ExamWise For CIW Security Professional: Exam 1D0-470 by Chad Bayer
ISBN:1590954076
TotalRecall Press © 2002 (362 pages) This guide will help readers determine if they are ready for the CIW 1D0-470 certification exam.
RIPPED BY “BUSTER” ExamWise For CIW Security Professional– Exam 1D0-470 Online testing provided by BeachFrontQuizzer, Inc. Friendswood, Texas 77546 Author Chad M. Bayer Published by TotalRecall Publications, Inc. 1103 Middlecreek Friendswood, TX 77546 281-992-3131 TotalRecall Publications, Inc. A division of BeachFront Quizzer, Inc. Copyright ( 2002 by TotalRecall Publications, Inc.. All rights reserved. Printed in the United States of America. Except as permitted under the United States Copyright Act of 1976, No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means electronic or mechanical or by photocopying, recording, or otherwise without the prior permission of the publisher. If you are dissatisfied with the products or services provided, please contact, TotalRecall Publications, P.O. 1741 Friendswood, TX 77546 (281-992-3131). The views expressed in this book are solely those of the author, and do not represent the views of any other party or parties. ISBN: 1-59095-407-6 UPC: 6-43977-43470-8 The sponsoring editor for this book was Bruce Moran and the production supervisor was Corby Tate. This publication is not sponsored by, endorsed by, or affiliated with ProSoft, ProSoft Training, www.ciwcertified.com or Certified Internet Webmaster. The CIW®, CIWCertified.com®, CIW™, and all other Certified Internet Webmaster logos, trademarks, or registered trademarks are the property of CIW in the United States and certain other
countries. All other trademarks are trademarks of their respective owners. Throughout this book, trademarked names are used. Rather than put a trademark symbol after every occurrence of a trademarked name, we used names in an editorial fashion only and to the benefit of the trademark owner. No intention of infringement on trademarks is intended. Disclaimer Notice: Judgments as to the suitability of the information herein for purchaser’s purposes are necessarily the purchaser’s responsibility. BeachFront Quizzer, Inc. and TotalRecall Publications, Inc. extends no warranties, makes no representations, and assumes no responsibility as to the accuracy or suitability of such information for application to the purchaser’s intended purposes or for consequences of its use except as described in the Guarantee. Dedication This book is dedicated to my father, Carl Bayer. Thanks for always being there. Chad M. Bayer About the Authors Chad Bayer has been working in the computer industry for over 6 years and is currently CIW Certifiable. His background is quite varied in regards to CIW and is interested in both the engineering of software and hardware. Chad is working towards his computer engineering degree at the University of Texas in Dallas. About the Book Part of the TotalRecall: IT Question Book Series For CIW certification, this new Self Help and Interactive Exam Study Aid is now available for candidate’s preparing to sit the CIW 1D0-470 Operating Systems Security, Network Security and Firewalls, and Security Auditing, Attacks and Threat Analysis exam. The book covers the information associated with each of the exam topics in detail and includes information found in no other book. Using the book will help readers determine if they are ready for the CIW 1D0-470 certification exam. This book provides Questions, Answers, and Explanations that explain the concepts in a clear and easy-to-understand manner. This book is designed for the Experienced user that desires to build their confidence by refreshing their knowledge of CIW material. About Online Testing www.bfqonline.com practice tests include Self Help and Interactive Exam Study Aid with instant feed back for simulated and adaptive testing with detailed explanations. Register your book purchase at www.TotalRecallPress.com or send an email to
[email protected] for your free 30 day Registration. Located in the back of this book are the instructions for obtaining your Free 30 day Registration for the online practice test. The Registration is good for access to only the CIW Fundamentals Exam. 1D0-470 Exam Preparation For Operating Systems Security, Network Security and Firewalls, and Security Auditing, Attacks and Threat Analysis
CIW Certification Home Page http://www.ciwcertified.com/default.asp CIW Certification Path Information http://www.ciwcertified.com/certifications/program.asp?comm=home&llm=3 CIW Exam 1D0-470 guide location http://www.ciwcertified.com/exams/1d0470.asp?comm=home&llm=4 Note Exam subject matter and skills being measured are subject to change at any time without prior notice and at CIW’s sole discretion Certification Credit Upon successful completion of this exam, you will achieve CIW Professional status. This exam also provides elective credit towards ! CIW Certified Instructor status ! Master CIW Administrator certification Exam Audience Network server administrators, firewall administrators, systems administrators, application developers, and IT security officers. Candidates should have the following prerequisites completed before taking the exam: CIW Foundations, CIW Server Administrator, and CIW Internetworking Professional or equivalent skills. Prerequisites Candidates must complete the following prerequisites prior to sitting the CIW Security Professional exam: ! CIW Certification Agreement. This simple on-line agreement needs to be completed only once, but is necessary for CIW Certification Central to ship CIW certificates (CIW Associate, CIW Professional or Master CIW certificates) to candidates who pass the required CIW certification exam(s). ! CIW Associate certificate. Passing the CIW Foundations exam 1D0-410 is required for those candidates to achieve CIW Professional, Master CIW Administrator, and/or Master CIW Web Site Manager certification designation. ! CIW Server Administrator. Passing the CIW Server Administrator exam 1D0-450 is required for those candidates seeking Master CIW Administrator certification designation. ! CIW Internetworking Professional. Passing the CIW Internetworking Professional exam 1D0-460 is required for those candidates seeking Master CIW Administrator certification designation. ! No candidate is restricted from taking the CIW Security Professional exam. However, it is highly recommended that candidates take (and pass) CIW exams in sequential order. ! CIW Security Professional certification is a requirement for Master CIW Administrator certification. Exam Information Students who have taken CIW courses are encouraged to continue their studies and apply their new skills before attempting the 1D0-470 CIW Security Professional exam. Skills taught in CIW Security Professional courses are best reinforced with real-world experience.
The candidate is responsible for learning the content and achieving a passing score on the 1D0-470 CIW Security Professional exam. Comments regarding course delivery should be referred to the training company that delivered the course. Any 1D0-470 CIW Security Professional exam will be subject to the following: ! Each delivery of the exam will include a random selection of 60 items. ! The examination period will be 75 minutes. To achieve a passing score on the 1D0-470 CIW Security Professional exam, candidates must: ! Correctly answer at least 45 of the 60 questions to achieve a total score of 75% or greater, ! Answer at least 70% of the questions correctly in each individual module. Module
Number of Items
Network Security and Firewalls
22
Operating Systems Security
16
Security Auditing, Attacks and Threat Analysis
22
Each exam item offers four solutions or distracters. Exam candidates must select the one best solution for each item. Skills Measured A CIW Security Professional implements security policy, identifies security threats, and develops countermeasures using firewall systems and attack-recognition technologies. This individual is responsible for managing the deployment of e-business transaction and payment security solutions. Skills measured in the 1D0-470 exam include but are not limited to: ! Network perimeter security and elements of an effective security policy. ! Encryption, including the three main encryption methods used in internetworking. ! Universal guidelines and principles for effective network security, as well as guidelines to create effective specific solutions. ! Security principles and security attack identification. ! Firewall types and common firewall terminology. ! Firewall system planning including levels of protection. ! Network firewall deployment. ! Network security including industry security evaluation criteria and guidelines used to determine three security levels. ! Mechanisms used to implement security systems, tools to evaluate key security parameters, techniques for security accounts, and threats to Windows 2000 and UNIX systems. ! Permissions identification, assignment and usage, system defaults, and security commands. ! System patches and fixes including application of system patches. ! Windows 2000 Registry modifications, including lockdown and removal of services for effective security in Windows 2000 and Linux. ! Security auditing principles, security auditor's chief duties and network risk factor assessment. ! Security auditing and discovery processes, audit plans, and network-based and hostbased discovery software. ! Penetration strategies and methods, including identification of potential attacks. ! User activities baseline, log analysis, and auditing of various activities.
! !
Security policy compliance and assessment reports. Operating system add-ons, including personal firewalls and native auditing.
Chapter 1: Operating System Security 1.
Nathan has been tasked to increase the security of his corporate Web site, www.iPromotions.com. Using a standard definition of security, realistically, what is Nathan's goal? A. Reduce vulnerabilities of www.iPromotions.com B. Eliminate threats to www.iPromotions.com C. Eliminate vulnerabilities of www.iPromotions.com D. Reduce threats to www.iPromotions.com
2.
Tonya develops and hosts Websites. She notices that her larger clients are concerned about security. She carefully listens to what her clients want and has made a list of their security concerns: 1) Authentication, 2) Access control, 3) Data confidentiality, 4) Data integrity & 5) Nonrepudiation. When Tonya uses file, directory or Website permissions based on user login, which security concern is Tonya addressing? A. Authentication B. Access control C. Data confidentiality D. Data integrity E. Nonrepudiation
3.
Tonya develops and hosts Websites. She notices that her larger clients are concerned about security. She carefully listens to what her clients want and has made a list of their security concerns: 1) Authentication, 2) Access control, 3) Data confidentiality, 4) Data integrity & 5) Nonrepudiation. When Tonya ensures that Website customers get a digital receipt for their purchase, which security concern is Tonya addressing? A. Authentication B. Access control C. Data confidentiality D. Data integrity E. Nonrepudiation
4.
Tonya develops and hosts Websites. She notices that her larger clients are concerned about security. She carefully listens to what her clients want and has made a list of their security concerns: 1) Authentication, 2) Access control, 3) Data confidentiality, 4) Data integrity & 5) Nonrepudiation. Many of Tonya's customers upload information to their Website's by using FTP. Tonya requires that customers provide a username and password for this access. What security concern is Tonya addressing? A. Authentication B. Access control C. Data confidentiality D. Data integrity E. Nonrepudiation
5.
Tonya develops and hosts Websites. She notices that her larger clients are concerned about security. She carefully listens to what her clients want and has made a list of their security concerns: 1) Authentication, 2) Access control, 3) Data confidentiality, 4) Data integrity & 5) Nonrepudiation.S Tonya provides data encryption using SSL for credit card orders. Which security concern is Tonya addressing? A. Authentication B. Access control C. Data confidentiality D. Data integrity E. Nonrepudiation
6.
Tonya develops and hosts Websites. She notices that her larger clients are concerned about security. She carefully listens to what her clients want and has made a list of their security concerns: 1) Authentication, 2) Access control, 3) Data confidentiality,
4) Data integrity & 5) Nonrepudiation. When customers order via one of Tonya's Websites, Tonya uses SSL to provide a hash on each data packet so that if it is hijacked or altered the hash will not match up to the rest of the data in the packet. What security concern is Tonya addressing? A. Authentication B. Access control C. Data confidentiality D. Data integrity E. Nonrepudiation 7.
DigitalKnowledge provides online training in the USA. They are expanding to the UK. They need regulatory approval for their security model if they are to provide online, confidential, counter-terrorist training for NATO Forces. Which security evaluation criteria will DigitalKnowledge most likely be judged against? A. TCSEC B. Common Criteria C. IPSEC D. ITSEC, BS 7799
8.
DigitalKnowledge provides online training in the USA. They are expanding to the UK. They need regulatory approval for their security model if they are to provide online, confidential, counter-terrorist training for NATO Forces. Which security evaluation criteria did DigitalKnowledge most likely meet in the USA? A. TCSEC B. Common Criteria C. IPSEC D. ITSEC, BS 7799
9.
Peter has invented a revolutionary sterling engine that is super fuel efficient. He designed the engine of a NT 4.0 workstation. What is the highest level of TCSEC security that he can reach on his NT workstation? A. D B. C1 C. C2 D. B1 E. A1
10. Peter has invented a revolutionary sterling engine that is super fuel efficient. He designed the engine of a NT 4.0 workstation. What is the highest level of TCSEC security that he can reach if he migrates to AT &T System V Unix with MLS? A. D B. C1 C. C2 D. B1 E. A1 11. Peter has invented a revolutionary sterling engine that is super fuel efficient. He designed the engine of a NT 4.0 workstation. What is the highest level of TCSEC security that he can reach in a peer to peer network with Windows 98 peers? A. D B. C1
C. D. E.
C2 B1 A1
12. Peter has invented a revolutionary sterling engine that is super fuel efficient and that runs on alternative fuel. The US Government classifies his work as vital to the National Defense in light of Mideast oil disruptions. The government migrates his work to a Honeywell SCOMP computer and applies the highest TCSEC security level to this computer. What security level was applied? A. Verified Design B. Security Domains C. Structured protection D. Labeled security protection E. Discretionary access security. 13. The CIO of IVertical.com wants you to prepare a slide on Win2k TCSEC level C2 features in order to brief some potential angel investors. Which bullet points would you include in your PowerPoint slide? (Choose 3): A. Varied security protection isolating users into cells. B. Discretionary access control C. Object reuse is controlled by users D. Identification and authentication of users E. Auditing 14. Linus proposes that the new Linux kernel should be tested against the Common Criteria. What advantages might Linus cite? A. This is supported by ISO and is a worldwide standard B. It unifies ITSEC and TCSEC C. It provides a standardized way to describe security requirements and evaluate security features of products and systems. D. It is optimized for the evaluation of Internet security systems. 15. Brenda is in charge of network security at the International Monetary Fund (IMF). In light of advances in computer hacking she would like to evaluate her network's security against the Common Criteria. What three key concepts are used to determine the correct security product and system for the IMF? A. Security Baseline (SB) B. Protection Profile (PP) C. Security Target (ST) D. Target of Evaluation (TOE) E. Security Descriptor (SD) 16. Brenda is in charge of network security at the International Monetary Fund (IMF). In light of advances in computer hacking she would like to evaluate her network's security against the Common Criteria. What document should she prepare to describe the IMF's security needs? A. Security Baseline (SB) B. Protection Profile (PP) C. Security Target (ST) D. Target of Evaluation (TOE) E. Security Descriptor (SD) 17. Brenda is in charge of network security at the International Monetary Fund (IMF). In light of advances in computer hacking she would like to evaluate her network's
security against the Common Criteria. She has prepared a Protection Profile (PP) describing the IMF's security needs. Several security consulting firms have bid on upgrading IMF's security to meet the IMF PP. The security consulting firms each submit a CC document describing the claims of the products and methods that they would use to meet the PP. What document would they each submit? A. Security Baseline (SB) B. Profile Response (PR) C. Security Target (ST) D. Target of Evaluation (TOE) E. Security Descriptor (SD) 18. Brenda is in charge of network security at the International Monetary Fund (IMF). In light of advances in computer hacking she would like to evaluate her network's security against the Common Criteria. She wrote the IMF's Protection Profile (PP) of security needs. The Balboa Group submitted the lowest bid to meet this PP and described how they would meet the PP with a Security Target (ST) document. They install a pilot, demonstration system and the IMF chooses an accredited third-party security evaluation consulting company to rigorously test the security of the IMF's proposed computer network. What is the pilot system to be tested called? A. Security Baseline (SB) B. Protection Profile (PP) C. Security Target (ST) D. Target of Evaluation (TOE) E. Security Descriptor (SD) 19. Access Data and Data Mine merge their operations. A new Chief Security officer is hired. He would like to apply three conventional broad classifications of security levels to categorize an asset's need for security. The security levels he uses are Low, Medium and High. At what level(s) would a computer be secured against theft and virus software used? A. Low B. Medium C. High D. All of the above 20. Access Data and Data Mine merge their operations. A new Chief Security officer is hired. He would like to apply three conventional broad classifications of security levels to categorize an asset's need for security. The security levels he uses are Low, Medium and High. He applies the High classification to computers that access highly sensitive or valuable information and/or are in a high risk situation. What additional measures does he take that he does not take at the Medium level? (Choose 2): A. Countermeasures and protections are enabled at the operating system. B. Auditing is enabled C. File permissions and account policies are implemented. D. The operating system is stripped down to the bare minimum. E. Additional strict countermeasures are enabled in the OS. 21. Access Data and Data Mine merge their operations. A new Chief Security officer is hired. He would like to apply three conventional broad classifications of security levels to categorize an asset's need for security. The security levels he uses are Low, Medium and High. Which of the following conditions would be indicative of a Medium security classification? (Choose 3):
A. B. C. D. E.
Computer holds or accesses corporate data. Computer is a high-risk situation. Computer is accessed by multiple users Accidental damage of information must be avoided Computer is in a secure location
22. Access Data and Data Mine merge their operations. A new Chief Security officer is hired. He would like to categorize security mechanisms as specific or wide. Which of the following are specific mechanisms? (Choose 2): A. Digital signatures, encipherment, access control and authentication mechanisms. B. Data integrity and traffic padding mechanisms. C. Trusted functionality and security labels. D. Audit trails E. Security recovery 23. Access Data and Data Mine merge their operations. A new Chief Security officer is hired. He would like to categorize security mechanisms as specific or wide. Which of the following are wide mechanisms? (Choose all that apply): A. Digital signatures, encipherment, access control and authentication mechanisms. B. Data integrity and traffic padding mechanisms. C. Trusted functionality and security labels. D. Audit trails E. Security recovery 24. NT 4.0, unlike previous versions of Windows received a C2 security rating without disabling networking. Which NT security component lead to this C2 rating without the previous qualification? A. Discretionary access control B. Object reuse controlled by the OS C. Mandatory log on. D. Auditing E. OS control of access to objects 25. Sally accidentally deletes Ethyl's NT user account. As soon as she realizes her mistake, she recreates Ethyl's account with the same name and puts Ethyl back into the global groups in which she belongs. Although the account name is the same, Etthyl does not have the individually assigned user rights she once had. This is because her _______ changed. (Fill in the blank). A. SID B. Access token C. Security descriptor D. ACL E. ACE 26. At the end of the work day, Mary adds Susan to the Managers group and calls Susan to tell her the good news. Susan attempts to access the "Manager Bonus Plan" folder and still gets an "access denied" message. The next day Susan can get to the "Manager Bonus Plan" folder and sees that the bonus is paid in company stock. Why couldn't Susan see this information the day before? A. The SID was updated based on the Julian day. B. The Access Token was refreshed when Susan logged in again. C. Replication had to refresh the security descriptor of the target folder D. Susan's ACE in the ACL was incorrectly entered by Mary.
27. NT 4.0 uses security descriptors for every object. Based on the security descriptors, what can be determined about any NT object? (Choose 3); A. Object owner B. Which users and groups have rights to access an object C. What types of access by what users or groups will be audited D. Outstanding access tokens. 28. Marty wants to add a smart card reader to the NT logon process. Which dll will he replace? A. logon.dll B. sspi.dll C. sam.dll D. msgina.dll 29. Which of the following is responsible for creating a user's access token? A. LSA B. SAM C. Gina D. SSPI 30. Frank install NT 4.0 on his new computer using a combination DVD/CD Rom drive and a burned copy of NT 4.0 server. One file does not copy from the CD, schannel.dll. Which of the following won't Frank be able to do? A. Logon B. Use SSL C. Use Internet Explorer D. Audit file and folder access 31. Vince cannot logon to a domain controller. He gets the message that he has been logged on using cached user credentials. He checks his network cable and NIC. the NIC has a green light. he can ping the domain controller. His coworkers can logon to the domain controller. What might be the problem? A. The domain controller's server service is stopped B. Vince's workstation's server service is stopped C. Vince's workstation's netlogon service is stopped D. The domain controller's netlogon service is stopped 32. Tammy is doing an emergency repair on a NT Server in which the user accounts database has been corrupted. What does Tammy want to replace? A. The SAM B. Gina.dll C. schannel.dll D. LSA 33. Don wants to protect his Linux system from viruses. He should (Choose 3): A. Regularly verify modification times and checksums of system executables. B. Read protect system level directories C. First install executables in /tmp or /var/tmp for testing purposes D. Virus check applications before installing E. Write protect system-level directories 34. What mechanism has been used to hack Unix/Linux systems? A. Buffer underruns
B. C. D. E.
Buffer overflows Split horizon Poison reverse Registry hacks
35. Mark is providing password guidelines to his users. He tells his users to select passwords that use at least three of the following four types of content: (Choose 3) A. Non-printing characters B. Capital letters C. Lowercase letters D. Numbers E. Non-alphanumeric characters, such as punctuation 36. Which of the following are strong passwords? (Choose 2): A. redbone23 B. Bama4ME! C. 2Short!? D. good-man-is-hard-to-find 37. Joe is a hacker attempting to access a Linux box. He wants to gain ________ access to the ________ file. A. Root, /etc/passwd B. Admin, /etc/passwd C. Supervisor, \etc\passwd D. Root, \etc\passwd E. Admin, \etc\passwd 38. Kelly wants to check which new accounts have been added each day to her NT Dealers domain. What commands can she incorporate into a batch file to automate this process, if she uses Task Scheduler? A. net accounts /synch B. net accounts > users.txt C. net users > users.txt D. net users >> users.txt 39. Sam wants to provide higher security on the Administrator account. Which are good ways to do this? A. Rename the administrator account B. Disable the Administrator account C. Use a strong password on the administrator account and change it on a regular basis D. Have administrators log in with a regular user account when they don't need to exercise administrative privileges E. Shadow the administrator account 40. Jill wants to change the minimum password length for the Corp domain. Where would she go to do this? A. User Manager for Domains, Policies - Account B. User Manager, Policies - Account C. Server Manager D. Account Manager 41. Miranda wants to insure that users change their passwords and have unique passwords. Which Account Policy settings should she change?
A. B. C. D. E.
Maximum Password Age Minimum Password Age Password Uniqueness Minimum Password length Account lockout
42. In Account Policies, Jason sets Account Lockout Duration to forever. What is/are the effect(s)? A. If a user attempts to hack the administrator account, the administrator account will be locked out. B. The administrator will have to reset user accounts that are Locked Out by bad password attempts. C. The administrator will have to reset user accounts that are Disabled by bad password attempts. D. No user accounts will be Locked Out 43. So as to defeat brute force attacks on the administrator account, Sally wants to lockout the administrator account for five minutes if there are ten bad logon attempts in 30 minutes. What initial steps does Sally need to take? (Choose two): A. Get the Passprop utility from the NT 4.0 Server Resource Kit. B. Enter "passprop /adminlockout" to apply the rules C. Get the Passfilt utility from the NT 4.0 Server Resource Kit. D. Enter "Passfilt /adminlockout" to apply the rules E. Copy the passfilt.dll to the Winnt\system32 directory. 44. Larry wants to implement strong passwords for his NT 4.0 domain. Which of the following steps must Larry take? (Choose 3): A. From the NT 4.0 Server Resource Kit, Larry should copy the passfilt.dll to the Winnt\system32 folder. B. Larry must edit or add the registry key \HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notific ation Packages C. Larry must edit or add the registry key \HKEY_CURRENT_USER\Security\LSA\Notification Packages D. Larry must enter the command passprop /complex E. Larry must enter the command passprop /high 45. Brian wants to ensure that for Linux user Jeremy , the password has a maximum age of 30 days, a minimum age of 2 days and that Jeremy gets a warning 5 days before his password expires. What command would Brian enter? A. # chage -m 2 -M 30 -W 5 jeremy B. # chmode -m 2 -M 30 -W 5 jeremy C. # chpass -m 2 -M 30 -W 5 jeremy D. # chpass /min 2 /max 30 /warn 5 jeremy 46. Wendy wants to foil password-cracking programs. Where should she store Unix or Linux passwords? A. etc/passwd B. etc/shadow C. var/root/hidden D. var/hidden 47. Carl attempts to execute a Linux program from his current directory. He gets an error. What might be the problem? (Choose the best answer):
A. B. C. D.
The executable is in the current directory The executable is /bin The executable is in /var/bin The executable is in /sbin
48. Carl wants to allow users install and run programs from any directory that they have read, execute and write privileges. He includes the "." entry as the first element in the search path. What is the effect? (Choose 2): A. The current directory is included in the search path B. The user’s home directory is included in the search path C. A hacker might be able to place Trojan-Horse executables in the current directory D. No effect ".." should be placed in the path. 49. Sandy wants to read the Linux log with failed logon attempts. What command should she enter? A. host# grep login /var/log/messages B. host# ls /var/log/messages C. host# cat /var/log/messages D. host# grep login /var/log/messages 50. Dan wants to secure NT files using NTFS permissions. Which tool would he use? A. Server Manager B. Explorer C. User Manager D. User Manager for Domains 51. Larry is assigning individual NTFS permissions to the Common folder to Randy. He wants Randy to be able to read documents, execute programs and modify documents. Which permissions would allow Larry to do at least all of these tasks. (Choose 3): A. RWXD B. P C. O D. RW 52. Joseph cannot access a folder even though he has always been in the Managers group with Full Control NTFS and Share permissions to the folder. How can this be solved? A. Reboot the computer B. Take Joseph out of any group with the No Access permission C. Delete and recreate Joseph's account D. Synch the BDCs with the PDC. 53. Joseph cannot access a folder after he was just added to the Managers group with Full Control NTFS and Share permissions to the folder. How can this be solved with the least amount of effort? A. Reboot the Joseph's computer B. Reboot the server C. Have Joseph log off and logon. D. Stop and restart the workstation service. 54. Harry installing NT 4.0. He partitions his hard drive into three NTFS partitions, one for the NT OS, one for Program Files, and one for Data. What benefits does Harry
reap? (Choose 3)? A. Smaller cluster size B. Easier backup C. Easier administration of directory permissions D. More security if a hacker gains control of one partition. 55. In what one case will a file that is moved retain the permissions of its parent folder rather than the destination folder? A. It is moved in the same partition. B. It is moved to a separate partition C. It is moved to a FAT partition D. It is copied to the same partition E. It is copied to a different partition 56. Marty has read share permissions and change NTFS permissions to a folder on Server1. When Marty logs on interactively at Server1 what effective permissions does Marty have? A. Read B. Change C. RW D. RE 57. Larry want to list the permissions of the /home/larry/file1 file. What command does he use? A. ls -l /home/larry/file1 B. ls -p /home/larry/file1 C. ls /home/larry/file1 -l D. ls /home/larry/file1 -a 58. Larry types ls-l /home/larry/file1 and gets the following output "-rwer-xr-- larry staff" Which of the following are true? A. Larry has the read, write and execute permissions B. The staff group has execute and read permissions C. The nobody group has read permissions D. The everyone group has execute permissions. 59. Marsha wants to make sure that no file that is placed in the /temp directory is executable by any user. What command could Marsha use? A. umask 0111 /temp B. umask 0444 /temp C. chmod 111 /temp D. chmod 444 /temp 60. Fred wants to make sure that everyone has at least read privileges on the /common/readme file. Which commands would work? (Choose 4): A. chmode 664 /common/readme B. chmode a+r /common/readme C. chmode o+r /common/readme D. chmode o=r /common/readme E. chmode a-r /common/readme 61. Brandy wants to defend against the most common hacker attack. What type of attack is most common?
A. B. C. D. E.
Trapdoor attacks Replay attacks Denial-of-service attacks Insider attacks IP spoofing
62. Brandy is defending against a hacker attack. She disables the NT Scheduler service because it runs with administrative privilege and could be used by a hacker to run a rogue program. What type of attack is Brandy defending against? A. Insider attack B. Trapdoor attack C. Masquerade attack D. Denial-of-service attack E. Replay attack 63. Brandy is defending against a hacker attack. She disables ICMP packet responses to ping packets so an attacker cannot flood her system with pings, the responses to which would take up bandwidth and system resources. What type of attack is Brandy defending against? A. Insider attack B. Trapdoor attack C. Masquerade attack D. Denial-of-service attack E. Replay attack 64. Billy-Bob is a hacker. He listens to a client computer negotiating a secure session with a server. He performs an attack against the client computer to flood it with TCP synch packets so as to take that client out of the picture. He then repeats the captured logon sequence against the server, cooking the IP packet checksum and changing the IP address to his own, pretending to be the original client. What types of attacks are taking place? (Choose 3): A. Spoofing or masquerade attack B. Replay attack C. Denial-of-service attack D. Insider attack E. Trapdoor attacks 65. NT4.0 requires that a user hit control-alt-delete to logon to foil a hacker attack in which a fake logon screen is presented and a hacker captures the username and password. In this case, what type of attack is Microsoft protecting against? A. Trojan horses B. Denial-of-service attacks. C. Insider attacks D. Replay attacks E. Spoofing or masquerade attacks. 66. Bert works for the FBI. He wants to see everything that a suspected terrorist types on his computer. He might install a software or hardware ____________. A. Melissa virus B. Trojan horse C. Keylogger D. Replay program 67. Mary wants to make a hacker's job harder. She should change the default and Choose three answers to fill in the
_________, ________, and ___________. Choose three answers to fill-in the blanks. A. Directories B. Accounts C. Shares D. Permissions E. Rights 68. Nancy wants to perform a quick and dirty, relatively inexpensive security audit. She should? (Choose the best choice): A. Use a "security analyzer" program B. Configure auditing of file and object access C. Perform an online security audit D. Use a keylogger program E. Install WebTrends Log Analyzer 69. Mark wants to increase security on his Unix system. Which steps should Mark implement? (Choose 2): A. Use rlogin instead of Telnet for remote login B. When using NIS use a wrapper program that limits access to portmapper functions to certain IP address or domains. C. Use NIS+ vice NIS for complete security. D. Use secure RPC for access to NFS resources 70. Jollene wants to avoid Unix NFS. What valid security concerns might Jollene she have? (Choose 3): A. NFS file transfers are unencrypted B. RPC is nonsecure C. Secure RPC can be decoded by hackers D. NFS decentralizes virus protection E. Reverse RPC can be used in a denial-of-service attack. 71. Mike wants to know which service packs should be installed? Which choices are correct? (Choose 3): A. Always apply the latest service pack B. Only apply service packs that fix a problem specific to your installation C. Most patches should not be applied D. Administrators should always read the documentation that comes with service packs. E. As long as your server is running OK, don't apply a service pack 72. Ursula is smart about applying patches and service packs. What rules does Ursula follow? (Choose 2): A. Ursula always applies the latest patch B. Ursula performs a full backup before applying a patch C. Ursula doesn't apply most patches unless there is a specific reason D. Ursula makes the operating system files read-only before applying a patch. 73. What part of NT must be secured to prevent attack by the Red Button program? A. The registry B. The winnt\drivers\etc directory C. The boot and system files D. ntuser.dat in the administrator profile directory
74. Sam wants to hack the accounts database contained in the windows registry. Where could Sam find the accounts database or copies of the accounts database? (Choose three): A. ERD B. ASP C. \winnt\repair D. \winnt\system32\config E. \Winnt\backup 75. Hector wants secure the two most important keys of the registry. They are the following keys: A. HKey_Local_Machine B. HKey_Current_User C. HKey_Users D. HKey_Classes_Root E. HKey_Current_Config 76. Which of the following statements are true about the HKLM of the registry? (Choose all the correct answers): A. The Hardware key is recreated every time NT starts up. B. The Security subkey contains the actual user accounts and password C. The subkeys are Hardware, SAM, Security, Software, and System D. The Software subkey application information is specific to the current user. E. The system subkey stores device driver and service configuration data. 77. Andy wants to secure the registry. How should he do this? (Choose the best answer): A. Implement parameter hiding B. Use the NT 4.0 Resource Kit C2 Configuration Manager C. Make the registry read only D. Encrypt the registry E. Delete Regedit32 and Regedit 78. Pamela wants to audit the registry. How she do this? (Pick the best answer): A. Audit Success and Failure of all Events to Audit on the Everyone group B. Audit Failure of all Events to Audit on the Everyone group C. Audit Success and Failure of all Events to Audit on the local Administrators group D. Audit Failure of all Events to Audit on the Domain Users group 79. Mary is using the C2 Config tool included with the NT Resources Kit. Besides securing the registry, what additional security functions can this tool perform? (Choose 2): A. Remove OS/2 support B. Remove POSIX support C. Remove Alpha support D. Change default directories E. Hide administrative accounts 80. Chuck wants to secure his NT server. Which steps should Chuck take? A. Disable unnecessary services B. Disable unnecessary devices C. Remove the executable for the Scheduler service
D.
Remove unnecessary devices
81. Eric is configuring a firewall. He wants to block external access to certain ports. Which of the following ports might Eric want to block? (Choose 4): A. DNS zone transfers - TCP port 53 B. MS SQL server - TCP 1433 C. MS Networking - UDP 137 and 138; TCP 139 D. POP3 - TCP 110 E. SMTP - TCP 25 82. Jake wants to secure his NT server, PDC_ATL so that it has a C2 security designation. What is the most important functionality that PDC_ATL will lose? A. No Web server capability B. No email capability C. No networking D. No POSIX or OS2 support 83. Which protocol is the basis of NT networking? A. SMB B. NCP C. Samba D. NIS E. NFS 84. Kari is changing the configuration of her NT 4.0 servers in order to increase security. Which of the following measures should Kari take? A. Restrict access to print driver installation to administrators and print operators. B. On the logon dialog box, hide the last user name C. Clear the page file on shutdown D. Disable caching of logon credentials E. Restrict access to the scheduler service to administrators 85. Pablo wants to disable or remove any unnecessary services in Unix. Which services are unnecessary security loopholes? A. Sendmail debugging tools B. External access /etc/inetd.conf C. DNS D. TFTP 86. Mary still wants to use Telnet and FTP, but wants to secure these services. What can Mary do? (Choose 2): A. Configure /etc/hosts.allow and /etc/hosts/deny B. Use SSL C. Use digital signatures and digital envelopes D. Use TCPWrapper as an application gateway 87. Brandy wants to protect against IP spoofing of her Linux server. What program should she run? A. Webtrends B. Secure-IP C. TCPWrapper D. TCPMatch
88. Sandy suspects that certain large files are being hijacked and altered while being downloaded. Which tool can she use to produce secure checksums so as to detect any alteration, compromise or corruption of the file contents? (Choose the best answer)? A. MD5 B. PDA C. DR7 D. PHP 89. Jake wants to audit early morning restarts of NT server Mars which could indicate that a hacker had breached security. He also wants to audit the check printer. Which items should Jake audit in this scenario? A. File and Object Access B. User and Group Management C. Use of User Rights D. Restart, Shutdown, and System 90. Where can Jake read the NT 4.0 server audit logs? A. Event Viewer - Security Log B. Event Viewer - Audit Log C. Event Viewer - System Log D. \Winnt\system32\logs E. \Winnt\system32\security\lsa\logs 91. Chuck is a hacker. How can we make Chuck's job harder? (Choose 3): A. Use removable hard drives for user computers B. Secure printer drivers C. Hide the last user name D. Restrict the use of printer ports and serial ports to administrators only. E. Implement a strong password in BIOS 92. George wants to change NT registry settings to increase security. Which of the following items should George secure? (Choose all that apply): A. Removable media, printer drivers, printer and serial ports, the scheduler service, the page file, cached logon credentials and the last user name. B. Removable media, printer drivers, printer and serial ports, the server service, the page file, cached logon credentials and the last user name. C. Hard drive caching, printer drivers, printer and serial ports, the scheduler service, the page file, cached logon credentials and the last user name. D. Removable media, the print spooler, printer and serial ports, the scheduler service, the page file, cached logon credentials and the last user name. 93. In Linux, Joe wants to secure the central file for incoming network access, /etc/inetd.conf. What should Joe do to secure this file and monitor any alterations? (Choose 2): A. Make sure that the file can only be edited by root. B. Check the size and alteration date. C. Hide this file D. Rename this file Answers 1.
*A. Reduce vulnerabilities of www.iPromotions.com
Explanation: Nathan has no control over threats to www.iPromotions.com, and he can only reduce to the greatest extent possible the vulnerability of data and resources. In virtually all cases, some limited vulnerabilities will always exist, and even Microsoft's Website has been hacked. OS Security, Lesson 1: Security Principles 2.
*B. Access control Explanation: Access control allows Tonya to grant different users and groups the appropriate file and directory permissions. OS Security, Lesson 1: Security Principles
3.
*E. Nonrepudiation Explanation: Nonrepudiation is the security device that proves that a transaction took place. A digital receipt is one of the mechanisms that provides such proof. OS Security, Lesson 1: Security Principles
4.
*A. Authentication Explanation: Tonya is requiring user authentication. OS Security, Lesson 1: Security Principles
5.
*C. Data confidentiality Explanation: Tonya is using encryption to provide data confidentiality. OS Security, Lesson 1: Security Principles
6.
*D. Data integrity Explanation: Tonya is providing data integrity when she ensures that the data is not hijacked, modified, or corrupted in transit. OS Security, Lesson 1: Security Principles
7.
*D. ITSEC, BS 7799 Explanation: Security is often judged by national or regional standards. the European Information technology Security Evaluation criteria (ITSEC) document British Security 7799 (BS 7799) would likely apply in this case. For more information, visit www.itsec.gov.uk. OS Security, Lesson 1: Security Principles
8.
*A. TCSEC Explanation: DigitalKnowledge would most likely have been judged by the Trusted Computer Systems Evaluation Criteria (TCSEC)/DOD Standard 5200.28 in the USA.
OS Security, Lesson 1: Security Principles 9.
*C. C2 Explanation: TCSEC level C2 requires the user to log on to the network with a password and it requires an audit mechanism. OS Security, Lesson 1: Security Principles
10. *D. B1 Explanation: AT&T System V Unix with MLS is capable of labeled security protection, level B1, in which users are isolated into cells. OS Security, Lesson 1: Security Principles 11. *A. D Explanation: The presumption here is that some of the data may be stored on the Windows 9X computers. Security level D, minimal security, applies to MS-DOS and Windows 9X. OS Security, Lesson 1: Security Principles 12. *A. Verified Design Explanation: Level A1, verified design would apply, not level B3, security domains, nor level B2, structured protection, nor level B1 labeled security protection, nor level C2 discretionary access control. OS Security, Lesson 1: Security Principles 13. *B. Discretionary access control *D. Identification and authentication of users *E. Auditing Explanation: Object reuse must be controlled by the operating system so that any time a program or process uses memory or some other object, then the object's previous contents may not be determined by the new owner. OS Security, Lesson 1: Security Principles 14. *A. This is supported by ISO and is a worldwide standard *B. It unifies ITSEC and TCSEC *C. It provides a standardized way to describe security requirements and evaluate security features of products and systems. Explanation: The Common Criteria is supported by ISO and is a worldwide standard, unifying ITSEC and TCSEC, and providing a standardized way to describe security requirements and evaluate security features of products and systems.
OS Security, Lesson 1: Security Principles 15. *B. Protection Profile (PP) *C. Security Target (ST) *D. Target of Evaluation (TOE) Explanation: The PP, ST and TOE are the key concepts of the CC. OS Security, Lesson 1: Security Principles 16. *B. Protection Profile (PP) Explanation: She would write the IMF's Protection Profile (PP) of security needs. OS Security, Lesson 1: Security Principles 17. *C. Security Target (ST) Explanation: The consultants or the manufacturers of security products would submit a Security Target (ST) that would make security claims that would be evaluated against the Protection Profile (PP). OS Security, Lesson 1: Security Principles 18. *D. Target of Evaluation (TOE) Explanation: The IT product or system to be tested is called the Target of Evaluation (TOE). OS Security, Lesson 1: Security Principles 19. *D. All of the above Explanation: At the low level and above a computer is secured against theft and virus software is used. Computers at the low security level are in a secure location and do not contain or access sensitive data. OS Security, Lesson 1: Security Principles 20. *D. The operating system is stripped down to the bare minimum. *E. Additional strict countermeasures are enabled in the OS. Explanation: At the High level, the operating system is stripped down to the bare minimum and additional strict countermeasures and protections are enabled. At the medium level, auditing, file permissions, account policies and OS countermeasures and protections are enabled. OS Security, Lesson 1: Security Principles 21. *A. Computer holds or accesses corporate data.
*C. Computer is accessed by multiple users *D. Accidental damage of information must be avoided Explanation: A computer would be classified as a Medium risk if the computer holds or accesses corporate data, is accessed by multiple users, or needs protection from the accidental deletion or compromise of data. OS Security, Lesson 1: Security Principles 22. *A. Digital signatures, encipherment, access control and authentication mechanisms. *B. Data integrity and traffic padding mechanisms. Explanation: Specific security measures include digital signatures, encipherment, access control, authentication data integrity and traffic padding mechanisms. OS Security, Lesson 1: Security Principles 23. *C. Trusted functionality and security labels. *D. Audit trails *E. Security recovery Explanation: Trusted functionality, security labels, audit trails, and security recovery are wide security mechanisms. OS Security, Lesson 1: Security Principles 24. *C. Mandatory log on. Explanation: Mandatory log on for NT 4.0, allows a C2 security rating without disabling networking. OS Security, Lesson 1: Security Principles 25. *A. SID Explanation: Ethyl's SID changed. The SID uniquely identifies a user, group or computer. OS Security, Lesson 1: Security Principles 26. *B. The Access Token was refreshed when Susan logged in again. Explanation: The access token is a user's "ticket' to access resources. It is only updated when to user logs on to the network. OS Security, Lesson 1: Security Principles 27. *A. Object owner *B. Which users and groups have rights to access an object
*C. What types of access by what users or groups will be audited Explanation: The security descriptor contains the SID of the object owner (and the POSIX group of the object owner). The security descriptor also includes the Discretionary ACL which enumerates which users and groups have rights to access an object and the System ACL which determines what types of access by which users or groups will be audited. OS Security, Lesson 1: Security Principles 28. *D. msgina.dll Explanation: The default msgina.dll may be replaced by a stronger, customized gina.dll authentication module. OS Security, Lesson 1: Security Principles 29. *A. LSA Explanation: The Local security Authority creates a user's access token. OS Security, Lesson 1: Security Principles 30. *B. Use SSL Explanation: Secure Channel dll, schannel.dll is required for SSL. OS Security, Lesson 1: Security Principles 31. *C. Vince's workstation's netlogon service is stopped Explanation: The server's netlogon service must be working if others can logon. Vince's workstation's netlogon service may be stopped OS Security, Lesson 1: Security Principles 32. *A. The SAM Explanation: The SAM or Security Accounts Manager is the actual database of users and their credentials that is stored in the registry. OS Security, Lesson 1: Security Principles 33. *A. Regularly verify modification times and checksums of system executables. *D. Virus check applications before installing *E. Write protect system-level directories Explanation: System level directories should be write-protected. Executables should not be installed in temp directories that are writable by ordinary users. OS Security, Lesson 1: Security Principles
34. *B. Buffer overflows Explanation: As there is no registry to hack in Unix/Linux, hackers have focused on buffer overflows in individual applications. OS Security, Lesson 1: Security Principles 35. *B. Capital letters *C. Lowercase letters *D. Numbers *E. Non-alphanumeric characters, such as punctuation OS Security, Lesson 2: Account Security 36. *B. Bama4ME! *C. 2Short!? Explanation: A strong password should have three of the following four elements: uppercase, lowercase, numbers and non-alphanumeric characters. OS Security, Lesson 2: Account Security 37. *A. Root, /etc/passwd Explanation: Joe would like to gain Root access to the /etc/passwd file. OS Security, Lesson 2: Account Security 38. *C. net users > users.txt *D. net users >> users.txt Explanation: net users > users.txt dumps the user accounts into a text file. net users >> users.txt appends the latest user accounts list to the existing text file which contains older user account lists. OS Security, Lesson 2: Account Security 39. *A. Rename the administrator account *C. Use a strong password on the administrator account and change it on a regular basis *D. Have administrators log in with a regular user account when they don't need to exercise administrative privileges Explanation: The administrator account should be renamed, protected by a strong password that is changed on a regular basis, and it should only be used when needed. OS Security, Lesson 2: Account Security
40. *A. User Manager for Domains, Policies - Account Explanation: User Manager for Domains, Policies - Account is where the account policies are set. OS Security, Lesson 2: Account Security 41. *A. Maximum Password Age *B. Minimum Password Age *C. Password Uniqueness Explanation: In order for users not to be able to change back to their original password, Minimum Password Age and Password Uniqueness values must be enforced as well as Maximum Password Age. OS Security, Lesson 2: Account Security 42. *B. The administrator will have to reset user accounts that are Locked Out by bad password attempts. Explanation: The administrator will have to reset user accounts that are Locked Out by bad password attempts. Out of the box, the NT 4.0 administrator account cannot be locked out. OS Security, Lesson 2: Account Security 43. *A. Get the Passprop utility from the NT 4.0 Server Resource Kit. *B. Enter "passprop /adminlockout" to apply the rules Explanation: Sally need to get the Passprop utility from the NT 4.0 Server Resource Kit and from the cmd prompt enter "passprop /adminlockout" to apply the rules OS Security, Lesson 2: Account Security 44. *A. From the NT 4.0 Server Resource Kit, Larry should copy the passfilt.dll to the Winnt\system32 folder. *B. Larry must edit or add the registry key \HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages *D. Larry must enter the command passprop /complex Explanation: OS Security, Lesson 2: Account Security 45. *A. # chage -m 2 -M 30 -W 5 jeremy Explanation: # chage -m 2 -M 30 -W 5 jeremy OS Security, Lesson 2: Account Security
46. *B. etc/shadow Explanation: If not enabled, Wendy should install a shadow password file in etc/shadow. This file is encrypted and only the root user has read privileges. OS Security, Lesson 2: Account Security 47. *B. The executable is /bin Explanation: In Linux/Unix, the current directory is not automatically added to the search path. OS Security, Lesson 2: Account Security 48. *A. The current directory is included in the search path *C. A hacker might be able to place Trojan-Horse executables in the current directory Explanation: placing "." early in the search path is a security loophole. OS Security, Lesson 2: Account Security 49. *D. host# grep login /var/log/messages Explanation: Sandy should enter host# grep login /var/log/messages OS Security, Lesson 2: Account Security 50. *B. Explorer Explanation: Explorer is used to set permissions. OS Security, Lesson 3: File System Security 51. *A. RWXD *B. P *C. O Explanation: Randy should be given RWXD, but if Randy were accidentally given the Change Permission (P) permission, he could give himself any permission that he wanted. Also, if Randy were accidentally given the Take Ownership (O) permission, he could take ownership and give himself any permission he wanted. OS Security, Lesson 3: File System Security 52. *B. Take Joseph out of any group with the No Access permission Explanation: Joseph must be in a group or have the individual NTFS or Share permission of "No Access."
OS Security, Lesson 3: File System Security 53. *C. Have Joseph log off and logon. Explanation: Have Joseph log off and log on to refresh his access token. OS Security, Lesson 3: File System Security 54. *B. Easier backup *C. Easier administration of directory permissions *D. More security if a hacker gains control of one partition. Explanation: Nor NTFS the cluster size is independent of the partition size. OS Security, Lesson 3: File System Security 55. *A. It is moved in the same partition. Explanation: If a file is moved in the same partition, it still lives in its parent directory, only a virtual pointer to the file location has changed. OS Security, Lesson 3: File System Security 56. *B. Change Explanation: Logging on interactively, means logging on locally at server1. In this case, share permissions do not apply. OS Security, Lesson 3: File System Security 57. *A. ls -l /home/larry/file1 Explanation: ls -l /home/larry OS Security, Lesson 3: File System Security 58. *A. Larry has the read, write and execute permissions *B. The staff group has execute and read permissions *C. The nobody group has read permissions Explanation: Larry has the read, write and execute permissions, The staff group has read and execute permissions, and the nobody group has read permissions OS Security, Lesson 3: File System Security 59. *A. umask 0111 /temp Explanation: The umask command masks-out the bits that are set in the command. The
bit value of execute is 1, so umask 0111 /temp masks-out execute for the /temp directory for user, group and other. The chmode command is only applicable to file and not directory permissions. OS Security, Lesson 3: File System Security 60. *A. chmode 664 /common/readme *B. chmode a+r /common/readme *C. chmode o+r /common/readme *D. chmode o=r /common/readme Explanation: chmode 664 /common/readme sets the permission to read for others, and to read and write for the owner and group. chmode a+r /common/readme adds the readme permission to the owner, group and others. chmode o+r /common/readme adds the readme permission to others. chmode o=r /common/readme set the permission to read for others. OS Security, Lesson 3: File System Security 61. *D. Insider attacks Explanation: Insider attacks are the most common. OS Security, Lesson 4: Assessing Risk 62. *B. Trapdoor attack OS Security, Lesson 4: Assessing Risk 63. *D. Denial-of-service attack Explanation: Brandy is defending against a denial-of-service attack. OS Security, Lesson 4: Assessing Risk 64. *A. Spoofing or masquerade attack *B. Replay attack *C. Denial-of-service attack Explanation: Most hacker attacks use a variety of techniques. OS Security, Lesson 4: Assessing Risk 65. *A. Trojan horses Explanation: A Trojan horse hides a an unauthorized command within a commonly used function in order to cause a security breach. In Unix a root kit is a Trojan Horse that legitimate programs that can copy the username and password. OS Security, Lesson 4: Assessing Risk
66. *C. Keylogger Explanation: A keylogger captures all the keystrokes. OS Security, Lesson 4: Assessing Risk 67. *A. Directories *B. Accounts *C. Shares Explanation: Mary should change the default directories, such as C:\Winnt, default account names such as "administrator," and the default shares such as C$. OS Security, Lesson 4: Assessing Risk 68. *A. Use a "security analyzer" program Explanation: Mary should use a security analyzer program such as WebTrends Security Analyzer. OS Security, Lesson 4: Assessing Risk 69. *B. When using NIS use a wrapper program that limits access to portmapper functions to certain IP address or domains. *D. Use secure RPC for access to NFS resources Explanation: rlogin should be disabled. Mark should use a wrapper program with NIS and secure RPC with NFS. While NIS+ is more secure than NIS it still is has security loopholes. OS Security, Lesson 4: Assessing Risk 70. *A. NFS file transfers are unencrypted *B. RPC is nonsecure *C. Secure RPC can be decoded by hackers Explanation: NFS file transfers are unencrypted. RPC is nonsecure. Secure RPC can be decoded by hackers. OS Security, Lesson 4: Assessing Risk 71. *B. Only apply service packs that fix a problem specific to your installation *C. Most patches should not be applied *D. Administrators should always read the documentation that comes with service packs. Explanation: Read the documentation and apply the services packs that will fix security loopholes or resolve specific problems with the operating system. Most service packs
should not be applied. Your computer could be running OK, but have a security vulnerability that a service pack could fix. OS Security, Lesson 4: Assessing Risk 72. *B. Ursula performs a full backup before applying a patch *C. Ursula doesn't apply most patches unless there is a specific reason Explanation: Ursula does a full backup before applying a patch and only applies patches that to resolve specific problem or close specific security loopholes. OS Security, Lesson 5: Reducing Risk 73. *A. The registry Explanation: The Red Button program reads unsecured parts of the registry. the registry is stored in \WINNT\system32\Config. OS Security, Lesson 5: Reducing Risk 74. *A. ERD *C. \winnt\repair *D. \winnt\system32\config Explanation: Safeguard the Emergency Repair Disk. OS Security, Lesson 5: Reducing Risk 75. *A. HKey_Local_Machine *B. HKey_Current_User Explanation: The computer device settings are in HKey_Local_Machine and the HKey_Current_User contain the profile of the current user. Most of the registry derives from HKey_Local_Machine, but the values contained in HKey_Current_User have precedence over HKey_Local_Machine. OS Security, Lesson 5: Reducing Risk 76. *A. The Hardware key is recreated every time NT starts up. *C. The subkeys are Hardware, SAM, Security, Software, and System *E. The system subkey stores device driver and service configuration data. Explanation: The SAM contains the actual user accounts and password. The Software subkey application information is independent of the current user. OS Security, Lesson 5: Reducing Risk 77. *B. Use the NT 4.0 Resource Kit C2 Configuration Manager
Explanation: Use the NT 4.0 Resource Kit C2 Configuration Manager to secure the registry. OS Security, Lesson 5: Reducing Risk 78. *B. Audit Failure of all Events to Audit on the Everyone group Explanation: Audit Failure of all Events to Audit on the Everyone group because the to audit success would put too much of a burden on the system and because anyone could try to hack the registry. OS Security, Lesson 5: Reducing Risk 79. *A. Remove OS/2 support *B. Remove POSIX support Explanation: The C2 Config tool included with the NT Resources Kit should also be used to remove support for OS/2 and POSIX. OS Security, Lesson 5: Reducing Risk 80. *A. Disable unnecessary services *C. Remove the executable for the Scheduler service OS Security, Lesson 5: Reducing Risk 81. *A. DNS zone transfers - TCP port 53 *B. MS SQL server - TCP 1433 *C. MS Networking - UDP 137 and 138; TCP 139 Explanation: Eric might also want to block SNMP - TCP 161 and 162; UDP 161 and 162 and RPC - TCP - 135 and UDP 135. OS Security, Lesson 5: Reducing Risk 82. *C. No networking Explanation: To achieve a C2 security status networking has to be disabled. Although you will lose OS2 and POSIX support, they are not as important as losing networking. OS Security, Lesson 5: Reducing Risk 83. *A. SMB Explanation: Server Message Block protocol are the basis of NT networking. OS Security, Lesson 5: Reducing Risk 84. *A. Restrict access to print driver installation to administrators and print operators.
*B. On the logon dialog box, hide the last user name *C. Clear the page file on shutdown *D. Disable caching of logon credentials Explanation: All of the above are good ideas. OS Security, Lesson 5: Reducing Risk 85. *A. Sendmail debugging tools *B. External access /etc/inetd.conf *D. TFTP Explanation: DNS is necessary, although Pablo could have a DNS server outside his firewall that didn't have records for internal resources, while he could have an internal DNS server behind his firewall. OS Security, Lesson 5: Reducing Risk 86. *A. Configure /etc/hosts.allow and /etc/hosts/deny *D. Use TCPWrapper as an application gateway Explanation: Mary can secure these and other services using the TCPWrapper program as an application gateway, and then configure the /etc/hosts.allow and /etc/hosts/deny files. OS Security, Lesson 5: Reducing Risk 87. *C. TCPWrapper Explanation: TCPWrapper uses DNS to perform reverse name lookups to see if a TCP packet has been spoofed. OS Security, Lesson 5: Reducing Risk 88. *A. MD5 Explanation: Message Digest 5 produces secure checksums. OS Security, Lesson 5: Reducing Risk 89. *A. File and Object Access *D. Restart, Shutdown, and System Explanation: In order to audit access to printers or to files and folders, the first step is to enable File and Object Access. This is enabled in User Manager for Domains, Policy Audit. OS Security, Lesson 5: Reducing Risk
90. *A. Event Viewer - Security Log Explanation: Jake can read the audit information in Event Viewer - Security Log . OS Security, Lesson 5: Reducing Risk 91. *B. Secure printer drivers *C. Hide the last user name *D. Restrict the use of printer ports and serial ports to administrators only. Explanation: We should secure printer drivers, hide the last user name, and secure shared system objects such as printer ports and serial ports. We should also clear the page file at shutdown, disable caching of logon credentials, secure the scheduler service and secure removable media. OS Security, Lesson 5: Reducing Risk 92. *A. Removable media, printer drivers, printer and serial ports, the scheduler service, the page file, cached logon credentials and the last user name. Explanation: George should change registry setting to secure removable media, printer drivers, printer and serial ports, the scheduler service, the page file, cached logon credentials and the last user name. OS Security, Lesson 5: Reducing Risk 93. *A. Make sure that the file can only be edited by root. *B. Check the size and alteration date. Explanation: The etc/inetd.conf should be monitored for alteration and access control. OS Security, Lesson 5: Reducing Risk
Chapter 2: Network Security and Firewalls 1.
Jill's computer exhibits some strange symptoms. Her CD-Rom opens and closes at odd moments. Sometimes her mouse buttons are reversed. Unexpectedly, her computer will shut down. Text messages pop up on her screen saying awful things. What virus is Jill's computer infected with? A. NetBus Trojan B. NAT C. Stealth D. Macro
2.
Frank House is a security consultant. He calls on small to medium Internet firms to offer his services on a retainer basis. Which hacker statistics back up his case that the Internet firms should hire him? (Choose 3): A. Intrusions have increased by 50% in the last year B. Most Internet sites that are hacked go out of business C. Losses due to hacking are about $10 billion a year D. One in five Internet sites has suffered a security breach.
E.
Brute force attacks has become more prevalent
3.
Ben discovers that his teenage son has regularly visited www.anticode.com. He suspects that his son wants to do which of the following? (Choose all that apply); A. Decompile Java code B. Reverse engineer Internet Explorer and/or Netscape Navigator C. Gain fairly accurate advice on how to begin hacking D. Scan networks to determine target to attack E. Crack authentication and encryption
4.
Martin Goodly III has a high end e-commerce Web site and a ton of money to spend on security. What goal can Martin achieve? (Choose the best answer): A. 100% security B. A balanced security policy C. Proactive security D. Reactive security
5.
Franklin Stow is the CEO of TransNet Solutions. He is balancing the need for an effective security policy against two other factors. What factors must he balance his security policy against? (Choose 2): A. Ease of use B. Reasonable cost C. Political factors D. Network infrastructure
6.
Hannah is the Director of IT Services for TrellisINet.com. She is looking at all the components that comprise an effective security strategy including hardware, software, employee training and security policies. What attributes is Hannah looking for in an effective security matrix? (Choose all that apply): A. Six sigma B. SNMP traps C. Access control D. Superior alarming and reporting E. Flexible and scalable
7.
Benedict is classifying the resources that must be protected on his network. What categories should Benedict use? (Choose the best answer). A. Email, file sharing, database and Web-based resources B. Backbone and ancillary services C. Name resolution services, infrastructure and routing services, and file sharing services D. End user resources, network resources, server resources, and information storage resources.
8.
In IP spoofing, what does a hacker do? The hacker __________. Fill in the blanks. A. cracks passwords and defeats encryption B. imitates a Internet Protocol device C. scan vulnerable ports D. performs a denial of service attack E. uses the Red Trojan program
9.
Of all the categories of assets that Sally is trying to protect, which category is generally the primary target for hackers? A. End user resources
B. C. D.
Network resources Server resources Database and information resources
10.
Which of the following statements are true about the categories of hackers? (Choose 3): A. Casual hackers are the largest group and can be stopped with the proper application of security. B. The most effective tool against Spies is auditing. C. The most effective tool against Spies is the "Ping of Death" D. The determined hacker will eventually gain access to your system and he may be your employee E. Informal hackers consist primarily of antisocial, pre-pubescent males.
11.
Marty wants to make sure that hackers do not read data from the network wire. Which security service most interests Marty? A. Authentication B. Access control C. Data confidentiality D. Data integrity E. Non repudiation
12.
Marty wants to make sure that customers who lock-in long-term natural gas service online, do not refute their order if another gas marketer subsequently offers a lower price. Which security service most interests Marty? A. Authentication B. Access control C. Data confidentiality D. Data integrity E. Non-repudiation
13.
Mark is studying ISO 7498-2 and trying to understand the differences between specific and pervasive security mechanisms. Which are true examples of each? A. Specific - Encryption B. Pervasive - Trusted functionality C. Pervasive - Event detection D. Specific - Audit Trail E. Pervasive - Security recovery
14.
Jill updates her network management software from SNMPv1 to SNMPv3 which includes support for authentication. Which general security mechanism did Jill implement? (Choose the best answer): A. Trusted functionality B. Event detection C. Audit trail D. Security recovery
15.
Rajesh is reviewing the security standards that he might apply to his network. Which statements are true about these standards? (Choose 2): A. The Common Criteria - A series of standards and procedures developed by the Department of Defense. B. The Orange Book - A series of standards and procedures developed by an international consortium. C. ISO 7498-2 seeks to minimize vulnerabilities to accidental or intentional,
D.
active or passive threats. British Standard 7799 outlines "controls" including physical security, security policy, and system access policies.
16.
Mark is designing an effective security policy. He is looking at the elements of security that include audit, administration, encryption, access control, user authentication and corporate security policy. Which of these elements is the foundation of a successful security system? A. Authentication and encryption B. Trusted functionality C. Corporate security policy D. Audit and administration.
17.
In implementing a security policy, Gene Pool is dividing resources into three categories. the highest category is level one that includes systems central to his Joint-Ventures.com company. What resources might be included in this Level I category? (Choose two): A. All database information B. Developer desktop computers C. Web servers D. E-mail servers
18.
In implementing a security policy, Gene Pool is dividing resources into three categories: Level I critical, Level II - significant, and Level III - routinely essential. As a goal, what percentage of resources should Gene put in the different categories? (Level 1 ___ %, Level 2 ___ %, Level 3 ___%): A. 33, 33, 33 B. 25, 25, 50 C. 75, 20, 5 D. 5, 20, 75
19.
In implementing a security policy, Gene Pool is dividing resources into three categories: Level I critical, Level II - significant, and Level III - routinely essential. Which of the following would normally be considered Level 1 resources? A. E-mail server B. Wins, DNS or Samba C. Intranet Web server D. HR file server
20.
In implementing a security policy, Gene Pool is dividing resources into three categories: Level I critical, Level II - significant, and Level III - routinely essential. After Gene has categorized the resources, what is the next step? A. Assign risk factors B. Define acceptable and unacceptable activities C. Define measures to apply to resources D. Define educational standard
21.
Marty wants to make sure that a document is unreadable both over the network and on his hard drive. he should implement __________ to change his __________ documents into __________ that can only be decoded with a ________. (Fill in the blanks): A. encryption, cleartext, encodedtext, hash B. digital signatures, cleartext, hashtext, key C. digital signatures, plaintext, ciphertext, key
D.
encryption, plaintext, ciphertext, key
22.
Ernie is studying the three main encryption categories that are used in networking. What are these categories? A. DES, RSA, MD5 B. Loose encrytion, selective encryption, and tight encryption C. Symmetric, asymmetric, and hash encryption D. Probalistic, deterministic and heuristic encryption
23.
Ed wants to scramble ATM card PIN numbers so that the code scrambled on the card can be used to verify that the customer has entered the correct PIN number, but the PIN number cannot be reverse engineered from the code on the card. What type of encryption does Ed want to use? A. Symmetric B. Asymmetric C. Hash D. Irreversible
24.
Ed wants to securely pass a shared secret over the Internet. What type of encryption does Ed want to use? A. Symmetric B. Asymmetric C. Hash D. Private key
25.
Jack wants to use "public key cryptography" on his Web site by using SSL. Public key cryptography is another name for ______________ encryption. A. Symmetric B. Asymmetric C. Hash encryption D. Substitution algorithm
26.
Jack wants to use the fastest form of encryption. What form of encryption should Jack use? A. Symmetric B. Asymmetric C. Hash encryption D. MD5 encryption
27.
What is the most common reason that ePlaced.com might want to use encryption? A. Data confidentiality B. Data integrity C. Authentication D. Non-repudiation
28.
Jake knows that encryption strength is primarily based on three factors. What are these factors? A. Algorithm strength B. Secrecy of the key C. Length of the key D. Secrecy of the algorithm E. Length of the algorithm
29.
Marsha wants to know what the authentication methods she can employ to secure access to the server room? The four authentication methods are as follows: A. Proving what you know B. Demonstrating who you are C. Showing what you have D. Identifying where you are E. Showing where you've been
30.
What is the most common authentication method? A. Proving what you know B. Demonstrating who you are C. Showing what you have D. Identifying where you are
31.
Jane implements RRAS security with a caller ID feature to provide additional validation of authorized users. What additional authentication method is Jane using? A. Proving what you know B. Demonstrating who you are C. Showing what you have D. Identifying where you are
32.
When Jane goes downtown to the collocated Web server farm that is on the Internet backbone she have to not only provide a username and password, but go through a palm reader and insert a smart card into a slot. What authentication methods are being used to verify Jane's identity?Proving what you know 1. Demonstrating who you are 2. Showing what you have 3. Identifying where you are
33.
Microsoft has adopted Kerberos authentication in Windows 2000. What advantages does Kerberos authentication offer? A. Kerberos is a trusted third party that validates the identities of parties that want to communicate even if the parties do not know each other. B. The password is encrypted across the wire. C. Kerberos can limit authentication to a certain time frame. D. Kerberos can control access to various resources.
34.
Jay learns that there are two separate servers included in the Kerberos server. What are these servers? A. Public key server B. Security management server C. Access control server D. Ticket granting server E. Authentication server
35.
Max wants to know which of the following statements are true about Kerberos server. Which of the following statements are true? A. The validated clients are called ticket holderTheir ticket is a session key. B. The Kerberos server ensures that all client machines are secure C. Kerberos clients should destroy the session keys at the end of a session using the kinit command. D. The main disadvantage of a Kerberos server is that if the authentication
server or the ticket granting server is compromised, all communications becomes vulnerable. 36.
Marty works for a small Win2k test preparation company. He wants his legitimate customers to download his software, but not allow anyone who have might have captured a password to reuse it. Marty would use ___________? A. One time passwords B. Kerberos C. Internet Authentication Server D. Domain blocking E. Security realms
37.
For security, Marty uses _______________ to limit what ActiveX programs may modify and he uses __________ to limit what a Java applet scan do. (Fill in the blanks) A. Execution Control Lists, sandboxing B. ACls, Java controls C. permissions, denied rights D. active auditing, port permissions
38.
Jill wants to actively respond to illicit access and intrusions by either ending a login session, blocking access to certain hosts, or tracing the illicit activity back to the point of origin. What should Jill implement? A. Intrusion response B. Active auditing C. Ping of death D. Loopback intrusion protection
39.
Debbie wants to use public key encryption. She is interested in how she can distribute the public key pairs either manually or automatically. Which of the following statements are true of public key exchange? (Choose 3): A. S/MIME and PGP use manual public key exchange. B. SSL and IPSEC exchange public keys automatically through a series of handshakes C. PPTP and TCPSEC exchange public keys automatically through PGP D. S/MIME and PGP use automatic key exchange through the Diffie-Hoffman protocol E. The public key of the recipient is used to encode messages.
40.
Mark works for the NSA. He wants to crack a foreign encryption scheme as quickly as possible. What process would speed Mark's work? A. Rounds B. Parallization C. Distributed processing D. Artificial intelligence
41.
Mark wants to increase the speed and strength of a 128 bit encryption process. He should use the following: A. Rounds B. Parallelization C. Proxy encryption D. Multiprocess encryption E. Strong encryption
42.
What is the biggest strength and what is the biggest weakness of symmetric key encryption? A. Strength: Fast and strong B. Strength: Security of algorithm C. Weakness: Key distribution D. Weakness: Possible compromise of algorithm E. Weakness: No support for trusted functionality
43.
How would Joe the hacker most likely defeat symmetric encryption? (Choose 3): A. Brute force attack B. Dictionary attack C. Password sniffing D. IP spoofing E. Masquerade attack
44.
DES,Triple DES, RSA, RC2, RC4, RC5, RC6, Mars, Twofish and Serpent are examples of what? A. Algorithms that have been routinely compromised B. Experimental algorithms C. Symmetric algorithms D. Asymmetric algorithms E. Hash algorithms
45.
Which of the following is/are the most popular symmetric algorithm that use(s) 128 bits in the US and 40 bits internationally? A. RSA B. RC2 and RC4 C. Serpent D. Dragon Fish
46.
Nancy buys a Sony High Definition TV. Her cable company encodes broadcasts of pay per view channels using a fast, strong encryption algorithm that supports block sizes up to 256 bits. What algorithm is works extremely well with even HDTV, ATM, and ISDN? A. Rijndael B. Skipjack C. DES D. RSA
47.
Which of the following statements are true about asymmetric encryption? A. It's relatively fast B. It solves the problem of secure key distribution over the Internet C. RSA, DSA, and Diffie-Hellman are examples D. It employees a hash function E. The private key is distributed securely
48.
Which of the following are examples of hash encryption? (Choose 2): A. Signing B. Sealing C. MD2, MD4, MD5 and SHA D. MARS, RC6 and DES E. RSA, DSA, and Diffie-Hellman
49.
Alfie wants to know what encryption is all about nowadays. Which encryption process is most prevalent today? A. Symmetric B. Asymmetric C. Hash D. A combination of symmetric, asymmetric, and hash encryption.
50.
Marty want to encrypt his email. What are the two most popular techniques? A. PGP B. S-SMTP C. PGL D. S-MIME
51.
David wants to secure his BetweenBookends.com Website for secure online ordering. What choices does he have and what are the notable differences? (Choose one or more correct choices): A. HTTPS is the same as SSL B. HTTPS only encrypts HTTP traffic C. HTTPS might be more secure because encryption takes place at a higher level on the OSI model D. Only SSL requires a certificate E. In SSL usually only the server is authenticated
52.
SSL was invented by ___________ and has been a standard since 1995. A. AOL B. Netscape C. Microsoft D. Apple E. IBM
53.
Secure HTTP uses _____________ encryption to exchange a 128 bit (US) or 40 bit (international) session key and then uses this shared secret for the rest of the connection. A. Asymmetric B. Symmetric C. SSL D. SHA E. Hash
54.
Randy wants to encapsulate and encrypt data packets so that confidential corporate information may be securely passed through the Internet which may be used as a low cost corporate backbone. What are the two most popular alternatives? A. PPTP B. COMSEC C. PPP D. IPSEC E. SA
55.
Two major airlines merge. They want their staffs to be able to securely communicate with each other without installing any additional software or hardware on client’s machines. They set up their respective firewalls to communicate directly with each other using a VPN. What is the term to describe what they have created?
A. B. C. D. E.
Virtual Network Perimeter Public Key Infrastructure L2TP+ Pretty Good Privacy Firewall of Firewalls
56.
VeriSign maintains a hierarchy of ___________ servers for managing public keys, certificates and signatures. A. Digital Signature B. CA C. PKI D. Digital Certificate
57.
What kind of digital certificate does Jake need to send secure email? A. Certificate Authority Certificate B. Server Certificate C. Personal Certificate D. Software or Publisher Certificate E. S-MIME certificate
58.
Jake uses a complex password. What type of attack is Jake thwarting? (Choose the best answer): A. Dictionary attack B. Brute force attack C. Front door attack D. Back door attack
59.
In examining the audit logs, George notices a ton of failed logon attempts to the RAS server at 2 AM each morning. He excludes user logon for hours from midnight to 6 AM. What type of attack is George trying to prevent? (Choose the best answer): A. Brute force B. Front door attack C. Back door attack D. Trojan Attack
60.
Someone has altered a sensitive Human Resources file. Frank initiates auditing on the HR folder for successful as well as failed access. What type of attack is Frank trying to defeat? (Choose the best answer): A. Front-door attack B. Back-door attack C. Outsider attack D. Insider attack
61.
Judy is a security auditor. She uses the NAT program to probe for weak passwords. What type of attacks is Judy simulating? (Choose 2): A. Brute Force Attack B. Dictionary attack C. Front door attack D. Back door attack
62.
Jeff worked on a major software project for GeminiSoftware. He was laid off after it was discovered that he was hacking banks on the side. His boss, Marsha does a top to bottom review of his code to insure that he left no secret way to bypass
security and gain access to the program directly without using an authorized username and password. What type of attack is Marsha protecting against? A. Backdoor B. Front door C. Buffer overflow D. Brute Force Attack 63.
Marsha uses Windows 2000 domain policy to insure that her user’s software is automatically updated with the latest security patches. What is Marsha defending against? A. Bugs B. A back door C. A front door D. A root kit
64.
John is called by a person purporting to represent his ISP with the news that several user passwords have been compromised, could John change his password online and then give the caller the old password which they will use to bait a duplicate account. The caller does not want access to John's ISP account, but hopes that John is using the same password on his work account. What type of attack is John being subjected to? A. Social engineering B. Root kit C. Impersonation D. Back door
65.
In IP spoofing and "man-in-the-middle " attacks the impersonated system is often crashed using a ____________ attack. A. Social engineering B. Two-Fish C. DOS D. Front door
66.
Within the Research and Development department Jerry implements IPv6 in order to defeat identity theft. What type of attack is Jerry defending against? A. Spoofing B. Rope-a-dope C. DOS D. Fraudulent e-mail E. RSA
67.
Barbara tries to follow recommended security principles. Good general security principles include: A. Be neurotic B. Have a security policy that considers training, multiple techniques and physical security C. Minimize the damage D. Place equipment according to business needs
68.
If James is "paranoid" about security he will do which of the following? A. Install keyloggers on high-risk server computers B. Assume that once his network is connected to the Internet it is a target for attack. C. Have backups in place in case one area is breached, the damage can be
contained. Limit what users can access in case a hacker gains access to a legitimate username and password. E. Protect your FTP files separately from your Web files. D.
69.
Why should www.TopBets.com have a security policy? A. To eliminate security loopholes B. To inform and motivate users and administrators of their goals and roles in corporate security. C. To provide a foundation for individual security measures. D. To make consistent decisions as you secure your network.
70.
Jake is an administrator for MommaCookies.com. He creates an a standard user account for himself with limited privileges and uses this account when not doing administrative tasks. He also resists the attempts of the CEO to be granted administrative access. What security principle is Jake following? A. No system or technique stands alone B. Minimize the damage C. Be paranoid D. Deploy companywide enforcement
71.
Laura Croft understands that security is more than code on machines. What is one of the most effective and easiest to implement security measures? A. Physical security B. Training C. Security policy D. Password policy
72.
Voyager Computer Games has a policy that beta software will not be installed on Web servers, and indeed all software to be installed in the DMZ must be thoroughly tested and approved before deployment, and that no new ports will be opened on their firewalls without higher approval. What security principle is Voyager Computer Games following? A. Minimize the damage B. No system or technique stands alone C. Deploy companywide enforcement D. Use an integrated security policy
73.
Voyager Computer Games has a policy that no hardware or software is deployed without going through their testing lab to determine if it meets a unique need not served by existing hardware or software; to determine the impact of this hardware or software on all users; and to determine the total cost of ownership of this hardware or software including any security implications. What security principle is Voyager Computer Games following? A. Place equipment according to needs B. Use an integrated security policy C. No system or technique stands alone D. Deploy companywide enforcement
74.
Ben secures the server room with a crypto lock and that it is used. He makes sure that no one can gain entry by crawling through a drop ceiling. The server room and the corporate office each have security alarms. He makes sure that any vendors that work in the server room are escorted. He installs video surveillance cameras. what security principle is Ben following?
A. B. C. D. E.
Provide training Consider physical security Place equipment according to needs Use an integrated security policy. No system or technique stands alone
75.
For security between buildings at a defense contractor, the cable is fiber and it is buried in steel reinforced concrete with an intrusion detection system. What layer of the OSI model is the defense contractor securing? A. Physical B. Datalink C. Network D. Transport E. TDI
76.
A smurf attack is a form of _________ attack. It uses ________ packets, and operates at the ______ layer. Fill in the blanks. A. Denial of service, ICMP, network B. Tribal flood, UDP, network C. Tribal flood, TCP, transport D. Denial of service, ping, transport
77.
Judy's server has brought to its knees by an enormous number of zombie client SYN TCP handshake request packets that are not followed by the a zombie client ACK packets to the server. What type of attack is being performed on Judy's server? A. TCP FIN attack B. ACK-less attack C. SYN flood attack D. SIN attack
78.
Jeremy often begins his attacks of a firewall with a ____________. A. Port scan B. UDP bridge attack C. TCP food attack D. Smurf attack
79.
Jeremy institutes a virus checker that will scan incoming email attachments for viruses and Trojans and then after stripping any malicious attachment the intended recipient, the sender and the email administrator are informed of the malicious email content. What layer of the OSI model is Jeremy protecting? A. Network layer B. Transport layer C. Application layer D. Session layer E. Presentation layer
80.
Wendy implements logging on her FTP server. She only allows anonymous account access and institutes strict disk quotes on her Novell server for files uploaded by the anonymous user account. What is Wendy protecting against? A. Hackers uploading erroneous information to fill up the hard disk space. B. Using the target company's FTP server to store pirated software or stolen credit card numbers for the hacker and his cohorts. C. Filling up the FTP server drive to crash the OS and take advantage of a
remaining shell in Unix Filling up the FTP server drive to prevent the FTP log from detecting further activities. E. Capturing the username and password of an illegitimate user and then using that account against a different corporate server. D.
81.
Mike wants to protect his users from malicious code from Web servers. What does Mike want too protect against? (Choose 3): A. Unsigned ActiveX controls B. Malicious Java applets C. HTTPS applications D. Programs with low content ratings E. Untested plug-in to the browser
82.
Marty knows how to use Telnet, rsh, and rlogin. Which of the following are security precautions that Marty should take? (Choose 2): A. Use Telnet instead of trsh and rlogin B. Never use any of these programs C. Don't use Telnet over the Internet D. Use rsh instead of TelneLog in with a regular user accounGo secure and then upgrade to root privileges with the SU command.
83.
Carlos uses SNMP on his network, but does not want anyone to come in through the firewall and impersonate a SNMP Network Management Station. What can Carlos do to increase SNMP security? (Choose 2): A. Disable TCP Ports 161 and 162. B. Disable UDP Ports 161 and 162. C. Upgrade to SNMPv3 D. Use Public as the Community Name
84.
Nancy wants to secure her DNS server. What steps might Nancy take? A. Have a separate DNS server inside the firewall with internal records, while placing a DNS server outside the firewall with only the DNS records of publicly accessible resources such as the Web serveProhibit outbound zone transfers through the firewall. B. Prohibit zone transfers to other DNS servers that are not specifically enumerated. C. Close down UDP port 53 inbound D. Close down TCP port 53 outbound. E. Close down TCP port 53 inbound
85.
George's home computer running Windows 200 Professional has been hacked twice since he has installed a cable modem. He wants to disable just about all inbound ports on his computer with the least amount of effort. George should? A. Install Easy Proxy B. Use Network Address Translation C. Use ICS D. Use the Advanced properties of TCP/IP
86.
In order to secure the most commonly attacked servers - Web, FTP and SMTP, Brian implements a five step, iterative security policy. What should the order of these steps be? A. Categorize resources and their needs; define a security policy; secure each resource and service; log test and evaluate; repeat the process and
keep current. Define a security policy; categorize resources and their needs; secure each resource and service; log test and evaluate; repeat the process and keep current. C. Log test and evaluate; categorize resources and their needs; define a security policy; secure each resource and service; repeat the process and keep current. D. Define a security policy; categorize resources and their needs; log, test and evaluate; secure each resource and service; and then repeat the process and keep current. B.
87.
Brian wants to secure each resource and service on his most vulnerable servers. What steps should Brian take? A. Change server and system defaults. B. Remove extraneous services C. Ensure physical security D. Lock down registry keys and password files E. Constantly monitor internal user connections to his servers.
88.
How can Sandy protect the Web server if the FTP server is compromised or protect the compromise of the Web server from compromising the operating system? A. Place the OS, Web Server, and FTP server on different hard drives or hard drive partitions. B. Remove unnecessary services C. Disable Perl and CGI and replace them with ISAPI D. Change system defaults.
89.
Sandy wants to protect his CGI scripts. What should Sandy do? (Choose 2): A. At the Web server, remove the execute permission. B. At the web server, allow only the script permission C. Place CGI, PERL and ISAPI scripts on another partition D. Prohibit write access to that partition by the OS.
90.
Eddie knows that much of the security of IIS is based on NTFS permissions. What can Eddie do to thwart a hacker in the middle of the night? A. Set an alarm B. Set an authentication trap C. Program the system to reset permissions every hour during the times that the server is unused or lightly used. D. Log off the Web server at the end of the day
91.
What are some steps that Frank can take to isolate the security of his FTP server from the security of his Web server? A. Put them on separate partitions. B. Use separate FTP server and Web server user accounts C. Do not allow upload by FTP to Web directories D. Do not allow web access to FTP root.
92.
Bob goes to www.tucows.com to download an evaluation copy of a SMTP server. He is mostly concerned with the ability to host multiple email domains at a reasonable cost in terms of licensing fees and administrative burden. For securities sake, he should also pick a SMTP server that supports ___________. Fill in the blank. A. Poison reverse
B. C. D.
Split horizon Reverse DNS lookup MX records
93.
In testing and evaluating his existing system John should? (Choose 3): A. Use hacker tools an techniques B. Consult server logs C. Be neurotic D. Do not become complacent
94.
Hank uses network security scanning software such as Webtrends Security Analyzer. What benefits does Hank derive? A. Convenience B. Automation C. Imperviousness to countermeasures D. Evaluation of target systems against a database of known security risks and vulnerabilities E. Categorization of discovered risks
95.
Dee is purchasing a firewall for MeteredResponse.com She is surprised that firewalls are much more capable nowadays. What roles can a firewall fulfill? A. Enforcing security policy B. Enforcing password policy C. Creating a choke point D. Logging Internet activity E. Limiting network exposure
96.
As part of it's security policy, WestBuys.com wants to accept and reject packets based on the source and destination IP addresses and source and destination port numbers. BestWestBuys.com wants the firewall to have as little an impact on network performance as possible and for the firewall to be as inexpensive as possible, perhaps doing double duty with some other network function. What type of firewall should WestBuys.com implement? A. A packet filter on a router B. A circuit-level gateway on a bridge C. An application-layer gateway on a combination proxy server/Web server D. A bastion host on a file server.
97.
Brandon wants to hide internal network addresses and only pay for one public IP address. Additionally, Brandon wants to filter traffic by IP addresses and port numbers. Finally. Brandon want to cache Web pages. What kind of firewall should Brandon implement? A. NAT B. Proxy server C. Packet filter D. Gateway E. Circuit level gateway
98.
Brandon wants to hide internal network addresses and only pay for one public IP address. He want to use internal network numbers that will not be accessible on the Internet. What address ranges would work? (Choose three): A. 131.107.0.0 to 131.107.255.255 B. 10.0.0.0 - 10.255.255.255 C. 172.16.0.0 - 172.31.255.255
D. E. 99.
192.168.0.0 - 192.168.255.255 100.0.0.0 to 100.255.255.255
Brandon wants to divide up the firewall function between a screening router and an application firewall so if one host is compromised, the other host may stem the breech. What type of firewall does Brandon want to implement? A. gateway B. Double dragon C. Packet filter D. Circuit-level gateway E. Application-level gateway.
100. Mike wants to implement NAT. One what devices can Mike implement NAT and provide security? A. Proxy server B. Dual-homed host C. Single-homed host D. Router E. Bridge 101. Jake reads a computer magazine that extols the virtues of a bastion host. What are the features of a bastion host? (Choose 2): A. A bastion host is a secure computer placed between a trusted network and an untrusted one such as the Internet. B. Application layer gateways that function as bastion hosts use a separate daemon to inspect and route traffic from the outside to the internal network. C. A packet-filtering router cannot act as a bastion host. D. Circuit layer gateways that function as bastion hosts use a separate daemon to inspect and route traffic from the outside to the internal network. 102. Marty is considering the cost of buying a firewall appliance or a firewall package such as Axent Raptor or Checkpoint Firewall-1. What are some considerations? A. With a firewall package you pay a licensing fee to the firewall vendor, and you also have to provide a box with a licensed OS such as NT, or Unix. B. With a firewall package, the extra cost of the OS (such as NT) is offset by the additional functions that the OS can perform such as file and print sharing. C. With a firewall appliance you pay one price for a firewall box. D. The box that serves as a firewall should be hardened by removing unnecessary protocols and applications. 103. Marty wants to provide a higher level of security to his Internal network resources that his Web servers, but he wants to provide some protection to his Web servers. What should Marty implement? (Choose 3): A. A DMZ B. A screening router and a choke router C. A service network D. An application-level gateway 104. Mike installs Microsoft Proxy server 2.0. Now, Internet users complain that they cannot get to the corporate Web site. What is the problem? A. By default, Microsoft Proxy Server 2.0 does not listen on inbound service ports. B. By default, Microsoft Proxy Server 2.0 does not listen on outbound service
ports. By default, Microsoft Proxy Server 2.0 does not talk on inbound service ports. D. By default, Microsoft Proxy Server 2.0 does not talk on outbound service ports. C.
105. Hanks FTP server uses passive FTP. Hank wants to allow internal users to hit external FTP servers; and external users that come in from any address on Port 20 to be able to access only the FTP server at on the 192.168.2.0 network; and on those FTP servers to only be able to access the standard control port and valid data transfer ephemeral ports. Which three rules should Hank implement on his packet filtering router that is acting as a firewall? A. Rule 1: Allow from IP 192.168.2.0 to IP * from port * to port 21 using TCP B. Rule 1: Allow from IP 192.168.2.0 to IP * from port * to port 80 using TCP C. Rule 2: Block from IP * to IP 192.168.2.0 from port 20 to port <1024 using TCP D. Rule 2: Block from IP * to IP 192.168.2.0 from port 20 to port >1024 using TCP E. Rule 3: Allow from IP * to IP 192.168.2.0 from port 20 to port * using TCP ACK=1 106. Mark wants defense-in-depth for his network. What is normally the first line of defense for a firewall system? A. User training B. Packet filters/screening router C. Proxy server/NAT D. Choke router 107. Trey wants to be able to inspect packets for malicious content and to overcome the weaknesses of packet filters that not only include the inability to distinguish between good and bad packets, but their susceptibility to IP spoofing and the administrative burden inherent in configuring all the TCP/IP rules necessary to make a packet filtering firewall work effectively. What feature of a firewall should Trey look for in the future? A. Autoconfiguration B. Artificial intelligence C. Stateful mult-layer inspection D. Dynamic logging and context checking 108. David wants a proxy server that will speed Internet access for remote locations on his WAN that have low bandwidth. What type of proxy server will fulfill David's need? A. Web proxy B. Circuit level gateway C. Application-level gateway D. Sock proxy E. Winsock proxy 109. David wants a proxy server that will act as an IP address translator between the Internet and his internal network. What type of proxy server will fulfill David's need? (Choose 2): A. Circuit level gateway B. Web proxy C. Application-level gateway D. Socks proxy
E.
FTP proxy
110. Peter wants to buy a firewall that will scan incoming email for viruses and provide robust alarming and logging features. He is considering buying Axent Raptor Firewall. What type of firewall is Peter considering buying? A. A proxy-oriented firewall B. Choke router C. Screening router D. Firewall-in-a-box E. Firewall appliance 111. For security, Jerry want to prevent Internet users from connecting directly to his company's Web server farm. What should Jerry implement? A. Proxy array B. Reverse proxy C. TAN D. ICS E. A reverse lookup zone 112. What is a disadvantage of a application gateway and how can this disadvantage be partially overcome? A. Speed - proxy array B. Lack of logging capability - separate logging server C. Speed - reverse proxy D. More rules must be implemented on the firewall - autoconfiguration. 113. What contingency plans should PixelStorm.com have in case their firewall crashes or is compromised? A. Install your firewall on a server cluster B. Create identical copies of software C. Configure an identical system and keep it in safe storage D. Ensure that you have all software to reinstall your firewall handy including rescue disks. 114. OnlineGamers.com is concerned that a router might be misconfigured and erroneously bypass their firewall. What type of bastion host should they avoid to prevent this security hole? A. Single-homed bastion host B. Dual-homed bastion host C. Single purpose bastion host D. Dual purpose bastion host 115. Ingrid is testing a new video conferencing application. For highest security, Ingrid should? (Choose the best answer): A. Require authentication on the existing proxy server B. Configure a separate proxy server with strong policies C. Configure a firewall in front of the existing proxy server D. Close extraneous inbound ports on the proxy server. 116. Ingid is picking a the computer that he will use for his firewall. He wants to pick which of the following features in this computer? (Choose 2): A. Fast and responsive machine so as not to slow Internet access times. B. Slower machine so as not to be an inviting target C. Slower machine so if it is compromised it will slow hacker access to your
D. E.
network Faster machine if multiple applications are to be installed Faster machine if proxy server is to be installed
117. Cookie is having a consultant build a bastion host. Cookie does not have a preferred operating system. What should Cookie's logical choice be for a OS for his firewall? A. NT 4.0 B. Win2k Server C. Unix D. Win9x E. DOS 118. It is important for Mandy to _________ IP routing on her firewall and to ___________ programs used for system administration. (Fill in the blanks). A. enable, enable B. disable, disable C. enable, disable D. disable, enable 119. Gary is a security consultant. He visits FrenchRestaurants.com. They have a packet filtering router that only passes packets to a single homed bastion host and which will only accept packets from that bastion host. Which of the following statements are true about this configuration? A. A hacker would now have to subvert two security devices, not only the router, but a separate computer not designed to accept logins. B. Compared to a screening router solution this is solution is slower and more costly. C. If the bastion host is configured as a circuit level gateway, not all TCP/IP applications will work through the bastion host. D. Gary recommends that a dual-homed bastion host be implemented to make a complete break between the FrenchRestaurants.com's internal network and the Internet. E. With either a single or dual homed bastion host coupled to a packet filtering/screening router, this configuration is called a screened host firewall. 120. Gary wants to detect if privileged accounts are the target of a hacker. He could? A. Run a batch file that would dump to a text file, the user accounts that are logged-in at various hours of the night. B. He could use a login script for administrative and system account loginThis login script could record the host name and IP address of the computer used to logon. C. He could rename the administrator account; create a bogus administrator account and audit that account. D. He could disable the administrator account 121. What measures could Gary take to distract a hacker who had broken into his Website. A. Dummy corporate files and/or dummy password files B. Create a jail only after approval of management C. Enable shadow passwords in Unix. D. Set a tripwire that will page the administrator or drop the network connection of the hacker. E. Set restricted login hours for system accounts and set forcibly disconnect
users when logon hours expire. 122. Why should GlobalComm decide ahead of time how to react to an intrusion? (Choose 3): A. Overreaction could punish legitimate users and bring globalComm's network to its knees. B. Planning will increase the likelihood that the reaction will be appropriate and that it will work. C. Underreaction could allow a hacker to do damage that is preventable. D. Planning may prevent panic E. with planning, GlobalComm should be able to visualize all the threats. 123. Gary wants o punish a hacker. What can Gary do when he detects that hacker is looking in an unauthorized place in his Website? (Choose all that apply): A. Ping of death B. Chargegen C. WinNuke D. Echo Offline 124. GlobalComms network has been breached. GlobalComm should as a matter of course do which of the following? A. Notify their ISP B. Notify Internet agencies C. Determine the scope of the breach and stop or contain activity. D. Document everything E. Notify all users 125. GlobalComm's network has been breached. GlobalComm fixes the problem. What should GlobalComm do in the aftermath? A. Analyze and learn B. Update security policy C. Keep a lid on their countermeasures D. Change all passwords Answers 1.
*A. NetBus Trojan Explanation: Jill's computer is infected with the NetBus Trojan virus. Network Security and Firewalls, Lesson 1: What is Security?
2.
*A. Intrusions have increased by 50% in the last year *C. Losses due to hacking are about $10 billion a year *D. One in five Internet sites has suffered a security breach. Explanation: Attacks are becoming more frequent, more sophisticated, and have a greater financial impact. Network Security and Firewalls, Lesson 1: What is Security?
3.
*C. Gain fairly accurate advice on how to begin hacking
*D. Scan networks to determine target to attack *E. Crack authentication and encryption Explanation: Ben's son may be a budding hacker. He may also learn how attack routers, email servers, Web servers, database servers and file servers. Network Security and Firewalls, Lesson 1: What is Security? 4.
*B. A balanced security policy Explanation: Martin can achieve a security policy that is effective without unduly bogging down legitimate users, but Martin can never achieve 100% security. Network Security and Firewalls, Lesson 1: What is Security?
5.
*A. Ease of use *B. Reasonable cost Explanation: Franklin wants the most security at the lowest cost and with the greatest ease of implementation. Network Security and Firewalls, Lesson 1: What is Security?
6.
*C. Access control *D. Superior alarming and reporting *E. Flexible and scalable Explanation: Hannah is also looking for ease of use and appropriate cost of ownership. Network Security and Firewalls, Lesson 1: What is Security?
7.
*D. End user resources, network resources, server resources, and information storage resources. Explanation: Benedict should try to protect the following: end user resources, network resources, server resources, and information storage resources. Network Security and Firewalls, Lesson 1: What is Security?
8.
*B. imitates a Internet Protocol device Explanation: With IP spoofing, a hacker can even impersonate a router. Network Security and Firewalls, Lesson 1: What is Security?
9.
*C. Server resources Network Security and Firewalls, Lesson 1: What is Security?
10.
*A. Casual hackers are the largest group and can be stopped with the proper
application of security. *B. The most effective tool against Spies is auditing. *D. The determined hacker will eventually gain access to your system and he may be your employee Network Security and Firewalls, Lesson 1: What is Security? 11.
*C. Data confidentiality Explanation: Data confidentiality provides protection of data from unauthorized disclosure and protects against passive threats such as packet sniffers. Network Security and Firewalls, Lesson 1: What is Security?
12.
*E. Non-repudiation Explanation: Non-repudiation services allow all parties to provide proof or origin and proof of delivery concerning any service. Network Security and Firewalls, Lesson 1: What is Security?
13.
*A. Specific - Encryption *B. Pervasive - Trusted functionality *C. Pervasive - Event detection *E. Pervasive - Security recovery Explanation: Audit trail is a pervasive/general security measure that implements helps implement one or more security services at a time and transcends the different layers of the OSI model. Network Security and Firewalls, Lesson 1: What is Security?
14.
*A. Trusted functionality Explanation: Trusted functionality is any procedure that strengthens an existing mechanism, such as upgrading the TCP/IP protocol stack. Network Security and Firewalls, Lesson 1: What is Security?
15.
*C. ISO 7498-2 seeks to minimize vulnerabilities to accidental or intentional, active or passive threats. *D. British Standard 7799 outlines "controls" including physical security, security policy, and system access policies. Explanation: The Common Criteria was developed by an international consortium and the Orange Book was developed by the US government. Network Security and Firewalls, Lesson 1: What is Security?
16.
*C. Corporate security policy Explanation: The foundation is corporate security policy. Network Security and Firewalls, Lesson 2: Elements of Security
17.
*A. All database information *B. Developer desktop computers Explanation: While most databases might be critical to a business, a database of employee pager numbers would not be critical. Desktop computers would generally be a Level-III category. Network Security and Firewalls, Lesson 2: Elements of Security
18.
*D. 5, 20, 75 Explanation: Usually five percent of systems are mission critical and cannot tolerate more than a few hours downtime. Network Security and Firewalls, Lesson 2: Elements of Security
19.
*B. Wins, DNS or Samba Explanation: Email is often critical to customer service and servers that provide name resolution are often critical to an organization because they provide foundation services. Network Security and Firewalls, Lesson 2: Elements of Security
20.
*A. Assign risk factors Explanation: While all of the above are important, the next step is to assign risk factors. Network Security and Firewalls, Lesson 2: Elements of Security
21.
*D. encryption, plaintext, ciphertext, key Explanation: he should implement encryption to change his plaintext documents into ciphertext that can only be decoded with a key. Windows 2000 supports encrypting documents on the hard drive. Network Security and Firewalls, Lesson 2: Elements of Security
22.
*C. Symmetric, asymmetric, and hash encryption Explanation: Symmetric, asymmetric, and hash encryption are the three types. Network Security and Firewalls, Lesson 2: Elements of Security
23.
*C. Hash Explanation: Hash or one-way encryption theoretically scrambles information so that it can never be recovered.
Network Security and Firewalls, Lesson 2: Elements of Security 24.
*B. Asymmetric Explanation: Asymmetric encryption can be used to securely pass a symmetric session key. Network Security and Firewalls, Lesson 2: Elements of Security
25.
*B. Asymmetric Explanation: Public key cryptography is another name for asymmetric encryption. Network Security and Firewalls, Lesson 2: Elements of Security
26.
*A. Symmetric Explanation: Symmetric encryption, also called shared secret encryption is the fastest form of encryption. Network Security and Firewalls, Lesson 2: Elements of Security
27.
*A. Data confidentiality Explanation: The most common reason that eplaced.com would want to use encryption is data confidentiality. Network Security and Firewalls, Lesson 2: Elements of Security
28.
*A. Algorithm strength *B. Secrecy of the key *C. Length of the key Explanation: Encryption strength is primarily based on the strength of the algorithm, the length of the key and the secrecy of the key. Network Security and Firewalls, Lesson 2: Elements of Security
29.
*A. Proving what you know *B. Demonstrating who you are *C. Showing what you have *D. Identifying where you are Explanation: Proving what you know, demonstrating who you are, showing what you have, and identifying where you are the four authentication methods. Network Security and Firewalls, Lesson 2: Elements of Security
30.
*A. Proving what you know
Explanation: Proving what you know, as providing a username and password is the most common authentication method. Network Security and Firewalls, Lesson 2: Elements of Security 31.
*D. Identifying where you are Explanation: Caller ID or checking your IP address, domain name or host name is identifying where you are. Network Security and Firewalls, Lesson 2: Elements of Security
32.
*A. Proving what you know *B. Demonstrating who you are *C. Showing what you have Explanation: Network Security and Firewalls
33.
*A. Kerberos is a trusted third party that validates the identities of parties that want to communicate even if the parties do not know each other. *C. Kerberos can limit authentication to a certain time frame. *D. Kerberos can control access to various resources. Explanation: The password, even in encrypted form is never sent over the wire. Network Security and Firewalls, Lesson 2: Elements of Security
34.
*D. Ticket granting server *E. Authentication server Network Security and Firewalls, Lesson 2: Elements of Security
35.
*A. The validated clients are called ticket holders. Their ticket is a session key. *D. The main disadvantage of a Kerberos server is that if the authentication server or the ticket granting server is compromised, all communications becomes vulnerable. Explanation: The Kerberos server does not ensure that client machines are secure or that client machines initiate the "kdestroy" command at the end of a session to destroy the session keys. Network Security and Firewalls, Lesson 2: Elements of Security
36.
*A. One time passwords Explanation: Marty would use OTPs. Network Security and Firewalls, Lesson 2: Elements of Security
37.
*A. Execution Control Lists, sandboxing Explanation: ActiveX programs may be limited by Execution Control Lists (ECLs) while Java applets may be sandboxed. Network Security and Firewalls, Lesson 2: Elements of Security
38.
*B. Active auditing Explanation: Jill should implement active auditing. Network Security and Firewalls, Lesson 2: Elements of Security
39.
*A. S/MIME and PGP use manual public key exchange. *B. SSL and IPSEC exchange public keys automatically through a series of handshakes *E. The public key of the recipient is used to encode messages. Explanation: S/MIME and PGP use manual public key exchange. SSL and IPSEC exchange public keys automatically through a series of handshakes. The public key of the recipient is used to encode messages. Network Security and Firewalls, Lesson 3: Applied Encryption
40.
*B. Parallization Explanation: In parallelization, multiple processors, computers and processes are used to crack an encryption code. Network Security and Firewalls, Lesson 3: Applied Encryption
41.
*A. Rounds Explanation: Mark should use rounds. Strong encryption using a key longer than 128 bits would not increase speed. Network Security and Firewalls, Lesson 3: Applied Encryption
42.
*A. Strength: Fast and strong *C. Weakness: Key distribution Explanation: Symmetric key encryption is fast and strong, but the key must be securely distributed. Network Security and Firewalls, Lesson 3: Applied Encryption
43.
*A. Brute force attack *B. Dictionary attack *C. Password sniffing
Explanation: Symmetric keys can be defeated with a brute force attack, password sniffing or a dictionary program. Network Security and Firewalls, Lesson 3: Applied Encryption 44.
*C. Symmetric algorithms Explanation: DES, Triple DES, RSA, RC2, RC4, RC5, RC6, Mars, Twofish and Serpent are examples of symmetric algorithms. Secutity and Firewalls, Lesson 3: Applied Encryption.
45.
*B. RC2 and RC4 Explanation: RC2 and RC4 are the most popular symmetric key algorithms. Network Security and Firewalls, Lesson 3: Applied Encryption
46.
*A. Rijndael Explanation: Rijndael can perform quickly on about anything. Network Security and Firewalls, Lesson 3: Applied Encryption
47.
*B. It solves the problem of secure key distribution over the Internet *C. RSA, DSA, and Diffie-Hellman are examples *D. It employees a hash function Explanation: Asymmetric encryption is slow. Only the public key is distributed securely. Network Security and Firewalls, Lesson 3: Applied Encryption
48.
*A. Signing *C. MD2, MD4, MD5 and SHA Explanation: Signing is an example of a one-way encryption algorithm or hash. Hash algorithms are Message digest 2, 4 and 5 as well as secure Hash Algorithm. Network Security and Firewalls, Lesson 3: Applied Encryption
49.
*D. A combination of symmetric, asymmetric, and hash encryption. Explanation: A combination of encryption processes capitalizes on their respective strengths and minimizes their respective vulnerabilities. Network Security and Firewalls, Lesson 3: Applied Encryption
50.
*A. PGP *D. S-MIME
Explanation: Pretty Good Privacy and Secure MIME are the most common ways to encrypt email. Network Security and Firewalls, Lesson 3: Applied Encryption 51.
*B. HTTPS only encrypts HTTP traffic *E. In SSL usually only the server is authenticated Explanation: SSL may be more secure because encryption takes place at a lower level of the OSI model. The whole packet is encrypted in SSL so more kinds of network traffic than HTTP may be encrypted. Both HTTPS and SSL require certificates. Client authentication in SSL only occurs if the client has a certificate. Most Internet clients do not have certificates. Network Security and Firewalls, Lesson 3: Applied Encryption
52.
*B. Netscape Explanation: SSL was invented by Netscape and has been a standard since 1995. Network Security and Firewalls, Lesson 3: Applied Encryption
53.
*A. Asymmetric Explanation: Secure HTTP uses asymmetric encryption to exchange a 128 bit (US) or 40 bit (international) session key and initiate a secure connection, and then uses this shared secret for the rest of the connection. Network Security and Firewalls, Lesson 3: Applied Encryption
54.
*A. PPTP *D. IPSEC Explanation: PPTP and IPSEC are the most popular VPN protocols. IPSEC supports header compression. Network Security and Firewalls, Lesson 3: Applied Encryption
55.
*A. Virtual Network Perimeter Explanation: They have created a Virtual Network Perimeter. Network Security and Firewalls, Lesson 3: Applied Encryption
56.
*C. PKI Explanation: VeriSign maintains a hierarchy of Public Key Infrastructure (PKI) servers for managing public keys, certificates and signatures. Network Security and Firewalls, Lesson 3: Applied Encryption
57.
*C. Personal Certificate
Explanation: Jake needs a personal certificate. Network Security and Firewalls, Lesson 3: Applied Encryption 58.
*A. Dictionary attack Explanation: By using a non-dictionary password, Jake is thwarting a dictionary attack. A complex password should have three or four of the following elements: uppercase letters, lowercase letters, numbers, non-alphanumeric characters, such as punctuation. Network Security and Firewalls, Lesson 4: Types of Attacks
59.
*A. Brute force Explanation: Brute force attacks are often easy to detect because they involve repeated logon attempts. Network Security and Firewalls, Lesson 4: Types of Attacks
60.
*A. Front-door attack Explanation: In a front door attack a hacker enters the system disguised as a legitimate user and attempts to gain unauthorized access to resources. Network Security and Firewalls, Lesson 4: Types of Attacks
61.
*A. Brute Force Attack *B. Dictionary attack Explanation: Many password attack programs will first try dictionary words as passwords and then try all the random combinations. The passwords can still be broken, but it takes a lot more time if complex passwords are used. Network Security and Firewalls, Lesson 4: Types of Attacks
62.
*A. Backdoor Explanation: Marsha is making sure that Jeff didn't leave a back door. Network Security and Firewalls, Lesson 4: Types of Attacks
63.
*A. Bugs Explanation: Bugs are unintentional security loopholes that can often be fixed with patches or service packs. Network Security and Firewalls, Lesson 4: Types of Attacks
64.
*A. Social engineering Explanation: In social engineering, the user is conned. Network Security and Firewalls, Lesson 4: Types of Attacks
65.
*C. DOS Explanation: A denial of service (DOS) attack is often used to crash the system to be impersonated. Network Security and Firewalls, Lesson 4: Types of Attacks
66.
*A. Spoofing Explanation: Jerry is defending against spoofing. IPv4 is subject to the following types of spoofing: IP, ARP, router and DNS spoofing. Network Security and Firewalls, Lesson 4: Types of Attacks
67.
*B. Have a security policy that considers training, multiple techniques and physical security *C. Minimize the damage *D. Place equipment according to business needs Network Security and Firewalls, Lesson 5: General Security Principles
68.
*B. Assume that once his network is connected to the Internet it is a target for attack. *C. Have backups in place in case one area is breached, the damage can be contained. *D. Limit what users can access in case a hacker gains access to a legitimate username and password. *E. Protect your FTP files separately from your Web files. Explanation: Security professionals should expect that things will go wrong. Network Security and Firewalls, Lesson 5: General Security Principles
69.
*A. To eliminate security loopholes *B. To inform and motivate users and administrators of their goals and roles in corporate security. *C. To provide a foundation for individual security measures. *D. To make consistent decisions as you secure your network. Explanation: All of the above are important. Network Security and Firewalls, Lesson 5: General Security Principles
70.
*D. Deploy companywide enforcement Explanation: Jake is deploying companywide enforcement.
Network Security and Firewalls, Lesson 5: General Security Principles 71.
*B. Training Explanation: Proper training is one of the easiest and most effective measure you can implement. Network Security and Firewalls, Lesson 5: General Security Principles
72.
*D. Use an integrated security policy Explanation: Voyager Computer Games is following an integrated security policy. Network Security and Firewalls, Lesson 5: General Security Principles
73.
*A. Place equipment according to needs Explanation: Voyager Computer Games is placing equipment according to needs. Network Security and Firewalls, Lesson 5: General Security Principles
74.
*B. Consider physical security Explanation: Ben is concerned about physical security. In a few minutes, someone could pop the hard drive out of the server if you let them. Network Security and Firewalls, Lesson 5: General Security Principles
75.
*A. Physical Explanation: The physical layer is being protected. Encryption, data labels and data padding also help secure the physical layer. Network Security and Firewalls, Lesson 6: Protocol Layers and Security
76.
*A. Denial of service, ICMP, network Explanation: A smurf attack is a form of denial of service attack. It uses ping or ICMP packets, and operates at the network layer. Network Security and Firewalls, Lesson 6: Protocol Layers and Security
77.
*C. SYN flood attack Explanation: Judy's server is experiencing a SYN flood attack. Network Security and Firewalls, Lesson 6: Protocol Layers and Security
78.
*A. Port scan Explanation: A port scan for open ports on the firewall is often the first step in an attempted breach. Network Security and Firewalls, Lesson 6: Protocol Layers and Security
79.
*C. Application layer Explanation: Jeremy is protecting the Application layer. Network Security and Firewalls, Lesson 6: Protocol Layers and Security
80.
*A. Hackers uploading erroneous information to fill up the hard disk space. *B. Using the target company's FTP server to store pirated software or stolen credit card numbers for the hacker and his cohorts. *C. Filling up the FTP server drive to crash the OS and take advantage of a remaining shell in Unix *D. Filling up the FTP server drive to prevent the FTP log from detecting further activities. Explanation: Capturing the username and password of a legitimate user and then using that account against a different corporate server would be useful. Network Security and Firewalls, Lesson 6: Protocol Layers and Security
81.
*A. Unsigned ActiveX controls *B. Malicious Java applets *E. Untested plug-in to the browser Explanation: Plug-ins, including ActiveX and Java are potential security loopholes. Policies should be set to either block plug-ins or at least warn about unsigned controls. Network Security and Firewalls, Lesson 6: Protocol Layers and Security
82.
*A. Use Telnet instead of trsh and rlogin *C. Don't use Telnet over the Internet Explanation: The r-series programs should not be used.Ttelnet should be used instead, but not over the Internet. Network Security and Firewalls, Lesson 6: Protocol Layers and Security
83.
*B. Disable UDP Ports 161 and 162. *C. Upgrade to SNMPv3 Explanation: Carlos should disable inbound access to UDP ports 161 and 162 on the firewall and upgrade to SNMPv3. Network Security and Firewalls, Lesson 6: Protocol Layers and Security
84.
*A. Have a separate DNS server inside the firewall with internal records, while placing a DNS server outside the firewall with only the DNS records of publicly accessible resources such as the Web server. Prohibit outbound zone transfers through the firewall.
*B. Prohibit zone transfers to other DNS servers that are not specifically enumerated. *C. Close down UDP port 53 inbound Explanation: Nancy doesn't want to expose the resource records of internal resources on the Internet. UDP port 53 is used for DNS queries. Network Security and Firewalls, Lesson 6: Protocol Layers and Security 85.
*D. Use the Advanced properties of TCP/IP Explanation: George should disable ports using the Advanced properties of TCP/IP. Network Security and Firewalls, Lesson 6: Protocol Layers and Security
86.
*A. Categorize resources and their needs; define a security policy; secure each resource and service; log test and evaluate; repeat the process and keep current. Explanation: Brian should categorize resources and their needs; define a security policy; secure each resource and service; log test and evaluate; and then repeat the process and keep current. Network Security and Firewalls, Lesson 7: Securing Resources
87.
*A. Change server and system defaults. *B. Remove extraneous services *C. Ensure physical security *D. Lock down registry keys and password files Explanation: Brian should constantly monitor public connections to his servers. Network Security and Firewalls, Lesson 7: Securing Resources
88.
*A. Place the OS, Web Server, and FTP server on different hard drives or hard drive partitions. Explanation: Sandy should place the OS, Web Server, and FTP server on different hard drives or hard drive partitions. The Web server files and the Web server program should also be placed on separate partitions. Network Security and Firewalls, Lesson 7: Securing Resources
89.
*C. Place CGI, PERL and ISAPI scripts on another partition *D. Prohibit write access to that partition by the OS. Explanation: CGI scripts must have the execute permission on the Web server. ISAPI scripts need only script permission. Management may direct that all CGI scripts be independent checked for security. Network Security and Firewalls, Lesson 7: Securing Resources
90.
*C. Program the system to reset permissions every hour during the times that the server is unused or lightly used. Explanation: Eddie could program the system to reset permissions every hour during the times that the server is unused or lightly used. Network Security and Firewalls, Lesson 7: Securing Resources
91.
*A. Put them on separate partitions. *B. Use separate FTP server and Web server user accounts *C. Do not allow upload by FTP to Web directories Explanation: Web and FTP servers should be on separate partitions with separate user databases. Although common, upload by FTP to Web directories might allow a hacker to post malicious content on your Website. Network Security and Firewalls, Lesson 7: Securing Resources
92.
*C. Reverse DNS lookup Explanation: For securities sake, he should also pick a SMTP server that supports reverse DNS lookup. Network Security and Firewalls, Lesson 7: Securing Resources
93.
*A. Use hacker tools an techniques *B. Consult server logs *D. Do not become complacent Explanation: In testing and evaluating his existing system, John should use hacker tools an techniques; consult server logs; and avoid complacency. Network Security and Firewalls, Lesson 7: Securing Resources
94.
*A. Convenience *B. Automation *D. Evaluation of target systems against a database of known security risks and vulnerabilities *E. Categorization of discovered risks Explanation: Network security scanners feature convenience and automation. They evaluate target systems against a database of known security risks and vulnerabilities and categorize the potential severity of the discovered vulnerabilities. Network Security and Firewalls, Lesson 7: Securing Resources
95.
*A. Enforcing security policy
*C. Creating a choke point *D. Logging Internet activity *E. Limiting network exposure Explanation: A firewall has enpnded from being box to being a “bastion host” with multiple functions. Network Security and Firewalls, Lesson 8: Firewalls 96.
*A. A packet filter on a router Explanation: A packet filter on a router should be implemented. Network Security and Firewalls, Lesson 8: Firewalls
97.
*B. Proxy server Explanation: Brandon should implement a proxy server. Network Security and Firewalls, Lesson 8: Firewalls
98.
*B. 10.0.0.0 - 10.255.255.255 *C. 172.16.0.0 - 172.31.255.255 *D. 192.168.0.0 - 192.168.255.255 Explanation: Brandon should use NAT with 10.0.0.0 - 10.255.255.255 or 172.16.0.0 172.31.255.255 or 192.168.0.0 - 192.168.255.255 Network Security and Firewalls, Lesson 8: Firewalls
99.
*D. Circuit-level gateway Explanation: Brandon wants to implement a circuit-level gateway. Network Security and Firewalls, Lesson 8: Firewalls
100. *A. Proxy server *B. Dual-homed host *D. Router Explanation: NAT should be implemented on a dual-homed host such as a proxy server or a router. Network Security and Firewalls, Lesson 8: Firewalls 101. *A. A bastion host is a secure computer placed between a trusted network and an untrusted one such as the Internet. *B. Application layer gateways that function as bastion hosts use a separate
daemon to inspect and route traffic from the outside to the internal network. Explanation: A packet-filtering router can act as a bastion host, in which case it simply filters packets based on IP addresses and ports as opposed to inspecting the higher layers of the packets. Network Security and Firewalls, Lesson 8: Firewalls 102. *A. With a firewall package you pay a licensing fee to the firewall vendor, and you also have to provide a box with a licensed OS such as NT, or Unix. *C. With a firewall appliance you pay one price for a firewall box. *D. The box that serves as a firewall should be hardened by removing unnecessary protocols and applications. Explanation: Boxes with firewalls should serve only that function and should be hardened. Network Security and Firewalls, Lesson 8: Firewalls 103. *A. A DMZ *B. A screening router and a choke router *C. A service network Explanation: Marty should implement a DMZ/service network between a screening router/packet-filtering router and a chock router. Network Security and Firewalls, Lesson 8: Firewalls 104. *A. By default, Microsoft Proxy Server 2.0 does not listen on inbound service ports. Explanation: Port 80 has to be opened up to inbound traffic. Network Security and Firewalls, Lesson 8: Firewalls 105. *A. Rule 1: Allow from IP 192.168.2.0 to IP * from port * to port 21 using TCP *C. Rule 2: Block from IP * to IP 192.168.2.0 from port 20 to port <1024 using TCP *E. Rule 3: Allow from IP * to IP 192.168.2.0 from port 20 to port * using TCP ACK=1 Explanation: Rule 1: Allow from IP 192.168.2.0 to IP * from port * to port 21 using TCP Rule 2: Block from IP * to IP 192.168.2.0 from port 20 to port <1024 using TCP Rule 3: Allow from IP * to IP 192.168.2.0 from port 20 to port * using TCP ACK=1 Network Security and Firewalls, Lesson 8: Firewalls 106. *B. Packet filters/screening router Explanation: Packet filters/screening routers are normally the first line of defense.
Network Security and Firewalls, Lesson 8: Firewalls 107. *C. Stateful mult-layer inspection Explanation: Network Security and Firewalls, Lesson 8: Firewalls 108. *A. Web proxy Explanation: Caching on a Web proxy will fulfill this need. Network Security and Firewalls, Lesson 8: Firewalls 109. *A. Circuit level gateway *D. Socks proxy Explanation: IBM invented the SOCKS gateway which is the most popular circuit-level gateway. Circuit-level gateways perform NAT, and can require user authentication. Network Security and Firewalls, Lesson 8: Firewalls 110. *A. A proxy-oriented firewall Explanation: Peter is looking for a proxy oriented firewall. Network Security and Firewalls, Lesson 8: Firewalls 111. *B. Reverse proxy Explanation: Jerry should implement a reverse proxy server. The reverse proxy are located outside the firewall and are registered on the Internet as the companies production Web or email or other protected server. Network Security and Firewalls, Lesson 8: Firewalls 112. *A. Speed - proxy array Explanation: Proxy arrays can overcome speed loss on proxy servers/application gateways. A proxy server requires fewer rules than a packet-filter firewall. Network Security and Firewalls, Lesson 8: Firewalls 113. *B. Create identical copies of software *C. Configure an identical system and keep it in safe storage *D. Ensure that you have all software to reinstall your firewall handy including rescue disks. Explanation: Pixelstorm.com should also have a layered defense with more than one firewall. Network Security and Firewalls, Lesson 9: Levels of Firewall Protection
114. *A. Single-homed bastion host Explanation: A single-homed bastion host can be bypassed. Network Security and Firewalls, Lesson 9: Levels of Firewall Protection 115. *B. Configure a separate proxy server with strong policies Explanation: Ingrid should configure a separate proxy server so as not to compromise the original proxy server. Network Security and Firewalls, Lesson 9: Levels of Firewall Protection 116. *B. Slower machine so as not to be an inviting target Explanation: We want a slower machine. Network Security and Firewalls, Lesson 9: Levels of Firewall Protection 117. *C. Unix Explanation: Unix has been tried and true for over 25 years. Network Security and Firewalls, Lesson 9: Levels of Firewall Protection 118. *B. disable, disable Explanation: IP routing should be disabled along with unnecessary services or daemons. Network Security and Firewalls, Lesson 9: Levels of Firewall Protection 119. *A. A hacker would now have to subvert two security devices, not only the router, but a separate computer not designed to accept logins. *B. Compared to a screening router solution this is solution is slower and more costly. *D. Gary recommends that a dual-homed bastion host be implemented to make a complete break between the FrenchRestaurants.com's internal network and the Internet. *E. With either a single or dual homed bastion host coupled to a packet filtering/screening router, this configuration is called a screened host firewall. Explanation: If the bastion host is configured as an application-level gateway, not all TCP/IP applications will work through the bastion host. A single-homed installation might allow a hacker to subvert the router to bypass he single-homed bastion host. Network Security and Firewalls, Lesson 9: Levels of Firewall Protection 120. *A. Run a batch file that would dump to a text file, the user accounts that are logged-in at various hours of the night.
*B. He could use a login script for administrative and system account logins. This login script could record the host name and IP address of the computer used to logon. *C. He could rename the administrator account; create a bogus administrator account and audit that account. Explanation: Other than disabling the administrator account, the rest of the points are good measures to take. Network Security and Firewalls, Lesson 10: Detecting and Distracting Hackers 121. *A. Dummy corporate files and/or dummy password files *B. Create a jail only after approval of management *C. Enable shadow passwords in Unix. *D. Set a tripwire that will page the administrator or drop the network connection of the hacker. Explanation: Other than setting restricted login hours for system accounts and set forcibly disconnect users when logon hours expire, the rest of the above are good ideas. Network Security and Firewalls, Lesson 10: Detecting and Distracting Hackers 122. *A. Overreaction could punish legitimate users and bring globalComm's network to its knees. *B. Planning will increase the likelihood that the reaction will be appropriate and that it will work. *C. Underreaction could allow a hacker to do damage that is preventable. *D. Planning may prevent panic Explanation: New threats prevent themselves on a regular basis. Network Security and Firewalls, Lesson 11: Incident Response 123. *A. Ping of death *B. Chargegen *C. WinNuke Explanation: Gary could use ping of death, chargegen, Winnuke or merely redirect the hacker to another site. Network Security and Firewalls, Lesson 10: Detecting and Distracting Hackers 124. *A. Notify their ISP *B. Notify Internet agencies
*C. Determine the scope of the breach and stop or contain activity. *D. Document everything Explanation: Affected users should be notified. Network Security and Firewalls, Lesson 11: Incident Response 125. *A. Analyze and learn *B. Update security policy Explanation: GlobalComm should update their security policy after they have learned from the incident. Network Security and Firewalls, Lesson 11: Incident Response
Chapter 3: Security Auditing, Attacks, and Threat Analysis 1.
Jack is a security auditor. What two major roles does Jack fulfill? A. Trusted hacker B. Black hacker C. Security manager D. Consultant E. Administrator
2.
As a consultant, Jack probes the network from inside the firewall. Why is this realistic or unrealistic? (Choose all that apply): A. It is unrealistic in that a hacker would not have this advantage. B. It is realistic as a disgruntled employee could be trying to hack important files. C. It is realistic in that most of the compromises of the network security stem from within the network. D. It is unrealistic in that the firewall and perhaps a DMZ is the primary line of defense.
3.
Jack is conducting a security risk assessment. What is the first step that Jack will take? A. Check for a written security policy B. Check for a firewall C. Check for a robust password policy D. Check to see that no passwords are written down
4.
Jack checks security policy to ensure that it contains three elements. A. Intentions B. Design C. Procedure D. Policy E. Controls
5.
Jake is a security auditor. He is evaluating the answers to the following three questions:
1. What is the target? 2. How serious would a compromise of the resource be? 3. What is the likelihood of such a compromise? A. What phase of a risk assessment is Jack conducting? B. Check for a written security policy - Phase 1 C. Analyze, categorize and prioritize resources - Phase 2 D. Consider business concerns - Phase 3 E. Evaluate existing perimeter and Internal security - Phase 4 6.
Jake is a security auditor. He is prioritizing threatened resources. The most attacked resources fall into the following two categories: A. Network resources B. Server resources C. Internal resources D. External resources E. Infrastructure resources
7.
Jake is a security auditor. He is prioritizing threatened resources. The most commonly attacked network resources include? (Choose 3): A. Routers and switches B. Firewalls C. Network hosts D. HTTP servers E. Security account databases
8.
Jake is a security auditor. He is prioritizing threatened resources. In addition to categorizing resources into the high-risk network and high-risk server category, he should also categorize resources by ______________. A. Department B. Geography C. LAN vWAN D. Global vlocal
9.
Jake is a security auditor. He wants to make sure that the network can recover from the following external attacks. (Choose 3): A. Bandwidth consumption B. Preying Mantis C. Faulty firewall configuration D. Systems attacked that are placed outside the firewall E. Virus and worm attacks
10.
Jake wants to manage network security across a switched network. What is true in this case? (Choose 2): A. He may do this and the individual computers will not know they are being monitored. B. He will have to install software on the hosts that are being managed across a switch. C. He must use a host-based scanner D. He must use a network-based management model
11.
Bernie is doing a security risk assessment . What is the first stage in this risk assessment?
A. B. C. D.
Discovery Infiltration Penetration Control
12.
Bernie is auditing a network and performing risk assessment. He has bypassed encryption, and hacked user accounts. What phase is Bernie in? A. Discovery B. Infiltration C. Penetration D. Control
13.
Bernie is auditing a network and performing risk assessment. He has bypassed encryption, and hacked the administrator account. At this stage he could create new users with administrative privilege. He could erase the audit logs and reconfigure the firewall. What phase of risk assessment has Bernie entered? A. Discovery B. Infiltration C. Control D. Penetration E. Administration
14.
David is doing a security audit. He wants to get a list of NSA.Gov servers. He should use the following tools: (Pick 2): A. Whois B. NSLookup C. Pathping D. Tracert E. NBTSTAT
15.
David is doing a security audit. He knows from Whois that the DNS server for corp.com is ns1. He wants to get the name of the email server. What commands should he enter in NS lookup? A. host -t mx corp.com B. host -t ns corp.com C. server corp.com D. server ns1.corp.com
16.
David is doing a security audit. He wants to discover corp.com's physical layout including routers. What command can best help him? A. Whois B. NSLookup C. Ping D. Ipconfig /all E. Tracert or traceroute
17.
Using ping scan software such as Rhino9 Pinger or WS_Ping Pro pack what information can a hacker discover? (Choose all the correct answers): A. Network IP addresses B. Host names C. Aliases D. Host headers
18.
David runs a port scan on three computers and gets the following results; 131 107 2 1:25 110; 131 107 2 2:21 80; 131 107 2 3:23 What does David learn?
131.107.2.1:25, 110; 131.107.2.2:21, 80; 131.107.2.3:23. What does David learn? (Choose all that apply) A. 131.107.2.1 is an email server B. 131.107.2.1 is a DNS server C. 131.107.2.2 is a FTP and Web server D. 131.107.2.2 is running SNMP E. 131.107.2.3 is a DNS server 19.
David wants to disable Microsoft networking through the corporate firewall. Which ports should he disable? (Choose 2): A. TCP and UDP ports 135. B. UDP ports 137,138, and 139. C. TCP ports 25 and 110 D. TCP ports 21 and 80
20.
The process of determining which OS is housed on a particular host by subtle differences in the way that the TCP/IP protocol suite is implemented by a particular OS is called? A. Port scan B. Stack fingerprinting C. Tracert D. Binary probe E. Suite spotting
21.
Hank wants to know the share names on the network, and any passwords. What program will provide this information to Hank? A. NMAP B. RedButton C. TraceRT D. WS_Pro
22.
David uses HP OpenView to manage his network How could he make his network more secure? (Choose 2): A. Upgrade to SMS B. Upgrade the underlying protocol to SNMPv3 C. Use the SNMPUTIL to secure the registry D. Change default settings and passwords
23.
Randy, acting as a security auditor, wants to discover elements of a network that are using SNMPv1 with default installation options. What application could Randy use to discover managed devices and their settings? (Choose all that apply): A. PingPro B. SMS C. HP Openview D. SNMPUTIL E. BorderManager
24.
Larry needs to discover all the vulnerabilities of a WAN. What grade of network scanner would Larry need and what are some examples? A. Grade: Enterprise level B. Grade: WAN C. Grade: Internet D. Examples: Web Trends Security Analyzer Enterprise Edition and ISS Internet Scanner Enterprise Edition.
E.
Examples: WS Ping Pro Pack Internet Edition, Black Ice Wide Area Edition
25.
Larry is conducting a heavy security scan of a medium-sized company. How long might this scan take, and what factors might affect the speed? A. Time: Several minutes B. Time: Several hours C. Time: Several days D. Factors: Speed of the network, and speed of the processor on the computer running the probe E. Factors: Available memory and proximity to the corporate backbone of the computer running the scan.
26.
Larry is a security consultant conducting a heavy security scan of a medium-sized company. What warning should Larry give to management? (Choose the best answer) A. I may well discover all your passwords B. This may take a while C. Individual hosts may be overwhelmed D. This may introduce a backdraft E. The alarms on your firewall may go off
27.
Using ISS Internet Scanner, Larry is doing security scans for a multi-national company with a 100 locations. They want to compare and contrast security risks at the various locations. Larry should export the results of the security scan into the following format: (Choose the best answer) A. ASCII B. HTML C. RTF D. Excel E. PPT
28.
In choosing his enterprise grade of networking scanning software, Larry want to pick software that is optimized for NT 4.0 and Windows 2000. Which package should Larry choose? A. ISS Internet Scanner Enterprise Edition B. Axent NetRecon C. CyberCop Scanner D. Webtrends Security Analyzer Enterprise Edition
29.
Mick wants to guard against social engineering attacks including fraudulent emails and fraudulent telephone calls. What is Mick's best weapon? A. End-user education B. The corporate intranet C. Firewall D. Receptionist training E. Inbox rules
30.
How does a hacker usually pick a target? (Choose 2): A. System with the weakest security B. Highest value system C. System for which the hacker has the most tools. D. System with networking E. Web server
31.
Jake has instituted an intrusion detection system. It looks for a particular signature or fingerprint of an attack. Of the below attacks, which is best detected by an intrusion detection system? (Choose the best answer): A. Dictionary attacks B. Man-in-the middle-attacks C. Hijacking attempts D. Viruses E. Illicit servers
32.
Jake has instituted strong encryption and authentication. Of the below attacks, which two are best neutralized either strong encryption or authentication? (Choose the best answer): A. Dictionary attacks B. Man-in-the-middle attacks C. Hijacking attacks D. Viruses E. Illicit servers
33.
Jake wants to safeguard against viruses. What measures should Jake take? A. Obtain and use custom anti-virus software B. Update the virus definitions on a regular basis C. Educate users D. Place antivirus software on servers E. Place antivirus software on end-user systems
34.
Jake wants to secure his routers. What are some important security precautions. A. Use a strong password B. Disable Telnet C. Physically secure routers D. Disable SNMP E. Disable BGP
35.
Jake has prepared a batch file to quickly reconfigure his routers in case of an attack by Tribal Flood Network or Stacheldraht. What type or attack is Jake defending against? A. Bandwidth consumption attacks B. Routing table attacks C. Poison-reverse attacks D. Split-horizon attacks E. OSPF spoofing attacks
36.
Jake wants to protect customer credit card numbers. What steps should Jake take? A. Use SSL B. Encrypt the credit card database C. Physically secure the database server D. Use PayPal E. Use an escrow service
37.
Jake wants to minimize spam on his network, yet still allow his mobile users to send email through his email domain. Jake also wants to be able to send secure email between his network and trusted suppliers. What measures should Jake take? A. Jake should stop his servers from relaying any messages and get his
mobile users separate email accounts with a national ISP. Jake should only allow relay for his mobile users connecting from certain IP addresses C. Jake should install and Pretty Good Privacy to encrypt sensitive email D. Jake should use a masquerade domain. B.
38.
Sarah wants to protect against hostile takeovers of her servers. She wants to defend against back--door programs such as Netbus, BackOrifice, and Masters of Paradise. What measures should Sarah take? A. Update virus protection programs B. Checksum analysis of targeted Trojan files C. Open port detection D. Root kit debuggers
39.
Murdock works the graveyard shift at WaffleHouse headquarters. He helps monitor their network 24 by 7. Sometimes business is slow. He installs the game Quake on the Network Management Station to pass the time and keep him awake in the middle of the night. What repercussion might this have? (Choose the best answer): A. He has installed a backdoor to the network B. He is consuming bandwidth C. He is consuming memory D. Quake crashes SNMP UDP packets E. Quake interferes with security audits
40.
Linus is working on the most stable version of Linux ever. This version will close the most pressing security concern today in Linux/Unix security. This behavior has been exploited by C and C++ programmers to the detriment of Linux/Unix security. What feature is Linus adding? A. Buffer overflows B. Memory protection C. Shadow password files D. Cache wiping
41.
Mary wants to protect against denial-of-service attacks. What measures should Mary take? A. Installing appropriate security patches. B. Installing stable and well-tested versions of servers, services and applications. C. Enhancing the security awareness and debugging capabilities of any who provide custom applications for your organization. D. Always installing the latest service pack.
42.
Marty installs a firewall and intrusion detection system that can remember activity for the past month. Why is this an important feature? (Choose 2): A. For a period of weeks, hackers may work a very short time each day on each system being attacked. B. If an intrusion is detected, it may be traced back to the point of origin. C. The intrusion detection system can establish a baseline over time in order to identify abnormal activity. D. Hackers may use a variety of tools and methods on different days.
43.
George keeps the server room secure with a keypad lock, video camera and alarm system. He uses special one way locking screws on the file servers so the case cannot easily be popped off. He uses security strips on the inside of the file server
and on major components and a detection system like those found at Wal-Mart exits. On his servers, George changes the boot order in BIOS to always boot off the hard drive and he protects BIOS with a password. He also has a pager, email, and netsend alert set to go off if the file server is rebooted. What is George protecting against? (Choose all that apply): A. Someone popping out the hard drive and making off with it unnoticed. B. Someone using a boot disk from another OS to crack password files. C. Someone installing a subversive program on the file server and then rebooting to enable the program. D. Someone using a brute force attack against the file server. 44.
Mark sends a virtually irresistible free trial software offer to targeted users at www.free-florida.com. Users create their own username and password to log into Mark's Website, and download the free patriotic screensavers program and to signup for free Florida flags. A month later the users haven't gotten their flags and their Website have been vandalized. What happened? A. Mark did a social engineering attack B. The screensaver program could have contained a Trojan horse program C. Some users used their same network login for their free trial software login. D. Mark used an illicit server attack E. Mark failed to get additional venture capital in his second round of funding to cover the cost of flags.
45.
Eric is able to hack the credit card database at MoreMusic.com. The NT user passwords are complex and consist mainly of the initials of record artists and the initials of their first hit record and the year of their first hit record. They have applied a strong password policy applying a patch from the NT resource kit. How was Eric able to hack the credit card database? What happened? A. The SA password is blank or set to password. B. The administrator account wasn't renamed C. The hacker was a music affectionato D. The patch was a Trojan.
46.
www.Web-Dates.com requires its members to purchase video cams so they can't fake their looks too easily. They are worried about a disgruntled customer coming off a bad date and attacking their Website. They have enabled ICMP packet filtering on their firewall. What types of attacks are www.Web-Dates.com protecting against? A. Ping of death B. Standup attack C. Land attack D. Smurf attack E. Fraggle attack
47.
Frank wants to monitor new account creation in NT. What can Frank do? A. He can create a batch file that runs at a particular time that appends the user database to a text file. B. He can audit user and group management C. He can audit the SAM D. He can install intrusion detection software
48.
George is a salesman for www.PreArrangements.com. He is leaving the company to go to work for a competitor that has a better cradle-to-grave benefit package. He does not have administrative privilege, but he wants to create a bogus account dletterman with a password of 2!Knight. How could George do this? (Choose all
that apply): A. He could create a batch file and put it is the administrator's startup folder B. The batch file should be as follows: C. net user dletterman 2!Knight /add D. net localgroup administrators dletterman /add E. The batch file should be as follows: F. net user dletterman /add 2!Knight G. net localgroup administrators dletterman /add 2!Knight H. He could use the scheduler to run a batch file service on a machine that the administrator uses. 49.
www.WebSites.com is an Internet hosting company. For backward compatibility the developers there make sure that newly created Websites will display properly in older browsers. On the developers' boxes the pre-production Websites are hosted. One of these Websites is for a political action group. This website is hacked before it even gets off the ground. An ASP object is replaced with a Trojan that collects information about Website visitors. What happened and how can this be prevented? A. Web browsers have security problems that often need to be patched. B. The development Websites should be on a separate box. C. The development Websites should use domain blocking so only certain IP addresses or domain names can have access. D. Older browsers should not be used.
50.
George's 14 year old daughter goes to www.l0pht.com and downloads L0phtCrack. She goes to work with George for the Christmas Party. George allows her to play games on his computer while he is in a meeting before the party. She hacks the company's PDC user accounts database. How could she have done that? A. Steroids B. She ran the program against the IP address of the domain controller. C. She ran the program against the ERD. D. She ran the program against the copy of the SAM in the domain controllers \winnt\repair E. She ran the program against the cached user accounts on the local computer in the \winnt\system32\config directory.
51.
Jack is an auditor, he wants to see how long it would take a hacker to break the user accounts database in the /etc/shadow directory of a Unix box, Snoppy1. What tools could Jack use? A. Jack the Ripper B. Crack C. Net Recon D. ISS Internet Scanner E. Crackfile Light0
52.
Jerry is the Webmaster for ResearchDogs.com. He suspects that is suspicious that he hasn't had any hits all morning. He browses to his Website and is redirected to Adopt-a-Pet.com. What can Jerry do to troubleshoot his problem? A. Check with Internic to see if his DNS registration has been changed. B. Do an NSLookup on www.ResearchDogs.com using one of the root DNS servers listed in the cache.dns file. C. In your browser, put the IP address for www.ResearchDogs.com and see if he is redirected. D. In IIS check the Home Directory Property sheet on the ResearchDogs.com website
53.
Jerry just landed a small but confidential government contract. He underbid an established competitor in a fierce competition. Not much later, his server is hacked. Who is the most likely suspect and why? A. His competitor to get competitive bidding information. B. A hacker to get Jerry's logon to the government server. C. The government to audit his security D. His competitor to sabotage his work.
54.
Mike hacked into a competitor's Website to get his client list. How could he cover his tracks? (Choose 3): A. Erase log files B. IP spoofing C. Port redirection D. Clearing the pagefile on shutdown E. Erasing temporary files
55.
Mark is a security auditor, he does a port scan on AvengerMotors.com's Web, email, and SQL servers and discovers that the following port are being used: 21, 80, 25, 110, 1433, 12345 and 12631. What can he deduce? (Choose the best answer): A. His email server is a POP3 vice IMAP B. SQL is up and running C. The server with ports 12345 and 12631 open is infected with NetBus D. FTP is up and using ephemeral ports out of the well known port range E. His network is being scanned by another port scanner
56.
Mark is a security auditor, he does a port scan on AvengerMotors.com's Web, email, and SQL servers and discovers that the following port are being used: 21, 80, 25, 110, 1433, 12345 and 12631. He deduce that the server with ports 12345 and 12631 open is infected with Netbus. He attempts to delete Netbus.exe, Patch.exe and Keyhook.dll to no avail, because these files are in use. What other attempts can he make to delete these files? A. Connect to the infected server with Telnet to port 12345 and execute the command RemoveServer;1; B. In Task Manager stop the service or services that Netbus is running and then delete the files. C. Boot to another OS that can see the files and delete them. D. Use the Netbus client and click on the Remove Server button E. Boot to safe mode and then use Add/Remove Programs.
57.
Sarah and Jerry work together on a computer help desk. They are dating. Just before Valentines day, Sarah discovers that Jerry is fooling around. She has pictures of Jerry and the Boss, Mimmie together. Mimmie is giving a PowerPoint presentation to upper management later that day. Sarah wants to secretly insert a compromising picture into the presentation. What two hacker tools could Sarah use? A. BackOrifice 2000. B. Dead Cow C. Netbus D. John the Ripper E. WS_PingPro
58.
Mike wants to be able to capture the keystrokes of his wife who is up late at night on the Internet. What program can he infect his wife's computer with?
A. B. C. D. E.
Netbus BackOrifice Crack Jack the Ripper Shafted
59.
The response speed of the network has slowed considerably since a new contingent of interns have been working this Summer. Mark wants to see if any of the interns are downloading large files off the Internet unrelated to their duties at work. Which intrusion detection programs could Mark install that would monitor a host's network and Internet access and could even forbid Internet access? (Choose 3): A. e-Trust Intrusion Detection B. Axent Intruder Alert C. ISS RealSecure D. HP-UX Enterprise Intrusion Detection E. WebTrends ID
60.
Eric is considering buying Computer Associates e-Trust Intrusion Detection System. Foe what purposes could this intrusion detection system be used? A. To hack a network B. To trace an attack C. To manage routers D. To log, report, and forbid almost any form of network access.
61.
Eric is using a state of the art IDS with alarms set to go of at the slightest intrusion. How might a hacker take advantage of that? A. Denial-of-service attack B. Fake IDS attack C. Hack the IDS to alarm on itself D. Man-in-the-middle attack
62.
Jerry wants to purchase a network based intrusion detection system because he is on a single, unswitched LAN. What benefits does a network based IDS provide? (Choose 2): A. Only one program has to be installed on one host B. No significant additional network traffic C. Excellent protection against scans and denial of service attacks. D. Excellent protection against illegimate account upgrades, policy tampering, and log file manipulation. E. Scalable
63.
Frank is preparing to install an Intrusion Detection Software manger program on the most appropriate box. Which host would be the best choice for this? A. PDC B. NT Workstation C. Dual homed computer D. Firewall E. NT stand-alone server.
64.
Larry is trying to place IDS agents in optimal locations. What guidelines should he follow? (Choose 3): A. One agent per one host B. Agents on critical resources
C. D. E.
Agents on temporary worker hosts Agents on the firewall Agents on LAN and WAN backbones, including routers and switches
65.
Sam is auditing IDS agent to manager communications. What is SAM looking for? (Choose 2): A. Encrypted communications B. Use of a roving port number C. Usernames and passwords changed from their defaults D. Port hopping E. Trapping
66.
Sam wants to increased the effectiveness of an IDS against a new threat. He should? (Choose the best answer): A. Download the latest service pack B. Create a new rule C. Create a new action D. Update the IDS server engine
67.
Sam buys Intruder Alert (ITA) and recommends it to all the folks at his Network Professional Associates meeting. What benefits does Sam cite? (Choose two): A. ITA works well in heterogeneous network environments. B. ITA works well in homogeneous network environments. C. ITA distributes its management architecture D. ITA consolidates its management architecture
68.
Sam buys Intruder Alert (ITA) and recommends it to all the folks at his Network Professional Associates meeting. They ask if there are any tricks to its configuration. He mentions that? (Choose the best answer): A. Either a DNS server with a forward lookup zone or a lmhosts or hosts file with valid entries is required. B. Either a DNS server with a CNAME record or a lmhosts or hosts file with valid entries is required. C. Either a DNS server with reverse lookup or a lmhosts or hosts file with valid entries is required. D. Either a DNS server with a HINFO record or a lmhosts or hosts file with valid entries is required. E. Either a DNS server with a MX record or a lmhosts or hosts file with valid entries is required.
69.
Terry is trying to strike the right balance in how much he audits. What considerations might Terry take into account? (choose the best answer): A. Only monitor failures B. Only monitor at night C. You can't log too much D. If you log too little then you might have insufficient information.
70.
Irwin is auditing firewall and router logs. What might Irwin look for by way of useful information. A. Suspicious ports B. Suspicious gateways C. Non-productive protocols used D. Source and destination interfaces and hosts
71.
71. After a major software upgrade, Peter is inspecting the operating system logs in Unix. He notices that no events have been logged in the last day. What might be the problem? (Choose 2): A. B. C. D. E.
72.
The inetd.conf file might be have been changed so the syslogd daemon is not started automatically The /var/log/lastlog file might be on a partition that ran out of space The /etc/syslog.conf file might have been deleted The Syslogd daemon might be stopped. The new program could have overwritten the DNS zone information.
72. Peter wants to scan the Linux server logs for shutdowns and restarts, and user logins. What command should Peter execute and what log will be scanned? A. B. C. D.
Last, /var/log/current Log, /etc/log/current Log, /var/log/lastlog Last, /var/log/lastlog
73.
Peter wants to scan the Linux server logs for only failed logon attempts. What command should Peter execute? A. lastf B. logf C. lastb D. lastlog E. log -u
74.
Peter notices a security breech in the middle of the night. Peter wants to scan the Linux server logs for users who have logged in last. What command should Peter execute? A. Last B. Lastb C. Loglast D. Ulog E. Lastlog
75.
Peter enables auditing on a NT 4.0 Server. Which log would Peter look at to see failed logon events? A. System B. Security C. Application D. User E. Server
76.
Peter enables auditing in NT 4.0 and wants to check for NT restarts in the middle of the night that might indicate hacker activity. What log should Peter check and what event number should Peter check? A. Security, event 529 B. Security, event 6005 C. System, event 6005 D. System, event 529
77.
Peter enables auditing in NT 4.0 and wants to check for unsuccessful logins in the middle of the night that might indicate hacker activity What log should Peter check
middle of the night that might indicate hacker activity. What log should Peter check and what event number should Peter check? A. Security, event 529 B. Security, event 6005 C. System, event 6005 D. System, event 529 78.
Peter wants to determine the NT server uptime to see if anyone has rebooted the server recently. What utility could Peter download from what location? A. Uptime1.exe from www.tucows.com B. Clock from www.adp.com C. Chonos from ww.chronos.com D. Uptimei.exe from www.microsoft.com E. Time from ww.msn.com
79.
On a Unix server Eric wants to see the host name and IP address of remote logins. What command should Eric execute? A. Last -id B. Hostname -ad C. Hostname -id D. Last -ad
80.
Alice's FTP server has been compromised. She wants to view any FTP service messages. What command should Alice execute? A. host# cat /var/log/messages/ftp B. host# ls /var/log/messages | grep ftp C. host# ls /var/log/messages/ftp D. host# cat /var/log/messages | grep ftp
81.
Sarah is briefing her replacement Missy on what she would consider suspicious activity. What three suspicious activities might Sarah point out? A. The system slows down at 9 AM every day B. A user attempts to log on at 2 AM every day for two weekHe isn't successful. C. The PDC is restarted at 5 AM. D. At 10 AM, 12 noon and 3 PM the system slows down for no apparent reason. E. The system slows down at midnight every day.
82.
Which of these events should be investigated by Mario, the System Administrator? A. Missing disk space B. Rapidly filling disk space C. Security logs running out of space D. Security logs that have been cleared E. Any alterations to the registry
83.
Mario is concerned that a hacker who has entered the control stage could clear the server logs. What precautions could Mario take? A. Making the log files read only B. Transfer logs to a different machine for storage. C. Scheduling hard copy backups. D. Replicating logs to a writable CD-ROM drive E. Encrypting the log files
84.
Kevin just finished his audit report and is presenting it to management. What three main points will Kevin address? A. Strengthening encryption B. Guarding against virus, worm and Trojan infections C. Strengthening auditing D. Specific and wide changes and improvements E. Physical security
85.
Kevin just finished his audit report and is presenting it to management. What changes and improvements might Kevin suggest? A. Reconfiguring routers B. Dead Gateway detection C. Hidden IP addresses D. Adding or reconfiguring firewall rules E. Upgrading the OS patch level
86.
Kevin just finished his audit report and is presenting it to management. What changes and improvements might Kevin suggest? A. Improving network auditing B. Upgrading rsh and rlogin C. Upgrading older or less secure services D. Upgrading the TCP/IP stack E. Decentralizing the administration of internal and network security.
87.
Kevin just finished his audit report and is presenting it to management. What changes and improvements might Kevin suggest? A. Adding a firewall proxy B. Improving physical security C. Improving anti-virus scanning D. Upgrading to Whistler as soon as it becomes available E. Adding intrusion-detection systems
88.
Kevin just finished his audit report and is presenting it to management. What changes and improvements might Kevin suggest? A. Consolidation of services on the firewall B. Enhancing user-level encryption C. Conformance to system defaults D. Removing unnecessary accounts, applications, servers and services. E. Improving patch levels
89.
Kevin's boss works from home on a NT 4.0 workstation. Their company pays for a cable modem. What measures might Kevin recommend to enhance security? A. Put the boss' computer behind the corporate firewall B. Install a personal firewall C. Install anti-virus software D. Disable the workstation service on the NT 4.0 workstation E. Disable the server service on the NT 4.0 workstation
90.
In his audit report, Kevin recommends upgrading physical security in the server room. What important points could Kevin make about how someone with unsupervised access could compromise a server? A. They could install a bogus keyboard with a built-in keylogger program. B. They could pop open the keyboard and install a chip that could intercept
C. D. E.
keystrokes. They could pop out the hard drive on the server They could copy the SAM file to a floppy disk for later analysis They could steal software from the server room.
91.
Kevin is completing his audit report. What important points could he make in favor of doing audits on a regular basis? A. IDS rules should regularly be updated B. New systems that need protection should be identified C. Virus definitions need to be updated D. Packet filter and firewall rules need to be updated regularly
92.
Kevin is putting the finishing touches on an audit report. What elements might his security audit report include? A. An estimate of how long it would take a casual, experienced or professional hacker to enter the system. B. An overview of existing security. C. A detailed outline of procedures used during the audit. D. A summary of recent hacking exploits against similarly configured systems. E. A summary of important recommendations
93.
Kevin is putting the finishing touches on an audit report. What elements might his security audit report include? A. Recommendations about various network elements B. A discussion of physical security C. A discussion of recent security trends D. A discussion of terms and languages used in the security auditing field.
94.
Kevin needs help in compiling an audit report. Which international standards have sections that would help Kevin write an audit report? (Choose 3): A. CC B. CC 7799 C. BS 7799 D. BS 7498-2 E. ISO 7498-2
95.
Using the Common Criteria Evaluation Assurance Level (EAL) by merely examining a product's documentation what EAL level can Kevin as a security auditor assign to a system? A. 1 B. 2 C. 3 D. 7 E. 10
96.
Using the Common Criteria Evaluation Assurance Level (EAL) the CIA wishes to reach the highest EAL possible. Their systems must be proven to withstand the most sophisticated attacks for an indefinite period of time. What EAL must they reach? A. 1 B. 2 C. 3 D. 7 E. 10
97.
Using the Common Criteria Evaluation Assurance Level (EAL) by having a qualified developer perform "structural testing" of a product, what is the highest EAL level can be assigned to a system? A. 1 B. 2 C. 3 D. 7 E. 10
98.
Kevin wants to defend against Smurf attacks against a router. What should he configure or disable of the router? (Choose the best choice): A. Kevin should make sure that the router is RFC 1542 compliant. B. Kevin should institute ingress and outgress filtering C. Kevin should disable broadcast filtering D. Kevin should disable ICMP
99.
Kevin wants to configure his routers to route outgoing packets only if they have valid internal IP addresses. What should he configure or disable of the router? (Choose the best choice): A. Ingress and egress filtering B. IP filtering C. Reverse lookup D. Packet -evel filtering
100. Bruce wants to detect and punish hackers with a counterattack if they try to download his software for free. He creates a server as an open target. On this server he includes the following: (Choose all the valid items): A. Fake databases, and fake downloadable files. B. Firewall configuration that automatically places hackers into a fake network C. Physical line traces D. Packet traces E. Cooked IP packets Answers 1.
*C. Security manager *D. Consultant Explanation: Jack acts as a security manager and as a consultant, probing the network from inside and outside the firewall. Security Auditing, Attacks, and Threat Analysis, Lesson1: Security Auditing
2.
*B. It is realistic as a disgruntled employee could be trying to hack important files. *C. It is realistic in that most of the compromises of the network security stem from within the network. Explanation: This is realistic. Security Auditing, Attacks, and Threat Analysis, Lesson1: Security Auditing
3.
*A. Check for a written security policy
Explanation: Jack will check for a written security policy. Security Auditing, Attacks, and Threat Analysis, Lesson1: Security Auditing 4.
*B. Design *C. Procedure *D. Policy Explanation: The three elements of security policy are design, procedure and policy. Security Auditing, Attacks, and Threat Analysis, Lesson1: Security Auditing
5.
*B. Analyze, categorize and prioritize resources - Phase 2 Explanation: Jake is in Phase 2 - analyze, categorize and prioritize resources Security Auditing, Attacks, and Threat Analysis, Lesson1: Security Auditing
6.
*A. Network resources *B. Server resources Explanation: Network resources and server resources are the most threatened. Security Auditing, Attacks, and Threat Analysis, Lesson1: Security Auditing
7.
*A. Routers and switches *B. Firewalls *C. Network hosts Explanation: HTTP servers, and Security account databases are server resources, as are information databases, SMTP and FTP servers. Security Auditing, Attacks, and Threat Analysis, Lesson1: Security Auditing
8.
*A. Department Explanation: The databases of the HR and R&D departments might be a more inviting target for a hacker than other databases. Organizational structure should be used to categorize resources. Security Auditing, Attacks, and Threat Analysis, Lesson1: Security Auditing
9.
*A. Bandwidth consumption *C. Faulty firewall configuration *D. Systems attacked that are placed outside the firewall Explanation: Jake wants to place as many systems as possible inside the firewall. He wants to strengthen the firewall and he wants to protect against denial of service attacks.
Security Auditing, Attacks, and Threat Analysis, Lesson1: Security Auditing 10.
*B. He will have to install software on the hosts that are being managed across a switch. *C. He must use a host-based scanner Explanation: Jake must install software on hosts to be managed across a switch. This is a host-based model. Security Auditing, Attacks, and Threat Analysis, Lesson1: Security Auditing
11.
*A. Discovery Explanation: Discovery is the first phase. In this phase Bernie will scan and test the systems for effective security. Security Auditing, Attacks, and Threat Analysis, Lesson1: Security Auditing
12.
*C. Penetration Explanation: Bernie has penetrated the network. Security Auditing, Attacks, and Threat Analysis, Lesson1: Security Auditing
13.
*C. Control Explanation: Bernie has reached the control phase. Security Auditing, Attacks, and Threat Analysis, Lesson1: Security Auditing
14.
*A. Whois *B. NSLookup Explanation: David would use Whois to get the name of the DNS Server and then try to use nslookup to get a zone transfer. Security Auditing, Attacks, and Threat Analysis, Lesson 2: Discovery Methods
15.
*A. host -t mx corp.com *D. server ns1.corp.com Explanation: He should go to a command prompt and type NSLookup and then hit enter. Then he should type server ns1.corp.com and hit enter. Finally, he should type host -t mx corp.com and hit enter. Security Auditing, Attacks, and Threat Analysis, Lesson 2: Discovery Methods
16.
*E. Tracert or traceroute Explanation: Traceroute in Unix/Linux or tracert in NT is the command he needs.
Security Auditing, Attacks, and Threat Analysis, Lesson 2: Discovery Methods 17.
*A. Network IP addresses *B. Host names Explanation: Using ping scan software such as Rhino9 Pinger or WS_Ping Pro pack a hacker can discover valid IP addresses and their associated host names. Security Auditing, Attacks, and Threat Analysis, Lesson 2: Discovery Methods
18.
*A. 131.107.2.1 is an email server *C. 131.107.2.2 is a FTP and Web server *E. 131.107.2.3 is a DNS server Explanation: David can tell all of that by port numbers. Security Auditing, Attacks, and Threat Analysis, Lesson 2: Discovery Methods
19.
*A. TCP and UDP ports 135. *B. UDP ports 137,138, and 139. Explanation: David wants to disable TCP and UDP ports 135 (RPC), and UDP ports 137,138, and 139 (NetBIOS). Security Auditing, Attacks, and Threat Analysis, Lesson 2: Discovery Methods
20.
*B. Stack fingerprinting Explanation: Stack fingerprinting discerns between slightly different renditions of TCP/IP. NMAP is a popular TCP/IP fingerprinting engine. Security Auditing, Attacks, and Threat Analysis, Lesson 2: Discovery Methods
21.
*B. RedButton Explanation: RedButton does a share scan and a scan for any share passwords and the name of the administrative account. Security Auditing, Attacks, and Threat Analysis, Lesson 2: Discovery Methods
22.
*B. Upgrade the underlying protocol to SNMPv3 *D. Change default settings and passwords Explanation: In conjunction with HP OpenView, David should use SNMPv3 and change the default settings and passwords. Security Auditing, Attacks, and Threat Analysis, Lesson 2: Discovery Methods
23.
*A. PingPro
*B. SMS *C. HP Openview *D. SNMPUTIL Explanation: Managewise is Novell's SNMP management software. PingPro would require the SNMP add on software. SNMPUTIL would be arduous to use effectively. SMS, HP Openview, and Managewise would have a considerable cost unless you stole the program and hacked the code, but isn't that what some people do for kicks? All would use the default community name of Public. Security Auditing, Attacks, and Threat Analysis, Lesson 2: Discovery Methods 24.
*A. Grade: Enterprise level *D. Examples: Web Trends Security Analyzer Enterprise Edition and ISS Internet Scanner Enterprise Edition. Explanation: Larry would need an enterprise edition scanner. Security Auditing, Attacks, and Threat Analysis, Lesson 2: Discovery Methods
25.
*C. Time: Several days *D. Factors: Speed of the network, and speed of the processor on the computer running the probe Explanation: The heavy scan could take several days. The box that does the scanning should have a fast processor. Security Auditing, Attacks, and Threat Analysis, Lesson 2: Discovery Methods
26.
*C. Individual hosts may be overwhelmed Explanation: While the scan will take a while, and while passwords may be discovered, what may be eye-opening to management is that the network will slow down and individual hosts may become overwhelmed by the scan. It is better to forewarn management. Security Auditing, Attacks, and Threat Analysis, Lesson 2: Discovery Methods
27.
*D. Excel Explanation: Larry should export the data into Excel. Security Auditing, Attacks, and Threat Analysis, Lesson 2: Discovery Methods
28.
*B. Axent NetRecon Explanation: Axent NetRecon is optimized for NT. Security Auditing, Attacks, and Threat Analysis, Lesson 2: Discovery Methods
29.
*A. End-user education Explanation: End-user education is the best defense against social engineering. Security Auditing, Attacks, and Threat Analysis, Lesson 2: Discovery Methods
30.
*A. System with the weakest security *C. System for which the hacker has the most tools. Explanation: The hacker usually picks the system with the weakest security and/or the system for which the hacker has the most tools. Security Auditing, Attacks, and Threat Analysis, Lesson 3: Auditing Server Penetration and Attack Techniques
31.
*A. Dictionary attacks Explanation: An IDS can best detect a dictionary attack. Security Auditing, Attacks, and Threat Analysis, Lesson 3: Auditing Server Penetration and Attack Techniques
32.
*B. Man-in-the-middle attacks *C. Hijacking attacks Explanation: Strong encryption is the best defense against man-in-the-middle attacks. Strong authentication is the best defense against hijacking attacks. Security Auditing, Attacks, and Threat Analysis, Lesson 3: Auditing Server Penetration and Attack Techniques
33.
*B. Update the virus definitions on a regular basis *C. Educate users *D. Place antivirus software on servers *E. Place antivirus software on end-user systems Explanation: Jake should obtain commercial vice custom antivirus software. Security Auditing, Attacks, and Threat Analysis, Lesson 3: Auditing Server Penetration and Attack Techniques
34.
*A. Use a strong password *B. Disable Telnet *C. Physically secure routers *D. Disable SNMP Explanation: Jake should use a strong password on his routers, physically secure them,
disable Telnet and disable SNMP. Security Auditing, Attacks, and Threat Analysis, Lesson 3: Auditing Server Penetration and Attack Techniques 35.
*A. Bandwidth consumption attacks Explanation: Jake is defending against a bandwidth consumption attack. Security Auditing, Attacks, and Threat Analysis, Lesson 3: Auditing Server Penetration and Attack Techniques
36.
*A. Use SSL *B. Encrypt the credit card database *C. Physically secure the database server Explanation: Jake should use SSL, encrypt the credit card database, and physically secure the database server. Security Auditing, Attacks, and Threat Analysis, Lesson 3: Auditing Server Penetration and Attack Techniques
37.
*B. Jake should only allow relay for his mobile users connecting from certain IP addresses *C. Jake should install and Pretty Good Privacy to encrypt sensitive email Explanation: Jake should only allow relay for his mobile users connecting from certain IP addresses, and Jake should install and Pretty Good Privacy to encrypt sensitive email. Security Auditing, Attacks, and Threat Analysis, Lesson 3: Auditing Server Penetration and Attack Techniques
38.
*A. Update virus protection programs *B. Checksum analysis of targeted Trojan files *C. Open port detection Explanation: Sarah should update virus protection programs and use checksum analysis and open port detection. Security Auditing, Attacks, and Threat Analysis, Lesson 3: Auditing Server Penetration and Attack Techniques
39.
*A. He has installed a backdoor to the network Explanation: Some versions of Quake install a backdoor. Security Auditing, Attacks, and Threat Analysis, Lesson 3: Auditing Server Penetration and Attack Techniques
40.
*B. Memory protection
Explanation: Linus could protect against buffer overflows if he is able to protect memory that is allocated to other applications, so that malicious applications may not put malicious code into their memory space. Security Auditing, Attacks, and Threat Analysis, Lesson 3: Auditing Server Penetration and Attack Techniques 41.
*A. Installing appropriate security patches. *B. Installing stable and well-tested versions of servers, services and applications. *C. Enhancing the security awareness and debugging capabilities of any who provide custom applications for your organization. Explanation: New patches or service packs should only be installed if they meet a particular security need or address a vulnerability of your system. Security Auditing, Attacks, and Threat Analysis, Lesson 3: Auditing Server Penetration and Attack Techniques
42.
*A. For a period of weeks, hackers may work a very short time each day on each system being attacked. *D. Hackers may use a variety of tools and methods on different days. Explanation: To correlate a few bad logon attempts for a few days in a row with a port scan a week later Marty requires an intrusion detection system that collects and analyses data over a long period of time. Security Auditing, Attacks, and Threat Analysis, Lesson 3: Auditing Server Penetration and Attack Techniques
43.
*A. Someone popping out the hard drive and making off with it unnoticed. *B. Someone using a boot disk from another OS to crack password files. *C. Someone installing a subversive program on the file server and then rebooting to enable the program. Explanation: Physical security is important. really major hackers are also break-in artists. Security Auditing, Attacks, and Threat Analysis, Lesson 3: Auditing Server Penetration and Attack Techniques
44.
*A. Mark did a social engineering attack *B. The screensaver program could have contained a Trojan horse program *C. Some users used their same network login for their free trial software login. Explanation: Beware of strangers bearing gifts. Security Auditing, Attacks, and Threat Analysis, Lesson 3: Auditing Server Penetration and Attack Techniques
45.
*A. The SA password is blank or set to password. Explanation: Eric was able to hack the SQL 7.0 server using standard security with the System Administrator, SA account. This account must be protected along with other accounts that are independent of the networking OS security accounts. Security Auditing, Attacks, and Threat Analysis, Lesson 3: Auditing Server Penetration and Attack Techniques
46.
*A. Ping of death *C. Land attack *D. Smurf attack *E. Fraggle attack Explanation: Ping packets are one form of ICMP packets. Security Auditing, Attacks, and Threat Analysis, Lesson 3: Auditing Server Penetration and Attack Techniques
47.
*A. He can create a batch file that runs at a particular time that appends the user database to a text file. *B. He can audit user and group management Explanation: Frank can create a batch file that runs at a particular time that appends the user database to a text file. User and group management should also be audited, and Frank should be very suspicious if the audit log has been cleared. Security Auditing, Attacks, and Threat Analysis, Lesson 4: Security Auditing and Control Phase
48.
*A. He could create a batch file and put it is the administrator's startup folder *B. The batch file should be as follows: *D. He could use the scheduler to run a batch file service on a machine that the administrator uses. Explanation: The batch file should be as follows: ! net user dletterman 2!Knight /add ! net localgroup administrators dletterman /add Security Auditing, Attacks, and Threat Analysis, Lesson 4: Security Auditing and Control Phase
49.
*A. Web browsers have security problems that often need to be patched. *B. The development Websites should be on a separate box. *C. The development Websites should use domain blocking so only certain IP addresses or domain names can have access.
Explanation: In this case, the developers need to test the websites with older browsers. Security Auditing, Attacks, and Threat Analysis, Lesson 4: Security Auditing and Control Phase 50.
*B. She ran the program against the IP address of the domain controller. Explanation: She ran the program against the IP address of the domain controller. This works so long as her Father's computer is logged into the domain controller. Security Auditing, Attacks, and Threat Analysis, Lesson 4: Security Auditing and Control Phase
51.
*A. Jack the Ripper *B. Crack *C. Net Recon *D. ISS Internet Scanner Explanation: Jack can use auditor tools or hacker tools. Security Auditing, Attacks, and Threat Analysis, Lesson 4: Security Auditing and Control Phase
52.
*A. Check with Internic to see if his DNS registration has been changed. *B. Do an NSLookup on www.ResearchDogs.com using one of the root DNS servers listed in the cache.dns file. *C. In your browser, put the IP address for www.ResearchDogs.com and see if he is redirected. *D. In IIS check the Home Directory Property sheet on the ResearchDogs.com website Explanation: Jerry can do all the above to troubleshoot. He could buy a service that constantly checks his Website speed from various points around the country or the world and gives a speed rating to warn of bottlenecks or alarms on any service disruption. Security Auditing, Attacks, and Threat Analysis, Lesson 4: Security Auditing and Control Phase
53.
*B. A hacker to get Jerry's logon to the government server. Explanation: Jerry should inform the government. Often hackers want to penetrate your system because it enables them to access systems to which your network has access. Security Auditing, Attacks, and Threat Analysis, Lesson 4: Security Auditing and Control Phase
54.
*A. Erase log files *B. IP spoofing
*C. Port redirection Explanation: A good hacker tries to cover his tracks. Security Auditing, Attacks, and Threat Analysis, Lesson 4: Security Auditing and Control Phase 55.
*C. The server with ports 12345 and 12631 open is infected with NetBus Explanation: Netbus uses ports 12345 and 12631. Security Auditing, Attacks, and Threat Analysis, Lesson 4: Security Auditing and Control Phase
56.
*A. Connect to the infected server with Telnet to port 12345 and execute the command RemoveServer;1; *B. In Task Manager stop the service or services that Netbus is running and then delete the files. *C. Boot to another OS that can see the files and delete them. *D. Use the Netbus client and click on the Remove Server button Explanation: There are several ways to remove Netbus including using a boot disk that can see the partition with Netbus installed. If that is a NTFS partition, go to www.ntinternals.com for a boot disk that can see the NTFS partition. Security Auditing, Attacks, and Threat Analysis, Lesson 4: Security Auditing and Control Phase
57.
*A. BackOrifice 2000. *C. Netbus Explanation: Sarah could use BackOrifice or Netbus. Security Auditing, Attacks, and Threat Analysis, Lesson 4: Security Auditing and Control Phase
58.
*B. BackOrifice Explanation: BackOrifice includes a keylogger. Security Auditing, Attacks, and Threat Analysis, Lesson 4: Security Auditing and Control Phase
59.
*A. e-Trust Intrusion Detection *B. Axent Intruder Alert *C. ISS RealSecure Explanation: e-Trust Intrusion Detection, Axent Intruder Alert, and ISS RealSecure would perform this function.
Security Auditing, Attacks, and Threat Analysis, Lesson 5: Intrusion Detection 60.
*A. To hack a network *B. To trace an attack *D. To log, report, and forbid almost any form of network access. Explanation: Intrusion detection systems can also be used to hack a network; therefore, one task of an IDS is to check for the illicit presence of another IDS. Security Auditing, Attacks, and Threat Analysis, Lesson 5: Intrusion Detection
61.
*A. Denial-of-service attack Explanation: The hacker could attack the network from many places at many points and the Intrusion Detection System's alarms could become an unwitting participant in a denial-of-service attack. Security Auditing, Attacks, and Threat Analysis, Lesson 5: Intrusion Detection
62.
*A. Only one program has to be installed on one host *C. Excellent protection against scans and denial of service attacks. Explanation: A network based IDS is not very effective against illegimate account upgrades, policy tampering, and log file manipulation. A network IDS system is the way to go if you are on a small unswitched network. For larger networks, a more scalable solution, host based IDS is required. Security Auditing, Attacks, and Threat Analysis, Lesson 5: Intrusion Detection
63.
*B. NT Workstation Explanation: NT workstation is the easiest to harden OS. Security Auditing, Attacks, and Threat Analysis, Lesson 5: Intrusion Detection
64.
*B. Agents on critical resources *C. Agents on temporary worker hosts *E. Agents on LAN and WAN backbones, including routers and switches Explanation: Generally you would have up to 50 to 100 agents per manager. You wouldn't have an agent on a firewall. Security Auditing, Attacks, and Threat Analysis, Lesson 5: Intrusion Detection
65.
*A. Encrypted communications *C. Usernames and passwords changed from their defaults Explanation: Sam is looking for encrypted communications and usernames and
passwords that have been changed from their defaults. Security Auditing, Attacks, and Threat Analysis, Lesson 5: Intrusion Detection 66.
*B. Create a new rule Explanation: SAN should create a new rule. Security Auditing, Attacks, and Threat Analysis, Lesson 5: Intrusion Detection
67.
*A. ITA works well in heterogeneous network environments. *C. ITA distributes its management architecture Explanation: ITA works well in heterogeneous network environments with Novell, NT and Unix for instance. ITA distributes its management architecture so it is scalable. Security Auditing, Attacks, and Threat Analysis, Lesson 5: Intrusion Detection
68.
*C. Either a DNS server with reverse lookup or a lmhosts or hosts file with valid entries is required. Explanation: Either a DNS server with reverse lookup or a lmhosts or hosts file with valid entries is required by ITA which communicates using host names. Security Auditing, Attacks, and Threat Analysis, Lesson 5: Intrusion Detection
69.
*D. If you log too little then you might have insufficient information. Explanation: If you log too much, you could bog down your network and not easily be able to find important logged events. Security Auditing, Attacks, and Threat Analysis, Lesson 6: Auditing and Log Analysis
70.
*A. Suspicious ports *C. Non-productive protocols used *D. Source and destination interfaces and hosts Explanation: Irwin should scan for suspicious ports, non-productive protocols used (Real Player, ICQ, IRC etc.), and source and destination interfaces and hosts. Security Auditing, Attacks, and Threat Analysis, Lesson 6: Auditing and Log Analysis
71.
*A. The inetd.conf file might be have been changed so the syslogd daemon is not started automatically *B. The /var/log/lastlog file might be on a partition that ran out of space *C. The /etc/syslog.conf file might have been deleted *D. The Syslogd daemon might be stopped. Explanation: The syslogd daemon has to be running.
Security Auditing, Attacks, and Threat Analysis, Lesson 6: Auditing and Log Analysis 72.
*D. Last, /var/log/lastlog Explanation: Peter should type last and the contents of the /var/log/lastlog will be displayed. Security Auditing, Attacks, and Threat Analysis, Lesson 6: Auditing and Log Analysis
73.
*C. lastb Explanation: Lastb provides information about failed login attempts. Security Auditing, Attacks, and Threat Analysis, Lesson 6: Auditing and Log Analysis
74.
*E. Lastlog Explanation: Peter would use the lastlog command. Security Auditing, Attacks, and Threat Analysis, Lesson 6: Auditing and Log Analysis
75.
*B. Security Explanation: Peter should look in the Security log for events with a lock icon. Security Auditing, Attacks, and Threat Analysis, Lesson 6: Auditing and Log Analysis
76.
*C. System, event 6005 Explanation: Peter should check for event 6005 in the System log. Security Auditing, Attacks, and Threat Analysis, Lesson 6: Auditing and Log Analysis
77.
*A. Security, event 529 Explanation: Peter should check the Security log for event 529. Security Auditing, Attacks, and Threat Analysis, Lesson 6: Auditing and Log Analysis
78.
*D. Uptimei.exe from www.microsoft.com Explanation: Peter could search on Uptimei.exe at www.microsoft.com/TechNet. Security Auditing, Attacks, and Threat Analysis, Lesson 6: Auditing and Log Analysis
79.
*D. Last -ad Explanation: Last -ad would reveal the host name and IP address of remote logins. Security Auditing, Attacks, and Threat Analysis, Lesson 6: Auditing and Log Analysis
80.
*D. host# cat /var/log/messages | grep ftp Explanation: host# cat /var/log/messages | grep ftp would get the job done for Alice.
Security Auditing, Attacks, and Threat Analysis, Lesson 6: Auditing and Log Analysis 81.
*B. A user attempts to log on at 2 AM every day for two weeks. He isn't successful. *C. The PDC is restarted at 5 AM. *D. At 10 AM, 12 noon and 3 PM the system slows down for no apparent reason. Explanation: At 9 AM many users may be logging on to their workstations. At 12 midnight, backups may be running. Security Auditing, Attacks, and Threat Analysis, Lesson 6: Auditing and Log Analysis
82.
*A. Missing disk space *B. Rapidly filling disk space *C. Security logs running out of space *D. Security logs that have been cleared Explanation: The registry is updated on a regular basis Security Auditing, Attacks, and Threat Analysis, Lesson 6: Auditing and Log Analysis
83.
*B. Transfer logs to a different machine for storage. *C. Scheduling hard copy backups. *D. Replicating logs to a writable CD-ROM drive Explanation: Mario could send logs to a different machine for storage; and/or schedule hard copy printouts; and/or replicate logs to a writable CD-ROM drive. Security Auditing, Attacks, and Threat Analysis, Lesson 6: Auditing and Log Analysis
84.
*B. Guarding against virus, worm and Trojan infections *C. Strengthening auditing *D. Specific and wide changes and improvements Explanation: The three directions that Kevin's report will take are strengthening auditing; guarding against virus, worm and Trojan infections; and specific and wide changes and improvements Security Auditing, Attacks, and Threat Analysis, Lesson 7: Audit Results
85.
*D. Adding or reconfiguring firewall rules *E. Upgrading the OS patch level Explanation: Kevin might suggest reconfiguring routers, adding or reconfiguring firewall rules, and upgrading the OS patch level.
Security Auditing, Attacks, and Threat Analysis, Lesson 7: Audit Results 86.
*A. Improving network auditing *C. Upgrading older or less secure services *D. Upgrading the TCP/IP stack Explanation: Kevin might suggest improving network auditing, upgrading older or less secure services, and upgrading the TCP/IP stack. He would disable rather than upgrade rsh and rlogin, and Kevin should automate and centralize the administration of internal and network security. Security Auditing, Attacks, and Threat Analysis, Lesson 7: Audit Results
87.
*B. Improving physical security *C. Improving anti-virus scanning *E. Adding intrusion-detection systems Explanation: Kevin might suggest improving physical security, improving anti-virus scanning, and adding intrusion-detection systems. A patch or upgrade to the OS should not be added until it has been thoroughly tested and is stable and bug free. Security Auditing, Attacks, and Threat Analysis, Lesson 7: Audit Results
88.
*B. Enhancing user-level encryption *D. Removing unnecessary accounts, applications, servers and services. *E. Improving patch levels Explanation: System defaults should be changed. No other services should be hosted on the firewall. Security Auditing, Attacks, and Threat Analysis, Lesson 7: Audit Results
89.
*B. Install a personal firewall *C. Install anti-virus software *E. Disable the server service on the NT 4.0 workstation Explanation: On his boss' machine, Kevin should install antivirus software, a personal firewall such as Black Ice Defender, and he should disable the server service on the boss' computer so a hacker can't use that service to grab files from his boss' computer. Security Auditing, Attacks, and Threat Analysis, Lesson 7: Audit Results
90.
*A. They could install a bogus keyboard with a built-in keylogger program. *B. They could pop open the keyboard and install a chip that could intercept keystrokes.
*C. They could pop out the hard drive on the server *D. They could copy the SAM file to a floppy disk for later analysis Explanation: Stealing software wouldn't compromise the server unless it was the ERD. Security Auditing, Attacks, and Threat Analysis, Lesson 7: Audit Results 91.
*A. IDS rules should regularly be updated *B. New systems that need protection should be identified *D. Packet filter and firewall rules need to be updated regularly Explanation: While virus definition files do need to be updated, it doesn't take a regular scheduled audits to download the latest virus definitions. Security Auditing, Attacks, and Threat Analysis, Lesson 7: Audit Results
92.
*A. An estimate of how long it would take a casual, experienced or professional hacker to enter the system. *B. An overview of existing security. *C. A detailed outline of procedures used during the audit. *E. A summary of important recommendations Explanation: The audit would be specific to the firm being audited. Security Auditing, Attacks, and Threat Analysis, Lesson 7: Audit Results
93.
*A. Recommendations about various network elements *B. A discussion of physical security *D. A discussion of terms and languages used in the security auditing field. Explanation: The audit would be specific to the firm being audited. Security Auditing, Attacks, and Threat Analysis, Lesson 7: Audit Results
94.
*A. CC *C. BS 7799 *E. ISO 7498-2 Explanation: The Common Criteria, British Standard 7799, and ISO 7498-2 can help Kevin. Security Auditing, Attacks, and Threat Analysis, Lesson 7: Audit Results
95.
*A. 1
Explanation: The lowest Evaluation Assurance Level (EAL) is 1 Security Auditing, Attacks, and Threat Analysis, Lesson 7: Audit Results 96.
*D. 7 Explanation: The highest Evaluation Assurance Level (EAL) is 7. Security Auditing, Attacks, and Threat Analysis, Lesson 7: Audit Results
97.
*B. 2 Explanation: "Structurally Tested" is Evaluation Assurance Level (EAL) is 2. This testing may be performed by a developer. Security Auditing, Attacks, and Threat Analysis, Lesson 7: Audit Results
98.
*C. Kevin should disable broadcast filtering Explanation: Kevin should disable router replies to broadcasts. Security Auditing, Attacks, and Threat Analysis, Lesson 7: Audit Results
99.
*A. Ingress and egress filtering Explanation: Kevin wants to configure his routers with ingress and egress filtering. Security Auditing, Attacks, and Threat Analysis, Lesson 7: Audit Results
100. *A. Fake databases, and fake downloadable files. *B. Firewall configuration that automatically places hackers into a fake network *C. Physical line traces *D. Packet traces Explanation: Bruce can create fake databases, and fake downloadable files. He can set a firewall configuration that automatically places hackers into a fake network, and he can set up an IDS that automatically performs physical line traces and packet traces. Security Auditing, Attacks, and Threat Analysis, Lesson 7: Audit Results
