Qa Security
Páginas: 16 (3951 palabras)
Publicado: 9 de enero de 2013
CHAPTER 1
1. What is a simple definition of risk?
Risk occurs when threats have the potential to exploit vulnerabilities. A more detailed definition comes from NIST SP 800-30: “Risk is a
function of the likelihood of a given threat-source’s exercising a particular potential vulnerability, and the resulting impact of that adverse event on
the organization.”
2. True or false: You canreduce risk by reducing vulnerabilities.
3. An implementation of which security principle ensures that secrets stay secret?
A. Authentication
B. Availability
C. Integrity
D. Confidentiality
4. The implementation of techniques that map to which security principle help to ensure that an unauthorized change to data is detected?
A. Accessibility
B. Availability
C. Integrity
D.Confidentiality
5. A basic security principle states that users, resources, and applications should be granted only the rights and permissions needed to perform a task. What is this
principle?
The principle of least privilege The principle of least privilege states that users, resources, and applications should be given the rights and permissions to perform necessary tasks, and nothing else.6. What is meant by reducing the attack surface of a system? (Choose all that apply.)
A. Disabling needed services
B. Removing unneeded protocols
C. Keeping a system up to date
D. Disabling the firewall
7. What tool can you use to create a comprehensive security policy as an XML file on a Windows Server 2008 system?
A. Microsoft Baseline Security Analyzer (MBSA)
B. System CenterConfiguration Manager (SCCM)
C. Security Configuration Wizard (SCW)
D. Windows Server Update Services (WSUS)
8. Of the following choices, what is the best method to protect against malware?
A. Installing antivirus software and keeping it up to date
B. Disabling unneeded services
C. Removing unnecessary protocols
D. Enabling a firewall
CHAPTER 2
1. What is the primary difference between a virusand a worm?
A. There is none. They’re both the same.
B. A worm requires user intervention to spread, but a virus doesn’t.
C. A virus requires user intervention to spread, but a worm doesn’t.
D. A virus is malware, but a worm is antivirus software.
2. True or false: A buffer-overflow attack can gain access to a system’s memory.
3. Which of the following is a type of malware that appearsto be something else?
A. Buffer overflow
B. Trojan horse
C. Virus
D. Worm
4. True or false: Botnets don’t represent a real threat today.
5. The majority of spam is sent out by _____________.
Botnets It’s estimated that 88 percent of spam is sent by botnets and about 89 percent of all email is spam.
6. Microsoft has created an antivirus tool for desktop operating systems. It’savailable for free for home and small-business users and provides real-time protection. What is
this tool?
Microsoft Security Essentials Microsoft Security Essentials (not Security Essentials 2010) is a free product for home users and for small businesses with up to 10 devices.
7. True or false: Security Essentials 2010 is a type of Trojan horse known as rogueware.
8. What tool can you use forfree on Windows Server 2008 to check for and remove many types of malware threats? (Choose all that apply.)
A. Security Essentials 2010
B. Microsoft Security Essentials
C. Microsoft Windows Malicious Software Removal Tool
D. Microsoft Forefront
9. One method of conducting pharming is through DNS _____________.
Cache poisoning Pharming redirects victims to undesired websites by modifyingone of the name-resolution methods. DNS cache poisoning places incorrect entries into the DNS cache and is one method of pharming
10. Which of the following can protect email from potential threats? (Choose all that apply.)
A. Antivirus software
B. Disabling automatic display of graphics
C. Enabling pharming
D. Educating users
CHAPTER3
1. What is the difference between identification...
1. What is a simple definition of risk?
Risk occurs when threats have the potential to exploit vulnerabilities. A more detailed definition comes from NIST SP 800-30: “Risk is a
function of the likelihood of a given threat-source’s exercising a particular potential vulnerability, and the resulting impact of that adverse event on
the organization.”
2. True or false: You canreduce risk by reducing vulnerabilities.
3. An implementation of which security principle ensures that secrets stay secret?
A. Authentication
B. Availability
C. Integrity
D. Confidentiality
4. The implementation of techniques that map to which security principle help to ensure that an unauthorized change to data is detected?
A. Accessibility
B. Availability
C. Integrity
D.Confidentiality
5. A basic security principle states that users, resources, and applications should be granted only the rights and permissions needed to perform a task. What is this
principle?
The principle of least privilege The principle of least privilege states that users, resources, and applications should be given the rights and permissions to perform necessary tasks, and nothing else.6. What is meant by reducing the attack surface of a system? (Choose all that apply.)
A. Disabling needed services
B. Removing unneeded protocols
C. Keeping a system up to date
D. Disabling the firewall
7. What tool can you use to create a comprehensive security policy as an XML file on a Windows Server 2008 system?
A. Microsoft Baseline Security Analyzer (MBSA)
B. System CenterConfiguration Manager (SCCM)
C. Security Configuration Wizard (SCW)
D. Windows Server Update Services (WSUS)
8. Of the following choices, what is the best method to protect against malware?
A. Installing antivirus software and keeping it up to date
B. Disabling unneeded services
C. Removing unnecessary protocols
D. Enabling a firewall
CHAPTER 2
1. What is the primary difference between a virusand a worm?
A. There is none. They’re both the same.
B. A worm requires user intervention to spread, but a virus doesn’t.
C. A virus requires user intervention to spread, but a worm doesn’t.
D. A virus is malware, but a worm is antivirus software.
2. True or false: A buffer-overflow attack can gain access to a system’s memory.
3. Which of the following is a type of malware that appearsto be something else?
A. Buffer overflow
B. Trojan horse
C. Virus
D. Worm
4. True or false: Botnets don’t represent a real threat today.
5. The majority of spam is sent out by _____________.
Botnets It’s estimated that 88 percent of spam is sent by botnets and about 89 percent of all email is spam.
6. Microsoft has created an antivirus tool for desktop operating systems. It’savailable for free for home and small-business users and provides real-time protection. What is
this tool?
Microsoft Security Essentials Microsoft Security Essentials (not Security Essentials 2010) is a free product for home users and for small businesses with up to 10 devices.
7. True or false: Security Essentials 2010 is a type of Trojan horse known as rogueware.
8. What tool can you use forfree on Windows Server 2008 to check for and remove many types of malware threats? (Choose all that apply.)
A. Security Essentials 2010
B. Microsoft Security Essentials
C. Microsoft Windows Malicious Software Removal Tool
D. Microsoft Forefront
9. One method of conducting pharming is through DNS _____________.
Cache poisoning Pharming redirects victims to undesired websites by modifyingone of the name-resolution methods. DNS cache poisoning places incorrect entries into the DNS cache and is one method of pharming
10. Which of the following can protect email from potential threats? (Choose all that apply.)
A. Antivirus software
B. Disabling automatic display of graphics
C. Enabling pharming
D. Educating users
CHAPTER3
1. What is the difference between identification...
Leer documento completo
Regístrate para leer el documento completo.