Podcast
Questions and Answers
Which of the following is the strongest password? (Select all that apply)
Which of the following is the strongest password? (Select all that apply)
- Thisisverysecure
- A.!OCRAIN#
- This1sV#rys3cure (correct)
- Marq1sD3S0d
Which of these is a security component of Windows?
Which of these is a security component of Windows?
- UPS
- CONTROL PANEL
- UAC (correct)
- GADGETS
What key combination helps to secure the logon process?
What key combination helps to secure the logon process?
- CTRL+ALT+DEL (correct)
- CTRL+SHIFT+ESC
- ALT+F4
- WINDOWS=R
Which of the following is the most common authentication model?
Which of the following is the most common authentication model?
Which of the following access control methods uses rules to govern whether object access will be allowed?
Which of the following access control methods uses rules to govern whether object access will be allowed?
When using the mandatory access control model, what component is needed?
When using the mandatory access control model, what component is needed?
Which of the following statements regarding the MAC model is true?
Which of the following statements regarding the MAC model is true?
In the DAC model, how are permissions identified?
In the DAC model, how are permissions identified?
Robert needs to access a resource. In the DAC model, what is used to identify him or other users?
Robert needs to access a resource. In the DAC model, what is used to identify him or other users?
A company has a high attrition rate. What should you ask the network administrator to do first?
A company has a high attrition rate. What should you ask the network administrator to do first?
Your company has 1000 users. Which of the following password management systems will work best for your company?
Your company has 1000 users. Which of the following password management systems will work best for your company?
In a discretionary access control model, who is in charge of setting permissions to a resource?
In a discretionary access control model, who is in charge of setting permissions to a resource?
Jason needs to add several users to a group. Which of the following will help him to get the job done faster?
Jason needs to add several users to a group. Which of the following will help him to get the job done faster?
How are permissions defined in the mandatory access control model?
How are permissions defined in the mandatory access control model?
Which of the following would lower the level of password security?
Which of the following would lower the level of password security?
Of the following access control models, which uses object labels?
Of the following access control models, which uses object labels?
Which of the following methods could identify when an unauthorized access has occurred?
Which of the following methods could identify when an unauthorized access has occurred?
What would you use to control the traffic that is allowed in or out of a network?
What would you use to control the traffic that is allowed in or out of a network?
In an attempt to deter fraud and defend against it, your company cross trains people in each department. This is an example of?
In an attempt to deter fraud and defend against it, your company cross trains people in each department. This is an example of?
What is a definition of implicit deny?
What is a definition of implicit deny?
In an environment where administrators, the accounting department, and the marketing department all have different levels of access, which of the following access control models is being used?
In an environment where administrators, the accounting department, and the marketing department all have different levels of access, which of the following access control models is being used?
Which security measure should be included when implementing access control?
Which security measure should be included when implementing access control?
Which password management system best provides for a system with a large number of users?
Which password management system best provides for a system with a large number of users?
You administer a bulletin board system for a rock and roll band. While reviewing logs for the board, you see one particular IP address posting spam multiple times per day. What is the best way to prevent this type of problem?
You administer a bulletin board system for a rock and roll band. While reviewing logs for the board, you see one particular IP address posting spam multiple times per day. What is the best way to prevent this type of problem?
Your organization has enacted a policy where employees are required to create passwords with at least 15 characters. What type of policy does this define?
Your organization has enacted a policy where employees are required to create passwords with at least 15 characters. What type of policy does this define?
Users are required to change their passwords every 30 days. Which policy should be configured?
Users are required to change their passwords every 30 days. Which policy should be configured?
You want to mitigate the possibility of privilege creep among your long-term users. What procedure should you employ?
You want to mitigate the possibility of privilege creep among your long-term users. What procedure should you employ?
A security administrator implements access controls based on the security classification of the data and need-to-know information. Which of the following would best describe this level of access control?
A security administrator implements access controls based on the security classification of the data and need-to-know information. Which of the following would best describe this level of access control?
Which of the following access control models would be found in a firewall?
Which of the following access control models would be found in a firewall?
You are consulting a small organization that relies on employees who work from home and on the road. A hack has compromised the network by denying remote access to the company using a script. Which of the following security controls did the hacker exploit?
You are consulting a small organization that relies on employees who work from home and on the road. A hack has compromised the network by denying remote access to the company using a script. Which of the following security controls did the hacker exploit?
Which type of vulnerability assessment software can check for weak passwords on the network?
Which type of vulnerability assessment software can check for weak passwords on the network?
You are contracted to conduct a forensic analysis of the computer. What should you do first?
You are contracted to conduct a forensic analysis of the computer. What should you do first?
Which of the following has schemas written in XML?
Which of the following has schemas written in XML?
Russ is using only documentation to test the security of a system. What type of testing methodology is this known as?
Russ is using only documentation to test the security of a system. What type of testing methodology is this known as?
Of the following, which is the best way for a person to find out what security holes exist on the network?
Of the following, which is the best way for a person to find out what security holes exist on the network?
After using Nmap to do a port scan of your server, you find that several ports are open. Which of the following should you do next?
After using Nmap to do a port scan of your server, you find that several ports are open. Which of the following should you do next?
Which of the following is a vulnerability assessment tool?
Which of the following is a vulnerability assessment tool?
You are a consultant for an IT company. Your boss asks you to determine the topology of the network. What is the best device to use in this circumstance?
You are a consultant for an IT company. Your boss asks you to determine the topology of the network. What is the best device to use in this circumstance?
Which of the following can enable you to find all the open ports on an entire network?
Which of the following can enable you to find all the open ports on an entire network?
What can hackers accomplish using malicious port scanning?
What can hackers accomplish using malicious port scanning?
Many companies send passwords via clear text. Which of the following can view these passwords?
Many companies send passwords via clear text. Which of the following can view these passwords?
Which of the following persons is ultimately in charge of deciding how much residual risk there will be?
Which of the following persons is ultimately in charge of deciding how much residual risk there will be?
To show risk from a monetary standpoint, which of the following should risk assessments be based upon?
To show risk from a monetary standpoint, which of the following should risk assessments be based upon?
Study Notes
Password Security
- The strongest password option is "This1sV#ryS3cure", which combines upper and lower case letters, numbers, and special characters.
- A self-service password resetting system is beneficial for managing passwords for a large number of users.
Windows Security Components
- User Account Control (UAC) is a vital security feature in Windows that helps prevent unauthorized changes to the operating system.
Authentication and Access Control
- The key combination "CTRL+ALT+DEL" is crucial for securing the logon process on Windows machines.
- The most common authentication model is using a username and password.
- Rule-based access control uses established rules to determine object access permissions.
Access Control Models
- Mandatory Access Control (MAC) requires the use of labels to enforce access restrictions.
- Discretionary Access Control (DAC) allows resource owners to set permissions for their resources using Access Control Lists (ACLs).
- Role-Based Access Control (RBAC) assigns access rights based on user roles within the organization.
Security Policies and Procedures
- Implementing password complexity requirements enhances security.
- Employees should create passwords of at least 15 characters to strengthen security posture.
Job and Role Management
- Job rotation and user permission reviews are strategies to mitigate privilege creep in users with long-term access.
- A template can expedite the process of adding users to groups in an organization.
Risk Management
- Senior management ultimately decides the level of residual risk that an organization will accept.
- Quantitative risk assessments are essential for determining monetary impacts related to risk management decisions.
Vulnerability Assessments
- A vulnerability assessment tool like Nessus can help identify security weaknesses in networks.
- Port scanning can reveal open ports that may expose systems to attacks and should be followed up with an examination of the services running on those ports.
Network Security
- Access Control Lists (ACLs) are used to control network traffic flow and determine the permissions granted to resources.
- Implementing CAPTCHA can help prevent automated spam attacks in online systems.
General Security Practices
- Session termination and previous logon notifications are methods to identify unauthorized access attempts.
- Mandatory vacations are a practice that aids in the separation of duties, preventing potential fraud.
Logging and Monitoring
- Forensic analysis begins with backing up the system to prevent data loss before any analysis takes place.
- Protocol analyzers can view passwords sent in clear text on unsecured networks.
Miscellaneous Security Concepts
- Implicit deny means that any resources not explicitly granted access are denied by default.
- A network mapper is the best device for determining network topology in a consulting scenario.
Studying That Suits You
Use AI to generate personalized quizzes and flashcards to suit your learning preferences.
Description
Test your knowledge on fundamental cybersecurity concepts including password security, Windows security components, and various access control models. This quiz covers essential practices such as User Account Control and authentication methods to safeguard systems.
