IT Essentials V5 Chapter 10

Phishing is a type of security threat that involves sending emails that appear to be from a legitimate sender, tricking the recipient into visiting a website and entering confidential information. This information is then used by the attacker for malicious purposes, such as identity theft or financial fraud. Phishing attacks often use social engineering techniques to persuade the recipient to trust the email and provide the requested information. It is important to be cautious and verify the authenticity of emails before sharing any sensitive information.

This phone call represents a social engineering threat. Social engineering is a tactic used by attackers to manipulate and deceive individuals into divulging sensitive information, such as usernames and passwords. In this case, the caller pretends to be from IT services and asks for confirmation of login credentials under the guise of auditing purposes. By exploiting the user's trust and authority, the attacker aims to gain unauthorized access to the system or steal sensitive data.

WPA2 (Wi-Fi Protected Access 2) is the most effective way of securing wireless traffic. It provides strong encryption and authentication methods, making it difficult for unauthorized users to access the network. WPA2 is more secure than WEP (Wired Equivalent Privacy) and provides better protection against attacks. SSID hiding and wireless MAC filtering can provide some level of security, but they are not as effective as WPA2 in securing wireless traffic.

In asymmetric encryption, two items are used: a private key and a public key. The private key is kept secret and is used for decrypting messages that have been encrypted with the corresponding public key. The public key, on the other hand, is freely distributed and is used for encrypting messages that can only be decrypted with the corresponding private key. This two-key system ensures secure communication and authentication between parties.

The primary goal of a DoS (Denial of Service) attack is to prevent the target server from being able to handle additional requests. This is typically achieved by overwhelming the server with a flood of traffic or by exploiting vulnerabilities in the server's software or network infrastructure. The intention is to disrupt the normal functioning of the server and make it unavailable to legitimate users.

An open-ended question allows the person to provide a detailed response rather than a simple yes or no answer. In the context of troubleshooting a security issue, asking "What symptoms are you experiencing?" would allow the technician to gather more information about the specific problems the user is facing. This can help in identifying the root cause of the security issue and providing appropriate solutions.

The recommended procedure to dispose of a 2.5 terabyte hard drive that contains confidential financial information is to smash the platters with a hammer. This method ensures that the data stored on the hard drive is completely destroyed and cannot be recovered. Using data wiping may not guarantee complete data erasure, drilling through the HDD may damage the environment and is not practical, and immersing the HDD in a weak solution of bicarbonate of soda may not effectively destroy the data.

The name given to the programming-code patterns of viruses is "signatures". Signatures are unique patterns or sequences of code that are characteristic of specific viruses. Antivirus software uses these signatures to identify and detect viruses on a computer system. By comparing the code of files or programs against a database of known virus signatures, antivirus software can determine if a file is infected with a virus and take appropriate action to remove or quarantine it.

A malware detection program looks for patterns in the programming code of the software on a computer when running a scan. This is because malware often leaves behind specific patterns or signatures in the code that can be identified by the detection program. By scanning for these patterns, the program can identify and flag any potentially malicious code or files on the computer.

Disconnecting the host from the network would help a technician determine if a denial of service attack is being caused by malware on the host. By disconnecting the host from the network, the technician can observe if the denial of service attack stops or if the host continues to experience the attack. If the attack stops after disconnecting, it indicates that the malware on the host is likely responsible for the attack.

Enabling User Account Control (UAC) on the computer is the correct action to solve the issue of users being able to install unauthorized software. UAC is a security feature in Windows that prompts users for permission or an administrator password before allowing certain actions to be performed. By enabling UAC, users will be prompted to provide credentials or consent when attempting to install software, preventing unauthorized installations. This helps to enforce security measures and restrict users from making changes to the system without proper authorization.

Port triggering is a feature on a router that allows certain outbound traffic to automatically open specific inbound ports. In this scenario, port 25 has been defined as the trigger port, which means that any traffic sent out through port 25 will automatically open port 113 to allow inbound traffic into the internal network. This allows for a specific type of traffic to initiate a connection from the outside and be directed to a specific port on the internal network.

To prevent future attacks resulting from weak passwords, the technician should ensure that the security policy is being enforced. This means implementing measures such as password complexity requirements, regular password changes, and multi-factor authentication. By enforcing a strong security policy, the likelihood of attackers compromising the computer through weak passwords is reduced. Checking for OS patches and updates, scanning with protection software, and verifying physical security are important measures as well, but they may not directly address the issue of weak passwords.

Ensuring that each use of an access card allows access to only one user at a time helps protect against unauthorized access to the workplace. Registering and escorting all visitors to the premises helps prevent unauthorized individuals from entering the workplace and potentially engaging in social engineering tactics.

Trusted Platform Module (TPM) is the correct answer because it is a physical security technology that can hold user authentication information, provide encryption, and offer hardware and software authentication that is specific to the host system. TPM is a microchip that is embedded in a computer's motherboard and it provides a secure storage area for cryptographic keys, passwords, and other sensitive data. It also supports software license protection by securely storing license information. Overall, TPM enhances the security of a system by providing various authentication and encryption capabilities.

A worm is a type of malware that is self-replicating, meaning it can create copies of itself and spread to other computers without any intervention or knowledge of the user. It is different from other types of malware like viruses, which require a user to execute a program or open a file for the infection to occur. Additionally, worms do not typically hide in a dormant state until needed by an attacker, as they are designed to spread and cause damage immediately. Therefore, the characteristics that describe a worm are being self-replicating and traveling to new computers without any intervention or knowledge of the user.

When a network technician configures the company firewall to operate as a packet filter, they are monitoring two characteristics of network traffic: protocols and ports. Protocols refer to the set of rules that govern how data is transmitted over the network, such as TCP/IP or HTTP. Ports, on the other hand, are numerical identifiers used to differentiate between different services or applications running on a network device. By monitoring protocols and ports, the technician can control and filter the flow of network traffic based on specific criteria, enhancing network security and performance.

The two actions that can help prevent the problem of computers being infected with viruses and malware through removable flash drives are:
1. Setting virus protection software to scan removable media when data is accessed. This ensures that any viruses or malware present on the flash drive are detected and prevented from infecting the computer.
2. Disabling the autorun feature in the operating system. This prevents any malicious programs or scripts from automatically running when a removable flash drive is connected to the computer, reducing the risk of infection.

A computer technician would use the fixmbr command at the command prompt of a Windows XP computer to resolve a security issue when a virus has damaged the master boot record of the system disk. The master boot record (MBR) is a critical component of a computer's startup process, and if it becomes infected or corrupted by a virus, it can prevent the computer from booting up properly. Using the fixmbr command can repair the damaged MBR and allow the computer to start up normally, resolving the security issue caused by the virus.

The likely cause of the problem is that the computer has been infected with spyware. Spyware is a type of malicious software that can alter browser settings, including the home page. Even if the default page is reset, the spyware may still be active and continue to change the home page. This can be resolved by removing the spyware from the computer using antivirus or anti-malware software.

The three questions that should be addressed by organizations developing a security policy are:
1) What are the possible threats to the assets of the organization? This question helps identify potential risks and vulnerabilities that need to be addressed in the security policy.
2) What is to be done in the case of a security breach? This question helps establish a plan of action and response protocols in the event of a security breach.
3) What assets require protection? This question helps prioritize and determine the specific assets that need to be safeguarded to ensure the overall security of the organization.

Implementing biometric authentication and disabling the autorun feature in the operating system are two typical physical security precautions that a business can take to protect its computers and systems. Biometric authentication adds an extra layer of security by using unique physical characteristics such as fingerprints or facial recognition to verify the identity of users. Disabling the autorun feature prevents unauthorized programs or malware from automatically running when a device is connected, reducing the risk of infection or data breaches. These precautions help to ensure that only authorized individuals can access the systems and protect against potential threats.