Chapter 8 Host Defense

Which of the following actions should you take to reduce the attack surface of a server? Install antimalware software Disable unused services Install the latest patches and hotfixes Install a hostbased IDS

Which of the following describes a configuration baseline? The minimum services required for a server to function A set of performance statistics that identifies normal operating performance A list of common security settings that a group or all devices share A collection of security settings that can be automatically applied to a device

You have recently experienced a security incident with one of your servers. After some research, you determine that hotfix #568994 that has recently been released would have protected the server. Which of the following recommendations should you follow when applying the hotfix? Apply the hotfix immediately to all servers. Apply the hotfix immediately to the server? apply the hotfix to other devices only as the security threat manifests itself. Test the hotfix, then apply it to the server that had the problem. Test the hotfix, then apply it to all servers.

You have just purchased a new network device and are getting ready to connect it to your network. Which of the following should you do to increase its security? select two Apply all patches and updates Conduct privilege escalation Remove any backdoors Change default account passwords

Which of the following terms describes a Windows operating system patch that corrects a specific problem and is release on a short-term, periodic basis (typically monthly)? Service pack Targeted software patch Kernel fix kit Hotfix

Which of the following is the best recommendation for applying hotfixes to your servers? Apply hotfixes immediately as they are released Apply only the hotfixes that apply to software running on your systems Apply all hotfixes before applying the corresponding service pack Wait until a hotfix becomes a patch, then apply it

By definition, what is the process of reducing security exposure and tightening security controls? Social engineering Hardening Passive reconnaissance Active scanning

When securing a newly deployed server, which of the following rules of thumb should be followed? Disable all services not associated with supporting shared network services. Determine the unneeded services and their dependencies before altering the system. Disable all unused services. Disable each service in turn, then test the system for negative effects

Which of the following tools can you use on a Windows network to automatically distributed and install software and operating system patches on workstations? select two Security Templates WSUS Group Policy Security Configuration and Analysis

You have contracted with a vendor to supply a custom application that runs on Windows workstations. As new application versions and patches are released, you want to be able to automatically apply these to multiple computers. Which tool would be the best choice to use? Security Configuration and Analysis Group Policy Security Templates WSUS

You want to give all managers the ability to view edit a certain file. To do so, you need to edit the discretionary access control list (DACL) associated with the file. You want to be able to easily add and remove managers as their job positions change. What is the best way to accomplish this? -Create a distribution group for the managers. Add all users as members of the group. Add the group to the file's DACL. -Add one manager to the DACL granting all permissions. Have this user add other managers as required. -Add each user account to the file's DACL. -Create a security group for the managers. Add all users as members of the group. Add the group to the file's DACL.

You have two folders that contain documents used by various departments: • The Development group has been given the Write permission to the Design folder. • The Sales group has been given the Write permission to the Products folder. No other permissions have been given to either group. User Mark Tillman needs to have the Read permission to the Design folder and the Write permission to the Products folder. You want to use groups as much as possible. What should you do? Make Mark a member of the Development and Sales groups. Add Mark's user account directly to the ACL for both the Design and Products folder. Make Mark a member of the Development group? add Mark's user account directly to the ACL for the Products folder. Make Mark a member of the Sales group? add Mark's user account directly to the ACL for the Design folder.

You have multiple users who are computer administrators. You want each administrator to be able to shut down systems and install drivers. What should you do? select two Grant the group the necessary user rights. Add the group to the SACL. Create a security group for the administrators? add all user accounts to the group. Add the group to the DACL. Create a distribution group for the administrators? add all user accounts to the group.

You have a file server named Srv3 that holds files used by the Development department. You want to allow users to access the files over the network, and control access to files when files are accessed through the network or through a local logon. Which solution should you implement? NTFS permissions and file screens Share permissions and file screens NTFS and share permissions Share permissions and quotas

You have a shared folder named Reports. Members of the Managers group have been given Write access to the shared folder. Mark Mangum is a member of the Managers group. He needs access to the files in the Reports folder, but should not have any access to the Confidential.xls file. What should you do? Add Mark Mangum to the ACL for the Reports directory with Deny permissions. Remove Mark Mangum from the Managers group. Add Mark Mangum to the ACL for the Confidential.xls file with Deny permissions. Configure NTFS permissions for the Confidential.xls to allow Read only.

You have placed an FTP server in your DMZ behind your firewall. The FTP server will be used to distribute software updates and demonstration versions of your products. Users report that they are unable to access the FTP server. What should you do to enable access? Move the FTP outside of the firewall Install a VPN Open ports 20 and 21 for inbound and outbound connections Define user accounts for all external visitors

Many popular operating system allow for quick and easy sharing of files and printers with other network members. Which of the following is not a means by which file and printer sharing is hardened? Allowing NetBIOS traffic outside of your secured network Hosting all shared resources on a single centralized and secured server Logging all activity Imposing granular access control via ACLs