Testout Network Pro final exam review
100% Correct!!
You want to give all managers the ability to view and edit a certain file. To do so, you
need to edit the discretionary access control list (DACL) associated with the file. You
want to be able to easily add and remove managers as their job positions change.
What is the BEST way to accomplish this?
Add each user account to the file's DACL.
Create a security group for the managers. Add all users as members of the group. Add
the group to the file's DACL.
Create a distribution group for the managers. Add all users as members of the group.
Add the group to the file's DACL.
Add one manager to the DACL that grants all permissions. Have this user add other
managers as required. - ANSWERSCreate a security group for the managers. Add all
users as members of the group. Add the group to the file's DACL.
Explanation:
Create a security group for the users and add the users to the DACL. A group is an
object that identifies a set of users with similar access needs. Microsoft systems have
two kinds of groups, which are distribution groups and security groups. Only security
groups can be used for controlling access to objects. As manager roles change, add or
remove user accounts from the group. Assigning permissions to a group grants those
same permissions to all members of the group.
Adding individual user accounts instead of groups to the ACL would require more work
as you add or remove managers.
Members of the sales team use laptops to connect to the company network. While
traveling, they connect their laptops to the internet through airport and hotel networks.
You are concerned that these computers could pick up viruses that could spread to your
private network. You would like to implement a solution that prevents the laptops from
connecting to your network unless antivirus software and the latest operating system
patches are installed.
Which solution should you use?
DMZ
NAC
VLAN
NIDS - ANSWERSNAC
, Network access control (NAC) controls access to a network by not allowing computers
to access network resources unless they meet certain predefined security requirements.
Conditions that can be part of the connection requirements include requiring that
computers have:
Antivirus software with up-to-date definition files
An active personal firewall
Specific operating system critical updates and patches
A client that is determined healthy by the NAC is given access to the network. An
unhealthy client, who has not met all the checklist requirements, is either denied access
or can be given restricted access to a remediation network, where remediation servers
can be contacted to help the client to become compliant.
A demilitarized zone (DMZ) is a buffer network (or subnet) that sits between a private
network and an untrusted network (such as the internet). A virtual LAN (VLAN) is a
logical grouping of computers based on switch port. VLAN membership is configured by
assigning a switch port to a VLAN. An intrusion detection system (IDS) is a special
network device that can detect attacks and suspicious activity. A network-based IDS
(NIDS) scans network traffic looking for intrusion attempts.
Which of the following switch attacks associates the attacker's MAC address with the IP
address of the victim's devices?
ARP spoofing/poisoning
DNS poisoning
MAC spoofing
Cross-site scripting (XSS) - ANSWERSARP spoofing/poisoning
ARP spoofing/poisoning associates the attacker's MAC address with the IP address of
the victim.
MAC spoofing is changing the source MAC address on frames sent by the attacker.
DNS poisoning occurs when a name server receives malicious or misleading data that
incorrectly maps host names and IP addresses.
Cross-site scripting (XSS) attacks are a type of injection attack where malicious code is
saved onto an otherwise benign site.
You have just purchased a new network device and are getting ready to connect it to
your network. Which of the following actions should you take to increase its security?
(Select two.)
Remove any backdoors.
Conduct privilege escalation.
Implement separation of duties.
Change default account passwords.
Apply all patches and updates. - ANSWERSChange default account passwords.
Apply all patches and updates.
100% Correct!!
You want to give all managers the ability to view and edit a certain file. To do so, you
need to edit the discretionary access control list (DACL) associated with the file. You
want to be able to easily add and remove managers as their job positions change.
What is the BEST way to accomplish this?
Add each user account to the file's DACL.
Create a security group for the managers. Add all users as members of the group. Add
the group to the file's DACL.
Create a distribution group for the managers. Add all users as members of the group.
Add the group to the file's DACL.
Add one manager to the DACL that grants all permissions. Have this user add other
managers as required. - ANSWERSCreate a security group for the managers. Add all
users as members of the group. Add the group to the file's DACL.
Explanation:
Create a security group for the users and add the users to the DACL. A group is an
object that identifies a set of users with similar access needs. Microsoft systems have
two kinds of groups, which are distribution groups and security groups. Only security
groups can be used for controlling access to objects. As manager roles change, add or
remove user accounts from the group. Assigning permissions to a group grants those
same permissions to all members of the group.
Adding individual user accounts instead of groups to the ACL would require more work
as you add or remove managers.
Members of the sales team use laptops to connect to the company network. While
traveling, they connect their laptops to the internet through airport and hotel networks.
You are concerned that these computers could pick up viruses that could spread to your
private network. You would like to implement a solution that prevents the laptops from
connecting to your network unless antivirus software and the latest operating system
patches are installed.
Which solution should you use?
DMZ
NAC
VLAN
NIDS - ANSWERSNAC
, Network access control (NAC) controls access to a network by not allowing computers
to access network resources unless they meet certain predefined security requirements.
Conditions that can be part of the connection requirements include requiring that
computers have:
Antivirus software with up-to-date definition files
An active personal firewall
Specific operating system critical updates and patches
A client that is determined healthy by the NAC is given access to the network. An
unhealthy client, who has not met all the checklist requirements, is either denied access
or can be given restricted access to a remediation network, where remediation servers
can be contacted to help the client to become compliant.
A demilitarized zone (DMZ) is a buffer network (or subnet) that sits between a private
network and an untrusted network (such as the internet). A virtual LAN (VLAN) is a
logical grouping of computers based on switch port. VLAN membership is configured by
assigning a switch port to a VLAN. An intrusion detection system (IDS) is a special
network device that can detect attacks and suspicious activity. A network-based IDS
(NIDS) scans network traffic looking for intrusion attempts.
Which of the following switch attacks associates the attacker's MAC address with the IP
address of the victim's devices?
ARP spoofing/poisoning
DNS poisoning
MAC spoofing
Cross-site scripting (XSS) - ANSWERSARP spoofing/poisoning
ARP spoofing/poisoning associates the attacker's MAC address with the IP address of
the victim.
MAC spoofing is changing the source MAC address on frames sent by the attacker.
DNS poisoning occurs when a name server receives malicious or misleading data that
incorrectly maps host names and IP addresses.
Cross-site scripting (XSS) attacks are a type of injection attack where malicious code is
saved onto an otherwise benign site.
You have just purchased a new network device and are getting ready to connect it to
your network. Which of the following actions should you take to increase its security?
(Select two.)
Remove any backdoors.
Conduct privilege escalation.
Implement separation of duties.
Change default account passwords.
Apply all patches and updates. - ANSWERSChange default account passwords.
Apply all patches and updates.
