IT Essentials Chapter 12 Exam Online

Encrypting data, keeping software up to date, and backing up data are all security precautions, but will not protect against unauthorized physical access to premises by people trying to gather information for malicious purposes.

Worms are self-replicating pieces of software that consume bandwidth on a network as they propagate from system to system. They do not require a host application, unlike a virus. Viruses, on the other hand, carry executable malicious code which harms the target machine on which they reside.

Phishing attacks use social engineering to obtain user personal information. Viruses carry malicious executable code that runs on target machines. Worms propagate through the network consuming bandwidth resources. Adware, on the other hand, results in pop-up windows directing users to malicious sites.

A denial of service (DoS) attack attempts to overwhelm a system or process by sending large amounts of data or requests to the target. The goal is to keep the system so overwhelmed handling false requests that it is unable to respond to legitimate ones.

Longer passwords are more secure than passwords with fewer characters. A strong password should also contain a combination of uppercase and lower case letters, numbers, symbols, and punctuation marks. Strong passwords should be difficult to guess.

A security policy is made up of several elements in the form of rules, guidelines and checklists. It not only addresses computer usage, but extends to processes involving employees in respect of operational expectations, breaches to security, emergency procedures, and other pertinent factors governing the company.

High-level formatting does not erase data securely. Therefore data wiping software can be used to make any data on the drives unreadable. The CPU, monitor, and RAM do not permanently store information.

The only set of permissions that will allow a user to delete a file are Modify and Full Control. The Read and Execute permissions only allow access to the file; while the Write permission will allow deletion of file content, but the file itself cannot be removed.

Antivirus programs scan against known code patterns, also known as signatures, to determine if a given piece of software is a threat or not, and then takes the appropriate action. This is why it is essential for signatures to be kept up to date to detect the latest threats.

SSID and wireless MAC filtering are not encryption methods. WPA2 is more secure than WEP or WPA for encrypting traffic.

Port triggering is used to allow inbound traffic through the firewall based on outbound traffic. The trigger occurs when an application makes use of a specific port on the internal network. An external port on the firewall is then opened. This allows for temporary passage of traffic through inbound ports to a specific device.

Firewalls (software and hardware), up to date software, and backing up data are all security measures designed to protect data. However, these are not physical security precautions. Physical security precautions prevent theft, damage, or unauthorized access to physical computer equipment.

For local users, the Read permission is required to backup files, but the Write permission, at a minimum, is required to restore files.

The Idle Timeout and Screen Lock setting accessed through the Local Users and Groups Manager is used for logging the computer out and locking the screen if the user has not interacted with the computer for a specified amount of time. The user must log back in to recommence work.

Two best security practices for managing user accounts include limiting the time of day that users can log into a computer and limiting the number of times an incorrect password can be entered. Additionally, enabling idle timeout and screen lock for when users walk away from their computers is considered a best practice. The AutoRun feature allows executables to start automatically when external media is inserted into a drive or attached to a port. Disabling AutoRun is a security feature. Port forwarding is only to be enabled when a specific application needs it. Authentication is the act of logging in with a password, fingerprint, or facial scan and should be required.

There are two ways to manage the Windows firewall–through the Automatically setting and with the Manage Security Settings. The latter one is the manual method.

The technician can limit the time logins can occur on a computer. Using Event Viewer to determine the login times is an action that does not prevent the users from logging into the computer. Power on BIOS passwords are not usually configured for a specific time. Device Manager is used to view settings and operation of devices, not users.

Close-ended questions generally have a fixed or limited set of possible responses, such as “yes” or “no”. Open-ended questions imply no limited or fixed set of replies but rather generally prompt the responder to provide more meaningful feedback.

If a host infected with malware is causing a denial of service attack by flooding the network with traffic, disconnecting the host from the network can stop the attack. ActiveX and Silverlight are both examples of web software designed to provide interactive experiences on web pages. A rogue antivirus is a type of attack where the malware appears to be an antivirus telling the users that their system is infected. If a system is infected with malware, it is unlikely that logging on as a different user would prevent the malware from continuing the denial of service attack.

As part of the fifth step of the troubleshooting process, technicians should apply preventive measures whenever possible. Most company security policies include a section on password complexity and length requirements. Ensuring that this policy is being enforced can help prevent attackers from being able to compromise systems through password cracking.

Windows Firewall filters data from the network not from removable flash drives. The TPM is used for hardware authentication of users and devices, not malware protection. Repairing, deleting, or quarantining infected files will remove a current virus infection but not prevent future infections.

To prevent the problem, the antivirus software should be configured to scan removable media. Destroying the USB drive will prevent that device from spreading the virus to other computers, but will not prevent future transmission of viruses from USB drives. Windows Firewall is a useful tool, but it does not prevent the spread of viruses.

Rogue antimalware software attempts to fool the user by issuing a warning about malware infection. When the user activates the rouge program, the program infects the computer with malware. Because the rogue antimalware software can be activated by clicking in the warning message menu, the user should should attempt to close the browser tab or window instead of trying to close the message box by clicking it.

Removable drives can be encrypted by using BitLocker To Go. BitLocker To Go does not use a TPM chip. Encrypting File System (EFS) can encrypt data at file and folder level, but not for an entire drive. NTFS is used for access permission control. It does not encrypt data.

Problems of system files being renamed and file permissions being changed without user knowledge are most likely caused by a virus. File system corruption would make the directory and files inaccessible. A corrupted display driver would prevent the laptop from displaying at all or it would display only VGA resolution.