Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
50 Cards in this Set
- Front
- Back
|
Which of the following would be BEST to use to apply corporate security settings to a device?
a. A security patch b. A security hotfix c. An OS service pack d. A security template |
d. A security template
|
|
|
On which of the following is a security technician MOST likely to find usernames?
a. DNS logs b. Application logs c. Firewall logs d. DHCP logs |
b. Application logs
|
|
|
Which of the following is a way to manage operating system updates?
a. Service pack management b. Patch application c. Hotfix management d. Change management |
d. Change management
|
|
|
A programmer has decided to alter the server variable in the coding of an authentication function for a proprietary sales application. Before implementing the new routine on the production application server, which of the following processes should be followed?
a. Change management b. Secure disposal c. Password complexity d. Chain of custody |
a. Change management
|
|
|
When deploying 50 new workstations on the network, which of following should be completed FIRST?
a. Install a word processor. b. Run the latest spyware. c. Apply the baseline configuration. d. Run OS updates. |
c. Apply the baseline configuration.
|
|
|
Which of the following may be an indication of a possible system compromise?
a. A port monitor utility shows that there are many connections to port 80 on the Internet facing web server. b. A performance monitor indicates a recent and ongoing drop in speed, disk space or memory utilization from the baseline. c. A protocol analyzer records a high number of UDP packets to a streaming media server on the Internet. d. The certificate for one of the web servers has expired and transactions on that server begins to drop rapidly. |
A performance monitor indicates a recent and ongoing drop in speed, disk space or memory utilization from the baseline.
|
|
|
After implementing file auditing, which of the following logs would show unauthorized usage attempts?
a. Performance b. System c. Security d. Application |
c. Security
|
|
|
Which of the following would be MOST useful to determine why packets from a computer outside the network are being dropped on the way to a computer inside the network?
a. HIDS log b. Security log c. Firewall log d. System log |
c. Firewall log
|
|
|
Which of the following specifies a set of consistent requirements for a workstation or server?
a. Vulnerability assessment b. Imaging software c. Patch management d. Configuration baseline |
d. Configuration baseline
|
|
|
A technician suspects that a piece of malware is consuming too many CPU cycles and slowing down a system. Which of the following will help determine the amount of CPU cycles that are being consumed?
a. Install HIDS to determine the CPU usage. b. Run performance monitor to evaluate the CPU usage. c. Install malware scanning software. d. Use a protocol analyzer to find the cause of the traffic. |
b. Run performance monitor to evaluate the CPU usage.
|
|
|
An administrator has developed an OS install that will implement the tightest security controls possible. In order to quickly replicate these controls on all systems, which of the following should be established?
a. Take screen shots of the configuration options. b. Create an image from the OS install. c. Create a boot disk for the operating system. d. Implement OS hardening procedures. |
b. Create an image from the OS install.
|
|
|
Sending a patch through a testing and approval process is an example of which of the following?
a. Disaster planning b. Change management c. Acceptable use policies d. User education and awareness training |
b. Change management
|
|
|
A user is convinced that someone is attempting to use their user account at night. Which of the following should an administrator check FIRST in order to prove or disprove this claim?
a. The IDS logs b. The security application logs c. The local security logs d. The firewall logs |
c. The local security logs
|
|
|
An intrusion has been detected on a companys network from the Internet. Which of the following should be checked FIRST?
a. The firewall logs b. The DNS logs c. The access logs d. The performance logs |
a. The firewall logs
|
|
|
Configuration baselines should be taken at which of the following stages in the deployment of a new system?
a. Before initial configuration b. Before loading the OS c. After a user logs in d. After initial configuration |
d. After initial configuration
|
|
|
An administrator is running a network monitoring application that looks for behaviors on the network outside the standard baseline that has been established. This is typical of a(n):
a. signature-based tool. b. protocol analyzer. c. honeynet. d. anomaly-based tool. |
d. anomaly-based tool.
|
|
|
If a technician wants to know when a computer application is accessing the network, which of the following logs should be reviewed?
a. Antivirus log b. RADIUS log c. Performance log d. Host firewall log |
d. Host firewall log
|
|
|
A technician notices delays in mail delivery on the mail server. Which of the following tools could be used to determine the cause of the service degradation?
a. Port scanner b. Performance monitor c. ipconfig /all d. TFTP |
b. Performance monitor
|
|
|
Which of the following would be the easiest to use in detection of a DDoS attack?
a. Performance monitor b. Application log c. System log d. Protocol analyzer |
a. Performance monitor
|
|
|
Which of the following is BEST used to determine whether network utilization is abnormal?
a. Security log b. Performance baseline c. Application log d. Systems monitor |
b. Performance baseline
|
|
|
From a security standpoint, which of the following is the BEST reason to implement performance monitoring applications on network systems?
a. To detect network intrusions from external attackers b. To detect integrity degradations to network attached storage c. To detect host intrusions from external networks d. To detect availability degradations caused by attackers |
d. To detect availability degradations caused by attackers
|
|
|
Which of the following tools will allow a technician to detect security-related TCP connection anomalies?
a. Logical token b. Performance monitor c. Public key infrastructure d. Trusted platform module |
b. Performance monitor
|
|
|
Which of the following monitoring methodologies will allow a technician to determine when there is a security related problem that results in an abnormal condition?
a. Signature-based b. NIDS c. Anomaly-based d. NIPS |
c. Anomaly-based
|
|
|
Which of the following describes the standard load for all systems?
a. Configuration baseline b. Group policy c. Patch management d. Security template |
a. Configuration baseline
|
|
|
A botnet zombie is using HTTP traffic to encapsulate IRC traffic. Which of the following would detect this encapsulated traffic?
a. Vulnerability scanner b. Proxy server c. Anomaly-based IDS d. Rootkit |
c. Anomaly-based IDS
|
|
|
An administrator suspects an issue retrieving files on the network and accesses the file servers performance monitor to check the results against:
a. the performance baseline. b. yesterdays performance. c. the system monitor. d. the manufacturers website. |
a. the performance baseline.
|
|
|
Which of the following logs shows when the workstation was last shutdown?
a. DHCP b. Security c. Access d. System |
d. System
|
|
|
Which of the following is a best practice auditing procedure?
a. Mitigate vulnerabilities b. Review user access and rights c. Set strong password requirements d. Draft an email retention policy |
b. Review user access and rights
|
|
|
Audit trails are used for which of the following?
a. Availability b. Accountability c. Authorization d. Continuity |
b. Accountability
|
|
|
Executing proper logging procedures would facilitate which of the following requirements?
a. Ignore suspicious queries to the DNS server. b. Investigate suspicious queries to the DNS server. c. Block suspicious queries to the DNS server. d. Monitor suspicious queries to the DNS server in real time. |
b. Investigate suspicious queries to the DNS server.
|
|
|
Which of the following is a concern when setting logging to a debug level?
a. The log may fill up with extraneous information. b. The device or application will only operate in test mode. c. Some important events will not get logged. d. The events may not contain enough details. |
. The log may fill up with extraneous information.
|
|
|
Which of the following activities commonly involves feedback from departmental managers or human resources?
a. Clearing cookies from the browser b. Resetting an employee password c. User access and rights review d. Setting system performance baseline |
c. User access and rights review
|
|
|
A technician finds that a malicious user has introduced an unidentified virus to a single file on the network. Which of the following would BEST allow for the user to be identified?
a. Access logs b. Performance log c. Firewall logs d. Antivirus logs |
a. Access logs
|
|
|
A company’s accounting application requires users to be administrators for the software to function correctly. Because of the security implications of this, a network administrator builds a user profile which allows the user to still use the application but no longer requires them to have administrator permissions. Which of the following is this an example of?
a. Configuration baseline b. Group policy c. Security template d. Privilege escalation |
c. Security template
|
|
|
An administrator in an organization with 33,000 users would like to store six months of Internet proxy logs on a dedicated logging server for analysis and content reporting. The reports are not time critical, but are required by upper management for legal obligations. All of the following apply when determining the requirements for the logging server EXCEPT:
a. log details and level of verbose logging. b. time stamping and integrity of the logs. c. performance baseline and audit trails. d. log storage and backup requirements. |
c. performance baseline and audit trails.
|
|
|
Which of the following tools would be BEST for monitoring changes to the approved system baseline?
a. Enterprise resource planning software b. Enterprise performance monitoring software c. Enterprise antivirus software d. Enterprise key management software |
b. Enterprise performance monitoring software
|
|
|
A periodic security audit of group policy can:
a. show that data is being correctly backed up. b. show that PII data is being properly protected. c. show that virus definitions are up to date on all workstations. d. show that unnecessary services are blocked on workstations. |
d. show that unnecessary services are blocked on workstations.
|
|
|
Which of the following is the primary purpose of an audit trail?
a. To detect when a user changes security permissions b. To prevent a user from changing security permissions c. To prevent a user from changing security settings d. To detect the encryption algorithm used for files |
a. To detect when a user changes security permissions
|
|
|
Which of the following describes a common problem encountered when conducting audit log reviews?
a. The timestamp for the servers are not synchronized. b. The servers are not synchronized with the clients. c. The audit logs cannot be imported into a spreadsheet. d. The audit logs are pulled from servers on different days. |
a. The timestamp for the servers are not synchronized.
|
|
|
Which of the following is the BEST approach when reducing firewall logs?
a. Review chronologically. b. Discard known traffic first. c. Search for encrypted protocol usage. d. Review each protocol one at a time. |
b. Discard known traffic first
|
|
|
A technician wants to be able to add new users to a few key groups by default, which of the following would allow this?
a. Auto-population b. Template c. Default ACL d. Inheritance |
b. Template
|
|
|
A technician gets informed that there is a worm loose on the network. Which of the following should the technician review to discover the internal source of the worm?
a. Maintenance logs b. Antivirus logs c. Performance logs d. Access logs |
b. Antivirus logs
|
|
|
Which of the following requires an update to the baseline after installing new software on a machine?
a. Signature-based NIPS b. Signature-based NIDS c. Honeypot d. Behavior-based HIDS |
d. Behavior-based HIDS
|
|
|
Which of the following should be considered when implementing logging controls on multiple systems? (Select TWO).
a. VLAN segment of the systems b. Systems clock synchronization c. Systems capacity and performance d. External network traffic e. Network security zone of the systems |
b. Systems clock synchronization
c. Systems capacity and performance |
|
|
Security templates are used for which of the following purposes? (Select TWO).
a. To ensure that email is encrypted by users of PGP b. To ensure that PKI will work properly within the companys trust model c. To ensure that performance is standardized across all servers d. To ensure that all servers start from a common security configuration e. To ensure that servers are in compliance with the corporate security policy |
d. To ensure that all servers start from a common security configuration
e. To ensure that servers are in compliance with the corporate security policy |
|
|
Executing proper logging procedures would be the proper course of action in which of the following scenarios? (Select TWO).
a. Need to prevent access to a file or folder b. Need to know which files have been accessed c. Need to know who is logging on to the system d. Need to prevent users from logging on to the system e. Need to capture monitor network traffic in real time |
b. Need to know which files have been accessed
c. Need to know who is logging on to the system |
|
|
Which of the following should be considered when executing proper logging procedures? (Select TWO).
a. The information that is needed to reconstruct events b. The number of disasters that may occur in one year c. The password requirements for user accounts d. The virtual memory allocated on the log server e. The amount of disk space required |
a. The information that is needed to reconstruct events
e. The amount of disk space required |
|
|
Which of the following are recommended security measures when implementing system logging procedures? (Select TWO).
a. Perform a binary copy of the system. b. Apply retention policies on the log files. c. Collect system temporary files. d. Perform hashing of the log files. e. Perform CRC checks. |
b. Apply retention policies on the log files.
d. Perform hashing of the log files. |
|
|
Which of the following BEST describes actions pertaining to user account reviews? (Select TWO).
a. User account reports are periodically extracted from systems and employment verification is performed. b. User accounts and their privileges are periodically extracted from systems and reports are kept for auditing purposes. c. User accounts and their privileges are periodically extracted from systems and are reviewed for the appropriate level of authorization. d. User accounts reports are periodically extracted from systems and end users are informed. e. User accounts reports are periodically extracted from systems and user access dates are verified |
a. User account reports are periodically extracted from systems and employment verification is performed.
c. User accounts and their privileges are periodically extracted from systems and are reviewed for the appropriate level of authorization. |
|
|
Setting a baseline is required in which of the following? (Select TWO).
a. Anomaly-based monitoring b. NIDS c. Signature-based monitoring d. NIPS e. Behavior-based monitoring |
a. Anomaly-based monitoring
e. Behavior-based monitoring |
