CS-416 || Lessons 8, 9 and 10
Which of the following is a minimum requirement for running SmoothWall?
512 MB PC SDRAM
Which of the following characteristics relates to Kerberos?
A computer network authentication protocol that allows nodes communicating over a non-secure network to prove their identity to one another in a secure manner
Which of the following describes a native firewall?
A firewall in an operating system or hardware device that is placed there by the vendor or manufacturer
Which of the following describes a VPN?
A hardware and software solution for remote workers, providing users with a data-encrypted gateway through a firewall and into a corporate network
Which of the following describes AppleTalk?
A legacy protocol used in networks hosting mainly Macintosh computers
Checking authentication, checking authorization and access control, auditing systems, and verifying firewalls and other filters should all be included on which of the following?
A logical security checklist
What is a business continuity plan?
A plan to maintain the mission-critical functions of the organization in the event of a problem that threatens to take business processes offline.
Which of the following characteristics relates to mobile IP?
A standard communications protocol designed to let mobile device users move from one network to another while maintaining a permanent IP address
Which of the following characteristics relates to a Common Gateway Interface (CGI) script?
A standard that defines how Web server software can delegate the generation of Web pages to a console application.
Which of the following is a form of threat that takes some type of initiative to seek out a target to compromise?
Active threat
Which of the following does not address passive threats?
Active threats
Which of the following describes separation of duties?
An administrative rule whereby no single individual possesses sufficient rights to perform certain actions
Which of the following refers to a series of tools and techniques used to prevent forensic examination from identifying an attack or attacker?
Anti-forensics
Which type of firewall is designed to control input, output, and/or access to an application?
Application firewall
Which of the following is defined as a characteristic of a resource being accessible to a user, application, or computer system when required?
Availability
Which of the following creates copies of data on other storage media?
Backups
Which of the following describes awareness?
Basic security training that focuses on common or basic security elements that all employees must know and abide by
Which of the following identifies a user based on anatomical characteristics such as a fingerprint, a voice print, or iris patterns?
Biometrics
What attack cracks a password or encryption key by trying all possible valid combinations from a defined set of possibilities (a set of characters or hex values)?
Brute-force attack
Which of the following is not a protection against fragmentation attacks?
Buffer overflows
Which of the following is not a firewall vendor?
Citrix
What term is used to describe a chipset developed and promoted by the U.S. government from 1993 to 1996 as an encryption device to be adopted by telecommunications companies for voice transmission?
Clipper Chip
Which of the following involves moving computing resources out to the Internet where resources are shared by multiple applications and, in many cases, shared by multiple corporations?
Cloud computing
Which type of software is closed-sourced to protect intellectual property and allow vendors to charge for the product?
Commercial
Which of the following is not one of the reasons commercial software is a dominant solution?
Companies relying on the least expensive solutions
Which of the following is an element of infrastructure design that takes into account the likelihood of a security breach by malicious code or some other intruder?
Compartmentalization
Which of the following is a detailed and thorough review of the deployed security infrastructure compared with the organization's security policy and any applicable laws and regulations?
Compliance audit
Which of the following deals with keeping information, networks, and systems secure from unauthorized access?
Confidentiality
Which of the following determines the available vendor patches that are installed or missing?
Configuration scan
What is split tunneling?
Configuring clients to access a public network through a VPN while maintaining access to local resources at the same time, using the same or different network connections
What term describes a small text file used by Web browsers and servers to track Web sessions?
Cookie filter
Which of following is an advantage of the build-it-yourself firewall?
Cost
If an external server needs to communicate with servers inside the green zone, which network setting on SmoothWall can be opened?
DMZ pinholes
Which term describes a distributed data protection technology that leverages deep analysis, context evaluation, and rules configured from a central console to ensure confidential information remains secure while in use, in transit, and at rest?
Data leakage prevention (DLP)
A security stance that blocks access to all resources until a valid authorized explicit exception is defined?
Default deny
All of the following are advantages of a defense-in-depth security design except which one?
Defense in depth keeps senior management out of the activities of the security department.
Which of the following is a physical or logical subnetwork that contains and exposes an organization's external services to a larger untrusted network, usually the Internet?
Demilitarized zone (DMZ)
Which of the following is not one way to handle the reset button for devices?
Depressing the button for a count of ten to test it
Which attack uses a pre-constructed list of potential passwords or encryption keys?
Dictionary password attack
Which of the following is a Microsoft solution that can be used as an alternative to a traditional Internet Engineering Task Force (IETF) VPN?
DirectAccess
Before analyzing a network packet file in Wireshark in this lab, you created a filter. What did the filter do?
Displayed certain types of traffic in a packet file
What is meant by synchronous Dynamic Random Access Memory (SDRAM)?
Dynamic random access memory (DRAM) that has a synchronous interface
Which of the following refers to a public interest research group in Washington, D.C. that was established in 1994 to preserve the right of privacy in the electronic age as well as to give individuals greater control over personal information?
Electronic Privacy Information Center (EPIC)
How can FTP be made more secure?
Encrypt files before transferring them.
Which of the following steps of an incident response plan resolves the compromise?
Eradication
Which of the following is not a step in an incident response solution?
Evasion
When creating a VPN client in Windows, which of the following is not an option when selecting the type of VPN?
Extensible Authentication Protocol (EAP)
Which of the following links customers, suppliers, partners, or communities of interest to a corporate intranet over a shared infrastructure?
Extranet VPNs
Which of the following refers to a failure response resulting in open and unrestricted access or communication?
Fail-open
A bastion host allows the firewall to connect to the internal network and the perimeter network.
False
A closed-source product is typically free.
False
A commercial software production is typically uses open source code.
False
A cookie filter blocks the sending and receiving of cookies. Blocking cookies can reduce some threats of session tracking and identify theft, but can also disable many Web-based services such as online purchasing.
False
A fail-open grants all users the minimum level of access and permission required to perform an assigned job task or responsibility.
False
A graphical user interface should be uninstalled before attempting to install a firewall product.
False
A honeypot is designed to attract hackers to real targets so that you can learn about the identity of the hackers.
False
A padded cell is a system that waits for a honeynet to detect attackers and then transfers the attackers to a special host where they cannot do any damage to the production environment.
False
A passive threat seeks out vulnerable targets.
False
A pop-up blocker is any harmful code or site that depends upon the user's actions to be accessed or activated. If users never visit an infected site or do not perform the risky activity, the threat never reaches them.
False
An encrypted VPN link guarantees that the other end of the VPN connection is secure.
False
An intranet is an external network.
False
As a software appliance, SmoothWall will convert a computer server into a PC.
False
BYOD stands for "Be Your Own Deterrent."
False
Because they are frequently trying to sell you their next-generation solution, vendors usually do not have a biased view of the future.
False
Cloud computing is an old phenomenon in computing infrastructure dating back to the early days of the Internet that involves moving computing resources out to the Internet.
False
Default deny is a specialized host used to place an attacker into a system where the intruder cannot do any harm.
False
Deploying a security product is more preferable than addressing your environment's specific risks.
False
Digital signatures rarely accompany both authentication and nonrepudiation transactions.
False
Extranets differ from intranets in that they do not allow access to remote users outside of the enterprise.
False
GoToMyPC and NTRconnect enable you to easily print a document on the host using the printer attached to the client.
False
Handling physical security attacks is the most important aspect of a security plan, as these types of attacks pose the highest risks to the organization.
False
Hybrid firewalls are great solutions as they tend to alleviate network bottlenecks.
False
IP Multimedia Subsystem (IMS) is a set of concepts you can use to formalize your security management practice and the associated reporting.
False
If a server has a public IP address, it is safe from potential attack from hackers because of the standards set in place by the National Security Agency (NSA).
False
Linux distributions automatically come with a native software firewall.
False
Most individuals and small office environments are at the most significant risk of being a primary target of hacker activity.
False
Nmap and Metasploit frameworks use Snort intrusion detection software to block network attacks.
False
Open source software has achieved a lot of commercial support.
False
Organizations are usually not aware of when compliance auditing is a mandated periodic occurrence, so preparation is challenging and often not possible.
False
Permanent site-to-site VPNs do not require firewalls at both ends that use static IP addresses.
False
SOHO VPN hardware firewalls are generally built on unsecure VPNs when used for transfer e-mail and sensitive files.
False
SSL-based VPNs cannot enable remote-access connectivity from almost any Internet-enabled location using a Web browser and its native SSL encryption.
False
Security management is the ongoing process of evaluating security so that you can improve it.
False
Security professionals seldom rely on open source applications and tools as they are unreliable and not secure.
False
Single-factor authentication uses a single element of validation or verification to prove the identity of a subject, and it is considered much stronger than multi-factor authentication.
False
Systems Network Architecture (SNA) is a legacy networking protocol developed by Microsoft, and it is used to support file transfers.
False
The Eradication phase of an incident response plan returns the situation to normal operation.
False
The Internetwork Packet Exchange/Sequenced Packet Exchange (IPX/SPX) is a legacy protocol developed by Apple Inc. for use in networks hosting mainly Macintosh computers.
False
The Smoothwall firewall does not work well with Openswan.
False
The act of containment should not interrupt or interfere with the continued spread or operation of the unwanted event.
False
The commercial firewall solution m0n0wall is available for Windows 7.
False
The security acronym C-I-A stands for confidentiality, integrity, and authentication.
False
The term Electronic Privacy Information Center (EPIC) refers to a form of the digital subscriber line technology, which enables faster data transmission over copper telephone lines than a conventional voice band modem can provide.
False
Training is less rigorous than awareness and more rigorous than education.
False
When implementing VPNs, you should not disable unneeded services or protocols.
False
When installing SmoothWall, at least three network cards (NICs) are needed in the SmoothWall machine.
False
When installing SmoothWall, the green interface is commonly used to protect the iptables firewalls.
False
You should not keep ports 465 and 995 open.
False
You should not set up your Linux VPN box also as a firewall.
False
You should wait at least a month before applying a patch or update from the vendor.
False
Which of the following is a form of security protection that protects individual files by scrambling the contents in such a way as to render them unusable by unauthorized third parties?
File encryption
Which of the following command-line tools will list the current open, listening, and connection sockets on a system as well as the service related to each socket?
Fport
Which of the following is used to connect two offices in different locations?
Gateway-to-gateway VPN
Which of the following is not true of security for a SOHO?
Have a higher risk than corporate offices
Which of the following is a collection of honeypots used to present an attacker an even more realistic attack environment?
Honeynet
For which of the following does the mobile user take specific actions to connect to the VPN?
Host-to-gateway VPN
In the scenario in the lab, Marina and Rita's Cupcakes used the __________, which stores copies of all emails on the server.
IMAP protocol
Which name is given to an architectural framework for delivering IP multimedia services?
IP Multimedia Subsystem (IMS)
Which of the following is hardware that connects a local network—or even a single computer—to a telco's carrier network to access the Internet?
ISP connection device
What are digital forensic techniques?
Identifying, extracting, and evaluating evidence obtained from digital media such as computer hard drives, CDs, DVDs, and other digital storage devices
Which of the following statements is true regarding the body (or content) of a spam email?
If the intent of the campaign is to verify that the email account is active, the recipient only has to open the email, not read the content.
You just set up a VPN client on a Windows computer to work with a pfSense VPN server. You now want to make an IPsec connection to the server using IKEv2. What is the first step you must take?
Import a certificate file from the pfSense system.
Which of the following are documents that can help you to review and assess your organization's status and state of security?
Incident response plan
Which of the following describes a predefined procedure that will limit damage, contain the spread of malicious content, stop the compromise of information, and promptly restore the environment to a normal state?
Incident response plan
Which term describes a set of concepts and practices that provides detailed descriptions and comprehensive checklists, tasks, and procedures for common IT practices?
Information Technology Infrastructure Library (ITIL)
Which name is given to a set of communications standards for simultaneous digital transmission of voice, video, data, and other network services over the traditional circuits of the public switched telephone network?
Integrated Services Digital Network (ISDN)
Which of the following is the term that describes the consistency, accuracy, and validity of data or information?
Integrity
Which of the following is an IPSec-based VPN protocol that uses NAT traversal (NAT-T)?
Internet Key Exchange v2 (IKEv2)
Which of the following is a public location that sells Internet access?
Internet café
Which of the following detects unauthorized user activities, attacks, and network compromises, alerts of the detected attacks, and takes action to prevent breaches?
Intrusion prevention system (IPS)
In Wireshark, which of the following is true of the Hex Data pane?
It can display file contents in hexadecimal and clear text.
Which of the following is not a characteristic of security education?
It is usually obtained inside of the organization.
Which one of the following is not a commercial hot firewall option available for Linux?
Kaspersky Internet Security
Which type of test is run in non-production subnets where you've configured a duplicate of the production environment?
Laboratory test
Which of the following allows file-sharing functionality?
LogMeIn
Which of the following uses ICMP as a tunneling protocol?
Loki
Which of the following statements is true regarding Microsoft Baseline Security Analyzer (MBSA)?
MBSA generates a report that identifies security issues and provides recommendations for system configuration changes.
Which one of the following is not a third-party software firewall but is a security suite?
McAfee Personal Firewall Plus
Which tool checks for system administration and misconfiguration problems, application software issues including missing patches and updates, and missing or partially installed system security updates?
Microsoft Baseline Security Analyzer (MBSA)
Which of the following describes the state or condition of an asset or process vitally important to the long-term existence and stability of an organization?
Mission-critical
Which of the following is a method for encapsulating IPSec ESP packets into UDP packets to pass through routers or firewalls employing Network Address Translation (NAT)?
NAT-T
Which of the following offers keycard security and allows you to restrict the times that your computer can be remotely accessed?
NTRconnect
Which of the following is a malicious remote control tool?
NetBus
Which of the following creates TCP and UDP network connections to or from any port?
Netcat
Which of the following is not a security suite?
Netfilter
Which Windows feature do you use to create a VPN client?
Network and Sharing Center
Which of the following is a network mapper, port scanner, and OS fingerprinting tool that checks the state of ports, identifies targets, and probes services?
Nmap
Which of the following is the definition of an open-source product?
One where the source code can be obtained and viewed by anyone
Which of the following is the definition of a closed-source product?
One where the source code cannot be obtained and view by just anyone
Which of the following is as an architecture that is designed to limit a network's vulnerability to eavesdropping and traffic analysis?
Onion routing
In SmoothWall, what color network interface card indicates the segment of the network is not trusted, but shares the Internet connection?
Orange
Which of the following is a system that waits for an IDS to detect and attackers and then transfers the attackers to a special host where they cannot do damage to the production environment?
Padded cell
Which of the following refers to a specialized host used to place an attacker into a system where the intruder cannot do any harm?
Padded cell
Which of the following describes any harmful code or site that depends upon the user's actions to be accessed or activated?
Passive threat
The volume of data throughput and transmission speed associated with a firewall is considered what?
Performance
Which of the following troubleshooting steps involves reviewing the entire troubleshooting response process?
Performing a post-mortem review
Which of the following prevents or restricts Web sites from automatically opening additional tabs or windows without the user's consent?
Pop-up blocker
Which of the following outbound ports is for HTTPS?
Port 443
Which of the following outbound ports is for DNS?
Port 53
Which of the following is given to an Application Layer protocol used by e-mail clients to receive messages from an e-mail server?
Post Office Protocol (POP)
Which of the following steps of an incident response plan selects and trains security incident response team (SIRT) members and allocates resources?
Preparation
Which of the following refers to the guideline that all users should be granted only the minimum level of access and permission required to perform their assigned job tasks and responsibilities?
Principle of least privilege
The degree to which a firewall can impose user access restrictions is known as which of the following?
Privilege control
Which of the following will track every single connection outside the Web by IP address and URL?
Proxy server
Which of the following will generate a graph of network traffic every five minutes on a firewall?
RRDtool
Which of the following steps of an incident response plan returns to the operation to normal?
Recovery
Which of the following is defined as the act of avoiding single points of failure by building in multiple elements, pathways, or methods of accomplishing each mission-critical task?
Redundancy
Which of the following is a Microsoft remote control solution used for modern operating systems that allows help desk professionals or other IT administrators to remotely control a user's system, while the user is watching?
Remote Assistance
Which of the following is a proprietary protocol developed by Microsoft that provides a user with a graphical interface to another computer?
Remote Desktop Protocol (RDP)
Which of the following is disabled by default and requires an invitation?
Remote Desktop Protocol (RDP) and Remote Assistance
Which of the following statements is true regarding remote desktop services?
Remote login services can become a vulnerability that is exploited both internally and externally.
There are six steps for writing a security incident response plane. Which of the following is not a step?
Report
Which of the following risks can compromise the confidentiality of documents stored on the server?
Risk that unauthorized individuals can breach the server's document tree
Which of the following refers to a database tool intended to handle time-series data, such as network bandwidth, temperatures, CPU load, and so on?
Round-Robin Database Tool (RRDtool)
Which of the following monitors traffic that gets through the screening firewall and has the advantage of reducing the amount of traffic to be monitored?
Screened IDS/IPS solution
Which of the following requires PKI support and is used for encryption with newer tunneling protocols?
Secure Socket Tunneling Protocol (SSTP)
Which of the following statements is true regarding security incidents?
Security incidents can arise from a number of sources, including human error or mistakes.
Which term describes a form of security based on hiding details of a system, or creating convolutions that are difficult to understand?
Security through obscurity
Which of the following is a popular open-source intrusion detection system that runs on SmoothWall??
Snort
What must be enabled to test SmoothWall's capability to mitigate attacks?
Snort intrusion detection software
Which of the following is not a virtual private network vendor?
Sophos
What type of emails are used to either get credentials that make breaking into or using a VPN easier, or are designed to ask users to do things like send money, disclose VPN credentials, or change passwords?
Spear phishing
Which of the following statements is true regarding phishing?
Spear phishing emails use social engineering techniques to appeal to the target.
Which of the following involves writing hidden messages so that only the sender and intended recipient know a message exists?
Steganography
Which of the following is a centralized logging service that hosts a duplicate copy of log files?
Syslog
What types of automated tools are used to scan an operating system and key software applications for security issues?
System configuration tools
What types of automated tools provide information about the current operating state of a computer system?
System information tools
Windows Computer Management and Windows Task Manager are what type of tools?
System information tools
Which of the following statements is true regarding gathering system performance information?
System performance information supplements information gathered by automated tools.
Which of the following is a Microsoft solution that runs on a Microsoft Terminal Services server but appears, to end users, as if it were actually running on their systems?
TS RemoteApp
Secure Shell (SSH) protocol replaces which older, insecure protocol?
Telnet
Which of the following allows administrators to connect remotely into servers from their desktop computers?
Terminal Services for Administration
Which of the following allows a single server to host one or more applications for remoter users?
Terminal Services for Applications
Which Windows log records information about events, including successful operations, system warnings, error messages about failed operations, and information about both successful and unsuccessful logon attempts?
The Application Log
Which of the following is a double-blind encapsulation system that enables anonymous but not encrypted Internet communications?
The Onion Router (TOR)
Which Windows log contains information about system security status?
The Security Log
Which Windows log contains information about system startup, shutdown, and status changes for key system processes?
The System Log
In addition to providing network security, organizations must address what other type of security issue?
Transaction security
Connecting port 22 or 222 with a client such as WinSCP3 will allow SmoothWall which capability?
Transfer of files to and from the system via SCP/SFTP
A Security Technical Implementation Guide (STIGS) is a guideline, procedure, or recommendation manual.
True
A gateway-to-gateway VPN provides connectivity between two locations such as a main office and a branch office.
True
A honeynet is a collection of multiple honeypots in a network for the purposes of luring and trapping hackers.
True
A native firewall is not necessarily installed by default, but can be added to a system through an update or patch installation.
True
A passive threat is similar to a virus in that it depends upon the activity of the user to activate, infect, and spread.
True
A port-mortem assessment review is the self-evaluation performed by individuals and organizations after each security assessment task.
True
A proxy server can track every single connection outside the Web by IP address and the URL requested.
True
An intrusion prevention system (IPS) is similar to an IDS, except that in addition to detecting and alerting, an IPS can also take action to prevent a breach from occurring.
True
Asymmetric Digital Subscriber Line (ADSL) is a form of the digital subscriber line technology, which enables faster data transmission over copper telephone lines than a conventional voice band modem can provide.
True
Bricking occurs when an update process causes a complete failure of the security control.
True
CERT, SANS, and Symantec are excellent network security Web sites.
True
Cable providers are generally less likely to allow you access into their connection device, while most DSL providers seem willing to grant at least partial access.
True
Clipper Chip was a chipset developed and promoted by the U.S. government as an encryption device to be adopted by telecommunications companies for voice transmission and was discontinued in 1996.
True
Commercial Off-the-Shelf (COTS) software is a more popular choice over custom solutions with corporations because of their network security tools, firewalls, and VPNs.
True
Digital forensic techniques identify, extract, and evaluate evidence obtained from digital media such as computer hard drives, CDs, DVDs, and other digital storage devices.
True
Each form of firewall filtering or traffic management is vulnerable in some way.
True
Every five minutes, SmoothWall allows the viewing of graphs representing network traffic, generated by RRDtool.
True
Free software can have no cost, which makes it non-commercial.
True
GoToMyPC, LogMeIn, and NTRconnect allow you to use a Mac as the client, but only NTRconnect enables you to use a Mac as the host.
True
Governance includes the processes and procedures that ensure employees are following your organization's security policy.
True
IPCop is a commercial firewall solution for Linux.
True
IPv4 can be encrypted using IP Security (IPSec) or other virtual private network (VPN) protocols.
True
IPv6 includes a native information security framework (IPSec) that provides both data and control packets.
True
If a firm puts Internet-facing servers directly in the Internet, they are exposed to threats of attack from anywhere in the world.
True
If a larger organization wanted to protect subnets within the network, basic packet filtering provided by routers might be the most appropriate choice.
True
If an organization wants to protect subnets within the network, basic packet filtering provided by routers might be the most appropriate choice.
True
If strong authentication is a priority, select an application gateway firewall or a dedicated application-specific proxy firewall.
True
If your home router is a wireless device, you should change the service set identifier (SSID) from the default setting.
True
It is a mistake to use remote system and device management mechanisms that are convenient but not secure, such as telnet, HTTP, and FTP.
True
Management expects you to quantify your contribution to the company and justify the expenditures they make to support security.
True
Modeling often occurs before piloting.
True
Most computers include power management capabilities, allowing them to turn off or go to a low power state when they aren't being used for a time. These computers can then be awakened when they are sent a specific string of bits in a "magic packet."
True
Patch management watches for the release of new updates from vendors, tests the patches, obtains approval, and then oversees the deployment and implementation of updates across the production environment.
True
Penetration testing involves the application of hacking techniques, methodology, and tools; ethical security experts conduct penetration testing.
True
Port 3074 is for an Xbox game port. You should not allow strangers to connect to it.
True
Port 53 is one you should consider forwarding.
True
Port forwarding allows you to hide Web servers behind a single IP address.
True
Security assurance is independent assurance that the relevant firewall technology meets its specifications.
True
ShieldsUP! is a port-scanning tool that is an effective way to test your configuration.
True
The best defenses against covert channels include IDS and intrusion prevention system (IPS) and thoroughly watching all aspects of an IT infrastructure for aberrant or abnormal events of any type.
True
The challenge of securing mobile devices is that these types of devices are frequently overlooked or discounted when documenting security risks.
True
The goal of disaster recovery planning is to return the business to functional operation within a limited time to prevent the failure of the organization due to the incident.
True
The owner of the Internet café can capture any data that passes through with a free packet sniffer such as Wireshark.
True
The principle of least privilege states that you should grant users the fewest capabilities, permissions, and privileges possible to complete their assigned work, without additional capabilities.
True
Time, money, and effort already spent on a project, event, or device make up its sunk cost.
True
To check that you have a successfully installed VPN you should run the command ipsec verify.
True
To download the RPM version of Openswan, you must have the IPSec-tools RPM package installed on your system.
True
To write a comprehensive security policy, you should first inventory and examine the components of the IT infrastructure.
True
Tor was derived from the Onion Routing Project managed by the U.S. Naval Research Lab.
True
Trusted Platform Module (TPM) is a dedicated microchip found on some motherboards; it hosts and protects the encryption key for whole hard drive encryption.
True
Ubiquitous firewalls are ultimately the direction that firewalls will likely take in the future.
True
Used with compatible VPNs, IPSec guarantees the authenticity, integrity, and confidentiality of network traffic.
True
When considering transaction security, it is common for the web server to stand behind one firewall and the database server to stand behind a second firewall.
True
When implementing VPNs, you should not write down your password unless it will be stored in a safe.
True
When implementing best practices, you will use external standalone firewalls whenever possible, but you won't go without a built-in or standalone firewall.
True
When it comes to software or firmware of the firewall or proxy, install only final releases, never beta or partial firmware.
True
When troubleshooting firewalls, you should simplify the task by first disabling or disconnecting software and hardware not essential to the function of the firewall.
True
Whether you're using a host-to-gateway or gateway-to-gateway configuration, you should not put the VPN server directly on the Internet but you should place it behind a firewall such as in a DMZ configuration.
True
While the Tor network does provide a level of anonymity, the user never knows what other computers the request will go through; data sent and received can be captured by any of these computers.
True
Windows Firewall is a native operating system firewall.
True
Wireshark is a free packet capture, protocol analyzer, and sniffer that can analyze packets and frames as they enter or leave a firewall.
True
Years ago, security threats came from mostly unsophisticated attackers; today, organized crime is taking advantage of computer hacking.
True
You should immediately terminate any communication found to take place without firewall filtering.
True
You should never assume that a service or protocol is secured by another layer or service.
True
If Secure Shell (SSH) is configured to use asymmetrical encryption, which of the following statements is true?
Two keys are required when sending data.
Which of the following is a key feature of SmoothWall?
Universal Plug and Play support
As an organization stretches beyond its capacity to support, sell, create, maintain, respond, produce, and so on, small problems quickly become big problems. Which of the following does not ensure long-term viability and stability for the business and network security design?
Unlimited growth
Which of the following statements is true regarding filtering log files?
Using a filter can help an analyst to quickly find events of interest.
In theory, the use of a software firewall as a replacement for a network appliance can work as long as the host OS's network communication is routed through which type of firewall?
Virtual firewall
Which form of investigation aims at checking whether or not a target system is subject to attack based on a database of tests, scripts, and simulated exploits?
Vulnerability scanning
Which one of the following is not a cause of a configuration error?
Vulnerability scanning
What prevents a hard drive from being read by another system if it is stolen?
Whole hard drive encryption
Which of the following provides detailed information about each service and also provides the startup type (automatic, automatic/delayed start, disabled, manual) and logon information (logon as local service, local system, and network service)?
Windows Computer Management
Which tool provides detailed information about the system, including lists of services and their current state, computer hardware configuration, security and system events, and scheduled tasks?
Windows Computer Management
Which of the following provides brief descriptions of services and their statuses and also provides the name and process ID (PID) for each service that is running?
Windows Task Manager
Which tool provides information about currently running tasks, use of system resources, and system performance?
Windows Task Manager
Processes, Performance, Users, Details, and Services are the five types of system information that can be obtained from the:
Windows Task Manager.
Microsoft Baseline Security Analyzer (MBSA) is a system scanning tool that scans workstations and servers running:
Windows.
Which of the following is not a commonsense element of troubleshooting firewalls?
Work with urgency.
Which of the following is a solution that represents the majority of VPNs on the market and is commonly referred to as a VPN appliance? This solution is easy to set up, manage, and maintain.
customer premise equipment (CPE)
Which of the following is a third-party tool that Symantec offers as a solution for organizations to access and securely manage remote computers?
pcAnywhere
Which of the following is not an ISP connection?
pfSense
The five-step formula that serves as the basis for incident response processes and procedures includes:
prevent, detect, respond, control, and document security incidents.
Microsoft Baseline Security Analyzer (MBSA) is a:
system configuration tool.
Which of the following statements is NOT true regarding VPNs?
A VPN does not mask a client's IP address.
In Windows, what is Trusted Root Certification Authorities?
A certificate store
Which type of files are most appropriate to exchange via anonymous FTP?
A company's marketing literature
Which of the following describes a BYOD?
A policy allowing or encouraging employees, contractors, and others to connect their own computers, smartphones, and other devices to their organization's networks
What is ISAKMP?
A protocol used to establish tunnels and cryptographic keys
Which of the following statements is true regarding spam emails?
A spam email can be part of a larger campaign of deception, or it can be the entire campaign.
Which of the following statements is true regarding a properly configured Virtual Private Network (VPN) that uses IPSec and adheres closely to best practices, such as strong authentication, network segmentation, device validation, posture assessment, etc.?
Actually "breaking" into a VPN tunnel such as this one will take significant technical prowess.
When configuring a VPN connection from a client to a server, what does the route add <a.b.c.d> mask 255.255.255.0 <w.x.y.z> command do?
Add a route to the connecting IP address of the IPsec firewall.
In this lab, you removed a split tunnel configuration from an IPsec VPN adapter. What was the result?
All traffic was forced through the IPsec tunnel, making the connection slower but more secure.
Which of the following steps can make VPN access more secure?
Allow access only from specific MAC addresses and specific MAC/IP address pairs.
Which of the following statements is NOT true of Secure Shell (SSH)?
An attacker who gains access to SSH encryption keys cannot decrypt and read content.
Of the following, what is a packet retransmission most likely to indicate?
An intentional packet injection
Which of the following is a portion of a software system that unauthenticated users can run?
Attack surface
Which term describes portions of a software system that unauthenticated users can run?
Attack surface
Cryptcat is a Linux distribution that includes hundreds of security and hacking tools, including Nessus and Metasploit. It can perform attacks against or through a firewall for testing purposes.
False
HTTP Proxy is Linux software powered by VMware that creates SSH encrypted tunnels used in combination with TOR.
False
Multifactor authentication is significantly less secure than any single factor form of authentication.
False
Naturally, external-only communications are more likely to be malicious, but because they do not end or originate from an internal source, you don't need to be concerned with them.
False
Physical isolation of a router is not a way to ensure that only authorized router administrators can access the device itself.
False
Remote and mobile devices are inherently less risky as they are exposed to fewer potential threats.
False
Security is the responsibility managers and executives.
False
The NNTP protocol is a service used to remotely control or administer a host through a plaintext command-line interface.
False
The WAN Domain refers to the hardware, operating system software, database software, client-server applications, and data that are typically housed in the organization's data center and/or computer rooms.
False
The firewall administrator should give physical access to firewall devices to senior managers and middle managers.
False
The term identity and Access Management (IAM) describes a protocol and a data exchange system commonly used over TCP/IP networks, including the Internet, that is unencrypted and performs authentication and data transfer in plaintext.
False
VMware creates a lab environment.
False
When troubleshooting firewalls, you should never attempt to repeat the problem because you could do more damage.
False
When troubleshooting firewalls, you should not use free options, as they aren't likely to solve the problem and will waste your time.
False
Which protocol and a data exchange system commonly used over TCP/IP networks, including the Internet, is unencrypted and performs authentication and data transfer in plaintext?
File Transfer Protocol (FTP)
Which of the following statements is true regarding social engineering?
Hackers, cybercriminals, or cyberterrorists often save time and achieve what they could not otherwise by simply asking.
Which of the following refers to the entity responsible for global coordination of IP addressing, DNS root, and other Internet protocol resources?
Internet Assigned Numbers Authority (IANA)
Which of the following statements is true regarding Kitty Kat (KK) in the fictitious scenario used in the lab?
KK began her work with an Internet search to find information about the target company and its owners.
You are configuring a VPN client on a Windows 2016 server using IPsec to create a secure tunnel to a L2TP\IPsec server. Which of the following statements is true?
L2TP does not perform encryption.
When troubleshooting firewalls, which of the following is not something you should do after you attempt a fix?
Make multiple fixes.
Which of the following strengthens access procedures and makes a VPN more secure?
Make sure that all parameters for the VPN are applied uniformly.
Which of the following refers to the process of simulating and testing a new concept, design, programming technique, and so on before deployment into a production environment?
Modeling
Which of the following refers to a website that was a black market for drugs, weapons, and killers for hire?
Silk Road
What is the 255.255.255.255 address typically associated with?
Subnet mask
Which of the following refers to the hardware, operating system software, database software, client-server applications, and data that are typically housed in the organization's data center and/or computer rooms?
System/Application Domain
Which of the following statements is true of split tunnel configurations?
The configuration is optimal for performance.
Which of the following statements is true regarding the emails that were collected from Marina and Rita's Cupcakes' key employees?
The emails included both professional and personal information that could be exploited.
Which of the following describes identity and access management (IAM)?
The security discipline that enables the right individuals to access the right resources at the right times consistent with organizational policy
Which of the following is not a characteristic of a private address?
They are leased.
Which of the following is not true of VLANs?
They require a change of IP address or re-cabling.
Gathering through eavesdropping on communications, whether encrypted or not, is known as what?
Traffic and trend analysis
A firewall's vulnerability to DoS flooding is a limitation or weakness that you can't fix, improve, or repair by either upgrading the firewall or applying a patch.
True
A hybrid attack combines dictionary attacks with brute force attacks.
True
Netcat is a hacker tool that creates network communication links using UDP or TCP ports that support the transmission of standard input and output.
True
Node security focuses on the tasks for each type of networking device to improve its security; it takes the generic recommendations of system hardening and expands them with additional node/host specific improvements.
True
PacketiX VPN and HotSpotShield are encrypted Web proxy services.
True
SMTP is an Application Layer protocol used by e-mail clients to send messages to an e-mail server and is also used to relay messages between e-mail servers.
True
Simulator tests are secure by design.
True
Snort is an open-source, rule-based IDS that can detect firewall breaches.
True
Telnet is a protocol and a service used to remotely control or administer a host through a plaintext command-line interface.
True
The Containment phase of an incident response plan restrains further escalation of the incident.
True
The Detection phase of an incident response plan confirms breaches.
True
Which of the following statements is true regarding creating a successful spam email campaign?
When the sender is a known contact of the target, using the sender's actual email address increases the appearance that the email is proper.
Which of the following refers to the end user's desktop devices such as a desktop computer, laptop, VoIP telephone, or other endpoint device?
Workstation Domain
A well-designed malicious email campaign can expect __________ responses, or click-throughs, as a legitimate commercial email campaign.
about the same number of
The hidden part of the Internet where one can buy just about any product or service, pay in a currency called "bitcoins," and transact business anonymously is referred to as the:
darknet
In the scenario in the lab, Kitty Kat (KK) was able to access the Marina and Rita's Cupcakes' __________ via the VPN, which was set-up for Marina's convenience to use a pre-stored password and automatic sign-in.
Instead of relying just on a user ID and password systems, VPN access can be protected by tokens like SecurID and other __________ methods.
multi-factor authentication
Social engineering and reverse social engineering are used to gain access by:
pretending to be a legitimate user.
In the scenario in the lab, Kitty Kat (KK) was able to open the VPN and download the email of key employees after sending an email to the employees asking them to:
reset their VPN passwords.
In the scenario in the lab, Marina neglected to use a(n) __________ on her smartphone, which meant that anyone could gain immediate access to her contacts and other private information.
screen lock
