Logical Security Quiz

 A type of hierarchical database structure used in Windows Server environments that enables
centralized management of devices and resources on a network is known as
o Active directory
 On a Windows domain, this tool can be used by system administrators to configure initial
desktop environment (which may include mapping a network drive or setting up access to a
shared printer) for a specific user
o Login script
 Which of the following terms describes a large network of Windows-based PCs under single
administration
o Windows domain
 In Windows Active Directory environment, this feature enables centralized management and
configuration of operating systems, applications, and user account settings
o Group Policy
 Windows Active Directory service allows for grouping users and computers into containers
known as Organizational Units (OUs). An OU is that smallest unit to which system
administrators can assign Group Policy settings to manage the configuration and use of
accounts and resources within a given OU
o TRUE
 In Windows Domain environment, the term “Home Folder” refers to a directory on a local PC
where users can back up their data and files
o FALSE
 Which of the Windows Active Directory Group Policy settings allows network administrators
to map a folder on a user’s PC to a server-based location
o Folder redirection
 Which of the following is an example of a soft token
o Authenticator App
 Which type of software enables a centralized administration of mobile devices
o MDM
 What is the name of a logical security access control method in which a 48-bit physical
address assigned to each Network Interface Card (NIC) is used to determine access to the
network
o MAC address filtering
 Which of the following answers refers to an example implementation of certificate-based
authentication
o Smart card
 Virus definition database files contain detection patterns for known viruses. To be effective,
an AV program need up-to-date versions of these files which can be obtained through an AV
software update
o TRUE
 An antivirus database entry used for identifying malicious code is known as virus
o Signature
 An antivirus software is kept up to date via
o Engine updates
o Virus signature updates
 Which of the following is a common firewall type used for protecting a single computer
 o Host-based firewall
o Software firewall
 Which of the following firewall types would provide the best protection for an ingess/egress
point of a corporate network
o Hardware firewall
o Network-based firewall
 Which of the following is a set of firewall entries containing information on traffic considered
safe enough to pass through
o Whitelist
 In IT security, the term “User Authentication” refers to the process of proving user identity
to a system. Authentication process can be based on different categories of authentication
factors, including unique physical traits of each individual, such as fingerprints (“something
you are”), physical tokens such as smart cards (“something you have”), or username and
passwords (“something you know”). Additional factors might include geolocation
(“Somewhere you are”), or user-specific activity patterns such as keyboard typing style
(“something you do”). Multi-factor authentication systems require implementation of
authentication factors from two or more different categories
o TRUE
 Which of the following statements are true
o NTFS permissions apply to both network and local users
o NTFS permissions can be applied to a folder or individual file
 VPN connection types are divided into remote-access VPNs (used for connecting a computer
to a network), and site-to-site VPNs (used for connecting networks)
o TRUE
 Which of the following ensures the privacy of a VPN connection
o Tunneling
 Which of the following is a dedicated device designed to manage encrypted connections
established over an untrusted network such as the Internet
o VPN concentrator
 Examples of secure network protocols used for establishing VPN connections include
o IPsec
o TLS
 Which of the following acronyms refers to software or hardware-based security solutions
designed to detect and prevent unauthorized use and transmission of confidential
information outside of the corporate network
o DLP
 Which of the following is a set of rules that specify which users or system processes are
granted access to objects as well as what operations are allowed on a given object
o ACL
 A rule-based access control mechanism implemented on routers, switches, and firewalls is
known as
o ACL
 What is the function of a laptop’s smart card reader
o Access control
 Which of the following logical security controls provides a countermeasure against
unsolicited electronic messages (a.k.a. spam)
o Email filtering
 Which of the following can be used by system/network administrators to restrict a user’s
ability to install software
o AUP
o Group Policy
o Principle of least privilege
o MDM solutions
 One of the ways of confirming that a software application comes from a trusted source is the
verification of its digital signature. A digitally signed software proves the identity of the
developer and guarantees that the application code hasn’t been tampered with since it was
signed. The authenticity and integrity of the application’s code can be verified by comparing
results of a cryptographic hash function (original hash published by the application
developer vs. hash obtained from a downloaded app.)
o TRUE
 A security rule that prevents users from accessing information and resources that lie beyond
the scope of their responsibilities Is known as the principle of least privilege
o TRUE