CS-416 || Lessons 8, 9 and 10

Lakukan tugas rumah & ujian kamu dengan baik sekarang menggunakan Quizwiz!

Which of the following is a minimum requirement for running SmoothWall?

512 MB PC SDRAM

Which of the following characteristics relates to Kerberos?

A computer network authentication protocol that allows nodes communicating over a non-secure network to prove their identity to one another in a secure manner

Which of the following describes a native firewall?

A firewall in an operating system or hardware device that is placed there by the vendor or manufacturer

Which of the following describes a VPN?

A hardware and software solution for remote workers, providing users with a data-encrypted gateway through a firewall and into a corporate network

Which of the following describes AppleTalk?

A legacy protocol used in networks hosting mainly Macintosh computers

Checking authentication, checking authorization and access control, auditing systems, and verifying firewalls and other filters should all be included on which of the following?

A logical security checklist

What is a business continuity plan?

A plan to maintain the mission-critical functions of the organization in the event of a problem that threatens to take business processes offline.

Which of the following characteristics relates to mobile IP?

A standard communications protocol designed to let mobile device users move from one network to another while maintaining a permanent IP address

Which of the following characteristics relates to a Common Gateway Interface (CGI) script?

A standard that defines how Web server software can delegate the generation of Web pages to a console application.

Which of the following is a form of threat that takes some type of initiative to seek out a target to compromise?

Active threat

Which of the following does not address passive threats?

Active threats

Which of the following describes separation of duties?

An administrative rule whereby no single individual possesses sufficient rights to perform certain actions

Which of the following refers to a series of tools and techniques used to prevent forensic examination from identifying an attack or attacker?

Anti-forensics

Which type of firewall is designed to control input, output, and/or access to an application?

Application firewall

Which of the following is defined as a characteristic of a resource being accessible to a user, application, or computer system when required?

Availability

Which of the following creates copies of data on other storage media?

Backups

Which of the following describes awareness?

Basic security training that focuses on common or basic security elements that all employees must know and abide by

Which of the following identifies a user based on anatomical characteristics such as a fingerprint, a voice print, or iris patterns?

Biometrics

What attack cracks a password or encryption key by trying all possible valid combinations from a defined set of possibilities (a set of characters or hex values)?

Brute-force attack

Which of the following is not a protection against fragmentation attacks?

Buffer overflows

Which of the following is not a firewall vendor?

Citrix

What term is used to describe a chipset developed and promoted by the U.S. government from 1993 to 1996 as an encryption device to be adopted by telecommunications companies for voice transmission?

Clipper Chip

Which of the following involves moving computing resources out to the Internet where resources are shared by multiple applications and, in many cases, shared by multiple corporations?

Cloud computing

Which type of software is closed-sourced to protect intellectual property and allow vendors to charge for the product?

Commercial

Which of the following is not one of the reasons commercial software is a dominant solution?

Companies relying on the least expensive solutions

Which of the following is an element of infrastructure design that takes into account the likelihood of a security breach by malicious code or some other intruder?

Compartmentalization

Which of the following is a detailed and thorough review of the deployed security infrastructure compared with the organization's security policy and any applicable laws and regulations?

Compliance audit

Which of the following deals with keeping information, networks, and systems secure from unauthorized access?

Confidentiality

Which of the following determines the available vendor patches that are installed or missing?

Configuration scan

What is split tunneling?

Configuring clients to access a public network through a VPN while maintaining access to local resources at the same time, using the same or different network connections

What term describes a small text file used by Web browsers and servers to track Web sessions?

Cookie filter

Which of following is an advantage of the build-it-yourself firewall?

Cost

If an external server needs to communicate with servers inside the green zone, which network setting on SmoothWall can be opened?

DMZ pinholes

Which term describes a distributed data protection technology that leverages deep analysis, context evaluation, and rules configured from a central console to ensure confidential information remains secure while in use, in transit, and at rest?

Data leakage prevention (DLP)

A security stance that blocks access to all resources until a valid authorized explicit exception is defined?

Default deny

All of the following are advantages of a defense-in-depth security design except which one?

Defense in depth keeps senior management out of the activities of the security department.

Which of the following is a physical or logical subnetwork that contains and exposes an organization's external services to a larger untrusted network, usually the Internet?

Demilitarized zone (DMZ)

Which of the following is not one way to handle the reset button for devices?

Depressing the button for a count of ten to test it

Which attack uses a pre-constructed list of potential passwords or encryption keys?

Dictionary password attack

Which of the following is a Microsoft solution that can be used as an alternative to a traditional Internet Engineering Task Force (IETF) VPN?

DirectAccess

Before analyzing a network packet file in Wireshark in this lab, you created a filter. What did the filter do?

Displayed certain types of traffic in a packet file

What is meant by synchronous Dynamic Random Access Memory (SDRAM)?

Dynamic random access memory (DRAM) that has a synchronous interface

Which of the following refers to a public interest research group in Washington, D.C. that was established in 1994 to preserve the right of privacy in the electronic age as well as to give individuals greater control over personal information?

Electronic Privacy Information Center (EPIC)

How can FTP be made more secure?

Encrypt files before transferring them.

Which of the following steps of an incident response plan resolves the compromise?

Eradication

Which of the following is not a step in an incident response solution?

Evasion

When creating a VPN client in Windows, which of the following is not an option when selecting the type of VPN?

Extensible Authentication Protocol (EAP)

Which of the following links customers, suppliers, partners, or communities of interest to a corporate intranet over a shared infrastructure?

Extranet VPNs

Which of the following refers to a failure response resulting in open and unrestricted access or communication?

Fail-open

A bastion host allows the firewall to connect to the internal network and the perimeter network.

False

A closed-source product is typically free.

False

A commercial software production is typically uses open source code.

False

A cookie filter blocks the sending and receiving of cookies. Blocking cookies can reduce some threats of session tracking and identify theft, but can also disable many Web-based services such as online purchasing.

False

A fail-open grants all users the minimum level of access and permission required to perform an assigned job task or responsibility.

False

A graphical user interface should be uninstalled before attempting to install a firewall product.

False

A honeypot is designed to attract hackers to real targets so that you can learn about the identity of the hackers.

False

A padded cell is a system that waits for a honeynet to detect attackers and then transfers the attackers to a special host where they cannot do any damage to the production environment.

False

A passive threat seeks out vulnerable targets.

False

A pop-up blocker is any harmful code or site that depends upon the user's actions to be accessed or activated. If users never visit an infected site or do not perform the risky activity, the threat never reaches them.

False

An encrypted VPN link guarantees that the other end of the VPN connection is secure.

False

An intranet is an external network.

False

As a software appliance, SmoothWall will convert a computer server into a PC.

False

BYOD stands for "Be Your Own Deterrent."

False

Because they are frequently trying to sell you their next-generation solution, vendors usually do not have a biased view of the future.

False

Cloud computing is an old phenomenon in computing infrastructure dating back to the early days of the Internet that involves moving computing resources out to the Internet.

False

Default deny is a specialized host used to place an attacker into a system where the intruder cannot do any harm.

False

Deploying a security product is more preferable than addressing your environment's specific risks.

False

Digital signatures rarely accompany both authentication and nonrepudiation transactions.

False

Extranets differ from intranets in that they do not allow access to remote users outside of the enterprise.

False

GoToMyPC and NTRconnect enable you to easily print a document on the host using the printer attached to the client.

False

Handling physical security attacks is the most important aspect of a security plan, as these types of attacks pose the highest risks to the organization.

False

Hybrid firewalls are great solutions as they tend to alleviate network bottlenecks.

False

IP Multimedia Subsystem (IMS) is a set of concepts you can use to formalize your security management practice and the associated reporting.

False

If a server has a public IP address, it is safe from potential attack from hackers because of the standards set in place by the National Security Agency (NSA).

False

Linux distributions automatically come with a native software firewall.

False

Most individuals and small office environments are at the most significant risk of being a primary target of hacker activity.

False

Nmap and Metasploit frameworks use Snort intrusion detection software to block network attacks.

False

Open source software has achieved a lot of commercial support.

False

Organizations are usually not aware of when compliance auditing is a mandated periodic occurrence, so preparation is challenging and often not possible.

False

Permanent site-to-site VPNs do not require firewalls at both ends that use static IP addresses.

False

SOHO VPN hardware firewalls are generally built on unsecure VPNs when used for transfer e-mail and sensitive files.

False

SSL-based VPNs cannot enable remote-access connectivity from almost any Internet-enabled location using a Web browser and its native SSL encryption.

False

Security management is the ongoing process of evaluating security so that you can improve it.

False

Security professionals seldom rely on open source applications and tools as they are unreliable and not secure.

False

Single-factor authentication uses a single element of validation or verification to prove the identity of a subject, and it is considered much stronger than multi-factor authentication.

False

Systems Network Architecture (SNA) is a legacy networking protocol developed by Microsoft, and it is used to support file transfers.

False

The Eradication phase of an incident response plan returns the situation to normal operation.

False

The Internetwork Packet Exchange/Sequenced Packet Exchange (IPX/SPX) is a legacy protocol developed by Apple Inc. for use in networks hosting mainly Macintosh computers.

False

The Smoothwall firewall does not work well with Openswan.

False

The act of containment should not interrupt or interfere with the continued spread or operation of the unwanted event.

False

The commercial firewall solution m0n0wall is available for Windows 7.

False

The security acronym C-I-A stands for confidentiality, integrity, and authentication.

False

The term Electronic Privacy Information Center (EPIC) refers to a form of the digital subscriber line technology, which enables faster data transmission over copper telephone lines than a conventional voice band modem can provide.

False

Training is less rigorous than awareness and more rigorous than education.

False

When implementing VPNs, you should not disable unneeded services or protocols.

False

When installing SmoothWall, at least three network cards (NICs) are needed in the SmoothWall machine.

False

When installing SmoothWall, the green interface is commonly used to protect the iptables firewalls.

False

You should not keep ports 465 and 995 open.

False

You should not set up your Linux VPN box also as a firewall.

False

You should wait at least a month before applying a patch or update from the vendor.

False

Which of the following is a form of security protection that protects individual files by scrambling the contents in such a way as to render them unusable by unauthorized third parties?

File encryption

Which of the following command-line tools will list the current open, listening, and connection sockets on a system as well as the service related to each socket?

Fport

Which of the following is used to connect two offices in different locations?

Gateway-to-gateway VPN

Which of the following is not true of security for a SOHO?

Have a higher risk than corporate offices

Which of the following is a collection of honeypots used to present an attacker an even more realistic attack environment?

Honeynet

For which of the following does the mobile user take specific actions to connect to the VPN?

Host-to-gateway VPN

In the scenario in the lab, Marina and Rita's Cupcakes used the __________, which stores copies of all emails on the server.

IMAP protocol

Which name is given to an architectural framework for delivering IP multimedia services?

IP Multimedia Subsystem (IMS)

Which of the following is hardware that connects a local network—or even a single computer—to a telco's carrier network to access the Internet?

ISP connection device

What are digital forensic techniques?

Identifying, extracting, and evaluating evidence obtained from digital media such as computer hard drives, CDs, DVDs, and other digital storage devices

Which of the following statements is true regarding the body (or content) of a spam email?

If the intent of the campaign is to verify that the email account is active, the recipient only has to open the email, not read the content.

You just set up a VPN client on a Windows computer to work with a pfSense VPN server. You now want to make an IPsec connection to the server using IKEv2. What is the first step you must take?

Import a certificate file from the pfSense system.

Which of the following are documents that can help you to review and assess your organization's status and state of security?

Incident response plan

Which of the following describes a predefined procedure that will limit damage, contain the spread of malicious content, stop the compromise of information, and promptly restore the environment to a normal state?

Incident response plan

Which term describes a set of concepts and practices that provides detailed descriptions and comprehensive checklists, tasks, and procedures for common IT practices?

Information Technology Infrastructure Library (ITIL)

Which name is given to a set of communications standards for simultaneous digital transmission of voice, video, data, and other network services over the traditional circuits of the public switched telephone network?

Integrated Services Digital Network (ISDN)

Which of the following is the term that describes the consistency, accuracy, and validity of data or information?

Integrity

Which of the following is an IPSec-based VPN protocol that uses NAT traversal (NAT-T)?

Internet Key Exchange v2 (IKEv2)

Which of the following is a public location that sells Internet access?

Internet café

Which of the following detects unauthorized user activities, attacks, and network compromises, alerts of the detected attacks, and takes action to prevent breaches?

Intrusion prevention system (IPS)

In Wireshark, which of the following is true of the Hex Data pane?

It can display file contents in hexadecimal and clear text.

Which of the following is not a characteristic of security education?

It is usually obtained inside of the organization.

Which one of the following is not a commercial hot firewall option available for Linux?

Kaspersky Internet Security

Which type of test is run in non-production subnets where you've configured a duplicate of the production environment?

Laboratory test

Which of the following allows file-sharing functionality?

LogMeIn

Which of the following uses ICMP as a tunneling protocol?

Loki

Which of the following statements is true regarding Microsoft Baseline Security Analyzer (MBSA)?

MBSA generates a report that identifies security issues and provides recommendations for system configuration changes.

Which one of the following is not a third-party software firewall but is a security suite?

McAfee Personal Firewall Plus

Which tool checks for system administration and misconfiguration problems, application software issues including missing patches and updates, and missing or partially installed system security updates?

Microsoft Baseline Security Analyzer (MBSA)

Which of the following describes the state or condition of an asset or process vitally important to the long-term existence and stability of an organization?

Mission-critical

Which of the following is a method for encapsulating IPSec ESP packets into UDP packets to pass through routers or firewalls employing Network Address Translation (NAT)?

NAT-T

Which of the following offers keycard security and allows you to restrict the times that your computer can be remotely accessed?

NTRconnect

Which of the following is a malicious remote control tool?

NetBus

Which of the following creates TCP and UDP network connections to or from any port?

Netcat

Which of the following is not a security suite?

Netfilter

Which Windows feature do you use to create a VPN client?

Network and Sharing Center

Which of the following is a network mapper, port scanner, and OS fingerprinting tool that checks the state of ports, identifies targets, and probes services?

Nmap

Which of the following is the definition of an open-source product?

One where the source code can be obtained and viewed by anyone

Which of the following is the definition of a closed-source product?

One where the source code cannot be obtained and view by just anyone

Which of the following is as an architecture that is designed to limit a network's vulnerability to eavesdropping and traffic analysis?

Onion routing

In SmoothWall, what color network interface card indicates the segment of the network is not trusted, but shares the Internet connection?

Orange

Which of the following is a system that waits for an IDS to detect and attackers and then transfers the attackers to a special host where they cannot do damage to the production environment?

Padded cell

Which of the following refers to a specialized host used to place an attacker into a system where the intruder cannot do any harm?

Padded cell

Which of the following describes any harmful code or site that depends upon the user's actions to be accessed or activated?

Passive threat

The volume of data throughput and transmission speed associated with a firewall is considered what?

Performance

Which of the following troubleshooting steps involves reviewing the entire troubleshooting response process?

Performing a post-mortem review

Which of the following prevents or restricts Web sites from automatically opening additional tabs or windows without the user's consent?

Pop-up blocker

Which of the following outbound ports is for HTTPS?

Port 443

Which of the following outbound ports is for DNS?

Port 53

Which of the following is given to an Application Layer protocol used by e-mail clients to receive messages from an e-mail server?

Post Office Protocol (POP)

Which of the following steps of an incident response plan selects and trains security incident response team (SIRT) members and allocates resources?

Preparation

Which of the following refers to the guideline that all users should be granted only the minimum level of access and permission required to perform their assigned job tasks and responsibilities?

Principle of least privilege

The degree to which a firewall can impose user access restrictions is known as which of the following?

Privilege control

Which of the following will track every single connection outside the Web by IP address and URL?

Proxy server

Which of the following will generate a graph of network traffic every five minutes on a firewall?

RRDtool

Which of the following steps of an incident response plan returns to the operation to normal?

Recovery

Which of the following is defined as the act of avoiding single points of failure by building in multiple elements, pathways, or methods of accomplishing each mission-critical task?

Redundancy

Which of the following is a Microsoft remote control solution used for modern operating systems that allows help desk professionals or other IT administrators to remotely control a user's system, while the user is watching?

Remote Assistance

Which of the following is a proprietary protocol developed by Microsoft that provides a user with a graphical interface to another computer?

Remote Desktop Protocol (RDP)

Which of the following is disabled by default and requires an invitation?

Remote Desktop Protocol (RDP) and Remote Assistance

Which of the following statements is true regarding remote desktop services?

Remote login services can become a vulnerability that is exploited both internally and externally.

There are six steps for writing a security incident response plane. Which of the following is not a step?

Report

Which of the following risks can compromise the confidentiality of documents stored on the server?

Risk that unauthorized individuals can breach the server's document tree

Which of the following refers to a database tool intended to handle time-series data, such as network bandwidth, temperatures, CPU load, and so on?

Round-Robin Database Tool (RRDtool)

Which of the following monitors traffic that gets through the screening firewall and has the advantage of reducing the amount of traffic to be monitored?

Screened IDS/IPS solution

Which of the following requires PKI support and is used for encryption with newer tunneling protocols?

Secure Socket Tunneling Protocol (SSTP)

Which of the following statements is true regarding security incidents?

Security incidents can arise from a number of sources, including human error or mistakes.

Which term describes a form of security based on hiding details of a system, or creating convolutions that are difficult to understand?

Security through obscurity

Which of the following is a popular open-source intrusion detection system that runs on SmoothWall??

Snort

What must be enabled to test SmoothWall's capability to mitigate attacks?

Snort intrusion detection software

Which of the following is not a virtual private network vendor?

Sophos

What type of emails are used to either get credentials that make breaking into or using a VPN easier, or are designed to ask users to do things like send money, disclose VPN credentials, or change passwords?

Spear phishing

Which of the following statements is true regarding phishing?

Spear phishing emails use social engineering techniques to appeal to the target.

Which of the following involves writing hidden messages so that only the sender and intended recipient know a message exists?

Steganography

Which of the following is a centralized logging service that hosts a duplicate copy of log files?

Syslog

What types of automated tools are used to scan an operating system and key software applications for security issues?

System configuration tools

What types of automated tools provide information about the current operating state of a computer system?

System information tools

Windows Computer Management and Windows Task Manager are what type of tools?

System information tools

Which of the following statements is true regarding gathering system performance information?

System performance information supplements information gathered by automated tools.

Which of the following is a Microsoft solution that runs on a Microsoft Terminal Services server but appears, to end users, as if it were actually running on their systems?

TS RemoteApp

Secure Shell (SSH) protocol replaces which older, insecure protocol?

Telnet

Which of the following allows administrators to connect remotely into servers from their desktop computers?

Terminal Services for Administration

Which of the following allows a single server to host one or more applications for remoter users?

Terminal Services for Applications

Which Windows log records information about events, including successful operations, system warnings, error messages about failed operations, and information about both successful and unsuccessful logon attempts?

The Application Log

Which of the following is a double-blind encapsulation system that enables anonymous but not encrypted Internet communications?

The Onion Router (TOR)

Which Windows log contains information about system security status?

The Security Log

Which Windows log contains information about system startup, shutdown, and status changes for key system processes?

The System Log

In addition to providing network security, organizations must address what other type of security issue?

Transaction security

Connecting port 22 or 222 with a client such as WinSCP3 will allow SmoothWall which capability?

Transfer of files to and from the system via SCP/SFTP

A Security Technical Implementation Guide (STIGS) is a guideline, procedure, or recommendation manual.

True

A gateway-to-gateway VPN provides connectivity between two locations such as a main office and a branch office.

True

A honeynet is a collection of multiple honeypots in a network for the purposes of luring and trapping hackers.

True

A native firewall is not necessarily installed by default, but can be added to a system through an update or patch installation.

True

A passive threat is similar to a virus in that it depends upon the activity of the user to activate, infect, and spread.

True

A port-mortem assessment review is the self-evaluation performed by individuals and organizations after each security assessment task.

True

A proxy server can track every single connection outside the Web by IP address and the URL requested.

True

An intrusion prevention system (IPS) is similar to an IDS, except that in addition to detecting and alerting, an IPS can also take action to prevent a breach from occurring.

True

Asymmetric Digital Subscriber Line (ADSL) is a form of the digital subscriber line technology, which enables faster data transmission over copper telephone lines than a conventional voice band modem can provide.

True

Bricking occurs when an update process causes a complete failure of the security control.

True

CERT, SANS, and Symantec are excellent network security Web sites.

True

Cable providers are generally less likely to allow you access into their connection device, while most DSL providers seem willing to grant at least partial access.

True

Clipper Chip was a chipset developed and promoted by the U.S. government as an encryption device to be adopted by telecommunications companies for voice transmission and was discontinued in 1996.

True

Commercial Off-the-Shelf (COTS) software is a more popular choice over custom solutions with corporations because of their network security tools, firewalls, and VPNs.

True

Digital forensic techniques identify, extract, and evaluate evidence obtained from digital media such as computer hard drives, CDs, DVDs, and other digital storage devices.

True

Each form of firewall filtering or traffic management is vulnerable in some way.

True

Every five minutes, SmoothWall allows the viewing of graphs representing network traffic, generated by RRDtool.

True

Free software can have no cost, which makes it non-commercial.

True

GoToMyPC, LogMeIn, and NTRconnect allow you to use a Mac as the client, but only NTRconnect enables you to use a Mac as the host.

True

Governance includes the processes and procedures that ensure employees are following your organization's security policy.

True

IPCop is a commercial firewall solution for Linux.

True

IPv4 can be encrypted using IP Security (IPSec) or other virtual private network (VPN) protocols.

True

IPv6 includes a native information security framework (IPSec) that provides both data and control packets.

True

If a firm puts Internet-facing servers directly in the Internet, they are exposed to threats of attack from anywhere in the world.

True

If a larger organization wanted to protect subnets within the network, basic packet filtering provided by routers might be the most appropriate choice.

True

If an organization wants to protect subnets within the network, basic packet filtering provided by routers might be the most appropriate choice.

True

If strong authentication is a priority, select an application gateway firewall or a dedicated application-specific proxy firewall.

True

If your home router is a wireless device, you should change the service set identifier (SSID) from the default setting.

True

It is a mistake to use remote system and device management mechanisms that are convenient but not secure, such as telnet, HTTP, and FTP.

True

Management expects you to quantify your contribution to the company and justify the expenditures they make to support security.

True

Modeling often occurs before piloting.

True

Most computers include power management capabilities, allowing them to turn off or go to a low power state when they aren't being used for a time. These computers can then be awakened when they are sent a specific string of bits in a "magic packet."

True

Patch management watches for the release of new updates from vendors, tests the patches, obtains approval, and then oversees the deployment and implementation of updates across the production environment.

True

Penetration testing involves the application of hacking techniques, methodology, and tools; ethical security experts conduct penetration testing.

True

Port 3074 is for an Xbox game port. You should not allow strangers to connect to it.

True

Port 53 is one you should consider forwarding.

True

Port forwarding allows you to hide Web servers behind a single IP address.

True

Security assurance is independent assurance that the relevant firewall technology meets its specifications.

True

ShieldsUP! is a port-scanning tool that is an effective way to test your configuration.

True

The best defenses against covert channels include IDS and intrusion prevention system (IPS) and thoroughly watching all aspects of an IT infrastructure for aberrant or abnormal events of any type.

True

The challenge of securing mobile devices is that these types of devices are frequently overlooked or discounted when documenting security risks.

True

The goal of disaster recovery planning is to return the business to functional operation within a limited time to prevent the failure of the organization due to the incident.

True

The owner of the Internet café can capture any data that passes through with a free packet sniffer such as Wireshark.

True

The principle of least privilege states that you should grant users the fewest capabilities, permissions, and privileges possible to complete their assigned work, without additional capabilities.

True

Time, money, and effort already spent on a project, event, or device make up its sunk cost.

True

To check that you have a successfully installed VPN you should run the command ipsec verify.

True

To download the RPM version of Openswan, you must have the IPSec-tools RPM package installed on your system.

True

To write a comprehensive security policy, you should first inventory and examine the components of the IT infrastructure.

True

Tor was derived from the Onion Routing Project managed by the U.S. Naval Research Lab.

True

Trusted Platform Module (TPM) is a dedicated microchip found on some motherboards; it hosts and protects the encryption key for whole hard drive encryption.

True

Ubiquitous firewalls are ultimately the direction that firewalls will likely take in the future.

True

Used with compatible VPNs, IPSec guarantees the authenticity, integrity, and confidentiality of network traffic.

True

When considering transaction security, it is common for the web server to stand behind one firewall and the database server to stand behind a second firewall.

True

When implementing VPNs, you should not write down your password unless it will be stored in a safe.

True

When implementing best practices, you will use external standalone firewalls whenever possible, but you won't go without a built-in or standalone firewall.

True

When it comes to software or firmware of the firewall or proxy, install only final releases, never beta or partial firmware.

True

When troubleshooting firewalls, you should simplify the task by first disabling or disconnecting software and hardware not essential to the function of the firewall.

True

Whether you're using a host-to-gateway or gateway-to-gateway configuration, you should not put the VPN server directly on the Internet but you should place it behind a firewall such as in a DMZ configuration.

True

While the Tor network does provide a level of anonymity, the user never knows what other computers the request will go through; data sent and received can be captured by any of these computers.

True

Windows Firewall is a native operating system firewall.

True

Wireshark is a free packet capture, protocol analyzer, and sniffer that can analyze packets and frames as they enter or leave a firewall.

True

Years ago, security threats came from mostly unsophisticated attackers; today, organized crime is taking advantage of computer hacking.

True

You should immediately terminate any communication found to take place without firewall filtering.

True

You should never assume that a service or protocol is secured by another layer or service.

True

If Secure Shell (SSH) is configured to use asymmetrical encryption, which of the following statements is true?

Two keys are required when sending data.

Which of the following is a key feature of SmoothWall?

Universal Plug and Play support

As an organization stretches beyond its capacity to support, sell, create, maintain, respond, produce, and so on, small problems quickly become big problems. Which of the following does not ensure long-term viability and stability for the business and network security design?

Unlimited growth

Which of the following statements is true regarding filtering log files?

Using a filter can help an analyst to quickly find events of interest.

In theory, the use of a software firewall as a replacement for a network appliance can work as long as the host OS's network communication is routed through which type of firewall?

Virtual firewall

Which form of investigation aims at checking whether or not a target system is subject to attack based on a database of tests, scripts, and simulated exploits?

Vulnerability scanning

Which one of the following is not a cause of a configuration error?

Vulnerability scanning

What prevents a hard drive from being read by another system if it is stolen?

Whole hard drive encryption

Which of the following provides detailed information about each service and also provides the startup type (automatic, automatic/delayed start, disabled, manual) and logon information (logon as local service, local system, and network service)?

Windows Computer Management

Which tool provides detailed information about the system, including lists of services and their current state, computer hardware configuration, security and system events, and scheduled tasks?

Windows Computer Management

Which of the following provides brief descriptions of services and their statuses and also provides the name and process ID (PID) for each service that is running?

Windows Task Manager

Which tool provides information about currently running tasks, use of system resources, and system performance?

Windows Task Manager

Processes, Performance, Users, Details, and Services are the five types of system information that can be obtained from the:

Windows Task Manager.

Microsoft Baseline Security Analyzer (MBSA) is a system scanning tool that scans workstations and servers running:

Windows.

Which of the following is not a commonsense element of troubleshooting firewalls?

Work with urgency.

Which of the following is a solution that represents the majority of VPNs on the market and is commonly referred to as a VPN appliance? This solution is easy to set up, manage, and maintain.

customer premise equipment (CPE)

Which of the following is a third-party tool that Symantec offers as a solution for organizations to access and securely manage remote computers?

pcAnywhere

Which of the following is not an ISP connection?

pfSense

The five-step formula that serves as the basis for incident response processes and procedures includes:

prevent, detect, respond, control, and document security incidents.

Microsoft Baseline Security Analyzer (MBSA) is a:

system configuration tool.

Which of the following statements is NOT true regarding VPNs?

A VPN does not mask a client's IP address.

In Windows, what is Trusted Root Certification Authorities?

A certificate store

Which type of files are most appropriate to exchange via anonymous FTP?

A company's marketing literature

Which of the following describes a BYOD?

A policy allowing or encouraging employees, contractors, and others to connect their own computers, smartphones, and other devices to their organization's networks

What is ISAKMP?

A protocol used to establish tunnels and cryptographic keys

Which of the following statements is true regarding spam emails?

A spam email can be part of a larger campaign of deception, or it can be the entire campaign.

Which of the following statements is true regarding a properly configured Virtual Private Network (VPN) that uses IPSec and adheres closely to best practices, such as strong authentication, network segmentation, device validation, posture assessment, etc.?

Actually "breaking" into a VPN tunnel such as this one will take significant technical prowess.

When configuring a VPN connection from a client to a server, what does the route add <a.b.c.d> mask 255.255.255.0 <w.x.y.z> command do?

Add a route to the connecting IP address of the IPsec firewall.

In this lab, you removed a split tunnel configuration from an IPsec VPN adapter. What was the result?

All traffic was forced through the IPsec tunnel, making the connection slower but more secure.

Which of the following steps can make VPN access more secure?

Allow access only from specific MAC addresses and specific MAC/IP address pairs.

Which of the following statements is NOT true of Secure Shell (SSH)?

An attacker who gains access to SSH encryption keys cannot decrypt and read content.

Of the following, what is a packet retransmission most likely to indicate?

An intentional packet injection

Which of the following is a portion of a software system that unauthenticated users can run?

Attack surface

Which term describes portions of a software system that unauthenticated users can run?

Attack surface

Cryptcat is a Linux distribution that includes hundreds of security and hacking tools, including Nessus and Metasploit. It can perform attacks against or through a firewall for testing purposes.

False

HTTP Proxy is Linux software powered by VMware that creates SSH encrypted tunnels used in combination with TOR.

False

Multifactor authentication is significantly less secure than any single factor form of authentication.

False

Naturally, external-only communications are more likely to be malicious, but because they do not end or originate from an internal source, you don't need to be concerned with them.

False

Physical isolation of a router is not a way to ensure that only authorized router administrators can access the device itself.

False

Remote and mobile devices are inherently less risky as they are exposed to fewer potential threats.

False

Security is the responsibility managers and executives.

False

The NNTP protocol is a service used to remotely control or administer a host through a plaintext command-line interface.

False

The WAN Domain refers to the hardware, operating system software, database software, client-server applications, and data that are typically housed in the organization's data center and/or computer rooms.

False

The firewall administrator should give physical access to firewall devices to senior managers and middle managers.

False

The term identity and Access Management (IAM) describes a protocol and a data exchange system commonly used over TCP/IP networks, including the Internet, that is unencrypted and performs authentication and data transfer in plaintext.

False

VMware creates a lab environment.

False

When troubleshooting firewalls, you should never attempt to repeat the problem because you could do more damage.

False

When troubleshooting firewalls, you should not use free options, as they aren't likely to solve the problem and will waste your time.

False

Which protocol and a data exchange system commonly used over TCP/IP networks, including the Internet, is unencrypted and performs authentication and data transfer in plaintext?

File Transfer Protocol (FTP)

Which of the following statements is true regarding social engineering?

Hackers, cybercriminals, or cyberterrorists often save time and achieve what they could not otherwise by simply asking.

Which of the following refers to the entity responsible for global coordination of IP addressing, DNS root, and other Internet protocol resources?

Internet Assigned Numbers Authority (IANA)

Which of the following statements is true regarding Kitty Kat (KK) in the fictitious scenario used in the lab?

KK began her work with an Internet search to find information about the target company and its owners.

You are configuring a VPN client on a Windows 2016 server using IPsec to create a secure tunnel to a L2TP\IPsec server. Which of the following statements is true?

L2TP does not perform encryption.

When troubleshooting firewalls, which of the following is not something you should do after you attempt a fix?

Make multiple fixes.

Which of the following strengthens access procedures and makes a VPN more secure?

Make sure that all parameters for the VPN are applied uniformly.

Which of the following refers to the process of simulating and testing a new concept, design, programming technique, and so on before deployment into a production environment?

Modeling

Which of the following refers to a website that was a black market for drugs, weapons, and killers for hire?

Silk Road

What is the 255.255.255.255 address typically associated with?

Subnet mask

Which of the following refers to the hardware, operating system software, database software, client-server applications, and data that are typically housed in the organization's data center and/or computer rooms?

System/Application Domain

Which of the following statements is true of split tunnel configurations?

The configuration is optimal for performance.

Which of the following statements is true regarding the emails that were collected from Marina and Rita's Cupcakes' key employees?

The emails included both professional and personal information that could be exploited.

Which of the following describes identity and access management (IAM)?

The security discipline that enables the right individuals to access the right resources at the right times consistent with organizational policy

Which of the following is not a characteristic of a private address?

They are leased.

Which of the following is not true of VLANs?

They require a change of IP address or re-cabling.

Gathering through eavesdropping on communications, whether encrypted or not, is known as what?

Traffic and trend analysis

A firewall's vulnerability to DoS flooding is a limitation or weakness that you can't fix, improve, or repair by either upgrading the firewall or applying a patch.

True

A hybrid attack combines dictionary attacks with brute force attacks.

True

Netcat is a hacker tool that creates network communication links using UDP or TCP ports that support the transmission of standard input and output.

True

Node security focuses on the tasks for each type of networking device to improve its security; it takes the generic recommendations of system hardening and expands them with additional node/host specific improvements.

True

PacketiX VPN and HotSpotShield are encrypted Web proxy services.

True

SMTP is an Application Layer protocol used by e-mail clients to send messages to an e-mail server and is also used to relay messages between e-mail servers.

True

Simulator tests are secure by design.

True

Snort is an open-source, rule-based IDS that can detect firewall breaches.

True

Telnet is a protocol and a service used to remotely control or administer a host through a plaintext command-line interface.

True

The Containment phase of an incident response plan restrains further escalation of the incident.

True

The Detection phase of an incident response plan confirms breaches.

True

Which of the following statements is true regarding creating a successful spam email campaign?

When the sender is a known contact of the target, using the sender's actual email address increases the appearance that the email is proper.

Which of the following refers to the end user's desktop devices such as a desktop computer, laptop, VoIP telephone, or other endpoint device?

Workstation Domain

A well-designed malicious email campaign can expect __________ responses, or click-throughs, as a legitimate commercial email campaign.

about the same number of

The hidden part of the Internet where one can buy just about any product or service, pay in a currency called "bitcoins," and transact business anonymously is referred to as the:

darknet

In the scenario in the lab, Kitty Kat (KK) was able to access the Marina and Rita's Cupcakes' __________ via the VPN, which was set-up for Marina's convenience to use a pre-stored password and automatic sign-in.

email

Instead of relying just on a user ID and password systems, VPN access can be protected by tokens like SecurID and other __________ methods.

multi-factor authentication

Social engineering and reverse social engineering are used to gain access by:

pretending to be a legitimate user.

In the scenario in the lab, Kitty Kat (KK) was able to open the VPN and download the email of key employees after sending an email to the employees asking them to:

reset their VPN passwords.

In the scenario in the lab, Marina neglected to use a(n) __________ on her smartphone, which meant that anyone could gain immediate access to her contacts and other private information.

screen lock


Set pelajaran terkait

Poetic Form in "I Am Offering This Poem"

View Set

Microbiology chapter 5 lecture guided answers, exam 2

View Set

chapter 22 changes in accounting estimates

View Set

Eng 3 quiz poetry 80% graphical and structural elements.

View Set