Network Security Unit 2, Network Security Unit 3

Most personal computer operating systems use the mandatory access control (MAC) model. T/F

False

NAS works well with real-time applications because of the latency of the communication methods. T/F

False

Organizations are safe from sniffer attacks when their computing environment is primarily a switched network environment. T/F

False

PPTP provides stronger protection than L2TP. T/F

False

RAID is a replacement for backup and recovery processes. T/F

False

The Common Gateway Interface (CGI) is a programming language in and of itself. T/F

False

The basic operation of a system logging facility is to collects events from log files, processes the data, stores the results, and performs notification or alerting, as required. T/F

False

The size of a signature base is a good measure of an IDPS's effectiveness. T/F

False

Today, the widespread acceptance of IPSec with the IKE system means that proprietary protocols are used far more often. T/F

False

What is the best way to restrict URL access?

Make sure sensitive pages require authentication

A ____ is one in which the computer system enforces the controls without the input or intervention of the system or data owner.

Mandatory Access Control (MAC)

To provide monitoring, an SNMP ____ must be installed on a desired host or network device.

agent

One of the biggest strengths of Perl is its ____-manipulation abilities.

text

Because it accepts firewall and intrusion logs from many sources, ____ is often one of the first organizations to spot network anomalies, and it often traces them to specific malware or vulnerability exploits.

the ISC

In passive mode, the FTP client must listen and wait for the server connection. T/F

False

Logs provide dynamic records of running processes. T/F

False

The improved Bluetooth 2.0 increased the data rate to around ____ Mbps.

Three

What is a drawback of tape backups?

Time Required to store and retrieve information

Which tcpdump option specifies the number of packets to capture?

-c

Which HTTP response code indicates that an error has occurred on the client side?

401

802.11n has a maximum data rate of ____.

600 Mbps

QPSK uses four signal states that are ____ degrees out of phase to carry four signal values.

90

____ refers to a new use of existing technologies.

AJAX

A(n) ____ is a list of authorization rights attached to an object - in other words, who can access that device or application and what can they do with it.

Access Control List (ACL)

What is the largest area of concern with regard to security in ZigBee?

Accidental key reuse

Which access control process documents the activities of the authenticated individual and systems?

Accountability

____ demonstrates that management has identified an acceptable risk level and provided resources to control unacceptable risk levels.

Accreditation

Which COBIT domain focuses on ongoing maintenance and change requirements to extend the usability of the system?

Acquire and implement

____ clustering is a more complex model in which all members of a cluster simultaneously provide application services.

Active/Active

From a network security perspective, the ____ logs are the most valuable to a systems and network administrator in identifying and resolving issues.

Admin and operational

The ____ review entails a detailed examination of the events that occurred from first detection to final recovery.

After-action

The primary focus of ____ is to determine if the standards and/or regulations the organization claims to comply with are, in fact, complied with.

An Audit

A spreadsheet program might record an error for access to a file in the ____ log.

Application

In ____ verification, the higher-order protocols (HTTP, FTP, Telnet) are examined for unexpected packet behavior or improper use.

Application Protocol

A(n) ____ is a detailed description of the activities that occur during an attack, including the preliminary indications of the attack as well as the actions taken and the outcome.

Attack Profile

_____ verify that an organization's security policies are prudent (cover the right issues) and are being implemented correctly.

Audits

Biometrics (retinal scans, fingerprints, and the like) are mainly used for ____ by large security-minded entities such as banking institutions and credit card centers for regulating access to sensitive information, but biometrics are also gaining ground in the general corporate world.

Authentication

Which linux file shows a listing of failed login attempts?

BTMP

Under the guise of justice, some less scrupulous administrators may even be tempted to ____, or hack into a hacker's system to find out as much as possible about the hacker.

Back hack

The most realistic type of penetration test is a ____ box test.

Black

Which notable Bluetooth attack allows a nearby attacker to issue commands to an unsuspecting target phone?

BlueBug

The _____ mailing list is a widely known, major source of public vulnerability announcements.

Bugtraq

____ planning ensures that critical business functions can continue if a disaster occurs.

Business continuity planning

The use of ____ is required to achieve RSN compliance.

CCMP

____ is an IT governance framework and supporting toolset that allows managers to bridge the gap between control requirements, technical issues, and business risks.

COBIT

Which team is responsible for conducting the BIA?

CP Management Team (CPMT)

____ is a vulnerability scoring system designed to provide an open and standardized method for rating IT vulnerabilities.

CVSS

Within the change management process, after the need for a change has been identified, a(n) ____ is submitted to the appropriate decision-making body.

Change Request

Incident ____ is the process of evaluating organizational events, determining which events are possible incidents, also called incident candidates, and then determining whether or not the incident candidate is an actual incident or a nonevent, also called a false positive incident candidate.

Classification

Which vulnerability can occur if a programmer does not properly validate user imput and allows an attacker to include unintended SQL input that can be passed to a database?

Command injection

Which cloud type acts as a collaboration between a few entities for the sole benefit of those entities?

Community Clouds

The ____, which is also known as the Security Incident Response Team (SIRT), is the group of individuals who would be expected to respond to a detected incident.

Computer Security Incident Response Team (CSIRT)

IPSec ____ use a complex set of security protocols to protect information, including Internet Key Exchange (IKE), which provides for the exchange of security keys between the machines in the VPN.

Concentrators

Which level in the U.S. military data classification scheme applies to any information or material the unauthorized disclosure of which reasonably could be expected to cause damage to the national security?

Confidential data

The purpose of ____ is to manage the effects of changes or differences in configurations on an information system or network.

Configuration and change management (CCM)

A bank's automated teller machine (ATM), which restricts authorized users to simple account queries, transfers, deposits, and withdrawals is an example of ____ access control.

Constrained user interface

What is the best way to direct visitors to a new location or page?

Create a .htaccess file with the following entry: Redirect 301/old/old.html /new/new.html.

In ____, valid packets exploit poorly configured DNS servers to inject false information to corrupt the servers' answers to routine DNS queries from other systems on the network.

DNS cache poisioning

In some organizations, which two plans are considered to be one plan, known as the Business Resumption Plan?

DR plan and BC plan

Which COBIT domain focuses on the functionality of the system for the end user?

Delivery and Support

A(n) ____ backup is the storage of all files that have changed or have been added since the last full backup.

Differential

Which technology works by taking the original data stream and breaking it up into small bits, then transmitting each of those on a different frequency channel simultaneously?

Direct-Sequence Spread Spectrum (DSSS)

If Web software can access parts of the underlying operating system's file system through normal URL mappings, a(n) ____ may occur.

Directory traversal attack

The key role of a(n) ____ is defining how to reestablish operations at the location where the organization usually operates.

Disaster Recovery (DR)

What is the best way to secure Telnet?

Do not use Telnet at all

In the Windows OS, services are usually initiated (loaded or started) at boot-up as ____, which consist of software code, data and/or other resources necessary to provide the service.

Dynamic-Link Libraries (DLLs)

The bulk transfer of data in batches to an off-site facility is called ____.

Electronic Vaulting

What is the best way to secure FTP or TFTP?

Employ encryption and authentication

VPNs protect packets by performing IP ____, the process of enclosing a packet within another one that has different IP source and destination information.

Encapsulation

Some VPNs use the term ____ to describe everything in the protected network behind the gateway.

Encryption Domain

____ are hardware devices or software modules that perform encryption to secure data, perform authentication to make sure the host requesting the data is an approved user of the VPN, and perform encapsulation to protect the integrity of the information being sent.

Endpoints

As part of the initiation and planning audit phase, it is customary for a(n) ____ to be developed, which serves as a service agreement between the auditing team and the requesting entity.

Engagement Letter

The CVSS _____ Score is set by the organization using the software.

Environmental

On most current versions of windows-based systems, logging is managed by the ____, which is accessible from the system control panel.

Event viewer.

____ is a simple method of transferring files between computer systems.

FTP

A sniffer can decipher encrypted traffic. T/F

False

Allowing users to decide which mobile code to run is the best way to resolve weaknesses introduced with mobile code. T/F

False

By default, Bluetooth authenticates connections. T/F

False

Deploying and implementing an IDPS is always a straightforward task. T/F

False

Which HTTP request method retrieves meta-information only from the resource signified in the URI?

HEAD

____ is a key component of the Web, working in conjunction with HTTP to move content from servers to clients.

HTML

____ is the basis for Web communication.

HTTP

One of the best reasons to install a(n) ____ is to provide an organization with overall situational awareness - or a better overall understanding - of the activities that take place on the network.

IDPS

The primary purpose of ____ is to enable organizations to obtain certification; thus, it serves more as an assessment tool than an implementation framework.

ISO/IEC 27001

A(n) ____ is designed to translate information sent from a particular agent or class of agents.

MIB

The actions an organization should take while an incident is in progress are defined in a document referred to as the ____ plan.

Incident Response (IR)

What does the tcpdump host 192.168.1.100 command do?

It only capture traffic originating from and destined to 192.168.1.100

____ was originally developed as a client-side language, which means the code is interpreted on the client side instead of on the Web server.

JavaScript

One tool that provides active intrusion prevention is known as ____.

LaBrea

Which access control principle restricts users to having access appropriate to the level required for their assigned duties?

Least Privilege

Ad hoc wireless models rely on the existence of ____ to provide connectivity.

Multiple Stations

Which access control principle is most frequently associated with data classification?

Need to know

To investigate running processes, we would turn to the ____ in Linux.

PS Command

By default, tcpdump will just print ____ information.

Packet Header

A _____ (sometimes called a network protocol analyzer) is a network tool that collects copies of packets from the network and analyzes them or stores the packets for later analysis.

Packet sniffer

A(n) ____ vulnerability scanner listens in on the network and identifies vulnerable versions of both server and client software.

Passive

With ____ mode, a trusted internal FTP client makes an outgoing request to the FTP server.

Passive

A _____ uses all the techniques and tools available to an attacker in an attempt to compromise or penetrate an organization's defenses.

Penetration test

Bluetooth networks are referred to as ____.

Piconets

Tracking events in which group membership has changed or rights have been elevated gives security professionals a warning that ____ is occurring.

Privilege escalation

A(n) ____ is a task being performed by a computing system.

Process

Which wireless modulation technique combines digital and analog signaling to encode data into radio signals?

QAM

Which centralized authentication method uses UDP?

RADIUS

____ are collections of IP addresses of known spam sources on the Internet, and they can be easily integrated into most SMTP server configurations.

Real-Time blacklistings (RBLs)

One of the preparatory parts of the attack methodology is the collection of publicly available information about a potential target, a process known as ____.

Reconnaissance

____ is the transfer of live transactions to an off-site facility.

Remote Journaling

You can view Ubuntu Linux distribution daemons using the ____.

Service Command

____ are processes that are designed to operate without user interaction.

Services

Which authentication method is used when you want a client to be authenticated for each session?

Session authentication

____ techniques are generally used by organizations needing immediate data recovery after an incident or disaster.

Shadowing

Protocol analyzers are commonly referred to as ____.

Sniffers

Which term refers to two connections over a VPN line?

Split Tunneling

____ are the representative collection of individuals with a stake in the successful and uninterrupted operation of the organization's information infrastructure.

Stakeholders

Which centralized authentication method is the latest and strongest version of a set of authentication protocols developed by Cisco Systems?

TACACS+

SPIKE can fuzz any protocol that utilizes ____.

TCP/IP

Which backup method allows for easy full-system restorations (no shuffling through tapes with partial backups on them)?

The Towers of Hanoi

An SMTP ____ is a simple message providing status information about the monitored device.

Trap

____ applications use a combination of techniques to detect an intrusion and trace it back to its source.

Trap-and-trace applications

A sender with a valid internal IP address should be allowed to send e-mail to external e-mail addresses. T/F

True

COBIT provides a framework to support information security requirements and assessment needs. T/F

True

In order to implement MAC, a strict user and data classification scheme is required. T/F

True

Incident response focuses on immediate response to small-scale events. T/F

True

Most BSS networks are configured as simple stars. T/F

True

Most C++ catastrophe vulnerabilities rely on uninitialized function pointers in a class. T/F

True

Most installed wireless networks use the infrastructure model. T/F

True

Most system logs are very difficult to collect, store, read, and understand. T/F

True

Passive scanners are advantageous in that they do not require vulnerability analysts to get prior approval for testing. T/F

True

Separation of duties reduces the chance of an individual violating information security policy and breaching the confidentiality, integrity, and availability of information. T/F

True

Signature-based IDPS technology is widely used because many attacks have clear and distinct signatures. T/F

True

The final phase of the IR planning function is plan maintenance. T/F

True

The first hurdle a potential IDPS must clear is functioning in your systems environment. T/F

True

What is logged in the system log is predetermined by Windows. T/F

True

When properly configured to afford anonymous users only very limited access, the FTP server works well. T/F

True

Wired networks are just as vulnerable to sniffing as wireless networks. T/F

True

he business impact analysis (BIA) is the first major component of the CP process. T/F

True

Implementing applications that verify the true communication destination during execution help prevent vulnerabilities associated with ____.

Trusting network name resolution

Point-to-Point Protocol (PPP) over Secure Sockets Layer (SSL) and Point-to-Point Protocol (PPP) over Secure Shell (SSH) are two ____-based methods for creating VPNs.

UNIX

The primary drawback associated with ad hoc networks is that they are inherently ____.

Unreliable

Client authentication is similar to user authentication but with the addition of ____.

Usage limits

According to D. L. Pipkin, ____ is a definite indicator of an actual incident.

Use of dormant accounts

What is the best way to make sure data is properly encrypted while in transit?

Use the "secure" flag on all sensitive cookies

The ____ command, available on most popular Web browsers, allows users to see the source code behind the page.

View source

The growth and widespread use of the Internet has been coupled with the use of encryption technology to produce a solution for specific types of private communication channels: ____.

Virtual Private Networks (VPNs)

In the mesh wireless topology, there may be no dominant ____.

WAP

Which wireless security protocol is considered to be too weak for use inmost network settings?

WEP

What is the branding name for interoperable equipment that is capable of supporting IEEE 802.11i requirements?

WPA2

Which Linux file records all logins and logouts that occur on the system?

WTMP

Which strategy to test contingency plans involves team members acting as defenders, using their own equipment or a duplicate environment, against realistic attacks executed by external information security professionals?

War Gaming

A ____ is an automatic phone-dialing program that dials every phone number in a configured range (e.g., from 555-1000 to 555-2000) and checks to see if a person, answering machine, or modem answers.

War dialer

In Microsoft Windows-based systems, you can use the ____ to manage event logs from the command line.

Wevtutil utility

DNS ____ provide a mechanism to divide ownership responsibility among various DNS servers and the organizations they serve.

Zones

A ____ attack is time-intensive, so they are rarely aimed at the target system in general.

brute-force

When the measured activity is outside the baseline parameters - exceeding what is called the ____ - the IDPS sends an alert to the administrator.

clipping level

The ____ stage of the attack methodology is a systematic survey of the target organization's Internet addresses, conducted to identify the network services offered by the hosts in that range.

fingerprinting

Wireless sensors are most effective when their ____ overlap.

footprints

The printf (user_input); command in C has the potential to cause a(n) ____ vulnerability.

format string problem

The tcpdump tool will output both the header and packet contents into ____ format.

hex

The primary advantage of the ____ wireless topology configuration is the increased number of connections among stations, which allows greater connectivity.

hierarchal

When a collection of honeypots connects several honeypot systems on a subnet, it may be called a ____.

honeynet

A(n) ____ is any clearly identified attack on the organization's information assets that would threaten the assets' confidentiality, integrity, or availability.

incident

In 2010, OWASP determined that ____ attacks were the top risk to Web applications.

injection

Because of its ubiquity in UNIX/Linux systems, ____ has become the de facto standard in network sniffing.

tcpdump

A ____ resides on a computer or appliance connected to a segment of an organization's network and monitors network traffic on that network segment much like tcpdump - looking for indications of ongoing or successful attacks.

network-based IDPS (NIDPS)

Probably the most popular port scanner is _____, which runs on both UNIX and windows systems.

nmap

Most NBA sensors can be deployed in ____ mode only, using the same connection methods (e.g., network tap, switch spanning port) as network-based IDPSs.

passive

A major problem with FTP is that data is transferred in ____.

plaintext

Intrusion ____ consists of activities that deter an intrusion.

prevention

Requirements for a complex password system include using a _____ value, implementing strong encryption, requiring periodic password changes, and generally implementing a system where guessing a password or its hash is very difficult.

salt

Blacklists and whitelists are most commonly used in ____ detection and stateful protocol analysis.

signature-based

A signature-based IDPS examines network traffic in search of patterns that match known ____.

signatures

802.11 wireless networks exist as ____ on nearly all large networks.

subnets

The Simple Network Management Protocol contains ____ functions, which allow a device to send a message to the SNMP management console indicating that a certain threshold has been crossed, either positively or negatively.

trap

Most of the weaknesses with SNMP occur with Version 1 of SNMP. T/F

true

A ____ is a list of discrete entities that are known to be benign.

whitelist