Question 1

Performing regular backups of data on a system is a critical control&#10;that assists with maintaining the integrity of the system and user data.

Accepted Answer

Regular backups help to ensure that important data is not lost in case of a system failure or disaster. It also allows for easy recovery of data if an issue does occur.

Question 2

A malicious driver can potentially bypass many security controls to&#10;install malware.

Accepted Answer

A malicious driver can potentially bypass many security controls because drivers have elevated privileges that allow them to interact directly with hardware and the operating system. This can enable the driver to install malware without detection or restriction by traditional security measures such as antivirus software or firewalls.

Question 3

Lower layer security does not impact upper layers.

Accepted Answer

In a layered security model, lower layer security directly impacts the security of upper layers. If lower layers are compromised, the security of the entire system can be at risk, as upper layers rely on the integrity and security of lower layers.

Question 4

Most large software systems do not have security weaknesses.

Accepted Answer

Most large software systems have security weaknesses, as they are complex and can have vulnerabilities that may not have been identified or addressed.

Question 5

The default configuration for many operating systems usually&#10;maximizes security.

Accepted Answer

The default configuration for many operating systems usually
maximizes security.

فتح الحزمة

افتح القفل للوصول البطاقات البالغ عددها 45 في هذه المجموعة.

فتح الحزمة

k this deck

Question 6

You should run automatic updates on change-controlled systems.

Accepted Answer

Change-controlled systems require a managed and scheduled approach to updates to ensure compatibility and prevent disruptions, making automatic updates potentially risky.

Question 7

Ideally new systems should be constructed on an unprotected network&#10;in order to prevent installation restrictions.

Accepted Answer

New systems should not be constructed on an unprotected network as it increases the risk of security breaches and unauthorized access. It is important to have proper security measures in place before building or installing any new systems.

Question 8

The first step in deploying new systems is _________.&#10;A)security testing&#10;B)installing patches&#10;C)planning&#10;D)secure critical content

Accepted Answer

The first step in deploying new systems is planning. This involves assessing the organization's needs and goals, identifying the necessary resources, and developing a timeline and budget for implementation. Without proper planning, the deployment process is likely to encounter significant challenges and may not achieve its intended goals. Security testing, installing patches, and securing critical content are all vital steps in the deployment process but follow after the planning phase.

Question 9

__________ applications is a control that limits the programs that can execute on the system to just those in an explicit list.&#10;A)Virtualizing&#10;B)White listing&#10;C)Logging&#10;D)Patching

Accepted Answer

Whitelisting applications is a control that limits the programs that can execute on the system to just those in an explicit list. This helps to prevent unauthorized or malicious software from running on the system. Virtualizing, logging, and patching are different types of controls that serve different purposes.

Question 10

The purpose of the system does not need to be taken into consideration&#10;during the system security planning process.

Accepted Answer

The purpose of the system is a critical factor in determining the level of security required in the planning process. Different systems may require different security measures depending on their purpose and the potential risks and threats they may face.

Question 11

Each layer of code needs appropriate hardening measures in place to&#10;provide appropriate security services.

Accepted Answer

The answer of Each layer of code needs appropriate hardening...

Question 12

The following steps should be used to secure an operating system:&#10;A)test the security of the basic operating system&#10;B)remove unnecessary services&#10;C)install and patch the operating system&#10;D)all of the above

Accepted Answer

The answer of The following steps should be used to...

Question 13

Manual analysis of logs is a reliable means of detecting adverse&#10;events.

Accepted Answer

The answer of Manual analysis of logs is a reliable...

Question 14

It is possible for a system to be compromised during the installation&#10;process.

Accepted Answer

The answer of It is possible for a system to...

Question 15

Passwords installed by default are secure and do not need to be&#10;changed.

Accepted Answer

The answer of Passwords installed by default are secure and...

Question 16

A plan needs to identify appropriate personnel to install and manage&#10;the system,noting any training needed.

Accepted Answer

The answer of A plan needs to identify appropriate personnel...

Question 17

The first critical step in securing a system is to secure the __________.&#10;A)base operating system&#10;B)system administrator&#10;C)malware protection mechanisms&#10;D)remote access privileges

Accepted Answer

The answer of The first critical step in securing a...

Question 18

Backup and archive processes are often linked and managed together.

Accepted Answer

The answer of Backup and archive processes are often linked...

Question 19

Which of the following need to be taken into consideration during the system security planning process?&#10;A)how users are authenticated&#10;B)the categories of users of the system&#10;C)what access the system has to information stored on other hosts&#10;D)all of the above

Accepted Answer

The answer of Which of the following need to be...

Question 20

A very common configuration fault seen with Web and file transfer
servers is for all the files supplied by the service to be owned by the
same "user" account that the server executes as.

Accepted Answer

The answer of A very common configuration fault seen with...

Question 21

The range of logging data acquired should be determined _______.&#10;A)during security testing&#10;B)as a final step&#10;C)after monitoring average data flow volume&#10;D)during the system planning stage

Accepted Answer

The answer of The range of logging data acquired should...

Question 22

______ systems should not run automatic updates because they may possibly introduce instability.&#10;A)Configuration controlled&#10;B)Policy controlled&#10;C)Change controlled&#10;D)Process controlled

Accepted Answer

The answer of ______ systems should not run automatic updates...

Question 23

______ is the process of retaining copies of data over extended periods of time,being months or years,in order to meet legal and operational requirements to access past data.

Accepted Answer

The answer of ______ is the process of retaining copies...

Question 24

The needs and policy relating to backup and archive should be determined ______.&#10;A)as a final step&#10;B)during the system planning stage&#10;C)during security testing&#10;D)after recording average data flow volume

Accepted Answer

The answer of The needs and policy relating to backup...

Question 25

The three operating system security layers are: physical hardware,operating system kernel,and _________.

Accepted Answer

The answer of The three operating system security layers are:...

Question 26

The aim of the specific system installation planning process is to maximize _______ while minimizing costs.

Accepted Answer

The answer of The aim of the specific system installation...

Question 27

The most important changes needed to improve system security are to ______.&#10;A)disable remotely accessible services that are not required&#10;B)ensure that applications and services that are needed are appropriately configured&#10;C)disable services and applications that are not required&#10;D)all of the above

Accepted Answer

The answer of The most important changes needed to improve...

Question 28

The final step in the process of initially securing the base operating system is ________.

Accepted Answer

The answer of The final step in the process of...

Question 29

_______ is the process of making copies of data at regular intervals allowing the recovery of lost or corrupted data over relatively short time periods of a few hours to some weeks.

Accepted Answer

The answer of _______ is the process of making copies...

Question 30

Cryptographic file systems are another use of _______.&#10;A)encryption&#10;B)testing&#10;C)virtualizing&#10;D)acceleration

Accepted Answer

The answer of Cryptographic file systems are another use of...

Question 31

______ is a reactive control that can only inform you about bad things that have already happened.

Accepted Answer

The answer of ______ is a reactive control that can...

Question 32

System security begins with the installation of the ________.

Accepted Answer

The answer of System security begins with the installation of...

Question 33

Unix and Linux systems grant access permissions for each resource using the ______ command.

Accepted Answer

The answer of Unix and Linux systems grant access permissions...

Question 34

______ are resources that should be used as part of the system security planning process.&#10;A)Texts&#10;B)Online resources&#10;C)Specific system hardening guides&#10;D)All of the above

Accepted Answer

The answer of ______ are resources that should be used...

Question 35

Once the system is appropriately built,secured,and deployed,the process of maintaining security is ________.&#10;A)complete&#10;B)no longer a concern&#10;C)continuous&#10;D)sporadic

Accepted Answer

The answer of Once the system is appropriately built,secured,and deployed,the...

Question 36

The ______ process makes copies of data at regular intervals for recovery of lost or corrupted data over short time periods.&#10;A)logging&#10;B)backup&#10;C)hardening&#10;D)archive

Accepted Answer

The answer of The ______ process makes copies of data...

Question 37

Security concerns that result from the use of virtualized systems include ______.&#10;A)guest OS isolation&#10;B)guest OS monitoring by the hypervisor&#10;C)virtualized environment security&#10;D)all of the above

Accepted Answer

The answer of Security concerns that result from the use...

Question 38

Unix and Linux systems use a ________ which restricts the server's view of the file system to just a specified portion.

Accepted Answer

The answer of Unix and Linux systems use a ________...

Question 39

_______ systems should validate all patches on test systems before deploying them to production systems.

Accepted Answer

The answer of _______ systems should validate all patches on...

Question 40

The ______ process retains copies of data over extended periods of time in order to meet legal and operational requirements.&#10;A)archive&#10;B)virtualization&#10;C)patching&#10;D)backup

Accepted Answer

The answer of The ______ process retains copies of data...

Question 41

Guest OSs are managed by a ______,or VMM,that coordinates access between each of the guests and the actual physical hardware resources.

Accepted Answer

The answer of Guest OSs are managed by a ______,or...

Question 42

______ virtualization systems are more common in clients,where they run along side other applications on the host OS,and are used to support applications for alternate operating system versions or types.

Accepted Answer

The answer of ______ virtualization systems are more common in...

Question 43

Configuration information in Windows systems is centralized in the _______,which forms a database of keys and values.

Accepted Answer

The answer of Configuration information in Windows systems is centralized...

Question 44

________ refers to a technology that provides an abstraction of the computing resources that run in a simulated environment.

Accepted Answer

The answer of ________ refers to a technology that provides...

Question 45

______ virtualization systems are typically seen in servers,with the goal of improving the execution efficiency of the hardware.

Accepted Answer

The answer of ______ virtualization systems are typically seen in...

Deck 12: Operating System Security