Chapter 8
You manage the information systems for a large co-location data center. Networked environmental controls are used to manage the temperature within the data center. These controls use embeded smart technology allowing them to be managed using a mobile device app over an Internet connection. You are concerned about the security of these devices. What can you do to increase their security posture?
Verify that your network's existing security infrastructure is working properly.
Which commands should you use to display both listening and non-listening sockets on your Linux system?
netstat -a
You need to increase the security of your Linux system by finding and closing open ports. Which of the following commands should you use to locate open ports?
nmap
Which command should you use to scan for open TCP ports on your LINUX system?
nmap -sT
Which of the following describes a configuration baseline?
A list of common security settings that a group or all devices share
Which of the following describes a logic bomb?
A program that performs a malicious activitiy at a specific time or after a triggering event.
In a variation of the brute force attack, an attacker may use a predefined list (dictionary) of commonly used usernames and passwords to gain access to existing user accounts. Which countermeasures best addresses the issue?
A strong password policy
What is the main difference between a worm and a virus?
A worm can replicate itself, while a virus requires a host for distribution
You have a file server named srv3 that holds files used by the Development department. You want to allow users to access the files over the network, and control access to files when files are access through the network or through a local logon. Which solution should you implement?
Add Mark Mangum to the ACL for the Confidential.xls file with Deny permissions
While browsing the Internet, you notice that the browser displays ads that are targeted towards recent keyword searches you have performed. What is this an example of?
Adware
What will the netstat -a command show?
All listening and non-listening sockets
Many popular operating systems allow for quick and easy sharing of files and printers with other network memebrs. Which of the following is not a measure by which file and printer sharing is hardened?
Allowing NetBIOS traffic outside of your secured network
Which of the following measures are you most likely to implement to protect against a worm or Trojan horse?
Anti-virus software
Which of the following statements about the use of anti-virus software is correct?
Anti-virus software should be configured to download updated viruses definition files as soon as they become available.
Which of the following is the best recommendation for applying hotfixes to your servers?
Apply only the hotfixes that apply to software running on your systems
What is another name for a logic bomb?
Asynchronous attack
Developers in your company have created a Web application that interfaces with a database serve. During development, programmers created a special user account that bypasses that normal security. What is this an example of?
Backdoor
NetBus and back orifice are remote control tool. They allow you to connect to a remote system over a network and operate it as if you were sitting at a local keyboard. Unfortuntely, these two programs are also examples of what type of security concern?
Backdoor trojans
A collection of zombie computers have been set up to collect personal information. What type of malware do the zombie computers represent?
Botnet
You have just purchased a new network device and are getting ready to connect it to your network. Which of the following should you do to increase its security?
Change default account passwords Apply all patches and updates
You want to give all managers the ability to view and edit a certain file. To do so, you need to edit the discretionary access control list (DACL) associated with the file. You want to be able to easily add and remove managers as their job positions change. What is the best way to accomplish this?
Create a security group for the managers. Add all users as members of the group. Add the group to the file's DACL
When securing a newly deployed server, which of the following rules of thumb should be followed?
Determine the unneeded services and their dependencies before altering the system.
Which of the following actions should you take to reduce the attack surface of a server?
Disable unused services
You have multiple users who are computer administrators. You want each administrator to be able to shut down systems and install drivers. What should you do?
Grant the group the necessary user rights Create a security group for the administrators; add all user accounts to the group.
For users who are memebrs of the Sales team, you want to force their computers to use a specific desktop background and remove access to adminstrative tols from the Start menu. Which solution should you use?
Group policy
Which of the following solutions would you use to control the actions that users can perform on a computer such as shutting down the system, logging in through the network, or loading and unloading device drivers?
Group policy
You have contracted with a vendor to supply a custom application that runs on Windows workstations. As new application version and patches are released, you want to be able to automatically apply these to multiple computers. Which tool would be the best choice to use?
Group policy
Which of the following tools can you use on a windows network to automatically distribute and install software and operating system patches on workstations?
Group policy WSUS
By definition, what is the process of reducing security exposure and tightening security controls?
Hardening
Which of the following terms describes a Windows oeprating system patch that corrects a specific problem and is released in a short term, periodic base(typically monthly)?
Hotfix
You manage the information systems for a large manufacturing firm. Supervisory control and data acquistion (SCADA) devices are used on the manfucaturing floor to manager your organization's automated factory equipment. The SCADA devices use embedded smart technology, allowing them to be managed using a mobile device app over an Internet connection. You are concerned about the security of these devices. What can you do to increase their security posture?
Install the latest firmware updates from the device manufacturer Verify that your network's existing security infrastrucutre is working properly.
You have installed anti-malware software that checks for viruses in e-mail attachments. You configure the software to quarantine any file with problems. You receive an e-mail with an important attachment, but the attachment is not there. Instead, you see a message that the file has been quarentined by the anti-malware software. What has happened to the file?
It has been moved to a secure folder on your computer
Which of the following best describes spyware?
It monitors the actions you take on your machine and sends the information back to its originating source
You have 2 folders that contain documents used by various departments: The development group has been given the Write permission to the Design folder. The sales group has been given the Write permission to the Products folder. No other permissions have been given to either group. User Mark Tillman needs to have read permission to the Design folder and the write permission to the Products folder. You want to use groups as much as possible. What should you do?
Make mark a member of the Sales group; add Mark's user account directly to the ACL for the Design folder
You have a file server named srv3 that holds files used by the Development department. You want to allow users to access the files over the network, and control access to files when files are access through the network or through a local logon. Which solution should you implement?
NTFS and share permissions
You have placed an FTP server in your DMZ behind your firewall. The FTP server will be used to distribute software updates and demonstration versions of your products. Users report they are unable to access the FTP server. What should you do to enable access?
Open ports 20 and 21 for inbound and outbound connections
Which of the following is most vulnerable to a brute force attack?
Password authentication
Which of the following password attacks uses preconfigured matrices of hashed dictionary words?
Rainbow table
You recently discovered several key files of your antivirus program have been deleted. You suspect that a virus deleted the files. Which type of virus deletes key antivirus program files?
Retro
You have heard about a new malware program that presents itself to users as a virus scanner. When users run the software, it installs itself as a hidden program that has administrative access to various operating system components. The program then tracks system activity and allows an attacker to remotely gain adminstrator access to the computer. Which of the following terms best describes this software?
Rootkit
FTPS uses which mechanism to provide security for authentication and data transfer?
SSL
Match the group policy type with the function it can perform
Software that should be installed on a specific computer Computer configuration Software that should be installed for a specific user User configuration Scripts that should run at startup or shutdown Computer configuration Scripts that should run at logong or logoff User configuration Network communication security settings Computer configuration
Which type of virus intercepts system requests and alters service outputs to conceal its presence?
Stealth
You have recently experienced a security incident with one of your servers. After some research, you determine that hotfix #568994 has recently been released would have protected the server. Which of the following recommendations should you follow when applying the hotfix?
Test the hotfix, then apply it to all servers
Arrange the group policy objects in the order in which they are applied
The local group policy on the computer GPOs linked to the domain that contains the user or computer object GPOs linked to the organizational unit that contains the object
Why do attackers prefer static environment devices to conduct distributed network attacks?
These devices are typically more difficult to monitor than traditional network devices These devices tend to employ much weaker security than traditional network devices.
What is a program that appears to be a legitimate application, utility, game, or screensaver that performs malicious activities surreptitiously?
Trojan horse
A user named Bob Smith has been assigned a new desktop workstation to complete his day to day work. The computer runs windows 7. when provisioning Bob's user account in your organization's domain, you assigned an account name of Bsmith with an initial password of bw2Fs3d. On first logon, ob is prompted to change his password, so he changes it to the name of his dog(fido). What should you do to increase the security of Bob's account?
Use Group policy to require strong passwords on user accounts. Train users not to use passwords that are easy to guess