Module III Certification Quiz Part 1

A Faraday cage is a shielded enclosure that prevents the escape or entry of electromagnetic fields. It is commonly used to mitigate data emanation, which refers to the unintentional leakage of electromagnetic signals that can be intercepted by unauthorized individuals. By using a Faraday cage, the electromagnetic signals generated by electronic devices inside the cage are contained, preventing them from being intercepted or accessed by external sources. This ensures the security and confidentiality of sensitive data and helps protect against potential data breaches or unauthorized access.

Fiber is the least susceptible to a tap being placed on the line because it uses light signals to transmit data instead of electrical signals. This means that it is more difficult for someone to intercept or tap into the fiber optic cable without disrupting the signal. Additionally, fiber optic cables do not emit electromagnetic radiation, making it harder for someone to detect and intercept the signal.

The manufacturer's website is the best place to obtain a hotfix or patch for an application or system because it is the official source for updates and is likely to have the most up-to-date and reliable information. News groups or forums may provide unofficial or outdated information, a CD-ROM may not have the latest updates, and an email from the vendor may not be as accessible or comprehensive as the manufacturer's website.

Carbon dioxide is the most suitable fire suppression system for a server room because it is effective in extinguishing fires without causing damage to the equipment. Carbon dioxide works by displacing oxygen, which is necessary for combustion, and suffocating the fire. It is a clean agent that does not leave any residue or water behind, making it ideal for sensitive electronic equipment. Additionally, carbon dioxide is non-conductive, so it does not pose a risk of electrical damage.

A demilitarized zone (DMZ) is a portion of a company's network that is located between the Internet and an internal network. It acts as a buffer zone that separates the public-facing services and systems from the internal network, providing an additional layer of security. The DMZ allows external users to access certain services, such as email or web servers, while keeping the internal network protected from potential threats. By placing these services in the DMZ, any potential attacks or vulnerabilities are contained within this zone and do not directly impact the internal network.

A static NAT uses a one to one mapping, meaning that it maps a single internal IP address to a single external IP address. This allows for a direct and specific translation of IP addresses, ensuring that each internal address corresponds to a unique external address. This can be useful in scenarios where specific devices or services need to be accessed from outside the network using a dedicated IP address.

A Faraday cage is an enclosure that is designed to block external radio frequency signals from entering or leaving a controlled environment. It is made of conductive material, such as metal, which creates a shield that prevents electromagnetic waves from passing through. This is achieved by the principle of electromagnetic shielding, where the conductive material absorbs and redistributes the electromagnetic energy, thereby minimizing its transmission. Therefore, a Faraday cage is the best description for an enclosure that prevents radio frequency signals from emanating out of a controlled environment.

A Faraday cage prevents the usage of a cell phone. This is because the cage is designed to block out external static electrical fields, which includes the signals and waves used by cell phones to communicate. When a cell phone is placed inside a Faraday cage, it is effectively shielded from any incoming or outgoing signals, rendering it unable to send or receive calls, messages, or data.

WPA (Wi-Fi Protected Access) and WEP (Wired Equivalent Privacy) are both wireless security protocols that can be used to secure a wireless network. WPA provides stronger security compared to WEP as it uses encryption algorithms and dynamic keys to protect the network. WEP, on the other hand, uses a static encryption key which makes it less secure. By using both WPA and WEP, the small manufacturing company can ensure the security of their wireless network.

The SSID in a wireless network is used to identify the network. It serves as the name of the network that users can see when searching for available networks to connect to. The SSID allows users to differentiate between different networks and choose the one they want to connect to. It is not used to define encryption protocols, protect the client, or secure the WAP. Its main purpose is simply to identify the network.

Sanitization is the process of securely removing information from media, such as a hard drive, to ensure that it cannot be recovered or accessed in the future. This involves using specialized software or hardware to overwrite the data multiple times, making it virtually impossible to retrieve. Reformatting, deleting, and destruction may not completely remove the data or make it unrecoverable, while sanitization ensures that the information is permanently erased.

A mantrap is a security measure that can be installed at a data center to prevent piggybacking. It is a small enclosed area with two doors, where one door cannot be opened until the other is closed. This ensures that only one person can enter at a time and prevents unauthorized individuals from entering by piggybacking on authorized staff. By installing a mantrap, the data center can effectively control access and prevent unauthorized entry.

A firewall is a software or hardware device that acts as a barrier between a computer or network and unauthorized access from external sources. It monitors and controls incoming and outgoing network traffic based on predetermined security rules. By allowing only authorized network traffic, a firewall helps to protect the computer or network from potential threats and unauthorized access attempts.

To keep an 802.11x network from being automatically discovered, the user should turn off the SSID broadcast. This means that the network's name will not be visible to other devices, making it harder for unauthorized users to find and connect to the network. Changing the SSID name or activating a password can also enhance security, but turning off the SSID broadcast is specifically effective in preventing automatic discovery of the network. Leaving the SSID default would not provide any additional security measures.

A patch is a software update that is designed to fix a specific security issue on a workstation. It is a small piece of code that is applied to the existing software to address vulnerabilities and improve security. By installing a patch, the specific security issue can be corrected without making any major changes to the entire system or software.

A service pack is an installable package that includes several patches from the same vendor for various applications. It is a cumulative update that contains bug fixes, security enhancements, and additional features. Service packs are released periodically to provide a convenient way for users to update their software and ensure that they have the latest patches and improvements.

A fingerprint scanner would provide a third authentication factor because it is a biometric factor that verifies the unique physical characteristic of an individual, adding an extra layer of security to the existing two-factor authentication system. This would make it more difficult for unauthorized individuals to gain access to the system, as they would need to possess not only the strong password and PKI token, but also have their fingerprint recognized by the scanner.

Host hardening refers to the process of securing a host or computer system by reducing its vulnerabilities and strengthening its defenses. Disabling unnecessary services is an important component of host hardening as it helps to minimize the attack surface by shutting down any services that are not required for the system's operation. Applying patches is also crucial as it ensures that the system is up to date with the latest security fixes and updates, reducing the risk of exploitation by known vulnerabilities.

A configuration baseline is a set of consistent requirements for a workstation or server. It defines the desired state of the system and ensures that it remains consistent and secure. It includes specifications such as hardware requirements, operating system settings, software versions, and security settings. By adhering to a configuration baseline, organizations can ensure that their systems are properly configured and meet the necessary security standards.

Hardening refers to the process of securing devices on a network infrastructure by implementing various security measures such as disabling unnecessary services, applying security patches, configuring strong passwords, and implementing access controls. This helps in reducing the attack surface and strengthening the overall security posture of the network devices. Hardening is considered as the baseline process for securing devices as it establishes a strong foundation for implementing other security measures and controls.

The primary security risk with coaxial cable is data emanation from the core. This means that there is a potential for the data being transmitted through the cable to leak or be intercepted, compromising the security and confidentiality of the information.

Fiber optic cable is considered safer than CAT5 because it is hard to tap into. Unlike copper cables, fiber optic cables do not emit electromagnetic signals that can be intercepted, making them more secure against eavesdropping or hacking attempts. Additionally, fiber optic cables are not susceptible to interference from electromagnetic fields or radio frequency interference, ensuring a reliable and uninterrupted transmission of data.

Group policy implementation allows a technician to restrict a user's access to the graphical user interface (GUI). Group policies are a set of rules and settings that can be applied to a group of users or computers in a network. By implementing group policies, a technician can control various aspects of a user's access and privileges, including restricting their access to the GUI. This can be useful in situations where certain users need limited access or where specific settings need to be enforced for security or organizational reasons.

A mantrap is a security measure that creates a buffer zone between two rooms by using two interlocking doors or gates. It ensures that only one door can be open at a time, preventing unauthorized access and creating a controlled entry point. This physical barrier enhances security by restricting the movement of individuals between the two rooms and allowing for proper identification and authorization before granting access.

Installing only needed software is an action that should be performed to harden workstations and servers. By installing only the necessary software, the attack surface of the system is reduced, minimizing the potential vulnerabilities that could be exploited by attackers. Unnecessary software increases the risk of security breaches as it may contain vulnerabilities or provide additional entry points for attackers. Therefore, installing only the required software helps in strengthening the security of workstations and servers.

CO2 (carbon dioxide) is the correct answer because it is an effective fire suppression substance that can prevent damage to electronic equipment. CO2 is commonly used in fire suppression systems because it is non-conductive and does not leave any residue. When CO2 is released into a fire, it displaces oxygen, effectively smothering the flames and preventing further damage to the equipment. CO2 is safe to use in areas with sensitive electronics and is an efficient and reliable method of fire suppression.

Removing a terminator is the easiest method to disable a 10Base2 network. A 10Base2 network uses coaxial cables, and terminators are used at both ends of the network to absorb signals and prevent reflections. By removing a terminator, the network loses its termination point, causing signal reflections and disrupting the network communication. This is a simple and straightforward method to disable the network.

An extranet is a private network that allows controlled access to external users, such as suppliers or partners, to a company's internal network resources. By implementing an extranet, the company can connect its network to the manufacturer's network, enabling them to order parts. The extranet provides a secure and limited connection, allowing only authorized services and resources to be accessed by the manufacturer. This ensures that the company can maintain control over the connection while still benefiting from the collaboration with the manufacturer.

A smurf attack is not a Bluetooth threat. A smurf attack is a type of network attack that involves sending a large amount of ICMP echo request (ping) traffic to IP broadcast addresses, causing the targeted network to become overwhelmed and resulting in a denial of service. Bluetooth threats, on the other hand, involve security vulnerabilities and attacks specifically targeting Bluetooth technology, such as blue jacking (sending unsolicited messages to Bluetooth-enabled devices), discovery mode (making a device visible to others for pairing), and bluesnarfing (unauthorized access to information on a Bluetooth device).

Malware that uses virtualization techniques can be difficult to detect because it may be running at a more privileged level than the antivirus software. This means that the malware has higher privileges and can potentially hide itself from detection by the antivirus software. It can also manipulate the virtualization environment to evade detection and make it harder for security systems to identify its presence. This makes it challenging for traditional antivirus software to detect and remove the malware effectively.

Default passwords in hardware and software should be changed when the hardware or software is turned on. This is because default passwords are commonly known and can be easily exploited by attackers. Changing the default passwords as soon as the hardware or software is turned on helps to enhance security and prevent unauthorized access.

An application-proxy firewall provides inspection at layer 7 of the OSI model. This type of firewall acts as an intermediary between the client and the server, and it can analyze the application layer data to determine if the traffic should be allowed or blocked. It can understand the specific protocols and applications being used, allowing for more granular control and better protection against advanced threats. Stateful inspection and packet filters operate at lower layers of the OSI model, while network address translation (NAT) is a technique used for translating IP addresses.

NTLMv2 can implement the strongest hashing algorithm. The hashing algorithm used in NTLMv2 is designed to be highly secure and resistant to attacks. It is created from a hash value, which makes it extremely difficult to reverse engineer and derive the original input number. This level of complexity and security makes NTLMv2 a strong choice for implementing a hashing algorithm.

The best practices for installing and securing a new system for a home user include applying all system patches and service packs. This ensures that the system has the latest updates and fixes for any vulnerabilities. Additionally, using a strong firewall is important to protect the system from unauthorized access and potential threats. Installing remote control software may not be a best practice as it can introduce security risks and potentially allow unauthorized access to the system.

802.1x is a network authentication protocol that allows wireless access to network resources. It provides a secure method of authenticating and authorizing devices to connect to a network. This protocol is commonly used in Wi-Fi networks to ensure that only authorized devices can access network resources. It uses a combination of authentication methods such as usernames and passwords, digital certificates, or smart cards to verify the identity of the device trying to connect. Once authenticated, the device is granted access to the network resources.

When implementing virtualization technology, it is important to ensure that both the virtual servers and the host have the latest service packs and patches applied. This is crucial for maintaining the security and stability of the virtual environment. Service packs and patches often include important security updates and bug fixes that address vulnerabilities and improve overall performance. By regularly updating and patching the virtual servers and host, the technician can minimize the risk of security breaches and ensure that the infrastructure remains secure.

Kerberos is the correct answer because it is an authentication protocol that uses a Key Distribution Center (KDC) to authenticate users and provide secure access to network resources. The KDC acts as a trusted third party that issues tickets to users, which they can present to access services. These tickets are encrypted using a shared secret key between the KDC and the service being accessed, ensuring secure authentication and authorization.

A DMZ (Demilitarized Zone) is an area of the network infrastructure that allows a technician to put public facing systems into it without compromising the entire infrastructure. It acts as a buffer zone between the internal network and the external network, providing an additional layer of security. Public facing systems such as web servers or email servers can be placed in the DMZ, allowing external access while minimizing the risk of compromising the internal network.

A configuration baseline refers to a standard set of settings and configurations that are established for all systems within an organization. It serves as a reference point for ensuring consistency and security across different systems. By implementing a configuration baseline, organizations can ensure that all systems are set up and maintained in a standardized and secure manner. This helps to reduce vulnerabilities and maintain a stable and reliable IT environment.

Attackers often find non-essential services appealing because these services can sustain attacks that go unnoticed and are not typically configured correctly. Non-essential services may not receive as much attention or monitoring as essential services, making it easier for attackers to exploit vulnerabilities and carry out attacks without being detected. Additionally, since these services are not critical to the functioning of a system, they may not be configured with the same level of security measures as essential services, providing attackers with potential avenues for gaining unauthorized access.

Virtualization is a technology that can isolate a host OS from some types of security threats. By creating virtual machines, the host OS can be separated from the virtualized environment, providing an additional layer of protection. This isolation helps to prevent malware or other security threats from affecting the host OS, as any malicious activity is contained within the virtual machine. Virtualization also allows for easier management and monitoring of security measures, making it an effective solution for mitigating security risks.

Clocks are used to ensure that tickets expire correctly in Kerberos authentication. This is because Kerberos uses time-based ticket expiration as a security measure. The clocks help to keep track of the current time and ensure that tickets are only valid for a certain period. When a ticket expires, it cannot be used for authentication anymore, enhancing the security of the system.

False rejection is the best description for an instance where a biometric system identifies legitimate users as being unauthorized. This occurs when the system incorrectly denies access to individuals who are actually authorized to use the system. It is a type of error in which the system fails to recognize and authenticate legitimate users, leading to their rejection or denial of access.

The account lockout duration is the setting that determines how long an account will be locked out after the maximum number of failed login attempts. In this case, after the maximum number of attempts have failed, the account will be locked out for 30 minutes. The other options, such as account lockout threshold, password complexity requirements, and key distribution center, do not directly determine the lockout duration.

Sanitization is the best process to remove Personally Identifiable Information (PII) data from a disk drive before reuse. Sanitization involves the thorough and irreversible removal of all data from the disk drive, ensuring that it cannot be recovered through any means. This process goes beyond simple reformatting, which can still leave traces of data behind. Degaussing, on the other hand, is a process that erases data using a magnetic field, but it may not be effective on solid-state drives. Destruction, while effective, renders the disk drive completely unusable and is not suitable for reuse. Therefore, sanitization is the most appropriate method for securely removing PII data from a disk drive.

A switch should be used to reduce the ability of users on the same floor and network segment to see each other's traffic. Unlike a hub, which broadcasts all traffic to all connected devices, a switch only sends traffic to the intended recipient. This means that users on the same floor and network segment will not be able to see each other's traffic unless it is specifically addressed to them. A firewall, on the other hand, is used for network security and controlling access to the network, but it does not specifically address the requirement of reducing visibility of traffic between users on the same floor and network segment. A router is used to connect different networks, but it does not provide the same level of traffic isolation as a switch.

The implementation of an SMTP server on a firewall violates the principle of "Use a device as intended." A firewall is designed to control and monitor network traffic, not to function as an email server. By using the firewall for a purpose it was not intended for, the company is potentially compromising its security and opening itself up to vulnerabilities. It is important to use devices for their intended purposes to ensure their effectiveness and maintain a secure environment.

The use of default passwords during the first-time installation of a network device can pose a security threat. Default passwords are often well-known and easily accessible to attackers, making it easier for them to gain unauthorized access to the device. This can lead to potential breaches, data theft, and unauthorized control over the network device. It is crucial to change default passwords to unique and strong ones to mitigate this security risk.

Internet filter appliances/servers analyze URLs, content, and certificates. URLs are analyzed to determine the website or web page being accessed and to apply filtering rules based on the domain or specific URL. Content analysis is performed to scan and filter out any inappropriate or unauthorized content, such as malware, explicit material, or prohibited websites. Certificates are analyzed to verify the authenticity and security of the website being accessed, ensuring that it is encrypted and trusted. By analyzing these three items, internet filter appliances/servers can effectively enforce internet usage policies and protect users from potential threats or inappropriate content.

Security researchers often use virtual machines because they provide a safe and isolated environment where malware can be executed without posing any risks to the actual physical equipment and software. By using virtual machines, researchers can analyze and study malware behavior without the fear of infecting their own systems or compromising sensitive data. This allows them to conduct thorough investigations and experiments while maintaining a secure and controlled environment.