Cyber

A private key has been stolen. Which action should you take to deal with this crisis?

Add the digital certificate to the CRL

Which of the following is a privilege or action that can be taken on a system?

User rights

Which of the following principles is implemented in a mandatory access control model to determine object access by classification level?

Need to Know

A user has just authenticated using Kerberos. Which object is issued to the user immediately following login?

Ticket-granting ticket

You want to make sure that all users have passwords over eight characters in length and that passwords must be changed every 30 days.

What should you do?

Configure account policies in Group Policy

Which of the following identifies the type of access that is allowed or denied for an object?

Permissions

Your company security policy states that wireless networks are not to be used because of the potential security risk they present to your network.

One day, you find that an employee has connected a wireless access point to the network in his office.

Which type of security risk is this?

Rogue access point

You manage an Active Directory domain. All users in the domain have a standard set of internet options configured by a GPO linked to the domain, but you want users in the Administrators OU to have a different set of internet options.

What should you do?

Create a GPO user policy for the Administrators OU.

A receiver wants to verify the integrity of a message received from a sender. A hashing value is contained within the digital signature of the sender.

Which of the following must the receiver use to access the hashing value and verify the integrity of the transmission?

Sender's public key

Which standard is most widely used for certificates?

X.509

You have just configured the password policy and set the minimum password age to 10.

What is the effect of this configuration?

Users cannot change the password for 10 days

Which of the following is a password that relates to things that people know, such as a mother's maiden name or a pet's name?

Cognitive

Which of the following objects identifies a set of users with similar access needs?

Group

You want to implement an access control list in which only the users you specifically authorize have access to the resource. Anyone not on the list should be prevented from having access.

Which of the following methods of access control should the access list use?

Explicit allow, implicit deny

When using Kerberos authentication, which of the following terms is used to describe the token that verifies the user's identity to the target system?

Ticket

Which class of wireless access point (WAP) has everything necessary to manage clients and broadcast a network already built into its functionality?

Fat

Mary, a user, is attempting to access her OneDrive from within Windows and is unable to.

Which of the following would be the MOST likely cause?

Mary needs to log in with a Microsoft account.

The Hide Programs and Features page setting is configured for a specific user as follows:

\[Policy] / [Setting]

Local Group Policy /Enabled

Default Domain Policy GPO/ Not configured

GPO linked to the user's organizational unit/ Disabled

After logging in, the user is able to see the Programs and Features page. Why does this happen?

The GPO linked to the user's organizational unit is applied last, so this setting takes precedence.

You are configuring a small workgroup. You open System Properties on each computer that will be part of the workgroup.

Click the System Properties options you can use to configure each computer's workgroup association. (Select two. Each option is part of a complete solution.)

Network ID and Change...

Which of the following database encryption methods encrypts the entire database and all backups?

Transparent Data Encryption (TDE)

Which of the following is used for identification?

Username

Which of the following is a feature of MS-CHAP v2 that is not included in CHAP?

Mutual authentication

A PKI is an implementation for managing which type of encryption?

Asymmetric

Lori Redford, who has been a member of the Project Management group, was recently promoted to manager of the team. She has been added as a member of the Managers group.

Several days after being promoted, Lori needs to have performance reviews with the team she manages. However, she cannot access the performance management system. As a member of the Managers group, she should have the Allow permission to access this system.

What is MOST likely preventing her from accessing this system?

She is still a member of the Project Management group, which has been denied permission to this system. Deny permissions always override Allow permissions.

Which of the following algorithms are used in symmetric encryption? (Select two.)

3DES

Blowfish

Above all else, what must be protected to maintain the security and benefit of an asymmetric cryptographic solution, especially if it is widely used for digital certificates?

Private keys

You need to implement a wireless network link between two buildings on a college campus. A wired network has already been implemented within each building. The buildings are 100 meters apart.

Which type of wireless antenna should you use on each side of the link? (Select two.)

Parabolic

High-gain

You have transferred an encrypted file across a network using the Server Message Block (SMB) Protocol. What happens to the file's encryption?

The file is unencrypted when moved

Which of the following defines the crossover error rate for evaluating biometric systems?

The point where the number of false positives matches the number of false negatives in a biometric system.

An attacker is attempting to crack a system's password by matching the password hash to a hash in a large table of hashes he or she has.

Which type of attack is the attacker using?

Rainbow

Which of the following is a direct integrity protection?

Digital signature

Which of the following is the weakest hashing algorithm?

MD5

Which of the following should you set up to ensure encrypted files can still be decrypted if the original user account becomes corrupted?

DRA

Which of the following account types is a cloud-based identity and access management service that provides access to both internal and external resources?

Azure AD

Which of the following is used to verify that a downloaded file has not been altered?

Hash

Which of the following are methods for providing centralized authentication, authorization, and accounting for remote access? (Select two.)

TACACS+

RADIUS

When a cryptographic system is used to protect data confidentiality, what actually takes place?

Unauthorized users are prevented from viewing or accessing the resource.

Which of the following do switches and wireless access points use to control access through a device?

MAC address filtering

A birthday attack focuses on which of the following?

Hashing algorithms

What is the most obvious means of providing non-repudiation in a cryptography system?

Digital signatures

Which of the following best describes Bluesnarfing?

Viewing calendar, emails, and messages o

Which of the following is used by Microsoft for auditing in order to identify past actions performed by users on an object?

SACL

Which of the following functions are performed by a TPM?

Create a hash of system component

You want to protect data on hard drives for users with laptops. You want the drive to be encrypted, and you want to prevent the laptops from booting unless a special USB drive is inserted. In addition, the system should not boot if a change is detected in any of the boot files.

What should you do?

Implement BitLocker with a TPM.

Which type of interference is caused by motors, heavy machinery, and fluorescent lights?

EMI

You have just downloaded a file. You create a hash of the file and compare it to the hash posted on the website. The two hashes match.

What do you know about the file?

Your copy is the same as the copy posted on the website.

Which technology was developed to help improve the efficiency and reliability of checking the validity status of certificates in large, complex environments?

Online Certificate Status Protocol

Which of the following is responsible for broadcasting information and data over radio waves?

Wireless access point

Which of the following terms describes the component that is generated following authentication and is used to gain access to resources following login?

Access token

Which type of RFID tag can send a signal over a long distance?

Active

Hashing algorithms are used to perform which of the following activities?

Create a message digest.

A remote access user needs to gain access to resources on the server. Which of the following processes are performed by the remote access server to control access to resources?

Authentication and authorization

You are consulting a small startup company that needs to know which kind of Windows computer network model they should implement. The company intends to start small with only 12 employees, but they plan to double or triple in size within 12 months. The company founders want to make sure they are prepared for growth. Which networking model should they implement?

Client-server

You've used BitLocker to implement full volume encryption on a notebook system. The notebook motherboard does not have a TPM chip, so you've used an external USB flash drive to store the BitLocker startup key. You use EFS to encrypt the C:\Secrets folder and its contents. Which of the following is true in this scenario? (Select two.)

By default, only the user who encrypted the C:\Secrets\confidential.docx file will be able to open it

If the C:\Secrets\confidential.docx file is copied to an external USB flash drive, the file will be saved in an unencrypted state.

Which of the following identification and authentication factors are often well known or easily discovered by others on the same network or system?

Username

What is the main function of a TPM hardware chip?

Generate and store cryptographic keys

There are registry-based settings that can be configured within a GPO to control the computer and the overall user experience, such as: Use Windows features such as BitLocker, Offline Files, and Parental Controls Customize the Start menu, taskbar, or desktop environment Control notifications Restrict access to Control Panel features Configure Internet Explorer features and options What are these settings known as?

Administrative templates

You want to use Kerberos to protect LDAP authentication. Which authentication mode should you choose?

SASL

Which of the following security solutions would prevent a user from reading a file that she did not create?

EFS

Group Policy Objects (GPOs) are applied in which of the following orders?

Local Group Policy, GPO linked to site, GPO linked to domain, GPO linked to organizational unit (highest to lowest)

In the certificate authority trust model known as a hierarchy, where does trust start?

Root CA

An attacker has intercepted near-field communication (NFC) data and is using that information to masquerade as the original device. Which type of attack is being executed?

Relay

You manage a single domain named widgets.com. Organizational units (OUs) have been created for each company department. User and computer accounts have been moved into their corresponding OUs. Members of the Directors OU want to enforce longer passwords than are required for the rest of the users. You define a new granular password policy with the required settings. All users in the Directors OU are currently members of the DirectorsGG group, which is a global security group in that OU. You apply the new password policy to that group. Matt Barnes is the chief financial officer, and he would like his account to have even more strict password policies than are required for other members in the Directors OU. What should you do?

Create a granular password policy for Matt. Apply the new policy directly to Matt's user account.

Which form of cryptography is best suited for bulk encryption because it is so fast?

Symmetric key cryptography

Cryptographic systems provide which of the following security services? (Select two.)

Non-repudiation

Confidentiality

You are concerned that if a private key is lost, all documents encrypted with your private key will be inaccessible. Which service should you use to solve this problem?

Key escrow

Which of the following terms is used to describe an event in which a person who should be allowed access is denied access to a system?

False negative

Your computer system is a participant in an asymmetric cryptography system. You've crafted a message to be sent to another user. Before transmission, you hash the message and then encrypt the hash using your private key. You then attach this encrypted hash to your message as a digital signature before sending it to the other user. Which protection does the private key-signing activity of this process provide?

Non-repudiation

Which of the following can be classified as a stream cipher?

RC4

When two different messages produce the same hash value, what has occurred?

Collision

What does a remote access server use for authorization?

Remote access policies

Which of the following items are contained in a digital certificate? (Select two.)

Validity period

Public key

What is mutual authentication?

A process by which each party in an online communication verifies the identity of the other party.