1.
QUESTION NO: 601
A user ID, PIN, and a palm scan are all required to authenticate a system. Which of the following is this an example of?
Correct Answer
B. Two-factor authentication
Explanation
This is an example of two-factor authentication because it requires two different factors (user ID and PIN, and palm scan) to authenticate the system. Two-factor authentication provides an extra layer of security by combining something the user knows (PIN) with something the user has (palm scan) to verify their identity.
2.
QUESTION NO: 602
Which of the following would be disabled to prevent SPIM?
Correct Answer
C. Instant messaging
Explanation
Instant messaging would be disabled to prevent SPIM (spam over instant messaging). SPIM refers to unsolicited messages or advertisements sent through instant messaging platforms. By disabling instant messaging, users can prevent the influx of unwanted messages and reduce the risk of falling victim to scams or malware distributed through these channels.
3.
QUESTION NO: 603
A user sees an MD5 hash number beside a file that they wish to download. Which of the following BEST describes a hash?
Correct Answer
D. A hash is a unique number that is generated based upon the files contents and should be verified after download.
Explanation
A hash is a unique number that is generated based upon the files contents and should be verified after download. This means that the hash is calculated using the content of the file itself, and it serves as a way to ensure the integrity of the downloaded file. By comparing the calculated hash with the provided hash, the user can verify that the file has not been tampered with or corrupted during the download process.
4.
QUESTION NO: 604
According to a good disaster recovery plan, which of the following must happen during a power outage before an uninterruptible power supply (UPS) drains its battery?
Correct Answer
B. The backup generator activates.
Explanation
During a power outage, a good disaster recovery plan states that the backup generator should activate before the uninterruptible power supply (UPS) drains its battery. This ensures that there is a continuous and reliable power source to keep critical systems and equipment operational until the electrical service is fully restored. By activating the backup generator, it helps to prevent any disruption or downtime that may occur during the power outage.
5.
QUESTION NO: 605
Which of the following would give a technician the MOST information regarding an external attack on the network?
Correct Answer
C. NIDS
Explanation
A Network Intrusion Detection System (NIDS) would provide the technician with the most information regarding an external attack on the network. NIDS monitors network traffic and analyzes it for signs of malicious activity or unauthorized access attempts. It can detect various types of attacks, such as port scanning, denial of service attacks, and malware infections. By analyzing network packets, NIDS can provide detailed information about the source, destination, and nature of the attack, allowing the technician to take appropriate actions to mitigate the threat.
6.
Which of the following would BEST prevent night shift workers from logging in with IDs and passwords stolen from the day shift workers?
Correct Answer
B. Time of day restriction
Explanation
Time of day restriction would be the best option to prevent night shift workers from logging in with IDs and passwords stolen from the day shift workers. By implementing time of day restrictions, the system would only allow access during specific hours designated for the night shift workers. This would prevent unauthorized access during other times of the day and limit the potential for misuse of stolen credentials.
7.
QUESTION NO: 607
Which of the following would BEST ensure that users have complex passwords?
Correct Answer
B. Domain password policy
Explanation
The domain password policy would be the best option to ensure that users have complex passwords. A domain password policy allows administrators to set specific requirements for passwords, such as minimum length, inclusion of numbers or special characters, and regular password changes. By implementing a domain password policy, users are forced to create passwords that are more complex and difficult to guess, which enhances the overall security of the system.
8.
QUESTION NO: 608
A technician finds that a malicious user has introduced an unidentified virus to a single file on the network. Which of the following would BEST allow for the user to be identified?
Correct Answer
A. Access logs
Explanation
Access logs would be the best option to identify the malicious user who introduced the virus to the file on the network. Access logs record information about user activities, including login attempts, file access, and network connections. By analyzing the access logs, the technician can track the user's actions and determine who accessed the file at the time when the virus was introduced. This can help in identifying the malicious user and taking appropriate actions to prevent further incidents.
9.
QUESTION NO: 609
Which of the following would BEST allow an administrator to find the IP address of an external attacker?
Correct Answer
C. Firewall logs
Explanation
Firewall logs would be the best option to find the IP address of an external attacker. Firewall logs record all incoming and outgoing network traffic, including the IP addresses of the source and destination. By analyzing the firewall logs, an administrator can identify suspicious or unauthorized connections and determine the IP address of the attacker. Antivirus logs may provide information about detected threats, but they may not necessarily include the IP address of the attacker. DNS logs can help identify domain names associated with the attacker, but not their IP address. Performance logs are unlikely to provide any relevant information in this context.
10.
QUESTION NO: 610
After performing a vulnerability analysis and applying a security patch, which of the following nonintrusive actions should an administrator take to verify that the vulnerability was truly removed?
Correct Answer
C. Repeat the vulnerability scan.
Explanation
After performing a vulnerability analysis and applying a security patch, repeating the vulnerability scan is the most appropriate nonintrusive action to verify that the vulnerability was truly removed. This is because a vulnerability scan checks for specific vulnerabilities in a system and identifies any weaknesses that may still exist. By repeating the scan, the administrator can ensure that the patch successfully addressed the vulnerability and that the system is now secure. Applying a security patch from the vendor is a necessary step, but it does not guarantee that the vulnerability is completely removed. Performing a penetration test and updating the antivirus definition file are unrelated to verifying the removal of the vulnerability.
11.
QUESTION NO: 611
Which of the following could be used by a technician needing to send data while ensuring that any data tampering is easily detectible?
Correct Answer
C. SHA-1
Explanation
SHA-1 (Secure Hash Algorithm 1) could be used by a technician needing to send data while ensuring that any data tampering is easily detectable. SHA-1 is a cryptographic hash function that produces a fixed-size output (160 bits) from any given input. It is designed to be a one-way function, meaning that it is computationally infeasible to retrieve the original input from the output. Therefore, if any changes are made to the data during transmission, the resulting hash value will be different, making it easily detectable.
12.
QUESTION NO: 612
Which of the following BEST allows for a high level of encryption?
Correct Answer
A. AES with ECC
Explanation
AES with ECC (Elliptic Curve Cryptography) is the best option for achieving a high level of encryption. AES (Advanced Encryption Standard) is a symmetric encryption algorithm widely recognized for its security and efficiency. ECC is a public-key cryptography algorithm that uses the mathematics of elliptic curves to provide strong encryption. Combining AES with ECC provides a high level of security and is commonly used in modern cryptographic systems. DES with SHA-1, PGP with SHA-1, and 3DES with MD5 are all older encryption algorithms that are considered less secure compared to AES with ECC.
13.
QUESTION NO: 613
Which of the following is the primary security risk associated with removable storage?
Correct Answer
B. Confidentiality
Explanation
The primary security risk associated with removable storage is confidentiality. This means that there is a risk of unauthorized individuals gaining access to the data stored on the removable storage device. This could be through theft or loss of the device, or through hacking or unauthorized access to the device. If the data on the removable storage device contains sensitive or confidential information, such as personal or financial data, its confidentiality could be compromised if it falls into the wrong hands.
14.
QUESTION NO: 614
After reading about the vulnerability issues with open SMTP relays, a technician runs an
application to see if port 25 is open. This would be considered a:
Correct Answer
D. Port scan.
Explanation
A port scan is a technique used to identify open ports on a network device. In this scenario, the technician is running an application to check if port 25, which is the default port for SMTP (Simple Mail Transfer Protocol), is open. This is done to determine if the network device has an open SMTP relay, which can be a vulnerability. Therefore, the action of checking if port 25 is open is considered a port scan.
15.
QUESTION NO: 615
A companys accounting application requires users to be administrators for the software to function correctly. Because of the security implications of this, a network administrator builds a user profile which allows the user to still use the application but no longer requires them to have administrator permissions.
Which of the following is this an example of?
Correct Answer
C. Security template
Explanation
This is an example of a security template. A security template is a predefined configuration that sets the security settings for a system or application. In this case, the network administrator has created a security template that modifies the user profile to allow users to use the accounting application without needing administrator permissions. This ensures that the application can still function correctly while reducing the security implications of granting administrative access to all users.
16.
QUESTION NO: 616
Which of the following backup techniques resets the archive bit and allows for the fastest
recovery?
Correct Answer
A. Full backup
Explanation
A full backup is a backup technique that copies all the data and files from a system. It resets the archive bit, which is a flag that indicates whether a file has been modified since the last backup. By resetting the archive bit, a full backup ensures that all the data is backed up, regardless of whether it has been modified or not. This allows for the fastest recovery because all the data is readily available in the backup, eliminating the need to restore multiple incremental or differential backups.
17.
QUESTION NO: 617
The company policy for availability requires full backups on Sunday and incremental backups each week night at 10 p.m. The file server crashes on Wednesday afternoon; how many tapes will the technician need to restore the data on the file server for Thursday morning?
Correct Answer
C. Three
Explanation
The technician will need three tapes to restore the data on the file server for Thursday morning. This is because the company policy requires full backups on Sunday and incremental backups each weeknight at 10 p.m. Since the file server crashed on Wednesday afternoon, the technician will need the full backup from Sunday, as well as the incremental backups from Monday and Tuesday night, to restore the data up until Thursday morning. Therefore, a total of three tapes will be needed.
18.
QUESTION NO: 618
A company is addressing backup and recovery issues. The company is looking for a compromise between speed of backup and speed of recovery. Which of the following is the BEST recommendation?
Correct Answer
C. Full backups weekly with differential backups daily
Explanation
Performing full backups weekly ensures that all data is backed up, providing a comprehensive backup solution. Additionally, performing daily differential backups captures any changes made since the last full backup, minimizing data loss in the event of a failure. This approach strikes a balance between the speed of backup (weekly) and the speed of recovery (daily differentials), offering a compromise between the two.
19.
QUESTION NO: 619
Which of the following would define document destruction requirements?
Correct Answer
D. Storage and retention policies
Explanation
Storage and retention policies would define document destruction requirements. These policies outline how long documents should be stored and when they should be destroyed. By following these policies, organizations can ensure that sensitive information is securely disposed of when it is no longer needed, reducing the risk of data breaches and unauthorized access.
20.
QUESTION NO: 620
Part of a standard policy for hardening workstations and servers should include applying the
company security template and:
Correct Answer
B. Closing unnecessary network ports.
Explanation
Applying the company security template helps to enforce consistent security configurations across workstations and servers. Installing the NIDS (Network Intrusion Detection System) is a separate security measure that helps to detect and prevent network-based attacks. Applying all updates, patches, and hotfixes immediately is also important for maintaining the security and stability of the systems. Disabling SSID broadcast is a measure specifically related to wireless network security. However, closing unnecessary network ports is a critical step in hardening workstations and servers as it reduces the attack surface and limits potential entry points for attackers.
21.
QUESTION NO: 621
Setting a baseline is required in which of the following? (Select TWO).
Correct Answer(s)
A. Anomaly-based monitoring
D. NIPS
Explanation
Setting a baseline is required in anomaly-based monitoring and NIPS (Network Intrusion Prevention System). In anomaly-based monitoring, a baseline is established to determine what is considered normal behavior in a system or network. Any deviations from this baseline are flagged as potential anomalies or threats. Similarly, in NIPS, a baseline is set to establish the normal network traffic patterns and behavior. This baseline helps in identifying and preventing any abnormal or malicious activities on the network.
22.
QUESTION NO: 622
Which of the following hidden programs gathers information with or without the users knowledge with the primary purpose of advertising?
Correct Answer
C. Spyware
Explanation
Spyware is a type of hidden program that collects information from a user's device without their knowledge or consent. The primary purpose of spyware is to gather data for advertising purposes. It can track a user's browsing habits, collect personal information, and display targeted advertisements. Unlike viruses, worms, and Trojans, spyware is specifically designed to gather information rather than causing direct harm to a user's device.
23.
QUESTION NO: 623
Which of the following provides best practice with a wireless network?
Correct Answer
B. WPA with RADIUS
Explanation
WPA with RADIUS is considered the best practice for a wireless network because it combines the security features of WPA (Wi-Fi Protected Access) with the authentication and authorization capabilities of RADIUS (Remote Authentication Dial-In User Service). This combination provides stronger encryption and authentication, making it more difficult for unauthorized users to access the network. WPA with RADIUS also allows for centralized management and control of user access, making it easier to monitor and manage the network's security.
24.
QUESTION NO: 624
Which of the following sites has the means (E. g. equipment, software, and communications) to facilitate a full recovery within minutes?
Correct Answer
B. Hot site
Explanation
A hot site is a type of disaster recovery site that has all the necessary equipment, software, and communications in place to facilitate a full recovery within minutes. This means that in the event of a disaster, the hot site can quickly take over and resume operations with minimal downtime. Unlike other types of disaster recovery sites such as warm, reciprocal, or cold sites, a hot site is fully operational and ready to be used immediately.
25.
QUESTION NO: 625
When conducting an environmental security assessment, which of the following items should be included in the assessment? (Select THREE).
Correct Answer(s)
A. HVAC
E. Utilities
F. Fire detection
Explanation
When conducting an environmental security assessment, it is important to include the assessment of HVAC (heating, ventilation, and air conditioning) systems as they can impact the overall security and safety of the environment. Utilities should also be included in the assessment as they play a crucial role in maintaining the functionality and security of the environment. Fire detection systems are essential for identifying and preventing fire hazards, making them an important component of the assessment.
26.
QUESTION NO: 626
Which of the following security steps must a user complete before access is given to the network?
Correct Answer
B. Identification and authentication
Explanation
Before access is given to the network, a user must complete the steps of identification and authentication. Identification refers to the process of providing a unique identifier, such as a username or email address, to verify the user's identity. Authentication, on the other hand, involves validating the user's identity by providing a password or some other form of credentials. These two steps ensure that the user is who they claim to be before granting them access to the network.
27.
QUESTION NO: 627
When placing a NIDS onto the network, the NIC has to be placed in which of the following modes to monitor all network traffic?
Correct Answer
A. Promiscuous
Explanation
When placing a NIDS (Network Intrusion Detection System) onto the network, the NIC (Network Interface Card) has to be placed in promiscuous mode to monitor all network traffic. In promiscuous mode, the NIC captures all packets on the network, including those not addressed to its own MAC address. This allows the NIDS to analyze all network traffic and detect any suspicious or malicious activity. Full-duplex, auto, and half-duplex are not relevant to the question and do not allow the NIC to capture all network traffic.
28.
QUESTION NO: 628
An administrator wants to obtain a view of the type of attacks that are being targeted against the network perimeter. The recommended placement of a NIDS would be:
Correct Answer
D. Outside the firewall.
Explanation
Placing a Network Intrusion Detection System (NIDS) outside the firewall is the recommended placement to obtain a view of the type of attacks targeting the network perimeter. By positioning the NIDS outside the firewall, it can monitor traffic before it reaches the protected network, allowing for early detection and prevention of potential attacks. Placing the NIDS inside the firewall or DMZ would limit its visibility and effectiveness in detecting perimeter attacks. Similarly, placing it inside the proxy would only provide visibility into traffic that has already passed through the firewall. Therefore, the best placement for the NIDS is outside the firewall.
29.
QUESTION NO: 629
Once a system has been compromised, often the attacker will upload various tools that can be used at a later date. The attacker could use which of the following to hide these tools?
Correct Answer
B. Rootkit
Explanation
A rootkit is a type of malicious software that is designed to hide itself and other malicious tools or activities on a compromised system. It is often used by attackers to maintain unauthorized access to a system while avoiding detection. Rootkits can modify system files, processes, and configurations to conceal their presence and make it difficult for security tools to detect and remove them. Therefore, a rootkit is the most suitable option for hiding the tools uploaded by an attacker on a compromised system.
30.
QUESTION NO: 630
Which of the following is the perfect encryption scheme and is considered unbreakable when properly used?
Correct Answer
C. One-time pad
Explanation
The one-time pad is considered the perfect encryption scheme and is considered unbreakable when properly used. This is because it uses a random key that is as long as the plaintext, making it impossible for an attacker to decipher the message without the key. The key is only used once and then discarded, hence the name "one-time pad." This ensures that there are no patterns or repetitions that could be exploited by an attacker.
31.
QUESTION NO: 631
When using a digital signature, the message digest is encrypted with which of the following keys?
Correct Answer
D. Senders private key
Explanation
When using a digital signature, the message digest is encrypted with the sender's private key. This is because the sender's private key is used to create the digital signature, which is a unique encrypted representation of the message digest. By encrypting the message digest with the sender's private key, it ensures that only the sender, who possesses the corresponding private key, could have created the digital signature. This provides authentication and integrity to the message, as the receiver can verify the digital signature using the sender's public key.
32.
QUESTION NO: 632
Which of the following is the MOST basic form of IDS?
Correct Answer
A. Signature
Explanation
Signature-based IDS is the most basic form of IDS. It works by comparing network traffic or system activity against a database of known attack patterns or signatures. When a match is found, it alerts the system administrator. This type of IDS is effective in detecting known attacks but may not be able to detect new or unknown attacks.
33.
QUESTION NO: 633
Which of the following BEST applies to steganography?
Correct Answer
A. Algorithms are not used to encryptdatA.
Explanation
Steganography is the practice of hiding information within other information in such a way that it is not easily detectable. Unlike encryption, which uses algorithms to scramble data, steganography does not involve encryption algorithms. Instead, it focuses on concealing the existence of the hidden data. Therefore, the statement "Algorithms are not used to encrypt data" is the best description of steganography.
34.
QUESTION NO: 634
Which of the following can steganography be used for?
Correct Answer
A. Watermark grapHics for copyright.
Explanation
Steganography can be used to embed hidden information within digital media, such as images or audio files, without altering the perceptual quality. In this case, watermarking graphics for copyright protection involves hiding a unique identifier or ownership information within an image, making it difficult for unauthorized users to remove or claim ownership of the image. Steganography does not involve decrypting or encrypting data, but rather focuses on concealing information within media files.
35.
QUESTION NO: 635
Steganography could be used by attackers to
Correct Answer
D. Hide and conceal messages in WAV files
Explanation
Steganography is a technique used to hide and conceal messages within different types of media files, such as images, audio files, or videos. In this case, the correct answer states that steganography can be used by attackers to hide and conceal messages specifically in WAV files. WAV files are audio files commonly used for storing high-quality audio recordings. Attackers can exploit the unused space within the WAV file to embed secret messages, making it difficult to detect the presence of the hidden information.
36.
QUESTION NO: 636
Which of the following BEST describes how steganography can be accomplished in graphic files?
Correct Answer
D. Replacing the least significant bit of each byte
Explanation
Steganography in graphic files can be accomplished by replacing the least significant bit of each byte. This method allows for hiding information within the image without significantly altering its appearance. By replacing the least significant bit, the changes made to the image are minimal and difficult to detect, making it an effective technique for concealing information.
37.
QUESTION NO: 637
An application developer is looking for an encryption algorithm which is fast and hard to break if a large key size is used. Which of the following BEST meets these requirements?
Correct Answer
C. Symmetric
Explanation
Symmetric encryption algorithms are fast and provide strong security when a large key size is used. In symmetric encryption, the same key is used for both encryption and decryption, making it efficient for large amounts of data. The encryption and decryption processes are relatively simple and quick, making it a suitable choice for applications that require speed. Additionally, by using a large key size, the encryption becomes harder to break, providing a higher level of security. Therefore, symmetric encryption is the best choice for the application developer's requirements.
38.
QUESTION NO: 638
Which of the following if used incorrectly would be susceptible to frequency analysis?
Correct Answer
B. Transposition cipHers
Explanation
Transposition ciphers would be susceptible to frequency analysis if used incorrectly. Frequency analysis is a technique used to analyze the frequency of letters or characters in a ciphertext to determine the underlying plaintext. Transposition ciphers, unlike symmetric and asymmetric algorithms, do not change the letters themselves but rearrange their positions. If the transposition cipher is used incorrectly, the frequency patterns of the original plaintext may still be visible in the ciphertext, making it vulnerable to frequency analysis.
39.
QUESTION NO: 639
An administrator in an organization with 33,000 users would like to store six months of Internet proxy logs on a dedicated logging server for analysis and content reporting. The reports are not time critical, but are required by upper management for legal obligations. All of the following apply when determining the requirements for the logging server EXCEPT:
Correct Answer
C. Performance baseline and audit trails.
Explanation
The given correct answer is "performance baseline and audit trails." This means that when determining the requirements for the logging server, factors such as log details and level of verbose logging, time stamping and integrity of the logs, and log storage and backup requirements should be considered. However, the performance baseline and audit trails are not mentioned as factors to consider.
40.
QUESTION NO: 640
Which of the following BEST describes when a hashing algorithm generates the same hash for two different messages?
Correct Answer
C. A collision occurred.
Explanation
A collision occurred when a hashing algorithm generates the same hash for two different messages. This means that two different inputs produce the same output, which is undesirable in a hashing algorithm. A collision can happen due to the limited number of possible outputs for a given hash function compared to the infinite number of possible inputs. It is important for hashing algorithms to minimize the likelihood of collisions to ensure the integrity and security of the data.
41.
QUESTION NO: 641
Which of the following is BEST known for self-replication in networks?
Correct Answer
B. Worm
Explanation
A worm is a type of malicious software that is best known for self-replicating in networks. Unlike viruses, worms do not need to attach themselves to a host program or file in order to spread. Instead, they can independently replicate and spread across a network, taking advantage of vulnerabilities in computer systems. This ability to self-replicate and spread quickly makes worms a particularly dangerous form of malware. Spyware, spam, and adware are different types of malicious software that do not have the same self-replicating capabilities as worms.
42.
QUESTION NO: 642
Which of the following security threats affects PCs and can have its software updated remotely by a command and control center?
Correct Answer
A. Zombie
Explanation
A zombie is a type of malware that infects PCs and allows them to be controlled remotely by a command and control center. This means that the software on the infected PC can be updated and manipulated by the attackers without the user's knowledge or consent. Unlike other types of malware such as worms, viruses, and adware, zombies specifically refer to infected PCs that are under the control of a remote attacker.
43.
QUESTION NO: 643
Multiple web servers are fed from a load balancer. Which of the following is this an example of?
Correct Answer
D. Redundant servers
Explanation
This scenario is an example of redundant servers. Multiple web servers are being used to distribute the workload and provide backup in case one server fails. This setup increases reliability and availability of the system, as if one server goes down, the load balancer can redirect traffic to the remaining servers. RAID refers to a data storage technology, backup generator is unrelated to web servers, and a hot site is a backup location for disaster recovery, none of which are applicable in this context.
44.
QUESTION NO: 644
An outside auditor has been contracted to determine if weak passwords are being used on the network. To do this, the auditor is running a password cracker against the master password file. Which of the following is this an example of?
Correct Answer
A. Vulnerability assessment
Explanation
This scenario is an example of a vulnerability assessment. The outside auditor is conducting a systematic evaluation of the network to identify any weak passwords. By running a password cracker against the master password file, the auditor is actively searching for vulnerabilities in the network's security. This assessment helps to identify potential weaknesses and allows for appropriate measures to be taken to strengthen the network's password security.
45.
QUESTION NO: 645
Password crackers:
Correct Answer
D. Are sometimes able to crack both Windows and UNIX passwords
Explanation
Password crackers are software tools or programs that are designed to guess or crack passwords. They use various techniques such as brute force attacks, dictionary attacks, and rainbow table attacks to try and guess the password. In some cases, password crackers are able to crack passwords for both Windows and UNIX systems. This means that they can be used to gain unauthorized access to user accounts on both types of operating systems. However, it is important to note that password crackers cannot exploit weaknesses in encryption algorithms and they cannot be run remotely.
46.
QUESTION NO: 646
Logic bombs differ from worms in that:
Correct Answer
D. Logic bombs always have a date or time component.
Explanation
Logic bombs are malicious code that are programmed to execute a harmful action when a specific condition is met, such as a certain date or time. Unlike worms, logic bombs do not have the ability to spread from computer to computer or be sent through email. While logic bombs can potentially contain a Trojan component, this is not a defining characteristic of logic bombs. Therefore, the correct answer is that logic bombs always have a date or time component.
47.
QUESTION NO: 647
A firewall differs from a NIDS in which of the following ways?
Correct Answer
B. A firewall operates on a rule list and a NIDS attempts to detect patterns.
Explanation
A firewall operates on a rule list, meaning that it uses a set of predetermined rules to allow or block network traffic. On the other hand, a NIDS (Network Intrusion Detection System) attempts to detect patterns in network traffic that may indicate an intrusion or attack. This means that a NIDS analyzes the content and behavior of network packets to identify any suspicious activity. Therefore, the correct answer is that a firewall operates on a rule list and a NIDS attempts to detect patterns.
48.
QUESTION NO: 648
A vulnerability has recently been identified for a servers OS. Which of the following describes the BEST course of action?
Correct Answer
D. Visit the operating systemmanufacturers website for a possible patch.
Explanation
The best course of action is to visit the operating system manufacturer's website for a possible patch. This is because the manufacturer's website is the most reliable source for obtaining patches and updates for the operating system. Searching for a patch on a search engine may lead to unreliable or malicious sources. Waiting for an automatic update may take longer and leave the server vulnerable in the meantime. Shutting down all affected servers without proper notification from management may disrupt operations unnecessarily.
49.
QUESTION NO: 649
Personal software firewalls can be updated automatically using:
Correct Answer
A. Group policy.
Explanation
Personal software firewalls can be updated automatically using group policy. Group policy is a feature in Windows operating systems that allows administrators to manage and control settings for multiple computers in a network. By using group policy, administrators can centrally manage and update the settings of personal software firewalls installed on multiple computers, ensuring that they are up to date and providing the necessary protection against threats.
50.
QUESTION NO: 650
An accountant has logged onto the company's external banking website. An administrator using a TCP/IP monitoring tool discovers that the accountant was actually using a spoofed banking website. Which of the following could have caused this attack? (Select TWO).
Correct Answer(s)
A. Altered hosts file
D. DNS poisoning
Explanation
The accountant could have fallen victim to an attack involving an altered hosts file, which redirects the user to a fake banking website instead of the legitimate one. This can be done by modifying the hosts file on the accountant's computer to point to the IP address of the spoofed website. Additionally, DNS poisoning could have been used to redirect the accountant's requests for the legitimate banking website to the spoofed website, leading them to believe they were accessing the real site.