A+ 5.0 Chapter 10 Study Guide

advertisement
Name ________________________________________________________ Date ______________
Chapter 10: Security
After completion of this chapter, students should be able to:
• Explain why security is important and describe security threats.
• Explain social engineering, data wiping, hard drive destruction and recycling.
• Identify security procedures.
• Explain what is required in a basic security policy and describe ways to protect data.
• Describe wireless security techniques
• Explain the tasks required to protect physical equipment.
• Identify common preventive maintenance techniques for security.
• Explain measures to maintain operating systems, backup data, configure firewalls, and maintain
accounts.
• Apply the six steps of the troubleshooting process to security.
10.0 Security
1. Where can threats to security come from?
2. What are the two types of general threats to computer security? Give examples of each.
10.1 Security Threats
3. What is malware and what does it do?
4. How is malware typically installed?
Chapter 10: Security
IT Essentials 5.0
Page 1 of 14
5. Differentiate the following types of Malware:
a. Adware
b. Spyware
c. Grayware
d. Phishing
6. Explain what is Phishing and give an example:
7. How is a virus transferred to another computer?
8. Explain how does a virus typically work?
9. What is considers the most potentially damaging type of virus and why?
10. What is a worm and explain how is a worm different from a virus?
11. Explain how even if the worm does not damage data or applications on the hosts it infects, it is
harmful to networks because it:
12. What is a Trojan threat and where are they found?
Chapter 10: Security
IT Essentials 5.0
Page 2 of 14
13. Trojans are often disguised as what?
14. How much do computer viruses cost business annually? (search this)
15. Explain what is Virus protection software and what does it do?
16. What makes a Rootkit especially difficult to deal with?
17. What are five examples of web tools (just list) and explain how can attackers use them?
18. What is InPrivate browsing and what are two ways to activate it in Internet Explorer?
19. What is SPAM?
20. How can Spam be used with a virus?
21. What are six common SPAM indications?
Chapter 10: Security
IT Essentials 5.0
Page 3 of 14
22. Explain these common attacks:
SYN Flood
DoS
DDoS
Spoofing
Man-in-the-Middle
Replay
DNS Poisoning
10.1.1.7 Worksheet - Security Attacks
23. A _____________________________is a person who is able to gain access to equipment or a network by
tricking people into providing the necessary access information.
Chapter 10: Security
IT Essentials 5.0
Page 4 of 14
24. Seven basic precautions to help protect against social engineering:
25. ______________________ is the process of removing sensitive data from hardware and software
before recycling or discarding.
26. The only way to fully ensure that data cannot be recovered from a hard drive is to:
10.2 Security Procedures
27. Explain what is a security policy and why is it needed?
28. What elements should be included in a security policy?
10.2.1.2 Worksheet - Answer Security Policy Questions
29. What questions should you ask to determine security factors?
30. What are at least 4 key areas a security policy should address?
Chapter 10: Security
IT Essentials 5.0
Page 5 of 14
31. What are at least emergency procedures a security policy should address?
32. Explain what is the difference computer between data classified public versus top secret from a
business perspective?
33. What security problem is created when people use each other’s password to log-in?
34. Explain the three levels of password protection that are recommended:
35. List and explain four good password rules/ requirements:
A
B
Chapter 10: Security
IT Essentials 5.0
Page 6 of 14
C
D
36. What is the key difference in file and folders sharing privileges when comparing NTFS and
FAT32?
37. What is meant “Principle of Least Privilege”?
10.2.1.7 Lab - Securing Accounts, Data, and the Computer in Windows 7
10.2.1.8 Lab - Securing Accounts, Data, and the Computer in Windows Vista
10.2.1.9 Lab - Securing Accounts, Data, and the Computer in Windows XP
38. What is a software firewall and how does it work?
39. What do biometric devices use to give access to people? Give one example
40. What make a “smart card” operate?
41. Where are data backups kept and why?
42. What are some considerations for data backups?
Chapter 10: Security
IT Essentials 5.0
Page 7 of 14
43. How does data encryption work on a drive?
44. How can the Bit-Locker application be used?
45. When facing a suspect warning window, what key combination may help safely close it?
46. When a machine reports an infection, what should be the first action taken and why?
10.2.3.2 Worksheet - Third-Party Antivirus Software
47. Why must software manufacturers regularly create and dispense new patches to fix flaws and
vulnerabilities?
48. How are signature files used in keeping computers free from malicious software?
49. Explain what is hash encoding and where is it used?
Chapter 10: Security
IT Essentials 5.0
Page 8 of 14
50. What are the most popular hashing algorithms?
51. What is symmetric encryption?( Give an example in your answer)
52. What is asymmetric encryption? (Give an example in your answer.)
53. When is the private key used?
54. What does the SSID do and how could it be an exploit?
55. How can MAC address filtering be used as a technique to deploy device-level security on a
wireless LAN?
56. Define the following:
Wired Equivalent Privacy (WEP) –
Wi-Fi Protected Access (WPA) –
Lightweight Extensible Authentication Protocol (LEAP), also called EAP-Cisco-
Chapter 10: Security
IT Essentials 5.0
Page 9 of 14
10.2.4.5 Packet Tracer Activity: Wireless Security Techniques Instructor Check:____________
57. What are two ways in which changing the power level in wireless devices can be beneficial?
58. Explain why is it important to change to password (and username if possible) on a wireless
device from the default?
59. Before WPS (Wi-Fi Protected Setup) what did people do for network security and how does WPS
help now?
60. Explain the types of hardware firewall configurations:
• Packet filter –
•
Stateful packet inspection –
•
Application layer –
•
Proxy –
Chapter 10: Security
IT Essentials 5.0
Page 10 of 14
61. What is a network DMZ and what things are usually place there?
10.2.4.8 Worksheet - Research Firewalls
62. What is port forwarding and when might you use it at home?
10.2.4.10 Lab - Configure Wireless Security
63. What are the four interrelated aspects of physical security?
64. What are at least five methods of physically protecting computer equipment?
65. To limit access to a facility, what are some methods that can be used?
10.3 Common Preventive Maintenance Techniques for Security
66. What is a patch and how is it different from a service pack?
10.3.1.2 Worksheet - Operating System Updates in Windows
67. What is a full back-up?
68. What is an incremental backup?
Chapter 10: Security
IT Essentials 5.0
Page 11 of 14
69. What is the difference between an incremental backup and a differential backup? Use a diagram
to support your answer:
70. When should backups be run?
10.3.1.4 Lab - Data Backup and Recovery in Windows 7
10.3.1.5 Lab - Data Backup and Recovery in Windows Vista
10.3.1.6 Lab - Data Backup and Recovery in Windows XP
71. What is the difference between a restrictive verses permissive security policy when dealing with
firewalls?
10.3.1.8 Lab - Configure a Windows 7 Firewall
10.3.1.9 Lab - Configure a Windows Vista Firewall
10.3.1.10 Lab - Configure a Windows XP Firewall
72. What can help limit areas of vulnerability that allow a virus of malicious software to enter the
network?
73. When should an employee’s access be terminated and why?
74. When should guest accounts be used?
10.4 Basic Troubleshooting Process for Security
75. List 3 open ended questions to help identify the problem.
A
B
C
Chapter 10: Security
IT Essentials 5.0
Page 12 of 14
76. List 3 closed ended questions to help identify the problem
A
B
C
77. What are some common probable causes for security problems? (at least 4)
78. That are three quick procedures that can be done to help test your previous theory(s)?
A
B
C
79. If a quick procedure does not correct the problem, what needs to happen?
80. What are some additional resources that can be used to establish a plan of action?
least 4)
81. After you have determined the exact cause of the problem what needs to occur?
Chapter 10: Security
IT Essentials 5.0
Page 13 of 14
(list at
82. What is the final step(s) in troubleshooting and what are at least three actions you may do in
that final step(s)?
10.4.2.2 Worksheet - Gather Information from the Customer
Chapter 10: Security
IT Essentials 5.0
Page 14 of 14
Download