Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
25 Cards in this Set
- Front
- Back
|
Which of the following remote access technologies is the LEAST secure?
1.) TELNET 2.) VPN 3.) SSH 4.) IPSec |
1.) TELNET
|
|
|
Which of the following require the use of cryptography? (I) Governmental regulations, (II) VPN, (III) Confidentiality, (IV) Digital signature?
1.) I, II, III 2.) I, II, IV 3.) I, III, IV 4.) II, III, and IV |
2.) I, II, and IV
While confidentiality is often provide by cryptography, it is not required. Digital signature, VPN, and many governmental regulations all require the use of cryptography. |
|
|
Disguising passwords so that a text password is converted into an undecipherable series of bits that attackers cannot easily convert back into the password's text is know as
1.) hashing 2.) encryption 3.) encoding 4.) obfuscation |
1.) hashing
A one-way hash thwarts the objective of stealing a password file, since the attackers cannot retrieve users passwords simply by looking at the stolen password file. |
|
|
Treating individual countermeasures as part of an integrated suite is an example of
1.) application defense. 2.) network infrastructure defense. 3.) defense zones. 4.) defense in depth |
4.) defense in depth
|
|
|
Which of the following is NOT a common incident response analysis technique?
1.) File signatures and electronic discovery 2.) String searching and file fragments 3.) Isolating the affected server 4.) Removing known files |
3.) Isolating the affected server.
Isolating the system is not an incident response analysis technique, but is a potential first step after an incident has been detected. |
|
|
Responsibilities of an incident response team include all the following EXCEPT
1.) determining the cause. 2.) planning equivalent reprisals 3.) acquiring required resources 4.) developing appropriate response procedures |
2.) planning equivalent reprisals
|
|
|
A key factor in being able to correlate international data stored on SEMS (Security Event Management Systems) is
1.) Setting time zone to Coordinated Universal Time (UTC) for all systems. 2.) hashing the data stored on SEMS to preserve integrity 3.) configuring all systems to log to SEMS regardless of business value. 4.) configuring systems to the highest logging levels. |
1.) Setting time zone to UTC for all systems.
|
|
|
In order to follow the five rules of evidence, the evidence MUST be
1.) absolute, accurate, authentic, complete, and convincing 2.) accurate, admissible, authentic, complete, and convincing 3.) accurate, authentic, complete, convincing, and impartial 4.) absolute, accurate, admissible, convincing, and impartial |
2.) accurate, admissible, authentic, complete, and convincing
These are the five rules of evidence. |
|
|
To evade antivirus systems, some viruses alter their own appearance every time they run, without changing their underlying functionality. This is called
1.) camouflage. 2.) mutation. 3.) polymorphism. 4.) stealth |
3.) polymorphism
|
|
|
Which of the following is the MOST common function of Layer 4 firewalls?
1.) protect from insider threats. 2.) control allowed TCP session connections. 3.) protect from malware downloads 4.) solve the problem of transitive trust. |
2.) control allowed TCP session connections.
Layer 4 FWs are best suited to control access to a system/service, particular to the transmission control and user datagram protocols. |
|
|
Which of the following specifications describe router-based access control lists (ACL) actions? (I) Delete (II) Deny (III) Modify (IV) Permit
1.) I and IV 2.) I and III 3.) II and IV 4.) II and III |
3.) I and IV
Permit and deny are actions. Delete and modify are not actions |
|
|
Classification of an object is done by the
1.) security administrator 2.) group. 3.) subject. 4.) data ownder |
4.) data owner.
Classification is always the responsibility of the data owner. |
|
|
One of the weaknesses of network-based sensors is that they cannot
1.) analyze encrypted host traffic. 2.) log the suspected traffic. 3.) alert the management server. 4.) recognize unfragmented packet profiles. |
1.) analyze encrypted host traffic.
Network-based sensors do not have the capability to parse encrypted traffic and recognize attack profiles in fragmented packets. |
|
|
Which of the following will NOT help mitigate risks of data leakage from an endpoint system?
1.) Establishing an AUP - Acceptable Use Policy 2.) Creating a DRP 3.) Implementing a Centralized Management System 4.) Training Employees |
2.) Creating a DRP.
A DRP will not help with the confidentiality of data. |
|
|
A network security professional suspects an individual or process has implemented a convert channel within his area of responsibility. Which of the following methods could be used to validate the suspicions?
1.) Execute a port scan against the suspect device 2.) Employ network-monitoring tools at the point of network egress and ingress. 3.) Employ network-monitoring tools at the source of the suspicion. 4.) Employ network monitoring against the suspected destination. |
3.) Employ network-monitoring tools at the source of the suspicion.
Monitoring at the source of the suspicion will provide the most comprehensive view/list of the network activities being executed. |
|
|
Which of the following is NOT a function of vulnerability testing?
1.) It identifies operating system on the network 2.) It identifies and exploits threats. 3.) It identifies vulnerabilities. 4.) It identifies opportunities to prioritize risk mitigation. |
2.) It identifies and exploits threats.
Vulnerability testing never exploits systems vulnerabilities. |
|
|
Risk mitigation analysis is PRIMARILY concerned with safeguard.
1.) cost/benefit 2.) vendor trustworthiness. 3.) implementation practice. 4.) source selection. |
1.) cost/benefit
There are 3 steps in risk mitigation analysis. Step 1: Safeguard analysis and expected risk mitigation. Step 2: safeguard costing Step 3: safeguard cost/benefit analysis. |
|
|
A fire occurs in the basement of company headquarters where the data center is located. The DR Coordinator is called on the scene to respond to the situation. The FIRST thing the DR Coordinator should do is
1.) quickly assess the damage and decide whether to activate the DRP. 2.) take steps to contain the damage. 3.) inform business owners and the media that a fire has taken place. 4.) ensure that all employees that been evacuated. |
4.) ensure that all employees have been evacuated.
Life safety is the MOST important issue! |
|
|
A system that is programmed to disable a UserID after a predetermined number of failed password login attempts, would be known to have a
1.) off-line password. 2.) benchmark limit. 3.) static password. 4.) threshold limit. |
4.) threshold limit.
|
|
|
A common characteristic of a hoax is that it
1.) cannot contain any form of malware attachment. 2.) can trick the user into installing a Trojan. 3.) can be propagated via malicious javascript. 4.) cannot be used to propagate a virus. |
2.) can trick the user into installing a Trojan.
The storm Trojan was named after a hoax that promised to show gruesome pictures of a storm that swept Western Europe in 2006. It contained an attachment called "Show-more.exe" that was a malicious Trojan that created a backdoor to be exploited later by the propagators. |
|
|
A best practice to prevent company IP blocks from being placed on an e-mail blacklist is to have SMTP traffic.
1.) denied out 2.) denied out, except for mail gateway. 3.) allowed out. 4.) filtered in at the gateway. |
2.) denied out, except for mail gateway.
By blocking outbound SMTP, clients installed with Trojan and/or zombies cannot be used to send spam from the company network to external recipients. |
|
|
Network Infrastructure defenses use content filtering at the
1.) network chokepoints. 2.) honeypot 3.) IDS signature databases. 4.) messaging server. |
1.) network chokepoints.
While a messaging server should use content filtering, it is part of the application layer of the TCP stack and OSI model. At the network layer, content filtering is best implemented at chokepoints. |
|
|
What is a characteristic of a typical honeynet?
1.) It is a hands-off network whose systems require no maintenance. 2.) It is never put off line without powering off the system involved. 3.) It is isolated from network alerting systems 4.) It is not registered in DNS. |
4.) It is not registered in Domain Name system.
Honeynets are not advertised in the DNS, so they can collect automated scans but are not the target of deliberate attacks. this allows safe and effective analysis of automated scans. |
|
|
The steps for processing events in typical Security Event Management Systems (SEMS) are
1.) parsing, pattern matching, rate thresholds, scan detection. 2.) parsing, pattern matching, rate thresholds, correlation. 3.) pattern matching, categorization, prioritization, event count. 4.) parsing, categorization, prioritization, aggregation. |
4.) parsing, categorization, prioritization, aggregation.
Theses 4 are the steps for processing events in typical SEMS. Pattern matching is an analysis technique. Scan detection is a result of event processing. Event counts and rate thresholds are simply counts of events as processed. Correlation is the capability to take information from multiple sources and infer activity. |
|
|
File integrity software notices changes to files PRIMARILY through the use of
1.) file size. 2.) checksums. 3.) file type. 4.) timestamps |
2.) checksums.
File integrity monitors compute a checksum for each file being monitored. |
