Q581. Ann, a security administrator at a call center, has been experiencing problems with users intentionally installing unapproved and occasionally malicious software on their computers. Due to the nature of their jobs, Ann cannot change their permissions. Which of the following would BEST alleviate her concerns?
A. Deploy a HIDS suite on the users' computers to prevent application installation.
B. Maintain the baseline posture at the highest OS patch level.
C. Enable the pop-up blockers on the users' browsers to prevent malware.
D. Create an approved application list and block anything not on it.
Answer: D
Explanation:
Q582. A Windows-based computer is infected with malware and is running too slowly to boot and run a malware scanner. Which of the following is the BEST way to run the malware scanner?
A. Kill all system processes
B. Enable the firewall
C. Boot from CD/USB
D. Disable the network connection
Answer: C
Explanation:
Q583. Which of the following is the term for a fix for a known software problem?
A. Skiff
B. Patch
C. Slipstream
D. Upgrade
Answer: B
Explanation:
Patch management is the process of maintaining the latest source code for applications and operating systems by applying the latest vendor updates. This helps protect a systems from newly discovered attacks and vulnerabilities.
Q584. TION NO: 174
Jane, an administrator, needs to make sure the wireless network is not accessible from the parking area of their office. Which of the following would BEST help Jane when deploying a new access point?
A. Placement of antenna
B. Disabling the SSID
C. Implementing WPA2
D. Enabling the MAC filtering
Answer: A
Explanation:
You should try to avoid placing access points near metal (which includes appliances) or near the ground. Placing them in the center of the area to be served and high enough to get around most obstacles is recommended. On the chance that the signal is actually traveling too far, some access points include power level controls, which allow you to reduce the amount of output provided.
Q585. A company has just deployed a centralized event log storage system. Which of the following can be used to ensure the integrity of the logs after they are collected?
A. Write-once drives
B. Database encryption
C. Continuous monitoring
D. Role-based access controls
Answer: A
Explanation:
Q586. A security analyst needs to logon to the console to perform maintenance on a remote server. Which of the following protocols would provide secure access?
A. SCP
B. SSH
C. SFTP
D. HTTPS
Answer: B
Explanation:
Secure Shell (SSH) is a tunneling protocol originally used on Unix systems. It’s now available for both Unix and Windows environments. SSH is primarily intended for interactive terminal sessions. SSH is used to establish a command-line, text-only interface connection with a server, router, switch, or similar device over any distance.
Q587. A network administrator has a separate user account with rights to the domain administrator group. However, they cannot remember the password to this account and are not able to login to the server when needed. Which of the following is MOST accurate in describing the type of issue the administrator is experiencing?
A. Single sign-on
B. Authorization
C. Access control
D. Authentication
Answer: D
Explanation:
Authentication generally requires one or more of the following:
.
Something you know: a password, code, PIN, combination, or secret phrase.
.
Something you have: a smart card, token device, or key.
.
Something you are: a fingerprint, a retina scan, or voice recognition; often referred to as biometrics, discussed later in this chapter.
.
Somewhere you are: a physical or logical location.
.
Something you do: typing rhythm, a secret handshake, or a private knock.
Q588. An attacker crafts a message that appears to be from a trusted source, but in reality it redirects the recipient to a malicious site where information is harvested. The message is narrowly tailored so it is effective on only a small number of victims. This describes which of the following?
A. Spear phishing
B. Phishing
C. Smurf attack
D. Vishing
Answer: A
Explanation:
Q589. After an assessment, auditors recommended that an application hosting company should contract with additional data providers for redundant high speed Internet connections. Which of the following is MOST likely the reason for this recommendation? (Select TWO).
A. To allow load balancing for cloud support
B. To allow for business continuity if one provider goes out of business
C. To eliminate a single point of failure
D. To allow for a hot site in case of disaster
E. To improve intranet communication speeds
Answer: B,C
Explanation:
A high-speed internet connection to a second data provider could be used to keep an up-to-date replicate of the main site. In case of problem on the first site, operation can quickly switch to the second site. This eliminates the single point of failure and allows the business to continue uninterrupted on the second site. Note: Recovery Time Objective The recovery time objective (RTO) is the maximum amount of time that a process or service is allowed to be down and the consequences still be considered acceptable. Beyond this time, the break in business continuity is considered to affect the business negatively. The RTO is agreed on during BIA creation.
Q590. Which of the following should be done before resetting a user’s password due to expiration?
A. Verify the user’s domain membership.
B. Verify the user’s identity.
C. Advise the user of new policies.
D. Verify the proper group membership.
Answer: B
Explanation:
When resetting a password, users have to establish their identity by answering a series of personal questions, using a hardware authentication token, or responding to a password notification e-mail. Users can then either specify a new, unlocked password, or ask that a randomly generated one be provided. This can be done from their workstation login prompt, or through a telephone call.