Chapter 18 - Computer and Network Security

Question 1

What is the purpose of Digital Rights Management (DRM)?

Answer 1

To enforce controls on digital media use (e.g., prevent unauthorized copying/playing).

Question 2

What do we call software that is free to use and modify?

Answer 2

Open-source software.

Question 3

What malware creates a network of ‘zombie’ devices controlled by an attacker?

Answer 3

Botnet (bot malware that enrolls hosts into a command-and-control network).

Question 4

What is a backdoor in security terms?

Answer 4

A hidden mechanism that bypasses normal authentication/controls.

Question 5

What is a brute-force attack?

Answer 5

Systematically trying all possible keys/passwords until one works.

Question 6

What does BEC stand for and what is it?

Answer 6

Business Email Compromise; targeted, convincing emails to redirect payments or data.

Question 7

How does a DoS attack differ from a DDoS?

Answer 7

DoS: single source; DDoS: many sources simultaneously.

Question 8

What is an evil twin attack?

Answer 8

A rogue wireless AP using the same SSID as a legitimate one to lure clients.

Question 9

What malware secretly captures keystrokes?

Answer 9

Keylogger.

Question 10

What is a logic bomb?

Answer 10

Malicious code that triggers under specific conditions (e.g., date, user action).

Question 11

What is a man-in-the-middle (MITM) attack?

Answer 11

An attacker intercepts/relays communications, potentially altering data.

Question 12

What is phishing?

Answer 12

Deceptive messages posing as trusted entities to steal credentials/data.

Question 13

What is spear phishing?

Answer 13

Highly targeted phishing aimed at a specific person or org.

Question 14

What is whaling?

Answer 14

Spear phishing targeting executives/high-profile individuals.

Question 15

What is a rootkit?

Answer 15

Stealthy malware that hides its presence and often gains admin/kernel-level control.

Question 16

What is the goal of a replay attack?

Answer 16

To capture and re-send valid transmissions to gain unauthorized access.

Question 17

What is tailgating (piggybacking)?

Answer 17

Following an authorized person into a restricted area without permission.

Question 18

What is a worm?

Answer 18

Self-contained malware that self-replicates and spreads without user action.

Question 19

How does a Trojan differ from a virus/worm?

Answer 19

Trojan masquerades as legitimate; it does not self-replicate like worms/viruses.

Question 20

What is a watering hole attack?

Answer 20

Compromising a site frequented by a target group to infect visitors.

Question 21

What is a zero-day attack?

Answer 21

Exploiting a previously unknown (unpatched) vulnerability.

Question 22

Where do you add a user to a department group in AD?

Answer 22

Active Directory Users and Computers > User properties > Member Of tab.

Question 23

What does the ‘password history’ policy control?

Answer 23

How many unique new passwords must be used before reuse is allowed.

Question 24

What is the principle of least privilege?

Answer 24

Grant only the minimum access rights needed to perform a job.

Question 25

What’s the difference between Share and NTFS permissions?

Answer 25

Share: apply only to network access; NTFS: apply to local and network access.

Question 26

When Share and NTFS permissions conflict over the network, which applies?

Answer 26

The most restrictive effective permission (intersection of Share and NTFS).

Question 27

What Windows feature prompts for admin consent/elevation?

Answer 27

User Account Control (UAC).

Question 28

What is degaussing?

Answer 28

Using a strong magnetic field to erase magnetic media (e.g., HDD tapes).

Question 29

Why is degaussing ineffective for SSDs?

Answer 29

SSDs store data in flash cells; magnetism does not erase them.

Question 30

What is the first step after identifying malware symptoms?

Answer 30

Quarantine/contain: disconnect from networks to prevent spread.

Question 31

Which command repairs protected Windows system files post-malware?

Answer 31

sfc /scannow.

Question 32

What is a firewall?

Answer 32

A device/software that filters traffic based on security rules (stateful/stateless).

Question 33

What does an IDS do?

Answer 33

Monitors/alerts on suspicious activity (passive detection).

Question 34

What does an IPS do?

Answer 34

Detects and actively blocks malicious traffic (prevention).

Question 35

What is a VPN?

Answer 35

An encrypted tunnel over an untrusted network (e.g., internet).

Question 36

What is a DMZ used for?

Answer 36

A screened subnet hosting public-facing services, isolating them from the internal LAN.

Question 37

What is MAC address filtering on Wi‑Fi?

Answer 37

Allow/deny list by device MAC; weak because MACs can be spoofed.

Question 38

Why is hiding the SSID a weak defense?

Answer 38

SSID can be discovered in beacons/probes; provides little real security.

Question 39

What is the first action in incident response for a technician?

Answer 39

Identify and report the incident to the appropriate team; follow the IR plan.

Question 40

Why document a security incident after resolution?

Answer 40

For root-cause analysis, prevention, training, and legal/audit evidence.

Question 41

What is adware?

Answer 41

Software that displays unwanted ads; may track user behavior.

Question 42

What is a dictionary attack?

Answer 42

Trying passwords from a wordlist rather than all combinations.

Question 43

What is grayware?

Answer 43

Potentially unwanted software (e.g., adware, some toolbars/trackers).

Question 44

What is CSRF (cross-site request forgery)?

Answer 44

Tricking an authenticated user’s browser to perform unwanted actions on a site.

Question 45

Why create Organizational Units (OUs) in AD?

Answer 45

To group objects for delegated admin and targeted Group Policy.

Question 46

What does 'minimum password age' enforce?

Answer 46

How long a user must wait before changing a password again.

Question 47

What are explicit permissions?

Answer 47

Rights set directly on an object.

Question 48

What are inherited permissions?

Answer 48

Rights passed down from a parent folder to child items.

Question 49

What is the most secure hard drive destruction method?

Answer 49

Physical destruction (e.g., shredding/drilling/hammer mill).

Question 50

Why disable System Restore before malware removal?

Answer 50

To avoid restoring infected snapshots and re-infection.

Question 51

What is the final step in malware remediation?

Answer 51

Educate the user and implement preventive measures (updates, least privilege, training).

Question 52

What is a UTM appliance?

Answer 52

Unified Threat Management: consolidates firewall, IDS/IPS, filtering, etc.

Question 53

What initial Wi‑Fi hardening step should you take?

Answer 53

Change the default SSID and admin password on the AP/router.

Question 54

Which Wi‑Fi encryption is stronger: WPA2 or WPA3?

Answer 54

WPA3 (uses SAE; provides forward secrecy).

Question 55

What should a technician do upon discovering prohibited content?

Answer 55

Report to management/HR; do not investigate or copy the content.

Question 56

What is PII?

Answer 56

Personally Identifiable Information (e.g., SSN, name, address) that can identify an individual.

Question 57

What is vishing?

Answer 57

Voice phishing via phone/voicemail to solicit sensitive info.

Question 58

Why place an AP centrally rather than near windows?

Answer 58

To reduce RF leakage outside and lower attack surface.

Question 59

What is a proxy server used for?

Answer 59

To intermediate client requests for filtering, caching, or anonymity.

Question 60

Why is plugging in a found USB drive risky?

Answer 60

It could deliver malware (e.g., autorun/BadUSB) as a baiting attack.

Question 61

What Windows feature encrypts internal drives to protect data at rest?

Answer 61

BitLocker Drive Encryption.

Question 62

What motherboard chip stores BitLocker keys and security info?

Answer 62

Trusted Platform Module (TPM).

Question 63

What is smishing?

Answer 63

Phishing via SMS/text messages.

Question 64

What is shoulder surfing?

Answer 64

Observing someone’s screen/keyboard to capture sensitive info.

Question 65

What is dumpster diving?

Answer 65

Searching discarded materials for sensitive information.

Question 66

What is pretexting?

Answer 66

Creating a fabricated scenario to trick targets into divulging data.

Question 67

What is MFA and why use it?

Answer 67

Multi-Factor Authentication; adds factors (something you know/have/are) to reduce account takeover risk.

Question 68

What is password spraying?

Answer 68

Trying a few common passwords across many accounts to evade lockouts.

Question 69

What is account lockout policy?

Answer 69

Settings that lock accounts after a number of failed logins for a duration.

Question 70

What are the CIA triad elements?

Answer 70

Confidentiality, Integrity, Availability.

Question 71

What is hashing vs encryption?

Answer 71

Hashing is one-way integrity check; encryption is reversible confidentiality protection.

Question 72

What is least functionality (hardening)?

Answer 72

Disable/remove unnecessary services, ports, and software.

Question 73

What is patch management?

Answer 73

Regularly applying updates to OS/apps/firmware to close vulnerabilities.

Question 74

What is data loss prevention (DLP)?

Answer 74

Tools/policies to prevent sensitive data exfiltration.

Question 75

What is SIEM used for?

Answer 75

Security Information and Event Management: collect, correlate, and alert on security logs.

Question 76

What is defense in depth?

Answer 76

Layered controls (technical, administrative, physical) for redundancy.

Question 77

What is 802.1X?

Answer 77

Port-based network access control (NAC) using RADIUS for authentication.

Question 78

What is WPA2‑PSK vs WPA2‑Enterprise?

Answer 78

PSK uses shared passphrase; Enterprise uses per-user credentials via 802.1X/RADIUS.

Question 79

What Wi‑Fi setup feature is insecure and should be disabled?

Answer 79

WPS (Wi‑Fi Protected Setup) due to PIN brute-force vulnerabilities.

Question 80

What is a reverse proxy?

Answer 80

A proxy that sits in front of servers to handle client requests (e.g., TLS offload, WAF).

Question 81

What is a WAF?

Answer 81

Web Application Firewall; protects web apps from attacks (e.g., SQLi, XSS).

Question 82

What is endpoint detection and response (EDR)?

Answer 82

Advanced endpoint telemetry and response for threats beyond classic antivirus.

Question 83

What is ransomware?

Answer 83

Malware that encrypts data and demands payment for decryption.

Question 84

What is spyware?

Answer 84

Software that secretly collects user information.

Question 85

What is sandboxing?

Answer 85

Running code in an isolated environment to observe behavior safely.

Question 86

What should you preserve during incident response?

Answer 86

Evidence (logs, images) with chain of custody.

Question 87

What are secure data sanitization options for SSDs?

Answer 87

Crypto-erase, ATA Secure Erase/NVMe sanitize, or physical destruction.

Question 88

What is the 3‑2‑1 backup rule?

Answer 88

3 copies of data, on 2 different media, with 1 offsite copy.

Question 89

What is a security baseline?

Answer 89

A benchmark configuration to harden systems consistently.

Question 90

What is least privilege vs need-to-know?

Answer 90

Least privilege limits system permissions; need-to-know limits data access.

Question 91

What is social engineering?

Answer 91

Manipulating people to bypass technical controls.

Question 92

What is ARP spoofing?

Answer 92

Forging ARP replies to position as MITM on a LAN.

Question 93

What is port security on switches?

Answer 93

Limits learned MACs/port behavior to prevent rogue devices.

Question 94

What is geofencing in MDM/security?

Answer 94

Applying policies/actions based on device location.

Question 95

What is TLS?

Answer 95

Transport Layer Security; encrypts data in transit for protocols like HTTPS.

Question 96

What is PKI?

Answer 96

Public Key Infrastructure; manages certificates/keys for trust and encryption.

Question 97

What is an allowlist vs blocklist?

Answer 97

Allowlist permits only approved items; blocklist denies known bad items.

Question 98

What is application whitelisting?

Answer 98

Restricting systems to run only approved applications.

Question 99

What is a security awareness program?

Answer 99

Ongoing user education to reduce human-related security risks.

Question 100

What post-incident activity improves future response?

Answer 100

Lessons learned meeting and plan updates.

Question 101

What is network segmentation and why use it?

Answer 101

Dividing networks (e.g., VLANs/ACLs) to contain breaches and limit lateral movement.

Question 102

What is a NAC solution?

Answer 102

Network Access Control; evaluates device posture before granting access.

Question 103

What is content filtering?

Answer 103

Blocking access to malicious/inappropriate websites or files.

Question 104

What does 'implicit deny' mean in ACLs?

Answer 104

Traffic not explicitly allowed is denied by default.