Bonus Chapter 17, 18
Which term is used to describe the ability to respond to a single point of failure on a network? RAID Fault tolerance Clustering Loopback QoS
Fault tolerance The ability to respond to a single point of failure on a network is called fault tolerance. Fault tolerance on servers involves hardware RAID, UPS systems, power conditioning, backups and clustering. Fault tolerance refers to making sure that devices are safe from any kind of problem that might occur with them. It carries with it the ideas of redundancy, backups, clustering, power conditioning, RAID and UPS systems that can keep computers up and running.
The Technical Services team prepares a drawing to document all network devices with their IP addresses, device names, and connection information.Which type of documentation does this represent? Inventory management document Rack diagram MDF documentation Physical network diagram
Physical network diagram This is an example of a physical network diagram. A physical network diagram shows the servers and network devices on a network with connections and relative device locations. A physical network diagram can use device stencils (device icons or drawings), diagram symbols, or both. This is meant to be a symbolic description of the network rather than an accurate scaling drawing.A rack diagram is a two-dimensional representation of organization of equipment in a rack enclosure. It will contain much the same type of information as a physical network diagram but represents rack equipment only. Information such as device connections would be included for inventory management as part of an inventory management document. An MDF document provides detailed documentation about incoming telecommunication wiring.
You have changed the IP address scheme for two of your company's networks. In addition, the names of two servers have changed. Which change management documentation should you revise? Physical network diagram Network baseline Logical network diagram Wiring schematic
Physical network diagram You should only revise the physical network diagram. The physical network diagram includes cable lengths and types, server names, IP addresses, server roles, network equipment locations, and number of network users.
The network optimization process used to allow reasonable use of data, voice, and video on the same network infrastructure is referred to as which of the following? QoS Traffic shaping Fault tolerance CARP
QoS
When analyzing assets, which analysis method assigns financial values to assets? Qualitative Quantitative Transfer Acceptance
Quantitative Quantitative analysis assigns a financial value or assignment of real numbers to an asset and the cost required to recover from a lost to the asset. Qualitative analysis seeks to identify costs that cannot be concretely defined using quantitative analysis. Transfer and acceptance are responses to risk, not risk analysis methods.
The immediate preservation of evidence is paramount when conducting a forensic analysis. Which of the following actions is most likely to destroy critical evidence? Copying the contents of memory to removable media. Disconnecting the system from the network. Rebooting the system. Restricting physical access to the system.
Rebooting the system. Rebooting or shutting down a compromised system will erase the memory contents. An attacker may load and run a memory resident program and immediately erase it from the disk. Rebooting the system will destroy all evidence of the malicious program
You are the network administrator for a healthcare organization. Recently several federal and state government laws have been enacted which will affect network operations.Which change management documentation should record this information? Policies Procedures Baselines Regulations
Regulations Regulations are governmental guidelines that are written by federal or state agencies based on the laws passed by federal or state government. Regulations are established by entities outside the network owner.
Your company has developed and implemented countermeasures for the greatest risks to their assets. However, there is still some risk left. What is the remaining risk called? Exposure Loss Risk Residual risk
Residual risk Residual risk is the portion of risk that remains after the implementation of a countermeasure. There will almost always be some residual risk.Exposure is the vulnerability of losses from a threat agent. Risk is the likelihood of a vulnerability being exploited. A loss is the real damages to an asset that reduces its confidentiality integrity or availability.
A large organization has offices in several locations around the world. Each geographic location has primary responsibility for its network administration and management. The company wants to ensure consistent instructions and management throughout the company.What should the company used to help ensure this? SLA AUP Standard operating procedures Network configuration baselines Change management
Standard operating procedures The company should implement standard operating procedures (SOP) to help ensure consistent management throughout all locations. An SOP identifies step-by-step instructions to help workers complete a complex periodic or repeated task. This will help make sure that administrators are taking the same actions in the same way throughout the company.
Which of the following is an example of an internal threat? A server backdoor allows an attacker on the Internet to gain access to the intranet site. A delivery man is able to walk into a controlled area and steal a laptop. A water pipe in the server room breaks. A user accidentally deletes the new product designs
A user accidentally deletes the new product designs Internal threats are intentional or accidental acts by employees which would include: * Malicious acts such as theft, fraud, or sabotage. * Intentional or unintentional actions that destroy all the data. * Disclosing sensitive mission through snooping or espionage. External threats of those events originating outside of the organization that typically focus on compromising the organization's information assets. Examples are hackers, fraud perpetrators, and viruses. Natural events are those events that may reasonably be expected to occur over time. Examples are a fire or a broken water pipe
A policy includes the following statement: "Employees are not allowed to use company equipment to copy or distribute copyrighted material without the written permission of the holder of the copyright"Which policy with this statement of part of? BYOD NDA SLA AUP
AUP The statement would be part of the company's acceptable use policy (AUP). The AUP defines how company equipment and data may and may not be used. It typically includes detailed security guidelines and references to other policies, such as password policy requirements.
What kind of document serves as a legally binding contract or part of a contract that defines, in plain language and in measurable terms, the aspects of a service provided to a customer? statement of work memorandum of understanding service-level agreement master service agreement
service-level agreement A SLA (service-level agreement) is a legally binding contract or part of a contract that defines, in plain language and in measurable terms, the aspects of a service provided to a customer, such as the service provided by an ISP.
In business continuity planning, (BCP) what is the primary focus of the scope? Human life and safety. Recovery time objective. Company assets. Business processes
Business processes Business processes are the primary focus of the scope of BCP. Company assets are the focus of risk assessment for security policy development, not BCP. Human life and safety are considerations for emergency response, but are not the focus for the BCP scope. Recovery time objective is a consideration in the development of emergency response, not an aspect of the BCP scope.
What is the most important element related to evidence in addition to the evidence itself? Photographs of the crime scene. Chain of custody document. Witness testimony. Completeness
Chain of custody document. The chain of custody document is the most important item related to the evidence in addition to the evidence itself.Nothing is more important than the chain of custody document, including photographs. Witness testimony can be helpful, but it is not more important than the chain of custody documents. Completeness of the evidence is beneficial, but not as beneficial as a reliable chain of custody document.
You are troubleshooting a workstation connection to the network. During your troubleshooting, you replace the drop cable connecting the computer to the network.What type of document should you update? Network diagram. Wiring diagram. Configuration documentation. Change documentation
Change documentation In this scenario update the change documentation for the device to reflect that a part was replaced. In this scenario, you have not altered the network connection or design, but simply replace the drop cable. In the future, knowing that the drop cable was recently replaced might help in troubleshooting new or recurring problems with the device.The configuration document identifies specific configuration information for a device. It might include information about the connection to the network. A network diagram might include the location of the workstation on your site and its connection to the network. A wiring schematic might include information about how the device connects to the punch down blocks or patch panels. For each of these documents, simply changing the drop cable does not alter the information that would be in each document, so no change would be required.
Which of the following technologies implements packet tagging in a LAN? Diffserv Traffic shaping CoS QoS
CoS Class of Service (CoS) implements packet tagging in a local area network (LAN). It tags the different types of traffic, such as video streaming or VoIP. The tag is a value between 0 and 8, with 0 being the highest priority. Quality of Service (QoS) uses the CoS tag to determine which traffic gets priority. QoS can provide dedicated bandwidth, and control jitter. QoS operates at Layer 3. QoS uses the CoS tags, but QoS does not implement the tags. Traffic shaping is the overall mechanism that encompasses CoS, QoS and differentiated services. It does not directly implement packet tagging. Differentiated services (Diffserv) uses the CoS classifications for identification and subsequently utilizes the QoS parameters to differentiate traffic. It is the term used for the end-to-end QoS model
A company encounters problems with inappropriate disclosure of company information including forwarding of sensitive emails and transfer of files to off-site locations. The company determines that the actions were inadvertent rather than malicious acts. The company implements an employee training program to raise awareness about data security. Technical Services is asked to put controls in place to help prevent these disclosures from occurring in the future.What should technical services use? NDA AUP SLA DLP
DLP Technical services should use a Data Loss Prevention (DLP) policy. A DLP is a way of protecting data through strategies implemented through access rights and specialized DLP software. DLP is designed to prevent unauthorized release, deletion, or modification of data. This can include functionality such as email filters, data filtering, no anomalous activity detection, and so forth
Which of the following is used to classify network data for the purpose of providing QoS? VLANs STP DSCP SIP
DSCP DiffServ (differentiated services) is a simple technique that addresses QoS issues by prioritizing traffic at layer 3 DiffServ takes into account all types of network traffic, not just the time-sensitive services such as voice and video. To prioritize traffic, DiffServ places information in the DiffServ field of an IPv4 packet. The first 6 bits of this 8-bit field are called DSCP (Differentiated Services Code Point.)
You have just started a new job as a network team leader for a small company. You are responsible for overseeing the work of Help Desk technicians, as well as doing your own share of the administrative work.To improve the safety of your organization, you decide to assemble Material Safety Data Sheets (MSDS) for all chemicals used in your organization.How should you get them? Write them yourself after researching the chemicals. Download them from the chemical manufacturers websites. Request them from your local workforce safety and insurance office. Ask your manager for them
Download them from the chemical manufacturers websites. Material Safety Data Sheets (MSDS) are written and made available by the manufacturer of the chemicals. You can download them from the manufacturer's website or request them from a company representative.
Your company has decided to implement an acceptable use policy (AUP) that must be distributed to all users. You have been asked to write the preliminary policy to submit for management approval.What is defined in this policy Which method administrators should use to backup network data How users are allowed to employ company hardware The sensitivity of company data Which uses require access to certain company data
How users are allowed to employ company hardware An acceptable use policy (AUP) defines how users are allowed to employ company hardware. For example, an acceptable use policy, which is sometimes referred to as a use policy, might answer the following types of questions: Are employees allowed to store personal files on company computers? Are employees allowed to play network games on breaks? Are employees allowed to "surf the Web" after hours?
Which type of backup takes the least time and uses the least amount of disk space? Copy Differential Full Incremental
Incremental An incremental backup takes the least time and uses the least amount of disk space. The typical backup sequence starts with a full backup. This also reset the bit that identifies a file as changed and needing backup. When an incremental backup is run, it backs up only those files changed (or added) since the full backup. When the next incremental backup is run, it backs up only those files changed since the previous incremental backup, and so on. Disk recovery requires recovery from the full backup and then each incremental backup in the order in which they were made.
What does a statement of work document do? It documents in detail the work that must be completed for a particular object, and includes specifics such as tasks, deliverables, standards, payment schedule, and work timeline. It documents the intentions of two or more parties to enter into a binding agreement, or contract, and is sometimes used between an informal handshake and the legally binding signatures on contracts. It is a legally binding contract or part of a contract that defines, in plain language and in measurable terms, the aspects of a service provided to a customer, such as the service provided by an ISP. It is a contract that defines the terms of future contracts between parties, such as payment terms or arbitration arrangements
It documents in detail the work that must be completed for a particular object, and includes specifics such as tasks, deliverables, standards, payment schedule, and work timeline. SOW (statement of work) documents in detail the work that must be completed for a particular project's, and includes specifics such as tasks, deliverables, standards, payment schedule, and work timeline.A SOW is legally binding, meaning it can be enforced in a court of law.
What is the Nmap utility used for? It is used to identify unsecured sensitive data on the network, such as credit cards. It is an automated vulnerability and penetration testing framework. It is a software firewall that can be used to secure a vulnerable host. It is a port scanning utility that can identify open ports on a host.
It is a port scanning utility that can identify open ports on a host. The scanning tool Nmap and its GUI version Zenmap are designed to scan large networks quickly and provide information about a network and its hosts. Nmap began as a simple port scanner, which is an application that searches a device for open ports indicating which insecure service might be used to crack an attack. For example, if a service port 23 is open, Telnet can be used to remote into the target device and take control of it. Developers later expanded Nmap's capabilities to include gathering information about hosts and their software.
A medium-sized company is moving into a new office space. The office is being prewired with Cat 6 cabling. Employees will be moving their own equipment and will need to connect into the network. Technical services wants to help ensure the move goes as smoothly as possible.What should Technical Services used to ensure that? Work instructions Labeling Logical network diagram Physical network diagram
Labeling Technical services should use labeling to help ensure that the move goes smoothly. Each cable should be clearly labeled as to the device that should be connected to that point. This will enable employees with little or no technical experience to connect their own devices.There is no need to prepare a logical or physical network diagram for this purpose although both are recommended as ways to document the network. A logical network diagram shows network hierarchies, server roles, naming conventions, and so forth. A physical network diagram shows the servers and network devices on a network and the relative locations. Neither of these diagrams has the information that employees would need to correctly connect their devices. Work instructions provide the information needed to perform a task. It would not include information about cable and device locations.
What is the most common failure of the security policy in an environment? Lack of user awareness. Failure to assign responsibilities. Overlooked critical assets. Improperly outlined procedures
Lack of user awareness. The most common failure the security policy in an environment is the lack of user awareness. If users are not aware of the policies to follow or procedures to comply with, they will not know how to perform their work tasks securely. When an organization makes the effort to produce a security policy, improperly outlined procedures are rarely a problem. This issue is usually discovered and corrected early in the security policy development process. Overlooking critical assets is not a common problem. During the asset identification stage of risk analysis and security policy development, every asset of an organization is examined for importance. A security policy is not complete unless it assigns specific tasks and responsibilities to roles and individuals within the organization.
A company has offices on several floors of the building. All connections to external public lines coming in through a central area and are routed to distribution points on each floor. The distribution points on each floor connect to the internal network.Where is the cabling and equipment for the central area documented in detail? Physical network diagram MDF documentation IDF documentation Logical network diagram
MDF documentation The area described is referred to as the main distribution frame (MDF). This is a cable rack with the external telecommunication wiring. This is documented in the MDF documentation.The distribution points on each floor are intermediate distribution frame's (IDFs). This is where the connection is made between the MDF and the internal network and is documented in the IDF documentation.This does not describe a logical or physical network diagram. A logical network diagram shows network hierarchies, server roles, naming conventions, and so forth. A physical network diagram shows the servers and network devices on a network and the relative locations. Neither provides the detailed documentation described.
You are the network administrator for a manufacturing company. Technicians that work on computers used on the manufacturing floor may come into contact with dangerous chemicals. You need to understand which chemicals they will come into contact with and their associated safety issues.What should you consult? ACL HVAC MSDS ESD
MSDS You should consult the material safety data sheet (MSDS) to understand which chemicals technicians will come into contact with and any safety issues regarding those chemicals.
A company is developing their business continuity and disaster recovery plans. The company needs to determine the reliability of a critical network device. Continuity plans will depend on how frequent to device is likely to fail.Which value should be used to determine this? RPO RTO MTTR MTBF
MTBF The mean time between failure (MTBF) is the value to use to project how often you can expect a device to fail. This defines how long device should be operational before it fails. This value is usually available from manufacturers specification sheets.The mean time to repair (MTTR) is the typical time it takes to repair a device after a failure occurs, but it does not imply how often failure does occur. The recovery time objective (RTO) is the maximum time to return a critical device to operation before serious consequences occur. The recovery point objective (RPO) determines the maximum time of data loss allowable, or the point to which data must be recovered to restore operations.
Which business document is a contract that defines a set of terms that will govern future agreements between two parties? Statement of Work. Interconnection Security Agreement. Memorandum of Understanding. Master Service Agreement
Master Service Agreement A Master Service Agreement is a contract that defines terms that will govern future agreements between two parties. The purpose of this document is to allow the parties to quickly negotiate future agreements without having to repetitively renegotiate the same terms over and over.A Statement of Work is a contract that defines the tasks, timeframe, and deliverables that a vendor must perform for a client. A Memorandum of Understanding provides a brief summary of which party in the relationship is responsible for performing specific tasks. An Interconnection Security Agreement documents how the information systems of each party in the relationship will be connected and how they will share data.
When recovery is being performed due to a disaster, which services are to be stabilized first? Least business critical. Mission-critical. Financial support. Outside communications
Mission-critical. The services to be restored first our mission critical services. If mission critical services are not restored within their maximum tolerable downtime, the organization is no longer viable.Least business critical services are to be restored last. Financial support and outside communications are restored only after all other services with a higher level of criticality have been restored.
Members of the marketing team use laptops to connect to the company network. While traveling, they connect their laptops to the Internet through airport and hotel networks.You are concerned that these computers will pick up viruses that could spread to your private network. You would like to implement a solution that prevents the laptops from connecting to your network unless antivirus software and the latest operating system patches have been installed.Which solution would you choose? DMZ NAT NAC NIDS VLAN
NAC Network Access Control (NAC) controls access to the network by not allowing computers to access network resources unless they meet certain predefined security requirements. Conditions that can be part of the connection requirements include requiring that computers have: * Antivirus software with up-to-date definition files. * An active personal firewall. * Specific operating system critical updates and patches. A client that is determined by the NAC agent to be healthy is given access to the network. An unhealthy client, who has not met all of the checklist requirements, is either denied access or can be given restricted access to a remediation network, where remediation servers can be contacted to help the client to become compliant. A demilitarized zone (DMZ) is a buffer network or subnet, that sits between the private network and an un-trusted network such as the Internet. A virtual LAN (VLAN) is a logical grouping of computers based on switch port. VLAN membership is configured by assigning a switch port to a VLAN. And intrusion detection system (IDS) is a special network device that can detect the tax and suspicious activity. A network-based IDS (NIDS) scans network traffic looking for intrusion attempts. Network Address Translation (NAT) modifies the IP addresses in packets as they travel from one network (such as a private network) to an un-trusted network such as the Internet. NAT allows you to connect a private network to the Internet without obtaining registered addresses for every host. Hosts on the private network share the registered IP address.
A team with members from two companies is designing a new product. All members of the project team sign a legally binding document that details what they may and may not discuss outside the project team.What is this an example of? SLA DLP NDA AUP
NDA This is an example of a non-disclosure agreement (NDA). An NDA is a legally binding document between two or more parties regarding the restricting or release of confidential material, knowledge, or other information. This is a way of protecting trade secrets and non--public information about a business.
What is the primary purpose of penetration testing? Infiltrate a competitor's network. Evaluate newly deployed firewalls. Assess the skill level of new IT security staff. Test the effectiveness of your security perimeter
Test the effectiveness of your security perimeter The primary purpose of penetration testing is to test the effectiveness of your security perimeter. Only by attempting to break into your own secured network can you be assured that your security policy, security mechanism implementations, and deployed countermeasures are effective. It is important to obtain senior management approval before starting a penetration testing or vulnerability scanning project. Often, penetration testing or vulnerability scanning is performed by an external consultant or security outsourcing agency that is hired by your organization.
In planning for disaster recovery, what is the ultimate goal? The preservation of critical data. The continuation of business. The management of damage. The protection of infrastructure.
The continuation of business. Disaster recovery is the process of restoring your critical functionality and data after an outage that affects more than a single system or a limited group of users. A disaster recovery plan accounts for the worst-case scenarios, from a far-reaching hurricane to a military or terrorist attack. It should provide contingency plans for restoring or replacing computer systems, power, telephone systems, and paper-based files. The goal of a disaster recovery plan is to ensure business continuity, which is the ability of the company to continue doing business with the least amount of interruption possible.
Which statement BEST describes a warm backup recovery site? The site has computer equipment, network hardware, and data communication installed and configured, but it does not have recent backups of corporate data. The site has the necessary facilities infrastructure to support business operations but not computer or network hardware The site has computer equipment, network hardware, and data communication installed and configured with a current duplicate of critical data The site has the necessary facilities infrastructure to support business operations with computer and network hardware stored on-site, but this equipment is not set up and configured for use
The site has the necessary facilities infrastructure to support business operations with computer and network hardware stored on-site, but this equipment is not set up and configured for use A warm site is a site that has computer equipment, network hardware, and data communication installed and configured, but which does not have recent backups of corporate data. A warm site is designed to be able to continue operations once current backups are delivered and applied.A site that has the necessary facilities infrastructure to support business operations, but which does not have any equipment set up and configured is a cold site. A hot site has computer equipment, network hardware, and data communication installed and configured with current duplicate of critical data. This enables operations to continue most quickly, usually in no more than a few hours.
Purchasing insurance is what type of response to risk? Rejection. Acceptance. Deployment of countermeasures. Transference
Transference An organization can transfer risks (transference) through the purchase of insurance. When calculating the cost of insurance and the deductible, balance the cost against the expected loss from the incident.Risk acceptance is the decision that the level of risk is acceptable. Risk rejection is choosing not to respond to the risk even though the risk is not at an acceptable level. The deployment of countermeasures and tales choosing and putting into practice those countermeasures that reduce the risk to an acceptable level.
A company is installing a large rack-mounted infrastructure to support a Web server farm. High availability is a critical concern for the company. You need to recommend a solution that will ensure continued availability without interruption if AC line power is lost.What type of technology does the company need to ensure this? Power conditioner Standby generator Redundant power supply UPS
UPS The company should use an uninterruptible power supply (UPS). A UPS is a battery backup system with an internal power inverter. Line power is delivered through the UPS even if AC line power is available. If AC power is lost, the power inverter converts the DC power in the batteries to AC for distribution to equipment. Power to the rack is not interrupted, so operations are not interrupted.A power conditioner is designed to improve the quality of power delivered by regulating power levels and removing power spikes another transient problems. A backup generator or standby generator takes at least a few hours to come online, so there would be an interruption in power. A redundant power supply is a second power supply that would continue to provide power to the rack if one power supplies lost, but it would not help if line power is lost.
What is the main difference between vulnerability scanning and penetration testing? Vulnerability scanning is performed within the security perimeter; penetration testing is performed outside of the security perimeter. Vulnerability scanning is performed with a detailed knowledge of the system; penetration testing starts with no knowledge of the system. Vulnerability scanning uses approved methods and tools; penetration testing uses hacking tools. The goal of vulnerability scanning is to identify potential weaknesses; the goal of penetration testing is to attack a system.
Vulnerability scanning is performed within the security perimeter; penetration testing is performed outside of the security perimeter. Penetration testing simulates an actual attack on the network and is conducted from outside the organization security perimeter. Vulnerability scanning is typically performed internally by users with administrative access to the system. The goal of both vulnerability scanning and penetration testing is to identify the effectiveness of security measures, and to identify weaknesses that can be fixed. While some penetration testing is performed with no knowledge of the network, penetration testing could be performed by testers with detailed information about the systems. Both vulnerability scanning and penetration testing can use similar tools, although illegal tools should be avoided in both activities.
When would choosing to do nothing about an identified risk be acceptable? When the cost of protecting the asset is greater than the potential loss. When the asset is an intangible asset instead of a tangible asset. When the threat is likely to occur less than once a year. When the threat is most likely to come from an internal source instead of an external source
When the cost of protecting the asset is greater than the potential loss. You might choose to accept a risk and do nothing if the cost associated with a threat is acceptable, or if the cost of protecting the assets from the threat is unacceptable. For example, if the cost of protecting the asset is greater than the cost associated with the threat, you would decide to accept the potential loss rather than spend money to protect the asset. In this case, you would plan for how to recover from the threat, but not implement any measures to avoid.An intangible asset is a resource that has value and may be saleable even though it is not physical or material. While assessing a value to intangible assets can be difficult, this does not mean that they cannot or should not be protected. The likely frequency of a threat occurring affects the annual loss expectancy, which will also affect the comparison of the cost of countermeasures to the cost associated with a successful attack, but does not immediately rule out implementing countermeasures.
What term is used to describe the average amount of time that will pass for a device before a failure is expected to occur? estimated time to failure (ETTF) product cycle lifetime (PCL) maximum time available (MTA) mean time between failures (MTBF)
mean time between failures (MTBF) Devices on a network typically have a calculated MTBF (mean time between failures). This is the average amount of time that will pass for devices before the next failure is expected to occur. Once a device fails, there is an average amount of time required to repair the device. This is called MTTR (mean time to repair).