1.1Implementing security configuration parameters
Which device's log file will show access control lists and which systems were or were not allowed access? Firewall Smartphone Performance Monitor IP proxy
Firewall. A firewall contains one or more access control lists (ACLs) defining who is enabled to access the network. The firewall can also show attempts at access and whether they succeeded or failed.
Where is the optimal place to have a proxy server? In between a private network and a public network In between two private networks In between two public networks On all of the servers
In between a private network and a public network. Proxy servers should normally be between the private network and the public network. This way they can act as a go-between for all the computers located on the private network. This applies especially to IP proxy servers but might also include HTTP proxy servers.
Which of the following is a best practice when installing and securing a new computer for a home user? Install a firewall Install remote control software Install a router
Install a firewall. Firewalls should always be installed to a new computer to secure it before the user starts working with it. Remote control software should not be installed because this creates an entrance to the user's computer that is not necessary.
Jake is in the process of running a bulk data update. However, the process writes incorrect data throughout the database. What has been compromised? Integrity Confidentiality Availability Accountability
Integrity, If incorrect data has been written throughout the database, then the integrity of the data has been compromised. It is still secret, or as confidential as it is supposed to be. It is still available, though the data will now have errors. Someone (or something) needs to be held accountable for this problem, but accountability isn't necessarily something that can be compromised in the way that the other three concepts of the CIA triad can be.
Which of these can hide an entire network of IP addresses? NAT SPI SSH FTP
NAT. NAT (network address translation) hides an entire network of IP addresses. SPI, or Stateful Packet Inspection, is the other type of firewall that today's SOHO routers incorporate.
Which of the following devices would detect but not react to suspicious behavior on the network? NIDS NIPS Firewall HIDS
NIDS. A NIDS, or network intrusion detection system, will detect suspicious behavior but most likely will not react to it. To prevent it and react to it, you would want a NIPS. Firewalls block certain types of traffic but by default do not check for suspicious behavior. HIDS is the host-based version of an IDS; it checks only the local computer, not the network.
Which of the following security applications cannot proactively prevent computer anomalies? NIDS HIPS Antivirus software Personal software firewall
NIDS. NIDS, or network intrusion detection system, cannot proactively prevent computer anomalies. Instead, it passively detects anomalies and notifies the security administrator. HIPS (host-based intrusion prevention system), antivirus software, and personal software firewalls can all be loaded on an individual computer and can be updated as well. These can proactively prevent computer anomalies.
Which of the following will detect malicious packets and discard them? NIPS Proxy server NIDS PAT
NIPS. A NIPS, or network intrusion prevention system, detects and discards malicious packets. A NIDS only detects them and alerts the administrator. A proxy server acts as a go-between for clients sending data to systems on the Internet. PAT is port-based address translation.
Where are software firewalls usually located? On a PC On routers On servers On every computer
On a PC. Software-based firewalls, such as Windows Firewall, are normally running computers. Although a software-based firewall could also be run on a server, it is not as common. Also, a SOHO router might have a built-in firewall, but not all routers have firewalls.
Allowing or denying traffic based on ports, protocols, addresses, or direction of data is an example of what? Firewall rules Port security Content inspection Honeynet
Firewall rules. Firewall rules (ACLs) are generated to allow or deny traffic. They can be based on ports, protocols, IP addresses, or which way the data is headed. Port security deals more with switches and the restriction of MAC addresses that are allowed to access particular physical ports. Content inspection is the filtering of web content, checking for inappropriate or malicious material. A honeynet is a group of computers or other systems designed to attract and trap an attacker.
Which device can use packet inspection? Firewall Switch Hub IDS
Firewall. Some firewalls have stateful packet inspection built in; however, this should be checked because other firewalls will have stateless packet inspection. Stateful packet inspection keeps track of the state of network connections by examining the header in each packet. Switches and hubs are essential connecting devices that connect computers. An IDS, or intrusion detection system, is software or a device that detects attackers and sends administrative alerts if an attack is detected; they can be installed on individual computers or on the network.
Which of the following devices should you employ to protect your network? Firewall Protocol analyzer DMZ Proxy server
Firewall. Install a firewall to protect the network.
Which of the following is a layer 7 device used to prevent specific types of HTML tags from passing through to the client computer? Content filter Router Firewall NIDS
Content filter. A content filter is an application layer (layer 7) device that is used to prevent undesired HTML tags, URLs, certificates, and so on, from passing through to the client computers. A router is used to connect IP networks. A firewall blocks network attacks. A NIDS is used to detect anomalous traffic.
What is a device doing when it actively monitors data streams for malicious code? Content inspection URL filtering Load balancing NAT
Content inspection. A device that is actively monitoring data streams for malicious code is inspecting the content. URL filtering is the inspection of the URL only (for example, www.comptia.org). Load balancing is the act of dividing up workload between multiple computers. NAT is network address translation, which is often accomplished by a firewall or IP proxy.
Which of the following will an Internet filtering appliance analyze? Content Certificate revocation lists PAT
Content. Internet filtering appliances will analyze content, certificates, and URLs. However, certificate revocation lists will most likely not be analyzed. Remember that CRLs are published only periodically.
One of the programmers in your organization complains that he can no longer transfer files to the FTP server. You check the network firewall and see that the proper FTP ports are open. What should you check next? ACLs NIDS AV definitions FTP permissions
ACLs. Access control lists can stop particular network traffic (such as FTP transfers) even if the appropriate ports are open. A NIDS will detect traffic and report on it but not prevent it. Antivirus definitions have no bearing on this scenario. If the programmer was able to connect to the FTP server, the password should not be an issue. FTP permissions might be an issue, but since you are working in the firewall, you should check the ACL first; then later you can check on the FTP permissions, passwords, and so on.
What is a goal for information security? Accountability Auditing Non-repudiation Risk assessment
Accountability.
You have been alerted to suspicious traffic without a specific signature. Under further investigation, you determine that the alert was a false indicator. Furthermore, the same alert has arrived at your workstation several times. Which security device needs to be configured to disable false alarms in the future? Anomaly-based IDS Signature-based IPS Signature-based IDS UTM
Anomaly-based IDS. Most likely, the anomaly-based IDS needs to be re-configured. It is alerting you to legitimate traffic, which amounts to false positives. These are not actually anomalies. If the traffic being analyzed has no specific signature (or known signature), then a signature-based IDS or IPS will not be able to identify it as legitimate or illegitimate. A UTM is a unified threat management device. This device may or may not have an IDS or IPS, and even then, it may or may not be capable of anomaly-based analysis, so it is not as likely an answer as the anomaly-based IDS.
Which of the following types of firewalls provides inspection of data at layer 7 of the OSI model? Application-proxy Packet filtering Stateful inspection Circuit-level gateway
Application-proxy. An application-proxy firewall inspects data at layer 7 of the OSI model. These types of firewalls are also known as application-level gateways, or ALGs. They apply security mechanisms to applications such as FTP. Packet filtering, in the context of firewalls, inspects each packet passing through the firewall and accepts or rejects it based on rules. Two types of packet filtering include stateless packet filters and stateful packet inspection (SPI). Network address translation, or NAT, firewalls filter traffic according to TCP or UDP ports, which Stateful inspection, or stateful packet inspection (SPI), keeps track of network connections by examining the header of each packet, which concerns the network layer, layer 3 of the OSI model. Circuit-level gateways work at the session layer of the OSI model and apply security mechanisms when TCP or UDP connections are established.
Which of the following does the A in CIA stand for when it comes to IT security? Availability Accountability Assessment Auditing
Availability. Availability is what the A in CIA stands for, as in "the availability of data." Together the acronym stands for confidentiality, integrity, and availability.
Which of the following cable media is the least susceptible to a tap? Fiber-optic cable Coaxial cable Twisted-pair cable CATV cable
Fiber-optic cable. Fiber-optic cable is the least susceptible to a tap because it operates on the principle of light as opposed to electricity. All the other answers suffer from data emanation because they are all copper-based.
Which of the following is the greatest risk when it comes to removable storage? Confidentiality of data Integrity of data Availability of data Accountability of data
Confidentiality of data. For removable storage, the confidentiality of data is the greatest risk because removable storage can easily be removed from the building and shared with others. Although the other factors of the CIA triad are important, any theft of removable storage can destroy the confidentiality of data, and that makes it the greatest risk.
Specific secure data is only supposed to be viewed by certain authorized users. What concept ensures this? Confidentiality Integrity Availability Authenticity
Confidentiality. The concept of confidentiality ensures that only authorized users can view secure data. Integrity ensures that data has not been tampered with. Availability ensures that data is accessible and ready. Authenticity ensures that data comes from who the data is supposed to come from and that it is a reputable source.
The IT director asks you to protect a server's data from unauthorized access and disclosure. What is this an example of? Confidentiality Integrity Availability Non-repudiation
Confidentiality. Confidentiality means preventing the access and disclosure of information to unauthorized persons.
Of the following, which type of device attempts to serve client requests without the user actually contacting the remote server? HTTP proxy IP proxy Firewall DMZ
HTTP proxy. An HTTP proxy caches information from a web server for a set amount of time. This way an organization can save bandwidth, and the users can get their web pages quicker. An HTTP proxy is also known as a caching proxy. An IP proxy secures a network by keeping the computers behind it anonymous, usually through the use of network address translation. A firewall protects a network from external attack. A DMZ, or demilitarized zone, is an area between the LAN and the Internet used to store servers that serve information to Internet users.
You are developing a security plan for your organization. Which of the following is an example of a physical control? ID card Password DRP Encryption
ID card. An ID card is an example of a physical security control. Passwords and encryption are examples of technical controls. A disaster recovery plan (DRP) is an example of an administrative control.
Which of the following displays a single public IP address to the Internet while hiding a group of internal private IP addresses? IP proxy HTTP proxy Protocol analyzer SMTP proxy
IP proxy. An IP proxy displays a single public IP address to the Internet while hiding a group of internal private IP addresses. It sends data back and forth between the IP addresses by using network address translation (NAT). This functionality is usually built into SOHO routers and is one of the main functions of those routers. HTTP proxies store commonly accessed Internet information. Protocol analyzers enable the capture and viewing of network data. SMTP proxies act as a go-between for e-mail.
In information security, what are the three main goals? Integrity, confidentiality, and availability Business continuity, accountability, and risk Risk assessment, integrity, and business continuity
Integrity, confidentiality, and availability. Confidentiality, integrity, and availability (known as CIA, the CIA triad, and the security triangle) are the three main goals when it comes to information security. Another goal within information security is accountability. Business continuity plan: A BCP defines how the business will continue to operate if a disaster occurs; this plan is often carried out by a team of individuals. BCPs are also referred to as continuity of operations plans.
If your ISP blocks objectionable material, what device would you guess has been implemented? Internet content filter Proxy server Firewall IP Proxy
Internet content filter. An Internet content filter, usually implemented as content-control software, can block objectionable material before it ever gets to the user. This is common in schools, government agencies, and many companies.
A client contracts you to prevent users from accessing inappropriate websites. Which of the following technologies should you implement? Internet content filter NIDS Honeypot IP proxy
Internet content filter. Internet content filters prevent users from accessing inappropriate websites. Quite often they are built into caching proxies; however, IP proxies are used to enable the connection of many hosts on a LAN through one IP address out to the Internet. A NIDS, or network intrusion detection system, can detect attacks on the network and alert a network administrator if they occur. A honeypot is used to attract and trap attackers on the network for further analysis.
Which of the following provides for the best application availability and can be easily expanded as an organization's demand grows? Load balancing RAID 6 Server virtualization Multi-CPU motherboards
Load balancing. Load balancing is the best option for application availability and expansion. You can cluster multiple servers together to make a more powerful supercomputer of sorts—one that can handle more and more simultaneous access requests. RAID 6 is meant more for data files, not applications. It may or may not be expandable depending on the system used. Multi-CPU motherboards are used in servers and power workstations, but are internal to one system. The CPUs are indeed used together, but will not help with expandability, unless used in a load-balancing scenario.
Which of the following uses multiple computers to share work? Load balancing RAID VPN concentrator Switching
Load balancing. Load balancing uses multiple computers to share work, for example, in a load-balancing cluster configuration. RAID uses multiple hard drives to increase speed or create fault tolerance. VPN concentrators allow for remote access of multiple employees over the Internet. Switching (in its simplest form) is the moving of data across the LAN.
Which tool would you use if you want to view the contents of a packet? Protocol analyzer TDR Port scanner Loopback adapter
Protocol analyzer. A protocol analyzer has the capability to "drill" down through a packet and show the contents of that packet as they correspond to the OSI model.
Which of the following is the most secure type of cabling? Shielded twisted-pair Unshielded twisted-pair Coaxial Category 5
Shielded twisted-pair. Shielded twisted-pair is the most secure type of cabling listed. It adds an aluminum sheath around the wires that can help mitigate data emanation. By far, fiber-optic would be the most secure type of cabling because it does not suffer from data emanation because the medium is glass instead of copper.
Which of the following is a type of packet filtering used by firewalls that retains memory of the packets that pass through the firewall? Stateful packet inspection Stateless packet filter Circuit-level gateway NAT filtering
Stateful packet inspection. A firewall running stateful packet inspection is normally not vulnerable to IP spoofing attacks because it examines the header in each packet. This type of packet inspection can distinguish between legitimate and illegitimate packets. Stateless packet filtering does not retain a memory of packets that pass through the firewall and, because of this, is vulnerable to IP spoofing attacks. Circuit-level gateway firewalls apply security mechanisms when TCP or UDP connections are established but do not examine the headers of the packets themselves. NAT filtering filters out traffic according to TCP or UDP ports.
HIDS and NIDS are similar intrusion detection systems. However, one is for individual computers, and the other is for networks. Which of the following would a HIDS be installed to monitor? System files CPU performance Network adapter performance Temporary Internet files
System files. A HIDS, or host-based intrusion detection system, is software installed to an individual computer to monitor important files and watch for intrusions. System files are some of the most important files that will be monitored by a HIDS. Temporary Internet files are not nearly as important and are usually removed automatically by way of a policy in many organizations. CPU and network adapter performance is usually monitored by some type of performance monitoring program; these are often built into the operating system.
You are implementing a testing environment for the development team. They use several virtual servers to test their applications. One of these applications requires that the servers communicate with each other. However, to keep this network safe and private, you do not want it to be routable to the firewall. What is the best method to accomplish this? Use a virtual switch. Remove the virtual network from the routing table. Use a standalone switch. Create a VLAN without any default gateway.
Use a virtual switch. The virtual switch is the best option. This virtual device will connect the virtual servers together without being rout able to the firewall (by default). Removing the virtual network from the routing table is another possibility; but if you have not created a virtual switch yet, it should not be necessary. A physical standalone switch won't be able to connect the virtual servers together; a virtual switch (or individual virtual connections) is required.