Question 1

It is possible for a system to be compromised during the installation&#10;process.

Accepted Answer

During the installation process, there may be vulnerabilities or opportunities for attackers to gain access to the system and potentially compromise it. Therefore, it is important to take necessary precautions such as conducting a security audit and installing necessary security measures before and during the installation process.

Question 2

Backup and archive processes are often linked and managed together.

Accepted Answer

Backup processes involve regularly creating copies of data to protect against data loss, while archive processes involve moving data that is no longer actively used to a separate storage location. Both processes aim to preserve data and ensure its availability in case of future needs, and thus are often managed together to optimize storage resources and data management practices.

Question 3

The purpose of the system does not need to be taken into consideration&#10;during the system security planning process.

Accepted Answer

The purpose of the system is an important factor to consider during the system security planning process, as it can impact the level of security necessary and the potential risks that need to be addressed.

Question 4

The first step in deploying new systems is _________.&#10;A)security testing&#10;B)installing patches&#10;C)planning&#10;D)secure critical content

Accepted Answer

Planning is the first step in deploying new systems. It involves identifying the systems' requirements, creating a deployment plan, and establishing project timelines and responsibilities. Without proper planning, new systems may not meet the organization's needs or be implemented in a way that minimizes disruptions to operations.

Question 5

Manual analysis of logs is a reliable means of detecting adverse&#10;events.

Accepted Answer

Manual analysis of logs is prone to human error, can be time-consuming, and may not effectively detect subtle or complex adverse events, especially in large or complex systems. Automated tools and algorithms are often required for more reliable detection.

Question 6

The first critical step in securing a system is to secure the __________.&#10;A)base operating system&#10;B)system administrator&#10;C)malware protection mechanisms&#10;D)remote access privileges

Accepted Answer

The first critical step in securing a system is to secure the base operating system. This includes ensuring that all security patches and updates are installed, configuring security settings, and hardening the system against potential attacks. Once the base operating system is secure, other security measures such as malware protection mechanisms and remote access privileges can be implemented. However, if the base operating system is vulnerable, it can be easily compromised regardless of any additional security measures in place.

Question 7

You should run automatic updates on change-controlled systems.

Accepted Answer

Change-controlled systems require a managed and scheduled approach to updates to ensure compatibility and prevent disruptions, making automatic updates potentially risky.

Question 8

Lower layer security does not impact upper layers.

Accepted Answer

In a layered security model, lower layer security directly impacts the security of upper layers. If lower layers are compromised, the security of the entire system can be at risk, as upper layers rely on the integrity and security of lower layers.

Question 9

A plan needs to identify appropriate personnel to install and manage&#10;the system,noting any training needed.

Accepted Answer

It is important to identify appropriate personnel for installation and management of the system, and determine if any additional training is needed for them.

Question 10

__________ applications is a control that limits the programs that can execute on the system to just those in an explicit list.&#10;A)Virtualizing&#10;B)White listing&#10;C)Logging&#10;D)Patching

Accepted Answer

White listing applications is a control that limits the programs that can execute on the system to just those in an explicit list. This helps to prevent unauthorized or malicious software from being executed on the system.

Question 11

Most large software systems do not have security weaknesses.

Accepted Answer

The answer of Most large software systems do not have...

Question 12

The following steps should be used to secure an operating system:&#10;A)test the security of the basic operating system&#10;B)remove unnecessary services&#10;C)install and patch the operating system&#10;D)all of the above

Accepted Answer

The answer of The following steps should be used to...

Question 13

Each layer of code needs appropriate hardening measures in place to&#10;provide appropriate security services.

Accepted Answer

The answer of Each layer of code needs appropriate hardening...

Question 14

A very common configuration fault seen with Web and file transfer
servers is for all the files supplied by the service to be owned by the
same "user" account that the server executes as.

Accepted Answer

The answer of A very common configuration fault seen with...

Question 15

Ideally new systems should be constructed on an unprotected network&#10;in order to prevent installation restrictions.

Accepted Answer

The answer of Ideally new systems should be constructed on...

Question 16

Passwords installed by default are secure and do not need to be&#10;changed.

Accepted Answer

The answer of Passwords installed by default are secure and...

Question 17

Which of the following need to be taken into consideration during the system security planning process?&#10;A)how users are authenticated&#10;B)the categories of users of the system&#10;C)what access the system has to information stored on other hosts&#10;D)all of the above

Accepted Answer

The answer of Which of the following need to be...

Question 18

The default configuration for many operating systems usually&#10;maximizes security.

Accepted Answer

The answer of The default configuration for many operating systems...

Question 19

Performing regular backups of data on a system is a critical control&#10;that assists with maintaining the integrity of the system and user data.

Accepted Answer

The answer of Performing regular backups of data on a...

Question 20

A malicious driver can potentially bypass many security controls to&#10;install malware.

Accepted Answer

The answer of A malicious driver can potentially bypass many...

Question 21

Cryptographic file systems are another use of _______.&#10;A)encryption&#10;B)testing&#10;C)virtualizing&#10;D)acceleration

Accepted Answer

The answer of Cryptographic file systems are another use of...

Question 22

Unix and Linux systems use a ________ which restricts the server's view of the file system to just a specified portion.

Accepted Answer

The answer of Unix and Linux systems use a ________...

Question 23

______ systems should not run automatic updates because they may possibly introduce instability.&#10;A)Configuration controlled&#10;B)Policy controlled&#10;C)Change controlled&#10;D)Process controlled

Accepted Answer

The answer of ______ systems should not run automatic updates...

Question 24

_______ systems should validate all patches on test systems before deploying them to production systems.

Accepted Answer

The answer of _______ systems should validate all patches on...

Question 25

The range of logging data acquired should be determined _______.&#10;A)during security testing&#10;B)as a final step&#10;C)after monitoring average data flow volume&#10;D)during the system planning stage

Accepted Answer

The answer of The range of logging data acquired should...

Question 26

______ is the process of retaining copies of data over extended periods of time,being months or years,in order to meet legal and operational requirements to access past data.

Accepted Answer

The answer of ______ is the process of retaining copies...

Question 27

The final step in the process of initially securing the base operating system is ________.

Accepted Answer

The answer of The final step in the process of...

Question 28

The most important changes needed to improve system security are to ______.&#10;A)disable remotely accessible services that are not required&#10;B)ensure that applications and services that are needed are appropriately configured&#10;C)disable services and applications that are not required&#10;D)all of the above

Accepted Answer

The answer of The most important changes needed to improve...

Question 29

The three operating system security layers are: physical hardware,operating system kernel,and _________.

Accepted Answer

The answer of The three operating system security layers are:...

Question 30

______ is a reactive control that can only inform you about bad things that have already happened.

Accepted Answer

The answer of ______ is a reactive control that can...

Question 31

Security concerns that result from the use of virtualized systems include ______.&#10;A)guest OS isolation&#10;B)guest OS monitoring by the hypervisor&#10;C)virtualized environment security&#10;D)all of the above

Accepted Answer

The answer of Security concerns that result from the use...

Question 32

_______ is the process of making copies of data at regular intervals allowing the recovery of lost or corrupted data over relatively short time periods of a few hours to some weeks.

Accepted Answer

The answer of _______ is the process of making copies...

Question 33

The aim of the specific system installation planning process is to maximize _______ while minimizing costs.

Accepted Answer

The answer of The aim of the specific system installation...

Question 34

The ______ process makes copies of data at regular intervals for recovery of lost or corrupted data over short time periods.&#10;A)logging&#10;B)backup&#10;C)hardening&#10;D)archive

Accepted Answer

The answer of The ______ process makes copies of data...

Question 35

______ are resources that should be used as part of the system security planning process.&#10;A)Texts&#10;B)Online resources&#10;C)Specific system hardening guides&#10;D)All of the above

Accepted Answer

The answer of ______ are resources that should be used...

Question 36

Unix and Linux systems grant access permissions for each resource using the ______ command.

Accepted Answer

The answer of Unix and Linux systems grant access permissions...

Question 37

System security begins with the installation of the ________.

Accepted Answer

The answer of System security begins with the installation of...

Question 38

The needs and policy relating to backup and archive should be determined ______.&#10;A)as a final step&#10;B)during the system planning stage&#10;C)during security testing&#10;D)after recording average data flow volume

Accepted Answer

The answer of The needs and policy relating to backup...

Question 39

Once the system is appropriately built,secured,and deployed,the process of maintaining security is ________.&#10;A)complete&#10;B)no longer a concern&#10;C)continuous&#10;D)sporadic

Accepted Answer

The answer of Once the system is appropriately built,secured,and deployed,the...

Question 40

The ______ process retains copies of data over extended periods of time in order to meet legal and operational requirements.&#10;A)archive&#10;B)virtualization&#10;C)patching&#10;D)backup

Accepted Answer

The answer of The ______ process retains copies of data...

Question 41

______ virtualization systems are typically seen in servers,with the goal of improving the execution efficiency of the hardware.

Accepted Answer

The answer of ______ virtualization systems are typically seen in...

Question 42

______ virtualization systems are more common in clients,where they run along side other applications on the host OS,and are used to support applications for alternate operating system versions or types.

Accepted Answer

The answer of ______ virtualization systems are more common in...

Question 43

Guest OSs are managed by a ______,or VMM,that coordinates access between each of the guests and the actual physical hardware resources.

Accepted Answer

The answer of Guest OSs are managed by a ______,or...

Question 44

Configuration information in Windows systems is centralized in the _______,which forms a database of keys and values.

Accepted Answer

The answer of Configuration information in Windows systems is centralized...

Question 45

________ refers to a technology that provides an abstraction of the computing resources that run in a simulated environment.

Accepted Answer

The answer of ________ refers to a technology that provides...

Deck 12: Operating System Security