Microsoft Microsoft Certifications 98-367 Questions & Answers

• Question 111:

  Which of the following security features of IE 7+ makes it more difficult for malware to be installed?

  A. Security zones

  B. Phishing filter

  C. Protected mode

  D. Pop-up blocker

  Correct Answer: C

  The protected mode feature of IE 7+ prevents a computer from saving the files or programs of a Web site. The Protected mode makes it more difficult for malware to be installed. In case such a program is installed, it makes it difficult for the program to damage a user's file and the other operating system files. Protected mode is enabled by default for Internet, local intranet, and restricted sites. However, it is not enabled for the trusted sites. Answer: B is incorrect. The Phishing filter of IE 7+ provides protection from online phishing attacks, frauds, and spoofed Web sites. The filter helps determine whether a Web site is a legitimate site or a phishing site. The filter blocks the Web sites and cautions the users about both reported and suspected phishing Web sites. Answer: D is incorrect. A pop-up blocker allows users to block most pop-ups while surfing the Internet on their computers. Users can select the level of blocking; hey can either block all pop-up windows, or allow pop-ups that they want to see. Answer: A is incorrect. IE 7+ provides a user the facility of configuring security through the security zones. It allows a user or systems administrator to categorize Web sites that a user visits into several groups with a suitable security level.

• Question 112:

  Which of the following is a collection or list of user accounts or computer accounts?

  A. Group

  B. Active Directory

  C. Domain

  D. Public folder

  Correct Answer: A

  A group is a collection or list of user accounts or computer accounts. Groups can be used to simplify administration, especially when assigning rights and permissions. Answer: B is incorrect. Active Directory is a centralized and standardized system that is available with the Windows Server 2008 platform. Active Directory stores information in a central database and allows users to have a single user account called "domain user account" for the network. Active Directory helps to automate network management of user data, security, and distributed resources, thereby enabling interoperation with other directories. Active Directory is Microsoft's trademarked directory service, an integral part of the Windows architecture. This directory is especially designed for distributed networking environments. Answer: C is incorrect. In the Windows environment, a domain is a set of network resources that are part of a network and share a common directory database. A domain is administered as a unit with common rules and procedures. Each domain has a unique name. Users just have to log on to a domain to access the network resources within it. Answer: D is incorrect. A public folder is a storage area on public information store. It is used to collect, organize, and share information among users in an organization. It provides a permanent storage place. Moreover, it can be used to post information on an electronic bulletin board and store sharable items, i.e., calendars and contacts, etc. A public folder can be created and configured in an Exchange organization by administrators and other users who have sufficient access permissions.

• Question 113:

  Mark works as a Network Administrator for TechMart Inc. The company has a Windows-based network. Mark wants to implement a method to ensure that the mobile devices are in a good state of security health when they are trying to access the corporate network. For this purpose, Mark is using NAP. Which of the following will he do for those computers in the network that are not compatible with NAP?

  A. Define exceptions in NAP for computers that are not compatible with NAP.

  B. Hide those computers that are not compatible with NAP.

  C. Remove those computers that are not compatible with NAP.

  D. Do not use the NAP, if any of the computers is showing incompatibility in the entire network.

  Correct Answer: A

  Network Access Protection (NAP) is a set of operating system components included with the Windows Server 2008 and Windows Vista/7 operating systems. It ensures that the client computers on a private network meet administrator-defined requirements for system health. NAP policies define the required configuration and update status for a client computer's operating system and critical software. For example, an administrator can set policies that computers might be required to have antivirus software with the latest virus definition installed and current operating system updates. Using NAP, a network administrator can enforce compliance with health requirements for the client computers connection to the network. NAP helps network administrators to reduce the risk caused by improperly configured client computers that might be exposed to viruses and other malicious software. It is required to define exceptions in NAP for those devices that are not compatible with NAP.

• Question 114:

  Mark works as a Security Officer for TechMart Inc. The company has a Windows- based network. He has bees assigned a project for ensuring the safety of the customer's money and information, not to mention the company's reputation. The company has gone through a security audit to ensure that it is in compliance with industry regulations and standards. Mark understands the request and has to do his due diligence for providing any information the regulators require as they are targeting potential security holes. In this situation, his major concern is the physical security of his company's system. Which of the following actions will Mark take to ensure the physical security of the company's desktop computers?

  A. Call a team member while behaving to be someone else for gaining access to sensitive information.

  B. Develop a social awareness of security threats within an organization.

  C. Use group policies to disable the use of floppy drives or USB drives.

  D. Provide protection against a Distributed Denial of Services attack.

  Correct Answer: C

  The group policies are used to disable the use of floppy drives or USB drives to ensure physical security of desktop computers. Several computers are able to use the mechanism of attaching a locking device to the desktops, but disabling USB and floppy drives can disable a larger set of threats. Answer: D is incorrect. While stressing the Con?dentiality, Integrity, and Availability triangle in the training of users, the process of providing availability is related to security training to ensure the protection against a Distributed Denial of Services attack.

• Question 115:

  Mark works as a Desktop Administrator for TechMart Inc. The company has a Windows-based network. He has bees assigned a project to upgrade the browsers to Internet Explorer (IE) 8 for working with the latest Internet technologies Mark wants to ensure that the company uses a number of the security features built into the browser while maintaining functionality within the company's intranet. Mark is also educating his users to be good Internet citizens and use the safe web sur?ng. Mark asked his team to be assured that they are on a secured website. What they will do?

  A. Take a look for a padlock in the lower right corner of the browser and https:// in the address bar.

  B. Provide protection against a Distributed Denial of Services attack.

  C. Call a team member while behaving to be someone else for gaining access to sensitive information.

  D. Go into the Internet Options, select the Security, and add the intranet site to the list of Local Intranet Site.

  Correct Answer: A

  To be sure that the team members are on a secure site, they are required to look for a padlock in the lower right corner of the browser and https:// in the address bar. It will not guarantee that the site is secure but can be used. Answer: D is incorrect. The Internet zone feature in IE 8 can be configured and users are enabled to easily browse the local intranet without disturbing the security levels by using the following steps: 1.Go into the Internet Options and select the Security. 2.Add the intranet site to the list of Local Intranet Site. Answer: C is incorrect. Social engineering can be defined as any type of behavior used to inadvertently or deliberately aid an attacker in gaining access to an authorized user's password or other sensitive information. Social engineering is the art of convincing people and making them disclose useful information such as account names and passwords. This information is further exploited by hackers to gain access to a user's computer or network. This method involves mental ability of people to trick someone rather than their technical skills. A user should always distrust people who ask him for his account name, password, computer name, IP address, employee ID, or other information that can be misused. Answer: B While stressing the Con?dentiality, Integrity, and Availability triangle in the training of users, the process of providing availability is related to security training to ensure the protection against a Distributed Denial of Services attack.

• Question 116:

  By default, what level of security is set for the Local intranet zone?

  A. High-Medium

  B. Medium-Low

  C. High

  D. Low

  Correct Answer: B

  The default security level of the Local intranet zone is Medium-Low. Internet Explorer (IE) allows configuring different levels of security for different types of Web sites by segmenting them into the following security zone:

  Local Intranet: IE can be configured to detect intranet sites automatically. Users can add Web sites to this zone through Local Intranet sites dialog box. Protected Mode is not enabled for sites in this zone. The default security level of this zone

  is Medium- Low.

  Trusted Sites: Putting sites in the Trusted Sites zone often provide elevated privileges. The default security level for this zone is Medium. Restricted Sites: Potentially malicious sites are put in this zone. The default security level for this zone is

  High. Protected Mode is enabled by default for sites in this zone. Internet: The sites that are not contained in other zones are automatically hosted in this zone. Sites in this zone are blocked from viewing private data from other Web sites. The

  default security level of this zone is Medium-High. Protected Mode is enabled by default for sites in this zone.

  The three default security levels are Medium, Medium-High, and High.

• Question 117:

  Which of the following is a set of rules that control the working environment of user accounts and computer accounts?

  A. Mandatory Access Control

  B. Access control list

  C. Group Policy

  D. Intrusion detection system

  Correct Answer: C

  Group Policy is a feature of the Microsoft Windows NT family of operating systems. It is a set of rules, which control the working environment of user accounts and computer accounts. Group Policy provides the centralized management and configuration of operating systems, applications, and users' settings in an Active Directory environment. Group Policy is often used to restrict certain actions that may pose potential security risks. For example, block access to the Task Manager, restrict access to certain folders, disable the downloading of executable files, and so on. As part of Microsoft's IntelliMirror technologies, Group Policy aims to reduce the cost of supporting users. IntelliMirror technologies relate to the management of disconnected machines or roaming users and include roaming user profiles, folde redirection, and offline files.

  

  Answer: A is incorrect. Mandatory Access Control (MAC) is a model that uses a predefined set of access privileges for an object of the system. Access to an object is restricted on the basis of the sensitivity of the object and granted through authorization. Sensitivity of an object is defined by the label assigned to it. For example, if a user receives a copy of an object that is marked as "secret", he cannot grant permission to other users to see this object unless they have the appropriate permission. Answer: D is incorrect. An Intrusion detection system (IDS) is used to detect unauthorized attempts to access and manipulate computer systems locally or through the Internet or an intranet. It can detect several types of attacks and malicious behaviors that can compromise the security of a network and computers. This includes network attacks against vulnerable services, unauthorized logins, and access to sensitive data, and malware (e.g. viruses, worms, etc.). An IDS also detects attacks that originate from within a system. In most cases, an IDS has three main components: Sensors, Console, and Engine. Sensors generate security events. A console is used to alert and control sensors and to monitor events. An engine is used to record events and to generate security alerts based on received security events. In many IDS implementations, these three components are combined into a single device. Basically, the following two types of IDS are used: Network-based IDS Host-based IDS Answer: B is incorrect. Access control list (ACL) is a rule list containing access control entries. It is used to allow or deny access to network resources. ACL can be implemented on network users and network devices such as routers and firewalls. Routers and firewalls use ACL to determine which packets should be forwarded or dropped.

• Question 118:

  You check the logs on several clients and find that there is traffic coming in on an odd port (port 1872). All clients have the Windows XP firewall turned on. What should you do to block this unwanted traffic?

  A. Perform a virus scan to find the virus responsible for this traffic.

  B. Check the exceptions in the firewall and unselect that port exception.

  C. Trace back that traffic and find its origin.

  D. Shut down the service that connects to that port.

  Correct Answer: B

  The Windows firewall has an exception list of applications and ports that are allowed to pass through the firewall. Find this port and remove it from the exception list.

• Question 119:

  Which of the following are required to enable for preventing the users from downloading and installing software from the Internet? Each correct answer represents a complete solution. Choose all that apply.

  A. Software restriction policies

  B. PTR record

  C. User Account Control

  D. Anti-Virus software

  Correct Answer: AC

  Answer: C and A

  It is required to enable User Account Control on all Windows 7 computers and to configure software restriction policies to prevent the users from downloading and installing software from the Internet.

• Question 120:

  Which of the following is the process used by attackers for listening to the network traffic?

  A. Eavesdropping

  B. Subnetting

  C. Sanitization

  D. Hacking

  Correct Answer: A

  Eavesdropping is the process of listening to private conversations. It also includes attackers listening the network traffic. For example, it can be done over telephone lines (wiretapping), email, instant messaging, and any other method of

  communication considered private.

  Answer: C is incorrect. Sanitization is the process of removing sensitive information from a document or other medium so that it may be distributed to a broader audience. When dealing with classified information, sanitization attempts to

  reduce the document's classification level, possibly yielding an unclassified document. Originally, the term sanitization was applied to printed documents; it has since been extended to apply to computer media and the problem of data

  remanence as well.

  Answer: D is incorrect. Hacking is a process by which a person acquires illegal access to a computer or network through a security break or by implanting a virus on the computer or network.

  Answer: B is incorrect. Subnetting is a process through which an IP address network is divided into smaller networks. It is a hierarchical partitioning of the network address space of an organization into several subnets. Subnetting creates

  smaller broadcast domains. It helps in the better utilization of the bits in the Host ID.