Why pass the 98-367 exam?The 98-367 exam is the most powerful certification you can have on your resume.98-367 is a challenging exam and you must work hard to pass it. With the right focus and the preparation of materials( Get the best exam dumps here https://www.pass4itsure.com/98-367.html ), passing the exam is an achievable goal.
Pass4itsure provide you the valid and latest dumps for the Security Fundamentals (98-367) Exam
- Real exam questions
- Guaranteed success
- Free updates
- Instant downloads
Which of the following states that a user should never be given more privileges than are required to carry out a task?
A. Security through obscurity
B. Segregation of duties
C. Principle of least privilege
D. Role-based security
Correct Answer: C
The principle of least privilege states that a user should never be given more privileges than are required to carry out a
task. The user should not be logged on as an administrator, if the user is not doing administrative work on a computer.
The administrator account should be used for performing tasks, such as changing system time, installing software, or
creating standard accounts. Answer: D is incorrect. Role-based security provided by the .NET Framework allows,
denies access to resources based on a Windows user\\’s identity. It is built on the principle that the user is authenticated
and can be authorized or assigned roles and permissions.
Answer: B is incorrect. Segregation of duties is used to determine whether decision-making, executive tasks, or control
tasks are carried out by a person to avoid unauthorized or unintended changes or the misuse of the organization\\’s
Whether the person needs access to information can also be determined. The risk of information being intentionally or
unintentionally used, altered, or destroyed is increased by unnecessary access. It is called the \\’need to know\\’
Answer: A is incorrect. Security through obscurity is a principle in security engineering, which attempts to use secrecy
(of design, implementation, etc.) to provide security. A system relying on security through obscurity may have theoretical
actual security vulnerabilities, but its owners or designers believe that the flaws are not known, and that attackers are
unlikely to find them.
You would implement a wireless intrusion prevention system to:
A. Prevent wireless interference
B. Detect wireless packet theft
C. Prevent rogue wireless access points
D. Enforce SSID broadcasting
Correct Answer: C
Which two security settings can be controlled by using group policy? (Choose two.)
A. Password complexity
B. Access to the Run… command
C. Automatic file locking
D. Encrypted access from a smart phone
Correct Answer: AB
Which enables access to all of the logged-in user\\’s capabilities on a computer?
A. Java applets
B. ActiveX controls
C. Active Server Pages (ASP)
D. Microsoft Silverlight
Correct Answer: B
What are three examples of factors required for multi-factor authentication? (Choose three.)
A. a username
B. a smart card
C. a fingerprint
D. a password challenge question
E. a pin number
Correct Answer: ACE
John works as a Network Administrator for We-are-secure Inc. The We-are-secure server is based on Windows Server
2003. One day, while analyzing the network security, he receives an error message that Kernel32.exe is encountering a
problem. Which of the following steps should John take as a countermeasure to this situation? Each correct answer
represents a complete solution. Choose all that apply.
A. He should restore his Windows settings.
B. He should upgrade his antivirus program.
C. He should observe the process viewer (Task Manager) to see whether any new process is running on the computer
or not. If any new malicious process is running, he should kill that process.
D. He should download the latest patches for Windows Server 2003 from the Microsoft site, so that he can repair the
Correct Answer: BC
Answer: B and C
In such a situation, when John receives an error message revealing that Kernel32.exe is encountering a problem, he
needs to come to the conclusion that his antivirus program needs to be updated, because Kernel32.exe is not a
file (It is a Kernel32.DLL file.).
Although such viruses normally run on stealth mode, he should examine the process viewer (Task Manager) to see
whether any new process is running on the computer or not. If any new process (malicious) is running on the server, he
should exterminate that process.
Answer: A and D are incorrect. Since kernel.exe is not a real kernel file of Windows, there is no need to repair or
download any patch for Windows Server 2003 from the Microsoft site to repair the kernel.
Note: Such error messages can be received if the computer is infected with malware, such as Worm_Badtrans.b,
Backdoor.G_Door, Glacier Backdoor, Win32.Badtrans.29020, etc.
Which of the following is an authentication protocol?
Correct Answer: A
Kerberos is an industry standard authentication protocol used to verify user or host identity. Kerberos v5 authentication
protocol is the default authentication service for Windows 2000. It is integrated into the administrative and security
model,and provides secure communication between Windows 2000 Server domains and clients.
Answer: C is incorrect. Transport Layer Security (TLS) is an application layer protocol that uses a combination of public
and symmetric key processing to encrypt data.
Answer: B is incorrect. Lightweight Directory Access Protocol (LDAP) is a protocol used to query and modify information
stored within directory services. Answer: D is incorrect. Point-to-Point Tunneling Protocol (PPTP) is a method for
implementing virtual private networks. PPTP does not provide confidentiality or encryption. It relies on the protocol being
tunneled to provide privacy. It is used to provide secure, low-cost remote access to corporate networks through public
networks such as the Internet. Using PPTP, remote users can use PPP- enabled client computers to dial a local ISP
and connect securely to the corporate network through the Internet. PPTP has been made obsolete by Layer 2
Protocol (L2TP) and IPSec.
You work as a Network Administrator for Net Perfect Inc. The company has a Windows Server 2008 network
environment. The network is configured as a Windows Active Directory-based single forest single domain network. You
want to configure Network Access Protection (NAP) on your network. You want that the clients connecting to the
network must contain certain configurations. Which of the following Windows components ensure that only clients
having certain health benchmarks access the network resources? Each correct answer represents a part of the solution.
A. Windows Firewall
B. System Health Agents (SHA)
C. Terminal Service
D. System Health Validators (SHV)
E. TS Gateway
Correct Answer: BD
Answer: B and D The System Health Agents (SHA) and System Health Validators (SHV) are the components of
Windows Server 2008 to validate a computer\\’s health against a configured set of security benchmarks. These
components are parts of Network Access Protection deployed on a network. The SHV component specifies which
benchmarks the client must meet. The SHA component specifies configuration against those benchmarks that are being
tested. They ensure that computers accessing resources on the network meet certain client health benchmarks.
Answer: A is incorrect. Windows firewall is used to prevent network from unauthorized access. It can be one of the
benchmarks configured for health checkup. Answer: E and C are incorrect. TS Gateway and Terminal Service are not
used to enforce configurations specified in the
Shredding documents helps prevent:
A. Man-in-the-middle attacks
B. Social engineering
C. File corruption
D. Remote code execution
E. Social networking
Correct Answer: B
Mark works as a Security Officer for TechMart Inc. The company has a Windows- based network. He has bees
assigned a project for ensuring the safety of the customer\\’s money and information, not to mention the company\\’s
reputation. The company has gone through a security audit to ensure that it is in compliance with industry regulations
and standards. Mark understands the request and has to do his due diligence for providing any information the
regulators require as they are targeting potential security holes. In this situation, his major concern is the physical
security of his company\\’s system. Which of the following actions will Mark take to ensure the physical security of the
company\\’s desktop computers?
A. Call a team member while behaving to be someone else for gaining access to sensitive information.
B. Develop a social awareness of security threats within an organization.
C. Use group policies to disable the use of floppy drives or USB drives.
D. Provide protection against a Distributed Denial of Services attack.
Correct Answer: C
The group policies are used to disable the use of floppy drives or USB drives to ensure physical security of desktop
computers. Several computers are able to use the mechanism of attaching a locking device to the desktops, but
disabling USB and floppy drives can disable a larger set of threats. Answer: D is incorrect. While stressing the
Con?dentiality, Integrity, and Availability triangle in the training of users, the process of providing availability is related to
security training to ensure the protection against a Distributed Denial of Services attack.
Mark works as a Network Administrator for NetTech Inc. The company has a Windows Server 2008 domain-based
network. Mark configures Network Access Protection (NAP) on the network. He then configures secure wireless access
to the network from all access points on the network. He also configures 802.1x authentication for accessing the
network. Mark wants to ensure that all computers connecting to the network are checked by NAP for the required
configuration and update status. What will Mark do to accomplish the task?
A. Configure all computers connecting to the network with IPSec.
B. Configure all access points as RADIUS clients to Distributed File System.
C. Configure Link-local Multicast Name Resolution (LLMNR) on the network.
D. Configure all access points as RADIUS clients to Network Policy Server (NPS).
Correct Answer: D
In order to accomplish the task, Mark will have to configure all access points as RADIUS clients to Network Policy
Server (NPS). Network Access Protection (NAP) is a set of operating system components included with the Windows
Server 2008 and Windows Vista/7 operating systems. It ensures that the client computers on a private network meet
administrator-defined requirements for system health. NAP policies define the required configuration and update status
for a client computer\\’s operating system and critical software. For example, an administrator can set policies that
computers might be required to have antivirus software with the latest virus definition installed and current operating
system updates. Using NAP, a network administrator can enforce compliance with health requirements for the client
computers connection to the network. NAP helps network administrators to reduce the risk caused by improperly
configured client computers that might be exposed to viruses and other malicious software. Network Policy Server
(NPS) is a Remote Authentication Dial-In User Service (RADIUS) server and proxy in Windows Server 2008. It allows
administrator to create and enforce network access policies for client health, connection request authentication, and
connection request authorization. It can be used to centrally manage network access through a variety of network
access servers, including wireless access points, VPN servers, dial-up servers, and 802.1X authenticating switches.
NPS can also be used to deploy secure password authentication with Protected Extensible Authentication Protocol
(PEAP)-MS-CHAP v2 for wireless connections. Answer B is incorrect. Distributed file system (Dfs) is a network server
component: that makes it easier for users to find files and resources on distributed enterprise networks. It permits the
linking of servers and shares into a simpler, more meaningful name space. Dfs provides improved load sharing and data
availability. Answer: A is incorrect. IPSec has nothing to do with the solution. Answer: C is incorrect. Configuring Linklocal Multicast Name Resolution (LLMNR) on the network has nothing to do with the solution.
You are volunteering at an organization that gets a brand new web server. To make the server more secure, you should
add a second administrator account.
Select the correct answer if the underlined text does not make the statement correct. Select “No change is needed” if
the underlined text makes the statement correct.
A. Disable unused services
B. Enable LM authentication
C. Enable NTLM authentication
D. No change is needed.
Correct Answer: A
What are two examples of physical site security? (Choose two.)
A. keeping machines in locked offices
B. sending backups to a remote location
C. enforcing multi-factor authentication
D. using BitLocker encryption on drives
Correct Answer: AB
For more information you can visit https://www.pass4itsure.com/98-367.html
Pass4itsure.com gives you updated Microsoft 98-367 exam dumps questions and answers. You can also get up to 10% off 98-367 Microsoft-prepared materials.
What certification is Microsoft 98-367 exam related to?
Microsoft 98–367 exam is related to MTA certification.
MTA certifications are a great place to start if you would like to get into the technology field. MTA certifications address a wide spectrum of fundamental technical concepts, assess and validate core technical knowledge, and enhance technical credibility.
- Exam 98-349
- Exam 98-361
- Exam 98-364
- Exam 98-365
- Exam 98-366
- Exam 98-367
- Exam 98-368
- Exam 98-375
- Exam 98-381
- Exam 98-382
- Exam 98-383
- Exam 98-388
Get Prepared From 98-367 Exam Dumps PDF
[Google Drive]Real 98-367 Dumps PDF For Download:
[youtube.com] Microsoft 98-367 Practice Exam Online
You can easily prepare for the 98-367 exam with a practice dumps, which can help you to pass your 98-367 with ease.