Section 5: Quiz 53 - Network and Endpoint Devices
Which of the following is an IS auditor's first step in reviewing access control for client server environments? A. Determining the network access point B. Determining placement of the firewall C. Determining the authentication system D. Determining logical access control
Answer A: Determine the network access point. Explanation: A client server environment may have multiple access points and it is important to first determine all the network access points in order to evaluate the risk of unauthorized access. Once the IS auditor is aware of all the access points, we can evaluate other options.
Which of the following is regarded as the most secure transmission medium? A. Fiber optic wires B. A UTP C. A twisted-pair wire D. A copper wire
Answer A: Fiber optic wires Explanation: Optical fiber is a thin and flexible piece of fiber made of glass or plastic. Fiber optic cables are considered to be more secure than copper wire. Fiber optic is the preferred choice for managing long-distance networks and handling high volumes of data. Fiber optics are not impacted or affected by EMI. Fiber optic cables have very marginal transmission loss.
Which of the following is regarded as a major concern in a firewall configuration? A. A default configuration setting has not been changed B. Denying all traffic expect approved traffic C. Allowing all traffic except restricted traffic D. The setting of a firewall for the VPN endpoint
Answer A: The default configuration setting has not been changed. Explanation: The default configuration not being changed poses a major risk. Default configurations are published openly and intruders can use the same for access purposes. The other options are not as important compared with the default configuration not being changed.
Which of the following is regarded as a major concern for an organization when allowing visitors to use its network? A: The guest network is not separate from the production network. B. Only single-factor authentication is implemented C. An IDS is not installed D. A firewall allows all traffic except restricted traffic
Answer A: The guest network is not separate from the production network. Explanation: The best way to secure the company network from intrusion is to keep the visitor network physically separate. Other options may not be as secure as separation of the network. Firewalls and IDSes have to be properly configured and are subject to multiple risks. Single-factor authentication is subject to the risk of passwords being compromised.
An organization allows visitors to access its wireless internet by means of a generic user ID and password. Which of the following is the best control to address the risk? A. Physical separation of the visitor's network and the company network B. The installation of a firewall between the visitor's network and the company network C. A password change every day D. The installation of IDS to protect the company network
Answer A: The physical separation of a visitor's network and the company network. Explanation: The best way to secure the company network from intrusion is to keep the visitor' network physically separate. Other options may not be as secure as separation of the network. Firewall and IDSes have to be properly configured and are subject to multiple risks.
Which should be identified first by an IS auditor while reviewing network security? A. Determine the importance of network devices in topology B. Determine the lack of network devices C. Determine the placement of network devices D. Determine the integration of network devices
Answer A: To determine the importance of network devices in topology. Explanation: The first procedure is to determine the use and importance of network devices in the topology. Once the auditor becomes familiar with the topology, he may evaluate appropriate placement, integration, and the lack of network devices.
Which of the following documents is accorded the highest priority for review by the IS auditor while reviewing network security? A. The user access review B: A. The configuration, wiring, and schematic diagram C. The list of servers D. The redundancy procedure
Answer B: A configuration, wiring, and schematic diagram. Explanation: It is important to have an understanding of network configuration, network cabling, and the use of other network devices for a review of network security. The other options are not as important as a review of the configuration, wiring, and schematic diagram.
Which of the following is the best control for remote sites connected to the headquarters of the organization over the internet via Telnet? A. Implement two-factor authentication B. A dedicated leased line for remote connection C. A firewall configuration to allow only a remote IP D. Appropriate network administrator training
Answer B: A dedicated leased line for remote connection. Explanation: It must be noted that Telnet traffic is not encrypted by default. It is advisable to use SSH in place of Telnet. If Telnet is used, it is advisable to use a dedicated leased line to reduce the security risk. Two-factor authentication, as well as firewall and network administrator training, will not address the security risk of transmission channels.
Which of the following is a major concern regarding the use of the DHCP? A. Use of the application layer firewall B. Access to the network port is not restricted C. Antivirus software is updated every month D. Two-factor authentication is implemented
Answer B: Access to a network port is not restricted. Explanation: A DHCP server dynamically assigns an IP address and other network configuration parameters to every device on a network in order that they can communicate with other IP networks. One of the concerns of automatic IP allocation is that any unauthorized individual can connect to the corporate network. Hence, physical network ports should not be kept open and strong restrictions should be in place to access the network port.
The most effective medium for providing security for a telecommunication network is: A. broadband B: Dedicated leased lines. C. a dial-up connection D. a public network
Answer B: Dedicated leased lines. Explanation: A dedicated leased line is regarded as the most effective medium as there is no sharing of lines or intermediary entry points. The risk of interception is very low in dedicated lines as compared with other media.
An organization has one wired as well as one wireless local area network (WLAN). A wired network is used to store and transmit sensitive data, and a wireless network is used for other general purposes. A few employees with wireless access are required to access customer information. Which of the following is the best way to separate both the networks? A. Separate both networks physically B: Implement a firewall between both networks. C. Implement an IDS between both networks D. Implement a VLAN between both networks
Answer B: Implement a firewall between both networks. Explanation: The best way to separate both networks is to implement a firewall between the networks. A firewall will allow only authorized users on the wireless network to access the wired network. A VLAN would be less secure than a firewall. The function of an IDS is to detect an intrusion. If both networks are physically separated, then it would not be possible for authorized wireless users to access the data.
An enterprise has installed a wireless local area network connection port in its conference room for internet access. Which of the following is the best control to protect the production server from unauthorized access? A. Enable encryption for network traffic B. Separate the VLANs for the conference and production environments C. Enable a logon procedure to connect with the network D. Only a laptop with an updated antivirus should be allowed to connect to the network
Answer B: Separate the VLANs for the conference and production environments. Explanation: An open connection point in the conference room is a risk as it can be accessed by anyone in the conference room and an intruder can attempt to access the production server through it. The best method of preventing this is to have a separate network for conferences that allows users to access the internet without any risk of unauthorized access to production servers.
The most effective method for restricting an unauthorized internet site is: A. the installation of an IDS B. the use of a content filtering proxy server for outbound traffic C. the use of a content filtering proxy server for inbound traffic D. the installation of client software on each PC computer to restrict web content
Answer B: The use of a content filtering proxy server for outbound traffic. Explanation: A content filtering proxy server will be the best way to filter the unauthorized internet site. Proxy servers that monitor outbound traffic can block the restricted internet sites. Use of a content filtering proxy server for inbound traffic is used to monitor and control access to corporate sites. The installation of client software on each PC computer to restrict web content is less effective compared with centralized proxy servers. The purpose of an IDS is to detect the intrusion.
The best control for an internet-based business that is seeking confidentiality, reliability, and integrity of the data is: A. a router B. an intrusion detection system (IDS) C. a secure socket layer D. an intrusion protection system
Answer C: A secure socket layer. Explanation: A secure socket layer uses a cryptographic function to protect the confidentiality, reliability, and integrity of private documents traveling through the internet. The function of IDS and IPS is for intrusion detection and prevention, while the function of the router is to route internet traffic.
A disturbance that can impact both wired and wireless communication is: A. surges B. cross talk C: Attenuation. D. multipath interference
Answer C: Attenuation. Explanation: Attenuation is the loss or weakening of signal transmission. Attenuation can impact both wired and wireless transmissions. Distance and wire length have a direct impact on the severity of attenuation. The other factors generally impact wired transmission only.
A disturbance that can be caused by the length of cable is: A. surges B. cross talk C. attenuation D. EMI
Answer C: Attenuation. Explanation: Explanation: Attenuation is the loss or weakening of signal transmission. Attenuation can impact both wired and wireless transmissions. Distance and wire length have a direct impact on the severity of attenuation. The other factors generally do not have any correlation with the length of the wire.
A device that is primarily installed as a security measure to prevent unauthorized traffic among the different segments of the network is: A. a switch B. a hub C: Firewall. D. a router
Answer C: Firewall. Explanation: A firewall is primarily installed as a security measure to prevent unauthorized traffic among the different segments of the network. Hubs, routers, and switches do have a limited capability to block traffic, but they are not primarily installed as a security measure.
Disabling the dynamic host configuration protocol: A. is not suitable for high-volume traffic B. will automatically allot IP addresses to any device on the network C. reduces the risk of unauthorized access to networks D. is not suitable for wireless networks
Answer C: Reduces the risk of unauthorized network access. Explanation: DHCP is a protocol to manage the network configuration. A DHCP server dynamically assigns an IP address and other network configuration parameters to every device on a network so that they can communicate with other IP networks. Hence, IP address pool management is effected by the DHCP server for high-volume traffic. It is suitable for both wired and wireless networks. One of the concerns of automatic IP allocation is that any unauthorized individual can connect to the corporate network. Hence, disabling the DHCP protocol
Which of the following is the most appropriate security control for implementing a wireless local area network (WLAN)? A. Enable an SSID for the network B. Enable a DHCP C: The physical security of wireless access points. D. Enable an SNMP to monitor the network
Answer C: The physical security of wireless access points. Explanation: It is important to have restricted access to wireless devices such as routers in order to protect the same from misconfiguration or theft. If access points are not physically protected, intruders can change the configuration and gain access to the network. An SSID, DHCP, and SNMP should be disabled for the protection of wireless security.
A defense-in-depth arrangement can be illustrated by: A. the use of two centralized firewalls to monitor traffic B. the use of a centralized firewall as well as a host-level firewall on each computer C: The use of a centralized firewall as well as logical access control on each computer. D. the use of security guards for perimeter security
Answer C: The use of a centralized firewall as well as logical access control on each computer. Explanation: A defense-in-depth security arrangement includes the use of multiple security mechanisms that support and complement each other. The failure of one device can be compensated by the security features of another. By using two different products - the firewall and logical access control, the probability of failure is reduced and the defensive structure becomes deeper. This is like two lines of defense. The other options involve only one kind of product.
Which of the following is the most appropriate action by network administrators in addressing user feedback regarding slow networks? A. Segment the network to improve the speed B. Change the internet service provider C: To use a protocol analyzer to analyze the performance of network and related devices. D. Increase the bandwidth of the internet connection
Answer C: To use a protocol analyzer to analyze the performance of network and related devices. Explanation: In this scenario, the first step should be to identify the root cause of the problem. The use of a protocol analyzer will help to determine the exact nature of the issue, which can be either a configuration issue or a device malfunction. Subsequent action can be taken once the problem is known.
Which of the following is a feature of the UDP? A. UDP is a connection-oriented protocol B. UDP provides enhanced latency C. UDP provides unreliable service and packets may arrive out of order D. UDP provides for enhanced error checking and correction
Answer C: UDP provides unreliable service and packets may arrive out of order. Explanation: The UDP is regarded as a connectionless protocol. The UDP has an unreliable service and data packets may arrive out of order, be corrupted, or may get dropped, and the destination does not acknowledge every packet it receives. One advantage of the UDP is that as it does not perform error checking, it allows for reduced latency.
Which of the following is looked at first by an IS auditor when reviewing the security of the local area network? A. The authentication factor B. The penetration testing report C. A user access review D: A diagram of the network
Answer D: A diagram of the net. Explanation: The first arrangement that should be reviewed by the IS auditor is a network diagram. A network diagram is a pictorial representation of the network architecture that includes computer, server, and other network devices, such as cables, routers, devices, hubs, and firewalls. A network diagram includes the details of placement of each network equipment and how they interact with each other. While auditing the network security aspect, the IS auditor should first review the network diagram to understand the network architecture and determine inherent r
Which of the following devices will help to best restrict the accessing of forbidden websites on a user's PC? A. A router B. A stateful inspection C. An IDS D. A web content filter
Answer D: A web content filter. Explanation: A web content filter allows or rejects web traffic on the basis of rules. It is the most effective way to restrict access to forbidden websites and the user's stateful inspection will not be helpful as it does not look into site classification or website content. The function of the IDS is to detect the network intrusion. Routers do have a basic ability to filter, but web content filters are more effective than routers.
Which of the following will help to protect a network from acting as a zombie in a denial-of-service attack? A. Deny all incoming traffic with the source address of the critical host B. Deny all incoming traffic with the spoofed source IP C. Deny all incoming and outgoing traffic for the critical host D: Deny all outgoing traffic with external source addresses.
Answer D: Deny all outgoing traffic with external source addresses. Explanation: In a zombie attack, compromised computers will send huge amounts of traffic to outside networks. But in this case, the source address will be other than the internal IP range. Denying the traffic of the source address external to the network will afford protection from a DoS attack.
Which should be determined first by an IS auditor while reviewing network security? A. The factor of authentication B. The firewall configuration C. An evaluation of the vulnerability assessment report D. The network entry points
Answer D: The network entry points. Explanation: The first arrangement that should be reviewed by the IS auditor is a network diagram. A network diagram will help the auditor to determine network entry points, the placement of various network devices, and how they interact with each other. This will help the auditor to determine the level of inherent risk and plan their audit accordingly.