Network Security Fundamentals
Which method of code breaking tries every possible combination of characters in an attempt to "guess" the password or key?
Brute Force
What is the term used for events that were mistakenly flagged although they weren't truly events about which you need to be concerned?
False positives
A ___________________ is used to provide EMI & RFI shielding for an entire room of computer or electronic equipment (also used to prevent eavesdropping).
Faraday Cage
Which of the following allows an attacker to identify vulnerabilities within a closed source software application by inputting unexpected values in order to make it crash?
Fuzzing
The process of making certain that an entity (operating system, application, etc.) is as secure as it can be is known as:
Hardening
Which of the following devices is used to optimize and distribute data workloads across multiple computers or networks?
Load Balancer
Which of the following is a passive method of threat response?
Logging the event
What TCP port does HTTP use?
Port: 80
Which access control method model grants rights or privileges based on their job function or position held?
RBAC
Public keys are used for which of the following?
Decrypting the hash of an electronic signature
Which plan or policy helps an organization determine how to relocate to an emergency site?
Disaster Recovery Planning
You have taken out an insurance policy on your data/systems to share some of the risk with another entity. What type of risk strategy is this?
Transference
Which of the following is a policy that would force all users to organize their areas as well as help in reducing the risk of possible data theft?
Clean desk policy
___________________ are used to monitor a network for suspect activity.
Intrusion Detection System
A certificate authority (CA) is an organization that is responsible for doing which three of the following with certificates (choose three)?
Issuing, Revoking, Distributing
Wireless Ethernet conforms to which IEEE standard?
IEEE 802.11
A firewall operating as a ___________________ firewall will pass or block packets based on their application or TCP port number.
Packet-filter
If SLE is calculated at $2,500 and there are an anticipated 4 occurrences a year (ARO), then ALE is:
$10,000
What would the Annualized Loss Expectancy be for the asset (the printing press) in the previous question if a fire that might damage the press in that manner occurred once every 15 years?
$6,133.33
Your company owns a printing press worth $100,000. If it were damaged in a fire, it would be worth $8,000 in parts. What would the single loss expectancy (SLE) be?
$92,000
Which of the following is NOT an asymmetric encryption algorithm?
3DES
A newly hired junior administrator will assume your position temporarily while you attend a conference. You're trying to explain the basics of security to her in as short a period of time as possible. Which of the following best describes an ACL?
ACLs provide individual access control to resources.
A(n) ___________________ is a message from the analyzer indicating that an event of interest has occurred.
Alert
The HTTP protocol functions at which layer of the TCP/IP model?
Application
The area of an application that is available to users (those who are authenticated as well as those who are not) is known as its:
Attack Surface
With which of the following is RAID MOST concerned?
Availabilty
Which of the following is an attack where a program or service is placed on a server to bypass normal security procedures?
Back Door
A ___________________ security device uses some biological characteristic of human beings to uniquely identify a person for authentication.
Biometric
A major organization in the tracking and reporting of common computer and network security problems is ___________________.
CERT -Computer Emergency Response Team
Which of the following reduces the likelihood of a single point of failure when a server fails?
Clustering
Which of the following concepts ensures that the data is only viewable to authorized users?
Confidentiality
You are the administrator of the sybex.com website. You are working when suddenly web server and network utilization spikes to 100% and stays there for several minutes and users start reporting "Server not available" errors. You may have been the victim of what kind of attack?
DOS
Which access control method model allows the owner of a resource to grant privileges to information they own?
DAC
Servers or computers that have two NIC cards, each connected to separate networks, are known as what type of computers?
Dual-homed
Which type of attack is one in which a rogue wireless access point poses as a legitimate wireless service provider to intercept information that users transmit
Evil Twin
Which of the following file systems is from Microsoft and was included with their earliest operating system
FAT
Which of the following devices are the first line of defense for networks connected to the Internet?
Firewalls
Separation of duties policies are designed to reduce the risk of what?
Fraud
Which of the following is a concept that works on the assumption that any information created on any system is stored forever?
Full Archival Method
Which is a complete, comprehensive backup of all files on a disk or server?
Full Backup
Which U.S. regulation dictates the standards for storage, use, and transmission of personal medical information
HIPPA
The process of making a computing environment more secure from attacks and intruders is known as ___________________.
Hardening
A ___________________ is a system designed to fool attackers into thinking a system is unsecured so they will attack it. Then the "victim" will learn their attack methods without compromising a live system.
Honeypot
In TCP/IP parlance, any computer or device with an IP address on a TCP/IP network is known as a(n):
Host
What command can you use to determine the MAC address on a Linux system?
Ifconfig
Which of the following is MOST likely to be the last rule contained on any firewall?
Implicit Deny
___________________ is the first step in the incident response cycle.
Incident Identification
Which authentication method uses a Key Distribution Center (KDC)?
Kerberos
Instead of giving a security administrator full administrative rights on the network, the administrator is given rights only to review logs and update security related network devices. Additional rights are handed out to network administrators for the areas that fall within their job description. Which of the following describes this form of access control?
Least Privilege
When assigning permissions to users, which principle should you adhere to?
Least Privilege
Which access control model is a static model that uses predefined access privileges for resources that are assigned by the administrator?
MAC
Which specification is a fairly accurate estimation of how long a component will last?
MTBF (mean time between failures)
Which of the following attacks is BEST described as the interruption of network traffic accompanied by the insertion of malicious code?
Man-in-the-middle
Which type of risk strategy is undertaken when you attempt to reduce the risk? Mitigation
Mitigation
After a careful risk analysis, the value of your company's data has been increased. Accordingly, you're expected to implement authentication solutions that reflect the increased value of the data. Which of the following authentication methods uses more than one authentication process for a logon?
Multifactor
Which of the following is NOT an advantage of host virtualization?
Only one copy of anti-virus software is needed
Locking the door(s) to the server room involves what kind of security?
Physical
Which of the following is a security control that is lost when using cloud computing?
Physical control of the data
Which port should be closed on systems to prevent the unauthorized running of programs?
Port: 111
Which cloud delivery model is implemented by a single organization, enabling it to be implemented behind a firewall?
Private
In order to run "sniffer" software properly, the NIC in the computer running the software must be set to:
Promiscuous Mode
Which RAID level provides for no fault tolerance?
Raid 0
Several classified mobile devices have been stolen. Which of the following would BEST reduce the data leakage threat?
Remotely sanitize/wipe the devices
Which hashing algorithm uses a 160-bit hash value?
SHA
Which of the following is NOT a tunneling protocol?
SLIP
___________________ is a slang term for unwanted commercial e-mail.
SPAM
Which of the following can prevent an unauthorized employee from entering a datacenter? (Select two answers).
Security Guard, Proximity Reader
Which of the following policies are designed to reduce the risk of fraud and prevent other losses in an organization?
Separation of duties
You require your ISP to keep your Internet connection up 99.999% of the time. In which document would this condition be placed?
Service Level Agreement
Which of the following attacks would using privacy filters masking help mitigate? Note: privacy filters are small pieces of plastic that go over computer screens that restrict the viewing angle to straight on.
Shoulder Surfing
Web-based email is classified under which of the following cloud-based technologies?
Software as a Service (SaaS)
Which of the following is a type of attack that occurs when an attacker pretends to be a legitimate client, using information it has gained from a legitimate client (like it's IP address).
Spoofing
Which remote access protocol, implemented almost exclusively by Cisco, is a central server providing remote access usernames that dial-up users can use for authentication.
TACACS+
Which of the following is an example of allowing another user physical access to a secured area without validation of their credentials?
Tailgating
What is the purpose of WEP (Wired Equivalent Privacy)?
To provide a WLAN (Wireless Local Area Network) with the same level of security as a wired LAN (Local Area Network)
If you wanted to connect two networks securely over the Internet, what type of technology could you use?
VPN
Which of the following security threats does shredding mitigate?
Dumpster Diving
What is the machine on which virtualization software is running known as?
Host
Which of the following is true about the CRL?
It should be kept public
What TCP port does Telnet use?
Port: 23
What is the size of the initialization vector (IV) that WEP uses for encryption?
24-bit
Which cloud delivery model has an infrastructure shared by several organizations with shared interests and common IT needs?
Community
A security administrator working for a health insurance company needs to protect customer data by installing an HVAC system and a mantrap in the datacenter. Which of the following are being addressed? (Select the best TWO answers).
Confidentiality, Availability
Which of the following Evaluation Assurance Levels (EAL) is the common security benchmark for commercial systems?
EAL4
Which of the following Evaluation Assurance Levels (EAL) specifies that the user wants assurance that the system will operate correctly, but threats to security are not viewed as serious?
EAL7
In order to ensure high availability of all critical servers, backups of the main datacenter are done in the middle of the night and then the backup tapes are taken to an offsite location. Which of the following would ensure the minimal amount of downtime in the case of a disaster?
Having the offsite location of tapes also be the hot site
Which of the following environmental controls would BEST be used to regulate cooling within a datacenter?
Hot and cold aisles
A ___________________ is a repair made while the system being repaired remains in operation.
Hotfix
Which of the following is NOT a routing protocol?
ICMP
IPv6, in addition to having more bits allocated or each host address, has mandatory requirements built in for which security protocol?
IPSec
Which of the following can a security administrator do to help protect against smurf attacks?
Install a Spam Filter
Which of the following will NOT contribute to network hardening?
Installing new anti-virus software on workstations
A security administrator with full administrative rights on the network is forced to temporarily take time off of their duties. Which of the following describes this form of access control?
Mandatory Vacation
Several staff members working in a datacenter have reported instances of tailgating. Which of the following could be implemented to prevent this security concern?
Mantraps
In a wireless network that uses WEP (Wired Equivalent Privacy) to provide wireless security, which of the following may authenticate to an access point?
Only users with the correct WEP key
Which encryption/security measure, originally developed by Netscape, is used to establish a secure, lower-layer communication connection between two TCP/IP-based machines?
SSL
Which fire extinguisher type is the best to be used on computer equipment in the case of a computer fire?
Type C
To prevent files from being copied on a workstation to removable media, you should disable which ports?
USB
Which of the following is NOT one of the cloud delivery models recognized by NIST?
Unlisted
A user receives an automated call which appears to be from their bank. The automated recording provides details about the bank's privacy policy, security policy and requests that the user clearly state their name, birthday and enter the banking details to validate the user's identity. Which of the following BEST describes this type of attack?
Vishing
In the Windows world, what tool is used to disable a port?
Windows Firewall
Which "X." standard defines certificate formats and fields for public keys?
X.509
Which of the following is NOT a component of Public Key Infrastructure (PKI)?
XA
A penetration test shows that almost all database servers were able to be compromised through a default database user account with the default password. Which of the following is MOST likely missing from the operational procedures?
Application Hardening
What kind of cryptographic method replaces one character with another from a "match-up list" to produce the ciphertext? The decoder wheels kids get in cereal boxes often make this kind of cryptography.
Substitution Cipher
Which of the following outlines those internal to the origination who have the ability to setup into positions when they open?
Succession Planning
Which of the following penetration testing types is performed by security professionals with no inside knowledge of the network?
Black Box
A security administrator with full administrative rights on the network is forced to change roles on a quarterly basis with another security administrator. Which of the following describes this form of access control?
Job Rotation
A security administrator has been receiving support tickets for unwanted windows appearing on user's workstations. Which of the following can the administrator implement to help prevent this from happening?
Pop-up Blockers
A security administrator wants to know which systems are more susceptible to an attack compared to other systems on the network. Which of the following assessment tools would be MOST effective?
Vulnerability Scanner
What is the term for restricting an application to a safe/restricted resource area?
Sandboxing
Which of the following is a method of capturing a virtual machine at a given point in time?
Snapshot
Which kind of security attack is a result of the trusting nature of human beings?
Social Engineering
Which of the following is NOT one of the three cloud service models recognized by the NIST?
XaaS
Which of the following threats corresponds with an attacker targeting specific employees of a company?
Spear phishing