Microsoft Microsoft Certifications 98-367 Questions & Answers

• Question 31:

  Which of the following is a method of capturing and recording computer users' keystrokes including sensitive passwords?

  A. Using hardware keyloggers

  B. Using Alchemy Remote Executor

  C. Using SocketShield

  D. Using Anti-virus software

  Correct Answer: A

  Hardware keyloggers are used for keystroke logging, a method of capturing and recording computer users' keystrokes, including sensitive passwords. They can be implemented via BIOS-level firmware, or alternatively, via a device plugged

  inline between a computer keyboard and

  a computer. They log all keyboard activities to their internal memory. Answer: D is incorrect. Anti-Virus software is used to prevent, detect, and remove malware, including computer viruses, worms, and trojan horses. Such programs may also

  prevent and remove adware, spyware, and other forms of malware.

  Anti-Virus software is a class of program that searches your hard drive, floppy drive, and pen drive for any known or potential viruses. The market for this kind of program has expanded because of Internet growth and the increasing use of the

  Internet by businesses concerned about protecting their computer assets. Popular Anti-Virus packages are as follows: Bit Defender Anti-Virus McAfee Virus Scan Kaspersky Anti-Virus F-Secure Anti-Virus Symantec Norton Anti-Virus Panda

  Titanium Anti-Virus Avira Anti-Virus Avast Anti-Virus Trend Micro Anti-Virus Grisoft AVG Anti-Virus ESET Nod32 Anti-Virus Webroot Anti-Virus Quick Heal Anti-Virus eTrust EZ Anti-Virus ZoneAlarm Anti-Virus

  Answer: B is incorrect. Alchemy Remote Executor is a system management tool that allows Network Administrators to execute programs on remote network computers without leaving their workplace. From the hacker's point of view, it can be

  useful for installing keyloggers, spyware, Trojans, Windows rootkits and such. One necessary condition for using the Alchemy Remote Executor is that the user/attacker must have the administrative passwords of the remote computers on

  which the malware is to be installed.

  Answer: C is incorrect. SocketShield provides a protection shield to a computer system against malware, viruses, spyware, and various types of keyloggers. SocketShield provides protection at the following two levels:

  1.Blocking: In this level, SocketShield uses a list of IP addresses that are known as purveyor of exploits. All http requests for any page in these domains are simply blocked.

  2.Shielding: In this level, SocketShield blocks all the current and past IP addresses that are the cause of unauthorized access.

• Question 32:

  Which of the following is method that can be used to identify Internet software in Software Restriction Policies?

  A. Restriction rule

  B. Identification rule

  C. Internet rule

  D. Zone rule

  Correct Answer: D

  Zone rule is method that can be used to identify Internet software in Software Restriction Policies. Answer: C, B, and A are incorrect. These are invalid Answer: .

• Question 33:

  Which of the following is a networking protocol that provides centralized Authentication, Authorization, and Accounting management for computers to connect and use a network service?

  A. PEAP

  B. RADIUS

  C. Kerberos

  D. MS-CHAP v2

  Correct Answer: B

  Remote Authentication Dial In User Service (RADIUS) is a networking protocol that provides centralized Authentication, Authorization, and Accounting (AAA) management for computers to connect and use a network service. Because of the

  broad support and the ubiquitous nature of the RADIUS protocol, it is often used by ISPs and enterprises to manage access to the Internet or internal networks, wireless networks, and integrated e-mail services. These networks may

  incorporate modems, DSL, access points, VPNs, network ports, Web servers, etc. RADIUS is a client/server protocol that runs in the application layer, using UDP as transport. The Remote Access Server, the Virtual Private Network server,

  the Network switch with port-based authentication, and the Network Access Server, are all gateways that control access to the network, and all have a RADIUS client component that communicates with the RADIUS server. The RADIUS

  server is usually a background process running on a UNIX or Windows NT machine. RADIUS serves three functions:

  To authenticate users or devices before granting them access to a network To authorize those users or devices for certain network services To account for usage of those services

  Answer: D is incorrect. Microsoft Challenge Handshake Authentication Protocol version 2 (MS-CHAP v2) is the new version of MS-CHAP.

  MS-CHAP v2 provides the highest level of security and encryption for dial-up connection in the environment consisting of both Windows NT and Windows 2000/XP dial-up clients. It provides mutual authentication, stronger initial data

  encryption keys, and different encryption keys for sending and receiving data.

  Answer: A is incorrect. PEAP (Protected Extensible Authentication Protocol) is a method to securely transmit authentication information over wired or wireless networks. It was jointly developed by Cisco Systems, Microsoft, and RSA Security.

  PEAP is not an encryption protocol; as with other EAP protocols, it only authenticates a client into a network.

  PEAP uses server-side public key certificates to authenticate the server. It creates an encrypted SSL/TLS (Secure sockets layer/Transport

  layer security) tunnel between the client and the authentication server. In most configurations, the keys for this encryption are transported using the server's public key. The resultant exchange of authentication information inside the tunnel to

  authenticate the client is then encrypted and the user credentials are thus safe and secure. Answer: C is incorrect. Kerberos is a computer network authentication protocol that allows individuals communicating over a non- secure network to

  prove their identity to one another in a secure manner. Kerberos builds on symmetric key cryptography and requires a trusted third party. Kerberos uses as its basis the Needham-Schroeder protocol. It makes use of a trusted third party,

  termed a key distribution center (KDC), which consists of two logically separate parts:

  Authentication Server (AS)

  Ticket Granting Server (TGS)

  Kerberos works on the basis of tickets, which serve to prove the identity of users. The KDC maintains a database of secret keys; each entity on the network, whether a client or a server, shares a secret key known only to itself and to the KDC.

  Knowledge of this key serves to prove an entity's identity. For communication between two entities, the KDC generates a session key, which they can use to secure their interactions.

• Question 34:

  Which of the following protocols transmits user credentials as plaintext?

  A. CHAP

  B. MS-CHAP v2

  C. PAP

  D. MS-CHAP

  Correct Answer: C

  Password Authentication Protocol (PAP) is the least sophisticated authentication protocol, used mostly when a client calls a server running an operating system other than Windows. PAP has a number of security vulnerabilities because it

  transmits user credentials as plaintext.

  Answer: A is incorrect. Challenge Handshake Authentication Protocol (CHAP) is an authentication protocol that uses a secure form of encrypted authentication. Using CHAP, network dial-up connections are able to securely connect to almost

  all PPP servers.

  Answer: B is incorrect. Microsoft Challenge Handshake Authentication Protocol version 2 (MS-CHAP v2) is the new version of MS-CHAP. MS-CHAP v2 provides the highest level of security and encryption for dial-up connection in the

  environment consisting of both Windows NT and Windows 2000/XP dial-up clients. It provides mutual authentication, stronger initial data encryption keys, and different encryption keys for sending and receiving data. Answer: D is incorrect.

  Microsoft created the Microsoft Challenge Handshake Authentication Protocol (MS-CHAP) to authenticate remote Windows workstations. It is designed especially for Windows 95, Windows 98, Windows NT, and Windows 2000 networking

  products. This protocol provides data encryption along with password encryption.

• Question 35:

  Which of the following is a name that identifies a particular 802.11 wireless LAN?

  A. MBSA

  B. IBSS

  C. MAC

  D. SSID

  Correct Answer: D

  Service Set Identifier, or SSID, is a name that identifies a particular 802.11 wireless LAN. A client device receives broadcast messages from all access points within range, advertising their SSIDs. The client device can then either manually or automatically, based on configuration, select the network and can associate itself. The SSID can be up to 32 characters long. As the SSID displays to users, it normally consists of human-readable characters. The SSID is defined as a sequence of 1-32 octets, each of which may take any value. Answer: B is incorrect. IBSS (Independent Basic Service Set) is an ad-hoc network of client devices that does not require a central control access point. In IBSS, the SSID is chosen by the client device that starts the communication. The broadcasting of the SSID is performed in a pseudo-random order by all devices that are members of the network. Answer: C is incorrect. Mandatory access control (MAC) refers to a type of access control by which the operating system constrains the ability of a subject or initiator to access or generally perform some sort of operation on an object or target. In practice, a subject is usually a process or thread; objects are constructs such as files, directories, TCP/UDP ports, shared memory segments, etc. Subjects and objects each have a set of security attributes. Whenever a subject attempts to access an object, an authorization rule enforced by the operating system kernel examines these security attributes and decides whether the access can take place. Any operation by any subject on any object will be tested against the set of authorization rules to determine if the operation is allowed. Answer: A is incorrect. Microsoft Baseline Security Analyzer (MBSA) is a software tool of Microsoft to determine security state by assessing missing security updates and less-secure security settings within Microsoft Windows, Windows components such as Internet Explorer, IIS web server, and products Microsoft SQL Server, and Microsoft Office macro settings. Microsoft Baseline Security Analyzer (MBSA) includes a graphical and command line interface that can perform local or remote scans of Windows systems.

• Question 36:

  Mark works as a Systems Administrator for TechMart Inc. The company has a Windows-based network. The company is adding an open, high-speed, wireless access for their customers and secured wireless for employees at all 37 branches. He wants to check the various security concerns for ensuring that business traffic is secured. He is also under pressure to make this new feature a winning strategy for a company. Which of the following is the most secure protocol that Mark can implement to ensure that the business-related traffic is encrypted?

  A. WiFi Protected Access (WPA) 2

  B. Extensible Authentication Protocol (EAP)

  C. Wired Equivalent Privacy (WEP)

  D. Service Set Identifiers

  Correct Answer: A

  WPA2 (Wi-Fi Protected Access 2) is used to provide network administrators with a high level of assurance that only authorized users are able to access the network. It provides government grade security by implementing the National Institute of Standards and Technology (NIST) FIPS 140-2 compliant AES encryption algorithm. Wireless Security Options are used to decrease the risk of data interception by a third party in Wireless Networking. Data can be protected by using encryption technologies. In Wireless Networking Connection, various methods are used to increase security as follows: Using Wired Equivalent Privacy: The goal is to allow only authorized users to connect to the wireless network. While initially configuring routers and network adapters, users create a WEP key. The level of security depends on the length of the key measured in bits. Another step is to share WEP keys to authorized users. Specifically, it is possible for unauthorized users to determine the mathematical value of a WEP key by monitoring a sufficient amount of networking traffic. WEP is an additional security, but it does not completely address all potential vulnerabilities. Using Wi-Fi Protected Access: The Wi-Fi Protected Access protocol is used to provide higher security over the WEP standard. It is considered as a replacement for the less secured WEP protocol. WPA security is configured on a wireless router or an access point.

  Using Service Set Identifiers: Service Set Identifiers are used to assist users to find and connect to a wireless network. Whenever a wireless network adapter is available on a computer, Windows Vista automatically identifies the available

  networks based on their SSID.

  Answer: B is incorrect. Extensible Authentication Protocol (EAP) is defined as an authentication framework providing for the transport and usage of keying material and parameters that are generated by EAP methods. EAP is not a wire

  protocol and it defines only message formats.

• Question 37:

  Which of the following is used to protect all files stored on the drive on which Windows is installed?

  A. SocketShield

  B. Firewall

  C. Bitlocker

  D. Hardware keylogger

  Correct Answer: C

  BitLocker is used to protect all files stored on the drive on which Windows is installed. It encrypts the entire system drive and helps block hackers from accessing the system files they rely on to discover user passwords. BitLocker also

  prevents hackers from accessing the hard disk by removing it from a computer, and installing it on a different computer. BitLocker does not work for USB Flash Drives. Answer:

  A is incorrect. SocketShield provides a protection shield to a computer system against malware, viruses, spyware, and various types of keyloggers. SocketShield provides protection at the following two levels:

  1.Blocking: In this level, SocketShield uses a list of IP addresses that are known as purveyor of exploits. All http requests for any page in these domains are simply blocked.

  2.Shielding: In this level, SocketShield blocks all the current and past IP addresses that are the cause of unauthorized access.

  Answer: B is incorrect. A firewall is a system that helps in preventing access to a system from unauthorized internet or network users. A firewall can be hardware as well as software. A firewall is implemented on systems that are connected to

  the internet and are vulnerable to hackers, viruses, worms, and other harmful intrusions. Answer: D is incorrect. Hardware keyloggers are used for keystroke logging, a method of capturing and recording computer users' keystrokes, including

  sensitive passwords. They can be implemented via BIOS-level firmware, or alternatively, via a device plugged inline between a computer keyboard and a computer. They log all keyboard activities to their internal memory.

• Question 38:

  Which of the following is often used for one-to-many communications using broadcast or multicast IP datagrams?

  A. UDP

  B. FTP

  C. HTTP

  D. SMTP

  Correct Answer: A

  UDP is often used for one-to-many communications, using broadcast or multicast IP datagrams. User Datagram Protocol (UDP) is one of the core members of the Internet Protocol Suite, the set of network protocols used for the Internet. With UDP, computer applications can send messages, in this case referred to as datagrams, to other hosts on an Internet Protocol (IP) network without requiring prior communications to set up special transmission channels or data paths. UDP is sometimes called the Universal Datagram Protocol. Answer: D is incorrect. Simple Mail Transfer Protocol (SMTP) is a protocol for sending e-mail messages between servers. E-mailing systems use this protocol to send mails over the Internet. SMTP works on the application layer of the TCP/IP or OSI reference model. The SMTP client typically initiates a Transmission Control Protocol (TCP) connection to the SMTP server on the well-known port designated for SMTP, port number 25. However, e-mail clients require POP or IMAP to retrieve mails from e-mail servers. Answer: B is incorrect. File Transfer Protocol (FTP) is a standard network protocol used to copy a file from one host to another over a TCP/IP-based network, such as the Internet. FTP is built on a client- server architecture and utilizes separate control and data connections between the client and server applications, which solves the problem of different end host configurations (i.e., Operating System, file names). FTP is used with user-based password authentication or with anonymous user access. Answer: C is incorrect. The Hyper Text Transfer protocol is a standard application-level protocol used to request and transmit files, especially web pages and webpage components, on the World Wide Web. HTTP runs on top of the TCP/IP protocol. Web browsers are HTTP clients that send file requests to Web Servers, which in turn handle the requests via an HTTP service.

• Question 39:

  Which of the following is used to describe the policy of maximum password age?

  A. It is used to determine how old the user has to create a password.

  B. It is a time duration before a password is required to be public.

  C. It is a time duration before a password is required to be changed.

  D. It determines how old the password must be before the user is permitted to change it.

  Correct Answer: C

  The policy of maximum password age defines a time duration before a password is required to be changed.

• Question 40:

  Which of the following is the reason of properly securing an audit log?

  A. To ensure that only authorized person can check the log file.

  B. To ensure that no one can remove it as there is no back up is provided for this log.

  C. To ensure that potential hackers becomes unable to delete the event logs for covering their tracks.

  D. To ensure that potential hackers can be tracked easily without changing the network configuration.

  Correct Answer: C

  The reason of properly securing an audit log is used to ensure that potential hackers becomes unable to delete the event logs for covering their tracks.