Final Exam Review
Assuming a working IDS is in place, which of the following entities is BEST capable of stealing sensitive information due to the absence of system auditing? A. Hacker B. Disgruntled Employee C. Auditors D. Malicious software (malware) E. Unhappy Customers
B. Disgruntled Employee
Using a virtual private network (VPN) solution allows for choices such as IPSEC, L2F, and GRE. What are these? A. User security options B. Encapsulating protocols C. Applications D. Policies E. Encryption protocols
B. Encapsulating protocols
Transmission ________ means never sending information across the network in the clear. A. compliance B. virtual private network (VPN) encapsulation C. protocol D. encryption E. security
D. encryption
Which of the following requires Federal agencies to "identify all computer systems that process sensitive data and prepare a plan for the security and privacy of each such system"? A. Sarbanes Oxley (SOX) Act of 2002 B.The Gramm-Leach-Bliley Act (GLBA) of 1999 C.The Systems Security and Privacy Act of 2010 D.The Computer Security Act of 1987 E.Federal Information Security Management Act of 2002
D.The Computer Security Act of 1987
Which of the following is a primarily a corrective control in the WAN Domain? A. Business continuity plan (BCP) B. Traffic analysis C. Assurance of wide area network (WAN) availability D. Configuration change control E. Proxy server
A. Business continuity plan (BCP)
Which of the following is NOT a typical form of authentication used for accessing networks? A. What you see B. What you know C. Two Factor D. What you are E. What you have
A. What you see
A ________ is a type of malware that is a self-contained program that replicates and sends copies of itself to other computers. A. Spyware B. Rootkit C. Worm D. Trojan horse E. Virus
C. Worm
What is NOT a characteristic of an ordinary uninterruptible power supply (UPS)? A. Provides AC power on a long-term basis B. Protects against power surges C. Shuts down the device in a structured manner D. Provides backup battery power to a device when AC power is not available E. Often has an audible alarm when power fails
A. Provides AC power on a long-term basis
You want to configure devices to send an alert to the network manager when remote users connect to your network. Which protocol is the best choice for monitoring network devices? A. Simple Network Management Protocol (SNMP) B. Layer 2 Tunneling Protocol (L2TP) C. Secure Sockets Tunneling Protocol (SSTP) D. Transport Layer Security (TLS) E. Layer 2 Forwarding (L2F)
A. Simple Network Management Protocol (SNMP)
Which of the following wide area network (WAN) types is very inexpensive but performance and stability depend on the user's Internet connection? A. VPN over Internet B. Cell relay C. MPLS D. Dedicated line/leased line E. Packet switching
A. VPN over Internet
An important step in securing applications is to remove the _____________. A. source code B. STIGs C. compliance requirements D. backup media E. encryption
A. source code
Today, __________ local area networks possesses a path to the Internet and/or some external network. A. no B. few C. about 50 percent of D. virtually all E. about 75 percent of
D. virtually all
A technique that corrupts the system that coverts web uniform resource locators names (like www.amazon.com) into IP addresses, causing the name server to return an incorrect IP address is an example of: A. IP address spoofing B. MAC address spoofing C. DHCP snooping attack D. DNS name corruption E. ARP cache poisoning
D. DNS name corruption
A method that focuses on keeping or discarding log data you care about is called: A. Monitoring B. Correlation C. Normalization D. Filtering E. Auditing
D. Filtering
Logging Policies are generally concerned with all of the following except: A. Log transmission: How logs are collected and centralized across the entire environment. B. Log storage and disposal: How and where the logs are retained and then disposed of. C. What events are logged, with what level of detail. D. Log incidents & events: Specific events & incidents that have been recorded rather than how events are interpreted. E. Log analysis: How are the logged events interpreted and what actions are taken as a result.
D. Log incidents & events: Specific events & incidents that have been recorded rather than how events are interpreted.
Regarding a wide area network (WAN) lease, the SLA states a level of guaranteed uptime. What does SLA stand for? A. Site license agreement B. Subscriber logon agreement C. Software license agreement D. Service level agreement E. Site logon agreement
D. Service level agreement
The essential characteristics of log monitoring regulations can be summarized with all of the following except: A. Review log data B. Collect logs centrally C. Retain logs for a period of time D. E. Perform annual penetration testing
E. Perform annual penetration testing
When implementing a wireless network in your LAN Domain, in order to help prevent intrusions, a best practice is: A. The wireless firewall itself should be in a DMZ B. The wireless firewall itself should block all Internet ports C. The wireless firewall itself should be integrated with the Internet firewall D. The wireless and wired firewall should be combined E. The wireless firewall itself should be separate from the existing Internet firewall
E. The wireless firewall itself should be separate from the existing Internet firewall
A __________ is a hardware device that forwards input it receives only to the appropriate output port. A. router B. LAN C. proxy server D. hub E. switch
E. switch
Which access control method is based on the data owner granting permissions? A. Need to know B. All of the above C. DAC D. RBAC E. MAC
A. Need to know
Per the PCI DSS standard, compliance is done: A. randomly. B. weekly. C. every three years D. monthly. E. annually.
E. annually.
Which of the following states the purpose of PCI DSS Requirement 6.1? A. Examine policies and procedures to verify that processes are defined to identify new security vulnerabilities, and to assign a risk ranking to vulnerabilities. B. Interview responsible personnel and observe processes to verify that new security vulnerabilities are identified. C. Verify processes are defined for installation of applicable critical vendor-supplied security patches within one month of release and installation. D. Ensure all applicable vendor-supplied security patches are installed within an appropriate time frame. E. Implement Intrusion Detection Systems across all credit card related networks and ensure that credit cards are not stolen
A. Examine policies and procedures to verify that processes are defined to identify new security vulnerabilities, and to assign a risk ranking to vulnerabilities.
Which of the following is a type of firewall that makes requests for remote services on the behalf of local clients? A. Proxy server B. Stateful Firewall C. Virtual private network (VPN) D. Router E. Demilitarized zone (DMZ)
A. Proxy server
Which of the following statements is true regarding a company's security policies and applicable legislation? A. They apply to the WAN and the servers, and even include the end user. B. They apply to the WAN and the servers, but not to the end user. C. They apply only the end user and the LAN D. They apply to the Wide Area Network (WAN) only. E. They apply to the servers only.
A. They apply to the WAN and the servers, and even include the end user.
A man in the middle attack is: A. where the attacker secretly relays and possibly alters the communication between two parties who believe they are directly communicating with each other. B. the creation of Internet Protocol (IP) packets with a false source IP address, for the purpose of hiding the identity of the sender or impersonating another computing system C. is a technique for changing a factory-assigned Media Access Control address of a network interface on a networked device. D. is a form of computer hacking in which corrupt Domain Name System data is introduced into the DNS resolver's cache, causing the name server to return an incorrect IP address. E. a technique by which an attacker sends (spoofed) Address Resolution Protocol messages onto a local area network
A. Where the attacker secretly relays and possibly alters the communication between two parties who believe they are directly communicating with each other.
The components in the System/Application Domain commonly reside in the same room. The room in which central server computers and hardware reside is commonly called a _______________. A. data center B. physical access control room C. command center D. production environment E. communications closet
A. data center
Regarding an intrusion detection system (IDS) that uses stateful matching: A. looks for specific sequences appearing across several packets in a traffic stream rather than just in individual packets. B. does not try to look at more than one packet at a time when looking for network attacks C. uses pre-configured rules pertaining to individual packet to detect previously seen attacks D. blocks specific ports per its configuration file E. compares current activity with stored profiles of normal (expected) activity
A. looks for specific sequences appearing across several packets in a traffic stream rather than just in individual packets.
n the scenario in the lab, the client needs to be in compliance with the PCI DSS standard because it processes credit card transactions and: A. obtains its customers' privacy data. B. does not have a secure System/Application Domain. C. has a history of noncompliance. D. has access to PII and salary information. E. obtains its customers' health information.
A. obtains its customers' privacy data.
The DMZ is generally placed between two firewalls as follows: A. Two firewalls that face the internal network or WAN to LAN infrastructure B. One firewall that faces the internet and one firewall that faces the internal network or WAN to LAN infrastructure C. One firewall that faces the wireless network and one firewall that faces the WAN D. One firewall that faces the internet and one firewall that faces the wireless network E. Two firewalls that both face the internet
B. One firewall that faces the internet and one firewall that faces the internal network or WAN to LAN infrastructure
Which of the following wide area network (WAN) types is the most secure and gives a subscriber exclusive access to all bandwidth? A. Packet switching B. Dedicated line/leased line C. Cell relay D. MPLS E. VPN over Internet
B. Dedicated line/leased line
The term FCAPS represents the focal tasks necessary to effectively manage a network. What do F and C stand for? A. Fault, Control B. Fault, Configuration C. Focus, Configuration D. Fail, Control E. Fail, Configuration
B. Fault, Configuration
You have the least amount of control over who accesses data in the ______ Domain. A. System/Application B. Workstation C. LAN D. WAN E. User
D. WAN
In order to mitigate risks of moving network monitoring to the cloud such as risk of insider breach (form inside the provider) of the organization's data, organizations should ensure: I. Cloud providers use background checks as part of the hiring process. II. Cloud providers employ security policies, controls, etc. which match the most stringent of any customer. III. Contractual agreements or terms of service should outline the specifics of security policies, backup and recovery, business continuity, etc. IV. Cloud providers should implement storage and servers on the customer organization's premises. A. I & II only B. I, II, & III only C. I, II, and IV only D. III & IV only E. II and IV only
B. I, II, & III only
The following are the basic steps required to establish a remote connection EXCEPT: A. Identification B. Accounting C. Authentication D. Authorization E. A&B
B. Accounting
How can you manage vulnerabilities in the System/Application Domain? A. Application patch management B. Both OS and application patch management C. Implement an Intrusion Prevention System (IPS) D. Domain management E. OS patch management
B. Both OS and application patch management
Which of the following is primarily a preventive control in the Remote Access Domain? A. Disaster recovery planning B. Proxy server C. VPN/remote access component patching D. Business continuity planning E. Traffic analysis
B. Proxy server
What type of security monitoring tool would be most likely to identify an unauthorized change to a computer system? A. CCTV B.System configuration and integrity monitoring C. Network IDS D. Security Incident and Event Manager (SIEM) E. Data loss prevention product
B. System configuration and integrity monitoring
Which of the following statements is true regarding the Workstation Domain? A. This domain is much less at risk than the others. B. This domain is no less at risk than the others. C. This domain carries no risk. D. This domain is somewhat more at risk than the others. E. This domain is much more at risk than the others.
B. This domain is no less at risk than the others.
Why should you verify that all data flowing through your virtual private network (VPN) is encrypted? A. To enhance the effectiveness of the NIDS B. To prevent an attacker from capturing and reading the data C. To ensure delivery of the data D. To increase the stability of the VPN connection E. To increase the speed of the VPN connection
B. To prevent an attacker from capturing and reading the data
The most accurate way to describe the roles of Firewalls and Network Intrusion Detection Systems for detecting and thwarting attacks on the network is: A. Since the IDS sits at the boundary of the IP network segments, it can only monitor the traffic entering and leaving the interface on the IDS whereas the Firewall monitors the internal part of the network B.NIDS and Firewalls play complementary roles in terms of detecting and thwarting network attacks C. Firewalls can do everything and NIDS can do D. If you have a good NIDS and NMAP software deployed, firewalls are largely redundant E. A NIDS is a superset of a Firewall
B.NIDS and Firewalls play complementary roles in terms of detecting and thwarting network attacks
In the STIGs you reviewed in the lab, who had the burden of responsibility for ensuring that the majority of the STIG rules were followed? A. The Company CEO B. The Network Security Assistant C. The Information Assurance Officer D. The Chief Information Officer E. The System Coordinator
C. The Information Assurance Officer
What are data classifications used by the U.S. government? A. Proprietary, Private, Secret, and Top Secret B. Proprietary, Public, Restricted, Secret C. Unclassified, Confidential, Secret, and Top Secret D. Public, Private, Proprietary, and Secret E. Unclassified, Proprietary, Secret, and Top Secret
C. Unclassified, Confidential, Secret, and Top Secret
As you already know ISO 27001 covers Information Security Management Systems (ISMS) and requires monitoring whereas ISO 27002: provides: A. a guide to computer security log management B. security controls and assessment procedures for federal information systems and organizations C. a code of practice for information security controls D. a comprehensive framework to protect government information, operations and assets against natural or man-made threats E. a guide to network auditing, intrusion detection and prevention
C. a code of practice for information security controls
The two main types of attacks that may originate from within an organization are internal attacks on the organization and _______________. A. internal attacks on employees B. external attacks on employees C. internal-to-external attacks on another organization D. internal attacks on senior management E. external attacks on the organization
C. internal-to-external attacks on another organization
Which of the following is the process of providing additional private credentials that match the user ID or username? A. Identification B. Authorization C. Authentication D. Whitelisting E. Revocation
C. Authentication
As an IS analyst your SEIM has alerted you that a system user is logged into your LAN which is in the United States and at the same time has just attempted to log in remotely through the organizations VPN from an IP address in Germany. The technique that was employed for this detection of possible malicious behavior is based on: A. Malware Detection B. Normalization of Log Data C. Event Correlation D. Data De-duplication E. Moore's Law
C. Event Correlation
Anthony is responsible for tuning his organization's intrusion detection system. He notices that the system reports an intrusion alert each time that an administrator connects to a server using Secure Shell (SSH). What type of error is occurring? A. False negative error B. Clipping error C. False positive error D. Remote administration error E. True Positive error
C. False positive error
Penetration tests are ________. A. typically conducted by malicious attackers B. always intrusive C. are always done without knowledge of senior management D. simulations of attacks E. typically conducted by senior management
D. simulations of attacks
The Federal Information Security Act of 2002 (FISMA) does not prescribe any logging log management, or security monitoring since it stays on a high level of policy, planning, and risk to federal systems. Therefore, the main source for detailed guidance for FISMA is: A.DISA STIGs- Defense Information Service Agency - Security Technical Implementation Guides B. COSO Framework C. 800-53 - Recommended Security Controls for Federal Information Systems D.800-92 - Guide to Computer Security Log Management E.ISO27001 - Specification for specification for an information security management system (ISMS)
C. 800-53 - Recommended Security Controls for Federal Information Systems
High priority log events that require immediate attention are sent to: A. Organization CIO B. IT Administrator C. Analysts D. Intrusion Detection Systems E. Firewall
C. Analysts
Ricky is reviewing security logs to independently assess security controls. Which security review process is Ricky engaging in? A. Monitoring B. Detecting C. Auditing D. Securing E. Improving
C. Auditing
Which of the following is NOT true of the Remote Access Domain? A.Provides an access path for remote users to your internal network B.Commonly uses public wide area networks for data transfer C. Automatically encrypts all data D. May transfer sensitive data E.Directly interfaces with the User Domain
C. Automatically encrypts all data
Of the following controls, which is the best choice for protecting the confidentiality of data in the LAN Domain? A. Wireless connections B. A security awareness program C. Encryption D. VPN E. A proxy server
C. Encryption
Per the PCI DSS standard, compliance is verified by a(n): A. IT representative. B. Ordinary auditor. C. Qualified Security Assessor. D. Company executive. E. Company auditor.
C. Qualified Security Assessor.
The ____________ provides the environment for the applications you run as clients on your network and the computer systems that house them. A. Storage Area Network B. Distributed Applications C. System/Application Domain D. Test Environment E. Production Environment
C. System/Application Domain
Permitting users and systems remote access to the network demands a prudent combination of: A. laptops and mobile devices. B. company provided devices and users' own devices. C. policies and technology. D. judgement and standards. E. using free Wi-Fi and virtual private networks (VPNs).
C. policies and technology.
Which of the following states the purpose of PCI DSS Requirement 6.2? A. Establish a process to identify security vulnerabilities, using reputable outside sources for security vulnerability information, and assign a risk ranking to newly discovered security vulnerabilities. B. Address common coding vulnerabilities in software-development processes by training developers in secure coding techniques and developing applications based on secure coding guidelines. C. Implement Intrusion Detection Systems across all credit card related networks and ensure that credit cards are not stolen D. Ensure that all system components and software are protected from known vulnerabilities by installing all critical security patches are installed within one month of release. E. Develop internal and external software applications securely so that they are in accordance with PCI DSS, based on industry standards and/or best practices.
D. Ensure that all system components and software are protected from known vulnerabilities by installing all critical security patches are installed within one month of release.
What is the primary reason that heating, ventilating, and air conditioning (HVAC) is critical to a data center? A. It maintains a comfortable environment for data center staff. B. It helps to reduce the damage caused by a fire. C. It maintains a steady supply of power. D. It prevents hardware from overheating. E. It prevents cabling interference.
D. It prevents hardware from overheating.
One formal method to control the software development life cycle is ______________. A. software application management B. secure software application management C. secure configuration management D. software configuration management E. hardware application management
D. software configuration management
The ongoing attention and care an organization places on security and compliance is called: A. Assessment B. Monitoring C. Auditing CorrectD. Due Diligence E. Log Management
D. Due Diligence
RADIUS is a network protocol that supports remote connections by centralizing the management tasks. What do I, U, and S stand for? A. Internal, Unique, Security B. Internal, Unified, Service C. In, Unique, Security D. In, User, Service E. In, User, Security
D. In, User, Service
The hardware devices that connect other devices and computers using connection media are known as: A. NMAP B. Nodes C. Server computers and services devices D. Networking devices E. Connection media
D. Networking devices
Which of the following would be the best use for a packet sniffer? A. Wireshark B. To track configuration changes to specific LAN devices C. To encrypt confidential data D. To approve or deny traffic based on the destination address E. To analyze packet contents for known inappropriate traffic
E. To analyze packet contents for known inappropriate traffic
According to the PCI SSC Data Security Standards Overview page you read in the lab, the PCI DSS provides an actionable framework for developing a payment card data security process that includes: A. tips for avoiding unnecessary auditing steps after a security incident. B. implementaton of intrusion detection systems in networks that process credit card information C. proper reporting of security incidents. D. identification, assessment, and evaluation of security incidents. E. prevention, detection, and appropriate reaction to security incidents.
E. prevention, detection, and appropriate reaction to security incidents.
A technique by which an attacker sends (spoofed) address resolution protocol messages onto a local area network is an example of: A. IP address spoofing B. Address manipulation attack C. MAC address spoofing D. DNS name corruption E. ARP cache poisoning
E. ARP cache poisoning
What is the primary type of control used to protect data in the WAN Domain? A. Antivirus software B. Username and password combination C. Periodic Patching D. Least privilege E. Encryption
E. Encryption
This network device gives you the ability to aggressively control how users and applications use your local area networks.' A. hub B. proxy server C. switch D. node E. router
E. router
There are many advantages to purchasing your own network monitoring system including, "Cash and carry"—pay and you get a solution to your log management and analysis needs, purchased solutions support a wide variety of log sources and formats, support agreements typically include service line agreements for up-time and response time for issues, product updates and improvements including updates to meet changes to compliance standards and there is a potential to purchase services and onsite help to help get the system installed and train your internal staff. However, some risks come with purchasing a monitoring system including: A. Gaps in the system that do not support installed applications in your environment or processes specific to your compliance needs B. No third-party support. You are the support staff! C. Vendor maturity, longevity, and risks to the organization being able to change vendors in the future. D. A & B E. A & C
E. A & C
What is a protocol? A. A specialized server B. A set of standards C. An operating system D. A networking device E. A set of rules
E. A set of rules
Which of the following is NOT a common method of maximizing C-I-A in the LAN-to-WAN Domain? A. Use redundant routers. B. Configure dual-homed ISP connections. C. Hard Drive Backup and Recovery D. Use redundant firewalls. E. Configure a single ISP connection.
E. Configure a single ISP connection.
Your organization subscribes to a wide area network (WAN) service. What is the most reasonable step you can take to ensure uptime? A. Upgrade the WAN equipment. B. Use Multi-protocol Label Switching (MPLS) C. Switch to an Internet service provider (ISP). D. Purchase and install a power generator. E. Ensure the WAN provider's SLA meets or exceeds your required uptime goals.
E. Ensure the WAN provider's SLA meets or exceeds your required uptime goals.
Within the LAN-to-WAN Domain, what connects two or more separate networks? A. Switch B. Server C. Multiprotocol Label Switching (MPLS) D. Firewall E. Router
E. Router
Users have to log on several times as they use different applications. One solution is to use an SSO system. What does SSO stand for? A. Secure sign-on B. Single secure-on C. Secure sign-on system D. Single secure onboard E. Single sign-on
E. Single sign-on
A nonintrusive penetration test ____________. A. may result in damage to the network B. is always performed in a test environment C. is always performed by an internal employee D. validates the existence of and exploits a vulnerability E. only validates the existence of a vulnerability
E. only validates the existence of a vulnerability
Which one of the following statements is true about Wireless Intrusion Prevention Systems (WIPS)? A. A WIPS not only detects rogue Wi-Fi access points but it also tracks the location of cell phones in the building B. The PCI Security Standards Council published wireless guidelines for PCI DSS recommending the use of WIPS to automate wireless scanning for large organizations C. WIPS is a network device that has a built-in firewall, network mapper and malware detection software D. A WIPS is a network device that monitors the radio spectrum for the presence of unauthorized access points(intrusion detection), but CANNOT automatically take countermeasures (e.g. intrusion prevention) E. If a WIPS detects the use of Wired Equivalent Privacy (WEP) then it can automatically switch the network over to WPA2/802.11i
the PCI Security Standards Council published wireless guidelines for PCI DSS recommending the use of WIPS to automate wireless scanning for large organizations