Online Study Questions
Explain why security is important
Who is affected by a lapse in security?
Everyone in an organization
How can a network or computer be
Theft, loss, network intrusion, and physical
What are the primary responsibilities of a
Data and network security
Worksheet: Security Attacks
9.2 Describe Security Attacks
What is a physical threat?
Events or attacks
damage, or destroy equipment,
such as servers, switches, and
What is data threat?
Events or attacks that remove,
corrupt, deny access, allow access,
or steal information
What is an internal threat?
Employees have access to data,
and the network
What is a malicious threat?
When an employee intends to cause
What is an external threat?
Users outside of an organization that do
not have authorized access to the network
What is an unstructured threat?
Attackers use available resources, such
as passwords or scripts, to gain access
and run programs designed to vandalize
What is an structured threat?
Attackers use code to access operating
systems and software
9.2.1 Define viruses, worms and Trojans
What is a virus?
a program written with malicious intent
and sent out by attackers
How are viruses transferred?
mail, file transfers, and instant
What is the most damaging type of virus?
What is a stealth
infect a computer and lay dormant until
summoned by the attacker
What is a worm?
replicating program that is harmful to
Why is a worm harmful?
uses the network to duplicate its code to
the hosts on a network, often without
What is a Trojan?
technically a worm
What is anti
software designed specifically to detect,
disable, and remove viruses, worms, and
Trojans before they infect a computer
How can the technician keep the
software up to date?
apply the most recent updates, patches,
and virus definitions as part of a regular
Worksheet: Third party Anti
9.2.2 Explain web security
Why is web security important?
many people visit the World
Wide Web everyday
What is ActiveX?
Technology created by Microsoft to
control interactivity on web pages
What is Java?
Programming language that allows
applets to run within a web browser
What are examples of
Applets include a calculator or a counter
9.2.3 Define adware, spyware and grayware
What is adware?
A software program that displays
advertising on your computer
What is grayware?
A file or program other than a virus that is
What is phishing?
A form of social engineering where the
attacker pretends to represent a legitimate
What is spyware?
A file that sends information to the
organization responsible for launching the
Activity: Adware, Spyware, Phishing
9.2.4 Explain Denial of Service
What is denial of service?
a form of attack that prevents users from
accessing normal services, such as e
and a web server
What are two common DoS attacks?
Ping of death
What is a zombie?
located at different geographical locations
make it difficult to trace the origin of the
9.2.5 Describe spam and popup windows
What is spam?
Junk mail, unsolicited e
mail. Used as a
method of advertising
What are common indicators of spam?
No line subject, Incomplete return address,
Computer generated email,& Return email
not sent by the user
9.2.6 Explain social engineering
What is a social engineer?
a person who is able to gain access to
equipment or a network by tricking people
into providing the necessary access
How can you protect again social
Never give out password, always ask for
the ID of unknown persons, restrict
access of unexpected visitors, escort all
visitors, never post password in your
work area, lock your computer when you
leave your desk, & do not let anyone
follow you through the door that requires
and access card
9.2.7 Explain TXP/IP attacks
What is a SYN flood?
Randomly opens TCP ports,
tying up the
network equipment or computer with a
large amount of false requests, causing
sessions to be denied to others
What is spoofing?
Gains access to resources on devices by
pretending to be a trusted computer
What is a man
Intercepts or inserts false information in
traffic between two hosts
What is a Replay attack?
Uses network sniffers to extract
usernames and passwords to be used at
a later date to gain access
What is DNS poisoning?
Changes the DNS record
s on a system to
point to false servers where the data is
9.2.8 Explain data wiping, hard drive destruction and recycling
What is hardware destruction?
the process of removing sensitive data
from hardware and software before
What are the three methods commonly
used to destroy or recycle data and hard
Data wiping, hard drive destruction, and
hard drive recycling
What is data wiping?
a procedure performed to permanently
delete data from a hard drive
How can you fully ensure that data cannot
be recovered from a hard drive?
Use a third
9.3 Identify Security Procedures
How often should security plans be
On a yearly basis
9.3.1 Explain what is required in a basic local
What questions should be covered in a
basic security policy?
What assets require protection?
What are the possible threats?
What to do in the event of a
Who is responsible for security
Every person within the company
What are the recommended password
have a minimum length and include
uppercase and lowercase letters
combined with numbers and symbols
9.3.2 Explain the tasks required to protect physical equipment
What is the Trusted Platform Module
specialized chip installed on the
motherboard of a computer to be used for
hardware and software authentication
How can you protect the access to your
Card keys that store user data, including
of access, Biometric sensors that
identify physical characteristics of the user,
such as fingerprints or retinas, Posted
security guard, & Sensors, such as RFID
tags, to monitor equipment
9.3.3 Describe ways to protect data
What are the two levels
protection that are recommended?
BIOS & Login
What password will prevent the operating
system from booting?
What is a lockout rule?
Rules about password expiration and
lockout should be defined. Lockout rules
apply when an
unsuccessful attempt has
been made to access the system or when
a specific change has been detected in
the system configuration
What is a VPN connection?
allows remote users to safely access
resources as if their computer is physically
attached to the
How does a VPN protect data?
uses encryption to protect data
What is traffic?
Data being transported on a network
What is a software firewall?
a program that runs on a computer to allow
or deny traffic between the computer and
the network to which it is connected
When should backups be made?
Monthly or weekly
Where should backups be stored?
Offsite storage location for extra security
What is a smart card?
a small plastic card, about the size of a
with a small chip embedded in
What is biometric security?
compares physical characteristics against
stored profiles to authenticate people
What is a profile?
A profile is a data file containing known
characteristics of an individual such as a
fingerprint or a handprint. In theory,
biometric security is more secure than
security measures such as passwords or
smart cards, because passwords can be
discovered and smart cards can be stolen
Which file system offers journaling and
What utility do you run to convert from
Fat32 to NTFS?
9.3.4 Describe wireless security techniques
What are the basic security settings that
should be configured on a wireless router
or access point?
Modified the default
SSID, set up separate
WLAN, use a strong password
What is the SSID (service set identifier)?
The name of the wireless network
What is the first generation security for
Wired Equivalent Privacy(WEP)
Which wireless encryption supports robust
Fi Protected Access 2 (WPA2)
encryption provides government grade
Which wireless security protocol was
created by Cisco?
Lightweight Extensible Authentication
What is WTLS (Wi
reless Transport Layer
a security layer used in mobile devices that
employ the Wireless Applications Protocol
Packet Tracer Activity
9.4 Identify common preventive maintenance techniques for security
9.4.1 Explain how to upgrade
signature files for anti
virus and anti
What are the steps to update a signature
Set Windows Restore point
Open the anti
virus or anti
Locate the update control button
and select it
After the program is updated,
to scan your computer
When the scan is completed, check
the report for viruses or other
problems that could not be treated
and delete them yourself
Set the anti
virus or anti
program to automatically update
and to run on a scheduled basis
What do virus, spyware, and adware
detection programs look for?
look for patterns in the programming code
of the software in a computer
What are the code patterns called?
In order to ensure that the update is
authentic and not
corrupt, where should
you retrieve the signature files from:
What are mirrors?
signature files for download to multiple
9.4.2 Explain how to install operating system service packs and security patches
you get the tools necessary to
remove viruses and repair the computer
code that has been modified?
Operating system manufactures and
security software companies
What are patches?
code updates that manufacturers provide
to prevent a newly discovered vi
worm from making a successful attack
What is a service pack?
manufacturers combine patches and
upgrades into a comprehensive update
Worksheet: OS Updates
9.5 Troubleshoot Security
What are the steps in the troubleshooting
9.5.1 Review the troubleshooting process
9.5.2 Identify common problems and solutions
What can you do if a user is receiving
hundreds or thousands of junk emails each
At the e
mail server, filter out email
What can you do if an unauthorized access
point is discovered on the network?
Disconnect and confiscate the unauthorized
device. Enforce security policy by taking
action against the person responsible for
the security breech
can you stop user with flash drives
from infecting computers on the network?
Prevent the use of removable mediaon the
network computers or set virus protection
software to scan removable medi when
data is accessed
Worksheet: Gather Information from the