows a user to connect to a private network over a public network, such as the Internet. Multifactor

authentication involves the use or two or more authentication factors. Two-factor authentication involves the use of two factors of

https://centretechnologies.com/what-is-the-difference-between-byod-and-mdm/




✗ A)

✗ B)

✗ C)

✓ D)

authentication. The factors of authentication include something you have, something you know, something you are, and somewhere

you are.

Authenticator applications, such as Google Authenticator, allow a mobile device to use a time-based one-time password (OTP)

algorithm with a site or system that requires such authentication. In the setup operation, the site provides a shared secret key to the

user over a secure channel to be stored in the authenticator app. This secret key is used for all future logins to the site. The user will

enter a username and password into a website or other server, generate a one-time password for the server using OTP running locally,

and type that password into the server as well. The server will then also run OTP to verify the entered one-time password.

Objective:Security


References:

Single Sign-On (SSO) Explained, https://www.sitepoint.com/single-sign-on-explained/



You are updating the offboarding procedures and policies for your organization. You need to retain a terminated employee’s data while

blocking the terminated employee’s access to that data. Which Active Directory function should you implement?

Account creation

Password reset

Account deletion

Disable account

Explanation

You should disable the account. If you disable the user account, the data is available for backup and archive procedures, but not

available to the user.

Account deletion will delete the user and possibly the associated data. However, even if you retained the user’s data, you may not be

able to access the data if only the deleted user’s account is configured to have access to that data.

Password reset procedures will not necessarily block the terminated employee’s access to the data because they are often available to

an attacker by simply entering the account holder’s primary or alternate email address. If the attacker knows the email address and the

email account password, a Forgot password link will provide the information needed to access the desktop account. Often an account

is locked after a certain number of invalid attempts. Most companies configure the locked accounts to reset after a certain amount of

time, meaning the accounts can be accessed after that time period. However, a better security practice is to implement unlock account

procedures, which can include multiple authentication factors or contacting IT support.

https://www.sitepoint.com/single-sign-on-explained/





✓ A)

✗ B)

✗ C)

✗ D)

Account creation in Active Directory might allow you to create a new user account associated with a different department, password, or

OU, but the original access would still remain.

Objective:Security


References:

How to use the UserAccountControl flags to manipulate user account properties https://support.microsoft.com/en-us/help/305144/how-

to-use-useraccountcontrol-to-manipulate-user-account-properties

You need to access a shared folder named research$. Which fact is true about this shared folder?

It is hidden.

It is a local share.

It is an administrative share.

It is visible.

Explanation

Because the shared folder ends with a dollar sign, you should know it has the following qualities:

It is hidden.

It requires administrative privileges to access.

A share that ends with a dollar sign ($) is not a local or administrative share. Local shares are created locally and usually have the icon

of a hand in all versions of Windows. Local shares can be seen by all users on the network.

Administrative shares are not the only hidden objects. System files and folders are often hidden so that they do not appear when a

standard user views a directory listing. System files and folders are assigned the hidden attribute to provide this security.

Objective:Security


References:

How to Create a Hidden Network Share in Windows, http://www.online-tech-tips.com/computer-tips/how-to-create-a-windows-xp-

hidden-folder-share/

https://support.microsoft.com/en-us/help/305144/how-to-use-useraccountcontrol-to-manipulate-user-account-properties

http://www.online-tech-tips.com/computer-tips/how-to-create-a-windows-xp-hidden-folder-share/




✗ A)

✗ B)

✓ C)

✗ D)



In recent weeks, management has established administrators must ensure password strength. Which password setting is most

important to ensure password strength?

password age

password lockout

password complexity

password history

Explanation

Password complexity is most important to ensure password strength. Password complexity allows you to configure which characters

should be required in a password to reduce the possibility of dictionary or brute force attacks. A typical password complexity policy

would force the user to incorporate numbers, letters, and special characters. Both uppercase and lowercase letters can be required. A

password that uses a good mix, such as Ba1e$23q, is more secure than a password that only implements parts of these requirements,

such as My32birthday, NewYears06, and John$59.

Password age allows you to configure the minimum or maximum number of days before a user is required to change the user's

password. It is a good security practice to enforce a password age of 30 to 60 days. Some companies force users to change their

passwords monthly or quarterly. This interval should be determined based on how critical the information is and on how frequently

passwords are used.

Password history allows you to configure how many new passwords must be created before an old one can be reused. This setting

enhances security by allowing the administrators to ensure that old passwords are not being reused continually. Passwords that are

used repeatedly are sometimes referred to as rotating passwords.

Password lockout allows you to configure the number of invalid logon attempts that can occur before an account is locked. Usually this

password lockout policy also allows you to configure the number of days that the account remains in a locked state. In some cases, you

may want to configure the account lockout policy so that an administrator must be contacted to re-enable the account. The

recommended maximum number of failed logins is three.

The use of strong passwords will help to prevent password cracking, which is the process of cracking the password using a dictionary

or brute force attack. A security administrator should periodically test the strength of user passwords. The best method for testing is to

copy the user password database to a stand-alone server, and use a password-cracking program against the database.

Objective:Security


References:





✗ A)

✗ B)

✗ C)

✓ D)


Passwords must meet complexity requirements, http://technet.microsoft.com/en-us/library/cc786468(v=ws.10).aspx



Which statement is true regarding smart cards?

Smart cards are used only as hotel room keys.

Smart cards do not contain a microprocessor.

Smart cards use infrared.

Smart cards can be deactivated or replaced.

Explanation

An advantage of using a smart card is that you can deactivate or replace a card key if a user reports it lost or stolen. Smart cards

contain a microprocessor that stores information, such as financial, authorization, and personal information. Smart cards are

implemented with computers to improve network security. Usually a smart card reader is connected to a computer's USB port or

laptop's PCMCIA port.

The option stating that smart cards can only be used as hotel room keys is incorrect because smart cards can be used as credit cards,

identity cards, and computer room access cards.

The option stating that smart cards do not contain a microprocessor is incorrect. Smart cards contain a microprocessor that stores

authentication information.

The option stating that smart cards use infrared technology is incorrect. Usually, smart cards are read by card readers using radio

waves.

Objective:Security


References:

MIT, Advantages of Smart Cards, http://web.mit.edu/ecom/Spring1997/gr12/4ADVECOM.HTM

Howstuffworks, Main, Electronics, ShortStuff, What is smart card?, http://computer.howstuffworks.com/question332.htm





http://web.mit.edu/ecom/Spring1997/gr12/4ADVECOM.HTM%C2%A0%C2%A0

http://computer.howstuffworks.com/question332.htm%C2%A0%C2%A0




✗ A)

✓ B)

✗ C)

✗ D)


✗ A)

✗ B)

✓ C)

✗ D)

You are implementing a physical security system and are concerned with the authentication mechanism being lost or stolen. Which

method should you implement?

Key fobs

Biometric locks

USB locks

Server locks

Explanation

Biometric locks offer the most protection from loss or theft of the access device. They are based on the security concept of “something

you are.” They match a user’s uniquely identifiable physical attribute to a previously stored value. They are among the most secure

physical security measures. Examples include fingerprints, iris or retinal scans, voice prints, and keyboard cadence.

All of the other methods are subject to loss or theft.

Server locks restrict access to the devices in the server cabinet. They can be locked through a key in the same manner that door locks

can be secured

USB locks are USB flash drives that contain an electronic key that unlocks the computer. When the USB drive is inserted into the port,

the computer is unlocked. When the USB drive is removed, the computer is locked.

Key fobs contain a hardware token and are often used for Near-Field Communications (NFC) authentication. They are easily lost or

stolen.

Objective:Security


References:

Definition of Biometric Authentication https://hitachi-id.com/resource/itsec-concepts/biometric_authentication.html

You want to provide secure access to the research laboratory and ensure that only authorized persons can enter the laboratory’s server

room. Which system does NOT provide an effective means of ensuring that only authorized persons can enter the server room?

swipe card system

smart card system

single sign-on system

biometric access control system

Explanation

https://hitachi-id.com/resource/itsec-concepts/biometric_authentication.html



The single sign-on system does not provide an effective means of ensuring that only authorized persons can enter the server room.

Single Sign-On (SSO) is used to provide access over a network and ensures security of data in a computer network. However, it does

not ensure physical security of data and computers, and cannot be used to ensure that only authorized persons enter the laboratory’s

server room.

All the other systems listed provide an effective means of ensuring that only authorized persons enter the laboratory’s server room. The

smart card system, swipe card system, and biometric access control system are all different types of access control systems that can

be used to ensure physical protection. All the three system will be helpful in ensuring that only authorized individuals enter the

laboratory. Smart cards and swipe cards store user's credentials and verify these user's credentials before providing them access to the

resource. Only authorized users will be able to gain access through an access control system. The biometric access control system, on

the other hand, uses an individual's physical characteristics, such as fingerprints, to authenticate a user. These characteristics are

compared against the data stored for reference, and access is provided to a user if the stored data matches with the user's

characteristics.

For the A+ exam, you need to understand the following common prevention methods used for physical security:








steal.






















easily identified.




✓ A)

✗ B)

✗ C)

✗ D)









Objective:Security


References:

CHAPTER 5 Protecting Your System, https://nces.ed.gov/pubs98/safetech/chapter5.asp



Edith and Clarence are studying for their A+ exam and want to learn more about NTFS permissions versus share permissions on

Windows 8 computers. Which of the following statements is FALSE?

Share permissions include Read, Write, Modify, and Full Control.

NTFS permissions include Read, Write, Modify, and Full Control.

NTFS permissions can be assigned to users and groups.

Share permissions can be assigned to users and groups.

Explanation

Share permissions do NOT include Read, Write, Modify, and Full Control. They only include Read, Change, and Full Control.

All of the other statements are correct. Both NTFS and share permissions can be assigned to users and groups. NTFS permissions

include Read, Write, Modify, and Full Control. NTFS permissions also include Read & Execute and List Folder Contents.

NTFS also holds permissions for local users and groups and allows them to have read, write, read and execute, modify, full control, or

special permissions to both folders and files. Permissions can be configured for allow versus deny. Additionally, it allows file encryption,

which prevents hackers from accessing data easily.

Permission propagations stay the same even when they are moved or copied. They can be assigned as either explicit or inherited.

Explicit permissions are default settings applied when an object is created.

Inherited permissions belong to the parent folder or object, thus making a child of the parent. In other words, anything within that folder

will carry the same permissions. If you created a folder named MyDocs and gave it explicit permissions like Full Control, then all

https://nces.ed.gov/pubs98/safetech/chapter5.asp




subfolders within it would inherit the same permissions. An example of the Permissions tab of a folder is shown in the following exhibit:

When a user accesses a folder locally, only the NTFS permissions are used. However, if a user accesses a folder remotely, then both

the NTFS and share permissions are considered. The more restrictive of the two permissions is granted to the remote user. For

example, if a user has been granted Full Control share permission and Read NTFS permission on a folder, the user will be limited to

Read permission when accessing it both locally and remotely, even though the user has the Full Control share permission.

NTFS permissions fall into one of three categories: allow, not allow, and deny. Allow will effectively allow the group given permission

whatever action you have preferred. Unchecking that box will NOT allow that group to have access. When deny is selected, it prevents

a group from using that action and clearly prohibits all access and trumps all other permissions that were set. Deny is seldom used as it

limits the flexibility of allowing files access and vice versa.

Most organizations set permissions on a folder and give rights to certain users or groups. For example an administrator will have full

rights but a new user might have read only permissions. Read and write permissions are normal but seldom do you give full control to

file folders as they could accidentally be deleted.

Objective:Security


References:

Differences Between Share and NTFS Permissions, https://blog.netwrix.com/2018/05/03/differences-between-share-and-ntfs-

permissions/

https://blog.netwrix.com/2018/05/03/differences-between-share-and-ntfs-permissions/




✓ A)

✓ B)

✗ C)

✗ D)


✗ A)



When users log in to the network locally, they must provide their username and password. When users log in to the network remotely,

they must provide their username, password, and smart card.

Which two statements are true regarding your organization's security? (Choose two.)

The remote network login uses two-factor authentication.

The local network login uses one-factor authentication.

The remote network login uses three-factor authentication.

The local network login uses two-factor authentication.

Explanation

The local network login uses one-factor authentication. Although two items are being presented, both items are categorized as

something you know.

The remote network login uses two-factor authentication. Although three items are being presented, two items are something you know

and one is something you have. Another example of a two-factor authentication system is an ATM card (something you have) and a

personal identification number (something you know).

Three-factor authentication uses something you know (i.e. username or password), something you have (i.e., smart card), and

something you are (i.e., biometric authentication). Any form of authentication that uses more than one factor is considered multifactor

authentication.

Objective:Security


References:

One, two, three factor security?, http://resources.zdnet.co.uk/articles/features/0,1000002000,2120474,00.htm


You are creating a presentation for company management on the pros and cons of mobile devices. What is the greatest threat to the

security of mobile devices?

excessive permissions


http://resources.zdnet.co.uk/articles/features/0,1000002000,2120474,00.htm




✗ B)

✗ C)

✓ D)


✗ A)

✗ B)

✗ C)

✓ D)

unsecured WiFi

GPS location services

theft

Explanation

Theft is the greatest threat to the security of mobile devices.

While the other options are threats to mobile device security, they are not considered to be the greatest threat.

The top threats to mobile device security are as follows.

Theft

Excessive permissions

Geolocation and GPS location services

Unsecured WiFi

Mobile application vulnerabilities

Objective:Security


References:

7 mobile security threats you should take seriously in 2019, https://www.csoonline.com/article/3241727/7-mobile-security-threats-you-

should-take-seriously-in-2019.html?page=2



Recently several employees email accounts were hacked after they visited the local coffee shop and used their mobile devices there.

Which type of attack most likely occurred?

zero-day attack

tailgating

zombie

shoulder surfing

Explanation

The employees are most likely the victim of a shoulder surfing attack. Shoulder surfing occurs when hackers watch or sit close to

someone and memorize their sensitive data. They will watch for people entering passwords, typing credit card numbers, or other

private activities. The best way to avoid shoulder surfing is to survey the area you will be sitting in, sit away from other people’s lines of

https://www.csoonline.com/article/3241727/7-mobile-security-threats-you-should-take-seriously-in-2019.html?page=2





✗ A)

✗ B)

✓ C)

✗ D)

sight, and not log in to banking sites or other sensitive sites from public places. You can dim your screen or purchase privacy filters, but

trying to avoid these types of activities in public is best.

Keep in mind that shoulder surfing is not always carried out by a person that you can see. Video cameras and other surveillance

devices can be used to carry out these attacks.

Zero-day attacks occur when live environments become vulnerable and are targeted before a fix or patch can be created by the vendor.

A zero-day attack occurs when security is breached on the same day an application is released. This can be avoided by having

monitoring and protecting websites. A honeypot or honeynet can also be set up to give forensic information about hackers and their

methods and tools for zero-day attacks.

A zombie is a type of malware that installs itself on many computers and infects them. Once installed, a hacker can connect to the

infected zombie. After that, the attacker controls all the zombies, also referred to as bots. Zombies are then used to carry out malicious

acts. The collection of zombie computers is called a botnet, and the individual computers are called zombies.

Tailgating occurs when someone uses your real credentials to gain entry to a building. The unauthorized individual usually just follows

closely behind you as you enter, gaining access without needing a key, a card, or other security device. Many social engineering

intruders who require physical access to a site will use this method to gain entry, and can compromise the integrity of the authorized

user. Piggybacking is the act of gaining unauthorized access to a facility by closely following an authorized user and using their

credentials with the authorized user’s knowledge, while tailgating occurs without the knowledge or permission of the authorized user.

Objective:Security


References:

Shoulder Surfing, https://searchsecurity.techtarget.com/definition/shoulder-surfing



What is a smart card?

a technology that measures a human characteristic for authentication

an electronic signature that can be used to prove the sender's identity or a document's

signer

a hardware device that has an embedded microchip that contains authentication or security

information

an electronic file that establishes your identity via a public key infrastructure (PKI) to

complete transactions

Explanation

https://searchsecurity.techtarget.com/definition/shoulder-surfing




A smart card is a hardware device that has an embedded microchip that contains authentication or security information. Smart cards

are inserted into computers or smart card readers to unlock access for a user.

Biometrics is a technology that measures a human characteristic for authentication.

A digital certification is an electronic file that establishes your identity via a PKI to complete transactions.

A digital signature is an electronic signature that can be used to prove the sender's identity or a document's signer.

For the A+ exam, you need to understand the common prevention methods used for physical security, including the following:

Locked doors - Multiple physical barriers should be deployed. Fencing and surveillance are the first barriers. Locked doors,

security badges, and security guards are the second barriers to protect entrance to the building. These same elements can often

also be deployed as the third barriers to more secure areas, such as server rooms.





steal.






















easily identified.










✗ A)

✗ B)

✗ C)

✓ D)



Objective:Security


References:

Smart card, http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci213004,00.html



After determining the scope of a user's job, what is the next step in implementing the principle of least privilege?

Configure the appropriate group memberships for the user's account.

Determine the maximum set of privileges needed to perform the user's job.

Configure the appropriate privileges for the user's account.

Determine the minimum set of privileges needed to perform the user's job.

Explanation

After determining exactly what a user's job entails, you should determine the minimum set of privileges that is needed to perform the

user's job.

You should not determine the maximum set of privileges that is needed to perform the user's job. This is contrary to the principle of

least privilege. The principle of least privilege dictates that the most restrictive user rights, permissions, and privileges are granted.

You cannot configure the appropriate privileges or group memberships for the user's account until a proper job analysis has been done.

The job analysis entails determining the scope of a user's job and determining the minimum set of privileges needed to perform the job.

Excessive privileges occur when a user has been granted more rights, permissions, and privileges than the job requires. When this

occurs, it can have detrimental effects on a company's security structure. In a large environment, excessive privileges are hard to

control. It is essential that the appropriate procedures are in place to ensure that the principle of least privilege is executed properly.

The principle of least privilege is considered a technical control.

Objective:Security


References:






✗ A)

✗ B)

✗ C)

✓ D)

Implementing Principle of Least Privilege, http://www.windowsecurity.com/articles/Implementing-Principle-Least-Privilege.html


A user’s computer is infected with malicious software that spreads through the Internet to collect user information, including browsing

habits. Which type of malware has infected this computer?

Trojan horse

viruses

worms

spyware

Explanation

Spyware is a type of malicious software, also referred to as malware. It infects through the Internet to collect user information, including

browsing habits. Windows Defender and Microsoft AntiSpyware are two common tools from Microsoft to fight malware. Spyware is

most likely to result in identify theft.

Viruses are also considered as malicious software. Viruses act as a self-replicating computer program that tries to alter the computer's

operation by destroying data without the user consent. However, viruses spread themselves by attaching themselves to an existing

program.

Worms are also considered malicious software. Worms are similar to viruses but they spread from one computer to another by using a

network.

Trojan horses are also a type of malicious software. Trojan horses consist of a harmful program that is embedded within useful or

interesting looking software. If an unsuspected user executes such software on a computer, the computer can experience problems

such as deletion of data, file corruption, spam emails, phishing, and other harmful activities.

Windows Defender can help prevent virus infection, but is not a substitute for a commercial anti-virus application. Also, data execution

prevention can prevent infection.

Objective:Security


References:

Spyware, http://en.wikipedia.org/wiki/Spyware

Malware, http://en.wikipedia.org/wiki/Malware



http://www.windowsecurity.com/articles/Implementing-Principle-Least-Privilege.html


http://en.wikipedia.org/wiki/Spyware

http://en.wikipedia.org/wiki/Malware





✗ A)

✗ B)

✗ C)

✓ D)


✗ A)

✗ B)

✓ C)

✗ D)

Which of the following is described as gaining unauthorized access to the data center by using another user's credentials?

mantrap

turnstile

intrusion

piggybacking

Explanation

Piggybacking is the act of gaining unauthorized access to a facility by using another user's access credentials. It is sometimes referred

to as tailgating. Tailgating and piggybacking differ in one key way: in piggybacking, the person who piggybacks does so with the

knowledge of the authorized person being followed, whereas in tailgating, the person who enters using real credentials does not give

permission to the person following behind.

A mantrap refers to a set of double doors that are generally monitored by a security guard. A mantrap can help to ensure confidentiality

by ensuring that no unauthorized users are allowed access.

A turnstile is a type of gate that allows movement in a single direction at a time.

While piggybacking is a form of intrusion, intrusion is a generic term used for any type of security breach.

Objective:Security


References:

Piggybacking (security), http://en.wikipedia.org/wiki/Piggybacking_(security)



You are creating a wireless network for your company. You need to implement a wireless protocol that provides maximum security while

providing support for older wireless clients. Which protocol should you choose?

Wi-Fi Protected Access 2 (WPA2)

Wireless Application Protocol (WAP)

Wi-Fi Protected Access (WPA)

Wired Equivalent Privacy (WEP)

Explanation

http://en.wikipedia.org/wiki/Piggybacking_(security)





✗ A)

✓ B)

✗ C)

✓ D)

✓ E)

You should implement WPA. WPA was created to fix core problems with WEP. WPA is designed to work with older wireless clients while

implementing the 802.11i standard.

WAP is the default protocol used by most wireless networks and devices. However, because WAP can access Web pages and scripts,

there is great opportunity for malicious code to damage a system. WAP does not provide maximum security. It is considered the

weakest wireless protocol.

WEP was the first security standard for wireless networks and devices that uses encryption to protect data. However, WEP does have

weaknesses and is not as secure as WPA or WPA2. You should never deploy WEP if WPA or WPA2 are options.

WPA2 implements the 802.11i standard completely. Therefore, it does not support the use of older wireless cards. Identification and

WPA2 are considered the best combination for securing a wireless network.

There are two versions of WPA: WPA and WPA2. WPA uses Temporal Key Integrity Protocol (TKIP) for encryption. WPA2 uses CCM

Mode Protocol (CCMP) for encryption. Both WPA and WPA2 can operate in two modes: Personal and Enterprise. WPA-Enterprise is

more secure than WPA2-PSK.

The Personal mode uses a 256-bit key and is referred to as WPA-Personal or WPA-Preshared Key (WPA-PSK) and WPA2-

Personal or WPA2-PSK, depending on which version of WPA you implement. This implementation uses AES encryption.

The Enterprise mode is designed for enterprise networks and uses Extensible Authentication Protocol (EAP) for authentication.

This mode is referred to as WPA-Enterprise or WPA-802.1x and WPA2-Enterprise or WPA2-802.1x, depending on which version of

WPA you implement.

Objective:Security

Sub-Objective:Compare and contrast wireless security protocols and authentication methods.

References:

What Are WEP, WPA, and WPA2? Which Is Best?, https://www.lifewire.com/what-are-wep-wpa-and-wpa2-which-is-best-2377353

Microsoft Support for IEEE 802.11 Security Standards, http://www.microsoft.com/technet/network/wifi/wrlsxp.mspx#E1G

CompTIA A+ Complete Review Guide: Exam 220-1001 and Exam 220-1002, Chapter 7: Security, 2.3 Compare and contrast wireless

security protocols and authentication methods

Daniel is new to your department and is asking about wireless networks. What would you tell him are three conditions that affect the

external vulnerabilities of wireless networks? (Choose three.)

Speed of connection

Antenna selection

Number of users

Antenna placement

Access point power

https://www.lifewire.com/what-are-wep-wpa-and-wpa2-which-is-best-2377353

https://technet.microsoft.com/en-us/network/cc917488.aspx




Explanation

Antenna selection (such as the use of directional versus omnidirectional antennas) plays an important role in protecting a wireless

network.

Antenna placement will also have an effect on the vulnerabilities of a wireless system. Antennas should be placed as far away from

exterior walls as possible. Otherwise, the signal will go outside the building. This allows anyone outside the building to attach to your

network. That is why RADIUS and other technologies are required for wireless networks.

The power of the access points should be adjusted to a level that is just strong enough for the operation of the network, but not so

strong that signals escape to the outside of the building.

The number of users and the speed of the connection will not cause external vulnerabilities to a wireless system. The number of

addresses is, however, a cause of external vulnerabilities.

To secure a wireless network, the A+ 220-902 exam expects you to understand the following administrative tasks:

Change default user names and passwords. - Most wireless router vendors use the same default user names and passwords

across their products. Anyone familiar with a vendor's products can use the default user name to attempt to break into a network.

By changing the default user names and passwords, you can ensure that hackers do not use this information to hack into your

wireless network.

Change the default Service Set Identifier (SSID). - Like the default user names and passwords, many vendors have a default SSID

that is used. By changing the SSID, you ensure that hackers cannot guess the SSID by using the default for that vendor.

Set the encryption method. - Encryption ensures that hackers cannot intercept packets. Use the highest level of encryption that is

supported by your clients. If necessary, apply patches or service packs to your client computers to ensure that they support a

higher level of encryption. WEP, often the default encryption level, is not considered to be strong enough in today's world.

Disable SSID broadcast. - By disabling the SSID broadcast, you ensure that the client must know the SSID or wireless network

name before connecting. While this does not really provide security, it is considered a good practice.

Enable MAC filtering. - MAC filtering ensures that only certain devices can connect to the wireless network. The MAC address is

encoded on a NIC by the NIC vendor and does not change. MAC addresses are unique. Therefore, by configuring the wireless

router so that only certain MAC addresses can connect to the network, you prevent unknown entities from connecting to the

network.

Place the antenna and wireless router in an appropriate location. - The wireless router and antenna should be placed in a central

location to provide the maximum coverage to the clients. A site survey should be completed before deploying the wireless router

and should also be completed periodically to ensure that changes have not occurred.

Set the power level appropriately. - Use the lowest level possible to support your clients. Often administrators make the mistake of

using the highest power level, thereby opening their wireless network to hackers because the wireless network's range is outside

the area that the administrator can control. Performing a site survey helps in this area as it did with wireless router placement.

Assign a static IP address to the wireless router. - Because administrative tasks may need to be performed on the wireless router

and because client computers will be communicating with the wireless router frequently, you should ensure that the wireless router

is configured with a static IP address. In most cases, this can be enabled using a single check box in the wireless router's

configuration.

Use Wifi Protected Setup (WPS) when possible. - WPS has three possible setup options: push-button, PIN entry, and Near Field

Communication (NFC). It allows your device to communicate directly with the access point to obtain its settings. However, all of

these options do have possible security implications, with the NFC method being the most secure.

Objective:Security




✗ A)

✓ B)

✗ C)

✗ D)


References:

Ten Steps to a Secure Wireless Network, http://www.pcmag.com/article2/0,4149,844020,00.asp



You need to harden a new operating system (OS) immediately after installation. Which configuration change should you made?

Create a secure administrator account.

Rename the administrator account and disable and rename the guest accounts.

Delete all default user and group accounts.

Change the administrator account password.

Explanation

Operating systems are installed with default user and guest accounts. These accounts are well known to most attackers, who can use

them to hack into a system. It is recommended that you rename the administrator account to prevent an attacker from using password-

guessing techniques to gain entry into the system. In addition, you should disable and rename the guest accounts to prevent users

without an account from accessing the system using these anonymous accounts. If you need to use the guest accounts, you should

ensure that they have passwords.

Creating a secure administrator account is always a good idea. However, this action will not harden the OS if the administrative account

uses the OS default name.

When you install an operating system, you should set a password for the default administrator account. This password should be

changed at irregular intervals to enhance security, but it is not necessary to change the password immediately after installing the

operating system. This action would do little to enhance security unless you think the password was compromised during the

installation process.

You should not delete all default user and group accounts. You do not want to delete the default administrator account until you have

created a new one with the same rights. Otherwise, you could lose the ability to manage the system.










http://www.pcmag.com/article2/0,4149,844020,00.asp%C2%A0%C2%A0

















use is audited.)













Autorun did.



Objective:Security


References:

4 Ways to Rename Windows Local Administrator or Guest Account, https://www.top-password.com/blog/rename-windows-local-

administrator-or-guest-account/



https://www.top-password.com/blog/rename-windows-local-administrator-or-guest-account/




✗ A)

✗ B)

✗ C)

✓ D)


You are instructing a new IT technician on securing networks and using permissions. What would you tell Graham that the default

permission position should be?

explicit allow

implicit allow

explicit deny

implicit deny

Explanation

The default permission position in a secure network should be implicit deny. This will ensure that if a user or group does not have an

explicit allow permission configured, the access will default to an implicit deny. An implicit deny should be the last rule contained on any

firewall because most firewalls do not default to this setting. This firewall rule is often defined with a Drop All statement. On Windows

servers, the access control list (ACL) defaults to an implicit deny.

None of the other permissions should be the default position in a secure network. An explicit allow is an allowed permission that is

configured explicitly for that resource. An implicit allow is an allowed permission that is implied for that resource based on another

explicit or implicit permission. An explicit deny is a denied permission that is configured explicitly for that resource.

Some of the methods for securing wired and wireless networks include:

Firewall settings - Configure the firewall to allow only the traffic that is needed and to deny all other traffic.

Port forwarding/mapping - Port forwarding is a function typically performed on Network Address Translation (NAT) device. One port

number is set aside on the gateway for the exclusive use of communicating with a service in the private network, located on a

specific host. External hosts must know this port number and the address of the gateway to communicate with the network-internal

service. This hides the real IP address of the destination device or server to protect it from connections outside the LAN.

Disabling ports - This prevents communication on unused ports. Ports that are not needed for communication should always be

disabled.

Content filtering / parental controls - This allows you to control the content that can be displayed on a device.

Update firmware - This ensures that the device has the most recent enhancements, including security enhancements.

Physical security - Network devices should be secure from physical access, which usually means locking them in closets

specifically designed for this type of equipment.

Objective:Security


References:

Implicit deny, http://media.wiley.com/product_data/excerpt/79/11180611/1118061179-83.pdf



http://media.wiley.com/product_data/excerpt/79/11180611/1118061179-83.pdf




✓ A)

✗ B)

✗ C)

✗ D)


A user wants to change his local password on a Windows 7 Ultimate computer using the least amount of administrative effort. What

should he do?

Press Ctrl+Alt+Del, and select Change a Password.

Click Start and Control Panel. Click User Accounts and Family Safety. Click Change Your

Windows Password.

Click Start and Control Panel. Click User Accounts. Click the user's account name, and

select Change My Password.

Click Start and Control Panel. Click User Accounts. Click Change My Password.

Explanation

The user should press Ctrl+Alt+Del and select Change a Password.

While you could click Start, Control Panel, User Accounts and Family Safety, and Change Your Windows Password, this requires more

administrative effort than using the Ctrl+Alt+Del key combination.

You should not click Start, Control Panel, User Accounts, and the user's account name, and select Change My Password. This process

worked in Windows XP if you were using an administrative account. The Ctrl+Alt+Del key combination could also be used in Windows

XP.

You should not click Start, Control Panel, User Accounts, and Change My Password. This process only worked in Windows XP if you

were using a limited account. The Ctrl+Alt+Del key combination could also be used in Windows XP.

There are other ways to do this in Windows. You can also click Start, type User account in the Search text, and choose the User

Accounts applet. Select the option regarding managing user accounts. Select the account you want to change, and click change the

password or reset password option. In the New password space, complete the new password and confirm the new password fields,

and click change password or OK.

You can also go to Control Panel and touch or click the User Accounts and Family Safety category on some versions of Windows.

Choose User Accounts, select the option regarding managing user accounts, and then select the user account that needs a password

change. Finally, select the Change the Password button, enter the password, and click OK.

Objective:Security


References:

Change Your Windows Password, https://support.microsoft.com/en-us/help/14087/windows-7-change-your-windows-password



https://support.microsoft.com/en-us/help/14087/windows-7-change-your-windows-password




✓ A)

✗ B)

✗ C)

✗ D)

In a security awareness class, the instructor discusses malicious software that relies on other applications to execute and infect the

system. Which type of malware is being discussed?

a virus

a Trojan horse

a worm

a logic bomb

Explanation

A virus is malicious software (malware) that relies on other application programs to execute and infect a system. The main criterion for

classifying a piece of executable code as a virus is that it spreads itself by means of host applications. The hosts could be any

application on the system. The different types of viruses are as follows:

Stealth virus: It hides the changes it makes as it replicates.

Self-garbling virus: It formats its own code to prevent antivirus software from detecting it.

Polymorphic virus: It can produce multiple operational copies of itself.

Multipart virus: It can infect system files and boot sectors of a computer system.

Macro virus: It generally infects the system by attaching itself to MS-Office applications.

Boot sector virus: It infects the master boot record of the system and is spread via infected floppy disks.

Compression virus: It decompresses itself upon execution but otherwise resides normally in a system.

The standard security best practices for mitigating risks from malicious programs, such as viruses, worms, and Trojans, include

implementation of antivirus software, use of a host-based intrusion detection system, and the imposition of limits on the sharing and

execution of programs.

A worm does not require the support of application programs to be executed. It is a self-contained program capable of executing and

replicating on its own. Typically, a worm is spread by emails, transmission control protocols (TCPs), and disk drives.

A logic bomb malware is similar to a time bomb that is executed at a specific time on a specific date. A logic bomb implies a dormant

program that is triggered following a specific action by the user or after a certain interval of time. The primary difference between logic

bombs, viruses, and worms is that a logic bomb is triggered when specific conditions are met.

A Trojan horse is malware that is disguised as a useful utility, but actually embeds malicious codes within it. Trojan Horses use covert

channels to perform malicious activities. When the disguised utility is run, the Trojan horse provides a useful utility at the front end and

performs malicious activities in the background, such as deleting system files and planting a backdoor into a system.

Objective:Security


References:

Different Types of Computer Viruses, http://www.buzzle.com/articles/different-types-of-computer-viruses.html

Computer virus, http://en.wikipedia.org/wiki/Computer_virus

http://www.buzzle.com/articles/different-types-of-computer-viruses.html%C2%A0%C2%A0

http://en.wikipedia.org/wiki/Computer_virus%C2%A0%C2%A0




✗ A)

✗ B)

✓ C)

✗ D)

✗ E)



Which technology allows users to freely access all systems to which their account has been granted access after performing an initial

authentication?

smart cards

MAC

single sign-on

DAC

biometric device

Explanation

Single sign-on allows users to freely access all systems to which their account has been granted access after the initial authentication.

The single sign-on process addresses the issue of multiple user names and passwords. It grants users access to all the systems,

applications, and resources they need when they start a computer session. This is considered both an advantage and a disadvantage.

It is an advantage because the user only has to log in once and does not have to constantly re-authenticate when accessing other

systems. Multiple directories can be browsed using single sign-on. It is a disadvantage because the maximum unauthorized access is

possible if a user account and its password are compromised.

Discretionary access control (DAC) and mandatory access control (MAC) are access control models that help companies design their

access control structure. They provide no authentication mechanism by themselves.

Smart cards are authentication devices that can provide increased security by requiring insertion of a valid smart card to log on to the

system. They do not determine the level of access allowed to a system.

A biometric device can provide increased security by requiring verification of a personal asset, such as a fingerprint, for authentication.

They do not determine the level of access allowed to a system.

Single sign-on was created to dispose of the need to maintain multiple user account and password to access multiple systems. With

single sign-on, a user is given an account and password that logs on to the system and grants the user access to all systems to which

the user's account has been granted. User accounts and passwords are stored on each individual server in a decentralized privilege

management environment.

Objective:Security


References:

Single Sign-on, http://www.opengroup.org/security/sso/


http://www.opengroup.org/security/sso/%C2%A0%C2%A0




✓ A)

✓ B)

✓ C)

✓ D)




You have discovered that hackers are gaining access to your WEP wireless network. After researching, you discover that the hackers

are using war driving. You need to protect against this type of attack. What should you do? (Choose all that apply.)

Configure the WEP protocol to WPA.

Configure the network to use authenticated access only.

Disable SSID broadcast.

Change the default Service Set Identifier (SSID).

Explanation

You should complete all of the following steps to protect against war-driving attacks:

Change the default SSID.

Disable SSID broadcast.

Configure the network to use authenticated access only.

Configure the WEP protocol to WPA.

Some other suggested steps include the following:

Implement WPA2 instead of WEP.

Reduce the access point signal strength.

War driving is a method of discovering 802.11 wireless networks by driving around with a laptop and looking for open wireless

networks. NetStumbler is a common war-driving tool.

Objective:Security


References:

What is War Driving and How Can You Prevent It,

https://www.streetdirectory.com/travel_guide/2139/computers_and_the_internet/what_is_wardriving_and_how_can_you_prevent_it.html

Wireless attacks A to Z, http://searchsecurity.techtarget.com/generic/0,295582,sid14_gci1167611,00.html




https://www.streetdirectory.com/travel_guide/2139/computers_and_the_internet/what_is_wardriving_and_how_can_you_prevent_it.html

http://searchsecurity.techtarget.com/generic/0,295582,sid14_gci1167611,00.html




✗ A)

✗ B)

✓ C)

✗ D)

You have recently discovered that users on your network have been victims of impersonation attacks. You need to implement an

authentication method that checks the identity of both ends of the connection. Which authentication method does this?

RADIUS authentication

biometric authentication

mutual authentication

Kerberos authentication

Explanation

Mutual authentication checks the identity of both ends of the connection. It is often referred to as two-way authentication.

Biometric authentication authenticates a user based on some physical quality, such as a fingerprint, iris scan, retina scan, and so on.

Kerberos authentication requires a centralized management database of all user accounts and resource passwords. It does not

authenticate both ends of the connection.

RADIUS provides centralized remote user authentication, authorization, and accounting. It does not authenticate both ends of the

connection.

For the A+ exam, you need to understand the following common prevention methods used for digital security:

Antivirus / antimalware - Deploying antivirus / antimalware software on all computers is vital to security. Technicians should always

ensure that computers have these applications installed and enabled. In addition, this software should be kept up-to-date. Most

antivirus / antimalware applications can be configured for automatic updates without user interaction.

Firewalls - Firewalls are used to protect networks and computers by permitting or denying access based on the firewall

configuration. Packet filter firewalls allow or deny traffic based on the application type, port number, or other criteria. Proxy firewalls

process communication from outside a network. Internal requests are routed through the proxy, which isolates the internal

resources from the outside network because only the proxy firewall actually sends the requests. Proxy firewalls can operate at the

application level or circuit level. Stateful inspection firewalls maintain a state table that tracks all communication. The firewall uses

the state table to make decisions on how to route traffic.

Anti-spyware - Like antivirus software, deploying antispyware software on all computers is vital to security. Technicians should

ensure that an antispyware application is installed and enabled. The antispyware application should be kept up-to-date.

User authentication - User authentication should be deployed to ensure that only authorized users have access to resources on the

network. As part of user authentication, users should provide a user name and password. Policies should be in place to ensure that

passwords are complex enough so that they are not susceptible to dictionary attacks.

Strong passwords - Strong passwords include a combination of lowercase and uppercase letters, numbers, and special characters.

Multifactor authentication - Multifactor authentication includes authentication methods from more than one category. The categories

include something you know (like a password), something you have (like a smart card), something you are (like a fingerprint), and

somewhere you are (like at a specific computer or in a specific facility). Two-factor authentication uses authentication factors from

two of the categories. Multifactor authentication uses authentication factors from at least three of the categories.

Directory permissions - These ensure that NTFS is deployed on all computers that are accessed and that directory permissions are

configured as specified by the data owners. They deploy a user authentication mechanism and employ password policies to ensure

that passwords are complex and must be changed at regular intervals.

Virtual private network (VPN) - A user connects to a VPN using a public network. The VPN has security mechanisms that protect

the traffic over the VPN. Many companies use VPNs to allow employees to remotely connect to internal resources.

Data loss prevention (DLP) - A DLP program ensures that data is protected while in use, in motion, and at rest. Most DLP devices

analyze data on the network to ensure that the data is being appropriately protected using content and context analysis.




✗ A)

✗ B)

✓ C)

✗ D)

Disabling ports - Any unused ports should be disabled to ensure that an attacker cannot use the ports to break into a system or

network. Port analysis will allow you to determine which ports are open.

Access control lists (ACLs) - ACLs are configured to limit access to files and folders. You should ensure that ACLs are configured

properly. Remember that administrative-level accounts are usually given full control permissions.

Smart cards - A smart card is a plastic card with a built-in processor. They are used typically for personal identification and are an

authentication factor (something you have).

Email filtering - An email filter allows you to configure rules that determine what is done with certain email. For example, you may

decide to send email from certain domains to its own folder so that you can later examine it. You may also decide to automatically

delete some junk email.

Trusted/untrusted software sources - Individuals and organizations often need additional software for their devices. Before installing

new software, users should ensure that the software is downloaded from a trusted source. For example, if a vendor has an

available download of an application but the application itself is owned by another vendor, it is always best to download the

application from the owner vendor. The secondary vendor may have added some malicious code to the version on their Web site.

Objective:Security


References:

Mutual authentication, http://searchfinancialsecurity.techtarget.com/sDefinition/0,,sid185_gci1255857,00.html



What is the best implementation of the principle of least privilege?

Ensuring that all services use the main administrative account to execute their processes

Completing administrative tasks at a computer that functions only as a server

Issuing the Run as command to execute administrative tasks during a regular user session

Issuing a single account to each user, regardless of his job function

Explanation

The best implementation of the principle of least privilege is to issue the Run as command to execute administrative tasks during a

regular user session. You should never use an administrative account to perform routine operations, such as creating a document,

checking your email, and so on. Administrative accounts should only be used when you need to perform an administrative task, such as

configuring services or backing up the computer. By issuing Run as the command to execute administrative tasks during a regular user

session, you execute the task as needed, but limit only the particular task to running under the administrative account. If you logged off

and back on using the administrative account, there is a possibility that you would forget to return to using your regular user account

when performing routine tasks.

http://searchfinancialsecurity.techtarget.com/sDefinition/0,,sid185_gci1255857,00.html%C2%A0%C2%A0%C2%A0%C2%A0





✗ A)

✓ B)

✓ C)

✗ D)

✗ E)

Completing administrative tasks at a computer that functions only as a server is not an implementation of the principle of least privilege.

Users should be able to perform administrative tasks at servers and workstations.

Ensuring that all services use the main administrative account to execute their processes is an example of NOT ensuring the principle

of least privilege. Services should use a service account specifically created for the service that is only configured with those rights,

permissions, and privileges for the service to carry out its functions.

Issuing a single account to each user, regardless of his job functions, is an example of NOT ensuring the principle of least privilege.

Those users charged with administrative duties should be issued a minimum of two accounts: one regular user account for performing

normal user tasks and one administrative user account configured with those rights, permissions, and privileges for the user to carry out

his administrative duties.

A proper implementation of the principle of least privilege ensures users are given only the user rights they need to execute their

authorized tasks. Users should only be given rights, permissions, and privileges appropriate to perform their jobs. The concept of least

privilege exists within the Trusted Computer System Evaluation Criteria (TCSEC), which is used to categorize and evaluate security in

all computer software.

The principle of least privilege is usually implemented by limiting the number of administrative accounts. Tools that are likely to be used

by hackers should have permissions that are as restrictive as possible.

Objective:Security


References:

Principle of least privilege, http://en.wikipedia.org/wiki/Principle_of_least_privilege


Daniel, a member of the board of directors for your company, has called the help line to complain that an unknown person is posting to

his account on his favorite social media site pretending to be him. After discussing the problem, he reveals that he performed the steps

as dictated by last week's email from your department. Your department did not send out an email last week with steps to complete.

What term(s) below best describe which attack most likely occurred? (Choose all that apply.)

ransomware

whaling

spear phishing

zombie

mining

Explanation

http://en.wikipedia.org/wiki/Principle_of_least_privilege%C2%A0%C2%A0





✗ A)

✗ B)

Whaling or spear phishing most likely occurred. Whaling and spear phishing are two types of targeted phishing attacks. Spear phishing

targets a group of high-risk users in an organization through email and social media posts. The hacker will send emails to a specific

target attempting to convince someone to answer their questions with the objective of getting access to confidential information, usually

login credentials. Once they get a response, they will monitor the user's actions. Later they may use the information gained to mimic the

targeted user’s behavior and even writing style. Whaling is conducted like spear phishing, except that whaling specifically targets senior

executives (the “big fish”).

A zombie is a computer that an attacker has accessed and configured to forward transmissions to other computers on the Internet.

Often an attacker has more than one zombie.

Mining or data mining is a database application term that examines data to predict behavior. It is designed to help retail companies find

future customers with common interests and can present itself as safe. True data mining software discovers previously unknown

relationships among the data. Data mining is popular in IT departments and helps web site designers market consumers' data.

Ransomware is a type of attack that installs itself on a computer and blocks access to the computer until a sum of money is paid. You

should contact authorities if you become a victim of a ransomware attack. In this case, Daniel did not indicate that he was being

threatened, only that his posts were being forged.

For the A+ exam you also need to understand non-compliant systems. Many organizations want to be able to identify non-compliant

systems. A popular method for this is to deploy a network access control (NAC) server and the appropriate NAC policies. NAC basically

provides network solutions that secure network devices attempting to access via a non-compliant device. If the device complies with the

set policies, they are given full access based on the user's permissions. But if the device does not comply with the policies, the device

is given limited access and is usually quarantined from critical devices.

Objective:Security


References:

What Is 'Whaling'? Is Whaling Like 'Spear Phishing'?, http://netforbeginners.about.com/od/scamsandidentitytheft/f/What-Is-Whaling-

Spear-Phishing.htm

Phishing, Spear Phishing, and Whaling, http://blogs.getcertifiedgetahead.com/phishing-spear-phishing-whaling/



You have two wireless networks in your building. The wireless networks do not overlap. Both of them use Wi-Fi Protected Access

(WPA).

You want to ensure that no unauthorized wireless access points are established. What should you do?

Change the two wireless networks to WPA2.

Disable SSID broadcasts for the two wireless networks.

http://netforbeginners.about.com/od/scamsandidentitytheft/f/What-Is-Whaling-Spear-Phishing.htm

http://blogs.getcertifiedgetahead.com/phishing-spear-phishing-whaling/




✗ C)

✓ D)


✓ A)

✗ B)

✗ C)

✗ D)

Change the two wireless networks to WEP.

Periodically complete a site survey.

Explanation

You should periodically complete a site survey to ensure that no unauthorized wireless access points are established. Site surveys

generally produce information on the types of systems in use, the protocols in use, and other critical information. You need to ensure

that hackers cannot use site surveys to obtain this information. To protect against unauthorized site surveys, you should change the

default Service Set Identifier (SSID) and disable SSID broadcasts. Immediately upon discovering a wireless access point using a site

survey, you should physically locate the device and disconnect it.

To ensure that no unauthorized wireless access points are established, you should not change the two wireless networks to WPA2.

This would increase the security for the two networks and prevent hackers from accessing the networks. However, it would not prevent

an attacker from setting up a new wireless access point.

You should not disable SSID broadcasts for the two wireless networks to ensure that no unauthorized wireless access points are

established. The reason you would disable SSID broadcasts is to protect a wireless network from hackers and to prevent unauthorized

site surveys. Disabling the SSID broadcast on an existing network CANNOT prevent the establishment of new wireless access points.

When adding a new access point, you should ensure that you correctly configure the new access point, especially if other wireless

access points are already in use in the area. If a new access point has intermittent problems with users connecting successfully and

then being disconnected, the new access point could be interfering with an old access point. You would need to reconfigure the new

access point.

Objective:Security


References:

How to Physically Locate a Rogue Access Point, https://www.accessagility.com/blog/locating-rogue-access-points



Which option is used to protect data in use, data in motion, and data at rest from accidental or intentional leaks?

DLP

Certificates

Port security

Firewalls

Explanation

https://www.accessagility.com/blog/locating-rogue-access-points





✗ A)

✓ B)

✗ C)

✗ D)

Data Loss Prevention (DLP) is a set of business rules that protect data in use, data in motion, and data at rest. DLP is the general term

for the technology used to protect a company’s information from accidental or intentional leaks.

Port security and firewalls would only protect data in motion. Port security prevents unknown devices from forwarding packets. Firewalls

scan data as it is entering or leaving the network and may be configured to block IP address ranges, domains, or packet content.

Certificates would only protect data in use. A good way to use a certificate for DLP would be to prevent a man-in-the-middle attack by

requiring the sender or recipient certificate prior to transmitting the data.

Objective:Security


References:

data loss prevention (DLP), https://whatis.techtarget.com/definition/data-loss-prevention-DLP

Overview of data loss prevention, https://docs.microsoft.com/en-us/office365/securitycompliance/data-loss-prevention-policies

You need to broaden the area to which a wireless access point (AP) can transmit. What should you do?

Maximize the power level setting.

Adjust the power level setting slightly higher.

Change the channel used by the AP.

Relocate the AP.

Explanation

You should adjust the power level setting for the AP to a slightly higher setting. After changing the power level setting, you should

reboot the AP. The only way to gain more coverage for an AP is to increase the power level.

You should not maximize the power level setting. This might create an area that is larger than you intended.

You should not relocate the AP. While this will alter the area covered by the AP, it will not actually make the area any larger and may

actually prevent coverage in areas that were covered in the previous location.

You should not change the channel used by the AP. This is what you should do if you find that two wireless APs are interfering with

each other because they use the same channel.

Objective:Security


https://whatis.techtarget.com/definition/data-loss-prevention-DLP

https://docs.microsoft.com/en-us/office365/securitycompliance/data-loss-prevention-policies




✓ A)

✓ B)

✗ C)

✓ D)


References:

Power level controls, http://media.wiley.com/product_data/excerpt/79/11180611/1118061179-83.pdf



Which of the following is based on the security concept of “something you have”? (Choose all that apply.)

Door lock

Server lock

Biometric lock

Hardware token

Explanation

Hardware tokens, server locks, and door locks are security concepts considered “something you have.” If they are the sole method of

user authentication, safeguards must be put in place to ensure security should they are lost or stolen. They are best implemented as

part of a multifactor authentication system.

Hardware tokens are some type of physical object that a user must have during the login process to prove possession of the device. An

example could be a card that has a display of randomly generated numbers.

Door locks require a key (“something you have”) to open, whether the key is a typical metal key, a keypad, a smart card, or a key fob.

Server locks restrict access to the devices in the server cabinet. They can be locked through a key in the same manner that door locks

can be secured. Electronic locks could require a security card or hardware token to open.

Biometric devices are based on the security concept of “something you are.” They match a user’s uniquely identifiable physical attribute

to a previously stored value. They are among the most secure physical security measures. Examples include fingerprints, iris or retinal

scans, voice prints, and keyboard cadence. Biometric locks are opened with biometric input, such as a fingerprint scan.

Objective:Security


References:

Physical Security and Why It’s Important, https://www.sans.org/reading-room/whitepapers/physical/paper/37120

Definition of Hardware Token https://hitachi-id.com/resource/itsec-concepts/hardware_token.html

http://media.wiley.com/product_data/excerpt/79/11180611/1118061179-83.pdf


https://www.sans.org/reading-room/whitepapers/physical/paper/37120

https://hitachi-id.com/resource/itsec-concepts/hardware_token.html



✗ A)

✗ B)

✓ C)

✗ D)

You need to implement security measures for the mobile devices that have been issued to company employees. Which security

measure is considered to be the easiest to implement for mobile devices?

Remote wipes

GPS locator applications

Passcode locks

Remote locks

Explanation

Passcode locks are considered to be the easiest to implement for mobile devices. Passcode locks are a type of screen lock. Other

screen locks include fingerprint locks, face locks, PIN locks, and swipe locks.

Remote wipes, remote locks, and GPS locator applications are not as easily implemented as passcode locks.

For an iPhone, navigate to Settings > General > Passcode Lock or Settings > Touch ID & Passcode, depending on which iOS version

you have. For the Password Lock option, you are able to enable the passcode lock feature, change the passcode, set how long the

phone should be idle before the passcode must be entered, enable Simple Passcode, configure whether to allow access to Siri,

Passbook, and Reply with Message when locked, and enable Erase Data feature (which erases data after 10 failed login attempts). For

the Simple Passcode feature, the Simple Passcode is a simple 4-digit number. When Simple Passcode is disabled, you can enter a

much larger passcode, which can be a mixture of upper- and lower-case letters, numbers, and special characters. Also, once you

enable the Passcode Lock feature, you MUST enter the passcode to disable it. For the Touch ID & Passcode feature, you can use

touch ID to phone unlock, Apply Pay, and the iTunes and app store. You can also configure multiple fingerprints, configure allow access

when locked, and other settings.

For Android devices, navigate to Settings Location & Security > Change Screen Lock. Here you can configure how long the device

should be idle before passcode is required. In Androids, you can select the type of password: Pattern, PIN, or Password.

The procedure for locking Windows Mobile devices varies.

For Windows Phone 8, you should make sure you are viewing the Home screen. Go to Settings and select Lock Screen. Scroll down to

Password and slide the Password bar to On for first time use. To change your password, select change password, and enter your

current password in the Current password field and your new password in the New password field. You will need to re-enter the new

password, select the Confirm password option, and tap done. You can also set time limits for how long you want the screen to time-out

by setting the Screen times out after field to the time limit desired in the Settings applet.

For Windows Phone 7, you should make sure you are viewing the Home screen. From Settings, select Lock and Wallpaper. Slide the

Password bar to On for first time use. To change your password, select change password and enter your current password in the

Current password field and your new password in the New password field. You will need to re-enter it, select the Confirm password

option, and tap Done. You can also set time limits for how long you want the screen to time-out by setting the Screen times out after

field to the time limit desired in the Lock and Wallpaper applet.

For Windows Mobile 6.0 or 6.1, you should make sure you are viewing the Home screen. From Settings, select Lock. Mark the Prompt

if device is unused for ____ checkbox and choose the duration. Next, select either Simple PIN or Strong alphanumeric as your

password type. Enter your password in the Password: and Confirm: fields. Select OK in the upper right-hand corner.

Objective:Security




✓ A)

✗ B)

✗ C)

✗ D)


References:

Mobile phone security no-brainer: Use a device passcode, http://www.computerworld.com/article/2497183/mobile-security/mobile-

phone-security-no-brainer--use-a-device-passcode.html



Spencer has been hired as the systems administrator for a small business, and he wants to set up authentication on a network that

contains two servers. What is the best way to provide this?

usernames with strong passwords

directory permissions

access control lists (ACLs)

VPN

Explanation

To provide authentication on a network that contains two servers, he should implement usernames with strong passwords. This will

allow the users to authenticate before accessing resources.

Directory permissions are used to limit access to directories or folders on a server. They do not provide authentication.

ACLs are the actual lists that contain the permissions granted to groups and users for a particular directory or file. They are also used

on firewalls to govern the flow of traffic based on IP address, port numbers, and other factors.

Virtual private networks (VPNS) allow users to connect remotely to a private network via a public network using an encrypted tunnel. It

usually relies on the authentication mechanism of the organization. It is not used for local network authentication as described in the

scenario.

Objective:Security


References:

Understanding user authentication, https://swoopnow.com/user-authentication/


http://www.computerworld.com/article/2497183/mobile-security/mobile-phone-security-no-brainer--use-a-device-passcode.html


https://swoopnow.com/user-authentication/





✓ A)

✗ B)

✗ C)

✗ D)


✗ A)

✗ B)

✗ C)

✓ D)

✗ E)

You are sharing a portable computer with a vendor to work on a legacy application. What should you do to secure this computer from

theft?

Use a T-bar locking mechanism.

Implement password protection on the computer.

Enable BitLocker.

Enable encrypting file system (EFS).

Explanation

You should use a T-bar locking mechanism to protect the portable computer from physical theft. A T-bar locking mechanism helps

protect your devices from physical theft by locking the device to the desk. If you do not have a T-bar locking mechanism and you need

to leave an unsecured computer at any time, you should lock the computer in a cabinet or drawer.

You should not implement password protection, EFS encryption, or BitLocker encryption on the portable computer. None of these will

prevent the computer from being stolen. Password protection will only provide protection against unauthorized access. EFS encryption

protects user data from other users who have logged on to a computer. BitLocker encryption helps protect user data and system files

from unauthorized access. It is used to encrypt data on drives.

You can add a Power On password to your computer or laptop for added security. When the computer is first powered on, the user will

be prompted to provide the Power On password. The computer will not continue booting unless the correct password is provided.

Objective:Security


References:

How to Use a Laptop Lock, https://www.techwalla.com/articles/how-to-use-a-laptop-lock



As stated in your organization’s new password policy, you must configure how many new passwords must be created before an old one

can be reused. Which policy should you use?

password length

password lockout

password age

password history

password complexity

https://www.techwalla.com/articles/how-to-use-a-laptop-lock





Explanation

Password history allows you to configure the exact number of new passwords that must be created before an old one can be reused.

This setting enhances security by allowing the administrators to ensure that old passwords are not being reused continually. Reused

passwords are sometimes referred to as rotating passwords.

Password age allows you to configure the minimum or maximum number of days that pass before a user is required to change the

password. It is a good security practice to enforce a password age of 30 to 60 days. Some companies force users to change their

passwords monthly or quarterly. This interval should be determined based on how critical the information is and on how frequently

passwords are used.

Password length allows you to configure the minimum number of characters that must be used in a password. At minimum, this policy

should be configured to seven or eight characters. Windows will allow you to set the minimum length to zero. You should not configure

too high a value as it can make the password difficult to remember.

Password locked, more commonly referred to as Failed attempts lockout, allows you to configure the number of invalid logon attempts

that can occur before an account is locked. Usually this password lockout policy also allows you to configure the number of days that

the account remains in this state. In some cases, you may want to configure the account lockout policy so that an administrator must be

contacted to enable the account again.

Password complexity allows you to configure which characters should make up a password to reduce the possibility of dictionary or

brute force attacks. A typical password complexity policy would force the user to incorporate numbers, letters, and special characters.

In addition, both uppercase and lowercase letters can be required. A password that uses a good mix, such as Ba1e$23q, is more

secure than a password that only implements parts of these requirements, such as My32birthday, NewYears06, and John$59.

Account policies should be enforced on all systems in the company. It is also a good practice to make sure that passwords are masked

or encrypted. This encryption should occur on the storage device on which they are located. Also, encryption should be used when they

are transmitted across the network.

As a good practice, a user's password should never be the same as the login account.

Objective:Security


References:

Enforce password history, http://technet.microsoft.com/en-us/library/cc956938.aspx



Which activity is covered under the confidentiality objective of the CIA triad, and involves examining someone's computer to steal

confidential information?

http://technet.microsoft.com/en-us/library/cc956938.aspx




✗ A)

✗ B)

✗ C)

✓ D)

social engineering

treason

dumpster diving

shoulder surfing

Explanation

Shoulder surfing refers to examining someone's computer from behind to steal confidential information, such as user passwords or

information related to business. Such information can be used to break into the network or the system and can affect the confidentiality

and integrity of the information assets of the organization. Privacy screens can help prevent shoulder surfing. You should also

implement password masking to prevent shoulder surfing.

Treason or subversion is not an activity that amounts to a breach of confidentiality. Therefore, treason cannot be defined in the

confidentiality objective of the Confidentiality, Integrity, and Availability (CIA) triad. Treason or subversion refers to an attempt to destroy

an authorized governing body. Treason is the crime of disloyalty to one's nation or state. Confidentiality is the minimum level of secrecy

maintained to protect sensitive information from unauthorized disclosure.

Dumpster diving refers to searching the garbage collection area or dustbin to look for non-shredded confidential documents. Dumpster

diving can reveal confidential information that can affect the confidentiality and integrity of the information to individuals. For example,

non-shredded printouts containing project details can reach unauthorized persons.

Social engineering refers to tricking someone into sharing classified information by disguising as an authorized person. Social

engineering can be used if the technical methods of intruding into a network are inappropriate. Social engineering is used to reveal

confidential information, such as system passwords, which are later used by the intruder to gain unauthorized access either to the

system or to the network.

Objective:Security


References:

Shoulder surfing (computer security), http://en.wikipedia.org/wiki/Shoulder_surfing_(computer_security)



http://en.wikipedia.org/wiki/Shoulder_surfing_(computer_security)


Date post:	15-Mar-2022
Category:	Documents
Upload:	others
View:	0 times
Download:	0 times