Questions, MTA 98-367: Security
Fundamentals Overview
You can reduce risk by reducing - answer-vulnerabilities
An implementation of which security principle ensures that secrets stay
secret - answer-Confidentiality
The implementation of techniques that map to which security principle help
to ensure that an unauthorized change to data is detected - answer-Integrity
A basic security principle states that users, resources, and applications
should be granted only the rights and permissions needed to perform a task.
the principle of ______________ ____________. - answer-least privilege
What is meant by reducing the attack surface of a system?
A. Disabling needed services
B. Removing unneeded protocols
C. Keeping a system up to date
D. Disabling the firewall - answer-B (Removing unneeded protocols)
What tool can you use to create a comprehensive security policy as an XML
file on a Windows Server 2008 system?
A. Microsoft Baseline Security Analyzer (MBSA)
B. System Center Configuration Manager (SCCM)
C. Security Configuration Wizard (SCW)
D. Windows Server Update Services (WSUS) - answer-C (Security
Configuration Wizard (SCW))
Of the following choices, what is the best method to protect against
malware?
A. Installing antivirus software and keeping it up to date
B. Disabling unneeded services
C. Removing unnecessary protocols
D. Enabling a firewall - answer-A (Installing antivirus software and keeping it
up to date)
What is the primary difference between a virus and a worm?
A. There is none. They're both the same.
B. A worm requires user intervention to spread, but a virus doesn't.
C. A virus requires user intervention to spread, but a worm doesn't.
D. A virus is malware, but a worm is antivirus software. - answer-C (A virus
requires user intervention to spread, but a worm doesn't)
,A buffer-overflow attack can gain access to a system's _________ - answer-
memory.
Which of the following is a type of malware that appears to be something
else?
A. Buffer overflow
B. Trojan horse
C. Virus
D. Worm - answer-B (Trojan horse)
___________ represent a real threat today. - answer-Botnets
The majority of spam is sent out by _____________. - answer-Botnets
Microsoft has created an antivirus tool for desktop operating systems. It's
available for free for home and small-business users and provides real-time
protection. What is this tool? - answer-Microsoft security essentials
TRUE FALSESecurity Essentials 2010 is a type of Trojan horse known as
rogueware - answer-false
What tool can you use for free on Windows Server 2008 to check for and
remove many types of malware threats? (Choose all that apply.)
A. Security Essentials 2010
B. Microsoft Security Essentials
C. Microsoft Windows Malicious Software Removal Tool
D. Microsoft Forefront - answer-C (Microsoft Windows Malicious Software
Removal Tool)
One method of conducting pharming is through DNS _____________. - answer-
Cache Poisoning
Which of the following can protect email from potential threats?
(Choose all that apply.)
A. Antivirus software
B. Disabling automatic display of graphics
C. Enabling pharming
D. Educating users
(use spaces between the letters ) - answer-A (Antivirus software)
B (Disabling automatic display of graphics )
D (Educating users)
What is the difference between identification and authentication?
A. Nothing. They're the same.
B. Identification proves an identity.
,C. Authentication proves an identity.
D. Identification authenticates an individual, and authentication provides
authorization. - answer-C (Authentication proves an identity.)
A brute-force attack is one of many methods used to discover _____________. -
answer-Passwords
A ____________ is an authentication example using the something you have
factor. - answer-smart card
Which one of the following is the strongest password?
A. password
B. Password
C. PAssWord
D. Pa$$w0rd - answer-D (Pa$$w0rd)
You can enforce a password policy through_________ - answer-Group Policy
If users forget their password, they can reset the password with a
_____________, as long as they created it before forgetting their password. -
answer-Password- reset disk
What factor of authentication is used when a user's fingerprints are checked?
- answer-Something you are
Kerberos clients must have their time within five minutes of each other to
prevent a _____________ error. - answer-time skew
Of the following choices, what isn't a valid use of a RADIUS server
A. Authenticate VPN clients
B. Authenticate wireless clients
C. Provide port-based authentication
D. Provide authentication for 802x database servers - answer-D (Provide
authentication for 802x database servers)
Of the following choices, which authentication protocol is the weakest?
A. Kerberos
B. LM
C. NTLMv1
D. NTLMv2 - answer-B (LM)
What are the three As (AAA) of security?
A. Authentication, authorization, and accounting
B. Authentication, accountability, and accounting
C. Accountability, access control, and accounting
, D. Authorization, access control, and auditing - answer-A (Authentication,
authorization, and accounting)
True false: If you want to audit all access to a folder, all you have to do is
enable Object Access auditing in the Audit Policy. - answer-False
Which Audit Policy selection records any time a user logs onto a local
system?
A. Logon Events
B. Account Logon Events
C. System Events
D. Process Tracking - answer-A (Logon Events)
4. Which Audit Policy selection records modifications to Active Directory?
A. Privilege Use
B. Account Management Events
C. Directory Service Access
D. Policy Change - answer-C (Directory Service Access)
If you want to ensure that an audit-log entry records each time a system is
shut down, you should enable Successful entries for _____________ auditing. -
answer-System events
What tool can you use to view audited events? - answer-Event viewer
Which of the following choices can be used to automatically collect events on
a single server from multiple servers?
A. Process Tracking Events auditing
B. MBSA
C. Automatic archiving
D. Event subscriptions - answer-D (Event subscriptions)
You can secure audit logs with _________ media. - answer-WORM (WRITE
ONCE READ MANY)
Where can you get MBSA? FREE FROM _________ - answer-microsoft
___________ can detect weak passwords for accounts on Microsoft systems. -
answer-MBSA
What causes the Windows 7 Desktop to dim when a user attempts an action
requiring administrative approval? - answer-UAC
True or false If files are encrypted on a server using EFS, they're
automatically encrypted when a user uses offline folders. - answer-False
Fundamentals Overview
You can reduce risk by reducing - answer-vulnerabilities
An implementation of which security principle ensures that secrets stay
secret - answer-Confidentiality
The implementation of techniques that map to which security principle help
to ensure that an unauthorized change to data is detected - answer-Integrity
A basic security principle states that users, resources, and applications
should be granted only the rights and permissions needed to perform a task.
the principle of ______________ ____________. - answer-least privilege
What is meant by reducing the attack surface of a system?
A. Disabling needed services
B. Removing unneeded protocols
C. Keeping a system up to date
D. Disabling the firewall - answer-B (Removing unneeded protocols)
What tool can you use to create a comprehensive security policy as an XML
file on a Windows Server 2008 system?
A. Microsoft Baseline Security Analyzer (MBSA)
B. System Center Configuration Manager (SCCM)
C. Security Configuration Wizard (SCW)
D. Windows Server Update Services (WSUS) - answer-C (Security
Configuration Wizard (SCW))
Of the following choices, what is the best method to protect against
malware?
A. Installing antivirus software and keeping it up to date
B. Disabling unneeded services
C. Removing unnecessary protocols
D. Enabling a firewall - answer-A (Installing antivirus software and keeping it
up to date)
What is the primary difference between a virus and a worm?
A. There is none. They're both the same.
B. A worm requires user intervention to spread, but a virus doesn't.
C. A virus requires user intervention to spread, but a worm doesn't.
D. A virus is malware, but a worm is antivirus software. - answer-C (A virus
requires user intervention to spread, but a worm doesn't)
,A buffer-overflow attack can gain access to a system's _________ - answer-
memory.
Which of the following is a type of malware that appears to be something
else?
A. Buffer overflow
B. Trojan horse
C. Virus
D. Worm - answer-B (Trojan horse)
___________ represent a real threat today. - answer-Botnets
The majority of spam is sent out by _____________. - answer-Botnets
Microsoft has created an antivirus tool for desktop operating systems. It's
available for free for home and small-business users and provides real-time
protection. What is this tool? - answer-Microsoft security essentials
TRUE FALSESecurity Essentials 2010 is a type of Trojan horse known as
rogueware - answer-false
What tool can you use for free on Windows Server 2008 to check for and
remove many types of malware threats? (Choose all that apply.)
A. Security Essentials 2010
B. Microsoft Security Essentials
C. Microsoft Windows Malicious Software Removal Tool
D. Microsoft Forefront - answer-C (Microsoft Windows Malicious Software
Removal Tool)
One method of conducting pharming is through DNS _____________. - answer-
Cache Poisoning
Which of the following can protect email from potential threats?
(Choose all that apply.)
A. Antivirus software
B. Disabling automatic display of graphics
C. Enabling pharming
D. Educating users
(use spaces between the letters ) - answer-A (Antivirus software)
B (Disabling automatic display of graphics )
D (Educating users)
What is the difference between identification and authentication?
A. Nothing. They're the same.
B. Identification proves an identity.
,C. Authentication proves an identity.
D. Identification authenticates an individual, and authentication provides
authorization. - answer-C (Authentication proves an identity.)
A brute-force attack is one of many methods used to discover _____________. -
answer-Passwords
A ____________ is an authentication example using the something you have
factor. - answer-smart card
Which one of the following is the strongest password?
A. password
B. Password
C. PAssWord
D. Pa$$w0rd - answer-D (Pa$$w0rd)
You can enforce a password policy through_________ - answer-Group Policy
If users forget their password, they can reset the password with a
_____________, as long as they created it before forgetting their password. -
answer-Password- reset disk
What factor of authentication is used when a user's fingerprints are checked?
- answer-Something you are
Kerberos clients must have their time within five minutes of each other to
prevent a _____________ error. - answer-time skew
Of the following choices, what isn't a valid use of a RADIUS server
A. Authenticate VPN clients
B. Authenticate wireless clients
C. Provide port-based authentication
D. Provide authentication for 802x database servers - answer-D (Provide
authentication for 802x database servers)
Of the following choices, which authentication protocol is the weakest?
A. Kerberos
B. LM
C. NTLMv1
D. NTLMv2 - answer-B (LM)
What are the three As (AAA) of security?
A. Authentication, authorization, and accounting
B. Authentication, accountability, and accounting
C. Accountability, access control, and accounting
, D. Authorization, access control, and auditing - answer-A (Authentication,
authorization, and accounting)
True false: If you want to audit all access to a folder, all you have to do is
enable Object Access auditing in the Audit Policy. - answer-False
Which Audit Policy selection records any time a user logs onto a local
system?
A. Logon Events
B. Account Logon Events
C. System Events
D. Process Tracking - answer-A (Logon Events)
4. Which Audit Policy selection records modifications to Active Directory?
A. Privilege Use
B. Account Management Events
C. Directory Service Access
D. Policy Change - answer-C (Directory Service Access)
If you want to ensure that an audit-log entry records each time a system is
shut down, you should enable Successful entries for _____________ auditing. -
answer-System events
What tool can you use to view audited events? - answer-Event viewer
Which of the following choices can be used to automatically collect events on
a single server from multiple servers?
A. Process Tracking Events auditing
B. MBSA
C. Automatic archiving
D. Event subscriptions - answer-D (Event subscriptions)
You can secure audit logs with _________ media. - answer-WORM (WRITE
ONCE READ MANY)
Where can you get MBSA? FREE FROM _________ - answer-microsoft
___________ can detect weak passwords for accounts on Microsoft systems. -
answer-MBSA
What causes the Windows 7 Desktop to dim when a user attempts an action
requiring administrative approval? - answer-UAC
True or false If files are encrypted on a server using EFS, they're
automatically encrypted when a user uses offline folders. - answer-False
