CompTIA Security+ Study Guide

Question Answer

What are the main domains covered in the CompTIA Security+ The main domains covered in the CompTIA Security+ SY0-501
SY0-501 exam? exam include: 1. Threats, Attacks, and Vulnerabilities (21%) 2.
Technologies and Tools (22%) 3. Architecture and Design (15%)
4. Identity and Access Management (16%) 5. Risk Management
(14%) 6. Cryptography and PKI (12%)

What is the primary goal of Information Security? The primary goal of Information Security is to protect data and
information from unauthorized access, unlawful modification,
disruption, disclosure, corruption, and destruction.
What does Information Systems Security entail? Information Systems Security entails the act of protecting the
systems that hold and process critical data, ensuring they are
secure from threats and vulnerabilities.
Explain the CIA Triad in information security. The CIA Triad consists of: 1. Confidentiality - Ensures that
information is not disclosed to unauthorized individuals. 2.
Integrity - Guarantees that information has not been modified or
altered without proper authorization. 3. Availability - Ensures that
information is accessible when needed and can be stored,
accessed, or protected at all times.
What does the AAA concept of Security stand for? The AAA concept of Security stands for: 1. Authentication -
Verifying the identity of a user or system. 2. Authorization -
Granting permission to users to access specific resources. 3.
Accounting - Keeping track of user activities and logging their
actions.
What is the significance of having a minimum passing score for The significance of having a minimum passing score for the
the CompTIA Security+ exam? CompTIA Security+ exam is to ensure that candidates possess a
foundational level of knowledge and skills necessary for
cybersecurity roles and to validate their ability to protect and
manage security in an organization.
What are threats, attacks, and vulnerabilities in the context of In cybersecurity: 1. Threats are potential dangers that could
cybersecurity? exploit a vulnerability in a system. 2. Attacks are the actual
attempts to breach security and compromise systems. 3.
Vulnerabilities are weaknesses in systems that can be exploited
by threats to gain unauthorized access or cause harm.
How many questions are on the CompTIA Security+ exam and The CompTIA Security+ exam consists of up to 90 questions and
how long is the exam time? has a time limit of 90 minutes.
What is unauthorized access in information security? Unauthorized access refers to individuals or entities gaining
access to data or IT assets without permission, which can lead to
information theft, data breaches, or system disruptions.
Define Data Integrity in the context of information security. Data Integrity in information security refers to the assurance that
data is accurate, consistent, and has not been tampered with or
altered in an unauthorized way.
Why is Availability crucial in the CIA Triad? Availability is crucial in the CIA Triad because it ensures that
users have consistent and reliable access to information and
resources when they need them, thereby supporting business
operations and preventing disruptions.
What is the role of Risk Management in cybersecurity? The role of Risk Management in cybersecurity is to identify,
assess, and prioritize risks to reduce the potential impact of
security incidents, ensuring that appropriate measures are taken
to protect information and systems.
What is Cryptography and why is it important in security? Cryptography is the practice of securing information through
encoding, making it unintelligible to unauthorized users. It is
important in security as it helps protect the confidentiality,
integrity, and authenticity of data during storage and transmission.
Question Answer

What does PKI stand for and what is its function? PKI stands for Public Key Infrastructure. Its function is to provide
a framework for creating, managing, distributing, and revoking
digital certificates and encryption keys in secure communications.
What is authentication in a security context? Authentication is the process of establishing a person's identity
using proof and confirming it through a system.
What are the four types of authentication factors? 1. Something you know (e.g., passwords) 2. Something you are
(e.g., biometrics) 3. Something you have (e.g., security tokens) 4.
Something you do (e.g., behavioral patterns) 5. Somewhere you
are (e.g., geolocation) that can be used as a factor.
What is authorization in the context of computer security? Authorization occurs when a user is granted access to specific
data or certain areas of a system or building after their identity
has been authenticated.
What does accounting refer to in information security? Accounting refers to the tracking and monitoring of user data,
computer usage, and resource access within a network or
system.
What is non-repudiation in the context of information security? Non-repudiation is the assurance that someone cannot deny the
validity of their actions due to proof being available that confirms
their actions.
What is malware? Malware is a shorthand term for malicious software designed to
harm, exploit, or otherwise compromise the integrity and
functionality of devices or networks.
What is unauthorized access? Unauthorized access refers to instances where access to
computer resources and data occurs without the consent of the
owner or proper authorization.
What is system failure? System failure occurs when a computer crashes or an individual
application fails to function as intended, leading to potential data
loss or service unavailability.
What is social engineering in the context of cybersecurity? Social engineering is the act of manipulating users or individuals
into revealing confidential information or performing
compromising actions that could jeopardize security.
What are physical controls in security mitigation strategies? Physical controls are measures used to protect physical assets
and can include alarm systems, locks, surveillance cameras, and
identification cards.
What are technical controls in security? Technical controls are mechanisms implemented in technology to
protect information systems and data. Examples include smart
cards, encryption, access control lists (ACLs), intrusion detection
systems (IDS), and network authentication procedures.
What role do smart cards play in security? Smart cards are physical cards embedded with a microprocessor
that stores and processes data securely, often used for secure
access to information systems and facilities.
What is the purpose of encryption in information security? Encryption is the process of converting data into a coded format
to prevent unauthorized access. It protects sensitive information
by ensuring that only authorized users with the decryption key
can access the original data.
What are Access Control Lists (ACLs)? Access Control Lists (ACLs) are a set of rules that define
permissions for users to access specific resources within a
system. They control which users can access which resources
and what actions they can perform on them.
What is an Intrusion Detection System (IDS)? An Intrusion Detection System (IDS) monitors network traffic for
suspicious activities and alerts administrators of potential security
breaches. It helps identify and respond to threats in real time.
Question Answer

What does network authentication entail? Network authentication is the process of verifying the identity of a
user or device attempting to access a network. It ensures that
only authorized entities can access network resources.
What are administrative controls in security? Administrative controls are policies and procedures established
by an organization to manage security and risk. They include
security awareness training, contingency planning, and disaster
recovery plans.
Why is user training considered a cost-effective security control? User training increases awareness and understanding of security
policies and practices among employees, significantly reducing
the risk of security incidents caused by human error.
What are the five types of hackers? 1. White Hats - Non-malicious hackers who test security systems
with permission. 2. Black Hats - Malicious hackers who break into
systems without authorization. 3. Gray Hats - Hackers who
operate outside legal boundaries but without malicious intent. 4.
Blue Hats - Hackers who test systems with permission but are
not employed by the organization. 5. Elite Hackers - Highly skilled
individuals who find and exploit vulnerabilities prior to public
disclosures.
What distinguishes White Hat hackers from Black Hat hackers? White Hat hackers operate with permission and often work to
improve security by identifying vulnerabilities, while Black Hat
hackers operate without authorization for malicious purposes.
What is a Gray Hat hacker? Gray Hat hackers navigate the ethical line by attempting to hack
systems without permission, often disclosing vulnerabilities
afterwards, which risks legal consequences.
Who are Blue Hat hackers? Blue Hat hackers are unauthorized security professionals or
consultants who test the security of a system or network with the
permission of the organization, but are not part of that
organization.
What is the significance of Elite Hackers in the cybersecurity Elite hackers have advanced skills and knowledge, allowing them
landscape? to discover and exploit vulnerabilities before they are known to
the public or even to the organizations they affect.
What is the importance of security policies in an organization? Security policies guide and direct the organization's security
practices, helping to protect assets, manage risks, and provide
frameworks for compliance and incident response.
What key components are included in a disaster recovery plan? A disaster recovery plan outlines procedures for recovering IT
systems and services after a disruption, including data backup
strategies, recovery time objectives (RTO), and roles and
responsibilities during a disaster.
What is the purpose of contingency planning in security? Contingency planning involves preparing for unexpected events
or emergencies by developing strategies to maintain essential
functions and recover as quickly as possible.
What are script kiddies? Script kiddies are hackers with little to no technical skill who use
existing tools and exploits created by others to compromise
systems.
What motivates hacktivists? Hacktivists are motivated by social change, political agendas, or
terrorism, and their hacking activities are often driven by a
specific cause.
What characterizes organized crime hackers? Organized crime hackers are part of a well-funded and highly
sophisticated crime group, often engaging in illegal activities for
profit.
What are Advanced Persistent Threats (APTs)? APTs are highly trained and funded groups of hackers, often
supported by nation-states, who utilize both covert and open-
source intelligence to carry out their activities.
Question Answer

What is malware? Malware is software designed to infiltrate a computer system and

may damage it without the user's knowledge or consent.
List the different types of malware. Types of malware include viruses, worms, Trojan horses,
ransomware, spyware, rootkits, and spam.
What is a computer virus? A computer virus is malicious code that executes without the
user's knowledge and infects the computer when it is run. Viruses
require user action to reproduce and spread.
What are the characteristics of a worm in terms of malware? Worms are a type of malware that can replicate themselves and
spread to other computers without needing user action or
intervention.
Define Trojan horse in the context of malware. A Trojan horse is a type of malware that deceives users by
masquerading as legitimate software while carrying harmful
payloads.
What is ransomware? Ransomware is malware that encrypts a victim's data and
demands a ransom payment for the decryption key.
Explain what spyware does. Spyware is malware that secretly monitors user activities and
collects sensitive information without the user's consent.
What is a rootkit? A rootkit is a set of tools used by an intruder to maintain
unauthorized access to a computer while hiding their presence.
What is the purpose of spam in the context of malware? Spam generally refers to unsolicited messages, often used to
distribute malware or phishing schemes to unsuspecting users.
How does a virus reproduce and spread? A virus reproduces and spreads when a user executes infected
files or programs. It often attaches itself to legitimate software.
What is a Boot sector virus? A Boot sector virus is a type of malware that is stored in the first
sector of a hard drive. It is loaded into memory when the
computer is booted up, potentially leading to damage of data and
other files on the system.
How does a Macro virus operate? A Macro virus is embedded into a document (like Word or Excel)
and gets executed automatically when the user opens the
infected document. It exploits features of software that allow
macros to be run.
What characterizes a Program virus? A Program virus infects executable files or application programs.
It usually attaches itself to a .exe or .com file and spreads when
the infected application is executed.
Define a Multipartite virus. A Multipartite virus combines characteristics of both boot sector
and program viruses. It first attaches itself to the boot sector and
system files and later infects other files when the user runs
applications.
What is an Encrypted Polymorphic virus? An Encrypted Polymorphic virus is an advanced type of virus that
changes its code every time it is executed. It does this by altering
the decryption module consistently to avoid detection by antivirus
software.
Explain Metamorphic viruses. Metamorphic viruses are capable of completely rewriting their
own code before they attempt to infect other files. This makes
them a more advanced version of polymorphic viruses since they
do not rely on just obfuscating their code.
What is the purpose of Stealth Armored viruses? Stealth Armored viruses are designed with a protective layer that
confuses or misleads programs or persons trying to analyze
them. This makes them significantly harder to detect and analyze.
Question Answer

How does a Worm differ from a virus? A Worm is a type of malicious software that can replicate itself
without needing to attach itself to a user-initiated action, like
opening a file, as a virus does. Worms usually spread across
networks without user involvement.
What is the difference between a Polymorphic virus and a A Polymorphic virus changes its appearance with each new
Metamorphic virus? infection but uses the same basic code. In contrast, a
Metamorphic virus rewrites its entire code before it infects,
making it more complex and harder to detect.
What are the potential impacts of a Boot sector virus? A Boot sector virus can lead to significant data loss, corruption of
files, and make the system unbootable, disrupting user access
and requiring system recovery efforts.
Name a common method used by Macro viruses to spread. Macro viruses commonly spread by leveraging shared
documents often transmitted via email or stored on shared
drives, where users inadvertently open the infected documents.
What are the common symptoms of a computer infected with a Common symptoms include irregular behavior when booting up
Multipartite virus? the system, unexpected application crashes, and slow system
performance due to multiple infection vectors of the virus.
What are worms in the context of computer security? Worms are a type of malicious software that self-replicate and
spread without the user's consent or action. They can cause
significant disruption to normal network traffic and computing
activities.
What is an example of a major worm outbreak? An example of a major worm outbreak is the Conficker worm,
which affected approximately 9 to 15 million computers in 2009.
What is the definition of a Trojan Horse in cybersecurity? A Trojan Horse is a type of malicious software that is disguised
as harmless or desirable software. Trojans perform desired
functions for the user while also carrying out malicious activities.
What is a Remote Access Trojan (RAT)? A Remote Access Trojan (RAT) is a type of Trojan that provides
the attacker with remote control of a victim's computer. It is the
most commonly used type of Trojan.
What is ransomware and how does it work? Ransomware is a type of malware that restricts access to a
victim's computer system until a ransom is received. It typically
exploits vulnerabilities in software to gain access and then
encrypts the victim's files.
What was the financial impact of the SamSam ransomware The SamSam ransomware attack affected the City of Atlanta and
attack on the City of Atlanta? resulted in an estimated cost of 17 million dollars.
What is spyware in the field of cybersecurity? Spyware is malware that secretly gathers information about a
user without their consent. It can capture keystrokes made by the
victim and take screenshots.
What are the primary functions of spyware? The primary functions of spyware include gathering information
about users, monitoring their online activities, capturing
keystrokes, and taking screenshots.
How do worms differ from viruses? Worms self-replicate and spread independently over networks,
while viruses need to attach themselves to existing programs or
files and typically require user action to propagate.
What measures can be taken to protect against worms and other Protective measures include maintaining updated antivirus
malware? software, applying software patches, educating users about
safety practices online, and monitoring network traffic for unusual
activity.
Are Trojans capable of spreading on their own? No, Trojans do not self-replicate or spread on their own; they
must be executed by users who believe they are legitimate
software.
What is a common method for ransomware to gain access to Ransomware commonly gains access through phishing emails,
systems? exploit kits, and by taking advantage of software vulnerabilities.
Question Answer

Can ransomware affect both individual and organizational Yes, ransomware can affect both individual users and entire
systems? organizational systems, often leading to significant data loss and
financial costs.
What is the main goal of spyware? The main goal of spyware is to gather sensitive information about
users without their knowledge, often for malicious purposes such
as data theft.
What is the significance of user consent in the context of User consent is significant as spyware operates covertly,
spyware? collecting data and monitoring activities without the user being
aware, violating their privacy and security.
What is Adware? Adware is software that displays advertisements based on the
user's online activity or behavior. It often tracks user data to serve
targeted ads, sometimes without the user's consent.
What is Grayware? Grayware refers to software that is neither fully benign nor
malicious. It behaves improperly and may cause annoyance or
unwanted behavior without causing serious harm to the system.
What are Rootkits? Rootkits are types of software designed specifically to gain
administrative control over a computer system without being
detected. They can be very difficult to identify and remove.
What is DLL Injection? DLL Injection is a technique where malicious code is inserted into
a running process on a Windows machine. This is done by
exploiting Dynamic Link Libraries (DLLs) that are loaded at
runtime.
What is Driver Manipulation? Driver manipulation is an attack strategy that compromises
kernel-mode device drivers, which operate with high privileges.
An attacker may place a shim between two components to
intercept and redirect calls.
How are rootkits typically activated? Rootkits are usually activated before the operating system boots
up, which makes them challenging to detect since they can
embed themselves into the system before any security measures
are initialized.
What is Spam in the context of electronic messaging? Spam is the term used to describe activities that abuse electronic
messaging systems, especially email. It often involves unsolicited
messages sent in bulk, typically for advertising purposes.
How do spammers exploit email systems? Spammers commonly exploit open mail relays within a
company’s email server. This allows them to send large volumes
of spam email without being easily traced or blocked.
What privileges do rootkits generally operate under? Rootkits typically operate under administrative or kernel-level
privileges, allowing them extensive access to the system and the
ability to manipulate its operations undetected.
What is the main purpose of a rootkit? The main purpose of a rootkit is to allow an attacker to maintain
persistent control over a compromised system, often remaining
undetected by standard security measures.
What does the CAN-SPAM Act of 2003 regulate? The CAN-SPAM Act of 2003 establishes rules for commercial
email, sets requirements for messages, gives recipients the right
to have emails stopped from being sent to them, and outlines
tough penalties for violations.
What is a virus in terms of malware? A virus is malicious code that infects a computer when a file is
opened or executed, often replicating and spreading to other files
and systems.
What differentiates a worm from a virus? A worm is similar to a virus in that it replicates, but unlike a virus,
a worm can self-replicate and does not need to attach itself to
existing programs or files.
Question Answer

What is a Trojan in malware terms? A Trojan appears to perform a legitimate function but secretly
also carries out malicious actions, making it deceptive in nature.
Define ransomware. Ransomware is a type of malware that takes control of a
computer or data, typically encrypting files, and demands
payment to restore access.
What is spyware? Spyware is software that collects information about a user without
their consent, often monitoring and transmitting browsing habits
or personal data.
What is a rootkit? A rootkit is a collection of software tools that enables an
unauthorized user to gain control of a computer system while
remaining undetected, often targeting the boot loader or kernel.
How is spam defined in the context of electronic communications?Spam refers to the abuse of electronic messaging systems to
send unsolicited, bulk messages, often for advertising purposes.
What is meant by the term 'threat vector'? A threat vector is a method used by an attacker to access a
victim's machine, representing the path through which an attack
can occur.
What is an attack vector? An attack vector is a specific method used by an attacker to gain
access to a victim's machine in order to infect it with malware.
What are common delivery methods for malware infections? Malware infections commonly start through infected software,
deceptive messaging, and malicious media downloads.
What is a Watering Hole attack in the context of malware? A Watering Hole attack is a type of cyberattack where the
attacker infects a commonly visited website to target specific
groups of individuals.
What is a Botnet? A Botnet is a collection of compromised computers, also known
as 'zombies', that are controlled by a master node. These
computers can perform malicious tasks as a group under the
command of the botnet controller.
What can Botnets be used for besides creating malware? Botnets can be utilized in various processor-intensive functions
and activities, such as distributed denial-of-service (DDoS)
attacks, spamming, and stealing personal information.
What is Active Interception? Active Interception occurs when a computer is placed between
the sender and receiver in a communication process, allowing it
to capture or modify the data traffic transmitted between them.
What is Privilege Escalation? Privilege Escalation is the exploitation of a design flaw or bug in a
system that allows a user to gain access to resources or features
that are typically restricted to normal users.
What is the purpose of a Backdoor in cybersecurity? Backdoors are malicious tools used to bypass normal security
and authentication processes, giving attackers unauthorized
access to a system.
What is a Remote Access Trojan (RAT)? A Remote Access Trojan (RAT) is a type of malware that is
installed by an attacker to maintain persistent access to a victim's
system, allowing them to control the machine remotely.
What is a Logic Bomb? A Logic Bomb is malicious code inserted into a software program
that executes only when certain predefined conditions are met,
potentially causing harm or data loss.
What is an Easter Egg in the context of software? An Easter Egg is a non-malicious hidden feature or message
within a software program or system. It is generally intended for
fun or as a secret acknowledgment by the developers.
Question Answer

What are the symptoms of a computer infection? Symptoms of a computer infection may include: 1. Strange
behavior of the computer. 2. Hard drives, files, or applications not
accessible. 3. Strange noises from the computer. 4. Unusual error
messages appearing. 5. Display looks strange or unusual. 6.
Jumbled printouts. 7. Double file extensions being displayed (e.g.,
textfile.txt.exe). 8. New files and folders created mysteriously or
existing files and folders missing/corrupted. 9. System Restore
not functioning.
What are the steps to remove malware from a computer? To remove malware from a computer, follow these steps: 1.
Identify symptoms of a malware infection. 2. Quarantine the
infected systems to prevent further damage. 3. Disable System
Restore if using a Windows machine to avoid re-infection from
restore points. 4. Remediate the infected system using antivirus
software or other malware removal tools. 5. Schedule automatic
updates and scans to protect against future infections. 6. Enable
System Restore and create a new restore point once the system
is clean. 7. Provide end-user security awareness training to
prevent future infections.
What are CompTIA's recommendations regarding insider jokes, According to CompTIA Security Study Notes, insider jokes,
hidden messages, or secret features in code? hidden messages, or secret features such as logic bombs and
Easter eggs should not be used in secure coding practices.
These can introduce unnecessary vulnerabilities or obfuscate the
code which may become a security risk.
How can one tell if a boot sector might be infected? Specific symptoms of a boot sector infection could include: 1. The
operating system fails to boot properly. 2. Boot error messages
appear on startup. 3. The system shows unexpected behaviors at
the boot-up stage.
What is the significance of creating a new restore point after Creating a new restore point after malware remediation is
malware remediation? significant because it establishes a clean backup of the system's
current state. This allows for recovery to a known good
configuration in the event of future issues.
What does it mean to quarantine infected systems in malware Quarantine infected systems refers to isolating the infected
removal? computers or files to prevent the malware from spreading or
causing additional harm while remediation efforts are initiated.
What are common signs of 'strange noises' from a computer that Common signs of strange noises from a computer that may
could indicate a malware infection? indicate a malware infection include: 1. Unusual beeping sounds
during operations. 2. Grinding or clicking noise coming from the
hard drive. 3. Sudden loud fan noises as the system works harder
in the presence of malware.
Why is it important to disable System Restore during malware It is important to disable System Restore during malware removal
removal? because the malware may reside in restore points. If System
Restore is on, the malware could be reintroduced to the system
when restoring to an earlier point.
What role does end-user security awareness training play in End-user security awareness training plays a crucial role in
preventing malware infections? preventing malware infections by educating users on safe
computing practices, recognizing potential threats, and
understanding how to respond to suspicious activity, thus
reducing the likelihood of user-initiated actions that could lead to
infections.
What is the first step if a virus is suspected on a computer? Reboot the computer from an external device and scan it for
viruses.
What are the main types of malware that need to be prevented? The main types of malware include viruses, worms, Trojans,
ransomware, spyware, rootkits, and spam.
How are worms, Trojans, and ransomware best detected? They are best detected with anti-malware solutions.
How can one detect a rootkit before it is installed? Scanners can detect a file containing a rootkit before it is
installed.
Question Answer

What is the best plan for rootkit removal? The best plan for rootkit removal is to reimage the machine.
What is a potential security issue with email servers? Email servers should not be configured as open mail relays or
SMTP open relays.
What are some practices to prevent email-related security issues?Remove email addresses from websites, use whitelists and
blacklists, and educate end users.
What is a recommended practice for anti-malware software? Update your anti-malware software automatically and regularly
scan your computer.
What should be updated and patched regularly to ensure The operating system and applications should be updated and
security? patched regularly.
What is important to educate and train end users on regarding End users should be educated and trained on safe Internet
security? surfing practices.
What types of devices or media are significant to security Removable media are significant to security applications and
applications? devices.
What should you always do with files on removable media? You should always encrypt files on removable media to protect
sensitive information.
What are Removable Media Controls? Removable Media Controls are technical limitations placed on a
system in regards to the utilization of USB storage devices and
other removable media.
What are some examples of administrative controls for removable Administrative controls for removable media include creating
media? policies and guidelines for the use of USB drives and other
removable storage within an organization.
What does NAS stand for and what is its function? NAS stands for Network Attached Storage, which refers to
storage devices that connect directly to an organization's
network. They often implement RAID arrays to ensure high
availability and data redundancy.
What is a Storage Area Network (SAN)? A SAN is a network designed specifically to perform block
storage functions. It may consist of various storage devices,
including NAS.
What are the key security measures you should use with NAS Key security measures for NAS systems include using data
systems? encryption and implementing proper authentication.
What is a software firewall? A software firewall is an application that protects a single
computer from unwanted Internet traffic by monitoring and
controlling incoming and outgoing network traffic based on
predetermined security rules.
What are some examples of host-based firewalls? Examples of host-based firewalls include Windows Firewall,
Windows PF, IPFW for OS X, and iptables for Linux.
What is an Intrusion Detection System (IDS)? An IDS is a device or software application that monitors a system
or network for malicious activities or policy violations. It alerts
administrators to potential threats.
How does a software firewall differ from a network firewall? A software firewall is installed on individual devices and protects
them from unwanted traffic, while a network firewall is typically
implemented at the network level to protect multiple devices.
What is RAID and how is it related to NAS? RAID stands for Redundant Array of Independent Disks, a
technology used in NAS systems to combine multiple disk drives
into a single unit for improved performance and redundancy.
What role does encryption play in storage security? Encryption transforms data into a coded format to prevent
unauthorized access, ensuring that even if a device is lost or
stolen, the data remains protected.
Why are software firewalls important for internet security? Software firewalls are important because they help protect
individual computers against malware, unauthorized access, and
other threats from the internet.
Question Answer

What functions can a NAS perform aside from data storage? In addition to data storage, a NAS can provide file sharing,
backup solutions, and media streaming services.
What types of devices can be part of a SAN? Devices in a SAN may include disk arrays, tape libraries, and
other storage devices, often connected via high-speed networks.
What does HIDS stand for and what is its primary function? HIDS stands for Host-based Intrusion Detection System. Its
primary function is to monitor and analyze the data passing
through a host in order to identify incidents or attacks.
What does NIDS stand for and how does it differ from HIDS? NIDS stands for Network-based Intrusion Detection System. The
key difference is that NIDS monitors and analyzes network traffic
across a network segment, while HIDS monitors and analyzes
data on individual hosts.
What are the three main detection methods used by IDS? The three main detection methods used by Intrusion Detection
Systems (IDS) are: 1. Signature-based - which uses specific
strings of bytes to trigger alerts. 2. Policy-based - which relies on
established security policies to identify violations. 3. Anomaly-
based - which analyzes current traffic against an established
baseline and triggers alerts for deviations.
Explain the signature-based detection method. Signature-based detection method involves monitoring network
traffic for specific patterns or strings of bytes known as
'signatures' that indicate malicious activity. When an incoming
string of bytes matches a known signature, an alert is triggered.
Describe what policy-based detection method entails. Policy-based detection method relies on predefined security
policies or rules. It triggers alerts when it detects actions or
events that violate these specified security policies, such as
unauthorized access attempts.
What is anomaly-based detection? Anomaly-based detection compares current traffic patterns to an
established baseline of normal behavior. If the current traffic
significantly deviates from this baseline, an alert is triggered,
indicating a potential security incident.
What are the types of alerts generated by Intrusion Detection The types of alerts generated by IDS are: 1. True positive -
Systems? Malicious activity is correctly identified as an attack. 2. False
positive - Legitimate activity is incorrectly identified as an attack.
3. True negative - Legitimate activity is correctly identified as
legitimate. 4. False negative - Malicious activity is incorrectly
identified as legitimate activity.
What is the primary function of an Intrusion Prevention System An Intrusion Prevention System (IPS) not only detects suspicious
(IPS)? activity but also actively takes steps to prevent further malicious
activity from being executed, which distinguishes it from an IDS
that only alerts and logs.
What role do HIDS logs play in incident response? HIDS logs are critical for incident response as they are used to
recreate events after an incident. They provide detailed records
of activities that occurred on the host, allowing security
professionals to analyze what happened during a potential attack.
How do IDS and IPS differ in their response to detected The main difference is that an IDS (Intrusion Detection System)
incidents? can only alert and log suspicious activities, while an IPS
(Intrusion Prevention System) is equipped to take action against
potential threats by blocking or stopping the malicious activities.
What are Pop-up Blockers and how do they function in web Pop-up blockers are features in most web browsers that enable
browsers? the blocking of JavaScript-created pop-ups. They help enhance
user experience by preventing disruptive pop-up windows from
appearing during web browsing.
Why might users choose to enable pop-ups on their browsers? Users may enable pop-ups because some websites require them
to function properly, such as for displaying essential information,
user alerts, or interactive content.
Question Answer

How could malicious attackers exploit pop-ups? Malicious attackers could exploit pop-ups by purchasing ads
through various pay-per-click networks, using them to create
deceptive content that may lead to phishing or malware sites.
What are Content Filters in the context of web browsing? Content filters are mechanisms that block external files
containing JavaScript, images, or web pages from loading in a
browser, thereby protecting users from unwanted or harmful
content.
Why is it important to keep your browser and its extensions Keeping your browser and extensions updated is crucial for
updated regularly? security reasons, as updates often include patches for
vulnerabilities that can be exploited by attackers.
What is Data Loss Prevention (DLP)? Data Loss Prevention (DLP) is a strategy that monitors the data
of a system while it is in use, in transit, or at rest, aiming to detect
attempts to steal or misuse that data.
What are the two main types of DLP systems? The two main types of DLP systems are Endpoint DLP Systems
and Network DLP Systems.
Describe Endpoint DLP Systems. What do they do? Endpoint DLP Systems are software-based client solutions that
monitor the data in use on a computer. They can stop a file
transfer or alert an administrator when an unauthorized data
transfer occurs.
What is a Network DLP System? A Network DLP System is a software or hardware-based solution
installed on the perimeter of a network to monitor and detect data
in transit, protecting sensitive information from leaving the
network.
What types of data does DLP monitor? DLP monitors data that is in use (actively being worked on), in
transit (being sent or received), and at rest (stored on a device),
in order to safeguard sensitive information.
What is a DLP System Software and where is it installed? DLP System Software is installed on servers in the datacenter to
inspect the data at rest.
What is a Cloud DLP System? Cloud DLP System is a cloud software as a service that protects
data being stored in cloud services.
What does BIOS stand for and what is its primary function? BIOS stands for Basic Input Output System. Its primary function
is to provide the computer instructions for how to accept input
and send output.
What does UEFI stand for, and how is it related to BIOS? UEFI stands for Unified Extensible Firmware Interface. BIOS and
UEFI are used interchangeably in the context of the lesson.
What are the steps to secure the BIOS? List them. 1. Flash the BIOS 2. Use a BIOS password 3. Configure the BIOS
boot order 4. Disable external ports and devices 5. Enable the
secure boot option.
What are the considerations regarding removable media in Removable media should always have encrypted files to protect
security? sensitive data.
What are Removable Media Controls? Removable Media Controls are technical limitations placed on a
system regarding the utilization of USB storage devices and
other removable media, often enforced through policy.
What does NAS stand for and what is it used for? NAS stands for Network Attached Storage. It is used to provide
shared storage over a network.
Why is it important to encrypt files on removable media? It is important to encrypt files on removable media because it
protects sensitive information against unauthorized access if the
media is lost or stolen.
What administrative controls can be created regarding removable Administrative controls can include policies that dictate the use,
media? restrictions, and security measures to be implemented for
removable media.
Question Answer

How can BIOS boot order be configured? The BIOS boot order can be configured by accessing the BIOS
setup during system boot and modifying the sequence in which
the system checks devices for bootable media.
What is Secure Boot and how does it enhance security? Secure Boot is a UEFI firmware feature that ensures that the
system only boots using software that is trusted by the OEM,
enhancing the security against unauthorized firmware or software.
What types of devices are affected by external port security External port security settings in BIOS can affect devices such as
settings in BIOS? USB storage devices, external hard drives, and other removable
media.
What are some examples of removable media? Examples of removable media include USB flash drives, external
hard drives, CDs/DVDs, and SD cards.
How are administrative controls enforced regarding removable Administrative controls are enforced through the implementation
media in an organization? of policies outlining acceptable use, monitoring practices, and
security protocols for removable media.
What is the significance of 'flashing' the BIOS? Flashing the BIOS refers to updating the BIOS firmware to the
latest version, which can improve system stability, add
compatibility with hardware, and implement security fixes.
What is a NAS system and what function does it serve within an NAS (Network Attached Storage) systems connect directly to an
organization's network? organization's network to provide centralized storage that can be
easily accessed by multiple users or devices on the network.
What is the primary function of RAID arrays implemented in NAS RAID (Redundant Array of Independent Disks) arrays are
systems? implemented in NAS systems to ensure high availability and data
redundancy. They combine multiple disk drives into a single unit
to provide reliability and protect against data loss.
What is a Storage Area Network (SAN) and how does it differ A Storage Area Network (SAN) is a network designed specifically
from NAS? to handle block storage functions and can consist of NAS devices
among other storage devices. Unlike NAS, which is file-based
and primarily serves data files over a network, SAN focuses on
block-level storage and can provide a higher performance for
applications that require fast data access.
What are the three best practices for securing NAS access? 1. Use data encryption to protect data at rest and in transit. 2.
Implement proper authentication measures to control access. 3.
Log NAS access to monitor and audit user activity on the system.
What is disk encryption and how does it secure data? Disk encryption involves scrambling data into unreadable
information, making it accessible only to those who have the
decryption key. This protects sensitive information from
unauthorized access, especially if the storage device is lost or
stolen.
What is a Self-Encrypting Drive (SED)? A Self-Encrypting Drive (SED) is a storage device that performs
whole disk encryption using embedded hardware. This type of
drive automatically encrypts and decrypts data at the hardware
level without requiring software intervention.
What are the common examples of encryption software for disk Common examples of encryption software for disk encryption
encryption? include FileVault (for macOS) and BitLocker (for Windows). They
provide easy-to-use interfaces for encrypting the entire disk.
What is a Trusted Platform Module (TPM) and what role does it A Trusted Platform Module (TPM) is a chip residing on the
play in encryption? motherboard that contains an encryption key used to perform
secure encryption and decryption functions. If a motherboard
lacks a TPM, an external USB drive can be used as the key.
Explain the Advanced Encryption Standard (AES). The Advanced Encryption Standard (AES) is a symmetric key
encryption algorithm that allows for 128-bit and 256-bit key
lengths. AES is widely used for securing sensitive data due to its
strength and efficiency.
Question Answer

What is the trade-off of using encryption techniques like AES? While encryption adds an essential layer of security to data
protection, it often results in lower performance due to the
additional computational resources required to encrypt and
decrypt data.
What is a Hardware Security Module (HSM) and its function? A Hardware Security Module (HSM) is a physical device that acts
as a secure cryptoprocessor, providing strong security for
cryptographic keys and executing cryptographic operations.
HSMs are often used in servers and other systems to enhance
security for sensitive data handling.
What is WiFi Protected Access 2 (WPA2)? WPA2 is the highest level of wireless security, providing robust
data protection and network access control.
What encryption standard does WPA2 utilize? WPA2 utilizes the Advanced Encryption Standard (AES) for
encryption purposes, ensuring secure data transmission.
What is Bluetooth pairing and how does it enhance security? Bluetooth pairing creates a shared link key to encrypt the
connection between two devices, providing a secure
communication channel.
Why are wired devices generally considered more secure than Wired devices are almost always more secure than wireless ones
wireless devices? due to the reduced risk of interception and unauthorized access
associated with wireless communications.
What are some essential security practices for mobile malware 1. Ensure your mobile device is patched and updated. 2. Only
protection? install apps from the official App Store or Play Store. 3. Avoid
jailbreaking or rooting the device. 4. Refrain from using custom
firmware or custom ROMs. 5. Always update your phone's
operating system.
What is a Subscriber Identity Module (SIM)? A SIM is an integrated circuit that securely stores the
International Mobile Subscriber Identity (IMSI) number and its
related key for mobile networks.
What is SIM cloning and what are its implications? SIM cloning allows two phones to utilize the same service,
enabling an attacker to gain access to the phone's data, which
poses significant security risks.
What characteristic of SIM v1 cards made them easy to clone? SIM v1 cards were easy to clone due to their weaker security
measures compared to later versions of SIM cards.
What are the risks associated with jailbreaking or rooting a Jailbreaking or rooting a mobile device can expose it to security
mobile device? vulnerabilities, making it easier for malicious software to gain
access to sensitive data and bypass security features.
Why is it important to only load apps from official stores? Loading apps only from official stores minimizes the risk of
installing malicious software which could compromise the
security of the device.
What should users prioritize when updating their phone's Users should prioritize timely updates to patch security
operating system? vulnerabilities and improve the overall security of their mobile
device.
What are newer SIM v2 cards and why are they harder to clone? Newer SIM v2 cards incorporate advanced security features and
encryption methods that make cloning more difficult. They often
use a stronger algorithm for storing and transmitting data, which
increases the complexity of duplicating the card.
What is Bluejacking? Bluejacking is the act of sending unsolicited messages to
Bluetooth-enabled devices. It typically involves sending text
messages to nearby devices without prior consent, often using
the device's contact feature.
What is Bluesnarfing? Bluesnarfing is an unauthorized access attack where an
individual gains access to information from a wireless device over
a Bluetooth connection. This attack can lead to the retrieval of
sensitive information such as contacts, calendar entries, and text
messages.
Question Answer

What is the difference between Bluejacking and Bluesnarfing? The difference is that Bluejacking sends unsolicited information to
a device, while Bluesnarfing takes or retrieves information from a
device without authorization.
What steps should you take to ensure your mobile device is Ensure your device is backed up, do not attempt to recover your
protected from theft? device alone if it is stolen, use Remote Lock features that require
a PIN or password, and employ Remote Wipe to remotely erase
contents if necessary.
What is Remote Lock? Remote Lock is a security feature that requires a PIN or
password to gain access to a device, ensuring that if a device is
lost or stolen, unauthorized users cannot access the information.
What is Remote Wipe? Remote Wipe is a security feature that allows a user to erase all
contents on a mobile device remotely, helping prevent sensitive
information from being recovered by unauthorized individuals.
What are some best practices for securing mobile apps? Only install apps from official mobile stores, keep software
updated, use two-factor authentication where possible, and
regularly review app permissions.
What does TLS stand for and what is its purpose? TLS stands for Transport Layer Security. It is a cryptographic
protocol designed to provide secure communication over a
computer network, primarily used to ensure the privacy and
integrity of data transmitted over the internet.
What is Mobile Device Management (MDM)? Mobile Device Management (MDM) is a centralized software
solution that enables system administrators to create, enforce,
and manage policies across mobile devices, ensuring security
and compliance within an organization.
What should you be cautious about when posting phone Be careful with where you post phone numbers as it can lead to
numbers online? increased vulnerability to spam, scams, or unwanted contact,
including phishing attempts.
What does geotagging refer to? Geotagging is the embedding of geolocation coordinates into a
piece of data, such as a photo, allowing the exact location where
the data was created to be identified.
Why should geotagging be considered when developing Geotagging can expose sensitive information about the location
organization security policies? of employees, operations, or sensitive sites, potentially making an
organization vulnerable to unwanted attention or attacks, so it is
essential to address it in security policies.
What is BYOD and what security issues does it introduce? BYOD stands for Bring Your Own Device, which allows
employees to use their personal devices for work purposes. It
introduces security issues such as data breaches, loss of control
over sensitive company data, and difficulties in ensuring
compliance with security policies.
What is the concept of storage segmentation in the context of Storage segmentation involves creating a clear separation
BYOD? between personal and company data on a single device to
prevent unauthorized access to sensitive company information.
What is Mobile Device Management (MDM)? Mobile Device Management (MDM) is a centralized software
solution that enables organizations to remotely administer and
configure mobile devices, enhancing security and compliance.
What does CYOD stand for and how is it related to mobile device CYOD stands for Choose Your Own Device, a policy that allows
policy? employees to choose from a list of approved devices to use for
work, improving security by ensuring devices meet the
organization’s security standards.
What measures can be taken to ensure mobile devices are To harden mobile devices, the following measures should be
properly secured (hardening)? taken: 1) Update the device to the latest software version; 2)
Install antivirus software; 3) Train users on proper security
practices; 4) Only install apps from official mobile stores; 5) Avoid
rooting or jailbreaking the device.
Question Answer

What is the importance of updating a device to the latest software Updating a device to the latest software version is crucial as it
version? often includes security patches that protect against newly
discovered vulnerabilities, reducing the risk of exploitation.
Why is it important to install antivirus software on mobile devices? Installing antivirus software on mobile devices helps protect
against malware, viruses, and other cyber threats that can
compromise the device and potentially access sensitive
information.
How can organizations ensure a good security policy for mobile Organizations can ensure a good security policy for mobile
devices? devices by implementing guidelines for secure device usage,
conducting regular security audits, ensuring MDM solutions are in
place, and providing training for employees on security best
practices.
What are the risks associated with downloading apps from Downloading apps from unofficial sources can lead to the
unofficial sources? installation of malicious software that compromises the security
of the device, potentially leading to data breaches and other
security incidents.
What is the importance of using only v2 SIM cards with devices? Using only v2 SIM cards ensures compatibility with certain
security features and avoids potential vulnerabilities associated
with older SIM card versions. It enhances security and protects
the device against unauthorized access.
List the steps that should be taken to secure mobile devices in an 1. Jailbreak devices only when necessary and use only v2 SIM
organization. cards. 2. Turn off all unnecessary features. 3. Turn on encryption
for voice and data. 4. Use strong passwords or biometrics. 5. Do
not allow BYOD (Bring Your Own Device). 6. Ensure the
organization has a comprehensive security policy for mobile
devices.
What does hardening an operating system involve? Hardening involves configuring an operating system securely by
performing updates, creating rules and policies for governance,
and removing unnecessary applications and services to improve
security.
What are the goals of hardening an operating system? The goals of hardening an operating system are to reduce the
attack surface, minimize vulnerabilities, and thus mitigate risks
associated with security threats.
Explain the concept of 'Least Functionality' in security. Least Functionality refers to the practice of configuring a system,
such as a workstation or server, to provide only the essential
applications and services required by the user or organization,
thus reducing potential points of attack.
Why is it important to utilize a secure baseline image when Using a secure baseline image ensures that newly added
adding new computers? computers have a pre-configured, secure state that adheres to
organizational security policies, reducing the likelihood of
introducing vulnerabilities.
What is Microsoft’s System Center Configuration Manager SCCM is used for managing large groups of computers, allowing
(SCCM) used for? for deployment of applications, updates, and security baselines,
thus aiding in the hardening process of operating systems.
What are unnecessary applications and why should they be Unnecessary applications are programs that are not needed for
removed? the primary functions of a workstation or server. They should be
removed to reduce the potential attack surface, minimize
vulnerabilities, and enhance overall system security.
What are the potential risks of using a device without The risks include unauthorized access, data breaches, malware
implementing proper security measures? infections, loss of sensitive information, and exploitation of
system vulnerabilities.
How can encryption for voice and data enhance mobile security? Encryption protects sensitive information transmitted over mobile
networks by converting it into an unreadable format for
unauthorized users, thus ensuring confidentiality and integrity of
the data.
Question Answer

What is the significance of using strong passwords or biometrics Strong passwords and biometrics enhance device security by
for mobile devices? requiring robust user authentication, making it significantly harder
for unauthorized users to gain access to the device.
What is the principle behind Application Whitelisting? Application Whitelisting is a security practice that allows only
applications on a predetermined list to run on the operating
system, blocking all other applications from executing. This
approach enhances security by controlling which software can be
installed and used.
What is Application Blacklisting? Application Blacklisting is a security mechanism where specific
applications are explicitly banned from running on an operating
system. All other applications not on the blacklist are permitted,
allowing for a more flexible application environment while limiting
the risk from known harmful applications.
How can whitelisting and blacklisting be managed? Both whitelisting and blacklisting can be centrally managed,
allowing administrators to easily update, monitor, and enforce
security policies across multiple systems or networks effectively.
What are unnecessary services in the context of an operating Unnecessary services refer to any operating system services that
system? are not essential for the system's function and can pose security
risks. It is recommended to disable these services to reduce
potential attack surfaces.
Define a Trusted Operating System (TOS). A Trusted Operating System (TOS) is an operating system that
meets certain government-defined security criteria, designed to
provide multilevel security. It ensures that access controls and
data protection measures are enforced.
What are some examples of Trusted Operating Systems? Examples of Trusted Operating Systems include: Windows 7 and
newer, Mac OS X 10.6 and newer, FreeBSD with TrustedBSD
extensions, and Red Hat Enterprise Server.
Why is it important to identify the current version and build of an Identifying the current version and build of an operating system
operating system before updating? before updating is crucial to ensure compatibility with new
updates or patches, to avoid system issues and to ensure that
the new version includes necessary security enhancements or
bug fixes.
What is a software patch? A software patch is a piece of code designed to fix issues,
vulnerabilities, or bugs in an operating system or application. It is
usually targeted at addressing a specific problem.
What is a hotfix? A hotfix is a specific type of software patch that is designed to
address a particular issue or bug in software immediately.
Hotfixes are typically urgent fixes applied to resolve critical
problems and might not go through the standard testing
processes.
Discuss the advantages of using Application Whitelist vs Using Application Whitelisting offers enhanced security by
Application Blacklist. ensuring only known safe applications can run, reducing the risk
of malware. In contrast, an Application Blacklist allows more
flexibility since all non-blacklisted applications can run, but it
relies on regularly updating the blacklist to prevent malicious
software from executing.
What are the potential risks of leaving unnecessary services Leaving unnecessary services enabled may expose the operating
enabled on an operating system? system to security vulnerabilities, as each service can potentially
provide an attack vector for malicious users. It can also lead to
performance issues and increased resource consumption.
What criteria must an operating system meet to be considered a To be considered a Trusted Operating System by the
Trusted Operating System by the government? government, the OS must meet specific security requirements
such as access controls, data integrity, audit capabilities, and the
enforcement of security policies at multiple levels.
Question Answer

How can administrators ensure their systems are running Trusted Administrators can ensure their systems run Trusted Operating
Operating Systems? Systems by regularly verifying the OS version, applying
necessary updates, and making sure the OS complies with
required security standards and certifications.
What are patches and hotfixes? Patches and hotfixes are types of software updates that are used
interchangeably by most manufacturers to address software
issues.
What is a Security Update? Security Update is software code that is issued for a product to
address specific security-related vulnerabilities.
What is a Critical Update? Critical Update is software code designed to address a specific
problem that is critical in nature but not necessarily related to
security.
Define a Service Pack. Service Pack is a tested, cumulative grouping of patches,
hotfixes, security updates, critical updates, and possibly some
feature or design changes.
What does Windows Update do? Windows Update provides recommended updates to fix non-
critical problems that users have found, as well as to provide
additional features or capabilities.
What is a Driver Update? A Driver Update is an updated device driver designed to fix a
security issue or add a feature to a supported piece of hardware.
What program does Windows 10 use to manage updates? Windows 10 uses the Windows Update program, invoked via
'wuapp.exe', to manage updates.
What is Patch Management? Patch Management is the process of planning, testing,
implementing, and auditing software patches.
What are the steps involved in the Patch Management process? The steps in the Patch Management process include: Planning,
Testing, Implementing, and Auditing.
Why is planning important in the Patch Management process? Planning is important as it ensures that patching is done
efficiently without disrupting the operations and that all necessary
updates are identified.
What is the importance of Testing in the Patch Management Testing is crucial to ensure that the patches work as intended and
process? do not introduce new issues into the system.
What does Implementing involve in the Patch Management Implementing involves deploying the software patches across
process? relevant systems once they have been tested and verified.
What is the purpose of Auditing in the Patch Management Auditing is done to verify that patches have been applied
process? successfully and to confirm that systems are secure and up to
date.
What is the importance of testing patches before deployment? Testing a patch prior to automated deployment ensures that it
does not introduce any new issues or conflicts. This helps
maintain system stability and security.
How can patches be deployed to clients? Patches can be deployed either manually or automatically to all
clients, ensuring that they implement the necessary updates.
How do large organizations typically manage updates? Large organizations often centrally manage updates through an
update server, allowing for efficient deployment and monitoring of
patches across multiple systems.
What service should be disabled to prevent Windows Update The 'wuauserv' service should be disabled to prevent Windows
from running automatically? Update from running automatically on Windows systems.
Why is it important to audit client status after patch deployment? Auditing the client status after patch deployment is important to
verify that the patches have been applied successfully and that
there are no remaining vulnerabilities.
What patch management systems do Linux and OSX have? Linux and OSX both have built-in patch management systems
that help manage software updates and system patches.
Question Answer

What is Group Policy? Group Policy is a set of rules or policies that can be applied to a
set of users or computer accounts within the operating system to
manage their configuration and behavior.
How can you access the Group Policy Editor in Windows? You can access the Group Policy Editor by opening the Run
prompt and typing 'gpedit'.
What aspects can be configured using Group Policy? Group Policy can configure various aspects such as password
complexity, account lockout policy, software restrictions, and
application restrictions.
How does Group Policy differ in Active Directory domain Active Directory domain controllers contain a more advanced
controllers? Group Policy Editor that allows for centralized management and
more granular control over multiple user or computer accounts.
What is a Security Template in the context of Group Policy? A Security Template is a group of policies that define security
settings for resources within a network or system, allowing
administrators to standardize security configurations.
What is the purpose of Group Policy Objectives (GPOs)? GPOs aid in the hardening of the operating system by applying
security settings and configurations systematically across
computers in a network.
What is the Baselining process in IT security? The Baselining process involves measuring and establishing
what is considered normal in the network, hardware, and
software environment, which enables the identification of
deviations from this norm.
Why is establishing a baseline important in a network Establishing a baseline is important because it allows
environment? administrators to detect changes or anomalies in the network that
could indicate security issues or system malfunctions.
Name some common file system types and their associated Common file system types include NTFS (Windows), FAT32
operating systems. (Windows), ext4 (Linux), HFS (Mac OS), and APFS (Mac OS).
What are the key features of NTFS (New Technology File NTFS supports logging, encryption, larger partition sizes, and
System)? larger file sizes compared to FAT32, making it a more secure and
capable file system for Windows.
What file system does Linux typically utilize? Linux systems typically use the ext4 file system.
What file system is recommended for macOS systems? macOS systems should use the APFS (Apple File System).
What is the implication of hard drive failure in systems? All hard drives will eventually fail; therefore, it is crucial to
implement maintenance and backup strategies.
List some essential maintenance actions to prevent hard drive 1. Remove temporary files using Disk Cleanup. 2. Conduct
issues. periodic system file checks. 3. Defragment your disk drive. 4.
Back up your data. 5. Use and practice restoration techniques.
What is the importance of backup in system maintenance? Regular backups are crucial to protect against data loss due to
hardware failure, corruption, or accidental deletion.
Explain the role of Disk Cleanup in system maintenance. Disk Cleanup helps in removing temporary files and unnecessary
system files, thereby improving system performance and freeing
up space on the hard drive.
How does defragmentation improve hard drive performance? Defragmentation reorganizes fragmented data on the disk drive
so that it is stored in contiguous sections, which can significantly
improve read/write speeds and overall performance.
What are restoration techniques and why are they important? Restoration techniques involve processes to recover and restore
system files and data after a failure. They are important to ensure
data integrity and accessibility in case of system issues.
What is virtualization? Virtualization is the creation of a virtual resource. It allows for the
emulation of computer systems and their resources, enabling
multiple virtual environments to operate on a single physical
machine.
Question Answer

What is a virtual machine (VM)? A virtual machine is a container for an emulated computer that
runs an entire operating system. It acts as a complete system
separate from the host machine.
What are the two main types of virtual machines? 1. System Virtual Machines: These are complete platforms
designed to replace an entire physical computer and include a
full desktop or server operating system.
2. Processor Virtual Machines: These are designed to run a
single process or application, such as a virtualized web browser
or a simple web server.
Why is virtualization important for data centers? Virtualization continues to rise in order to reduce the physical
requirements for data centers, allowing for better resource
allocation and usage of hardware.
What is a hypervisor and its role in virtualization? A hypervisor is software that manages the distribution of the
physical resources of a host machine (server) to the virtual
machines (guests) being run on it.
What are the two types of hypervisors? 1. Type I hypervisors (bare-metal): These are installed directly on
the physical hardware and manage the host resources more
efficiently than Type II hypervisors.
2. Type II hypervisors (hosted): These run on top of an existing
operating system and require the underlying OS to manage the
hardware resources.
What is container-based application containerization? Container-based application containerization involves sharing a
single operating system kernel across multiple virtual machines
while allowing each container to have its own separate
environment.
What are the advantages of using a Type I hypervisor over a Type I hypervisors are generally more efficient than Type II
Type II hypervisor? hypervisors because they manage hardware resources directly,
leading to better performance, lower latency, and improved
scalability.
What is a Virtual Machine (VM)? A Virtual Machine (VM) is a software-based simulation of a
physical computer that runs an operating system and
applications just like a physical computer. VMs receive their own
user space for programs and data.
What is containerization and its advantage? Containerization is a lightweight alternative to full machine
virtualization that allows for rapid and efficient deployment of
distributed applications. It packages applications and their
dependencies into containers, which can be deployed instantly.
What are some popular tools for containerization? Some popular tools for containerization include Docker, Parallels
Virtuozzo, and OpenVZ.
What does VM Escape mean? VM Escape is a type of attack that allows an attacker to break out
of a normally isolated VM and interact directly with the
hypervisor, compromising the security of the host system.
What does it mean for VMs to be separated by default? By default, virtual machines (VMs) are isolated from one another.
This separation means that processes or operations in one VM
cannot directly affect other VMs on the same host system.
What is Elasticity in the context of VMs? Elasticity refers to the capability of a VM to scale up or down
automatically based on user demand and workload requirements,
allowing for efficient resource utilization.
What are Data Remnants in relation to VMs? Data Remnants are the residual data that may remain on a cloud-
based server as deleted files after a virtual machine has been
deprovisioned. This can pose security risks if sensitive data is not
properly erased.
Question Answer

What is Privilege Elevation? Privilege Elevation occurs when a user is able to grant
themselves the ability to perform functions or access data at a
higher security level than they are authorized for.
What is Live Migration of a VM? Live Migration is the process of moving a VM from one physical
server to another over a network while the VM is still running,
without disconnection or downtime.
What security measures are used to secure VMs? Securing VMs involves many of the same security measures
used for physical servers, including limiting connectivity between
the VM and the host, and removing unnecessary pieces of virtual
hardware.
Why is it important to limit connectivity between a VM and its Limiting connectivity between a VM and its host is important to
host? prevent unauthorized access and vulnerabilities that could
expose the host system or other VMs to security threats.
What actions can help secure a VM environment post- Actions to secure a VM environment include regularly updating
deployment? software, implementing network segmentation, conducting
regular security audits, and using firewalls and intrusion detection
systems.
How do virtualization technologies isolate VMs effectively? Virtualization technologies isolate VMs by creating separate user
spaces and resource pools for each VM, ensuring that processes
running in one VM do not directly interfere with processes in
another.
What risks do data remnants pose in a virtual machine context? Data remnants pose risks of data leakage and potential
unauthorized access to sensitive information, as deleted files
may still be retrievable if proper data sanitization methods are not
applied.
How can live migration impact application availability? Live migration, when executed correctly, can enhance application
availability by allowing continuous operation and load balancing,
thus minimizing downtime during maintenance or resource
allocation.
What is the importance of proper patch management in Proper patch management is critical for keeping the guest
virtualization? operating systems of virtual machines secure. It involves
regularly updating software and applying patches to
vulnerabilities to mitigate security risks.
What is virtualization sprawl? Virtualization sprawl refers to the uncontrolled growth and use of
virtual machines without proper management or oversight by
system administrators, leading to potential security risks and
resource inefficiencies.
What should you do to ensure your web browser's security? To ensure your web browser's security, you should keep it up-to-
date with the latest patches, but be cautious not to adopt the
newest version immediately to avoid potential issues.
What factors should be considered when choosing a web When selecting a web browser, consider factors such as security
browser for security? features, regular updates, reputation for handling vulnerabilities,
and user privacy options.
What is the first step for enhancing general security for web The first step is to implement policies that define acceptable
browsers? browsing behavior and outline security measures, serving as
either administrative or technical controls.
How can user training prevent security issues within an User training helps employees recognize security threats and
organization? follow safe browsing practices, which reduces the likelihood of
security breaches caused by user error.
What is the role of a proxy in web browsing security? Proxies serve to cache websites to reduce server requests and
bandwidth usage. They also can act as content filters to block
access to specific websites or categories that are deemed
inappropriate or harmful.
Question Answer

What configurations can help prevent malicious code in web Configure browsers to block pop-ups, disable JavaScript for
browsers? untrusted sites, and use extensions or settings that prevent the
execution of potentially harmful script executions.
What are content filters and how are they beneficial? Content filters are tools used to block access to specific websites
or categories of sites, enhancing security by reducing exposure
to potentially harmful or non-compliant content.
What should organizations do to maintain web browser security? Organizations should regularly conduct security assessments,
update browser policies, train users on security best practices,
and utilize proxy content filtering to maintain browser security.
What are ActiveX controls? ActiveX controls are software frameworks created by Microsoft
that allow interactive content to be embedded in web pages. They
enable various functionalities, including multimedia playback,
interactive forms, and data access.
What is the purpose of Java applets? Java applets are small applications written in the Java
programming language that can be embedded in web pages.
They execute in a web browser to provide interactive features,
enhancing user experience.
What is JavaScript and how is it used in web browsers? JavaScript is a scripting language used to create dynamic and
interactive web content. It allows developers to manipulate HTML,
handle events, validate forms, and communicate with servers
asynchronously.
What is Adobe Flash and what was its role in web content? Adobe Flash was a multimedia software platform used to create
animations, web applications, and interactive content. It provided
rich graphics and video but has been deprecated due to security
vulnerabilities and the rise of HTML5.
What are cookies in the context of web browsers? Cookies are small text files stored on a user's computer by a web
browser. They store information about users' browsing habits,
such as login credentials, preferences, and tracking data.
What is a Locally Shared Object (LSO)? LSOs, also known as Flash cookies, are data files used by Adobe
Flash to store information on a user's computer. They enable
persistent storage for Flash applications, found inside the Flash
folder within the AppData directory.
What are browser add-ons? Add-ons are smaller extensions or plugins installed in a web
browser to provide additional functionalities, such as ad-blocking,
enhanced security, or improved user interface options.
What are Advanced Security Options in web browsers? Advanced Security Options refer to configurations and settings
within web browsers that pertain to security measures, such as
SSL/TLS settings, management of local storage cache size, and
browsing history control.
How can passwords be used to secure applications? Passwords act as a primary line of defense to protect the
contents of applications and documents by requiring users to
authenticate their identity before gaining access.
What is the function of digital signatures and digital certificates in Digital signatures and digital certificates are utilized in MS
MS Outlook? Outlook for email security to verify the authenticity of the sender
and ensure that the message content has not been tampered
with during transmission.
What is User Account Control (UAC) and its purpose? User Account Control is a security feature in Windows that helps
prevent unauthorized changes to the operating system. It
prompts users for permission or an administrator password when
a program tries to make changes that require elevated privileges.
What is the Software Development Life Cycle (SDLC)? The Software Development Life Cycle (SDLC) is an organized
process that focuses on developing a secure application
throughout the entire life of a project.
Question Answer

What is Agile Software Development? Agile Software Development is a methodology where

development is performed in time-boxed or small increments,
allowing for more adaptability to change.
What is DevOps in the context of software development? DevOps is a set of practices that combine software development
(Dev) and information technology operations (Ops), aiming to
shorten the development life cycle and deliver high-quality
software continuously.
What are the three core principles of SDLC that developers The three core principles of SDLC are:
should always remember? 1. Confidentiality: Ensuring that only authorized users can access
the data.
2. Integrity: Ensuring that the data is not modified or altered
without permission.
3. Availability: Ensuring that data is available to authorized users
when it is needed.
What is threat modeling in software development? Threat modeling is a process that helps identify, prioritize, and
mitigate vulnerabilities in software applications by assessing
potential threats and their impact on the system.
What does the principle of Least Privilege entail in software The principle of Least Privilege entails that users and processes
development? should operate using the minimum amount of access rights
necessary to perform their functions, which helps reduce the risk
of unauthorized access to resources.
How does confidentiality contribute to secure software Confidentiality in secure software development ensures that
development? sensitive information is only accessible to individuals who are
authorized, thereby protecting data from unauthorized access
and breaches.
Why is integrity important in software development? Integrity is crucial in software development as it ensures the
accuracy and consistency of data, preventing unauthorized
modifications that could lead to data corruption or security
breaches.
What role does availability play in secure software development? Availability ensures that data and resources are accessible to
authorized users whenever needed, which is essential for
maintaining the functionality and reliability of software systems.
What is the relationship between SDLC and security in software The relationship between SDLC and security in software
development? development lies in the integration of security practices
throughout the development process, ensuring that security
considerations are factored into each phase of the project life
cycle.
What is Defense in Depth in the context of security controls? Defense in Depth is a security strategy that employs multiple
layers of security controls to protect information and resources. It
is more effective and secure than relying on a single control
because it creates redundancy and diversifies the defense
mechanisms, making it harder for an attacker to bypass all layers.
Why is it important to never trust user input in application User input can be manipulated by malicious actors, leading to
security? potential security vulnerabilities. Therefore, all input received from
users should undergo strict input validation before being
processed by the application to ensure it conforms to expected
formats and does not contain harmful content.
What does it mean to minimize the attack surface of an Minimizing the attack surface refers to reducing the number of
application? potential vulnerabilities in an application by limiting the amount of
code used, eliminating unnecessary features, and requiring user
authentication before running additional plugins or functionalities.
What are secure defaults in application security? Secure defaults are configurations that come pre-set in
applications, ensuring that they are secure upon installation
without requiring any additional configuration by administrators or
users. This minimizes the risk of vulnerable configurations being
established by mistake.
Question Answer

How can authenticity and integrity be ensured in applications? Authenticity and integrity can be ensured through code signing.
This process involves generating a digital signature for the code,
allowing users and systems to verify that the application has not
been changed inadvertently or maliciously prior to its delivery.
What does it mean for applications to fail securely? Failing securely means that when an application encounters an
error or exception, it handles the situation gracefully without
exposing vulnerabilities or crashing. Proper error handling
ensures that sensitive information is not revealed and that the
application remains in a secure state even in failure conditions.
What should be done if a vulnerability is identified in a system? If a vulnerability is identified, it should be quickly and correctly
patched to remove the vulnerability.
Why is it important to rely on trusted SDKs (Software Trusted SDKs must come from a reliable source to ensure that no
Development Kits)? malicious code is being introduced into the software.
What is system testing? System testing is the process of evaluating the complete and
integrated software product to ensure that it meets specified
requirements.
What is black-box testing? Black-box testing occurs when a tester is not provided with any
information about the system or program prior to conducting the
test, focusing solely on input and output.
What is white-box testing? White-box testing occurs when a tester is provided full details of a
system, including source code, diagrams, and user credentials,
allowing for an in-depth examination of the internal logic and
workings of the software.
What is the primary focus of black-box testing? The primary focus of black-box testing is to validate functionality
from an external user perspective without knowledge of internal
code structure.
What is the primary focus of white-box testing? The primary focus of white-box testing is to verify the internal
workings and logic of the software to ensure that all possible
paths and conditions have been tested.
What are the potential risks of using SDKs from untrusted Using SDKs from untrusted sources can introduce vulnerabilities,
sources? backdoors, or malicious code into the application, potentially
compromising security and integrity.
What steps should be taken after patching a vulnerability? After patching a vulnerability, it is essential to conduct regression
testing to ensure that the patch did not introduce new issues and
that the system is functioning as expected.
What types of testing might be included in a comprehensive A comprehensive testing strategy may include system testing,
testing strategy? unit testing, integration testing, performance testing, security
testing, and user acceptance testing.