CH. 7,8,9,10 Security
List at least three ways host vulnerability scanners are different from network vulnerability scanners
- Being more specialized - Requires high level access to thelocal host, typically administrative access - Gennerally only running against a single host
Your friend in another department asks you to help him understand some fundamental principles about encryption and clear text. Identify three important principles about the risk incurred by unencrypted credentials and clear text.
- It is important to protect the transfer of authorizing credentials between computer systems from unauthorized observations - to prevent credentials disclosure to unauthorized parties, they should never be transmitted acrross cleartext forms of communication in unencrypted form - subject to release in the event of an error that results in the credential information being presisted in a log or displayed on someones screen
A network scanner will usually list a port on a remote machine as oneof hich three classifications?
- Network scanners will typicallly return a ports status as either open, closed, or filtered
Your manager asks you to help understand som e fundamental principles about device configuration. Identify three important principles about device configuration.
- misconfigured devices are one of the more common security issues and can go completley unnoticed - many security controls depend upon a properly configured device to function properly - firewalls, content filters, and access points are all common systems with configuration that are critical for proper operation
Identify three essential policies an enterprise should have to properly managethe himan aspects of nework security.
- properly manage the human asspects of network security include policies on personal email - content filtering - acceptable use
List three methods of controlling unauthorized software.
- removing the user's ability to add software - using whitelisting or freeze technologies torestrict what can run on a machine - conducting regual audits to identify unauthorized software
what frequecy spectrum does bluetooth use?
2.4GHz
Which of the following is the data rate for bluetooth 4.0?
24 MBPS
What frequency spectrum does Wi-Fi use?
5 GHz
A user reports to the help desk that he is getting "Cannot resolve address" error messages from his browser. Which port is likely a problem of his firewall?
53
Which port does FTPS use?
990
Your organization has been hit with multiple targeted network attacks over the last few months resulting in two data breaches. To attempt to discover how the attackers are getting into your system, you set up a few vulnerable virtual machines with fake data on them that look like the organizations real machines. What defense mechanism have you built
A honeynet
Which of the following correctly defines Mobile Device Management (MDM)?
A marketing term for commonly employed protections for mobile devices
Why should you never use a network scannner on a network yu are not authorized to scan?
A network scanner or port scanner is the same tool tht an attacker would use.
which of the following properly defines data exfiltration?
An attacker attempts to steal a copy of your datta and export it from your system
Which of the following are the three nodes supported by Bluetooth 4.0?
Classic, high speed, low energy
A friend approaches you at a personal social event and says he waas unable to acess a popular website at work but other sites such as as new sites seemed to work. Identify the most likely culprit
Content filters,
What is the most common use of data sanitization tools?
Erasing hard drives before computers are recycled
what is the primary use of NEar Field Communicaiton (NFC)
Establish radio communciations over a short proximity
Which of the following is a risk typically related to certificates?
Failure to install a needed trust chain makes a key the should be trusten, untrusted
Which of the following is not an element of a good Mobile Device Management (MDM) policy?
The ability to decrypt data on the device
Whay is it important to establish polices governing remote wiping of mobile devices?
The are mosre susceptiable to loss than other devices
Which of the following is not ture about insider threats?
The best defense against insider threats is a single strong layer of defense
Which of the following is true about managing user premission issues?
The strength of this command is highly dependent on it being kept current and properly maintained
What is the most likely reason for access violation errors?
The user is unauthorized and is either making a mistake or is attempting to get past security
Which of the following accurately describes the purpose of computer protocols
They act as a common language to allow different components to communicate
What is the puropose of HTTPS
To use SSL or TLS to encrypt a channel over which HTTP traffic is transmitted
Which of the following correctly escribes ANT?
I functions well in the crowded 2.4-GHz spectrum
What is the main security concern with universal serial bus (USB) technology?
It automounts and acts like a hard drive atttached to the computer
What is a disadvantage of Infrate (IR) technology?
It cannot penetrate solid objects
What is the purpose of geofencing?
It enables devices to be recognized by location and have actions taken
What is the secure shell (SSH) protocol?
It is an encrypted remote terminal connection program used for remote connections to a server
Why should you compare hashes of the files you download from the internet to a library of known hash values?
It prevents the spread of malware by checking a file's Integrity
What is the purpose of the secure/multipurpose Internet mail Extensions (S/MINME) protocol?
It provides cryptographic protections to emails
What is the purpose of secure real-time transport protocol (SRTP)?
It securely delivers audio and video over IP networks
Whatis the purpose of the DNS protocol?
It translates names into IP addresses
Which of the following is a valid principle relevant to logs and events anomalies?
Its important ot determine what to log and what not to log
Which of the following is a weak ness of cellular technology?
Less avalibility in rural areas
There are reports of a worm going through your company that communicates to other nodes on port TCP?/1337. What tool would you use to find infected nodes on your network?
Network Scanner
What mechanism does Bluetooth use to establish a trust relationship
Pairing
Which of the following describes most network tools that are designed to detect an attack?
Passive
What two things can removable media control do to improve security?
Prevent infiltration of malware and prevent exfiltration of data
What is a weakness of the DNS protocol?
Request and replicates are sent in plaintext
What is the most common scenario for the use of satelite communication(SATCOM)?
Rual and remote areas or at sea
Your manager comes to you with an audit finding that 85 percent of the machines on your netwrok are vulnerable to a variety of different exploits. He wants you to verify the findings of the report. What would be the best tool for this?
Vulnerability Scanner
Identify the primary reason why perosonal email presents risks to the corporation
datat exfiltration pathway that is outside of corporate control, path for malware to enter the network, a path for malwae to enter user machines
which of the following is a benefit of DNSSEC?
enables origin authentication, authenticated denial of existence, and data integritty
which of the following is true about firewalls?
firewalls are network access olicy enforcement devices taht allow or block pasage of packets based on a ruleset
What is the purpose of the simple network management protocol (SNMP)?
it is used to manage devices on IP based network
What is the purpose of the Secure Sockets Layer (SSL) protocol?
it provides encryption for transport layer protocols across the web
Which of the following correctly describes Transport Layer Security (TLS)?
it replaces SSL
What is the purpose of Lightweight Directory Access Protocol Secure (LDAPS)?
it uses an SSL/TLS tunnel to connect LDAP Services
Identify three reasons why poorly trained users present as significant security challenge.
personnel can violate policies lack situational awareness, or willful disobedience
you are a security admin for XYZ company. you suspect that company emails using default POP and IMAP email protocoals and ports are getting intercepted while in transit. Whic of the following ports hould you consider using?
port 995 and 993
The tcpdump command-line tool is classified as which of the following?
protocol analyzer
What kind of tool is wireshark?
protocol analyzer
Which of the following is not a risk related to social media?
visable training programs can helpmitigate social media risks
