Set 27 Questions 651 to 675
During a penetration test from the Internet, Jane, the system administrator, was able to establish a connection to an internal router, but not successfully log in to it. Which ports and protocols are MOST likely to be open on the firewall? (Choose FOUR).
22, 23, SSH, & Telnet
After analyzing and correlating activity from multiple sensors, the security administrator has determined that a group of very well organized individuals from an enemy country is responsible for various attempts to breach the company network, through the use of very sophisticated and targeted attacks. Which of the following is this an example of?
Advanced persistent threat
During an anonymous penetration test, Jane, a system administrator, was able to identify a shared print spool directory, and was able to download a document from the spool. Which statement BEST describes her privileges?
All users have read access to the file.
A new security analyst is given the task of determining whether any of the company's servers are vulnerable to a recently discovered attack on an old version of SSH. Which of the following is the quickest FIRST step toward determining the version of SSH running on these servers?
Banner grabbing
Which of the following would a security administrator implement in order to identify change from the standard configuration on a server?
Baseline review
Several users report to the administrator that they are having issues downloading files from the file server. Which of the following assessment tools can be used to determine if there is an issue with the file server?
Baselines
Ann, the software security engineer, works for a major software vendor. Which of the following practices should be implemented to help prevent race conditions, buffer overflows, and other similar vulnerabilities prior to each production release?
Code review
A financial company requires a new private network link with a business partner to cater for realtime and batched data flows. Which of the following activities should be performed by the IT security staff member prior to establishing the link?
Design review
Which of the following assessment techniques would a security administrator implement to ensure that systems and software are developed properly?
Design reviews
Jane, a security analyst, is reviewing logs from hosts across the Internet which her company uses to gather data on new malware. Which of the following is being implemented by Jane's company?
Honeynet
A security administrator wants to get a real time look at what attackers are doing in the wild, hoping to lower the risk of zero-day attacks. Which of the following should be used to accomplish this goal?
Honeynets
A security specialist has been asked to evaluate a corporate network by performing a vulnerability assessment. Which of the following will MOST likely be performed?
Identify vulnerabilities, check applicability of vulnerabilities by passively testing security controls.
The security team would like to gather intelligence about the types of attacks being launched against the organization. Which of the following would provide them with the MOST information?
Implement a honeynet
A security administrator is aware that a portion of the company's Internet-facing network tends to be non-secure due to poorly configured and patched systems. The business owner has accepted the risk of those systems being compromised, but the administrator wants to determine the degree to which those systems can be used to gain access to the company intranet. Which of the following should the administrator perform?
Penetration test
Which of the following assessments would Pete, the security administrator, use to actively test that an application's security controls are in place?
Penetration test
Which of the following is BEST utilized to actively test security controls on a particular system?
Penetration test
Which of the following is the MOST intrusive type of testing against a production system?
Penetration testing
Sara, the Chief Information Officer (CIO), has requested an audit take place to determine what services and operating systems are running on the corporate network. Which of the following should be used to complete this task?
Port scan and fingerprinting
During a security assessment, an administrator wishes to see which services are running on a remote server. Which of the following should the administrator use?
Port scanner
Which of the following tools would a security administrator use in order to identify all running services throughout an organization?
Port scanner
One of the servers on the network stops responding due to lack of available memory. Server administrators did not have a clear definition of what action should have taken place based on the available memory. Which of the following would have BEST kept this incident from occurring?
Set up a performance baseline
Which device monitors network traffic in a passive manner?
Sniffer
A system administrator has noticed vulnerability on a high impact production server. A recent update was made available by the vendor that addresses the vulnerability but requires a reboot of the system afterwards. Which of the following steps should the system administrator implement to address the vulnerability?
Test the update in a lab environment, backup the server, schedule downtime to install the patch, install the update, reboot the server, and monitor for any changes
Ann, a security analyst, is preparing for an upcoming security audit. Which of the following would Ann use to ensure that she identifies unapplied security controls and patches without attacking or compromising the system?
Vulnerability scanning
Mike, a security professional, is tasked with actively verifying the strength of the security controls on a company's live modem pool. Which of the following activities is MOST appropriate?
War dialing