Chpt 3 Review Questions - Computer Systems Security Part II
A smartphone is an easy target for theft. Which of the following are the best methods to protect the confidential data on the device? (Select the two best answers.) A. Remote wipe B. E-mail password C. GPS D. Tethering E. Encryption F. Screen lock
. A and E. Remote wipe and encryption are the best methods to protect a stolen device's confidential or sensitive information. GPS can help to locate a device, but it can also be a security vulnerability in general; this will depend on the scenario in which the mobile device is used. Passwords should never be e-mailed and should not be associated with e-mail. Tethering is when a mobile device is connected to another computer (usually via USB) so that the other computer can share Internet access, or other similar sharing functionality in one direction or the other. This is great as far as functionality goes, but more often than not can be a security vulnerability. Screen locks are a decent method of reducing the chance of login by the average person, but they are not much of a deterrent for the persistent attacker.
Which of the following are Bluetooth threats? (Select the two best answers.) A. Bluesnarfing B. Blue bearding C. Bluejacking D. Distributed denial-of-service
A and C. Bluesnarfing and bluejacking are the names of a couple of Bluetooth threats. Another attack could be aimed at a Bluetooth device's discovery mode. To date there is no such thing as blue bearding, and a distributed denial-of-service attack uses multiple computers to attack one host.
What are two ways to secure the computer within the BIOS? (Select the two best answers.) A. Configure a supervisor password. B. Turn on BIOS shadowing. C. Flash the BIOS. D. Set the hard drive first in the boot order.
A and D. Configuring a supervisor password in the BIOS disallows any other user to enter the BIOS and make changes. Setting the hard drive first in the BIOS boot order disables any other devices from being booted off, including floppy drives, optical drives, and USB flash drives. BIOS shadowing doesn't have anything to do with computer security, and although flashing the BIOS may include some security updates, it's not the best answer.
What are some of the drawbacks to using a HIDS instead of a NIDS on a server? (Select the two best answers.) A. A HIDS may use a lot of resources, which can slow server performance. B. A HIDS cannot detect operating system attacks. C. A HIDS has a low level of detection of operating system attacks. D. A HIDS cannot detect network attacks.
A and D. Host-based intrusion detection systems (HIDSs) run within the operating system of a computer. Because of this, they can slow a computer's performance. Most HIDS do not detect network attacks well (if at all). However, a HIDS can detect operating system attacks and will usually have a high level of detection for those attacks.
Which of the following is an advantage of implementing individual file encryption on a hard drive that already uses whole disk encryption? A. Individually encrypted files will remain encrypted if they are copied to external drives. B. It reduces the processing overhead necessary to access encrypted files. C. NTFS permissions remain intact when files are copied to an external drive. D. Double encryption doubles the bit strength of the encrypted file.
A. By implementing individual file encryption (such as EFS) on files that are stored on a disk encrypted with whole disk encryption, the files will remain encrypted (through EFS) even if they are copied to a separate drive that does not use whole disk encryption. However, running two types of encryption will usually increase processing overhead, not reduce it. NTFS permissions aren't relevant here; however, if files are copied to an external drive, those files by default lose their NTFS permissions and inherit new permissions from the parent folder on the new drive. We'll discuss NTFS permissions more in Chapter 11. We shouldn't call this double encryption—rather, the files are encrypted twice separately. The bit strength is not cumulative in this example, but there are two layers of encryption, which is an example of defense in depth and security layering.
You are the security administrator for your organization. You want to ensure the confidentiality of data on mobile devices. What is the best solution? A. Device encryption B. Remote wipe C. Screen locks D. AV software
A. Device encryption is the best solution listed to protect the confidentiality of data. By encrypting the data, it makes it much more difficult for a malicious person to make use of the data. Screen locks are a good idea but are much easier to get past than encryption. Antivirus software will not stop an attacker from getting to the data once the mobile device has been stolen. Remote sanitization (remote wipe) doesn't keep the data confidential; it removes it altogether! While this could be considered a type of confidentiality, it would only be so if a good backup plan was instituted. Regardless, the best answer with confidentiality in mind is encryption. For example, if the device was simply lost, and was later found, it could be reused (as long as it wasn't tampered with). But if the device was sanitized, it would have to be reloaded and reconfigured before being used again
A smartphone has been lost. You need to ensure 100% that no data can be retrieved from it. What should you do? A. Remote wipe B. GPS tracking C. Implement encryption D. Turn on screen locks
A. If the device has been lost and you need to be 100% sure that data cannot be retrieved from it, then you should remotely sanitize (or remotely "wipe") the device. This removes all data to the point where it cannot be reconstructed by normal means. GPS tracking might find the device, but as time is spent tracking and acquiring the device, the data could be stolen. Encryption is a good idea, but over time encryption can be deciphered. Screen locks can be easily circumvented.
What are the two ways in which you can stop employees from using USB fl ash drives? (Select the two best answers.) A. Utilize RBAC. B. Disable USB devices in the BIOS. C. Disable the USB root hub. D. Enable MAC fi ltering.
B and C. By disabling all USB devices in the BIOS, a user cannot use his flash drive. Also, the user cannot use the device if you disable the USB root hub within the operating system. RBAC, which stands for role-based access control, defines access to networks by the person's role in the organization (we will cover this more later in the book). MAC filtering is a method of filtering out computers when they attempt to access the network (using the MAC addresses of those computers).
Carl is the security administrator for a transportation company. Which of the following should he encrypt to protect the data on a smartphone? (Select the two best answers.) A. Public keys B. Internal memory C. Master boot record (MBR) D. Steganographic images E. Removable memory cards
B and E. When encrypting a smartphone, the security administrator should encrypt internal memory and any long-term storage such as removable media cards. The admin must remember that data can be stored on both. Public keys are already encrypted; it is part of their inherent nature. Smartphones don't necessarily use an MBR the way Windows computers do, but regardless, if the internal memory has been encrypted, any boot sector should be secured. Images based on steganography, by their very nature, are encrypted through obfuscation. It is different from typical data encryption, but it's a type of cryptography nonetheless.
You are tasked with implementing a solution that encrypts the CEO's laptop. However, you are not allowed to purchase additional hardware or software. Which of the following solutions should you implement? A. HSM B. TPM C. HIDS D. USB encryption
B. A TPM, or trusted platform module, is a chip that resides on the motherboard of the laptop. It generates cryptographic keys that allow the entire disk to be encrypted, as in full disk encryption (FDE). Hardware security modules (HSMs) and USB encryption require additional hardware. A host-based intrusion detection system requires either additional software or hardware.
To mitigate risks when users access company e-mail with their smartphone, what security policy should be implemented? A. Data connection capabilities should be disabled. B. A password should be set on the smartphone. C. Smartphone data should be encrypted. D. Smartphones should be only for company use.
B. A password should be set on the phone, and the phone should lock after a set period of time. When the user wants to use the phone again, the user should be prompted for a password. Disabling the data connection altogether would make access to e-mail impossible on the smartphone. Smartphone encryption of data is possible, but it could use a lot of processing power that may make it unfeasible. Whether the smartphone is used only for company use is up to the policies of the company.
Which of the following is a concern based on a user taking pictures with a smartphone? A. Application whitelisting B. Geotagging C. BYOD D. MDM
B. Geotagging is a concern based on a user taking pictures with a mobile device such as a smartphone. This is because the act of geotagging utilizes GPS, which can give away the location of the user. Application whitelisting is when there is an approved list of applications for use by mobile devices. Usually implemented as a policy, if the mobile device attempts to open an app that is not on the list, the process will fail, or the system will ask for proof of administrative identity. BYOD stands for bring your own device, a technological concept where organizations allow employees to bring their personal mobile devices to work and use them for work purposes. MDM stands for mobile device management, a system that enables a security administrator to configure, update, and secure multiple mobile devices from a central location.
Your manager wants you to implement a type of intrusion detection system (IDS) that can be matched to certain types of traffic patterns. What kind of IDS is this? A. Anomaly-based IDS B. Signature-based IDS C. Behavior-based IDS D. Heuristic-based IDS
B. When using an IDS, particular types of traffic patterns refer to signature-based IDS.
Which of the following would most likely be considered for DLP? A. Proxy server B. Print server C. USB mass storage device D. Application server content
C. Of the answers listed, the USB mass storage device would be the most likely asset to be considered for data loss prevention (DLP). It's the only device listed in the answers that should have any real organizational data! A proxy server temporarily caches such data as HTTP and FTP. A print server forwards printed documents to the correct printer (again the data is usually held temporarily). An application server contains programs, but usually doesn't store organizational data files. It's the devices and computers that store actual company data files that we are primarily concerned with.
You oversee compliance with financial regulations for credit card transactions. You need to block out certain ports on the individual computers that do these transactions. What should you implement to best achieve your goal? A. HIPS B. Antivirus updates C. Host-based firewall D. NIDS
C. To meet regulations, a properly configured host-based firewall will be required on the computers that will be transacting business by credit card over the Internet. All of the other answers—antivirus updates, NIDS, and HIPS—are good ideas to secure the system (and/or network), but they do not address the core issue of filtering ports, which is the primary purpose of the firewall. Also, a network-based firewall will often not be secure enough to meet regulations, thus the need for the extra layer of protection on the individual computers.