Review 4

Question 1

To make changes to Internet Explorer policies that correspond to an OU, you need a domain controller.

Answer 1

True—Organizational units (OUs) are parts of the Active Directory on a domain controller.

Question 2

Alt+F8 is the key combination that closes pop-up windows.

Answer 2

False—Alt+F4 is the key combination used to close pop-up windows. Alt+F8 would open macros in many programs

Question 3

. A proxy server acts as a go-between of a client computer’s web browser and the web server.

Answer 3

True—The proxy server is the mediator between the client and the server. In this case, the server would be an HTTP proxy.

Question 4

To accept fewer cookies, you would add them to the Restricted Sites zone.

Answer 4

False—Web addresses (or URLs) are added to the Restricted Sites zone. To accept fewer cookies, a user can adjust the slider in the Privacy tab of IE.

Question 5

ActiveX controls can run on any browser platform.

Answer 5

False. ActiveX controls run on IE, whereas Java applets can run on any platform.

Question 6

The Network tab in Firefox is used to connect to a proxy server.

Answer 6

True—To connect to a proxy server through the Firefox web browser, you would access the Network tab and select the Manual proxy configuration radio button.

Question 7

Adblock Plus is an add-on to IE used to block third-party advertisement pop-ups

Answer 7

False—Adblock Plus is an add-on to Firefox, but it does block third-party ads and pop-ups when installed to that browser.

Question 8

UAC keeps every user in standard mode instead of in administrator mode by default.

Answer 8

True—User Account Control (UAC) keeps every user (besides the actual Administrator account) in standard user mode instead of as an administrator with full administrative rights—even if they are a member of the administrators group.

Question 9

One way of protecting Microsoft Outlook is to use a password for opening or modifying documents

Answer 9

False—Passwords used in association with documents are a way of safeguarding Microsoft Word or Excel files. In Microsoft Outlook, the .PST file can be password protected.

Question 10

Input validation is a process that ensures the correct usage of data.

Answer 10

True—If data is not validated correctly, it can lead to security vulnerabilities and data corruption. Input validation ensures the correct usage of data.

Question 11

Timothy complains about a lot of pop-up Windows when he uses Internet Explorer. Which key combination should you tell him to use to close the pop-up Windows? 
A. Ctrl+Alt+Del 
B. Alt+F4 
C. Ctrl+Shift+Esc 
D. Windows key

Answer 11

B. Alt+F4 is the key combination a user should use to close pop-up windows, instead of clicking the window. Ctrl+Alt+Del either brings up the task manager or the security dialog box, depending on the version of Windows and the way it is configured. Ctrl+Shift+Esc opens the task manager, and the Windows key opens the Start menu.

Question 12

James doesn’t want people to see where he browsed to on the Internet. What is a good way to clear his Internet browsing history?
A. Checkmark the Empty Temporary Internet Files Folder When the Browser Is Closed check box.
B. Use cross-site scripting.
C. Use the disk defragmenter.
D. Clear all cookies in the Advanced Privacy Settings dialog box.

Answer 12

A. By checkmarking the Empty Temporary Internet Files Folder When the Browser Is Closed check box, all temporary Internet files will be cleared as long as the user closes the browser. Cross-site scripting is when the attacker manipulates a client computer into executing code. Disk defragmenter rearranges the contents of a hard disk but does not delete temporary Internet files. Clearing cookies is a good idea; however, all the actual HTML files will still be stored on the hard drive.

Question 13

Which of the following is placed in an application by programmers either knowingly or inadvertently to bypass normal authentication? 
A. Input validation 
B. Sandbox 
C. Back door 
D. Virus

Answer 13

C. A backdoor is placed within applications, operating systems, and network devices to bypass normal authentication. Input validation is a process that ensures the correct usage of data and is commonly used by programmers and developers. A sandbox is when a web script runs in its own environment. A virus is a malicious piece of code that can cause damage to a computer if opens and executed by a user.

Question 14

How can Internet Explorer be centrally managed for several computers?
A. In the Advanced tab of the Internet Options dialog box
B. By way of a group policy
C. By creating an organizational unit
D. In the Registry

Answer 14

B. Group policies can be used in a domain environment to centrally manage Internet Explorer running on multiple computers. The Internet Options dialog box in Internet Explorer enables a user to configure settings for that individual browser. Group policies should be linked to an organizational unit. The Registry can manage Internet Explorer for a single computer but no more than that.

Question 15

Which of the following should you include as general browser security practices? (Select the two best answers.) 
A. Use the latest browser. 
B. Use a proxy server. 
C. Train your users. 
D. Use multiple web browsers.

Answer 15

B and C. By using a proxy server, users are shielded from the Internet; the proxy server acts as a go-between for the user’s web browser and the web server. Training your users is always a good idea to increase security. Using the latest browser is usually not a good idea, especially if updates have not been released for it. It’s a good idea to use a single web browser platform for all the client computers. Multiple web browsers can cause confusion and can create a less secure environment.

Question 16

Your boss wants you to make changes to the Internet Explorer programs on 20 computers. To do this quickly, what is the best solution? 
A. Use a proxy server. 
B. Create an organizational unit. 
C. Create a script. 
D. Create and use a template.

Answer 16

D. By creating and using a security template and pushing the information from that template to each computer, you can quickly make changes to all the computers’ Internet Explorer web browsers. This can also be done in a domain by using a policy associated with an organizational unit. It is possible to write a script, but this will probably not be as quick as a template.

Question 17

What is the most common port used when connecting an Internet Explorer browser to a proxy server for use with HTTP connections?
A. 53 
B. 80 
C. 443 
D. 21

Answer 17

B. Port 80 is the most common port used for making proxy connections to web servers. Port 53 is the port associated with DNS. Port 443 is associated with HTTPS. Port 21 is associated with FTP. Although Port 21 and Port 443 can be used when making proxy connections, Port 80 is by far the most common.

Question 18

Which tab in the Internet Options dialog box of Internet Explorer enables a person to make secure connections through a VPN? 
A. Advanced tab 
B. Content tab 
C. Programs tab 
D. Connections tab

Answer 18

D. The connections tab enables a user to make secure connections through a VPN and also may enable connections via a proxy server. The Advanced tab has many security settings, including configuring SSL certificates and what type of SSL is used. The Content tab enables parental controls. The Programs tab can manage add-on programs such as ActiveX controls.

Question 19

Which of the following attacks uses a JavaScript image tag in an email? 
A. SQL injection 
B. Cross-site scripting 
C. Cross-site request forgery 
D. Directory traversal

Answer 19

B. Cross-site scripting (XSS) can be initiated on web forms or through email. It often uses JavaScript to accomplish its means. SQL injection is when code (SQL-based) is inserted into forms or databases. Cross-site request forgery (CSRF) is when a user’s browser sends unauthorized commands to a website, without the user’s consent. Directory traversal is when an attacker attempts to gain access to higher directories in an OS.

Question 20

Of the following, what are three ways to increase the security of Microsoft Outlook? (Select the three best answers.)
A. Password protect .PST files.
B. Increase the junk email security level.
C. Set macro security levels.
D. Install the latest service pack.

Answer 20

A, B, and D. The .PST file contains all the information of an individual’s Microsoft Outlook profile; by password protecting it, the file cannot be copied and used elsewhere unless the other user can crack the password. By increasing the junk email security level, less spam will be let through into the inbox in Outlook, decreasing the chances of a user clicking on a malicious email. Installing the latest service pack for Microsoft Office is important; it is done in much the same manner as service pack installations for Windows. Setting macro security levels is something that is usually done in Microsoft Excel.