Security Ch. 11
Which of the following is not included in a system level audit event? (Select two.)
~ Any actions performed by the user ~ Names of accessed files
You decide to use syslog to send log entries from multiple serves to a central logging server. Which of the following are the most important considerations for your implementation? (Select two.)
~ Clock synchronization between all devices ~ Disk space on the syslog server
Which of the following are performed by the Microsoft Baseline Security Analyzer (MBSA) tool? (select three)
1. Check user accounts for weak passwords 2. Check for missing patches 3. Check for open ports
Which of the following functions can a port scanner provide? (select two)
1. Determining which ports are open on a firewall 2. Discovering unadvertised servers
Which of the following describes Privilege Auditing?
Rights and privileges of users and groups are checked to guard against creeping privileges.
You have run a vulnerability scanning tool and identified several patches that need to be applied to a system. What should you do next after applying the patches
Run the vulnerability assessment again
Which of the following is included in an operations penetration test? (select two)
1. Looking through discarded papers or media for sensitive information 2.Eavesdropping or obtaining sensitive information from items that are not properly stored
You want to use a tool to scan a system for vulnerabilities including open ports, running services, and missing patches. Which tool would you use? (select two)
1. Nessus 2. Retina
Which of the following activities are typically associated with penetration testing? (select two)
1. Running a port scanner 2. Attempting social engineering
A security administrator is conducting a penetration test on a network. She connects a notebook system running Linux to the wireless network and the uses NMAP to probe various network hosts to see which operating system they are running. Which process did the administrator use in this scenario?
Active fingerprinting
You have a small network of devices connected together using a switch. You want to capture the traffic that is sent from Host A to Host B. On Host C, you install a packet sniffer that captures network traffic. After running the packet sniffer, you cannot find any captured packets between Host A and Host B. What should you do?
Configure port mirroring
You want to store your computer-generated audit logs in case they are needed in the future for examination or to be used as evidence in the event of a security incident. Which method can you use to ensure that the logs you put in storage have not been altered when you go to use them in the future?
Create a hash of each log
A security administrator logs on to a Windows server on her organization's network. She then runs a vulnerability scan on that server. What type of scan was conducted in this scenario?
Credentialed scan
You are using a vulnerability scanner that conforms to the OVAL specifications. Which o the following items containing a specific vulnerability or security issue that could be present on a system?
Definition
What is the purpose of audit trails?
Detect security-violation events
You manage a firewall that connects your private network to the Internet. You would like to see a record of every packet that has been rejected by the firewall in the past month. Which tool should you use?
Event log
Which of the following is NOT an advantage when using an internal auditor to examine security systems and relevant documentation?
Findings in which the audit and subsequent summations are viewed as objective.
Which of the following identifies an operating system or network service based upon it response to ICMP messages?
Fingerprinting
You are interested in identifying the source of potential attacks that have recently been directed against your network but which have been successfully blocked. Which log would you check?
Firewall
You have heard about a Trojan horse program where the compromised system sends the compromised system sends personal information to a remote attacker on a specific TCP port. You want to be able to easily tell whether any of your systems are sending data to the attacker. Which log should you use?
Firewall
You suspect that some of your computers have been hijacked and are being used to perform denial of service attacks directed against other computers on the Internet. Which log would you check to see if this is happening?
Firewall
You have decided to perform a double blind penetration test. Which of the following actions would you perform first?
Inform senior management
You want to check a server for user account that have weak password. Which tool should you use?
John the Ripper
You decide to use a packet sniffer to identify the type of traffic sent to a router. You run the packet sniffing software on a device which is connected to a hub with three other computers. The hub is connected to the same switch that is connected to the router. When you run the software, you only see frames to the four workstations but not to the router. Which feature should you configure?
Mirroring
You want to identify all devices on a network along with a list of open ports on those devices. You want the results displayed in a graphical diagram. Which tool should you use?
Network Mapper
A security administrator needs to run a vulnerability scan that will analyze a system from the perspective of a hacker attacking the organization from the outside. What type of scan should her use?
Non-credentialed scan
Which of the following identifies standards and XML formats for reporting and analyzing system vulnerabilities?
OVAL
You are concerned about attacks directed against the firewall on your network. You would like to examine the content of individual frames sent to the firewall. Which tool should you use?
Packet sniffer
You want to know what protocols are being used on your network. You'd like to monitor network traffic and sort traffic based on protocol.
Packet sniffer
A security administrator is conducting a penetration test on a network. She connects a notebook system mirror port on a network switch. She then uses a packet sniffer to monitor network traffic to try and determine which operating systems are running on a network hosts. Which process did the administrator use in the penetration test in this scenario?
Passive fingerprinting
Which of the following uses hacking techniques to proactively discover internal vulnerabilities?
Penetration testing
You suspect that your Web server has been the target if a denial of service attack. You would like to view information about the number of connections to the server over the past three days. Which log would you most likely examine?
Performance
Properly configured passive IDS and System Audit Logs are an integral part of a comprehensive security plan. What step must be taken to ensure that the information is useful in maintaining a secure environment?
Periodic reviews must be conducted to detect malicious activity or policy violations
You want to make sure that a set of servers will only accept traffic for specific network services. You have verified that the servers are only running the necessary services, but you also want to make sure that the servers will not accept packets sent to those services. Which tool should you use?
Port Scanner
The auditing feature of an operating system serves as what form of control when users are informed that their actions are being monitored?
Preventative
You decide to use a packet sniffer to identify the type of traffic sent to a router. You run the packet sniffing software on a device which is connected to the same hub that is connected to the router. When you run the software, you only see frames addressed to the workstation and not to other devices. Which feature should you configure?
Promiscuous mode
What does hashing of log files provide?
Proof that the files have not been altered
you want to be able to identify traffic that is being generated and sent through the network by a specific application running on a device. Which tool should you use?
Protocol analyzer
You have recently reconfigured FTP to require encryption of both passwords and data transfers. You would like to check network traffic to verify that all FTP passwords and data are being encrypted. Which tool should you use?
Protocol anlyzer
Which phase or step of security assessment is a passive activity
Reconnaissance
Which of the following is standard for sending log messages to central logging server?
Syslog
Over the past few days, a server has gone offline and rebooted automatically several times. You would like to see a record of when each of these restarts has occurred. Which log type should you check?
System
Which of the following is the name of the type of port scan which does not complete the full three-way handshake of TCP, but rather listens only for either SYN/ACK or RST/ACK packets?
TCP SYN scan
What is the primary purpose of penetration testing?
Test the effectiveness of your security perimeter
Which of the following best describes an audit daemon?
The trusted utility that runs a background process whenever auditing is enabled
You want to use a vulnerability scanner to check a system for known security risks. What should you do first?
Up date the scanner definition files
You are concerned that an attacker can gain access to your Web server, make modifications to the system, and alter the log files to hide his actions. Which of the following actions would best protect the log files?
Use syslog to send log entries to another server.
You want to be able to identify the services running on a set of servers on you network. Which tool would best give you the information you need?
Vulnerability Scanner
What is the main difference between vulnerability scanning and penetration testing?
Vulnerability scanning is performed within the security perimeter; penetration testing is performed outside of the security perimeter.
When a new IT employee is hired by your organization, you need to clearly inform her of the log retention policy. This policy includes details about all but which of the following?
What limitation of legal punishment or fines is supported by the organization
You want to use a tool to see packets on a network, including the source and destination of each packet. Which tool should you use?
Wireshark
Which of the following types of penetration test teams will provide you information that is most revealing of a real-world hacker attack?
Zero knowledge team
Which of the following is a collection of recorded data that may include details about logons, object access and other activities deemed important by your security policy that is often used to detect unwanted and unauthorized user activity?
audit trail
A recreation of historical events is made possible through?
audit trails
Which of the following terms identifies the process of reviewing log files for suspicious activity and threshold compliance?
auditing