12_RQs
What is the most common step attackers take to attempt to escape detection after a successful break-in? >> Reconfigure the system to give themselves administrative privileges. >> Delete log files to remove all traces of the attack. >> Reformat all hard drives to destroy any potential evidence. >> Copy all password files for other systems.
Delete log files to remove all traces of the attack.
Which of the following types of attack is the least likely to result in damage or loss of data? a. IP service attack b. man-in-the-middle attack c. DoS or DDoS attack d. virus e. buffer overflow
DoS or DDoS attack
Which of the following is NOT a recognized principle of IP security? >> Avoid unnecessary exposure. >> Block all unused ports. >> Enable access by default, deny access by exception. >> Prevent address spoofing.
Enable access by default, deny access by exception.
By default, which of the following IP services send(s) accounts and passwords in clear text when authenticating users? > FTP > Telnet > Stelnet > Web access using SSL
FTP and Telnet
A recognized principle of IP security is enabling access by default, deny access by exception. True or False?
False
Applying patches and fixes is an important part of general system and application maintenance. This explains the importance of applying system and application patches and fixes. True or False?
False
It's necessary to apply only patches and fixes that are relevant to actual, ongoing security problems. This explains the importance of applying system and application patches and fixes. True or False?
False
More than 70 percent of all network or system break-ins originate outside an organization's network boundary. True or False?
False
TCP/IP implements a pessimistic security policy. True or False?
False
The following statement best explains the importance of applying system and application patches and fixes: "It's a good idea to wait until a patch or fix has been around for a while to see if it works appropriately." True or False?
False
IPSec provides enhanced security features at which layer? a. IP layer b. ground layer c. data link layer d. physical layer
IP layer
Which of the following statements best explains why physical security for network and system components and devices is so important? >> Any good security policy must address physical security concerns. >> Physical access to components and devices makes it possible for a knowledgeable intruder to break into such systems. >> Physical access to components and devices is necessary for successful penetration of hardened systems. >> Physical security is not an important concern.
Physical access to components and devices makes it possible for a knowledgeable intruder to break into such systems.
DNS functions on which UDP and/or TCP ports? (Choose all that apply.) > TCP 53 > TCP 21 > UDP 21 > UDP 53
TCP 53 and UDP 53
A recognized principle of IP security is avoiding unnecessary exposure. True or False?
True
A recognized principle of IP security is to block all unused ports. True or False?
True
A recognized principle of IP security is to do unto yourself before others do unto you. True or False?
True
A recognized principle of IP security is to prevent address spoofing. True or False?
True
As vulnerabilities or exploits are exposed, system and application vendors provide patches and fixes to repair, defeat, or mitigate potential attacks. Thus, it's usually a good idea to apply them. This explains the importance of applying system and application patches and fixes. True or False?
True
Which of the following tools are candidates for an attack toolkit? a. Wireshark b. nmap c. tcpdump d. footprinting tools
Wireshark, nmap, tcpdump, footprinting tools
Which of the following definitions best describes a BACK DOOR? >> an alternate, but legitimate, means of entry into a system or application >> a weak spot or known point of attack on any common operating system >> an undocumented and illicit point of entry into a system or application >> any protocol, service, or system facility known to be susceptible to attack
an undocumented and illicit point of entry into a system or application
What makes both FTP and HTTP (Web) vulnerable IP services?
anonymous login
Which of the following best describes a VULNERABILITY? >> an undocumented and illicit point of entry into a system or application >> a weak spot or known point of attack on any common operating system >> any protocol, service, or system facility known to be susceptible to attack >> an alternate, but legitimate, means of entry into a system or application
any protocol, service, or system facility known to be susceptible to attack
Which of the four main elements in a DDoS attack is least likely to be actively engaged when an attack occurs?
attacker
What type of computer should be used to house firewall and/or proxy server software? a. secure host b. bastion host c. screening host d. screening router
bastion host
When an attacker systematically tries all conceivable passwords for an account, what is this attack called?
brute force password attack
Which of the following document types is an attacker most likely to use when attempting to break into a system or network? > attack profile > exploit > security policy > password hash
exploit
Which of the four main elements in a DDoS attack coordinate and excute the actual attack?
handler and agent
Which of the following could be examples of the desired affect of a DoS attack? >> interrupting operations >> powering down operations >> completely disrupting operations >> upgrading operations
interrupting operations and completely disrupting operations
What technique might an attacker use to forge replies to senders and receivers? a. IP service attack b. back door attack c. DDoS and DoS attack d. man-in-the-middle attack
man-in-the-middle attack
What are the three legs of network security?
physical, personnel, system and network security
Which of the following does NOT account for the vast majority of losses of data or services from systems and networks? > viruses > power outages > internal security breaches > external security breaches
power outages
What technique might an attacker use to hide or deflect interest in attack behaviors or activities? a. user impersonation b. spoofing c. man-in-the-middle attack d. reconnaissance
spoofing
Which of the following are examples of malicious code? (Choose all that apply.) > virus > worm > Trojan horse > Windows 7
virus, worm, Trojan horse