Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Why is it more secure to require a user to press Ctrl+Alt+Delete to log on rather than
- displaying the Windows Welcome screen?
- Malware can sometimes display a false welcome screen to trick users into providing user account passwords. A more secure method of logon is to require the user to press Ctrl+Alt+Delete to get to a logon window.
- Which window in Control Panel is used to require a Windows password to wake up a
- sleeping computer?
- Power Options window
- Which two tools can be used to reset a Windows password for another user when using Windows 7 Home Premium?
- netplwiz command or the Control Panel to reset a password for another user.
- Why is PINE963$&apple not a strong password?
- Don't use words in any language
- Which link in the Windows Firewall window allows you to add a port to the list of exceptions allowed through the firewall?
- click Allow a program or feature through Windows Firewall
- Which policy in Group Policy must be enabled before you can monitor failed attempts at
- logging onto a Windows system?
- Audit logon event policy
- What hardware component is needed to set up BitLocker Encryption so that you can
- authenticate the computer?
- Motherboard chip called the TPM Trusted Platform Module chip.
- What Windows utility can you use to change the name of the built-in Administrator account?
- Group Policy
- What type of employee badge does not have to be swiped by a card reader to allow the
- employee through a door?
- RFID badge
- Which type of biometric data is considered the most secure?
- Retinal scanning
- Which is better to destroy sensitive data on a hard drive, a low-level format, drill, or degausser?
- The degausser
- What tool is best to use when destroying data on an SSD drive? Where can you get this tool?
- ATA Secure Erase, you can download a Secure Erase utility from the manufacturer of the device and run it to securely erase all data on the device.
- What device can be installed on a laptop to prevent shoulder surfing?
- A privacy filter
- Define and explain the differences between a virus, worm, and Trojan.
- A virus is a program that replicates by attaching itself to other programs. The infected program must be executed for a virus to run.
- A worm is a program that copies itself throughout a network or the Internet without a host program. A worm creates problems by overloading the network as it replicates and can even hijack or install a server program such as a web server.
- A Trojan does not need a host program to work; rather, it substitutes itself for a legitimate program.
- What are the two best ways to protect a computer or network against worms?
- Use antivirus software and firewall.
- What is the best way to determine if an email message warning about a virus is a hoax?
- If you recieve an email stating your computer has a virus. It IS a hoax.
- What is the first thing you should do when you discover a computer is infected with malware?
- Quarantine the computer
- What does AV software look for to determine that a program or a process is a virus?
- Run a virus scan an unistall it or use a restore point
- Which antispyware software is embedded in Windows 7?
- Windows Defender
- Why is it helpful to run AV software in Safe Mode?
- Limited program/driver support. More secure mode if you use without networking.
- What registry key keeps information about services that run when a computer is booted
- into Safe Mode?
- HKLM\System\CurrentControlSet\Control\Safeboot is the registry key that keeps this information. The subkeys under this are Minimal (safemode without networking) and Network (safe mode with networking)
- What folder is used by Windows to hold restore points?
- The folder "System Volume Information" is a hidden system folder located in the root of the drive and is used by windows to hold system restore points. C:\System Volume Information\_ Restore folder
- What must you do to allow AV software to scan and delete malware it might find in the data storage area where restore points are kept?
- Removing malware from System Restore points To remove malware you must first disable System Restore, then scan the system with up-to-date antivirus software - allowing it to clean, delete.
- acceptable use policy (AUP)
- A document that explains to users what they can and cannot do on the corporate network or with company data, and the penalties for violations.
- access control list (ACL)
- A record or list of resources (for example, a printer, folder, or file) that a user, device, or program has access to on a corporate network, server, or workstation.
- anti-malware software
- Utility software that can prevent infection, scan a system, and detect and remove all types of general malware, including viruses, spyware, worms, and rootkits.
- antivirus software
- Utility software that can prevent infection, scan a system, and detect and remove viruses.
- ATA Secure Erase
- Standards developed by the American National Standards Institute (ANSI) that dictate how to securely erase data from solid-state devices such as a USB flash drive or SSD drive in order to protect personal privacy.
- biometric authentication
- To authenticate to a network, computer, or other computing device by means of biometric data, such as a fingerprint or retinal data. Touch ID on an iPhone or face lock on an Android device can perform biometric authentication.
- biometric device
- An input device that inputs biological data about a person; the data can identify a person's fingerprints, handprints, face, voice, eyes, and handwriting.
- BitLocker Drive Encryption
- A utility in Windows 8/7/Vista that is used to lock down a hard drive by encrypting the entire Windows volume and any other volume on the drive.
- BitLocker To Go
- A Windows utility that can encrypt data on a USB flash drive and restrict access by requiring a password.
- botnet
- A network of zombies or robots. Also see zombies
- brute force attack
- A method to hack or discover a password by trying every single combination of characters.
- Bring Your Own Device (BYOD)
- A corporate policy that allows employees or students to connect their own devices to the corporate network.
- cellular network analyzer
- Software and hardware that can monitor cellular networks for signal.
- certification of destruction
- Digital or paper documentation, which ensures that data has been destroyed beyond recovery.
- Certification of Authority (CA)
- An organization, such as VeriSign, that assigns digital certificates or digital signatures to individuals or organizations.
- chain of custody
- Documentation that tracks evidence used in an investigation and includes exactly what, when, and from whom the evidence, and how the evidence was secured while in possession of a responsible party.
- commercial license
- As applied to software, the rights to use the software, which have been assigned to the user by the software vendor. Also see source.
- copyright
- The right to copy the work that belongs to the creators of the works or others to whom the creator transfers this right.
- data loss prevention (DLP)
- Methods that protect corporate data from being exposed or stolen; for example, software that filters employee email to verify privacy laws are not accidentally or intentionally being violated.
- degausser
- A machine that exposes a magnetic storage device such as a hard drive or tape drive to a strong magnetic field to completely erase the data on the storage device.
- dictionary attack
- A method to discover or crack a password by trying words in a dictionary.
- digital certificate
- A code used to authenticate the source of a file or document or to identify and authenticate a person or organization sending data over a network. The code is assigned by a certificate authority such as VeriSign and includes a public key for encryption. Also called digital ID or digital signature.
- digital rights management (DRM)
- Software and hardware security limitations meant to protect digital content and prevent piracy.
- email filtering
- To search incoming or outgoing email messages for matches kept in databases, searching known scams and spammers to protect against social engineering.
- email hoax
- An email message that is trying to tempt you to give out personal information or trying to scam you.
- Encrypted File System (EFS)
- A way to use a key to encode a file or folder on an NTFS volume to protect sensitive data. Because it is an integrated system service, EFS is transparent to users and applications.
- End User License Agreement (EULA)
- A digital or printed statement of your rights to use or copy software, which you agree to when the software is installed.
- enterprise license
- A license to use software that allows an organization to install multiple instances of the software. Also called site license.
- entry control roster
- A list of people allowed into a restricted area and a log of any approved visitors that is used and maintained by security guards.
- gpresult
- The Windows command to find out group policies that are currently applied to a system for the computer or user.
- gpupdate
- The Windows command to refresh local group policies as well as group policies set in Active Directory on a Windows domain.
- grayware
- A program that is potentially harmful or potentially unwanted.
- intrusion detection system (IDS)
- Software that can run on a UTM (Unified Threat Management) appliance, router, server, or workstation to monitor all network traffic and create alerts when suspicious activity happens.
- intrusion prevention system (IPS)
- Software that can run on a UTM (Unified Threat Management) appliance, router, server, or workstation to monitor all network traffic, create alerts, and prevent the threatening traffic from burrowing into the system.
- key fob
- A device , such as a type of smart card, that can fit conveniently on a key chain.
- keylogger
- A type of spyware that tracks your keystrokes, including passwords, chat room sessions, email messages, documents, online, purchases, and anything else you type on your computer. Text is logged to a text file and transmitted over the Internet without you knowledge.
- Local Security Policy
- A Windows Administrative Tools snap-in in Control Panel that can manage the group of polices in the Local Computer Policy, Computer Configuration, Windows Settings, Security Settings group of Group Policy.
- Local Users and Groups
- For business and professional editions of Windows, a Windows utility console (lusrmgr.msc) that can be used to manage user accounts and user groups.
- LoJack
- A technology by Absolute Software used to track the whereabouts of a laptop computer and, if the computer is stolen, lock down access to the computer or erase data on it. The technology is embedded in the UEFI/BIOS of many laptops.
- malware
- Any unwanted program that is transmitted to a computer without the user's knowledge and that is designed to do varying degrees of damage to data and software.
- Types of infestations include viruses, Trojan horses, worms, adware, spyware, keyloggers, browser hijackers, dialers, and downloaders.
- malware definition
- Information about malware that allows anti-malware software to detect and define malware. AKA malware signature.
- malware encyclopedia
- Lists of malware, including symptoms and solutions, often maintained by manufacturers of anti-malware and made available on their websites.
- man-in-the-middle attack
- An attack that pretends to be a legitimate website, network, FTP site, or person in a chat session in order to obtain private information.
- mantrap
- A physical security technique of using two doors on either end of a small entryway where the first door must close before the second door can open. A separate form of identification might be required for each door, such as a badge for the first door and a fingerprint scan for the second door. In addition, a security guard might monitor people as they come and go.
- multifactor authentication (MFA)
- To use more than one method to authenticate access to a computer, network, or other resource.
- mutual authentication
- To authenticate in both directions at the same time, as both entities confirm the identity of the other.
- next-generation firewall (NGFW)
- A firewall that combines firewall software with anti-malware software and other software that protects resources on a network.
- non compliant system
- A system that violates security best practices, such as out-of-date anti-malware software or no anti-malware software installed.
- personal license
- A license to use software that gives the right to install one instance of software.
- phishing
- Sending an email message with the intent of getting the user to reveal private information that can be used for identity theft. Also see spear phishing and spoofing.
- privacy filter
- A device that fits over a monitor screen to prevent other people from viewing the monitor from a wide angle.
- quarantined computer
- A computer that is suspected of infection and is not allowed to use the network, is put on a different network dedicated to quarantined computers, or is allowed to access only certain network resources.
- ransomware
- Malware that holds you computer system hostage with encryption techniques until you pay money or a time period expires when the encrypted content is destroyed.
- remote backup application
- A cloud backup service on the Internet that backs up data to the cloud and is often used for laptops, tablets, and smart phones.
- remote wipe
- Remotely erases all contacts, email, photos, and other data from a device to protect your privacy.
- RFID badge
- A badge worn by an employee and used to gain entrance into a locked area of a building. A Radio Frequency Identification token transmits authentication to the system when the token gets in range of a query device.
- root certificate
- The original digital certificate issued by a Certification Authority.
- rootkit
- A type of malicious software that loads itself before the OS boot is complete and can hijack internal Windows components so that is masks information Windows provides to user-mode utilities such as File Explorer or Task Manager.
- security token
- A smart card or other device that is one factor in multifactor authentication or can serve as replacement for a password.
- shoulder surfing
- As you work, other people secretly peek at your monitor screen to gain valuable information
- site license
- A license that allows a company to install multiple copies of software, or to allow multiple employees to execute the software from a file server. AKA enterprise license.
- smart card
- Any small device that contains authentication information that can be keyed into a sign-in window or read by a reader to authenticate a user on a network.
- smart card reader
- A device that can read a smart card used to authenticate a person onto a network.
- social engineering
- The practice of tricking people into giving out private information or allowing unsafe programs into the network or computer.
- software piracy
- The act of making unauthorized copies of original software.
- spear phishing
- A form of phishing where an email message appears to come from a company you already do business with.
- spoofing
- A phishing technique where you are tricked into clicking a link in an email message, which takes you to an official-looking website where you are asked to enter your user ID and password to enter the site.
- spyware
- Malicious software that installs itself on your computer or mobile device to spy on you. It collects personal information about you that it transmits over the Internet to web-hosting sites that intend to use your personal data for harm.
- tailgating
- When someone who is unauthorized follows an employee through a secured entrance to a room or building.
- Trusted Platform Module (TPM)
- A chip on a motherboard that holds an encryption key required at startup to access encrypted data on the hard drive. Windows BitLocker Encryption can use the TPM chip.
- Trojan
- A type of malware that tricks you into downloading and/or opening it by substituting itself for a legitimate program.
- Unified Threat Management (UTM)
- A computer security appliance, network appliance, or Internet appliance that stands between the Internet and a private network and runs firewall, anti-malware, and other software to protect the network.
- User Accounts
- A Windows utility (netplwiz.exe) that can be used to change the way Windows sign-in works and to manage user accounts, including changing passwords and changing the group membership of an account. AKA Network Places Wizard.
- virus
- A program that often has an incubation period, is infectious, and is intended to cause damage. A virus program might destroy data and programs.
- Wi-Fi analyzer
- Hardware and/or software that monitors a Wi-Fi network to detect devices not authorized to use the network, identify attempts to hack transmissions, or detect performance and security vulnerabilities.
- Windows Defender
- Anti-malware software embedded in Windows 8 that can detect, prevent, and clean up a system infected with viruses and other malware. Antispyware utility included in Windows 8/7/Vista.
- Windows Firewall
- A personal firewall that protects a computer from intrusion and is automatically configured when you set your network location in the Network and Sharing Center.
- worm
- An infestation designed to copy itself repeatedly to memory, on drive space, or on a network, until little memory, disk space, or network bandwidth remains.
- zero-day attack
- When a hacker discovers and exploits a security hole in software before the developer of the software can develop and provide a protective patch to close the hole.
- zombie
- A computer that has been hacked, and the hacker is using the computer to run repetitive software in the background without the knowledge of its user. Also see botnet.
- computer infestation
- Any unwanted program that is transmitted to a computer without the user's knowledge and that is designed to do varying degrees of damage to data and software. Types of infestations include viruses, Trojan horses,
- worms, adware, spyware, keyloggers, browser hijackers, dialers, and downloaders.
- Also called
- malware or malicious software.
- malicious software
- Any unwanted program that is transmitted to a computer without the user's knowledge and that is designed to do varying degrees of damage to data and software. Types of infestations include viruses, Trojan horses,
- worms, adware, spyware, keyloggers, browser hijackers, dialers, and downloaders.
- Also called
- malware or computer infestation.
- malware signature
- Information about malware
- that allows anti-malware software to detect and
- define malware.
- Also called
- a malware definition.
- Network Places Wizard
- A Windows utility (netplwiz.exe)
- that can be used to change the way Windows
- sign-in works and to manage user accounts,
- including changing passwords and changing the
- group membership of an account.
- Also called
- User Accounts.
- strong password
- A password that is not easy to guess.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement