Review 3.7
To which general type of document would you refer to get an idea of the number, scope, and severity of security risk potential to your company? Security preparedness documentation Risk calculations Security assessments Security policy
Security assessments
When should you perform a security design review? During the code review stage of vulnerability assessment During the baseline review period Before taking any risk-mitigating actions Before a security implementation is applied
Security design reviews are completed before a security implementation is applied. The reviewer uses the architectural review results and then determines if the proposed security solution will fulfill the organization's needs.
A penetration testing tool would fall under which general tool category? Passive Sniffer Active Analyzer
A penetration testing tool is an active tool because it actively tests the vulnerable services and systems. It is active because it attempts to break into the systems it tests.
Security administrators set up honeypots to help capture hackers. How do honeypots catch hackers? Honeypots trap hackers so that their identities are exposed. Honeypots track and log hacker data for use in court. Honeypots specifically reverse hacks on a hacker to take down their systems. A honeypot is an easy target that allows hackers to impose damage so that security administrators can study the techniques and intrusion entry points.
A honeypot is a security tool that lures attackers away from legitimate network resources while tracking their activities. Honeypots appear and act as legitimate components of the network but are actually secure lockboxes where security professionals can block the intrusion and begin logging activity for use in court, or even launch a counterattack.
You believe that one or more of your systems are under network attack, possibly a denial of service (DoS) attack. You call one of the network administrators to gather data for you. Which tool does the admin use to gather the data you need? A network protocol analyzer A network packet analyzer A network intrusion prevention system (NIPS) A network intrusion detection system (NIDS)
A network packet analyzer or sniffer captures network traffic that, when analyzed, can tell you what kind of attack you are experiencing and possibly its source.
You notice several Remote Desktop Protocol (RDP) sessions initiated from different Internet Protocol (IP) addresses that are foreign to your network. Which tool did you use to examine this traffic? A network intrusion detection system (NIDS) A network log monitoring system A network intrusion prevention system (NIPS) A network protocol analyzer
A network protocol analyzer
You want to identify and quantify potential security problems and susceptibilities on your network without necessarily automatically fixing them. Which tool do you use to assess these potential threats? A port scanner A Wi-Fi analyzer A network intrusion prevention system (NIPS) A vulnerability scanner
A vulnerability scanner
What is another name used by hackers for port scanning? Fingerprinting Footprinting Banner grabbing Enumerating
Banner grabbing
Which type of report is a collection of security and configuration settings to be applied to a particular system or network in the organization? Vulnerability assessment Baseline report Architecture review Security design report
Baseline report
Which type of assessment should be performed for all applications in development? Software development life cycle documents Load testing results Code reviews Application risk assessments
Code reviews
A threat assessment is a security assessment that contains which type of information? A list of Internet Protocol (IP) addresses, websites, and countries to be blacklisted in network equipment A list of network and system vulnerabilities Known threats to an organization and the potential damage to business operations and to systems The dollar costs of damages to systems and business operations
Known threats to an organization and the potential damage to business operations and to systems
Which tool would you use to check your network for services such as File Transfer Protocol (FTP) or Telnet running on servers? Packet sniffer Port scanner Syslog server Network intrusion detection system (NIDS)
Port scanner
In weighing threats vs. the likelihood of experiencing some sort of security breach or attack, security professionals often apply numbers and dollars to their assessments. What is this process called? Risk calculation Assessing value Amortization Chain of custody
Risk calculation
What type of legal issues might you experience should you find and bring charges against a hacker who broke into your honeypot or honeynet? The hacker's attorney could attempt to label your actions as entrapment. The hacker could claim that they accidentally stumbled upon your honeypot and was simply curious. The hacker's attorney could identify your honeypot as having malicious intent against their client. The hacker could use their status as an ethical hacker as a defense.
The hacker's attorney could assert that the act of luring individuals in with a honeypot is entrapment and violates ethics codes. Before deploying a honeypot or a honeynet, discuss these issues with your in-house legal counsel.
What is the primary purpose of a honeynet in security implementations? The honeynet acts as a diversionary target for the hacker, keeping the rest of the network's assets safe. A honeynet is the honeypot's net that captures the hacker. A honeynet can attract a hacker for longer periods of time while security personnel track traffic and the hacker's activities. A honeynet occupies a hacker's time while a reverse hack is constructed against the hacker.
The honeynet emulates a network of vulnerable systems to the hacker's eye. While all of the options might be accurate to some extent, the primary purpose is to track the hacker's traffic and to log the hacker's actions. A honeynet can attract a hacker for longer periods of time while security personnel track traffic and the hacker's activities.
A security administrator captured eight hours of network traffic and collected close to one gigabyte of data during that capture. The administrator complained that there was too much data to effectively work with to find unusual traffic. What can the administrator do to work with a smaller and a more manageable data set? The administrator can compress the file with a ZIP utility to decrease its size. The administrator can capture traffic on each network segment separately. The administrator can capture traffic in five-minute intervals and examine each one separately. The administrator can apply a filter for the type of traffic required.
The most practical thing for the administrator to do either with the current data or the next time it is captured is to filter the traffic in some way that the field of view into the data is narrowed. A filter can be applied either during or after a capture event.
A security administrator is evaluating a company's current security infrastructure model and measures. What is the proper term for this type of review? Risk review Baseline security review Vulnerability review Security architecture review
The security architecture review evaluates the organization's current security infrastructure model and measures. During this review, areas of concern are targeted and further evaluated to ensure that security measures meet current needs.
Which general category of security assessment involves testing an organization's physical security implementations, networks, hardware, and software in an attempt to find security weaknesses? Liability assessment Risk assessment Vulnerability assessment Threat assessment
Vulnerability assessment
How do you make a system less vulnerable to attacks? By reducing its attack surface By reviewing the security architecture for the system By applying best practices for operating system installation By reviewing the baseline report
You make a system less vulnerable to attacks by reducing its attack surface. Remove services that you don't require. Disable unused accounts. Require strong passwords. Use a host-based firewall. You have to minimize the number of possible entry points into the system.
