Microsoft 98-367 Online Practice Questions and Exam Preparation

Microsoft 98-367 Online Questions & Answers

• Question 101:

  Which of the following is a attack type that is used to poison a network or computer to the point where the system is turned into unusable state?

  A. Mail bombing
  B. Pharming
  C. Protocol spoofing
  D. Denial of service (DOS)
  D. Denial of service (DOS)

  ---

  Denial of service (DOS) attack is an attack that is used to poison a network or computer to the point where the system is turned into a unusable state. Answer A is incorrect. Mail bombing is an attack that is used to overwhelm mail:

  servers and clients by sending a large number of unwanted e-mails. The aim of this type of attack is to completely fill the recipient's hard disk with immense, useless files, causing at best irritation, and at worst total computer failure. E-mail

  filtering and properly configuring email relay functionality on mail servers can be helpful for protection against this type of attack.

  Answer: B is incorrect. Pharming is a hacker's attack aiming to redirect a Web site's traffic to another Web site. Pharming can be conducted either by changing the hosts files on a victim's computer or by exploitation of a vulnerability in DNS

  server software. DNS servers are computers responsible for resolving Internet names into their IP addresses. Incorrect entries in a computer's hosts files are a popular target for malware.

  Answer: C is incorrect. Protocol spoofing is used in data communications for enhancing the performance in situations where an currently working protocol is inadequate. In a computer security context, it refers to several forms of falsification of

  technically unrelated data.

• Question 102:

  Mark works as a Network Administrator for BlueWell Inc. The company has a Windows-based network. Mark has retained his services to perform a security assessment of the company's network that has various servers exposed to the Internet. So, it may be vulnerable to an attack. Mark is using a single perimeter ?rewall, but he does not know if that is enough. He wants to review the situation and make some reliable recommendations so that he can protect the data over company's network. Which of the following will Mark do to accomplish the task?

  A. Outsource the related services.
  B. Encrypt the data and than start transmission.
  C. Locate the Internet-exposed servers and devices in an internal network.
  D. Create a perimeter network to isolate the servers from the internal network.
  D. Create a perimeter network to isolate the servers from the internal network.

  ---

  In the above scenario, Mark will create a perimeter network to isolate the servers from the internal network because Internet-exposed servers and devices should not be located in an internal network. They have to be segmented or isolated into a protected part of the network.

• Question 103:

  Mark works as a Security Administrator for TechMart Inc. The company has a a Windows-based network. Mark has gone through a security audit for ensuring that the technical system is secure and protected. While this audit, he identified many areas that need improvement. He wants to minimize the risk for potential security threats by educating team members in the area of social engineering, and providing basic security principle knowledge while stressing the Con?dentiality, Integrity, and Availability triangle in the training of his team members . Which of the following ways will Mark use for educating his team members on the social engineering process?

  A. He will call a team member while behaving to be someone else for gaining access to sensitive information.
  B. He will use group policies to disable the use of floppy drives or USB drives.
  C. He will develop a social awareness of security threats within an organization.
  D. He will protect against a Distributed Denial of Services attack.
  A. He will call a team member while behaving to be someone else for gaining access to sensitive information.

  ---

  Social engineering can be defined as any type of behavior used to inadvertently or deliberately aid an attacker in gaining access to an authorized user's password or other sensitive information. Social engineering is the art of convincing people and making them disclose useful information such as account names and passwords. This information is further exploited by hackers to gain access to a user's computer or network. This method involves mental ability of people to trick someone rather than their technical skills. A user should always distrust people who ask him for his account name, password, computer name, IP address, employee ID, or other information that can be misused.

  Answer: B is incorrect. The group policies are used to disable the use of floppy drives or USB drives to ensure physical security of desktop computers. Several computers are able to use the mechanism of attaching a locking device to the desktops, but disabling USB and floppy drives can disable a larger set of threats. Answer: D is incorrect. While stressing the Con? dentiality, Integrity, and Availability triangle in the training of users, the process of providing availability is related to security training to ensure the protection against a Distributed Denial of Services attack.

• Question 104:

  You have a Windows 7 desktop computer, and you create a Standard User account for your roommate so that he can use the desktop from time to time. Your roommate has forgotten his password.

  Which two actions can you take to reset the password? (Choose two.)

  A. Use your password reset disk.
  B. Use your administrator account.
  C. Boot into Safe Mode with your roommate's account.
  D. From your roommate's account press CTRL+ALT+DELETE, and then click Change a password.
  A. Use your password reset disk.
  B. Use your administrator account.

• Question 105:

  Which of the following types of viruses protects itself from antivirus programs and is more difficult to trace?

  A. Armored virus
  B. MBR virus
  C. Boot sector virus
  D. Macro virus
  A. Armored virus

  ---

  An armored virus is designed to stop antivirus researchers from examining its code by using various methods to make tracing and disassembling difficult. This type of virus also protects itself from antivirus programs, making it more difficult to trace. Answer: D is incorrect. A macro virus is a virus that consists of a macro code which infects the system. A Macro virus can infect a system rapidly. Since this virus has VB event handlers, it is dynamic in nature and displays random activation. The victim has only to open a file having a macro virus in order to infect the system with the virus. DMV, Nuclear, and Word Concept are some good examples of macro viruses. Answer: C is incorrect. A boot sector virus infects the master boot files of the hard disk or floppy disk. Boot record programs are responsible for booting the operating system. The boot sector virus copies these programs into another part of the hard disk or overwrites these files. Answer: B is incorrect. A Master boot record (MBR) virus replaces the boot sector data with its own malicious code. Every time when the computer starts up, the boot sector virus executes.

• Question 106:

  To prevent users from copying data to removable media, you should:

  A. Lock the computer cases
  B. Apply a group policy
  C. Disable copy and paste
  D. Store media in a locked room
  B. Apply a group policy

  ---

  Reference: http://blogs.technet.com/b/askds/archive/2008/08/25/removable-storage-group-policy-and-windows-server-2008-and-windows-vista.aspx

• Question 107:

  For each of the following statements, select Yes if the statement is true. Otherwise, select No. Each correct selection is worth one point.

  Hot Area:

  

  

• Question 108:

  How does the sender policy framework (SPF) aim to reduce spoofed email?

  A. It provides a list of IP address ranges for particular domains so senders can be verified.
  B. It includes an XML policy file with each email that confirms the validity of the message.
  C. It lists servers that may legitimately forward mail for a particular domain.
  D. It provides an encryption key so that authenticity of an email message can be validated
  A. It provides a list of IP address ranges for particular domains so senders can be verified.

• Question 109:

  Which of the following is a set of rules that control the working environment of user accounts and computer accounts?

  A. Mandatory Access Control
  B. Access control list
  C. Group Policy
  D. Intrusion detection system
  C. Group Policy

  ---

  Group Policy is a feature of the Microsoft Windows NT family of operating systems. It is a set of rules, which control the working environment of user accounts and computer accounts. Group Policy provides the centralized management and configuration of operating systems, applications, and users' settings in an Active Directory environment. Group Policy is often used to restrict certain actions that may pose potential security risks. For example, block access to the Task Manager, restrict access to certain folders, disable the downloading of executable files, and so on. As part of Microsoft's IntelliMirror technologies, Group Policy aims to reduce the cost of supporting users. IntelliMirror technologies relate to the management of disconnected machines or roaming users and include roaming user profiles, folde redirection, and offline files.

  

  Answer: A is incorrect. Mandatory Access Control (MAC) is a model that uses a predefined set of access privileges for an object of the system. Access to an object is restricted on the basis of the sensitivity of the object and granted through authorization. Sensitivity of an object is defined by the label assigned to it. For example, if a user receives a copy of an object that is marked as "secret", he cannot grant permission to other users to see this object unless they have the appropriate permission. Answer: D is incorrect. An Intrusion detection system (IDS) is used to detect unauthorized attempts to access and manipulate computer systems locally or through the Internet or an intranet. It can detect several types of attacks and malicious behaviors that can compromise the security of a network and computers. This includes network attacks against vulnerable services, unauthorized logins, and access to sensitive data, and malware (e.g. viruses, worms, etc.). An IDS also detects attacks that originate from within a system. In most cases, an IDS has three main components: Sensors, Console, and Engine. Sensors generate security events. A console is used to alert and control sensors and to monitor events. An engine is used to record events and to generate security alerts based on received security events. In many IDS implementations, these three components are combined into a single device. Basically, the following two types of IDS are used: Network-based IDS Host-based IDS Answer: B is incorrect. Access control list (ACL) is a rule list containing access control entries. It is used to allow or deny access to network resources. ACL can be implemented on network users and network devices such as routers and firewalls. Routers and firewalls use ACL to determine which packets should be forwarded or dropped.

• Question 110:

  Mark works as a Security Officer for TechMart Inc. The company has a Windows- based network. He has bees assigned a project for ensuring the safety of the customer's money and information, not to mention the company's reputation. The company has gone through a security audit to ensure that it is in compliance with industry regulations and standards. Mark understands the request and has to do his due diligence for providing any information the regulators require as they are targeting potential security holes. In this situation, his major concern is the physical security of his company's system. Which of the following actions will Mark take to ensure the physical security of the company's desktop computers?

  A. Call a team member while behaving to be someone else for gaining access to sensitive information.
  B. Develop a social awareness of security threats within an organization.
  C. Use group policies to disable the use of floppy drives or USB drives.
  D. Provide protection against a Distributed Denial of Services attack.
  C. Use group policies to disable the use of floppy drives or USB drives.

  ---

  The group policies are used to disable the use of floppy drives or USB drives to ensure physical security of desktop computers. Several computers are able to use the mechanism of attaching a locking device to the desktops, but disabling USB and floppy drives can disable a larger set of threats. Answer: D is incorrect. While stressing the Con?dentiality, Integrity, and Availability triangle in the training of users, the process of providing availability is related to security training to ensure the protection against a Distributed Denial of Services attack.