Chapter Two Labs / Kevin Kirch
CompTIA Security+
Due Next Week: Chapter 3 Questions

Lab 2.1 Review Questions

  1. Which of the following categories of malware is recorded in AVG’s scan results? (Choose all that apply.)
  1. Infections
  2. Worms
  3. Spyware
  4. Rootkits

Answer:(A) Infections, (B) Worms, (C) Spyware, (D) Rootkits

  1. Which of the following actions in response to malware is supported by Windows Defender? (Choose all that apply.)
  1. Remove
  2. Quarantine
  3. Disinfect
  4. Allow

Answer:(A) Remove, (B) Quarantine, (D) Allow

  1. Which of the following statements is true about the responses of Windows Defender and AVG in Lab 2.1?
  1. Windows Defender updates itself automatically.
  2. AVG Free Edition is able to detect the eicar virus even when the eicar file is compressed.
  3. Windows Defender is able to detect the eicar virus even when the eicar file is compress.ed
  4. AVG Free Edition contains a software firewall.

Answer:(A), (B), (C), (D)

  1. Which of the following features is available on the commercial (payment required) version of AVG Anti-Virus? (Choose all that apply.)
  1. Anti-spam
  2. Identity protection
  3. Game mode
  4. Anti-rootkit

Answer:(A) Anti-spam, (C) Game Mode, (B) Identity Protection

  1. The Windows Defender advanced option, Use heuristics, directs Windows Defender to scan for malicious or unwanted software ___.
  1. In the contents of e-mail attachments
  2. In archive files such as .zip or .cab
  3. In the contents of removable drives such as USB flash drives
  4. By looking at items that partially match an existing definition

Answer:(D) By looking at items that partially match an existing definition

Lab 2.2 Review Questions

  1. In Process Explorer, the process shaded in light pink are ___.
  1. Exiting processes
  2. Dynamic-link libraries
  3. Child processes
  4. Services

Answer:(D) Services

  1. In Process Explorer, the processes shaded in purple are ___.
  1. Services
  2. Packed images
  3. Own processes
  4. .NET processes

Answer:(B) Packed images

  1. In this lab, Windows Firewall was disabled to allow the remote at command. If you wanted to activate Windows Firewall yet still allow the remote at command from Seven, you would need to determine the source and destination prots used for the transmission. Which command would you use to do so?
  1. Netstat
  2. Net use
  3. Nbtstat
  4. Netdiag

Answer:(A) Netstat

  1. What would be the effect of adding the option /interactive to the at command used in step 20 of the lab?
  1. The remote user would be prevented from modifying the Notepad file.
  2. The remote user would be unable to communicate with the system from which that at command was sent.
  3. Notepad would run on the remote system and would be visible on the remote user’s desktop.
  4. The local user would be able to modify the opened Notepad file remotely.

Answer:(C)

  1. Which of the following is a correct statement? (Choose all that apply.)
  1. Widows Server 2008 Windows Firewall filter both incoming and outgoing traffic.
  2. In order to configure Windows Server 2008 Windows Firewall to allow the at program, you should access the Windows Firewall Exceptions tab.
  3. Svchost.exe is a dynamic-link library that supports generic host processes and is responsible for arbitrating conflicts between locally running processes.
  4. If you see an unfamiliar process running on your system, you should use Process Explorer to terminate the process.

Answer: (A), (B)

Lab 2.3 Review Questions

  1. Which of the following statements regarding Sigcheck is correct? (Choose all that apply.)
  1. Sigcheck examines hidden files.
  2. Sigcheck only examines executable files.
  3. Sigcheck can be used to verify that a digital signature is authentic.
  4. Sigcheck can check for certificate revocation.

Answer: (C)Sigcheck can be used to verify that a digital signature is authentic, (D) Sigcheck can check for certificate revocation.

  1. Which option would you sue with Sigcheck to examine the current directory and all subdirectories?
  1. –d
  2. –sub
  3. –s
  4. –ls

Answer:(C) –S

  1. On the Sigcheck Web page, in the Usage section, the syntax for command usage is presented. In interpreting the syntax of a command, anything in square brackets ([]) indicates that the ___.
  1. Option is not required
  2. Option will be explained below
  3. Option can be entered either in uppercase and lowercase
  4. Options have to be used in alphabetical order]

Answer: (A) Option is not required

  1. The potential security issues addressed by Sigcheck apply to programs installed locally (from a CD or DVD) as well as programs downonloaded over the Interent. True or False?

Answer: True

  1. Which of the following is a utility developed by Sysinternals? (Choose all that apply.)
  1. Minesweeper
  2. Autoruns
  3. Process Explorer
  4. PsGetSid

Answer: (B) Autoruns, (C) Process Explorer, (D) PsGetSid

Lab 2.4 Review Questions

  1. Which of the following statements regarding validation of downloaded programs is correct? (Choose all that apply.)
  1. When the hashes of two files are the same, you can be assured that the two files are the same.
  2. When the hash of a program on the Internet is the same as the hash of the file you downloaded, you can be sure that the program does not contain malware.
  3. If you suspect the Web site offering downloads of the programs is not legitimate, it makes sense to e-mail or telephone the developer of the program and double-check the hash.
  4. When the hash of a program on the Internet is different from the hash of the file you downloaded, you can be sure that he program contains malware.

Answer: (A), (C)

  1. Which of the following is a useful way to decrease the chance of inadvertently installing malware? (Choose all that apply.)
  1. Scan the program file with anti-virus software.
  2. Shut down and then boot the system after the program is first installed.
  3. Check for reports of security problems with the program on technical newsgroups, e-mail lists, and Web sites that track program threats and vulnerabilities.
  4. Download programs only from reputable sites.

Answer: (A), (C), (D)

  1. You can determine the hash of a program in Windows Server 2008 by right-clicking the program file, selecting Properties, and accessing the Details tab. True or False?

Answer: False

  1. Which of the following is a reasonable way to increase system security? (Choose all that apply.)
  1. Use a program that automatically hashes your original operating system files periodically determine if an attacker has modified a system file.
  2. Boot the system from different Boot files (i.e., a resuce CD-ROM or dedicated USB flash drive), and then scan the system with a rootkit detector.
  3. Use an automatic hashing program to screen e-mails and instant messages.
  4. Back up your system regularly.

Answer: (A), (B), (C), (D)

  1. One weakness with comparing hashes to verify program integrity is the frequency of false positive results when, even though the two programs are the same, the filename has been modified. This will cause the hashes not to match. True or false?

Answer: True

Lab 2.5 Review Questions

  1. LDAP stands for ___.
  1. Limited Directory Access Protocol
  2. Lightweight Directory Access Protocol
  3. Local Directory Accessibility Protocol
  4. Local Domain Access Protocol

Answer: (B) Lightweight Directory Access Protocol

  1. The administrator of the first domain in a forest is called the ___.
  1. Primary Domain Administrator
  2. Forest Administror
  3. Enterprise Administrator
  4. Domain Administrator

Answer: (A) Primary Domain Administrator

  1. When a Windows Server 2008 forest is first created, the only user who can add or remove domains is the administrator of the first domain in the forest. True or False?

Answer: True

  1. In order to find the LDAP service, a client must access which type of DNS record?
  1. SRV
  2. MX
  3. NS
  4. PTR

Answer: (A) SRV

  1. Which of the following statements regarding AD DS is true? (Choose all that apply.)
  1. Installing the AD DS role creates a workgroup.
  2. Installing the AD DS role creates a domain controller.
  3. Installing the AD DS role creates a domain
  4. Installing the AD DS role creates neither a domain controller nor a domain.

Answer: (D) Installing the AD DS role creates neither a domain controller nor a domain.