SPSCC_CNA113_Chpt_28_Securing_Computers – Flashcards
Unlock all answers in this set
Unlock answersquestion
Acceptable Use Policy (AUP)
answer
Defines what actions employees may or may not perform on company equipment, including computers, phones, printers, and even the network itself. This policy defines the handling of passwords, e-mail, and many other issues.
question
access control
answer
Security concept using physical security, authentication, users and groups, and security policies.
question
activation
answer
Process of confirming that an installed copy of a Microsoft product, most commonly Windows or a Microsoft Office application, is legitimate. Usually done at the end of software installation.
question
anti-malware program
answer
Software designed to identify and block or remove malware. Typically powered by frequently updated definition files containing the signatures of known malware.
question
antivirus program
answer
Software designed to combat viruses by either seeking out and destroying them or passively guarding against them.
question
attack vector
answer
The route or methods used by a given attack, including malware.
question
authentication
answer
Any method a computer uses to determine who can access it.
question
biometric device
answer
Hardware device used to support authentication; works by scanning and remembering a unique aspect of a user's various body parts, e.g., retina, iris, face, or fingerprint, by using some form of sensing device such as a retinal scanner.
question
botnet
answer
Network of computers infected with malware that can be controlled to do the bidding of the malware developers, or anyone who pays them. A common use is carrying out Distributed Denial of Service (DDoS) attacks.
question
brute force
answer
Simple attack that attempts to guess credentials or identify vulnerabilities by trying many possibilities.
question
cable lock
answer
Simple anti-theft device for securing a laptop to a nearby object.
question
certificate authority (CA)
answer
Trusted entities that sign digital certificates to guarantee that the certificate was signed by the site in question and not forged.
question
chain of custody
answer
A documented history of who has been in possession of a system.
question
checksum
answer
Value generated from some data, like a file, and saved for comparing to others later. Can be used to identify identical data, such as files on a user's system that match known viruses. They can also be used to monitor whether a program is changing itself over time, which is a strong warning sign that it may be malware that evolves to avoid detection.
question
closed source software
answer
Software for which the source code is kept secret.
question
compliance
answer
Concept that members of an organization must abide by the rules of that organization. For a technician, this often revolves around what software can or cannot be installed on an organization's computers.
question
data classification
answer
System of organizing data according to its sensitivity. Common classifications include public, highly confidential, and top secret.
question
default user accounts/groups
answer
Users or groups that are enabled by default. Some, such as the guest account, represent a security risk.
question
definition files
answer
List of virus signatures that an antivirus program can recognize.
question
destination port
answer
In port triggering, after the router sends outbound traffic on the trigger port it will open this port to receive the response.
question
dictionary attack
answer
Type of brute-force attack using a dictionary to guess things like usernames and passwords. Don't think Webster's, these dictionaries may be full of usernames and passwords that have leaked or been used as defaults over the years.
question
digital certificate
answer
Form in which a public key is sent from a Web server to a Web browser so that the browser can decrypt the data sent by the server.
question
digital rights management (DRM)
answer
Code schemes for enforcing what users can and can't do with commercial software or digital media files.
question
drive-by-download
answer
Undesired file downloads generated by turpid Web sites and ads.
question
dumpster diving
answer
To go through someone's trash in search of information.
question
effective permissions
answer
User's combined permissions granted by multiple groups.
question
encryption
answer
Making data unreadable by those who do not possess a key or password.
question
End User License Agreement (EULA)
answer
Agreement that accompanies a piece of software, to which the user must agree before using the software. Outlines the terms of use for the software and also lists any actions on the part of the user that violate the agreement.
question
entry control roster
answer
Document for recording who enters and leaves a building.
question
environmental controls
answer
Practice of protecting computing equipment from environmental damage by taking measures such as air conditioning, proper ventilation, air filtration, temperature monitoring, and humidity monitoring.
question
event auditing
answer
Feature of Event Viewer's Security section that creates an entry in the Security Log when certain events happen, such as a user logging on.
question
Event Viewer
answer
Utility made available in Windows as an MMC snap-in that enables users to monitor various system events, including network bandwidth usage and CPU utilization.
question
firewall
answer
Device that restricts traffic between a local network and the Internet.
question
Group Policy
answer
Means of easily controlling the settings of multiple network clients with policies such as setting minimum password length or preventing Registry edits.
question
hardware firewall
answer
Firewall implemented within networking hardware such as a router.
question
HTTPS
answer
Secure form of HTTP used commonly for Internet business transactions or any time when a secure connection is required. Uses port 443.
question
ID badge
answer
Small card or document for confirming the identity of its holder and what access they should be granted. May use built-in authentication tools such as RFID or smart card to function as a "something you have" authentication factor.
question
incident reporting
answer
Process of reporting gathered data about a system or problem to supervisors. Creates a record of work accomplished, and may help identify patterns. Often documented on an incident report form.
question
incident response leader
answer
In some organizations, a person other than a supervisor responsible for receiving and responding to all incident reports.
question
intrusion detection system (IDS)
answer
Application that inspects packets, looking for active intrusions. Functions inside the network, looking for threats a firewall might miss, such as viruses, illegal logon attempts, and other well-known attacks. May also discover threats from inside the network, such as a vulnerability scanner run by a rogue employee.
question
intrusion prevention system (IPS)
answer
Application similar to an intrusion detection system (IDS), except that it sits directly in the flow of network traffic. This enables it to stop ongoing attacks itself, but may also slow down the network and be a single point of failure.
question
IPsec or Internet Protocol security
answer
Microsoft's encryption method of choice for networks consisting of multiple networks linked by a private connection, providing transparent encryption between the server and the client.
question
Kerberos
answer
Authentication encryption developed by MIT to enable multiple brands of servers to authenticate multiple brands of clients.
question
Local Security Policy
answer
Windows tool used to set local security policies on an individual system.
question
malware
answer
Broadly, software designed to use your computer or device against your wishes. Includes adware, spyware, viruses, ransomware, etc. May be part of seemingly legitimate software or installed by exploiting a vulnerability in the device.
question
man-in-the-middle (MITM)
answer
Attacker serves as an intermediary between two systems, enabling the attacker to observe, redirect, or even alter messages passing in either direction.
question
mantrap
answer
Small room with a set of doors; one to the unsecured area and one to a secured area. Only one door can open at a time, and individuals must authenticate to continue. Combats tailgating.
question
object access auditing
answer
Feature of Event Viewer's Security section that creates an entry in the Security Log when certain objects are accessed, such as a file or folder.
question
open source software
answer
Software for which the source code is published instead of kept secret. Typically released under an open source license that specifies terms for those who wish to use the software or modify its source.
question
patch management
answer
Process of keeping software updated in a safe, timely fashion.
question
personally identifiable information (PII)
answer
Any data that can lead back to a specific individual.
question
phishing
answer
The act of trying to get people to give their usernames, passwords, or other security information by pretending to be someone else electronically.
question
policies
answer
Control permission to perform a given action, such as accessing a command prompt, installing software, or logging on at a certain time of day. Contrast with true permissions, which control access to specific resources.
question
polymorph virus
answer
Virus that attempts to change its signature to prevent detection by antivirus programs, usually by continually scrambling a bit of useless code.
question
pop-up
answer
Irritating browser window that appears automatically when you visit a Web site.
question
port forwarding
answer
Preventing the passage of any IP packets through any ports other than the ones prescribed by the system administrator.
question
port triggering
answer
Router function that enables a computer to open an incoming connection to one computer automatically based on a specific outgoing connection.
question
principle of least privilege
answer
Security idea that accounts should have permission to access only the resources they need and no more.
question
radio frequency identification (RFID)
answer
Wireless technology that uses small tags containing small amounts of digital information, and readers capable of accessing it. The passive type of these tags operate by harvesting some of the power a scanner or reader emits, enabling a vast array of applications. Common uses such as tracking library books, identifying lost pets, contactless payments, and wireless door locks are just scratching the surface.
question
ransomware
answer
A nasty form of malware that encrypts data or drives on the infected system and demands payment, often within a limited timeframe, in exchange for the keys to decrypt the data.
question
remediation
answer
Repairing damage caused by a virus.
question
replication
answer
When a virus makes copies of itself, often by injecting itself into other executables. See malware and virus.
question
retinal scanner
answer
Biometric security device that authenticates an individual by comparing retinal scans. Rarer in the real world than in media such as movies or video games.
question
rogue anti-malware
answer
Free applications that claim to be anti-malware, but which are actually themselves malware.
question
rootkit
answer
Program that takes advantage of very lowlevel functionality to gain privileged system access and hide itself from all but the most aggressive anti-malware tools. Can strike operating systems, hypervisors, and even device firmware.
question
RSA token
answer
Random-number generators used along with a user name and password to enhance security.
question
Secure Sockets Layer (SSL)
answer
Security protocol used by a browser to connect to secure Web sites.
question
security token
answer
Devices that store some unique information that a user carries with them. May contain digital certificates, passwords, biometric data, or RSA tokens.
question
session hijacking
answer
Intercepting a valid computer session to get authentication information from it, enabling the attacker to use whatever resources the authentication grants access for as long as the authentication information or session are valid.
question
shoulder surfing
answer
Looking for credentials or other sensitive information by watching someone use a computer or device, often over their shoulder.
question
signature
answer
Code pattern of a known virus; used by antivirus software to detect viruses.
question
smart card
answer
Hardware authentication involving a credit card-sized card with circuitry that can be used to identify the bearer of that card.
question
social engineering
answer
Using or manipulating people inside the networking environment to gain access to that network from the outside.
question
software firewall
answer
Firewall implemented in software running on servers or workstations.
question
spam
answer
Unsolicited e-mails from both legitimate businesses and scammers that account for a huge percentage of traffic on the Internet.
question
spear phishing
answer
Dangerous targeted phishing attack on a group or individual that carefully uses details from the target's life to increase the odds they'll take the bait.
question
spoofing
answer
Pretending to be someone or something else by placing false information into packets. Commonly this type of data includes a source MAC address or IP address, e-mail address, Web address, or user name. Generally a useful tool for enhancing or advancing other attacks, such as social engineering or spear fishing..
question
spyware
answer
Software that runs in the background of a user's PC, sending information about browsing habits back to the company that installed it onto the system.
question
Stateful Packet Inspection (SPI)
answer
Used by hardware firewalls to inspect each incoming packet individually for purposes such as blocking traffic that isn't in response to outgoing requests.
question
stealth virus
answer
Virus that uses various methods to hide from antivirus software
question
tailgating
answer
Form of infiltration and social engineering that involves following someone else through a door as if you belong in the building.
question
telephone scam
answer
Social engineering attack in which the attacker makes a phone call to someone in an organization to gain information.
question
Transport Layer Security (TLS)
answer
Encryption protocol used to securely connect between servers and clients, such as when your Web browser securely connects to Amazon's servers to make a purchase.
question
trigger port
answer
In port triggering, outbound traffic on this port will cause the router to open the destination port and wait for a response.
question
Trojan horse
answer
Program that does something other than what the user who runs the program thinks it will do. Used to disguise malicious code.
question
trusted root CA
answer
A highly respected certificate authority (CA) that has been placed on the lists of trusted authorities built into Web browsers.
question
unauthorized access
answer
Anytime a person accesses resources in an unauthorized way. This access may or may not be malicious.
question
unified threat management (UTM)
answer
Providing robust network security by integrating traditional firewalls with many other security services such as IPS, VPN, load balancing, antimalware, and more.
question
virus
answer
Program that can make a copy of itself without your necessarily being aware of it. Some viruses can destroy or damage files. The best protection is to back up files regularly.
question
virus shield
answer
Passive monitoring of a computer's activity, checking for viruses only when certain events occur.
question
worm
answer
Very special form of virus. Unlike other viruses, this does not infect other files on the computer. Instead, it replicates by making copies of itself on other systems on a network by taking advantage of security weaknesses in networking protocols.
question
zero-day attack
answer
Attack targeting a previously unknown bug or vulnerability that software or hardware developers have had zero days to fix.
question
zombie
answer
Computer infected with malware that has turned it into a botnet member.
question
data classification
answer
Mary's company routinely labels data according to its sensitivity or potential danger to the company if someone outside accesses the data. This is an example of __________________.
question
Trojan horse
answer
A(n) __________________ masquerades as a legitimate program, yet does something different than what is expected when executed.
question
definition files. signature.
answer
Antivirus software uses updatable __________________ to identify a virus by its __________________.
question
object access auditing
answer
Enable __________________ to create Event Viewer entries when a specific file is accessed.
question
unauthorized access
answer
Although not all __________________ is malicious, it can lead to data destruction.
question
social engineering
answer
Most attacks on computer data are accomplished through __________________.
question
firewall
answer
A(n) __________________ protects against unauthorized access from the Internet.
question
smart card
answer
Many companies authenticate access to secure rooms using an ownership factor such as a(n) __________________.
question
Transport Layer Security (TLS). HTTPS.
answer
Before making a credit card purchase on the Internet, be sure the Web site uses the __________________ protocol (that replaced the older SSL protocol), which you can verify by checking for the __________________ protocol in the address bar.
question
polymorph virus
answer
A virus that changes its signature to prevent detection is called a(n) __________________.
question
Social engineering
answer
What is the process of using or manipulating people to gain access to network resources? A. Cracking B. Hacking C. Network engineering D. Social engineering
question
Smart card
answer
Which of the following might offer good hardware authentication? A. Strong password B. Encrypted password C. NTFS D. Smart card
question
Local Security Policy
answer
Which of the following tools would enable you to stop a user from logging on to a local machine but still enable him to log on to the domain? A. AD Policy Filter B. Group Policy Auditing C. Local Security Policy D. User Settings
question
Port forwarding
answer
Which hardware firewall feature enables incoming traffic on a specific port to reach an IP address on the LAN? A. Port forwarding B. NAT C. DMZ D. Multifactor authentication
question
He installed a Trojan horse.
answer
Zander downloaded a game off the Internet and installed it, but as soon as he started to play he got a Blue Screen of Death. Upon rebooting, he discovered that his Documents folder had been erased. What happened? A. He installed spyware. B. He installed a Trojan horse. C. He broke the Group Policy. D. He broke the Local Security Policy
question
WPA2
answer
Which of the following should Mary set up on her Wi-Fi router to make it the most secure? A. NTFS B. WEP C. WPA D. WPA2
question
Effective permissions
answer
A user account is a member of several groups, and the groups have conflicting rights and permissions to several network resources. The culminating permissions that ultimately affect the user's access are referred to as what? A. Effective permissions B. Culminating rights C. Last rights D. Persistent permissions
question
They automatically scan e-mails, downloads, and running programs.
answer
What is true about virus shields? A. They automatically scan e-mails, downloads, and running programs. B. They protect against spyware and adware. C. They are effective in stopping pop-ups. D. They can reduce the amount of spam by 97 percent.
question
Kerberos
answer
What does Windows use to encrypt the user authentication process over a LAN? A. PAP B. TPM C. HTTPS D. Kerberos
question
Telephone scams and Phishing
answer
Which threats are categorized as social engineering? Select all that apply. A. Telephone scams B. Phishing C. Trojan horses D. Spyware
question
Quarantine the computer so the suspected malware does not spread.
answer
A user calls to complain that his computer seems awfully sluggish. All he's done so far is open his e-mail. What should the tech do first? A. Educate the user about the dangers of opening e-mail. B. Quarantine the computer so the suspected malware does not spread. C. Run anti-malware software on the computer. D. Remediate the infected system.
question
Boot to Safe Mode and run System Restore or Boot to the Windows Recovery Environment and run System Restore.
answer
Which of the following are good examples of remediation? Select two. A. Boot to Safe Mode and run System Restore. B. Boot to the Windows Recovery Environment and run System Restore. C. Boot to a safe environment and run antivirus software. D. Remove a computer suspected of having malware from the network, effectively quarantining the computer.
question
Applaud the technician for proper compliance.
answer
A user calls and complains that the technician who fixed his computer removed some software he used to download movies and music on the Internet. A check of approved software does not include the uTorrent application, so what should the supervisor do? A. Applaud the technician for proper compliance. B. Educate the user about the legal issues involved with movie and music downloads. C. Add the uTorrent application to the approved software list and make the technician apologize and reinstall the software. D. Check with the user's supervisor about adding uTorrent to the approved software list.
question
Chain of custody
answer
Mike hands the hard drive containing suspicious content to the head of IT security at Bayland Widgets Co. The security guy requests a record of everyone who has been in possession of the hard drive. Given such a scenario, what document should Mike give the IT security chief? A. Chain of custody B. Definition file C. Entry control roster D. Trusted root CA
question
Install anti-malware software on every computer. Set the software up to update the definitions and engine automatically. Set the software up to scan regularly. Educate the users about what sites and downloads to avoid.
answer
Cindy wants to put a policy in place at her company with regard to malware prevention or at least limitation. What policies would offer the best solution? A. Install anti-malware software on every computer. Instruct users on how to run it. B. Install anti-malware software on every computer. Set the software up to scan regularly. C. Install anti-malware software on every computer. Set the software up to update the definitions and engine automatically. Set the software up to scan regularly. D. Install anti-malware software on every computer. Set the software up to update the definitions and engine automatically. Set the software up to scan regularly. Educate the users about what sites and downloads to avoid.
question
Often via email & disguised as from trusted company. Requests a username, password, or account number. Tricks unsuspecting users.
answer
Describe how a phishing attack works.
question
A package of security services providing robust network security by integrating traditional firewalls with many other security services such as IPS, VPN, load balancing, antimalware, and more.
answer
What is Unified Threat Management (UTM)?
question
Social engineering
answer
Some hackers try to deceive people to get others to tell them confidential information. What is this called?
question
Smart cards & biometric devices such as fingerprint/retinal scanners.
answer
What are some hardware-based authentication mechanisms?
question
Via HTTPS, or HTTP over the Secure Sockets Layer (SSL)
answer
How is the Hypertext Transfer Protocol (HTTP) protected when secure data needs to be sent?
question
Searching through trash for valuable data
answer
What is dumpster diving?
question
Authorization validates credentials. Encryption makes data unreadable.
answer
What's the difference between authorization & encryption?
question
Malicious software. Prog/code: does something undesirable. Viruses, Trojan horses, worms, rootkits, spyware, botnets, ransomware, spam, etc.
answer
What is malware?
question
Defines what employees may or may not do on company equipment.
answer
What is an Acceptable Use Policy (AUP)?
question
Event Viewer
answer
User states that he received an error message in a Windows dialog box. Doesn't remember exact error message. How can a technician view it?
question
Similar to tailgating, but instead of following an authorized person into the building, you're allowed in by an insider.
answer
What is piggybacking?
question
It's phishing but targeting a high value target such as a CEO of a company.
answer
What is whaling?
question
Phishing scams that are done via SMS messaging or texting.
answer
What is SMSishing?
question
Knowledge factors - something the user knows, like a password or PIN. Ownership factors - something the user has, such as a key, smart card, or security token. Inherence factors - something about the user, such as a fingerprint or iris scan Location factor - somewhere you are. This can be used if the individual's location can be pinpointed via GPS or some other method. The individual may be required to be at a certain location in order to log in to the system, for example. Temporal factor - may require logon at a certain time of day, or even within so many seconds or minutes of another event. Ability factor - Something you can do such as typing pattern or voice cadence pattern.
answer
What are the authentication factors?
question
Knowledge factor
answer
Authorization factor where the factor is something the user knows, like a password or PIN.
question
Ownership factor
answer
Authorization factor where the factor is something the user has, such as a key, smart card, or security token.
question
Inherence factors
answer
Authorization factor where the factor is something about the user, such as a fingerprint, facescan, or iris scan
question
Location factor
answer
Authorization factor where the factor is somewhere you are. This can be used if the individual's location can be pinpointed via GPS or some other method. The individual may be required to be at a certain location in order to log in to the system, for example.
question
Temporal factor
answer
Authorization factor where the factor may require logon at a certain time of day, or even within so many seconds or minutes of another event.
question
Ability factor
answer
Authorization factor where the factor is something you can do such as typing pattern or voice cadence pattern.
question
Uninterruptible Power Supplies (UPSs)
answer
What is the best way to protect network devices from a loss of power?
question
Clean equipment with compressed air or a nonstatic vacuum. Maintain proper airflow to keep things cool and to control dusty air. Make sure that the room is ventilated and air-conditioned and that the air filters are changed regularly. If things are really bad, you can enclose a system in a dust shield which comes complete with its own filter.
answer
What are some methods of protecting equipment from "dirty air?"
question
22° Celsius or 72° Fahrenheit
answer
What temperature are most computers designed to operate at?
question
A privacy filter which is little more than a framed sheet or film that you apply to the front of your monitor. Privacy filters reduce the viewing angle, making it impossible to see the contents on the screen for anyone except those directly in front of the screen
answer
What's an excellent way to prevent "shoulder surfing?"
question
The bot hearder
answer
What is the person in charge of the botnet called?
question
1. Identify malware symptoms 2. Quarantine infected system 3. Disable system restore in Windows 4. Remediate infected systems * Update anti-malware software * Use scan and removal techniques - Windows Safe Mode or Preinstallation Environment 5. Schedule scans and run updates 6. Enable system restore & create restore point 7. Educate end user
answer
What's the best way to remove malware?