ISA ch 4

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

TLS

Mia is a network administrator for a bank. She is responsible for secure communications with her company's customer website. Which of the following would be the best for her to implement? A. SSL B. PPTP C. IPSec D. TLS

NIDS

Mia is responsible for security devices at her company. She is concerned about detecting intrusions. She wants a solution that would work across entire network segments. However, she wants to ensure that false positives do not interrupt work flow. What would be the best solution for Mia to consider? A. HIDS B. HIPS C. NIDS D. NIPS

L2TP

You have been instructed to find a VPN solution for your company. Your company uses TACACS+ for remote access. Which of the following would be the best VPN solution for your company?

Implement a policy against tethering

You have discovered that one of the employees at your company tethers her smartphone to her work PC to bypass the corporate web security and access prohibited websites while connected to the LAN. What would be the best way to prevent this?

site-to-site VPN

ACME Company has several remote offices. The CIO wants to set up permanent secure connections between the remote offices and the central office. What would be the best solution for this? A. L2TP VPN B. IPSEC VPN C. Site-to-site VPN D. Remote-access VPN

Using a network tap

Abigail is responsible for setting up an NIPS on her network. The NIPS is located in one particular network segment. She is looking for a passive method to get a copy of all traffic to the NIPS network segment so that it can analyze the traffic. Which of the following would be her best choice?

Continuos monitoring

Alisha is monitoring security for a mid-sized financial institution. Under her predecessor there were multiple high-profile breaches. Management is very concerned about detecting any security issues or breach of policy as soon as possible. Which of the following would be the best solution for this?

WEP

An IV attack is usually associated with which of the following wireless protocols? A. WEP B. WAP C. WPA D. WPA2

TACACS+

Bart is looking for a remote access protocol for his company. It is important that the solution he selects support multiple protocols and use a reliable network communication protocol. Which of the following would be his best choice?

It might fail to block malicious applications

Carlos is a security manager for a small company that does medical billing and records management. He is using application blacklisting to prevent malicious applications from being installed. What, if anything, is the weakness with this approach? A. None, this is the right approach. B. It might block legitimate applications. C. It might fail to block malicious applications. D. It will limit productivity.

ACL

Carolyn is the network administrator for a small financial services company and is responsible for controlling access to the resources on her network. Which technology is responsible for blocking access to a resource based on the requesting IP address? A.ACL B.NIPS C.HIPS D.Port blocking A.ACL

SIP and RTP

Carrol is responsible for network connectivity in her company. The sales department is transitioning to VoIP. What are two protocols she must allow through the firewall?

Put those machines on a separate wireless network with separate WAP.

Dennis is implementing wireless security throughout his network. He is using WPA2. However, there are some older machines that cannot connect to WPA2—they only support WEP. At least for now, he must keep these machines. What is the best solution for this problem? A. Put those machines on a different VLAN. B. Deny wireless capability for those machines. C. Put those machines on a separate wireless network with separate WAP. D. Encrypt their traffic with TLS.

Use cryptographic hashes.

Dennis is trying to set up a system to analyze the integrity of applications on his network. He wants to make sure that the applications have not been tampered with or Trojaned. What would be most useful in accomplishing this goal?

Use cryptographic hashes

Dennis is trying to set up a system to analyze the integrity of applications on his network. He wants to make sure that the applications have not been tampered with or Trojaned. What would be most useful in accomplishing this goal?

inline

Dominick is responsible for security at a medium-sized insurance company. He is very concerned about detecting intrusions. The IDS (intrusion detection system) he has purchased states that he must have an IDS on each network segment. What type of IDS is this?

Implement aggregation switches

Doug is a network administrator for a small company. The company has recently implemented an e-commerce server. This has placed a strain on network bandwidth. What would be the most cost-effective means for him to address this issue?

Implement port mirroring for that segment

Emily manages the IDS/IPS for her network. She has an NIPS installed and properly configured. It is not detecting obvious attacks on one specific network segment. She has verified that the NIPS is properly configured and working properly. What would be the most efficient way for her to address this? A. Implement port mirroring for that segment. B. Install an NIPS on that segment. C. Upgrade to a more effective NIPS. D. Isolate that segment on its own VLAN.

Implement port mirroring for that segment.

Emily manages the IDS/IPS for her network. She has an NIPS installed and properly configured. It is not detecting obvious attacks on one specific network segment. She has verified that the NIPS is properly configured and working properly. What would be the most efficient way for her to address this?

CYOD

Employees in your company are allowed to use tablets. They can select a tablet from four different models approved by the company but purchased by the employee. What best describes this? A. BYOD B. CYOD C. COPE D. BYOE

Air-gap the backup server.

Enrique is concerned about backup data being infected by malware. The company backs up key servers to digital storage on a backup server. Which of the following would be most effective in preventing the backup data being infected by malware? A. Place the backup server on a separate VLAN. B. Air-gap the backup server. C. Place the backup server on a different network segment. D. Use a honeynet.

IPS

Erik is responsible for the security of a SCADA system. Availability is a critical issue. Which of the following is most important to implement?

Sites not on the blacklist

Ethan has noticed some users on his network accessing inappropriate videos. His network uses a proxy server that has content filtering with blacklisting. What is the most likely cause of this issue?

WPS attack

Farès has discovered that attackers have breached his wireless network. They seem to have used a brute-force attack on the WiFi-protected setup PIN to exploit the WAP and recover the WPA2 password. What is this attack called? A. IV attack B. Rogue WAP C. WPS Attack D. Evil twin

Heuristic scanning

Frank is a network administrator for a small college. The college has implemented a simple NIDS. However, the NIDS seems to only catch well-known attacks. What technology is this NIDS likely missing?

Radius

Frank is looking for a remote authentication and access protocol. It must be one that uses UDP due to firewall rules. Which of the following would be the best choice?

Store the drives in a secure cabinet.

Fred is responsible for physical security in his company. He wants to find a good way to protect the USB thumb drives that have BitLocker keys stored on them. Which of the following would be the best solution for this situation?

DMZ

Gabriel is setting up a new e-commerce server. He is concerned about security issues. Which of the following would be the best location to place an e-commerce server? A. DMZ B. Intranet C. Guest network D. Extranet

Place the SCADA system on a separate VLAN

George is a network administrator at a power plant. He notices that several turbines had unusual ramp-ups in cycles last week. After investigating, he finds that an executable was uploaded to the system control console and caused this. Which of the following would be most effective in preventing this from affecting the SCADA system in the future?

ACL

Gerald is a network administrator for a small financial services company. He is responsible for controlling access to resources on his network. What mechanism is responsible for blocking access to a resource based on the requesting IP address? A. ACL B. NIPS C. HIPS D. Port blocking

Thin

Gerald is setting up new wireless access points throughout his company's building. The wireless access points have just the radio transceiver, with no additional functionality. What best describes these wireless access points?

MS-CHAPv2 provides mutual authentication, CHAP does not.

Greg is considering using CHAP or MS-CHAPv2 for authenticating remote users. Which of the following is a major difference between the two protocols?

Sensor

Hector is responsible for NIDS/NIPS in his company. He is configuring a new NIPS solution. What part of the NIPS collects data? A. Sensor B. Data source C. Manager D. Analyzer

Implement an SSL accelerator

Helga works for a bank and is responsible for secure communications with the online banking application. The application uses TLS to secure all customer communications. She has noticed that since migrating to larger encryption keys, the server's performance has declined. What would be the best way to address this issue?

It establishes the SAs

Janice is explaining how IPSec works to a new network administrator. She is trying to explain the role of IKE. Which of the following most closely matches the role of IKE in IPSec?

DDoS mitigator

Jeff is the security administrator for an e-commerce site. He is concerned about DoS attacks. Which of the following would be the most effective in addressing this? A.DDoS mitigator B. WAF with SPI C. NIPS D. Increased available bandwidth

IPS

Jody is worried about disgruntled employees stealing company documents and exfiltrating them from the network. She's seeking a solution that will detect exfiltration and block it. What type of system is Jody seeking? A.IPS B.SIEM C. Honeypot D.Firewall

UTM

John is responsible for network security at a very small company. Due to both budget constraints and space constraints, John can select only one security device. What should he select? A. Firewall B. Antivirus C. IDS D. UTM

They will no longer see the SSID as an available network

Juan is responsible for wireless security in his company. He has decided to disable the SSID broadcast on the single AP the company uses. What will the effect be on client machines?

NIDS

Lars is responsible for incident response at ACME Company. He is particularly concerned about the network segment that hosts the corporate web servers. He wants a solution that will detect potential attacks and notify the administrator so the administrator can take whatever action he or she deems appropriate. Which of the following would be the best solution for Lars?

Correlation Engine

Liam is responsible for monitoring security events in his company. He wants to see how diverse events may connect. He is interested in identifying different indicators of compromise that may point to the same breach. Which of the following would be most helpful for him to implement?

Implement account usage auditing on the SCADA system

Maria is a security engineer with a manufacturing company. During a recent investigation, she discovered that an engineer's compromised workstation was being used to connect to SCADA systems while the engineer was not logged in. The engineer is responsible for administering the SCADA systems and cannot be blocked from connecting to them. What should Maria do to mitigate this threat?

False positive

Maria is responsible for monitoring IDS activity on her company's network. Twice in the past month there has been activity reported on the IDS that investigation has shown was legitimate traffic. What best describes this?

Use an application container

Mark is an administrator for a health care company. He has to support an older, legacy application. He is concerned that this legacy application might have vulnerabilities that would affect the rest of the network. What is the most efficient way to mitigate this? A. Use an application container. B. Implement SDN. C. Run the application on a separate VLAN. D. Insist on an updated version of the application.

Out-of-band NIDS

Mary works for a large insurance company and is responsible for cybersecurity. She is concerned about insiders and wants to detect malicious activity on the part of insiders. But she wants her detection process to be invisible to the attacker. What technology best fits these needs? A. Hybrid NIDS B. Out-of-band NIDS C. NIPS D. NNIDS

Controller-based

Mohaned is an IT manager for a hotel. His hotel wants to put wireless access points on each floor. The specifications state that the wireless access points should have minimal functionality, with all the configuration, authentication, and other functionality centrally controlled. What type of wireless access points should Mohaned consider purchasing? A. Fat B. Controller-based C. Stand-alone D. 801.11i

fat

Omar is responsible for wireless security in his company. He wants completely different WiFi access (i.e., a different SSID, different security levels, and different authentication methods) in different parts of the company. What would be the best choice for Omar to select in WAPs? A. Fat B. Thin C. Repeater D. Full

Fat

Omar is responsible for wireless security in his company. He wants completely different WiFi access (i.e., a different SSID, different security levels, and different authentication methods) in different parts of the company. What would be the best choice for Omar to select in WAPs?

Split Tunnel

Remote employees at your company frequently need to connect to both the secure company network via VPN and open public websites, simultaneously. What technology would best support this?

WPA

Ricky is over WiFI security for his company. Which wireless security protocol below uses TKIP? A.WPA B.CCMP C.WEP D.WPA2

Credentials sent in cleartext

Robert is using PAP for authentication in his network. What is the most significant weakness in PAP?

TLS

Ryan is concerned about the security of his company's web application. Since the application processes confidential data, he is most concerned about data exposure. Which of the following would be the most important for him to implement? A. WAF B. TLS C. NIPS D. NIDS

RTP is not secure.

Sarah is the CIO for a small company. She recently had the entire company's voice calls moved to VoIP. Her new VoIP system is using SIP with RTP. What might be the concern with this? A. SIP is not secure. B. RTP is not secure. C. RTP is too slow. D. SIP is too slow.

ACL

Shelly is very concerned about unauthorized users connecting to the company routers. She would like to prevent spoofing. What is the most essential antispoofing technique for routers?

WAP placement

Teresa is responsible for WiFi security in her company. Her main concern is that there are many other offices in the building her company occupies and that someone could easily attempt to breach their WiFi from one of these locations. What technique would be best in alleviating her concern?

WPA

Teresa is responsible for WiFi security in her company. Which wireless security protocol uses TKIP?

WPA

Teresa is responsible for WiFi security in her company. Which wireless security protocol uses TKIP?

ANT

Teresa is responsible for network administration at a health club chain. She is trying for find a communication technology that uses low power and can spend long periods in low-power sleep modes. Which of the following technologies would be the best fit?

VPN concentrator

Terrance is responsible for secure communications on his company's network. The company has a number of traveling salespeople who need to connect to network resources. What technology would be most helpful in addressing this need? A. VPN concentrator B. SSL accelerator C. DMZ D. Guest network

Authenticate the entire packet

Tom is responsible for VPN connections in his company. His company uses IPSec for VPNs. What is the primary purpose of AH in IPSec?

Jamming

Users are complaining that they cannot connect to the wireless network. You discover that the WAPs are being subjected to a wireless attack designed to block their WiFi signals. Which of the following is the best label for this attack? A.IV Attack B.Jamming C.WPS Attack D.Botnet

SSH

Victor is a network administrator for a medium-sized company. He wants to be able to access servers remotely so that he can perform small administrative tasks from remote locations. Which of the following would be the best protocol for him to use? A. SSH B. Telnet C. RSH D. SNMP

ESP

What IPSec protocol provides authentication and encryption? A. AH B. ESP C. IKE D. ISAKMP

Clickjacking

What type of attack involves users clicking on something different on a website than what they intended to click on? A. Clickjacking B. Bluesnarfing C. Bluejacking D. Evil twin

Bluesnarfing

What type of attack uses Bluetooth to access the data from a cell phone when in range? A. Phonejacking B. Bluejacking C. Bluesnarfing D. Evil twin

Evil Twin

What type of attack uses a second wireless access point (WAP) that broadcasts the same SSID as a legitimate access point, in an attempt to get users to connect to the attacker's WAP?

IP addresses (sender and receiver), ports (sender and receiver), and protocol

When using any HIDS/HIPS or NIDS/NIPS, the output is specific to the vendor. However, what is the basic set of information that virtually all HIDSs/HIPSs or NIDSs/NIPSs provide? A. .IP addresses (sender and receiver), ports (sender and receiver), and protocol B. IP addresses (sender and receiver), ports (sender and receiver), and attack type C. IP addresses (sender and receiver), ports (sender and receiver), usernames, and machine names D. Usernames, machine names, and attack type

False positives and false negatives

When you are considering an NIDS or NIPS, what are your two most important concerns?

802.11i

Which of the following 802.11 standards is supported in WPA2, but not in WEP or WPA?

TACACS+

Which of the following is an authentication and accounting service that uses TCP for connecting to routers and switches? A. DIAMETER B. RADIUS C. TACACS+ D. Kerberos

Radius

Which of the following is an authentication service that uses UDP as a transport medium? A. TACACS+ B. LDAP C. Kerberos D. RADIUS

It provides scalability.

Which of the following is the most important benefit from implementing SDN? A. It will stop malware. B. It provides scalability. C. It will detect intrusions. D. It will prevent session hijacking.

Baselining

Which of the following terms refers to the process of establishing a standard for security?

Whitelisting

Which of the following would prevent a user from installing a program on a companyowned mobile device? A. Whitelisting B. Blacklisting C. ACL D. HIDS

WEP

While setting up a secure wireless corporate network, which of the following should Pete, an administrator, avoid implementing? A. EAP-TLS B. PEAP C. WEP D. WPA

Disable WiFi for any peripheral that does not absolutely need it

You are concerned about peripheral devices being exploited by an attacker. Which of the following is the first step you should take to mitigate this threat? A. Disable WiFi for any peripheral that does not absolutely need it. B. Enable BIOS protection for peripheral devices. C. Use strong encryption on all peripheral devices. D. Configure antivirus on all peripherals.

Agent NAC

You are configuring BYOD access for your company. You want the absolute most robust security for the BYOD on your network. What would be the best solution? A. Agentless NAC B. Agent NAC C. Digital certificate authentication D. Two-factor authentication

WPA

You are creating a wireless network for your company. You need to implement a wireless protocol that provides maximum security to protect against wireless attack. However, you must provide support for older wireless clients. Which protocol should you choose?

TACACS

You are investigating a remote access protocol for your company to use. The protocol needs to fully encrypt the message, use reliable transport protocols, and support a range of network protocols. Which of the following would be the best choice? A. RADIUS B. Diameter C. TACACS + D. IPSec

Infrared

You are looking for a point-to-point connection method that would allow two devices to synchronize data. The solution you pick should not be affected by EMI (electromagnetic interference) and should be usable over distances exceeding 10 meters, provided there is a line-of-sight connection. What would be the best solution?

Tunneling

You are responsible for always-on VPN connectivity for your company. You have been told that you must use the most secure mode for IPSec that you can. Which of the following would be the best for you to select?

Remote-access VPN

You are responsible for communications security at your company. Your company has a large number of remote workers, including traveling salespeople. You wish to make sure that when they connect to the network, it is in a secure manner. What should you implement? A. L2TP VPN B. IPSec VPN C. Site-to-site VPN D. Remote-access VPN

Kerberos

You are responsible for network security at your company. You have discovered that NTP is not functioning properly. What security protocol will most likely be affected by this? A. Radius B. DNSSEC C. IPSec D. Kerberos

Tunneling

You are setting up VPNs in your company. You are concerned that anyone running a packet sniffer could obtain metadata about the traffic. You have chosen IPSec. What mode should you use to accomplish your goals of preventing metadata being seen? A. AH B. ESP C. Tunneling D. Transport

Bluesnarfing

You have noticed that when in a crowded area, data from your cell phone is stolen. Later investigation shows a Bluetooth connection to your phone, one that you cannot explain. What describes this attack? A. Bluejacking B. Bluesnarfing C. Evil twin D. RAT

IV attack

Your wireless network has been breached and it seems as though the attacker has modified a portion of your data that is used with a stream cipher. This was used to expose wirelessly-encrypted data. What type of attack is this? A.Evil twin B.Rogue WAP C.IV Attack D.WPS attack


Ensembles d'études connexes

Smith Biology Sections 19.1-19.4

View Set

Ch.4 Critical thinking in nursing

View Set

Network+ Computer Networking (Chapters 6, 8-11) (FINAL)

View Set

Chapter 24: Management of Patients with Structural, Infectious, and Inflammatory Cardiac Disorders PrepU Questions

View Set

Psychology Research Methods (Questionnaires)

View Set