Digital Crime Investigation quiz 5, DCOM258: Quiz11: Ch12: Vulnerability and Risk Assessment, Chapter 12 Quiz, DCOM258: Quiz15: Ch16: Redundancy and Disaster Recovery, CC6003 Digital Crime Investigation quiz 3, DCOM258: Quiz: Introduction to Security...
Which of the following is a protocol analyzer? -Nessus -Cain & Abel -Wireshark -John the Ripper
Wireshark
. Which of the following are examples of virtualization? (Select the three best answers.) A. Microsoft Virtual PC B. Microsoft Virtual Server C. VMware D. Microsoft Visio
3. A, B, and C. Microsoft Virtual PC, Microsoft Virtual Server, and VMware are all examples of virtualization. Microsoft Visio is a program within the Microsoft Office suite used to create diagrams and flow charts.
Battery inverter generators use lead acid batteries. (t/f)
True
Failure resistant disk systems protect against data loss due to disk failure. An example of this would be RAID 1 mirroring. (t/f)
True
What do hackers use malicious port scanning for? -To fingerprint the system -topology of the network -computer names on network -all usernames and passwords
"fingerprint" the system
When conducting a risk assessment, which of the following should you do after identifying threats and threat likelihood? (select 2) -Identify asses -Identify vulnerabilities -Identify monetary impact -Identify the impact assessment
-Monetary Impact -Impact Assessment
Which of the following are examples of penetration testing methods (select 2) -Open Source Security Testing Methodology Manual -OVAL -NIST penetration testing -CERDEC
-Open Source Security Testing Methodology Manual -NIST Penetration Testing
. Which of the following should you implement to keep a well-maintained computer? (Select the three best answers.) A. Update the firewall. B. Update the BIOS. C. Use a surge protector. D. Remove the unnecessary firewall.
. A, B, and C. To keep a well-maintained computer, a user should use a surge protector or UPS, update the BIOS, update Windows, update antimalware, update the firewall, and maintain the disks. It is extremely rare that there will be an unnecessary firewall.
. What is the best option to use to isolate an operating system? A. Host-based intrusion detection system B. Network-based intrusion detection system C. Antivirus software D. Virtualization software
. D. Virtualization software should be used to isolate operating systems from attacks and other types of threats. The other three answers help to protect an operating system but do not isolate it completely.
One way to defend against a double-tagging attack is to put unplugged ports on the switch into an unused VLAN.
. False—Putting unplugged ports on the switch into an unused VLAN is one way of defending against switch spoofing. Ways to defend against double tagging include upgrading firmware and picking an unused VLAN as the default VLAN.
1. Hardening is the act of configuring an OS securely, updating it, and removing unnecessary applications.
. True—The hardening of an operating system is the act of configuring it securely, updating it, creating rules and policies, removing unnecessary applications, and stopping unnecessary services.
Which of the following ways can help secure a modem? (Select the two best answers.) A. Use the callback feature. B. Mount the modem to the floor. C. Use telnet. D. Used strong passwords.
1. A. and D. Using the callback feature enables you to set the modem to call a specific person back at a preset phone number. Strong passwords and some type of authentication scheme can also help to secure a modem. Modems are generally not bolted to the floor; however, a PBX device might be. Telnet is an insecure application and protocol; it should be substituted with SSH.
Which of the following should be done to maintain and harden a hard disk? (Select the two best answers.) A. Defragment the drive. B. Consider a whole disk encryption. C. Install third-party applications. D. Sanitize the drive.
A and B. Defragmenting the hard drive is a good way to maintain the drive. Using whole disk encryption can harden the hard disk. It is unknown whether third-party applications can help to maintain or harden a hard disk; chances are they will do neither. Sanitizing the drive is the act of removing all the data.
Which of the following are ways to help defend against distributed denial-of-service attacks? (Select the three best answers.) A. Update firewalls. B. Carefully select applications.
A, B, and D. Ways to help defend against distributed denial-of-service attacks include updating firewalls, using intrusion prevention systems, and using a clean pipe from your Internet service provider. You should always be careful when selecting applications; however, DDoS attacks will usually be perpetuated on specific servers that run specific applications that need to be functional. It is not the best answer, but you should always watch which applications you run.
Which of the following commands can be used to turn off a service? A. Net stop B. Net start C. Sc config D. # chkconfig <service> off
A. Net stop is used to turn off the service in the command line within Windows. Net start is used to turn on a service from the command line in Windows. Sc config can be used to disable services. # chkconfig <service> off is used to disable services in Linux.
If a server has inbound Port 21 open, what service is it running? A. File Transfer Protocol B. Simple Mail Transfer Protocol C. Hypertext Transfer Protocol D. Kerberos
A. Port 21 corresponds to the File Transfer Protocol (FTP). The Simple Mail Transfer Protocol (SMTP) uses Port 25. The Hypertext Transfer Protocol (HTTP) uses Port 80. Kerberos uses Port 88.
9. Which command lists the hotfixes installed to Windows? A. systeminfo B. gpedit.msc C. cmd.exe D. sc config
A. systeminfo lists all the hotfixes that have previously been installed to Windows. Gpedit.msc displays the Local Group Policy Editor console window. Cmd.exe opens the Command Prompt in Windows. Sc config can be used for a variety of things, including disabling services.
Which is the amount of times per year that a specific incident occurs? -SLE -ARO -ALE -MAC
ARO (annual rate of occurrence)
Which of the following is a record of the tracked actions of users?
Audit trails
You have been alerted to suspicious traffic without a specific signature. Under further investigation, you determine that the alert was a false indicator. Furthermore, the same alert has arrived at your workstation several times. Which security device needs to be configured to disable false alarms in the future? (Select the best answer.)
Anomaly-based IDS
Which of the following requires a baseline? (Select the two best answers.)
Anomaly-based monitoring Behavior-based monitoring
Which of the following ranges comprise the well-known ports category? A. 1024-49,151 B. 0-1023 C. 49,152-65,535 D. 10.0.0.0-10.255.255.255
B. 0-1023 is the port range for the category called well-known ports. 1024-49,151 is the port range for the category known as registered ports. 49,152-65,535 is the port range for a dynamic and private ports. 10.0.0.0-10.255.255.255 is the range of private Class A IP addresses.
Which of the following can best be described as the exploitation of a computer session in an attempt to gain unauthorized access to data? A. DoS B. Session hijacking C. Null session D. Domain name kiting
B. Session hijacking is the exploitation of a computer session in an attempt to gain unauthorized access to data or other resources on a computer. DoS (denial-of-service) is any attack that attempts to make computer resources unavailable. A null session is a type of exploit that makes unauthenticated NetBIOS connections to a target computer. Domain name kiting is the process of deleting a domain name during a five-day grace period.63
8. Which one of the following navigational paths shows the current service pack level to the user? A. Click Start, right-click Network, and select Properties. B. Click Start, right-click Computer, and select Properties. C. Click Start, right-click Computer, and select Manage. D. Click Start, right-click Network, and select Manage.
B. To find out the current service pack level, click Start, right-click Computer, and select Properties in Windows.
You are contracted to conduct a digital forensic analysis. What should you do first? -Back Up System -Analyze the Files -Scan for Viruses -Make changes to the system
Back Up System
10. What is baselining? A. The act of securing an operating system and updating it B. A group of updates, bug fixes, and security fixes C. The process of measuring changes in networking devices, hardware, and software D. A type of patch management40
C. Baselining is the process of measuring changes in devices or computers. The acts of securing an operating system and updating it are 41 components of hardening the operating system. A group of updates, bug fixes, and security fixes is a service pack. Patch management is the planning, testing, implementing, and auditing of patches.
Of the following, which can be a security benefit when using virtualization? A. Patching a computer patches all virtual machines running on the computer. B. If one virtual machine is compromised, none of the other virtual machines can be compromised. C. If a virtual machine is compromised, the adverse effects can be compartmentalized. D. Virtual machines cannot be affected by hacking techniques.
C. By using a virtual machine (which is one example of a virtual instance), any ill effects can be compartmentalized to that particular virtual machine, usually without any ill effects to the main operating system on the computer. Patching a computer does not automatically patch virtual machines existing on the computer. Other virtual machines can be compromised, especially if nothing is done about the problem. Finally, virtual machines can definitely be affected by hacking techniques. Be sure to secure them!
Which of the following is the best file system to use in Windows? A. FAT32 B. FAT C. NTFS D. FAT1639
C. NTFS is the best file system to use in Windows because it is more secure, enables logging, and enables larger partition sizes. You should consider converting FAT partitions to NTFS.
Which of the following port numbers is used by the Character Generator? A. 21 B. 7 C. 19 D. 53
C. Port 19 is used by the Character Generator (CHARGEN). Port 21 is used by FTP. Port 7 is used by echo. Port 53 is used by DNS.
To use the Lightweight Directory Access Protocol (LDAP) in a secure fashion, what port should be used? A. 443 B. 3389 C. 636 D. 389
C. Port 636 is used by Lightweight Directory Access Protocol (LDAP) over TLS/SSL. Port 443 is used by Hypertext Transfer Protocol Secure. Port 3389 is used by Remote Desktop Protocol. Port 389 is used by the standard Lightweight Directory Access Protocol.
Which of the following is not a denial-of-service attack? A. Smurf attack B. Teardrop attack C. Replay attack D. Fork bomb
C. The replay attack is a network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed. It is not within the realm of denial-of-service attacks. All the other answers are types of denial-of-service attacks.
Which of the following have tables, chairs, restrooms, and possibly some basic phone and electric lines, but nothing else? -Cold Site -Warm Site -Hot Site -Duplicate Site
Cold Site
Which of the following deals with the standard load for a server?
Configuration baseline
Which of the following techniques enables an already secure organization to assess security vulnerabilities in real time?
Continuous monitoring
Which of the following is the best practice to implement when securing log files?
Copy the logs to a remote log server
Which of the following backs up only the contents of a folder that have changed since hte last full backup? -Full Backup -Differential Backup -Copy Backup -Towers of Hanoi
Differential Backup
Your boss wants you to secure your web server's transactions. Which protocol and port number should you use to accomplish this? A. POP3-110 B. LDAP-389 C. RDP-3389 D. HTTPS-44361
D. HTTPS (Hypertext Transfer Protocol Secure) should be used; it corresponds to Port 443. POP3 is used by email servers. LDAP is used by domain controllers. RDP is used by terminal servers.
7. D. sc config can be used to disable a service in the command line. Services can be started and stopped with the net start and net stop commands, respectively. Net disable is not about command.
D. sc config can be used to disable a service in the command line. Services can be started and stopped with the net start and net stop commands, respectively. Net disable is not about command.
Which of the following is a pre-arranged list of likely words attempted at one time? -Brute Force -Dictionary -Cryptoanalysis -Guessing
Dictionary
A portable gas engine generator is the best solution for a company that wants a permanently installed generator. (t/f)
False
A surge is a short transient in the voltage that can be due to a short circuit or power outage. (t/f)
False
Which of the following is also known as "high-availability clusters?" -Fail-over cluster -Load-balancing cluster -CPU clusters -Redundant clusters
Fail-over clusters
OVAL is a type of penetration testing. (t/f)
False
One of the strategies an organization might employ when managing a particular risk is to accept none of the risk. (t/f)
False
Passive security analysis is when actual hands-on tests are run on a system. (t/f)
False
Qualitative risk assessment measures risk by using exact monetary values. (t/f)
False
RAID 1 is known as striping with parity. (t/f)
False
Redundant power supplies can help in the case of a brownout. (t/f)
False
SLE X ALE = ARO (t/f)
False
The network 10.0.0.0 is a Class B private IP network.
False—10.0.0.0 is a network within the Class A private IP range. Class B is between 172.16.0.0 and 172.31.255.255.
A MAC flood is when a person accesses a single port of a switch that was not physically secured.
False—A MAC flood is when numerous packets are sent to a switch, each with a different source MAC address, in an attempt to use up all the memory on the switch and causing a change of state known as failopen mode.
An intranet enables sister companies to access a secure area of a company's network.
False—An intranet is usually used for remote employees of an organization. Sister companies and partner companies would usually connect to an extranet.
One way to protect a WAN is to place all the computers behind a router.
False—By placing all the computers behind a router, you can protect the LAN. Ways to protect the wide area network include firewalling and monitoring.
6. The option Never Check for Updates is recommended by Microsoft.
False—Never Check for Updates is not recommended by Microsoft because it can be a security risk. One of the three other options should be selected.
. To turn off services, you would access the Programs and Features section of the Control Panel.
False—Services can be shut off within the services section of Computer Management or within the command line. The Programs and Features section of the Control Panel is where you would uninstall unnecessary programs.
The convert command converts FAT32 partitions to NTFS.38
False—The convert command converts FAT32 partitions to NTFS.
3. The net stop commands disable services in Windows.
False—The net stop commands stop a service in Windows. To disable a service in the command line, you need to use the sc config command.
To open the Local Group Policy Editor console window, a user should type gpedit.msc. MMC opens a new Microsoft Management Console.
False—To open the Local Group Policy Editor console window, a user should type gpedit.msc. MMC opens a new Microsoft Management Console.
Which of the following backup schemes could be described as using a daily, weekly, and monthly set of tapes? -10 Tape Rotation -Grandfather, Father, Son -Towers of Hanoi -Six Tape Scheme
Grandfather, Father, Son
Which of the following is a near duplicate of the original site of the organization? -Cold Site -Warm Site -Hot Site -Duplicate Site
Hot Site
Which of the following will back up only the contents of the folder that have changed since the last full backup or the last incremental backup? -Full Backup -Incremental Backup -Differential Backup -Copy Backup
Incremental Backup
One of the developers in your organization installs a new application in a test system to test its functionality before implementing into production. Which of the following is most likely affected?
Initial baseline configuration
Which of the following is a vulnerability assessment tool? -John the Ripper -AirSnort -Nessus -Cain & Abel
Nessus
Which of the following can determine which flags are set in a TCP/IP handshake?
Packet analyzer
Which tool can be instrumental in capturing FTP GET requests?
Packet analyzer
Which of the following would not be considered part of a disaster recovery plan? -Hot Site -Patch Management -Back up computers -Tape Backup
Patch Management
What tool can alert you if a server's processor trips a certain threshold?
Performance Monitor
You have established a baseline for your server. Which of the following is the best tool to use to monitor any changes to that baseline?
Performance Monitor
Jason is a security administrator for a company of 4000 users. He wants to store 6 months of logs to a logging server for analysis. The reports are required by upper management due to legal obligations but are not time-critical. When planning for the requirements of the logging server, which of the following should not be implemented?
Performance baseline and audit trails
Your manager wants you to implement a type of intrusion detection system (IDS) that can be matched to certain types of traffic patterns. What kind of IDS is this?
Signature-based IDS
Which of the following is not a category of disaster? -Fire -Flood -Successful Malicious Attacks -Pretexting
Pretexting
Which of the following uses the equation SLE X ARO = ALE? -Qualitative Risk Assessment -Passive Security Analysis -Quantitative Risk Assessment -Active Security Analysis
Quantitative Risk Assessment
Which of the following can be described as striping with parity? RAID 0 RAID 1 RAID 5 RAID 0+1
RAID 5
Which of the following can be defined as the loss of value in dollars based on a single incident? -SLE -ARO -ALE -MAC
SLE (Single Loss Expectancy)
Which of the following log files should show attempts at unauthorized access?
Security
You are setting up auditing on a Windows computer. If set up properly, which log should have entries?
Security logs
Which of the following should be done if an audit recording fails?
Send an alert to the administrator
Which of following is the most basic form of IDS?
Signature-based
Of the following, which two security measures should be implemented when logging a server? (Select the two best answers.)
The application of retention policies on log files Hashing of log files
Your boss wants you to properly log what happens on a database server. What are the most important concepts to think about while you do so? (Select the two best answers.)
The information that will be needed to reconstruct events later The amount of disk space you will require
A UPS combines the functionality of a surge suppressor and a battery backup. (t/f)
True
What is the main reason to frequently view the logs of a DNS server?
To watch for unauthorized zone transfers
A blackout is when a total loss of power for a prolonged period occurs. (t/f)
True
A cryptoanalysis attack is a type of password cracking tool. (t/f)
True
A single point of failure is elements, objects or part of a system that if it fails can cause the entire system to fail. (t/f)
True
In the five steps of vulnerability management, prioritizing vulnerabilities should happen before the mitigation of vulnerabilities. (t/f)
True
NMAP is a type of vulnerability scanner. (t/f)
True
RAID 0+1 combines the advantages of RAID 0 and RAID 1 (t/f)
True
Risk management can be defined as the identification, assessment, and prioritization of risk. (t/f)
True
The ultimate goal of risk management is to reduce all of the risk to a level acceptable to the organization. (t/f)
True
4. A service pack is a group of updates, bug fixes, updated drivers, and security fixes.
True—A service pack is one downloadable package that includes a group of updates (hotfixes), bug fixes, updated drivers, and security fixes.
Access control lists enable or deny traffic and can be configured to help secure a router.
True—Access control lists can be implemented on a router and within firewalls; they enable or deny connections.
NAT is also known as IP masquerading.
True—NAT, which stands for network address translation, is also known as IP masquerading. It is the process of changing an IP address while it is in transit across a router.
Network access control sets rules by which network connections are governed
True—Network access control (NAC) helps control your network in a secure fashion by setting rules by which connections to the network are governed. One example of NAC is 802.1X.
Subnetting increases security by compartmentalizing a network.
True—One of the reasons that subnetting is implemented is to increase security by compartmentalizing the network. It is also used to make more efficient use of IP address space and reduce broadcast traffic and collisions.
7. The systeminfo commands show a list of hot fixes that have been installed to the operating system.
True—Systeminfo is a command used to list the hot fixes that have previously been installed to Windows.
A DMZ is a special area of the network accessed by clients on the Internet.
True—The DMZ, which stands for demilitarized zone, might include servers such as FTP, email, and Web that are accessible from people on the Internet, without enabling those people access to the LAN.
. The second step in a patch management strategy is testing.
True—The four steps of a patch management strategy include planning, testing, implementing, and auditing.
5. The Windows Update program can be accessed by clicking Start > All Programs.
True—Windows Update can be accessed by navigating to Start > All Programs.
What device should be used to ensure that a server does not shut down when there is a power outage? -RAID 1 Box -UPS -Redundant NIC -Hot Site
UPS ( uninterrupted power supply )