Missed QBank Questions - Domain 3
B) 1701 You should open port number 1701 because this is the UDP port used by Layer 2 Tunneling Protocol (L2TP). Port number 22 is reserved for Secure Shell (SSH) remote login. Port number 88 is assigned to the Kerberos protocol. Point-to-Point Tunneling Protocol (PPTP) uses UDP and TCP ports number 1723. There are a total of 65,535 ports in the TCP/IP protocol that are vulnerable to attacks. You should know the following commonly used ports and protocols: FTP - ports 20 and 21 SSH, SCP, and SFTP - port 22 Telnet - port 23 SMTP - port 25 TACACS - port 49 DNS server - port 53 DHCP - ports 67 and 68 TFTP - port 69 HTTP - port 80 Kerberos - port 88 POP3 - port 110 NetBIOS - ports 137-139 IMAP4 - port 143 SNMP - port 161 LDAP - port 389 SSL and HTTPS - port 443 SMB - port 445 LDAP with SSL - port 636 FTPs - ports 989, 990 Microsoft SQL Server - port 1433 Point-to-Point Tunneling Protocol (PPTP) - port 1723 RDP protocol and Terminal Services - port 3389
* A user complains that he is unable to communicate with a remote virtual private network (VPN) using L2TP. You discover that the port this protocol uses is blocked on the routers in your network. You need to open this port to ensure proper communication. Which port number should you open? A) 22 B) 1701 C) 88 D) 1723
B) Memory\Pages/sec Microsoft recommends that the Memory\Pages/sec counter should remain at or close to zero. When this counter remains low, it indicates that the paging file is not being utilized much. None of the other counters should remain at or close to zero. The Network Interface\Bytes total/sec counter should stay below 50 percent of the total network bandwidth. The PhysicalDisk\Disk Transfers/sec counter should remain low but will only remain at or close to zero when no disk transfers are occurring. This condition is rare. The PhysicalDisk\Avg. Disk Queue Length counter should not exceed two times the number of spindles in the physical disk.
* As part of your company's security policy, you are creating a performance baseline for a Windows Server 2012 computer. Which counter does Microsoft recommend should remain at or close to zero? A) PhysicalDisk\Avg. Disk Queue Length B) Memory\Pages/sec C) Network Interface\Bytes total/sec D) PhysicalDisk\Disk Transfers/sec
D) by using sandboxes Unsigned Java applets in Java Development Kit 1.1 use sandboxes to enforce security. A sandbox is a security scheme that prevents Java applets from accessing unauthorized areas on a user's computer. This mechanism protects the system from malicious software, such as hostile applets, by enforcing the execution of the application within the sandbox and preventing access to the system resources outside the sandbox. The concept of a Web script that runs in its own environment and cannot interfere with any other process is known as a sandbox. A hostile applet is an active content module used to exploit system resources. Hostile applets coded in Java can pose a security threat to computer systems if the executables are downloaded from unauthorized sources. Hostile applets may disrupt the computer system operation, either through resource consumption or through covert channels. Object code refers to a version of a computer program that is compiled before it is ready to run in a computer. The application software on a system is typically in the form of compiled object codes and does not include the source code. Object codes are not related to the security aspects of Java. They represent an application program after the compilation process. Macro programs use macro languages. Macro languages, such as Visual Basic, are typically used to automate the common tasks and activities of application users. Macro programs have their own set of security vulnerabilities, such as macro viruses, but are not related to Java security. Digital and trust certificates are used by Microsoft's ActiveX technology to enforce security. ActiveX refers to a set of controls that users can download in the form of a plug-in to enhance a feature of an application. The primary difference between Java applets and ActiveX controls is that the ActiveX controls are downloaded subject to acceptance by a user. The ActiveX trust certificate also states the source of the plug-in signatures of the ActiveX modules. Java applets are short programs that use the technique of a sandbox to limit the applet's access to specific resources stored in the system.
* How does an unsigned Java applet enforce security in JDK 1.1? A) by using macro languages B) by using object codes C) by using digital and trusted certificates D) by using sandboxes
C)RAID D)disk replication Both RAID and disk replication offer high availability. Redundant array of independent disks (RAID) provides redundancy for hard drives. A RAID volume that includes multiple drives is seen as one drive to applications and other devices. In most RAID implementations, the data remains available if a drive within the volume fails. Disk replication is the process of replicating the data on a disk to another disk. If the main disk fails, the disk that contains the replicated data can take over. Tape backups are not highly available. They must be restored, which could take a long time depending on the amount of data to be restored. Vaulting makes electronic backups of data and transmits them to offsite storage locations. These backups must be restored in a similar way as tape backups. Load balancing, disk replication, and clustering provide a server contingency solution that offers high availability. These solutions are often referred to as server fault tolerance. Offsite facilities can also offer server contingency solutions with a lower availability than load balancing, disk replication, or clustering.
* Which hardware contingency solutions offer high availability? (Choose two.) A)vaulting B)tape backups C)RAID D)disk replication
A) NAT router Network Address Translation (NAT) router acts as the interface between a local area network and the Internet using one IP address. A VPN is a private network that is implemented over a public network, such as the Internet. A router divides a network into smaller subnetworks. Each host on the subnetwork is given its own IP address to use to communicate. A firewall is a device that protects a network from unauthorized access by allowing only certain traffic to pass through it. While a firewall can also be a router, it is referred to as a firewall when it functions to create a DMZ.
* Which network entity acts as the interface between a local area network and the Internet using one IP address? A) NAT router B) VPN C) router D) firewall
A) Disable default user accounts and passwords. An example of application hardening is to disable default user accounts and passwords used in the application. Application hardening ensures that an application is secure and unnecessary services are disabled. Other application security controls include: * Fuzz testing or fuzzing - a software testing technique, usually automated, that involves providing invalid, unexpected, or random data to the inputs of an application. The application is then monitored for exceptions. * Application configuration baselining - a technique that records the application baseline that can be used later to see if an application's security baseline has changed * Cross-site Request Forgery (XSRF) prevention - a type of malicious exploit of a Web site where unauthorized commands are transmitted from a user that the Web site trusts. Also referred to as one-click attack or session riding * NoSQL databases versus SQL databases - NoSQL security is not as robust as SQL security. If NoSQL databases are used, data confidentiality and integrity must be the responsibility of the application. With SQL, data confidentiality and integrity can be handled by the relational database engine. Installing all operating system patches and service packs, disabling unnecessary protocols, and implementing NTFS on all hard drives are part of hardening the operating system.
* Which of the following actions is an example of application hardening? A) Disable default user accounts and passwords. B) Disable unnecessary protocols. C) Install all operating system patches and service packs. D) Implement NTFS on all hard drives.
B)Water C)Soda acid Water or soda acid should be used to suppress a fire that has wood products, laminates, and paper as its elements. The suppression method should be based on the type of fire in the facility. The suppression substance should interfere with the elements of the fire. For example, soda acid removes the fuel while water reduces the temperature. Water or soda acid are used to extinguish class A fires. Electrical wiring and distribution boxes are the most probable cause of fires in data centers. Class C fire suppression agents, such as halon or carbon dioxide, are used when the fire involves electrical equipment and wires. They can also be used to suppress Class B fires that include liquids, such as petroleum products and coolants. The production of halon gas was banned by the Montreal Protocol in 1987. Halon causes damage to the ozone layer and is harmful to humans. The treaty requires vendors who already have halon extinguishers to get the extinguishers refilled with replacements, such as FM-200, approved by the Environmental Protection Agency (EPA). Carbon dioxide, also used to extinguish class B and C fires, eliminates oxygen. Carbon dioxide is harmful to humans and should be used only in unattended facilities. Dry powder is a suppression method for a fire that has magnesium, sodium, and potassium as its elements. Dry powder extinguishes class D fires. Although dry powder can also suppress Class B and C fires, companies commonly use other forms of suppression for Class B and C fires. The only suppression method for combustible metals is dry powder.
* Which two suppression methods are recommended when paper, laminates, and wooden furniture are the elements of a fire in the facility? (Choose two.) A)Halon B)Water C)Soda acid D)Dry powder
D) host-to-gateway You should deploy host-to-gateway IPSec mode. In this configuration, the VPN gateway requires the use of IPSec for all remote clients. The remote clients use IPSec to connect to the VPN gateway. IPSec is not used for any communication between the VPN gateway and the internal hosts on behalf of the remote clients. Only the traffic over the Internet uses IPSec. In host-to-host IPSec mode, each host must deploy IPSec. This mode would require that any internal hosts that communicate with the VPN clients would need to deploy IPSec. In gateway-to-gateway IPSec mode, the gateways at each end of the connection provide IPSec functionality. The individual hosts do not. For this reason, the VPN is transparent to the users. This deployment best works when a branch office or partner company needs access to your network.
* You are deploying a virtual private network (VPN) for remote users. You want to meet the following goals: - The VPN gateway should require the use of Internet Protocol Security (IPSec). - All remote users must use IPSec to connect to the VPN gateway. - No internal hosts should use IPSec. Which IPSec mode should you use? A) This configuration is not possible. B) gateway-to-gateway C) host-to-host D) host-to-gateway
C)number of subnetworks needed E)number of hosts to support When designing a network, you need to know the number of hosts to support and the number of subnetworks needed. These two considerations determine the subnetting scheme that your network requires. The number of domains to support, the number of servers to support, and the number of Internet interfaces available do not affect the network design.
* You must design the network for your company's new location. Which two considerations are important? (Choose two.) A)number of servers to support B)number of Internet interfaces available C)number of subnetworks needed D)number of domains to support E)number of hosts to support
B)Switch E)Bridge F)Router Bridges, switches, and routers can be used to connect multiple LAN segments. Bridges and switches operate at the Data Link layer of the OSI model (Layer 2), using the Media Access Control (MAC) address to send packets to their destination. Routers operate at the Network layer (Layer 3) by using IP addresses to route packets to their destination along the most efficient path. Hubs act as a central connection point for network devices on one network segment. They work at the Physical layer (Layer 1). Using a hub would result in collisions. Repeaters are used to extend the length of network beyond the cable's maximum segment distance. They take a received frame's signal and regenerate it to all other ports on the repeater. They also work at the Physical layer. An inverse multiplexer is used to connect several T1 lines together for fault tolerance purposes. The multiplexer is placed at both ends of the connection.
* Your network contains four segments. Which network devices can you use to connect two or more of the LAN segments together without collisions? (Choose three.) A)Hub B)Switch C)Repeater D)Multiplexer E)Bridge F)Router
D) Adjust the power level setting slightly higher. You should adjust the power level setting for the AP to a slightly higher setting. After changing the power level setting, you should reboot the AP. The only way to gain more coverage for an AP is to increase the power level. You should not maximize the power level setting. This might create an area that is larger than you intended. You should not relocate the AP. While this will alter the area covered by the AP, it will not actually make the area any larger and may actually prevent coverage in areas that were covered in the previous location. You should not change the channel used by the AP. This is what you should do if you find that two wireless APs are interfering with each other because they use the same channel.
* Your organization purchases a set of offices adjacent to your current office. You need to broaden the area to which a wireless access point (AP) can transmit. What should you do? A) Change the channel used by the AP. B) Maximize the power level setting. C) Relocate the AP. D) Adjust the power level setting slightly higher.
A) VPN A virtual private network (VPN) is not a physical network. In a VPN, a public network, such as the Internet, is used to allow secure communication between companies that are not located together or between private networks. A VPN transports encrypted data. A Virtual LAN (VLAN) allows networks to be segmented logically without physically rewiring the network. A VLAN is an excellent way to provide an added layer of security by isolating resources into separate subnets. If a small company purchases an all-in-one wireless router/switch and has two Web servers, and it needs to protect from access by BYOD, you could create a server VLAN and place an ACL on the Web servers. An extranet enables two or more companies to share information and resources. While an extranet should be configured to provide the shared data, an extranet is only a Web page. It is not actually responsible for data transmission. An extranet has a wider boundary than an intranet. A certificate server provides certificate services to users. Certificates are used to verify user identity and protect data communication. VPNs use what is known as a tunneling protocol for the secure transfer of data using the Internet. A common tunneling protocol for this purpose is Point-to-Point Tunneling Protocol (PPTP). The term "tunnel" refers to how the information is privately sent. Data being sent is encapsulated into what are called network packets. Packets are encrypted from where they originate before they are sent via the Internet. The information travels in an encrypted, or non-readable, form. Once the information arrives at its destination, it is then decrypted. By using a VPN, a company avoids the expense of leased lines for secure communication, but instead can use public networks to transfer data in a secure way. Client computers can connect to the VPN by dial-up, DSL, ISDN, or cable modems. An intranet is a local area network (LAN) add-on that is restricted to certain users, usually a company's employees. The data contained on it is usually private in nature.
Bob manages the sales department. Most of his sales representatives travel among several client sites. He wants to enable these sales representatives to check the shipping status of their orders online. This information currently resides on the company intranet, but it is not accessible to anyone outside the company firewall. Bob has asked you to make the information available to traveling sales representatives. You decide to create an extranet to allow these employees to view their customers' order status and history. Which technique could you use to secure communications between network segments sending order-status data via the Internet? A) VPN B) VLAN C) Extranet D) Certificate server
A) line conditioners Fluctuations in voltage supply, such as spike and surges, can damage electronic circuits and components. A line conditioner ensures clean and steady voltage supply by filtering the incoming power and eliminating fluctuations and interference. An uninterruptible power supply (UPS) provides clean distribution of power. The UPS provides a backup power supply. A UPS can also provide surge suppression, but can only protect those items connected to it. In addition, the protection provided is very limited. For voltage issues for the primary power supply, you should use voltage regulators or line conditioners. The heating, ventilation, and air conditioning (HVAC) system is installed in a building to regulate temperature. This includes air conditioning plants, chillers, ducts, and heating systems. HVAC is also referred to as climate control. It is important to note that HVAC has no role in regulating voltage. HVAC should maintain a humidity level of 40 to 60 percent in the air. High humidity can cause either condensation on computer parts or corrosion on electric connections. A low humidity level can cause static electricity that can damage the electronic components of computer equipment. Static electricity can also be reduced using anti-static sprays and anti-static flooring. HVAC systems help ensure availability by maintaining a proper environment. The concentric circle approach defines a circular security zone and determines physical access control. The zone should be secured by fences, badges, mantraps, guards, dogs, and access control systems, such as biometric identification systems. Concentric circle is a layered defense architecture and does not deal with electric power.
Management has asked you to ensure that voltage is kept clean and steady at your facility. Which component is MOST appropriate for this purpose? A) line conditioners B) HVAC C) UPS D) concentric circle
E) TPM Trusted Platform Module (TPM) is a specialized chip that you install on a computer's motherboard to assist with full disk encryption. TPM has a storage root key that is embedded into the chip. The storage root key is created when you take ownership of the TPM. If you clear the TPM and a new user takes ownership, a new storage root key is created. TwoFish is a symmetric key block cipher with a block size of 128 bits and key sizes up to 256 bits. It does not provide full disk encryption. GNU Privacy Guard (GPG) is an alternative to Pretty Good Privacy (PGP). PGP is a data encryption mechanism that provides privacy and authentication for data communication. PGP is often used for signing or encrypting and decrypting texts, e-mail, files, directories, and whole disk partitions to increase the security of e-mail communications. GPG also provides this function and is a FREE alternative to PGP. GPG and PGP do not involve the use of a specialized chip. RipeMD is a 160-bit message digest algorithm. There are 128, 256, and 320-bit versions of this algorithm, called RIPEMD-128, RIPEMD-256, and RIPEMD-320, respectively. Password Authentication Protocol (PAP) is an encryption technology in which a user's name and password are transmitted over a network and compared to a table. Typically, the passwords stored in the table are encrypted.
Management wants you to provide full disk encryption for several of your organization's computers. You purchase specialized chips that will be plugged into the computers' motherboards to provide the encryption. Of what security practice is this an example? A) TwoFish B) PAP C) RipeMD D) GPG E) TPM
The network technologies should be matched with the descriptions in the following way: * DMZ - A network that is isolated from other networks using a firewall * VLAN - A network that is isolated from other networks using a switch * NAT - A transparent firewall solution between networks that allows multiple internal computers to share a single Internet interface and IP address * NAC - A network server that ensures that all network devices comply with an organization's security polic
Match the descriptions on the left with the network technologies on the right that it BEST matches. Descriptions * A network that is isolated from other networks using a firewall * A network server that ensures that all network devices comply with an organization's security policy * A network that is isolated from other networks using a switch * A transparent firewall solution between networks that allows multiple internal computers to share a single internet interface and IP address Network Technologies * DMZ * VLAN * NAT * NAC
The cloud deployments should be matched with the descriptions in the following manner: - Platform as a Service (PaaS) - Allows organizations to deploy Web servers, databases, and development tools in a cloud - Software as a Service (SaaS) - Allows organizations to run applications in a cloud - Infrastructure as a Service (IaaS) - Allows organizations to deploy virtual machines, servers, and storage in a cloud
Match: Descriptions - Allows organizations to deploy virtual machines, servers, and storage in a cloud - Allows organizations to deploy Web servers, databases, and development tools in a cloud - Allows organizations to run applications in a cloud Cloud Deployments - Platform as a Service - Software as a Service - Infrastructure as a Service
A) ad hoc You should use ad hoc, which is an 802.11b communications mode that enables wireless devices to communicate directly. The 802.11b wireless networking technology is sometimes referred to as WiFi. In infrastructure mode, 802.11b devices must communicate through wireless access points. Transport and tunnel modes are provided by Internet Protocol Security (IPSec) to transmit Internet Protocol (IP) packets securely.
Often the sales people for your company need to connect some wireless devices together without having an access point available. You need to set up their laptops to ensure that this communication is possible. Which communications mode should you use? A) ad hoc B) infrastructure C) transport D) tunnel
B) spread spectrum Spread spectrum is not a component of a transponder system-sensing card. Spread spectrum is a part of wireless technology. Proximity readers can be either user-activated or system-sensing readers. If the proximity reader is user activated, the user swipes the card and provides a valid sequence number as access credentials to the reader. This grants the user authorized access to the facility. In a system-sensing proximity reader, the user need not perform any action or provide credentials. The access control system automatically detects the user's presence in a specified area and authenticates the user based on the credentials transmitted to the reader. The reader sends the user credentials to an authentication server for processing. A proximity reader is used to prevent unauthorized employees from entering the data center. If a proximity reader is not used, another alternative is to use a guard. Some companies implement security cameras instead of multiple security guards. The security cameras allow a single security guard to actively monitor more than one entrance. System-sensing cards are classified into the following categories: Transponders have a receiver, a transmitter, a place to store the access code, and a battery. Following an authentication request from the reader, the card sends an access code to the reader and is granted authorized access to the facility area. Passive devices use the power from the reader. The reader transmits an electromagnetic field that is sensed by the passive device to ensure user credential authentication. Field-powered devices have their own power supply, and the card does not depend on the reader for power.
Recently, several desktop computers were stolen from your company's offices. It was discovered that the thieves gained access through a delivery entrance. Management decides that it wants to implement a transponder system-sensing card mechanism at all building entrances. What is NOT a component of this system? A) transmitter B) spread spectrum C) battery D) receiver
D) to control airflow in the data center Hot and cold aisles control airflow in the data center. Using environmental controls, hot air is expelled from equipment cabinets as cold air is pulled into the cabinets. Hot, warm, and cold sites provide an alternate location for IT services in case of disaster. EMI shielding protects against EMI, which can be caused by being in close proximity to other electronic devices. EMI shielding is also implemented to prevent a hacker from capturing network traffic. Humidity controls ensure that humidity remains at a certain level. Temperature controls ensure that temperature remains at a certain level.
What is the purpose of hot and cold aisles? A) to ensure that humidity remains at a certain level B) to provide an alternate location for IT services in case of disaster C) to protect against electromagnetic interferences (EMI) D) to control airflow in the data center
C) It requires that your organization periodically check the application vendor to ensure that the application is kept up-to-date. Patch management requires that your organization periodically check with the application vendor. Vendors usually announce the release of patches and updates so that users can deploy them on their computers. Patch management should be implemented for all operating systems and applications in use to ensure that all operating systems and applications are protected from security attacks. Fuzz testing, footprinting, and baselining do not require that your organization periodically check with the application vendor. Fuzz testing is used to identify bugs and security flaws within an application. Footprinting gathers data about a network to discover possible security issues. Baselining ensures that all systems have the same basic security elements.
What is the purpose of patch management? A) It is used to identify bugs and security flaws within an application B) It ensures that all systems have the same basic security elements. C) It requires that your organization periodically check the application vendor to ensure that the application is kept up-to-date. D) It gathers data about a network to discover possible security issues.
C) disk striping Disk striping provides only performance enhancements and does not provide fault tolerance. RAID 0 is known as disk striping. Data is striped over the number of hard drives in the array. If a single drive fails, the entire array cannot be used. Disk mirroring provides fault tolerance. RAID 1 is known as disk mirroring. Data is written to the first drive and immediately copied to the second drive. If a single drive fails, the data is available from the other drive. When implemented with multiple hard drive controller cards, it is known as duplexing. Duplexing provides fault tolerance for both the hard drives and the controller card. This is a method of hardware fault tolerance. RAID 3 provides fault tolerance. RAID 3 is known as byte-level striping with parity. Data is striped over all of the hard drives in the array, except one. One hard drive is reserved for parity data. If a single drive fails, the data on it can be rebuilt using the parity information. This RAID level is not commonly used today. RAID 5 provides fault tolerance. RAID 5 is known as block-level disk striping with parity. Data is striped over all of the hard drives in the array; parity data is written to all of the drives. If a single drive fails, the data on it can be rebuilt using the information from the other drives. This is one of the most popular raid versions. Clustering is not a RAID level. Clustering is a server technology that distributes processing across multiple servers. Logically a server cluster appears as one server to a client computer. Clustering is similar to redundant servers. However, with redundant servers only one server actually processes requests. The other server acts as a backup in the event the main server fails. RAID 2 is another striping level that stripes data at the bit level instead of the block level. It is not commonly used today. RAID 4 is block-level striping with parity. Data is striped over all of the hard drives in the array, except one. One hard drive is reserved for parity data. If a single drive fails, the data on it can be rebuilt using the parity information. This level is more widely used than RAID 3 because it stripes data at the block level rather than at the bit level. RAID 6 is the same as RAID 5 except that it provides a second parity set. Data is striped over all of the hard drives in the array; two sets of parity data are written to all of the drives as well. RAID 7 is a proprietary RAID level that adds caching to RAID 3 or RAID 4. RAID 10 is a stripe of mirrors. Multiple mirrors are created, and data is striped across these mirrors. For example, the first piece of data is written to the first drive of the first mirror. Then it is copied to the second drive of the first mirror. This RAID level will support multiple drive failures. RAID 0+1 is a mirror of stripes. Two striped sets are created, and the set is mirrored. For example, the first piece of data is written to the first striped set. Then it is copied to the second stripe set. This RAID level will support multiple drive failures. RAID can be implemented using hardware or software. Hardware RAID uses dedicated hardware, such as a RAID controller card, to control the RAID. Software RAID uses software, usually the operating system, to control the RAID. Software RAID is cheaper and easier to configure, but it does not provide the performance enhancements and reliability that hardware RAID does. Software RAID can only be implemented on RAID 0, 1, and 5. Hardware RAID can be implemented on all RAID level, except RAID 1 duplexing. In today's RAID implementations, most of the drives are hot swappable, meaning they can be removed and reinserted while the computer is operational.
Which RAID level provides only performance enhancements and does not provide fault tolerance? A) disk mirroring B) clustering C) disk striping D) RAID 3 E) RAID 5
A) Level 5 Redundant Array of Independent Disks (RAID) Level 5, which provides disk striping with parity across multiple disks, writes both parity and data across all disks in the array. The parity information is stored on a drive separate from its data so that in the event of a single drive failure, information on the functioning disks can be used to reconstruct the data from the failed disk. RAID Level 5 requires at least three hard disks but typically uses five to seven disks. The maximum number of disks supported is 32. RAID Level 0 is known as disk striping. This RAID level stripes data across the drives to improve disk read/write efficiency. However, this RAID level does not provide redundancy. If any drive in the array fails, the data is lost. RAID Level 1 is known as disk mirroring or disk duplexing. Disk mirroring occurs when two disks are configured in a mirror. Any data written to disk one is also written to disk two. Disk duplexing also involves the use of an additional hard drive controller. If either drive fails, the data can be retrieved from the remaining drive. RAID Level 3 is byte-level striping with parity. RAID Level 3 is similar to RAID Level 5, except RAID Level 3 has a dedicated parity drive. In RAID Level 5, parity data exists on all disks in the array. The primary concern of RAID is availability.
Which RAID level requires at least three hard disks and writes both parity and data across all disks in the array? A) Level 5 B) Level 3 C) Level 1 D) Level 0
A) patch management Patch management requires that your organization periodically check with the application vendor. Vendors usually announce the release of patches and updates so that users can deploy them on their computers. Fuzz testing, footprinting, and baselining do not require that your organization periodically check with the application vendor. Fuzz testing is used to identify bugs and security flaws within an application. Footprinting gathers data about a network to discover possible security issues. Baselining is the process of comparing performance to a recorded metric.
Which application hardening method requires that your organization periodically check with the application vendor? A) patch management B) footprinting C) fuzz testing D) baselining
A)firmware version control B)network segments C)ACLs D)application firewall You should implement application firewalls, firmware version control, network segments, and access control lists (ACLs) to mitigate the security risks of SCADA systems. For testing purposes, you should understand the controls that you can implement to protect static environments, including SCADA, embedded environments (printer, smart TV, HVAC), Android, iOS, mainframe, game consoles, and in-vehicle computing systems. The controls that can be implemented in these static environments include the following: Network segmentation - This allows you to isolate the static environments on its own network. One example is to deploy NIPS at the edge of the SCADA network to protect the SCADA systems from misuse. Security layers - Security professionals should access all layers of security, including physical access to static environments. A layered defense model ensures that devices are protected no matter where or how the attack originates. Application firewalls - This allows you to protect the applications that control the static environments. Manual updates - While manual updates may be harder to implement than automatic updates, manual updates can ensure that updates are thoroughly tested before being implemented in the live environment. Updates can have unexpected consequences if they are implemented without being fully tested. Firmware version control - This ensures that only firmware updates from the vendor are implemented in static environments. If an unauthorized version of firmware is installed, attackers may be able to access the environment. Wrappers - These are used to secure communication between the management system and the remote administrator. Control redundancy and diversity - Redundancy ensures that there are multiple ways to control the static environment. Diversity ensures that the controls can be implemented across multiple platforms or operating systems. If there is a vendor-specific vulnerability in critical industrial control systems, you can support availability by incorporating diversity into redundant design.
Which controls should you implement to mitigate the security risks of a Supervisory Control and Data Acquisition (SCADA) systems? (Choose all that apply.) A)firmware version control B)network segments C)ACLs D)application firewall
A)data at rest B)data in transit C)network throughput D)auditing You should be concerned about data at rest, data in transit, network throughput, and auditing when choosing a cloud storage provider. For data at rest and data in transit, some form of encryption should be used to protect the data. The available network throughput is important because network throughput may degrade over time. Auditing is important to ensure that you can investigate any security issues.
Which of the following concerns should you have when researching cloud storage for your organization? (Choose all that apply.) A)data at rest B)data in transit C)network throughput D)auditing
A) BitLocker BitLocker drive encryption works with TPM hardware. TPM is a hardware chip that stores encryption keys. The BitLocker technology encrypts drive contents so that data cannot be stolen. BitLocker can encrypt both user and system files. BitLocker is enabled or disabled by an administrator for all computer users and provides full disk encryption. TPM and hardware security module (HSM) both provide storage for the Rivest, Shamir, and Adleman (RSA) algorithm and may assist in user authentication. TPM is usually included with computers and can be deployed easier than HSM. None of the other options works with TPM hardware. Encrypting File System (EFS) encrypts the contents of a disk. However, EFS is enabled on a per-user basis and can only encrypt files belonging to the user that enabled EFS. EFS does not require any special hardware or administrative configuration. New Technology File System (NTFS) is the 32-bit file system used by Windows operating systems. Internet Protocol Security (IPSec) is a protocol that protects communication over a network.
Which technology works with Trusted Platform Module (TPM) hardware? A) BitLocker B) NTFS C) EFS D) IPSec
B) firewall A firewall is used to create a demilitarized zone (DMZ). A DMZ is a zone located between a company's internal network and the Internet that usually contains publically accessible servers. The DMZ implementation provides an extra security precaution to protect the resources on the company's internal network. Usually two firewalls are used to create a DMZ; one firewall resides between the public network and the DMZ, and another firewall resides between the DMZ and the private network. A router is used to create individual subnetworks on an Ethernet network. Routers operate at the Network layer of the OSI model (layer 3). While a firewall can also be a router, it is referred to as a firewall when it functions to create a DMZ. An active hub is used to connect devices in a star topology. An active hub has circuitry that allows signal regeneration. A passive hub connects devices in a star topology, but it does not provide any signal regeneration. A firewall is classified as a rule-based access control device. Rules are configured on the firewall to allow or deny packets passage from one network to another. The configuration of the rules is one of the biggest concerns for a firewall, because the rules can be very complex. Misconfiguration can easily lead to security breaches. Applying detailed instructions to manage the flow of network traffic at the edge of the network is implemented using firewall rules. These rules can allow or prevent traffic based on port, protocol, MAC address, or direction. A default rule found in a firewall's access control list (ACL) is Deny all. Filters are created according to the company's security policy. To provide maximum file security, firewalls should not run the Network Information System (NIS) file system. Compilers should be deleted from firewalls.
Which term is most commonly used to describe equipment that creates a demilitarized zone (DMZ)? A) active hub B) firewall C) router D) passive hub
B)An audit trail is a preventive control. D)An audit trail does not record successful login attempts. E)An audit trail is reviewed only when an intrusion is detected. An audit trail is not a preventive control. It is a detective control that maintains a sequential record of the system activities and the system resource usage. An audit trail records a lot of useful information, such as successful and unsuccessful login attempts, user identification, password usage, and resources accessed by a user over a span of time. Audit trails can also provide information about events related to the operating system and the application. Audit trail records are usually reviewed before an intrusion has been detected and contained. Before the affected system is reinstalled and production restarted, audit trail records enable you to track the source of the intrusion, understand the type of attack, and identify any loophole that can result in a potential security breach in the future. The main purpose of audit logs and trails is to establish individual accountability and responsibility. Access to audit logs and trails should be tightly controlled. In addition, the data recorded in an audit log must be strictly controlled. Separation of duties must be enforced to ensure that personnel who administer the access control function and personnel who administer the audit trail are two different people. A security administrator should periodically review audit trails to detect any suspicious activity or a performance bottleneck in the infrastructure resources. An administrator can select certain critical events and log them for review. The administrator can later use the events for analysis. Instead of manually reviewing a large amount of audit trail data, applications and audit trail analysis tools can be used to reduce the volume of audit logs and to improve the efficiency of the review process. Such analysis tools can be used to provide information about specific events in a useful format and in sufficient details.
Which three statements regarding an audit trail are NOT true? (Choose three.) A)An audit trail assists in intrusion detection. B)An audit trail is a preventive control. C)An audit trail establishes accountability for access control. D)An audit trail does not record successful login attempts. E)An audit trail is reviewed only when an intrusion is detected.
C) L2TP over IPSec You should use Layer 2 Tunneling Protocol (L2TP) over IPSec. When you implement L2TP over IPSec, it encrypts transmitted traffic on virtual private network (VPN) connections. L2TP supports multiple protocols, such as Transmission Control Protocol (TCP), Internet Protocol (IP), Internetwork Packet Exchange (IPX), and Systems Network Architecture (SNA). L2TP is based on two older tunneling protocols: Point-to-Point Tunneling Protocol (PPTP) and Layer 2 Forwarding (L2F). Hypertext Transfer Protocol (HTTP) transmits information in clear text. Hypertext Transfer Protocol Secure (HTTPS) uses Secure Sockets Layer (SSL) to encrypt HTTP traffic. HTTPS only supports the encryption of HTTP traffic. File Transfer Protocol (FTP) transmits data in clear text.
You are implementing a new VPN for your organization. You need to use an encrypted tunneling protocol that protects transmitted traffic and supports the transmission of multiple protocols. Which protocol should you use? A) HTTPS B) FTP C) L2TP over IPSec D) HTTP
C)raking D)shimming Both raking and shimming are techniques to circumvent locks. Raking is a technique used by intruders to circumvent a lock. For example, a pick is used to circumvent a pin tumbler lock. Shimming is a technique in which an authorized user disassembles a lock without the use of an operating key. Spamming involves sending large number of unsolicited commercial emails to unsuspecting clients. Spamming floods the mailbox of a user and overloads a network, which adversely affects the performance of the network. A SYN flood is an example of network-based attack. In a SYN flood attack, the attacker repeatedly sends synchronization (SYN) packets from a spoofed IP addresses to the victim's host computer. The victim's host computer responds with valid synchronization acknowledgement (SYN-ACK) packets and keeps waiting for the acknowledgement (ACK) packet to establish a TCP three-way handshake process for data transfer. In the absence of the ACK packets from the malicious computer, the victim's host computer continues to respond to each connection attempt from the hostile computer. This results in denial of service to legitimate hosts because of resource exhaustion. Locks are safety controls that can be used to increase physical security. Other safety controls include fencing, lighting, closed-circuit television (CCTV), and testing controls. As part of any safety measures you implement, you should prepare escape plans with mapped escape routes for all building occupants. These escape plans and routes should be posted prominently throughout the building. In addition, your company should periodically perform escape drills to ensure that personnel know how to vacate the building properly.
You assessed the physical security of your company's data processing center. As part of this assessment, you documented all of the locks on both internal and external doors. You have identified several traditional door locks that you want to replace with digital locks. To support the need for this upgrade, you want to identify methods whereby traditional locks can be circumvented. Which methods involve circumventing a lock for intrusion? (Choose all that apply.) A)spamming B)SYN flood C)raking D)shimming
A) TPM chip To implement hardware-based encryption on a Windows Server 2008 computer, you need a Trusted Platform Module (TPM) chip. To implement hardware-based encryption, you need the appropriate management software. Another chip that could be used is a Hardware Security Module (HSM) chip, which is used in public key infrastructure (PKI) and clustered environments. HSMs can be easily added to an existing system. HSM chips can both generate and store keys. TPM chips are permanently mounted on the hard drive and cannot be replaced. Hardware-based encryption is faster than software-based encryption. HSM is the most secure way of storing keys or digital certificates used for encryption of SSL sessions. New Technology File System (NTFS) and Encrypting File System (EFS) are file systems and can be used to implement software-based encryption, not hardware-based encrypted. Wake-on-LAN (WOL) is a technology that allows a computer to be turned on by a network message.
You have been asked to implement hardware-based encryption on a Windows Server 2008 computer. What is required to do this? A) TPM chip B) NTFS C) Wake-on-LAN D) EFS
C) a firewall An administrator can install a firewall on a network to create a demilitarized zone (DMZ). A DMZ separates a public network from a private network. A DMZ can be implemented with one firewall that is connected to the DMZ segment, the private network, and the Internet. A DMZ can also be implemented with two firewalls. In this configuration, one firewall is connected to a private network and a DMZ segment, and the other firewall is connected to the Internet and the DMZ segment. To implement a firewall, you should first develop and implement a firewall policy. When configuring a firewall policy, the default setting should deny all traffic not explicitly allowed. Firewalls implement stateful inspection by inspecting every packet and allowing or denying the packet based on the firewall policy. A bridge is a device that separates a network into distinct collision domains to control network traffic. A network divided by a bridge is considered to be a single network. A hub is a central connection device used on Ethernet networks. A router is a device that is designed to transmit data between networks on a TCP/IP internetwork. Bridges, hubs and routers are not used to create DMZs.
You have been hired by a law firm to create a demilitarized zone (DMZ) on their network. Which network device should you use to create this type of network? A) a bridge B) a hub C) a firewall D) a router
B) BitLocker To Go You should implement BitLocker To Go to ensure that USB flash drives issued by your organization are protected by encryption. USB flash drives are considered to be a security issue because of their portability and the amount of data they can store. Organizations should ensure that USB flash drive usage is limited and controlled. BitLocker To Go can be used on many types of removable media. If you have a Windows Server 2012 network, you can deploy the appropriate group policies to ensure that all USB drives use USB encryption and BitLocker To Go. Encrypting File System (EFS) is used to encrypt individual files, not entire drives. Because you need to ensure that the entire drive is encrypted, you need to implement BitLocker. There are other encryption systems that provide file-level, folder-level, and database-level encryption. Data Encryption Standard (DES) and Advanced Encryption Standard (AES) are cryptographic algorithms used to confidentially transmit data. BitLocker is available in Windows 7. It provides a means to encrypt an entire volume with 128-bit encryption. TPM and HSM work with BitLocker, but BitLocker can be used without a TPM or HSM chip. Access mechanisms to data on encrypted USB hard drives must be implemented correctly. If they are not, user accounts may be inadvertently locked out because the users do not have the appropriate password to access the drive.
You need to ensure that USB flash drives issued by your organization are protected by encryption. What should you implement? A) Encrypting File System B) BitLocker To Go C) Advanced Encryption Standard D) Data Encryption Standard
B) isolation mode You should implement isolation mode. This mode ensures that wireless clients can only communicate with the wireless access point and not with other wireless clients. This is also referred to as client isolation mode. Protected Extensible Authentication Protocol (PEAP) is a secure password-based authentication protocol created to simplify secure authentication. Lightweight Extensible Authentication Protocol (LEAP) is an authentication protocol used exclusively by Cisco. Cisco is slowly transitioning from using its proprietary LEAP protocol to using PEAP because LEAP is not as secure as PEAP. A Service Set Identifier (SSID) is a wireless network's name.
You need to ensure that wireless clients can only communicate with the wireless access point and not with other wireless clients. What should you implement? A) SSID B) isolation mode C) PEAP D) LEAP
B) a VLAN You should deploy a virtual local area network (VLAN). This type of network can be used to ensure that internal access to other parts of the network is controlled and restricted. A VLAN is usually created using a switch. VLAN segregation protects each individual segment by isolating the segments. VLAN segregation is best used to prevent ARP poisoning attacks across a network. VLANs provide a layer of protection against sniffers, and can decrease broadcast traffic. Creating a VLAN is much simpler than using firewalls or implementing a virtual private network (VPN). A VLAN is a good solution if you need to separate two departments into separate networks. VLAN management is implemented at the switch to configure the VLANs and the nodes that are allowed to participate in a particular VLAN. You can configure a switch to allow only traffic from computers based upon their physical (MAC) address. A VPN is a private network that is implemented over a public network, such as the Internet. A demilitarized zone (DMZ) or screened subnet is a subnet on a LAN that is screened from the private network using firewalls and contains the publicly accessed servers, such as a Web server. An extranet is a secure network connection through the Internet that is designed for business-to-business communications.
You need to implement an independent network within your private LAN. Only users in the Research and Development department should be able to access the independent network. The solution must be hardware based. Which type of network should you deploy? A) an extranet B) a VLAN C) a DMZ D) a VPN
C) RAID RAID is a data storage solution that combines multiple physical drives into a single unit. The drives in the RAID configuration all reside in the same physical computer. iSCSI, Fibre Channel, and Fibre Channel over Ethernet (FCoE) are all data storage network solutions that allow you to link data storage locations.
Your company has decided to deploy a data storage network solution. You have been asked to research the available options and report the results, including deployment cost, performance, and security issues. Which of the following solutions should NOT be included as part of your research? A) FCoE B) iSCSI C) RAID D) Fibre Channel
C) secure code review Secure code review examines all written code for any security holes that may exist. Secure code review should occur initially in software development. Secure coding concepts include exception handling, error handling, and input validation. During the system development life cycle (SDLC), secure coding concepts are included as part of application hardening. Baseline reporting ensures that security policies are being implemented properly. By providing baselines, gap analysis can determine if the current configuration has been changed in any way. Review design includes any steps you take to review the design of your network, devices, and applications. It often involves examining the ports and protocols used and the access control practices implemented. Vulnerability scanning looks for weaknesses in applications, devices, and networks. You can also determine the attack surface and review architecture to help with the assessment. While both of these will allow you to identify areas where attacks may occur, they each assess different aspects. Determining the attack surface will help you identify the different components that can be attacked, and reviewing the architecture will help you identify network architecture security issues.
Your company has recently decided to create a custom application instead of purchasing a commercial alternative. As the security administrator, you have been asked to develop security policies and procedures on examining the written code to discover any security holes that may exist. Which assessment type will be performed as a result of this new policy? A) review design B) vulnerability scanning C) secure code review D) baseline reporting
A) Surveillance devices offer more protection than fences in the facility. Surveillance devices offer more protection than fences in the facility because they actually record activity for traffic areas. This provides a mechanism whereby tapes can be replayed to investigate security breaches. Passwords do NOT provide the best form of physical access facility control. Closed-circuit televisions (CCTVs) should always have a recording capability. CCTV is a detective security control. CCTV or video surveillance is the most reliable proof that a data center was accessed at a certain time of day. CCTVs should be implemented in any section of your organization's facilities where valuable assets are kept. The CCTV will record all activity and will provide video proof of any theft that occurs. However, you must ensure that the recording is configured properly to back up its data before overwriting. Most CCTVs have a maximum amount of storage space. CCTVs cannot be used in situations where mobile devices are allowed to be carried off the premises. All types of locks are part of the physical access control systems. The physical access controls can include the following as security measures: * guards to protect the perimeter of the facility * fences around the facility to prevent unauthorized access by the intruders * badges for the employees for easy identification * locks (combination, cipher, mechanical and others) within the facility to deter intruders * surveillance devices, such as CCTVs, to continuously monitor the facility for suspicious activity and record each activity for future use It is important to note that though passwords are a commonly used way of protecting data and information systems, they are not a part of the physical access controls in a facility. Passwords are a part of user authentication mechanism.
Your company has recently implemented several physical access controls to increase the security of the company's data processing center. The physical access controls that were implemented include surveillance devices, fences, closed-circuit television (CCTV), locks, and passwords. Which statement is true of these controls? A) Surveillance devices offer more protection than fences in the facility. B) Passwords provide the best form of physical access control in a facility. C) The CCTVs in physical access control do not need a recording capability. D) Only combination locks are part of the physical access control systems.
B) fault tolerance Fault tolerance ensures that you have the required number of components plus one extra to plug into any system in case of failure. Clustering is the process of providing failover capabilities for servers by using multiple servers together. A cluster consists of several servers providing the same services. If one server in the cluster fails, the other servers will continue to operate. A cold site for disaster recovery includes a basic room with raised flooring, electrical wiring, air conditioning, and telecommunications lines. To properly test disaster recovery procedures at the cold site, alternate telecommunications and computer equipment would need to be set up and configured. Server redundancy ensures that each server has another server that can operate in its place should the original server fail. Clustering is a form of server redundancy.
Your company has recently started adopting formal security policies to comply with several state regulations. One of the security policies states that certain hardware is vital to the organization. As part of this security policy, you must ensure that you have the required number of components plus one extra to plug into any system in case of failure. Which strategy is this policy demonstrating? A) server redundancy B) fault tolerance C) oold site D) clustering
B) Software as a Service You should use Software as a Service (SaaS) to deploy the suite of applications. This will ensure on-demand, online access to the suite without the need for local installation. Another example of this type of cloud computing deployment is when a company needs to give employees access to a database but cannot invest in any more servers. WebMail is an example of this cloud computing type. Virtualization hosts one or more operating systems (OSs) within the memory of a single host computer. This mechanism allows virtually any OS to operate on any hardware and allows multiple OSs to work simultaneously on the same hardware. Virtualization would not be the best choice here because it would limit the number of users who could access the application suite. In addition, the performance of the virtual machine would decline as more users simultaneously access the application suite. Platform as a Service (PaaS) is not the best choice here. PaaS is a platform that provides not only a deployment platform but also a value added solution stack and an application development platform. It provides customers with an operating system that is easy to configure. It is on-demand computing for customers. Infrastructure as a Service (IaaS) is not the best choice in this situation. IaaS is a platform that provides computer and server infrastructure typically provided as a virtualization environment. The platform would provide the ability for consumers to scale their infrastructure up or down by demand and pay for the resources consumed. This cloud computing model provides the greatest flexibility but requires a greater setup and maintenance overhead than the other cloud computing models. Cloud computing has three main models: SaaS, PaaS, and IaaS. The security control that is lost when using cloud computing is physical control of the data. The main difference between virtualization and cloud computing is location and ownership of the physical components. When virtualization is used, a company uses their own devices to set up a virtual machine. When cloud computing is used, a company pays for access to another company's devices. Other cloud technologies that you need to be familiar with include the following: * Private cloud - a cloud infrastructure operated solely for a single organization that can be managed internally or by a third party, and hosted internally or externally * Public cloud - when the cloud is rendered over a network that is open for public use * Community cloud - shares infrastructure between several organizations from a specific community that can managed internally or by a third party, and hosted internally or externally * Hybrid cloud - two or more clouds (private, community, or public) that remain unique entities but are bound together, offering the benefits of multiple deployment models
Your company needs to be able to provide employees access to a suite of applications. However, you do not want the employees to install a local copy of the applications. Which method should you use to deploy the suite of applications? A) Platform as a Service B) Software as a Service C) virtualization D) Infrastructure as a Service
C) fail-safe A fail-safe error handler should be created for unknown errors. This will ensure that the application stops working, reports the error, and closes down. A false positive is mistakenly flagging an event or error. A fail-over computer is a system that is connected to a primary computer and takes over if the primary computer fails. A fail-open error handler could cause security issues because it would not protect the application in the manner a fail-safe error handler would. While a fail-open system is best if you need to ensure availability, fail-open systems can cause security issues. For example, a malicious person can gain access to a datacenter by ripping the proximity badge reader off the wall near the datacenter entrance if the system is configured to fail open.
Your organization has a custom-designed application for tracking customer contacts. During the design of this application, the developers discovered many error conditions and created the appropriate handlers for these errors. However, you are concerned about errors that could occur but are unknown. Which type of error handler should be created for unknown errors? A) fail-open B) false positive C) fail-safe D) fail-over