CH. 7 Quiz Questions
To transfer files to your company's internal network from home, you use FTP. The administrator has recently implemented a firewall at the network perimeter and disabled as many ports as possible. Now you can no longer make the FTP connection. You suspect the firewall is causing the issue. Which ports need to remain open so you can still transfer the files? (Select two.) - 20 - 80 - 21 - 23 - 443
- 20 - 21
You have just purchased a new network device and are getting ready to connect it to your network. Which of the following actions should you take to increase its security? (select2) - Apply all patches and updates - Implement separation of duties - Remove any backdoors - Conduct privilege escalation - Change default account passwords
- Apply all patches and updates - Change default account passwords
Why do attackers prefer static environment devices to conduct distributed network attacks? (Select 2) - It is difficult to update the virus definitions used to protect these devices - Devices tend to employ much weaker security than traditional network devices - These devices are typically installed in the DMZ outside an orgranization's perimeter firewall - Smart device vendors tend to proactively protect their products against security threats. - Devices are, typically, more difficult to monitor than traditional network devices.
- Devices tend to employ much weaker security than traditional network devices - Devices are, typically, more difficult to monitor than traditional network devices.
You decide to use syslog to send log entries from multiple servers to a central logging server. Which of the following are the most important considerations for your implementation? (Select 2) - A fast network connection - Disk space on the syslog server - Clock synchronization between all devices - Retention policies on the syslog client
- Disk space on the syslog server - Clock synchronization between all devices
You have multiple users who are computer administrators. You want each administrator to be able to shut down systems and install drivers. What should you do? (Select 2) - Add the group to the DACL - Create a distribution group for the administrators and add all user accounts to the group - Grant the group the necessary user rights - Create a security group for the administrators and add all user accounts to the group - Add the group to the SACL
- Grant the group the necessary user rights - Create a security group for the administrators and add all user accounts to the group
You manage the information systems for a large manufacturing firm. Supervisory control and data acquistion (SCADA) devices are used on the manufacturing floor to manager your organization's automated factory equipment. The SCADA devices use embedded smart technology, allowing them to be managed using a mobile device app over an Internet connection. You are concerned about the security of these devices. What can you do to increase their security posture? (Select 2) - Install the latest firmware updates from the device manufacturer - Install anti-malware software on each device - Enroll each device in a mobile device management system - Install a network monitoring agent on each device - Verify that your network's existing security infrastructure is working properly.
- Install the latest firmware updates from the device manufacturer - Verify that your network's existing security infrastructure
Which of the following is not included in a system level audit event? (Select 2) - Beginning and ending times of access - Names of accessed files - Successful and unsuccessful logon attempts - Activities performed on the system - Any actions performed on the system - Any actions performed by the user - The user name logging in
- Names of access files - Any actions performed by the user
Which of the following mechanisms can you use to add encryption to email? (Select 2) - HTTPS - S/MIME - Reverse DNS - Secure Shell - PGP
- S/MIME - PGP
You manage the information systems for a large co-location data center. Networked environmental controls are used to manage the temperature within the data center. These controls use embedded smart technology allowing them to be managed using a mobile device app over an Internet connection. You are concerned about the security of these devices. What can you do to increase their security posture? (Select 2) - Verify that your network's existing security infrastructure is working properly - Enroll each device in a mobile device management system - Install the latest firmware updates from the device manufacturer - Rely on the device manufacturer to maintain device security with automated firmware updates - Install anti-malware software on each device
- Verify that your network's existing security infrastructure is working properly - Install the latest firmware updates from the device manufacturer
Which of the following tools can you use a Windows network to automatically distribute and install software and operating system patches on workstations? (Select2) - Security templates - WSUS - Group policy - Security configuration and analysis
- WSUS - Group policy
Arrange the Group Policy in the order in which they are applied. - The Local Group Policy on the PC - GPOs linked to the domain that contains the user or computer object - GPOs linked to the organization unit that contains the object.
1. The Local Group Policy on the PC. 2. GPOs linked to the domain that contains the user or computer object. 3. GPOs linked to the organization unit that contains the object.
You want to close all ports associated with NetBIOS on your network firewalls to prevent attacks directed against NetBIOS. Which ports should you close? - 67, 68 - 135, 137-139 - 161,162 - 389, 636
135, 137-139
Which of the following ports does FTP use to establish sessions and manage traffic? - 135-139 - 20,21 - 25, 110 - 80, 443
20,21
To increase security on your company's internal network, the administrator has disabled as many ports as possible. Now, however, though you can browse the Internet, you are unable to perform secure credit card transactions. Which port needs to be enabled to allow secure transactions? - 21 - 80 - 69 - 443 - 23
443
Smart devices are attractive targets for cyber criminals because they typically have minimal security and are not protected with anti-malware software. This makes it easier to exploit these types of devices and perpetrate attacks. Many smart devices can be utilized to conduct a single coordinated attack. What is this type of attack usually called? - A highly distributed attack - A highly centralized attack - A smartnet attack - A brute force attack
A highly distributed attack
Which of the following describes configuration baseline? - A collection of security settings that can be automatically applied to a device - The minimum services required for a server to function - A list of common security settings that a group or all devices share - A set of performance statistics that identifies normal operating performance
A list of common security settings that a group or all devices share
In a variation of the brute force attack, an attacker may use a predefined list (dictionary) of commonly used usernames and passwords to gain access to existing user accounts. Which countermeasure best addresses this issue? - A strong password policy - VLANs - AES encryption - 3DES encryption
A strong password policy
What is the main difference between a worm and a virus? - A worm tries to gather info, while a virus tries to destroy data - A worm is restricted to one system, while a virus can spread from system to system - A worm can replicate itself, while a virus requires a host for distribution - A worm requires an execution mechanism to start, while a virus can start itself.
A worm can replicate itself, while a virus requires a host for distribution.
You have a shared folder named Reports. Members of the Managers group have been given Write access to the shared folder. Mark Mangum is a member of the Managers group. He needs access to the files in the Reports folder, but should not have any access to the Confidential.xls file. What should you do? - Configure NTFS permissions for Confidential.xls to allow Read Only - Add Mark Magnum to the ACL for the Confidential.xls file with Deny permissions - Remove Mark Mangum from the Managers group - Add Mark Magnum to the ACL for the Reports directory with Deny permissions
Add Mark Magnum to the ACL for the Confidential.xls file with Deny permissions
You have been receiving a lot of phishing emails sent from the domain kenyan.msn.pl. Links within these emails open new browser windows at youneedit.com.pl You want to make sure these emails never reach your inbox, but you want to make sure that emails from other senders are not affected. What should you do? - Add pl to the email blacklist - Add msn.pl to the email blacklist - Add youneedit.com.pl to the email blacklist - Add kenyan.msn.pl to the email blacklist
Add kenyan.msn.pl to the email blacklist
Which of the following strategies can protect against a rainbow table password attack? - Add random bits to the password before hashing takes place - Educate users to resist social engineering attacks - Enforce strict password restrictions - Encrypt the password file with one-way encryption
Add random bits to the password before hashing takes place
What does the netstat -a command show? - All listening sockets - All connected hosts - All network users - All listening and non-listening sockets
All listening and non-listening sockets
Many popular operating systems allow quick and easy file and printer sharing with other network members. Which of the following is not a means by which file and printer sharing is hardened? - Allowing NetBIOS traffic outside of your secured network - Hosting all shared resources on a single centralized and secured server - Imposing granular access control via ACLs - Logging all activity
Allowing NetBIOS traffic outside of your secured network
Which of the following statements about the use of anti-virus software is correct? - Once installed, anti-virus software needs to be updated on a monthly basis - Anti-virus software should be configured to download updated virus definition files as soon as they become available. - If you install anti-virus software, you no longer need a firewall on your network - If servers on a network have anti-virus software installed, workstations do not need anti-virus software installed.
Anti-virus software should be configured to download updated virus definition files as soon as they become available.
Which of the following is the best recommendation for applying hotfixes to your servers? - Wait until a hotfix becomes a patch, then apply it - Apply only the hotfixes that affect to software running on your systems - Apply hotfixes immediately as they are released - Apply all hotfixes before applying the corresponding service pack
Apply only the hotfixes that affect to software running on your systems
What is another name for a logic bomb? - DNS poisoning - Pseudo flaw - Trojan horse - Asynchronous attack
Asynchronous attack
Which of the following is a collection of recorded data that may include details about logons, object access, and other activities deemed important by your security policy that is often used to detect unwanted and unauthorized user activity? - Syslog - CPS (certificate practice statement) - Audit Trail - Chain of custody
Audit trail
A recreation of historical events is made possible through? - Audit trails - Penetration testing - Incident reports - Audits
Audit trails
Which of the following terms identifies the process of reviewing log files for suspicious activity and threshold compliance? - Phishing - CompSec - Scanning - Auditing
Auditing
A collection of zombie computers have been setup to collect personal information. What type of malware do the zombie computers represent? - Botnet - Trojan horse - Logic bomb - Spyware
Botnet
Network communication security settings.
Computer configuration
Scripts that should run at startup or shutdown
Computer configuration
Software that should be installed on a specific computer
Computer configuration
To tightly control the anti-malware settings on your computer, you elect to update the signature file manually. Even though you vigilantly update the signature file, the machine becomes infected with a new type of malware. Which of the following actions would best prevent this scenario from occurring again? - Create a scheduled task to run sfc.exe daily - Configure the software to automatically download the virus definition files as soon as they become available - Switch to a more reliable anti-virus software - Carefully review open firewall ports and close any unnecessary ports
Configure the software to automatically download the virus definition files as soon as they become available
You want to store your computer-generated audit logs in case they are needed in the future for examination or to be used as evidence in the event of a security incident. Which method can you use to ensure that the logs you put in storage have not been altered when you go to use them in the future? - Encrypt the logs - Create a hash of each log - Make two copies of each log and store each copy in a different location - Store the logs in an offsite facility
Create a hash of each log
You want to give all managers the ability to view edit a certain file. To do so, you need to edit the discretionary access control list (DACL) associated with the file. You want to be able to easily add and remove managers as their job positions change. What is the best way to accomplish this? - Create a security group for the managers. Add all users as members of the group. Add the group to the file's DACL. - Add one manager to the DACL that grants all permissions. Have this user add other managers as required. - Add each user account to the file's DACL. - Create a distribution group for the managers. Add all users as members of the group. Add the group to the file's DACL.
Create a security group for the managers. Add all users as members of the group. Add the group to the file's DACL.
What is the purpose of audit trails? - Detect security-violating events - Prevent security breaches - Problem correction - Restore systems to normal operations
Detect security-violating events
When securing a newly deployed server, which of the following rules of thumb should be followed? - Determine unneeded services and their dependencies before altering the system - Disable each service in turn and then test the system for negative effects - Disable all unused services - Disable all services not associated with supporting shared network services
Determine unneeded services and their dependencies before altering the system
Which of the following actions should you take to reduce the attack surface of a server? - Disable unused services - Install the latest patches and hotfixes - Install a host-based IDS - Install anti-malware software
Disable unused services
Preventing loss of control of sensitive data
Enroll devices in a mobile device management system.
Verifies the appropriate use of accounts and privileges
Escalation auditing
Which of the following is not an advantage when using an internal auditor to examine security systems and relevant documentation? - An internal auditor is familiar with organizational goals - Orientation time is minimized - Findings in the audit and subsequent summations are viewed objectively - An internal auditor has knowledge of the inner workings of the organization
Findings in the audit and subsequent summations are viewed objectively
You have heard about a Trojan horse program where the compromised systems sends personal information to a remote attacker on a specific TCP port. You want to be able to easily tell whether any of your systems are sending data to the attacker. Which log would you monitor? - Application - System - Security - Firewall
Firewall
You suspect that some of your computers have been hijacked and are being used to perform denial of service attacks directed against other computers on the internet. Which log would you check to see if this is happening? - Application - System - Firewall - Security
Firewall
For users who are member of the Sales Team, you want to force their computers to use a specific desktop background and remove access to administrative tools from the Start menu. Which solution should you use? - Group policy - Account restrictions - Account policies - File screens
Group policy
Which of the following solutions would you use to control the actions that users can perform on a computer, such as shutting down the system, logging on through the network, or loading and unloading device drivers? - NTFS permissions - Account policies - Group policy - Account restrictions
Group policy
You have contracted with a vendor to supply a custom application that runs on Windows workstations. As new application versions and patches are released, you want to be able to automatically apply these to multiple computers. Which tool would be the best choice to use? - Group policy - Security Templates - WSUS - Security Configuration and Analysis
Group policy
By definition, what is the process of reducing security exposure and tightening security controls? - Hardening - Passive reconnaissance - Active scanning - Social engineering
Hardening
Which of the following terms describes a Windows OS patch that corrects a specific problem and is released on a short-term, periodic basis (typically monthly)? - Kernel fix kit - Service pack - Hotfix - Targeted software patch
Hotfix
Preventing malware infections
Implementing a network access control (NAC) solution
You notice a growing number of devices, such as environmental control systems and wearable devices, are connecting to your network. These devices, known as smart devices, are sending and receiving data via wireless network connections. Which of the following labels applies to this growing ecosystem of smart devices? - Internet of Things - The smartnet - Internet of Smart devices - Dynamic environment
Internet of Things
You have installed anti-malware that checks for viruses in email attachments. You configure the software to quarantine any files with problems. You receive an email with an important attachment, but the attachment is not there. Instead, you see a msg that the file has been quarantined by the anti-malware software. What has happened to the file? - It has been moved to a secure folder on your computer - It has been deleted from your system - The infection has been removed, and the file has been saved to a different location - The file extension has been changed to prevent it from running
It has been moved to a secure folder on your computer
Which of the following best describes spyware? - It is a malicious program disguised as legitimate software - It monitors the actions you take on your machine and sends the info back to its originating source - It monitors user actions that denote personal preferences, then sends pop-ups and ads to the user that match their taste - It is a program that attempts to damage a computer system and replicate itself to other computer systems
It monitors the actions you take on your machine and sends the info back to its originating source
You have two folders that contain documents used by various departments: o The Development group has been given the Write permission to the Design folder. o The Sales group has been given the Write permission to the Products folder. No other permission have been given to either group. User Mark Tillman needs to have the Read permission to the Design folder and the Write permission to the Products folder. You want to use groups as much as possible. What should you do? - Make Mark a member of the Development group; add Mark's user account directly to the ACL for the products folder. - Make Mark a member of the Sales group; add Mark's user account directly to the ACL for the Design folder - Add Mark's user account directly to the ACL for both the Design and Products folders - Make Mark a member of the Development and Sales groups
Make Mark a member of the Sales group; add Mark's user account directly to the ACL for the Design folder.
You have a file server named Srv3 that holds files used by the Development department. You want to allow users to access the files over the network, and control access to files when files are accessed through the network or through a local logon. Which solution should you implement? - NTFS permissions and file screens - Share permissions and file screens - NTFS and share permissions - Share permissions and quotas
NTFS and share permissions
You install a new Linux distribution on a server in your network. The distribution includes an SMTP daemon that is enabled by default when the system boots. The SMTP daemon does not require authentication to send e-mail messages. Which type of e-mail attack is this server susceptible to? - Sniffing - Viruses - Phishing - Open SMTP relay
Open SMTP relay
You have placed an FTP server in your DMZ behind your firewall. The FTP server will be used to distribute software updates and demonstration versions of your products. Users report that they are unable to access the FTP server. What should you do to enable access? - Move the FTP outside of the firewall - Install a VPN - Define user accounts for all external visitors - Open ports 20 and 21 for inbound and outbound connections
Open ports 20 and 21 for inbound and outbound connections
Which of the following is most vulnerable to a brute force attack? - Biometric authentication - Password authentication - Two-factor authentication - Challenge-response token authentication
Password authentication
You suspect that your web server has been the target of a denial-of-service attack. You would like to view information about the number of connections to the server over the past three days. Which log would you most likely examine? - Performance - Security - Firewall - System
Performance
Properly configured passive IDS and system audit logs are an integral part of a comprehensive security plan. What step must be taken to ensure that the information is useful in maintaining a secure environment? - All logs should be deleted and refreshed monthly - All files must be verified with the IDS checksum - Periodic reviews must be conducted to detect malicious activity or policy violations - The accounting department must compress the logs on a quarterly basis
Periodic reviews must be conducted to detect malicious activity or policy violations
Users in your organization receive email messages informing them that suspicious activity has been detected on their bank account. They are directed to click a link in the email to verify their online banking username and password. The URL in the link is in the .ru top-level DNS domain.online banking username and password. What kind of attack has occurred? - Phishing - Open SMTP relay - Virus - Buffer overflow
Phishing
The auditing feature of an operating system serves as what form of control when users are informed that their actions are being monitored? - Preventative - Corrective - Detective - Directive
Preventative
Checks user/group rights and privileges to identify cases of creeping privileges
Privilege auditing
What does hashing of log files provide? - Proof that the files have not been altered - Confidentiality to prevent unauthorized reading of the files - Preventing the system from running when the log files are full - Sequencing of files and log entries to recreate a timeline of events - Preventing log files from being altered or overwritten
Proof that the files have not been altered
Which of the following password attacks uses preconfigured matrices of hashed dictionary words? - Rainbow table - Brute Force - Dictionary - Hybrid
Rainbow table
Which of the following are characteristics of a rootkit? (Select2) - Monitors user actions and opens pop-ups based on user preferences - Requires administrator-level privileges for installation - Uses cookies saved on the hard drive to track user preferences - Hides itself from detection
Requires administration-level privileges for installation and hides itself from detection
Identifies inefficient IT strategies, such as weak policies and procedures
Risk evaluation
Which of the following is undetectable software that allows administrator-level access? - Spyware - Worm - Logic bomb - Trojan horse - Rootkit
Rootkit
You have heard about a new malware program that presents itself to users as a virus scanner. When users run the software, it installs itself as a hidden program that has admin access to various OS components. The program then tracks system activity and allows an attacker to remotely gain admin access to the computer. Which of the following terms best describes this software? - Trojan horse - Rootkit - Spyware - Privilege escalation - Botnet
Rootkit
You want to use a protocol for encrypting emails that uses a PKI with X.509 certificates. Which method should you choose? - S/MIME - IPsec - SSH - AES
S/MIME
Which of the following network services or protocols uses TCP/IP port 22? - IMAP4 - NNTP - TFTP - SSH
SSH
FTPS uses which mechanism to provide security for authentication and data transfer? - Token devices - Multi-factor authentication - IPsec - SSL
SSL
You have installed anti-virus software on the computers on your network. You update the definition and engine files and configure the software to update those files every day. What else should you do to protect your system from malware? (Select2) - Schedule regular full system scans - Disabled UAC - Enable account lockout - Educate users about malware - Enable chassis intrusion detection
Schedule regular full system scans and educate users about malware
What is the primary distinguishing characteristic between a worm and a logic bomb? - Incidental damage to resources - Masquerades as a useful program - Spreads via email - Self-replication
Self-replication
An attacker sends an unwanted and unsolicited email message to multiple recipients with an attachment that contains malware. What kind of attack has occurred in this scenario? - Spam - Repudiation attack - Open SMTP relay - Phishing
Spam
Which of the following could easily result in a denial of service attack if the victimized system had too little free storage capacity? - Spam - Sniffing - Impersonation - Replay attack
Spam
If an SMTP server is not properly and securely configured, it can be hijacked and used maliciously as a SMTP relay agent. Which activity could result if this happens? - Virus hoax - Salami attack - Data diddling - Spamming
Spamming
Which type of malicious activity can be described as numerous unwanted and unsolicited e-mail messages sent to a wide range of victims? - Brute force - Spamming - Hijacking - Trojan horse
Spamming
Preventing malicious insider attacks
Specify where and when mobile devices can be possessed in your acceptable use policy.
Supporting mobile device users
Specify who users can call for help with mobile device apps in your acceptable use policy
Which type of virus conceals its presence by intercepting system requests and altering service outputs? - Retro - Polymorphic - Stealth - Slow
Stealth
Which of the following is a standard for sending log messages to a central logging server? - Syslog - OVAL - LC4 - Nmap
Syslog
Over the past few days, a server has gone offline and rebooted automatically several times. You would like to see a record of when each of these restarts has occurred. Which log type should you check? - Performance - Firewall - Security - System
System
You have recently experienced a security incident with one of your servers. After some research, you determine that hotfix #568994 that has recently been released would have protected the server. Which of the recommendations should you follow when applying the hotfix? - Test the hotfix and then apply it to the server that had the problem - Test the hotfix and then apply it to all servers - Apply the hotfix immediately to all servers - Apply the hotfix immediately to the server; apply the hotfix to other devices only as the security threat manifests itself
Test the hotfix and then apply it to all servers
Which of the following is a snap-in that allows you to apply a template or compare a template to the existing security settings on your computer? - The Security Configuration and Analysis snap-in - The Active Directory Security Template snap-in - The NSA Template snap-in - The Microsoft Management Console snap-in
The Security Configuration and Analysis snap-in
Which of the following best describes an audit daemon? - The driver responsible for accepting audit records from the audit kernel. - The component that examines audit trails from current or previous audit sessions and reduces or compresses them for archival - The interface that allows the administrator to handle, set up, initialize, and modify subsystem parameters. - The trusted utility that runs a background process whenever auditing is enabled
The trusted utility that runs a background process whenever auditing is enabled
Which is a program that appears to be a legitimate application, utility, game, or screensaver and performs malicious activities surreptitiously? - Worm - Outlook Express - Trojan Horse - ActiveX Control
Trojan Horse
If your anti-virus software does not detect and remove a virus, what should you try first? - Search for and delete the file you believe to be infected - Scan the computer using another virus detection program - Set the read-only attribute of the file you believe to be infected - Update your virus detection software
Update your virus protection software
Documents incidents for security violations and incident responses
Usage auditing
A user named Bob Smith has been assigned a new desktop workstation to complete his day-to-day work. When provisioning Bob's user account in your organization's domain, you assigned an account name of BSmith with an initial password of bw2Fs3d. On first login, Bob is prompted to change his password, so he changes it to the name of his dog (Fido). What should you do to increase the security of Bob's account? (select2) - Require him to use the initial pw, which meets the complexity requirements - Use Group Policy to require strong passwords on user accounts - Train users not to use passwords that are easy to guess - Configure user account names that are not easy to guess - Do not allow users to change their own passwords - Use a stronger initial password when creating user accounts
Use group policy to require strong passwords on user accounts and train users not to use passwords that are easy to guess.
You are concerned that an attacker can gain access to your Web server, make modifications to the system, and alter the log files to hide his actions. Which of the following actions would best protect the log files? - Configure permissions on the log files to prevent access - Encrypt the log files - Use syslog to send log entries to another server - Take a hash of the log files
Use syslog to send log entries to another server
Determines whether privilege-granting processes are appropriate and whether computer use and escalation processes are in place and working
User access and rights review
Scripts that should run at logon or logoff.
User configuration
Software that should be installed for a specific user
User configuration
Which of the following describes Privilege auditing? - An employee is granted the minimum privileges required to perform the duties of her position - Users' and groups' rights and privileges are checked to guard against creeping privileges - Users' activities are logged to document incidents for security investigations and incident responses - No single user is granted sufficient privileges to compromise the security of an entire environment
Users' and groups' rights and privileges are checked to guard against creeping privileges
What is the most common means of virus distributions? - Music download from the Internet - Email - Commercial software CDs - Floppy disks
Which command should you use to display both listening and non-listening sockets on your Linux system?
netstat -a
You need to increase the security of your Linux system by finding and closing open ports. Which of the following commands should you use to locate open ports? - traceroute - nmap - netstat - nslookup
nmap
Which command should you use to scan for open TCP ports on your Linux system?
nmap -sT
You want to make sure no unneeded software packages are running on your Linux server. Select the command from the drop-down list that you can use to see all installed RPM packages.
yum list installed