Security+ SY0-501
Measuring and Weighing Risk *Consider the following scenario: The asset value of your company's primary servers is $2 million and they are housed in a single office building in Anderson, Indiana. You have field offices scattered throughout the United States, so the servers in the main office account for approximately half the business. Tornados in this part of the country are not uncommon, and it is estimated one will level the building every 60 years.* *Which of the following is the SLE for this scenario?*
*$1 million* SLE (single loss expectancy) is equal to asset value (AV) times exposure factor (EF). In this case, asset value is $2 million and exposure factor is 1/2.
Measuring and Weighing Risk *Refer to the scenario in question 2. Which of the following is the ALE for this scenario?*
*$16,666.67* ALE (annual loss expectancy) is equal to SLE times the annualized rate of occurrence. In this case, SLE is $1 million and the ARO is 1/60.
Measuring and Weighing Risk *If you calculate SLE to be $4,000 and that there will be 10 occurrences a year (ARO), then the ALE is:*
*$40,000* If you calculate SLE to be $4,000 and that there will be 10 occurrences a year (ARO), then the ALE is $40,000 ($4,000 × 10).
Measuring and Weighing Risk *If you calculate SLE to be $25,000 and that there will be one occurrence every four years (ARO), then what is the ALE?*
*$6,250* If you calculate SLE to be $25,000 and that there will be one occurrence every four years (ARO), then the ALE is $6,250 ($25,000 × .25).
Measuring and Weighing Risk *Refer to the scenario in question 2. Which of the following is the ARO for this scenario?*
*0.0167* ARO (annualized rate of occurrence) is the frequency (in number of years) the event can be expected to happen. In this case, ARO is 1/60 or 0.0167.
Infrastructure and Connectivity *Which ports are, by default, reserved for use by FTP? (Choose all that apply.)*
*20 and 21 TCP* FTP uses TCP ports 20 and 21. FTP does not use UDP ports.
Infrastructure and Connectivity *How many bits are used for addressing with IPv4 and IPv6, respectively?*
*32, 128* IPv4 uses 32 bits for the host address, while IPv6 uses 128 bits for this.
Measuring and Weighing Risk *Which of the following policies describes how the employees in an organization can use company systems and resources, both software and hardware?*
*Acceptable use* The acceptable use policies describe how the employees in an organization can use company systems and resources, both software and hardware.
Measuring and Weighing Risk *Which of the following policy statements should address who is responsible for ensuring that it is enforced?*
*Accountability* The accountability policy statement should address who is responsible for ensuring that it is enforced.
Measuring and Weighing Risk *The risk-assessment component, in conjunction with the ________, provides the organization with an accurate picture of the situation facing it.*
*BIA* The risk-assessment component, in conjunction with the BIA (Business Impact Analysis), provides the organization with an accurate picture of the situation facing it.
Measuring and Weighing Risk *Which of the following is the structured approach that is followed to secure the company's assets?*
*Change management* Change management is the structured approach that is followed to secure the company's assets.
Measuring and Weighing Risk *Separation of duties helps prevent an individual from embezzling money from a company. To successfully embezzle funds, an individual would need to recruit others to commit an act of ________ (an agreement between two or more parties established for the purpose of committing deception or fraud).*
*Collusion* Collusion is an agreement between two or more parties established for the purpose of committing deception or fraud. Collusion, when part of a crime, is also a criminal act in and of itself.
Measuring and Weighing Risk *Which of the following policy statements may include an escalation contact, in the event that the person dealing with a situation needs to know whom to contact?*
*Exception* The exception policy statement may include an escalation contact, in the event that the person dealing with a situation needs to know whom to contact.
Measuring and Weighing Risk *What is the term used for events that mistakenly were flagged and aren't truly events to be concerned with?*
*False positives* False positives are events that mistakenly were flagged and aren't truly events to be concerned with.
Measuring and Weighing Risk *You're the chief security contact for MTS. One of your primary tasks is to document everything related to security and create a manual that can be used to manage the company in your absence. Which documents should be referenced in your manual as the ones that identify the methods used to accomplish a given task?*
*Guidelines* Guidelines help clarify processes to maintain standards. Guidelines tend to be less formal than policies or standards.
Infrastructure and Connectivity *Which protocol is primarily used for network maintenance and destination information?*
*ICMP* ICMP is used for destination and error reporting functions in TCP/IP. ICMP is routable and is used by programs such as Ping and Traceroute.
Infrastructure and Connectivity *You're the administrator for Mercury Technical. A check of protocols in use on your server brings up one that you weren't aware was in use; you suspect that someone in HR is using it to send messages to multiple recipients. Which of the following protocols is used for group messages or multicast messaging?*
*IGMP* IGMP is used for group messaging and multicasting. IGMP maintains a list of systems that belong to a message group. When a message is sent to a particular group, each system receives an individual copy.
Infrastructure and Connectivity *You're explaining protocols to a junior administrator shortly before you leave for vacation. The topic of Internet mail applications comes up, and you explain how communications are done now as well as how you expect them to be done in the future. Which of the following protocols is becoming the newest standard for Internet mail applications?*
*IMAP* IMAP is becoming the most popular standard for email clients and is replacing POP protocols for mail systems. IMAP allows mail to be forwarded and stored in information areas called stores.
Infrastructure and Connectivity *A socket is a combination of which components?*
*IP and port number* A socket is a combination of IP address and port number. The socket identifies which application will respond to the network request.
Infrastructure and Connectivity *You've been given notice that you'll soon be transferred to another site. Before you leave, you're to audit the network and document everything in use and the reason why it's in use. The next administrator will use this documentation to keep the network running. Which of the following protocols isn't a tunneling protocol but is probably used at your site by tunneling protocols for network security?*
*IPSec* IPSec provides network security for tunneling protocols. IPSec can be used with many different protocols besides TCP/IP, and it has two modes of security.
Infrastructure and Connectivity *IPv6, in addition to having more bits allocated for each host address, also has mandatory requirements built in for which security protocol?*
*IPSec* The implementation of IPSec is mandatory with IPv6. While it is widely implemented with IPv4, it is not a requirement.
Measuring and Weighing Risk *Which of the following policies should be used when assigning permissions, giving users only the permissions they need to do their work and no more?*
*Least privilege* The principle of least privilege should be used when assigning permissions. Give users only the permissions they need to do their work and no more.
Infrastructure and Connectivity *Which of the following can be implemented as a software or hardware solution and is usually associated with a device—a router, a firewall, NAT, and so on—and used to shift a load from one device to another?*
*Load balancer* A load balancer can be implemented as a software or hardware solution, and is usually associated with a device—a router, a firewall, NAT, and so on. As the name implies, it is used to shift a load from one device to another.
Infrastructure and Connectivity *What protocol, running on top of TCP/IP, is often used for name registration and resolution with Windows-based clients?*
*NetBIOS* NetBIOS is used for name resolution and registration in Windows-based environments. It runs on top of TCP/IP.
Infrastructure and Connectivity *Which device is used to connect voice, data, pagers, networks, and almost any other conceivable application into a single telecommunications system?*
*PBX* Many modern PBX (private branch exchange) systems integrate voice and data onto a single data connection to your phone service provider. In some cases, this allows an overall reduction in cost of operations. These connections are made using existing network connections such as a T1 or T3 network.
Infrastructure and Connectivity *Most of the sales force have been told that they should no longer report to the office on a daily basis. From now on, they're to spend the majority of their time on the road calling on customers. Each member of the sales force has been issued a laptop computer and told to connect to the network nightly through a dial-up connection. Which of the following protocols is widely used today as a transport protocol for Internet dial-up connections?*
*PPP* PPP can pass multiple protocols and is widely used today as a transport protocol for dial-up connections.
Infrastructure and Connectivity *Which protocol is unsuitable for WAN VPN connections?*
*PPP* PPP provides no security, and all activities are unsecure. PPP is primarily intended for dial-up connections and should never be used for VPN connections.
Infrastructure and Connectivity *Upper management has decreed that a firewall must be put in place immediately, before your site suffers an attack similar to one that struck a sister company. Responding to this order, your boss instructs you to implement a packet filter by the end of the week. A packet filter performs which function?*
*Prevents unauthorized packets from entering the network* Packet filters prevent unauthorized packets from entering or leaving a network. Packet filters are a type of firewall that blocks specified port traffic.
Protecting Networks *In order for network monitoring to work properly, you need a PC and a network card running in what mode?*
*Promiscuous* In order for network monitoring to work properly, you need a PC and a network card running in promiscuous mode.
Measuring and Weighing Risk *Which of the following strategies necessitates an identified risk that those involved understand the potential cost/damage and agree to accept?*
*Risk acceptance* Risk acceptance necessitates an identified risk that those involved understand the potential cost/damage and agree to accept.
Measuring and Weighing Risk *Which of the following strategies involves identifying a risk and making the decision to no longer engage in the action?*
*Risk avoidance* Risk avoidance involves identifying a risk and making the decision to no longer engage in the actions associated with that risk.
Measuring and Weighing Risk *Which of the following strategies involves understanding something about the enemy and letting them know the harm that can come their way if they cause harm to you?*
*Risk deterrence* Risk deterrence involves understanding something about the enemy and letting them know the harm that can come their way if they cause harm to you.
Measuring and Weighing Risk *Which of the following strategies is accomplished anytime you take steps to reduce the risk?*
*Risk mitigation* Risk mitigation is accomplished anytime you take steps to reduce the risk.
Measuring and Weighing Risk *Which of the following strategies involves sharing some of the burden of the risk with someone else such as an insurance company?*
*Risk transference* Risk transference involves sharing some of the burden of the risk with someone else such as an insurance company.
Infrastructure and Connectivity *Which of the following devices is the most capable of providing infrastructure security?*
*Router* Routers can be configured in many instances to act as packet-filtering firewalls. When configured properly, they can prevent unauthorized ports from being opened.
Infrastructure and Connectivity *Which device stores information about destinations in a network?*
*Router* Routers store information about network destinations in routing tables. Routing tables contain information about known hosts on both sides of the router.
Infrastructure and Connectivity *Which of the following services use only TCP ports and not UDP? (Choose all that apply.)*
*SFTP* SFTP uses only TCP ports. IMAP, LDAP, and FTPS all use both TCP and UDP ports.
Infrastructure and Connectivity *Which service(s), by default, use TCP and UDP port 22? (Choose all that apply.)*
*SSH* *SCP* Port 22 is used by both SSH and SCP with TCP and UDP.
Measuring and Weighing Risk *Which of the following policies are designed to reduce the risk of fraud and prevent other losses in an organization?* a. Separation of duties b. Acceptable use c. Least privilege d. Physical access control
*Separation of duties* The separation of duties policies are designed to reduce the risk of fraud and prevent other losses in an organization.
Infrastructure and Connectivity *As more and more clients have been added to your network, the efficiency of the network has decreased significantly. You're preparing a budget for next year, and you specifically want to address this problem. Which of the following devices acts primarily as a tool to improve network efficiency?*
*Switch* Switches create virtual circuits between systems in a network. These virtual circuits are somewhat private and reduce network traffic when used.
Infrastructure and Connectivity *Which of the following are multiport devices that improve network efficiency?*
*Switches* Switches are multiport devices that improve network efficiency. A switch typically has a small amount of information about systems in a network.
Protecting Networks *Which Linux utility can show if there is more than one set of documentation on the system for a command you are trying to find information on?*
*Whatis* In Linux, the whatis utility can show if there is more than one set of documentation on the system for a command you are trying to find information on.
Threats and Vulnerabilities *Internal users are reporting repeated attempts to infect their systems as reported to them by pop-up messages from their virus-scanning software. According to the pop-up messages, the virus seems to be the same in every case. What is the most likely culprit?*
a. *A server is acting as a carrier for a virus.* Some viruses won't damage a system in an attempt to spread into all the other systems in a network. These viruses use that system as the carrier of the virus.
Access Control and Identity Management *A newly hired junior administrator will assume your position temporarily while you attend a conference. You're trying to explain the basics of security to her in as short a period of time as possible. Which of the following best describes an ACL?*
a. *ACLs provide individual access control to resources.* Access control lists allow individual and highly controllable access to resources in a network. An ACL can also be used to exclude a particular system, IP address, or user.
Threats and Vulnerabilities *You're explaining the basics of security to upper management in an attempt to obtain an increase in the networking budget. One of the members of the management team mentions that they've heard of a threat from a virus that attempts to mask itself by hiding code from antivirus software. What type of virus is he referring to?*
a. *Armored virus* An armored virus is designed to hide the signature of the virus behind code that confuses the antivirus software or blocks it from detecting the virus.
Access Control and Identity Management *The present method of requiring access to be strictly defined on every object is proving too cumbersome for your environment. The edict has come down from upper management that access requirements should be reduced slightly. Which access model allows users some flexibility for information-sharing purposes?*
a. *DAC* DAC allows some flexibility in information-sharing capabilities within the network.
Access Control and Identity Management *LDAP is an example of which of the following?*
a. *Directory access protocol* Lightweight Directory Access Protocol (LDAP) is a directory access protocol used to publish information about users. This is the computer equivalent of a phone book.
Threats and Vulnerabilities *Which type of attack denies authorized users access to network resources?*
a. *DoS* A DoS attack is intended to prevent access to network resources by overwhelming or flooding a service or network.
Protecting Networks *What is a system that is intended or designed to be broken into by an attacker called?*
a. *Honeypot* A honeypot is a system that is intended to be sacrificed in the name of knowledge. Honeypot systems allow investigators to evaluate and analyze the attack strategies used. Law enforcement agencies use honeypots to gather evidence for prosecution.
Protecting Networks *Security has become the utmost priority at your organization. You're no longer content to act reactively to incidents when they occur—you want to start acting more proactively. Which system performs active network monitoring and analysis and can take proactive steps to protect a network?*
a. *IDS* An IDS is used to protect and report network abnormalities to a network administrator or system. It works with audit files and rule-based processing to determine how to act in the event of an unusual situation on the network.
Access Control and Identity Management *You've been given notice that you'll soon be transferred to another site. Before you leave, you're to audit the network and document everything in use and the reason why it's in use. The next administrator will use this documentation to keep the network running. Which of the following protocols isn't a tunneling protocol but is probably used at your site by tunneling protocols for network security?*
a. *IPSec* IPSec provides network security for tunneling protocols. IPSec can be used with many different protocols besides TCP/IP, and it has two modes of security.
Access Control and Identity Management *What is invoked when a person claims they are the user but cannot be authenticated—such as when they lose their password?*
a. *Identity proofing* Identity proofing is invoked when a person claims they are the user but cannot be authenticated, such as when they lose their password.
Threats and Vulnerabilities *Your system has just stopped responding to keyboard commands. You noticed that this occurred when a spreadsheet was open and you dialed in to the Internet. Which kind of attack has probably occurred?*
a. *Logic bomb* A logic bomb notifies an attacker when a certain set of circumstances has occurred. This may in turn trigger an attack on your system.
Access Control and Identity Management *Upper management has suddenly become concerned about security. As the senior network administrator, you are asked to suggest changes that should be implemented. Which of the following access methods should you recommend if the method is to be one that is primarily based on preestablished access and can't be changed by users?*
a. *MAC* Mandatory Access Control (MAC) is oriented toward preestablished access. This access is typically established by network administrators and can't be changed by users.
Protecting Networks *A junior administrator bursts into your office with a report in his hand. He claims that he has found documentation proving that an intruder has been entering the network on a regular basis. Which of the following implementations of IDS detects intrusions based on previously established rules that are in place on your network?*
a. *MD-IDS* By comparing attack signatures and audit trails, a misuse-detection IDS determines whether an attack is occurring.
Threats and Vulnerabilities *An administrator at a sister company calls to report a new threat that is making the rounds. According to him, the latest danger is an attack that attempts to intervene in a communications session by inserting a computer between the two systems that are communicating. Which of the following types of attacks does this constitute?*
a. *Man-in-the-middle attack* A man-in-the-middle attack attempts to fool both ends of a communications session into believing the system in the middle is the other end.
Protecting Networks *The IDS console is known as what?*
a. *Manager* The IDS console is known as the manager.
Access Control and Identity Management *After a careful risk analysis, the value of your company's data has been increased. Accordingly, you're expected to implement authentication solutions that reflect the increased value of the data. Which of the following authentication methods uses more than one authentication process for a logon?*
a. *Multifactor* A multifactor authentication method uses two or more processes for logon. A two-factor method might use smart cards and biometrics for logon.
Protecting Networks *Which of the following can be used to monitor a network for unauthorized activity? (Choose two.)*
a. *Network sniffer* b. *NIDS* Network sniffers and NIDSs are used to monitor network traffic. Network sniffers are manually oriented, whereas an NIDS can be automated.
Access Control and Identity Management *Which protocol is unsuitable for WAN VPN connections?*
a. *PPP* PPP provides no security, and all activities are unsecure. PPP is primarily intended for remote connections and should never be used for VPN connections.
Threats and Vulnerabilities *Your system log files report an ongoing attempt to gain access to a single account. This attempt has been unsuccessful to this point. What type of attack are you most likely experiencing?*
a. *Password-guessing attack* A password-guessing attack occurs when a user account is repeatedly attacked using a variety of different passwords.
Protecting Networks *Which of the following copies the traffic from all ports to a single port and disallows bidirectional traffic on that port?*
a. *Port spanning* Port spanning (also known as port mirroring) copies the traffic from all ports to a single port and disallows bidirectional traffic on that port.
Protecting Networks *Sockets are a combination of the IP address and which of the following?*
a. *Port* Sockets are a combination of the IP address and the port.
Protecting Networks *Which device monitors network traffic in a passive manner?*
a. *Sniffer* Sniffers monitor network traffic and display traffic in real time. Sniffers, also called network monitors, were originally designed for network maintenance and troubleshooting.
Educating and Protecting the User *As part of your training program, you're trying to educate users on the importance of security. You explain to them that not every attack depends on implementing advanced technological methods. Some attacks, you explain, take advantage of human shortcomings to gain access that should otherwise be denied. What term do you use to describe attacks of this type?*
a. *Social engineering* Social engineering uses the inherent trust in the human species, as opposed to technology, to gain access to your environment.
Threats and Vulnerabilities *You're the administrator for a large bottling company. At the end of each month, you routinely view all logs and look for discrepancies. This month, your email system error log reports a large number of unsuccessful attempts to log on. It's apparent that the email server is being targeted. Which type of attack is most likely occurring?*
a. *Software exploitation attack* A software exploitation attack attempts to exploit weaknesses in software. A common attack attempts to communicate with an established port to gain unauthorized access. Most email servers use port 25 for email connections using SMTP.
Threats and Vulnerabilities *A server on your network will no longer accept connections using TCP. The server indicates that it has exceeded its session limit. Which type of attack is probably occurring?*
a. *TCP ACK attack* A TCP ACK attack creates multiple incomplete sessions. Eventually, the TCP protocol hits a limit and refuses additional connections.
Access Control and Identity Management *Your company provides medical data to doctors from a worldwide database. Because of the sensitive nature of the data you work with, it's imperative that authentication be established on each session and be valid only for that session. Which of the following authentication methods provides credentials that are valid only during a single session?*
a. *Tokens* Tokens are created when a user or system successfully authenticates. The token is destroyed when the session is over.
Threats and Vulnerabilities *A mobile user calls you from the road and informs you that his laptop is exhibiting erratic behavior. He reports that there were no problems until he downloaded a tic-tac-toe program from a site that he had never visited before. Which of the following terms describes a program that enters a system disguised in another program?*
a. *Trojan horse virus* A Trojan horse enters with a legitimate program to accomplish its nefarious deeds.
Access Control and Identity Management *Which technology allows a connection to be made between two networks using a secure protocol?*
a. *Tunneling* Tunneling allows a network to make a secure connection to another network through the Internet or other network. Tunnels are usually secure and present themselves as extensions of both networks.
Access Control and Identity Management *You're the administrator for Mercury Technical. Due to several expansions, the network has grown exponentially in size within the past two years. Which of the following is a popular method for breaking a network into smaller private networks that can coexist on the same wiring and yet be unaware of each other?*
a. *VLAN* Virtual local area networks (VLANs) break a large network into smaller networks. These networks can coexist on the same wiring and be unaware of each other. A router or other routing-type device would be needed to connect these VLANs.
Threats and Vulnerabilities *You're working late one night, and you notice that the hard disk on your new computer is very active even though you aren't doing anything on the computer and it isn't connected to the Internet. What is the most likely suspect?*
b. *A virus is spreading in your system.* A symptom of many viruses is unusual activity on the system disk. This is caused by the virus spreading to other files on your system.
Protecting Networks *In intrusion detection system parlance, which account is responsible for setting the security policy for an organization?*
b. *Administrator* The administrator is the person/account responsible for setting the security policy for an organization.
Threats and Vulnerabilities *As the security administrator for your organization, you must be aware of all types of attacks that can occur and plan for them. Which type of attack uses more than one computer to attack the victim?*
b. *DDoS* A DDoS attack uses multiple computer systems to attack a server or host in the network.
Protecting Networks *Which of the following is the process in which a law enforcement officer or a government agent encourages or induces a person to commit a crime when the potential criminal expresses a desire not to go ahead?*
b. *Entrapment* Entrapment is the process in which a law enforcement officer or a government agent encourages or induces a person to commit a crime when the potential criminal expresses a desire not to go ahead.
Access Control and Identity Management *You've been assigned to mentor a junior administrator and bring him up to speed quickly. The topic you're currently explaining is authentication. Which method uses a KDC to accomplish authentication for users, programs, or systems?*
b. *Kerberos* Kerberos uses a key distribution center (KDC) to authenticate a principal. The KDC provides a credential that can be used by all Kerberos-enabled servers and applications.
Access Control and Identity Management *Which of the following security areas encompasses network access control (NAC)?*
b. *Operational security* Operational security issues include network access control (NAC), authentication, and security topologies after the network installation is complete.
Access Control and Identity Management *Most of your client's sales force have been told that they should no longer report to the office on a daily basis. From now on, they're to spend the majority of their time on the road calling on customers. Each member of the sales force has been issued a laptop computer and told to connect to the network nightly through a remote connection. Which of the following protocols is widely used today as a transport protocol for remote Internet connections?*
b. *PPP* PPP can pass multiple protocols and is widely used today as a transport protocol for remote connections.
Threats and Vulnerabilities *You are the senior administrator for a bank. A user calls you on the telephone and says they were notified to contact you but couldn't find your information on the company website. Two days ago, an email told them there was something wrong with their account and they needed to click a link in the email to fix the problem. They clicked the link and filled in the information, but now their account is showing a large number of transactions that they did not authorize. They were likely the victims of what type of attack?*
b. *Phishing* Sending an email with a misleading link to collect information is a phishing attack.
Threats and Vulnerabilities *Your system has been acting strangely since you downloaded a file from a colleague. Upon examining your antivirus software, you notice that the virus definition file is missing. Which type of virus probably infected your system?*
b. *Retrovirus* Retroviruses are often referred to as anti-antiviruses. They can render your antivirus software unusable and leave you exposed to other, less-formidable viruses.
Threats and Vulnerabilities *What kind of virus could attach itself to the boot sector of your disk to avoid detection and report false information about file sizes?*
b. *Stealth virus* A stealth virus reports false information to hide itself from antivirus software. Stealth viruses often attach themselves to the boot sector of an operating system.
Access Control and Identity Management *Which of the following is a client-server-oriented environment that operates in a manner similar to RADIUS?*
b. *TACACS* Terminal Access Controller Access-Control System (TACACS) is a client-server-oriented environment, and it operates in a manner similar to how RADIUS operates.
Protecting Networks *Which of the following utilities can be used in Linux to view a list of users' failed authentication attempts?*
b. *faillog* Use the faillog utility in Linux to view a list of users' failed authentication attempts.
Protecting Networks *Which of the following IDS types looks for things outside of the ordinary?*
c. *Anomaly-based* An anomaly-detection IDS (AD-IDS) looks for anomalies, meaning it looks for things outside of the ordinary.
Threats and Vulnerabilities *An alert signals you that a server in your network has a program running on it that bypasses authorization. Which type of attack has occurred?*
c. *Backdoor* In a backdoor attack, a program or service is placed on a server to bypass normal security procedures.
Protecting Networks *Which type of active response fools the attacker into thinking the attack is succeeding while the system monitors the activity and potentially redirects the attacker to a system that is designed to be broken?*
c. *Deception* A deception active response fools the attacker into thinking the attack is succeeding while the system monitors the activity and potentially redirects the attacker to a system that is designed to be broken.
Protecting Networks *You're the administrator for Acme Widgets. After attending a conference on buzzwords for management, your boss informs you that an IDS should be up and running on the network by the end of the week. Which of the following systems should be installed on a host to provide IDS capabilities?*
c. *HIDS* A host-based IDS (HIDS) is installed on each host that needs IDS capabilities.
Access Control and Identity Management *What is implied at the end of each access control list?*
c. *Implicit deny* An implicit deny clause is implied at the end of each ACL, and it means that if the proviso in question has not been explicitly granted, then it is denied.
Access Control and Identity Management *Your office administrator is being trained to perform server backups. Which authentication method would be ideal for this situation?*
c. *RBAC* Role-Based Access Control (RBAC) allows specific people to be assigned to specific roles with specific privileges. A backup operator would need administrative privileges to back up a server. This privilege would be limited to the role and wouldn't be present during the employee's normal job functions.
Protecting Networks *Which of the following is an active response in an IDS?*
c. *Reconfiguring a router to block an IP address* Dynamically changing the system's configuration to protect the network or a system is an active response.
Threats and Vulnerabilities *You've discovered that an expired certificate is being used repeatedly to gain logon privileges. Which type of attack is this most likely to be?*
c. *Replay attack* A replay attack attempts to replay the results of a previously successful session to gain access.
Threats and Vulnerabilities *A user calls you in a panic. He is receiving emails from people indicating that he is inadvertently sending viruses to them. Over 200 such emails have arrived today. Which type of attack has most likely occurred?*
c. *Worm* A worm is a type of malicious code that attempts to replicate using whatever means are available. The worm may not have come from the user's system; rather, a system with the user's name in the address book has attacked these people.
Protecting Networks *Which IDS function evaluates data collected from sensors?*
d. *Analyzer* The analyzer function uses data sources from sensors to analyze and determine whether an attack is under way.
Access Control and Identity Management *Which of the following is a type of smart card issued by the Department of Defense as a general identification/authentication card for military personnel, contractors, and non-DoD employees?*
d. *CAC* One type of smart card is the Common Access Card (CAC). These cards are issued by the Department of Defense as a general identification/authentication card for military personnel, contractors, and non-DoD employees.
Protecting Networks *Which IDS system uses algorithms to analyze the traffic passing through the network?*
d. *Heuristic* A heuristic system uses algorithms to analyze the traffic passing through the network.
Threats and Vulnerabilities *A smurf attack attempts to use a broadcast ping on a network; the return address of the ping may be a valid system in your network. Which protocol does a smurf attack use to conduct the attack?*
d. *ICMP* A smurf attack attempts to use a broadcast ping (ICMP) on a network. The return address of the ping may be a valid system in your network. This system will be flooded with responses in a large network.
Protecting Networks *Which of the following implies ignoring an attack and is a common response?*
d. *Shunning* Shunning, or ignoring an attack, is a common response.
Threats and Vulnerabilities *A user reports that he is receiving an error indicating that his TCP/IP address is already in use when he turns on his computer. A static IP address has been assigned to this user's computer, and you're certain this address was not inadvertently assigned to another computer. Which type of attack is most likely underway?*
d. *TCP/IP hijacking* One of the symptoms of a TCP/IP hijacking attack may be the unavailability of a TCP/IP address when the system is started.
Threats and Vulnerabilities *A junior administrator comes to you in a panic. After looking at the log files, he has become convinced that an attacker is attempting to use an IP address to replace another system in the network to gain access. Which type of attack is this?*
d. *TCP/IP hijacking* TCP/IP hijacking is an attempt to steal a valid IP address and use it to gain authorization or information from a network.
Access Control and Identity Management *You have added a new child domain to your network. As a result of this, the child has adopted all the trust relationships with other domains in the forest that existed for its parent domain. What is responsible for this?*
d. *Transitive access* Transitive access exists between the domains and creates this relationship.