A computer on a company network was infected with a zero-day exploit after an employee accidently opened an email that contained malicious content. The employee recognized the email as malicious and was attempting to delete it, but accidently opened it. Which of the following should be done to prevent this scenario from occurring again in the future?
A. Install host-based firewalls on all computers that have an email client installed B. Set the email program default to open messages in plain text C. Install end-point protection on all computers that access web email D. Create new email spam filters to delete all messages from that sender
A security administrator determined that users within the company are installing unapproved software. Company policy dictates that only certain applications may be installed or ran on the user’s computers without exception. Which of the following should the administrator do to prevent all unapproved software from running on the user’s computer?
A. Deploy antivirus software and configure it to detect and remove pirated software B. Configure the firewall to prevent the downloading of executable files C. Create an application whitelist and use OS controls to enforce it D. Prevent users from running as administrator so they cannot install software.
A company would like to prevent the use of a known set of applications from being used on company computers. Which of the following should the security administrator implement?
A. Whitelisting B. Anti-malware C. Application hardening D. Blacklisting E. Disable removable media
Recently the desktop support group has been performing a hardware refresh and has replaced numerous computers. An auditor discovered that a number of the new computers did not have the company’s antivirus software installed on them, Which of the following could be utilized to notify the network support group when computers without the antivirus software are added to the network?
A. Network port protection B. NAC C. NIDS D. Mac Filtering
The IT department has been tasked with reducing the risk of sensitive information being shared with unauthorized entities from computers it is saved on, without impeding the ability of the employees to access the internet. Implementing which of the following would be the best way to accomplish this objective?
A. Host-based firewalls B. DLP C. URL filtering D. Pop-up blockers
An administrator is having difficulty configuring WPA2 Enterprise using EAP-PEAP-MSCHAPv2. The administrator has configured the wireless access points properly, and has configured policies on the RADIUS server and configured settings on the client computers. Which of the following is missing?
A. Client certificates are needed B. A third party LEAP client must be installed C. A RADIUS server certificate is needed D. The use of CCMP rather than TKIP
One month after a software developer was terminated the helpdesk started receiving calls that several employees’ computers were being infected with malware. Upon further research, it was determined that these employees had downloaded a shopping toolbar. It was this toolbar that downloaded and installed the errant code. Which of the following attacks has taken place?
A. Logic bomb B. Cross-site scripting C. SQL injection D. Malicious add-on
Ann, a security administrator at a call center, has been experiencing problems with users intentionally installing unapproved and occasionally malicious software on their computers. Due to the nature of their jobs, Ann cannot change their permissions. Which of the following would BEST alleviate her concerns?
A. Deploy a HIDS suite on the users’ computers to prevent application installation. B. Maintain the baseline posture at the highest OS patch level. C. Enable the pop-up blockers on the users’ browsers to prevent malware. D. Create an approved application list and block anything not on it.
Correct Answer: D Section: Access Control and Identity Management
You can use Software Restriction Policy or its successor AppLocker to prevent unauthorized applications from running or being installed on computers.
Software Restriction Policies (SRP) is Group Policy-based feature that identifies software programs running on computers in a domain, and controls the ability of those programs to
run. Software restriction policies are part of the Microsoft security and management strategy to assist enterprises in increasing the reliability, integrity, and manageability of their
You can use AppLocker as part of your overall security strategy for the following scenarios:
Help prevent malicious software (malware) and unsupported applications from affecting computers in your environment.
Prevent users from installing and using unauthorized applications.
Implement application control policy to satisfy portions of your security policy or compliance requirements in your organization.
A: A HIDS (Host Intrusion Detection System) cannot prevent software installation on the host. Therefore, this answer is incorrect.
B: Maintaining the baseline posture at the highest OS patch level will not prevent software installation on the host. Therefore, this answer is incorrect.
C: Pop-up blockers on the users’ browsers prevent web pages popping up. It will not prevent manual software installation on the host. Therefore, this answer is incorrect.
The system administrator is tasked with changing the administrator password across all 2000 computers in the organization. Which of the following should the system administrator implement to accomplish this task?
A. A security group B. A group policy C. Key escrow D. Certificate revocation
Correct Answer: B Section: Access Control and Identity Management
Group policy is used to manage Windows systems in a Windows network domain environment by means of a Group Policy Object (GPO). GPO’s include a number of settings related
to credentials, such as password complexity requirements, password history, password length, account lockout settings.
A: Active Drectory security groups are used to assign permissions to shared resources. It will not assist the system administrator in changing the administrator password across all
2000 computers in the organization.
C: Key escrow allows for copies of private keys and/or secret keys are retained securely by a centralized management system as a means of insurance or recovery in the event of a
lost or corrupted key. It will not assist the system administrator in changing the administrator password across all 2000 computers in the organization.
D: Revoking a certificate will not assist the system administrator in changing the administrator password across all 2000 computers in the organization.
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 291, 319