Microsoft Microsoft Certifications 98-367 Questions & Answers

• Question 71:

  Which of the following steps can be taken by an administrator as countermeasures against software keyloggers? Each correct answer represents a part of the solution. Choose all that apply.

  A. Use commercially available anti-keyloggers.

  B. Actively monitor the programs running on the server.

  C. Update antivirus regularly.

  D. Always check hard disk space on the server.

  Correct Answer: ABC

  Answer: B, C, and A

  It is very hard to detect a keylogger's activity. Hence, a Network Administrator should take the following steps as countermeasures against software keyloggers:

  Actively monitor the programs running on the server. Monitor the network whenever an application attempts to make a network connection. Use commercially available anti-keyloggers, such as PrivacyKeyboard.

  Update one's antivirus regularly.

  Use on-screen keyboards and speech-to-text conversion software which can also be useful against keyloggers, as there are no typing or mouse movements involved. Keyloggers are programs that run in the background and record each and

  every keystroke. Keyloggers record computer keystrokes either through hardware or software.

  Answer: D is incorrect. This step should not be taken by an administrator as countermeasures against software keyloggers.

• Question 72:

  Which of the following helps prevent security failures?

  A. Social engineering

  B. Denial-of-Service attack

  C. Attack surface reduction

  D. Snooping

  Correct Answer: C

  The attack surface is a software environment where codes can be run by unauthenticated users. By improving information security, the attack surface of a system or software can be reduced. Although attack surface reduction helps prevent

  security failures; it does not mitigate the amount of damage an attacker could inflict once a vulnerability is found.

  Answer: B is incorrect. A Denial-of-Service (DoS) attack is mounted with the objective of causing a negative impact on the performance of a computer or network. It is also known as network saturation attack or bandwidth consumption attack.

  Attackers make DoS attacks by sending a large number of protocol packets to a network. The problems caused by a DoS attack are as follows: Saturate network resources.

  Disrupt connections between two computers, thereby preventing communications between services.

  Disrupt services to a specific computer.

  Answer: D is incorrect. Snooping is an activity of observing the content that appears on a computer monitor or watching what a user is typing. Snooping also occurs by using software programs to remotely monitor activity on a computer or

  network device. Hackers or attackers use snooping techniques and equipment such as keyloggers to monitor keystrokes, capture passwords and login information, and to intercept e-mail and other private communications. Sometimes,

  organizations also snoop their employees legitimately to monitor their use of organizations' computers and track Internet usage.

  Answer: A is incorrect. Social engineering is the art of convincing people and making them disclose useful information such as account names and passwords. This information is further exploited by hackers to gain access to a user's

  computer or network. This method involves mental ability of people to trick someone rather than their technical skills. A user should always distrust people who ask him for his account name, password, computer name, IP address, employee

  ID, or other information that can be misused.

• Question 73:

  Which of the following is a use of Microsoft Windows Malicious Software Removal Tool?

  A. To gain unauthorized remote access to a computer and launch additional attacks.

  B. To distribute itself automatically from one computer to another via network connections.

  C. To remove the malware.

  D. To perform repetitive or time-consuming task on a network.

  Correct Answer: C

  Microsoft Windows Malicious Software Removal Tool is used to remove the malware.

  Answer: D is incorrect. A bot is defined as a program that is used to perform repetitive or time- consuming task on a network. Answer: A is incorrect. Rootkit is used to gain unauthorized remote access to a computer and launch additional

  attacks.

  Answer: B is incorrect. A worm can automatically distribute itself from one computer to another via network connections.

• Question 74:

  Mark works as a Security Administrator for TechMart Inc. The company has a a Windows-based network. Mark has gone through a security audit for ensuring that the technical system is secure and protected. While this audit, he identified many areas that need improvement. He wants to minimize the risk for potential security threats by educating team members in the area of social engineering, and providing basic security principle knowledge and he also wants to stress the Con?dentiality, Integrity, and Availability triangle in his training. For this purpose, he plans to implement the principle of least privilege. In which of the following way, it will affect his team members?

  A. They are required to ask administrator every time when they want to access resources.

  B. They are granted with a smallest set of privileges to the resources

  C. They are required to log on as administrator to have access to their resources

  D. The current resource access of team members will not change.

  Correct Answer: B

  The principle of least privilege gives a user only those privileges that are essential to do his/her work. In information security, computer science, and other fields, the principle of least privilege, is also known as the principle of minimal privilege or least privilege. It define that in a particular abstraction layer of a computing environment, every module has to be able to access only the information and resources that are essential for its legitimate purpose. It needs that each subject in a system be granted the most restrictive set of privileges required for the authorized tasks.

• Question 75:

  Which of the following protocols is used to secure workstation and computer authentication across the network?

  A. TCP/IP

  B. Network Directory Access Protocol

  C. Kerberos

  D. Lightweight Directory Access Protocol

  Correct Answer: C

  Kerberos is defined as a secure method used for authenticating a request for a service in a computer network.

  Answer: D is incorrect. The Lightweight Directory Access Protocol (LDAP) is defined as a directory service protocol that is used to provide a mechanism used to connect to, search, and modify Internet directories. Answer: A is incorrect. TCP/

  IP protocol is used to define the rule computers are required to follow for communicating with each other over the internet.

  Answer: B is incorrect. This is an invalid Answer: .

• Question 76:

  Which of the following is a security protocol that is used to protect data from being modified, corrupted, or accessed without authorization?

  A. Honeypot

  B. IP Security (IPsec)

  C. DNSSEC

  D. Protocol spoofing

  Correct Answer: B

  Internet Protocol Security (IPsec) is a protocol suite for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a data stream. IPsec also includes protocols for establishing mutual authentication between agents at the beginning of the session and negotiation of cryptographic keys to be used during the session. IPsec can be used to protect data flows between a pair of hosts, between a pair of security gateways, or between a security gateway and a host. Answer: C is incorrect. Domain Name System Security Extensions (DNSSEC) is a suite of Internet Engineering Task Force (IETF) specifications for securing certain kinds of information provided by the Domain Name System (DNS) as used on Internet Protocol (IP) networks. It is a set of extensions to DNS which provide to DNS clients origin authentication of DNS data, authenticated denial of existence, and data integrity, but not availability or confidentiality. Answer: A is incorrect. A honey pot is a computer that is used to attract potential intruders or attackers. It is for this reason that a honey pot has low security permissions. A honey pot is used to gain information about the intruders and their attack strategies. Answer: D is incorrect. Protocol spoofing is used in data communications for enhancing the performance in situations where an currently working protocol is inadequate. In a computer security context, it refers to several forms of falsification of technically unrelated data.

• Question 77:

  Mark works as a Network Administrator for BlueWell Inc. The company has a Windows-based network. Mark has retained his services to perform a security assessment of the company's network that has various servers exposed to the Internet. So, it may be vulnerable to an attack. Mark is using a single perimeter ?rewall, but he does not know if that is enough. He wants to review the situation and make some reliable recommendations so that he can protect the data over company's network. Which of the following will Mark do to accomplish the task?

  A. Outsource the related services.

  B. Encrypt the data and than start transmission.

  C. Locate the Internet-exposed servers and devices in an internal network.

  D. Create a perimeter network to isolate the servers from the internal network.

  Correct Answer: D

  In the above scenario, Mark will create a perimeter network to isolate the servers from the internal network because Internet-exposed servers and devices should not be located in an internal network. They have to be segmented or isolated into a protected part of the network.

• Question 78:

  Which of the following is a secret numeric password shared between a user and a system for authenticating the user to the system?

  A. PIN

  B. Private key

  C. Key escrow

  D. Public key

  Correct Answer: A

  A personal identification number (PIN) is a secret numeric password shared between a user and a system for authenticating the user to the system. Answer: C is incorrect. Key escrow is an arrangement in which the keys needed to decrypt encrypted data are held in escrow so that, under certain circumstances, an authorized third party may gain access to those keys. These third parties may include businesses, who may want access to employees' private communications, or governments, who may wish to be able to view the contents of encrypted communications. Answer: B is incorrect. In cryptography, a private or secret key is an encryption/decryption key known only to the party or parties that exchange secret messages. In traditional secret key cryptography, a key would be shared by the communicators so that each could encrypt and decrypt messages. Answer: D is incorrect. A Public Key is known commonly to everybody. It is used to encrypt data. Only specific users can decrypt it. Data encryption is used to encrypt data so that it can only be decrypted with the corresponding private key owned by the public key owner. The public key is also used to verify digital signatures. This signature is created by the associated private key.

• Question 79:

  Which of the following are the features of security level in the Restricted Sites zone

  A. The protection against harmful content is provided.

  B. The maximum safeguards are used.

  C. Most of the features are disabled.

  D. The default security level is low.

  Correct Answer: ABC

  Answer: C, B, and A

  The various features of security level in the Restricted Sites zone are as follows:

  1.The default security level is high.

  2.Most of the features are disabled.

  3.The maximum safeguards are used.

  4.The protection against harmful content is provided.

• Question 80:

  All your domain controllers are configured for DHCP. Each time the system is booted, it gets a new IP address from the DHCP server. You had also configured the Active Directory on the domain controllers. You want to configure your DNS settings so that it will dynamically update DNS data whenever the IP address of a domain controller changes. How will you configure for dynamic updates?

  A. Configure the DNS server for dynamic updates.

  B. Configure the DHCP server for DNS dynamic updates.

  C. Configure each domain controller for Dynamic update.

  D. Configure the Active directory for dynamic updates.

  Correct Answer: B

  To enable DNS dynamic updates in the DHCP server, open the DHCP console, and then, open the Properties dialog box for the DHCP server. Select the Enable dynamic update of the DNS client information check box in the Dynamic DNS tab. Then, select the Update, according to client request option, to allow the DHCP client computer to update A (host) resource record, and the DHCP server to update the PTR (pointer) resource record.If you want to allow the DHCP server to update both A (host) and PTR (pointer) resource records regardless of the DHCP client computer's request, select Always update forward and reverse lookups option.