Questão 1
Questão
If you have a web server that needs to be accessible from both your internal network as well as the Internet, the most secure way to do this is to place the server;
Questão 2
Questão
The best way to ensure that a role like DNS is installed on your Windows server using recognized industry practices is to use:
Questão 3
Questão
If you wish to test all your WIndows updates before allowing your clients to install the updates, you should
Responda
-
Use GPO's to share updates and push them to your clients
-
have your clients download the updates from the Internet
-
Use a WSUS server
-
Use Mac clients, they don't need security updates
Questão 4
Questão
Window's "Core" refers to...
Responda
-
The main product offerings in the Window's office suite, including Word, Excel, and PowerPoint
-
The Kernel and network configuration of he operating system
-
The parts of the Windows security centre which helps to secure a client machine
-
An installation of Windows Server which has an extremely limited user interface and software installation
Questão 5
Questão
During startup/logon, a Microsoft client will apply policies from different places, effecting how the machine is managed.
What order are these policies applied in?
Responda
-
OU, Domain, Site, Local
-
Local, Site, Domain, OU
-
Local, Site, OU, Domain
-
Domain, OU, Local, Site
Questão 6
Questão
Fred is logged in as his standard (non-Root) user account. He needs to mount an external drive, fortunately his account is listed in the sudoers file; to run the mount command he can type;
Responda
-
mount /dev/sda1 /~/usb
-
su -l THEN mount /dev/sda1 /~/usb
-
sudo mount /dev/sda1 /~/usb
-
rootmount /dev/sda1 /~/usb
Questão 7
Questão
In the previous question, assuming fred uses the correct command, and it works as expected, what will the result be?
Responda
-
The external USB drive will be mounted
-
Fred will be prompted for his password
-
Fred will be prompted for the root password
-
Fred will be informed he cannot perform the action
Questão 8
Questão
You don't need to configure a default gateway to browse Internet websites if you have; *****
Questão 9
Questão
Deploying multiple Honeypots on your network is considered a;
Responda
-
honeynet
-
beehive
-
honeyfarm
-
masquerade
Questão 10
Questão
What is the advantage of having an IDS system in the DMZ of your network
Responda
-
It can stop attacks that are occurring against your servers that are hosted there
-
It doesn't slow internal network traffic from reaching the Internet
-
It can lure attacks against your systems away from your actual servers
-
It can log both the types of attacks and where they are originating from against your servers
Questão 11
Questão
To more securely host services that are accessible from the Internet you could;
Responda
-
Place Internet servers in a screened subnet
-
Place Internet servers behind your Firewall
-
Put your servers in an Intranet
-
Put your servers in a Supernet
Questão 12
Questão
Why would you want to use Direct Access for your remote clients to allow access rather than a Virtual Private Network?
Responda
-
Direct Access uses Kerberos for authentication, so user credentials are not passed over the Internet
-
Direct Access occurs automatically when a user is not on the internal network, allowing the machine to be updated without user interaction
-
Because Direct Access uses a separate secure tunnel to transmit credentials over the Internet
-
Direct Access uses the PKI of the Active Directory Network, making it more secure than a VPN
Questão 13
Questão
NAT is an example of:
Responda
-
A stateful firewall
-
IPv4 to IPv6 translation
-
An application firewall
-
An IPSEC concentrator
Questão 14
Questão
In terms of threat assessment, what is a vulnerability?
Responda
-
An extra gateway onto your network
-
Using Internet Explorer
-
A security weakness that could be exploited by a threat
-
Having low bandwidth and throughput on your gateway
Questão 15
Questão
In Linux, the firewall implements as..
Responda
-
ipchains
-
natd
-
iptables
-
secured
Questão 16
Questão
On the inside of a properly firewalled network...
Responda
-
There is no need for a local firewall
-
A local firewall provides depth of defense
-
A local firewall can stop unwanted traffic from compromised internal machines from reaching other machines on the inside
-
Both B and C above
Questão 17
Questão
A way to build a secure server configuration that can be exported to other servers is to;
Responda
-
Run the BPA
-
Run sconfig
-
run winrm
-
run the SCW
Questão 18
Questão
To build a set of GPO's and policies to secure laptop machines on your network you can use;
Responda
-
Use the Security Configuration Manager to generate the policies
-
Ghost the laptop with an image
-
Place the laptop in the DMZ
-
make sure the laptop is properly updated
Questão 19
Questão
What is an advantage to installing a Certificate Authority into your Active Directory structure and creating a PKI?
Responda
-
It will encrypt all the data on your network
-
It stops the use of Kerberos authentication which is not very secure
-
It allows you to browse non-trusted web sites on the Internet securely
-
It can allow for trusted connection to Domains and computers outside your Domain
Questão 20
Questão
What is one of the security challenges of using imaging to setup your systems on the network?
Responda
-
Images can be modified while getting pushed out to target machines
-
Systems are not updated properly
-
Administrative accounts have the same password on all machine
-
Base images can have rootkits installed into them