Chapter 12 (Part One)

Which security practice is an example of the Principle of Least Privilege?

The Guest use account on a Windows workstation has been disabled

Autorun has been disabled on a Windows workstation

All users on a Windows workstation have been assigned strong passwords

All users on a Windows workstation are limited users except for one user who is responsible for maintaining the system

One of the Windows workstations you manage has four user accounts defined on it. Two of the users are limited users while the third (your account) is an administrative user. The fourth account is the Guest user account, which has been enabled to allow management employees convenient workstation access. Each limited and administrative user has been assigned a strong password. File and folder permissions have been assigned to prevent users from accessing each other's files. Autorun has been disabled on the system. What should you do to increase the security of this system.

Change your user account to a limited user

Disable the Guest account

Enable autorun on the system

Change the two limited user accounts to administrative users

One of the Windows workstation you manage has three user accounts defined on it. Two of the users are limited users while the third (your account) is an administrative user. Each limited and administrative user has been assigned a strong password. File and folder permissions have been assigned to prevent users from accessing each other's files. What else could you do to increase the security of this system? (Select Two)

Set a screensaver password

Disable autorun on the system

Assign each user a simple password so they won't be tempted to write it down

Enable Guest account

Change the two limited user accounts to restricted users

You provide Desktop support at the branch office of a bank. One of the Windows workstations you manage is used by a bank employee to set up new customer accounts and fill out customer loan applications. Each user account on the system has been assigned a strong password. File and folder permissions have been assigned to prevent users from accessing each other's files. What else could you do to increase the security of this system? (Select two)

Assign each user a simple password so they wont be tempted to write it down

Make user accounts members of the Administrators group

Install a privacy filter on the monitor

Enable the Guest account

The chain of custody is used for what purposes?

Detailing the timeline between creation and discovery of evidence

Maintaining compliance with federal privacy laws

Identifying the owner of evidence

Retaining evidence integrity by identifying people coming into contact with evidence

Which of the following is an important aspect of evidence gathering?

Restoring damage data from backup media

Backing up all log files and audit trails

Monitoring user access to compromised systems

Purging transaction logs

You have been asked to draft a document related to evidence gathering that contains details about personnel in possession and control of evidence from the time of discovery up through the time of presentation in court. What type of document is this?

Chain of custody

CPS (Certified Practice Statement)

Rules of evidence

FIPS-140

When conducting a forensic investigation, and assuming that the attack has been stopped, which of the following actions should be performed next?

Turn off the system

Stop all running processes

Document what's on the screen

Remove the hard drive

The immediate preservation of evidence is paramount when conducting a forensic analysis. Which of the following actions is most likely to destroy critical evidence?

Disconnecting the system from the network

Restricting physical access to the system

Shutting down the system

Copying the contents of memory to removable media

A security incident is currently occurring on the company network. You discover that the attack involves a computer system that is attached to the network. You're not sure yet exactly what kind of damage is being done to the network systems or data. What action should you take first?

Stop the attack and contain the damage by disconnecting the system from the network

Examine the active computer system to analyze the live network connection, memory contents, and running programs

Determine whether you have the expertise to conduct an investigation, or whether you need to call in additional help

Document and photograph the entire scene of the crime including the current state of the attached computer system

You have 5 salespersons who work out of your office and who frequently leave their laptops laying on their desk in their cubicles. You are concerned that someone might walk by and take one of these laptops. Which of the following is the best protection to implement to address your concerns?

Use cable locks to chain laptops to the desks

Encrypt all company data on the hard drives

Implement screen saver passwords

Require strong passwords in the local security policy

You need to enable a screen saver password on the Windows workstations in your organization. Which Control Panel option should you use to do this?

Chapter 12 (Part One)

More Quizzes