Network Security Unit 2, Network Security Unit 3
Most personal computer operating systems use the mandatory access control (MAC) model. T/F
False
NAS works well with real-time applications because of the latency of the communication methods. T/F
False
Organizations are safe from sniffer attacks when their computing environment is primarily a switched network environment. T/F
False
PPTP provides stronger protection than L2TP. T/F
False
RAID is a replacement for backup and recovery processes. T/F
False
The Common Gateway Interface (CGI) is a programming language in and of itself. T/F
False
The basic operation of a system logging facility is to collects events from log files, processes the data, stores the results, and performs notification or alerting, as required. T/F
False
The size of a signature base is a good measure of an IDPS's effectiveness. T/F
False
Today, the widespread acceptance of IPSec with the IKE system means that proprietary protocols are used far more often. T/F
False
What is the best way to restrict URL access?
Make sure sensitive pages require authentication
A ____ is one in which the computer system enforces the controls without the input or intervention of the system or data owner.
Mandatory Access Control (MAC)
To provide monitoring, an SNMP ____ must be installed on a desired host or network device.
agent
One of the biggest strengths of Perl is its ____-manipulation abilities.
text
Because it accepts firewall and intrusion logs from many sources, ____ is often one of the first organizations to spot network anomalies, and it often traces them to specific malware or vulnerability exploits.
the ISC
In passive mode, the FTP client must listen and wait for the server connection. T/F
False
Logs provide dynamic records of running processes. T/F
False
The improved Bluetooth 2.0 increased the data rate to around ____ Mbps.
Three
What is a drawback of tape backups?
Time Required to store and retrieve information
Which tcpdump option specifies the number of packets to capture?
-c
Which HTTP response code indicates that an error has occurred on the client side?
401
802.11n has a maximum data rate of ____.
600 Mbps
QPSK uses four signal states that are ____ degrees out of phase to carry four signal values.
90
____ refers to a new use of existing technologies.
AJAX
A(n) ____ is a list of authorization rights attached to an object - in other words, who can access that device or application and what can they do with it.
Access Control List (ACL)
What is the largest area of concern with regard to security in ZigBee?
Accidental key reuse
Which access control process documents the activities of the authenticated individual and systems?
Accountability
____ demonstrates that management has identified an acceptable risk level and provided resources to control unacceptable risk levels.
Accreditation
Which COBIT domain focuses on ongoing maintenance and change requirements to extend the usability of the system?
Acquire and implement
____ clustering is a more complex model in which all members of a cluster simultaneously provide application services.
Active/Active
From a network security perspective, the ____ logs are the most valuable to a systems and network administrator in identifying and resolving issues.
Admin and operational
The ____ review entails a detailed examination of the events that occurred from first detection to final recovery.
After-action
The primary focus of ____ is to determine if the standards and/or regulations the organization claims to comply with are, in fact, complied with.
An Audit
A spreadsheet program might record an error for access to a file in the ____ log.
Application
In ____ verification, the higher-order protocols (HTTP, FTP, Telnet) are examined for unexpected packet behavior or improper use.
Application Protocol
A(n) ____ is a detailed description of the activities that occur during an attack, including the preliminary indications of the attack as well as the actions taken and the outcome.
Attack Profile
_____ verify that an organization's security policies are prudent (cover the right issues) and are being implemented correctly.
Audits
Biometrics (retinal scans, fingerprints, and the like) are mainly used for ____ by large security-minded entities such as banking institutions and credit card centers for regulating access to sensitive information, but biometrics are also gaining ground in the general corporate world.
Authentication
Which linux file shows a listing of failed login attempts?
BTMP
Under the guise of justice, some less scrupulous administrators may even be tempted to ____, or hack into a hacker's system to find out as much as possible about the hacker.
Back hack
The most realistic type of penetration test is a ____ box test.
Black
Which notable Bluetooth attack allows a nearby attacker to issue commands to an unsuspecting target phone?
BlueBug
The _____ mailing list is a widely known, major source of public vulnerability announcements.
Bugtraq
____ planning ensures that critical business functions can continue if a disaster occurs.
Business continuity planning
The use of ____ is required to achieve RSN compliance.
CCMP
____ is an IT governance framework and supporting toolset that allows managers to bridge the gap between control requirements, technical issues, and business risks.
COBIT
Which team is responsible for conducting the BIA?
CP Management Team (CPMT)
____ is a vulnerability scoring system designed to provide an open and standardized method for rating IT vulnerabilities.
CVSS
Within the change management process, after the need for a change has been identified, a(n) ____ is submitted to the appropriate decision-making body.
Change Request
Incident ____ is the process of evaluating organizational events, determining which events are possible incidents, also called incident candidates, and then determining whether or not the incident candidate is an actual incident or a nonevent, also called a false positive incident candidate.
Classification
Which vulnerability can occur if a programmer does not properly validate user imput and allows an attacker to include unintended SQL input that can be passed to a database?
Command injection
Which cloud type acts as a collaboration between a few entities for the sole benefit of those entities?
Community Clouds
The ____, which is also known as the Security Incident Response Team (SIRT), is the group of individuals who would be expected to respond to a detected incident.
Computer Security Incident Response Team (CSIRT)
IPSec ____ use a complex set of security protocols to protect information, including Internet Key Exchange (IKE), which provides for the exchange of security keys between the machines in the VPN.
Concentrators
Which level in the U.S. military data classification scheme applies to any information or material the unauthorized disclosure of which reasonably could be expected to cause damage to the national security?
Confidential data
The purpose of ____ is to manage the effects of changes or differences in configurations on an information system or network.
Configuration and change management (CCM)
A bank's automated teller machine (ATM), which restricts authorized users to simple account queries, transfers, deposits, and withdrawals is an example of ____ access control.
Constrained user interface
What is the best way to direct visitors to a new location or page?
Create a .htaccess file with the following entry: Redirect 301/old/old.html /new/new.html.
In ____, valid packets exploit poorly configured DNS servers to inject false information to corrupt the servers' answers to routine DNS queries from other systems on the network.
DNS cache poisioning
In some organizations, which two plans are considered to be one plan, known as the Business Resumption Plan?
DR plan and BC plan
Which COBIT domain focuses on the functionality of the system for the end user?
Delivery and Support
A(n) ____ backup is the storage of all files that have changed or have been added since the last full backup.
Differential
Which technology works by taking the original data stream and breaking it up into small bits, then transmitting each of those on a different frequency channel simultaneously?
Direct-Sequence Spread Spectrum (DSSS)
If Web software can access parts of the underlying operating system's file system through normal URL mappings, a(n) ____ may occur.
Directory traversal attack
The key role of a(n) ____ is defining how to reestablish operations at the location where the organization usually operates.
Disaster Recovery (DR)
What is the best way to secure Telnet?
Do not use Telnet at all
In the Windows OS, services are usually initiated (loaded or started) at boot-up as ____, which consist of software code, data and/or other resources necessary to provide the service.
Dynamic-Link Libraries (DLLs)
The bulk transfer of data in batches to an off-site facility is called ____.
Electronic Vaulting
What is the best way to secure FTP or TFTP?
Employ encryption and authentication
VPNs protect packets by performing IP ____, the process of enclosing a packet within another one that has different IP source and destination information.
Encapsulation
Some VPNs use the term ____ to describe everything in the protected network behind the gateway.
Encryption Domain
____ are hardware devices or software modules that perform encryption to secure data, perform authentication to make sure the host requesting the data is an approved user of the VPN, and perform encapsulation to protect the integrity of the information being sent.
Endpoints
As part of the initiation and planning audit phase, it is customary for a(n) ____ to be developed, which serves as a service agreement between the auditing team and the requesting entity.
Engagement Letter
The CVSS _____ Score is set by the organization using the software.
Environmental
On most current versions of windows-based systems, logging is managed by the ____, which is accessible from the system control panel.
Event viewer.
____ is a simple method of transferring files between computer systems.
FTP
A sniffer can decipher encrypted traffic. T/F
False
Allowing users to decide which mobile code to run is the best way to resolve weaknesses introduced with mobile code. T/F
False
By default, Bluetooth authenticates connections. T/F
False
Deploying and implementing an IDPS is always a straightforward task. T/F
False
Which HTTP request method retrieves meta-information only from the resource signified in the URI?
HEAD
____ is a key component of the Web, working in conjunction with HTTP to move content from servers to clients.
HTML
____ is the basis for Web communication.
HTTP
One of the best reasons to install a(n) ____ is to provide an organization with overall situational awareness - or a better overall understanding - of the activities that take place on the network.
IDPS
The primary purpose of ____ is to enable organizations to obtain certification; thus, it serves more as an assessment tool than an implementation framework.
ISO/IEC 27001
A(n) ____ is designed to translate information sent from a particular agent or class of agents.
MIB
The actions an organization should take while an incident is in progress are defined in a document referred to as the ____ plan.
Incident Response (IR)
What does the tcpdump host 192.168.1.100 command do?
It only capture traffic originating from and destined to 192.168.1.100
____ was originally developed as a client-side language, which means the code is interpreted on the client side instead of on the Web server.
JavaScript
One tool that provides active intrusion prevention is known as ____.
LaBrea
Which access control principle restricts users to having access appropriate to the level required for their assigned duties?
Least Privilege
Ad hoc wireless models rely on the existence of ____ to provide connectivity.
Multiple Stations
Which access control principle is most frequently associated with data classification?
Need to know
To investigate running processes, we would turn to the ____ in Linux.
PS Command
By default, tcpdump will just print ____ information.
Packet Header
A _____ (sometimes called a network protocol analyzer) is a network tool that collects copies of packets from the network and analyzes them or stores the packets for later analysis.
Packet sniffer
A(n) ____ vulnerability scanner listens in on the network and identifies vulnerable versions of both server and client software.
Passive
With ____ mode, a trusted internal FTP client makes an outgoing request to the FTP server.
Passive
A _____ uses all the techniques and tools available to an attacker in an attempt to compromise or penetrate an organization's defenses.
Penetration test
Bluetooth networks are referred to as ____.
Piconets
Tracking events in which group membership has changed or rights have been elevated gives security professionals a warning that ____ is occurring.
Privilege escalation
A(n) ____ is a task being performed by a computing system.
Process
Which wireless modulation technique combines digital and analog signaling to encode data into radio signals?
QAM
Which centralized authentication method uses UDP?
RADIUS
____ are collections of IP addresses of known spam sources on the Internet, and they can be easily integrated into most SMTP server configurations.
Real-Time blacklistings (RBLs)
One of the preparatory parts of the attack methodology is the collection of publicly available information about a potential target, a process known as ____.
Reconnaissance
____ is the transfer of live transactions to an off-site facility.
Remote Journaling
You can view Ubuntu Linux distribution daemons using the ____.
Service Command
____ are processes that are designed to operate without user interaction.
Services
Which authentication method is used when you want a client to be authenticated for each session?
Session authentication
____ techniques are generally used by organizations needing immediate data recovery after an incident or disaster.
Shadowing
Protocol analyzers are commonly referred to as ____.
Sniffers
Which term refers to two connections over a VPN line?
Split Tunneling
____ are the representative collection of individuals with a stake in the successful and uninterrupted operation of the organization's information infrastructure.
Stakeholders
Which centralized authentication method is the latest and strongest version of a set of authentication protocols developed by Cisco Systems?
TACACS+
SPIKE can fuzz any protocol that utilizes ____.
TCP/IP
Which backup method allows for easy full-system restorations (no shuffling through tapes with partial backups on them)?
The Towers of Hanoi
An SMTP ____ is a simple message providing status information about the monitored device.
Trap
____ applications use a combination of techniques to detect an intrusion and trace it back to its source.
Trap-and-trace applications
A sender with a valid internal IP address should be allowed to send e-mail to external e-mail addresses. T/F
True
COBIT provides a framework to support information security requirements and assessment needs. T/F
True
In order to implement MAC, a strict user and data classification scheme is required. T/F
True
Incident response focuses on immediate response to small-scale events. T/F
True
Most BSS networks are configured as simple stars. T/F
True
Most C++ catastrophe vulnerabilities rely on uninitialized function pointers in a class. T/F
True
Most installed wireless networks use the infrastructure model. T/F
True
Most system logs are very difficult to collect, store, read, and understand. T/F
True
Passive scanners are advantageous in that they do not require vulnerability analysts to get prior approval for testing. T/F
True
Separation of duties reduces the chance of an individual violating information security policy and breaching the confidentiality, integrity, and availability of information. T/F
True
Signature-based IDPS technology is widely used because many attacks have clear and distinct signatures. T/F
True
The final phase of the IR planning function is plan maintenance. T/F
True
The first hurdle a potential IDPS must clear is functioning in your systems environment. T/F
True
What is logged in the system log is predetermined by Windows. T/F
True
When properly configured to afford anonymous users only very limited access, the FTP server works well. T/F
True
Wired networks are just as vulnerable to sniffing as wireless networks. T/F
True
he business impact analysis (BIA) is the first major component of the CP process. T/F
True
Implementing applications that verify the true communication destination during execution help prevent vulnerabilities associated with ____.
Trusting network name resolution
Point-to-Point Protocol (PPP) over Secure Sockets Layer (SSL) and Point-to-Point Protocol (PPP) over Secure Shell (SSH) are two ____-based methods for creating VPNs.
UNIX
The primary drawback associated with ad hoc networks is that they are inherently ____.
Unreliable
Client authentication is similar to user authentication but with the addition of ____.
Usage limits
According to D. L. Pipkin, ____ is a definite indicator of an actual incident.
Use of dormant accounts
What is the best way to make sure data is properly encrypted while in transit?
Use the "secure" flag on all sensitive cookies
The ____ command, available on most popular Web browsers, allows users to see the source code behind the page.
View source
The growth and widespread use of the Internet has been coupled with the use of encryption technology to produce a solution for specific types of private communication channels: ____.
Virtual Private Networks (VPNs)
In the mesh wireless topology, there may be no dominant ____.
WAP
Which wireless security protocol is considered to be too weak for use inmost network settings?
WEP
What is the branding name for interoperable equipment that is capable of supporting IEEE 802.11i requirements?
WPA2
Which Linux file records all logins and logouts that occur on the system?
WTMP
Which strategy to test contingency plans involves team members acting as defenders, using their own equipment or a duplicate environment, against realistic attacks executed by external information security professionals?
War Gaming
A ____ is an automatic phone-dialing program that dials every phone number in a configured range (e.g., from 555-1000 to 555-2000) and checks to see if a person, answering machine, or modem answers.
War dialer
In Microsoft Windows-based systems, you can use the ____ to manage event logs from the command line.
Wevtutil utility
DNS ____ provide a mechanism to divide ownership responsibility among various DNS servers and the organizations they serve.
Zones
A ____ attack is time-intensive, so they are rarely aimed at the target system in general.
brute-force
When the measured activity is outside the baseline parameters - exceeding what is called the ____ - the IDPS sends an alert to the administrator.
clipping level
The ____ stage of the attack methodology is a systematic survey of the target organization's Internet addresses, conducted to identify the network services offered by the hosts in that range.
fingerprinting
Wireless sensors are most effective when their ____ overlap.
footprints
The printf (user_input); command in C has the potential to cause a(n) ____ vulnerability.
format string problem
The tcpdump tool will output both the header and packet contents into ____ format.
hex
The primary advantage of the ____ wireless topology configuration is the increased number of connections among stations, which allows greater connectivity.
hierarchal
When a collection of honeypots connects several honeypot systems on a subnet, it may be called a ____.
honeynet
A(n) ____ is any clearly identified attack on the organization's information assets that would threaten the assets' confidentiality, integrity, or availability.
incident
In 2010, OWASP determined that ____ attacks were the top risk to Web applications.
injection
Because of its ubiquity in UNIX/Linux systems, ____ has become the de facto standard in network sniffing.
tcpdump
A ____ resides on a computer or appliance connected to a segment of an organization's network and monitors network traffic on that network segment much like tcpdump - looking for indications of ongoing or successful attacks.
network-based IDPS (NIDPS)
Probably the most popular port scanner is _____, which runs on both UNIX and windows systems.
nmap
Most NBA sensors can be deployed in ____ mode only, using the same connection methods (e.g., network tap, switch spanning port) as network-based IDPSs.
passive
A major problem with FTP is that data is transferred in ____.
plaintext
Intrusion ____ consists of activities that deter an intrusion.
prevention
Requirements for a complex password system include using a _____ value, implementing strong encryption, requiring periodic password changes, and generally implementing a system where guessing a password or its hash is very difficult.
salt
Blacklists and whitelists are most commonly used in ____ detection and stateful protocol analysis.
signature-based
A signature-based IDPS examines network traffic in search of patterns that match known ____.
signatures
802.11 wireless networks exist as ____ on nearly all large networks.
subnets
The Simple Network Management Protocol contains ____ functions, which allow a device to send a message to the SNMP management console indicating that a certain threshold has been crossed, either positively or negatively.
trap
Most of the weaknesses with SNMP occur with Version 1 of SNMP. T/F
true
A ____ is a list of discrete entities that are known to be benign.
whitelist