Assessment Test
Which mechanism or process is used to enable or disable access to a network resource based on an IP address? A. NDS B. ACL C. Hardening D. Port blocking
B. Access control lists (ACLs) are used to allow or deny an IP address access to a network. ACL mechanisms are implemented in many routers, firewalls, and other network devices. For additional information, see Chapter 5.
The process of investigating a computer system for clues about an event is called what? A. Computer forensics B. Virus scanning C. Security policy D. Evidence gathering
Correct answer: A. Computer forensics Computer forensics is the process of investigating a computer system to determine the cause of an incident. Part of this process would be gathering evidence. For additional infor- mation, see Chapter 12.
Which design concept limits access to systems from outside users while protecting users and systems inside the LAN? A. DMZ B. VLAN C. I&A D. Router
Correct answer: A. DMZ A DMZ (demilitarized zone) is an area in a network that allows restrictive access to untrusted users and isolates the internal network from access by external users and systems. It does so by using routers and firewalls to limit access to sensitive network resources. For more information, see Chapter 3.
You've been hired as a security consultant for a company that's beginning to implement handheld devices, such as smartphones. You're told that the company must use an asymmetric system. Which security standard would you recommend it implement? A. ECC B. PKI C. SHA D. MD
Correct answer: A. ECC Elliptic Curve Cryptography (ECC) would probably be your best choice. ECC is designed to work with smaller processors. The other systems may be options, but they require more computing power than ECC. For additional information, see Chapter 8.
What is the process of making an operating system secure from attack called (choose the best answer)? A. Hardening B. Tuning C. Sealing D. Lock down
Correct answer: A. Hardening Hardening is the term used to describe the process of securing a system. This is accomplished in many ways, including disabling unneeded protocols. For additional information on hardening, see Chapter 11.
Which system would you install to provide active protection and notification of security problems in a network connected to the Internet? A. IDS B. Network monitoring C. Router D. VPN
Correct answer: A. IDS An intrusion detection system (IDS) provides active monitoring and rule-based responses to unusual activities on a network. A firewall provides passive security by preventing access from unauthorized traffic. If the firewall were compromised, the IDS would notify you based on rules that it's designed to implement. For more information, see Chapter 7.
Which type of audit can be used to determine whether accounts have been established properly and verify that privilege creep isn't occurring? A. Privilege audit B. Usage audit C. Escalation audit D. Report audit
Correct answer: A. Privilege audit A privilege audit is used to determine that all groups, users, and other accounts have the appropriate privileges assigned according to the policies of an organization. For more information, see Chapter 1.
An individual presents herself at your office claiming to be a service technician. She wants to discuss your current server configuration. This may be an example of what type of attack? A. Social engineering B. Access control C. Perimeter screening D. Behavioral engineering
Correct answer: A. Social engineering Social engineering is using human intelligence methods to gain access or information about your organization. For additional information, see Chapter 10.
What encryption process uses one message to hide another? A. Steganography B. Hashing C. MDA D. Cryptointelligence
Correct answer: A. Steganography Steganography is the process of hiding one message in another. Steganography may also be referred to as electronic watermarking. For additional information, see Chapter 8.
The integrity objective addresses which characteristic of information security? A. Verification that information is accurate B. Verification that ethics are properly maintained C. Establishment of clear access control of data D. Verification that data is kept private and secure
Correct answer: A. Verification that information is accurate To meet the goal of integrity, you must verify that the information being used is accurate and hasn't been tampered with. Integrity is coupled with accountability to ensure that data is accurate and that a final authority exists to verify this, if needed. For more information, see Chapter 8.
A user has just reported that he downloaded a file from a prospective client using IM. The user indicates that the file was called account.doc. The system has been behaving unusually since he downloaded the file. What is the most likely event that occurred? A. Your user inadvertently downloaded a virus using IM. B. Your user may have a defective hard drive. C. Your user is imagining what cannot be and is therefore mistaken. D. The system is suffering from power surges.
Correct answer: A. Your user inadvertently downloaded a virus using IM IM and other systems allow unsuspecting users to download files that may contain viruses. Due to a weakness in the file extension naming conventions, a file that appears to have one extension may actually have another extension. For example, the file account.doc.vbs would appear in many applications as account.doc, but it's actually a Visual Basic script and could contain malicious code. For additional information, see Chapter 4.
The process of verifying the steps taken to maintain the integrity of evidence is called what? A. Security investigation B. Chain of custody C. Three As of investigation D. Security policy
Correct answer: B. Chain of custody The chain of custody ensures that each step taken with evidence is documented and accounted for from the point of collection. Chain of custody is the Who, What, When, Where, and Why of evidence storage. For additional information, see Chapter 12.
Which of the following would provide additional security to an Internet web server? A. Changing the port address to 80. B. Changing the port address to 1019. C. Adding a firewall to block port 80. D. Web servers can't be secured.
Correct answer: B. Changing the port address to 1019. The default port for a web server is port 80. By changing the port to 1019, you force users to specify this port when they are using a browser. This action provides a little additional security for your website. Adding a firewall to block port 80 would secure your web- site so much that no one would be able to access it. For more information, see Chapter 3.
Which of the following backup methods will generally provide the fastest backup times? A. Full backup B. Incremental backup C. Differential backup D. Archival backup
Correct answer: B. Incremental backup An incremental backup will generally be the fastest of the backup methods because it backs up only the files that have changed since the last incremental or full backup. See Chapter 12 for more information.
Which algorithm is used to create a temporary secure session for the exchange of key information? A. KDC B. KEA C. SSL D. RSA
Correct answer: B. KEA The Key Exchange Algorithm (KEA) is used to create a temporary session to exchange key information. This session creates a secret key. When the key has been exchanged, the regular session begins. For more information, see Chapter 8.
You want to establish a network connection between two LANs using the Internet. Which technology would best accomplish that for you? A. IPSec B. L2TP C. PPP D. SLIP
Correct answer: B. L2TP L2TP (Layer 2 Tunneling Protocol) is a tunneling protocol that can be used between LANs. L2TP isn't secure, and you should use IPSec with it to provide data security. For more information, see Chapter 3.
Which of the following is a set of voluntary standards governing encryption? A. PKI B. PKCS C. ISA D. SSL
Correct answer: B. PKCS Public-Key Cryptography Standards is a set of voluntary standards for public-key cryptography. This set of standards is coordinated by RSA. For more information, see Chapter 8.
Which of the following is the equivalent of a VLAN from a physical security perspective? A. Perimeter security B. Partitioning C. Security zones D. Physical barrier
Correct answer: B. Partitioning Partitioning is the process of breaking a network into smaller components that can each be individually protected. The concept is the same as building walls in an office building. For additional information, see Chapter 11.
Which component of an IDS collects data? A. Data source B. Sensor C. Event D. Analyzer
Correct answer: B. Sensor A sensor collects data from the data source and passes it on to the analyzer. If the analyzer determines that unusual activity has occurred, an alert may be generated. For additional information, see Chapter 3.
What type of exercise involves discussing possible security risks in a low-stress environment? A. White box B. Tabletop C. Black hat D. DHE
Correct answer: B. Tabletop A tabletop exercise involves sitting around the table and discussing (with the help of a facilitator) possible security risks in a low-stress format. For more information, see Chapter 1.
Which protocol is used to create a secure environment in a wireless network? A. WAP B. WEP C. WTLS D. WML
Correct answer: B. WEP Wired Equivalent Privacy (WEP) is designed to provide security equivalent to that of a wired network. WEP has vulnerabilities and isn't considered highly secure. For additional information, see Chapter 5.
You want to grant access to network resources based on authenticating an individual's retina during a scan. Which security method uses a physical characteristic as a method of determining identity? A. Smart card B. I&A C. Biometrics D. CHAP
Correct answer: C. Biometrics Biometrics is the authentication process that uses physical characteristics, such as a palm print or retinal pattern, to establish identification. For more information, see Chapter 4.
In the key recovery process, which key must be recoverable? A. Rollover key B. Secret key C. Previous key D. Escrow key
Correct answer: C. Previous Key A key recovery process must be able to recover a previous key. If the previous key can't be recovered, then all of the information for which the key was used will be irrecoverably lost. For more information, see Chapter 8.
Which access control method is primarily concerned with the role that individuals have in the organization? A. MAC B. DAC C. RBAC D. STAC
Correct answer: C. RBAC Role-based access control (RBAC) is primarily concerned with providing access to sys- tems that a user needs based on the user's role in the organization. For more information, see Chapter 4.
Which policy dictates how computers are used in an organization? A. Security policy B. User policy C. Use policy D. Enforcement policy
Correct answer: C. Use policy The use policy is also referred to as the usage policy. It should state acceptable uses of computer and organizational resources by employees. This policy should outline consequences of noncompliance. For additional information, see Chapter 11.
Which of the following is a major security problem with FTP servers? A. Password files are stored in an unsecure area on disk. B. Memory traces can corrupt file access. C. User IDs and passwords are unencrypted. D. FTP sites are unregistered.
Correct answer: C. User IDs and passwords are unencrypted. In most environments, FTP sends account and password information unencrypted. This makes these accounts vulnerable to network sniffing. For additional information, see Chapter 3.
Which kind of attack is designed to overload a particular protocol or service? A. Spoofing B. Back door C. Man in the middle D. Flood
Correct answer: D. Flood A flood attack is designed to overload a protocol or service by repeatedly initiating a request for service. This type of attack usually results in a DoS (denial of service) situation occurring because the protocol freezes or since excessive bandwidth is used in the network as a result of the requests. For more information, see Chapter 9.
What kind of physical access device restricts access to a small number of individuals at one time? A. Checkpoint B. Perimeter security C. Security zones D. Mantrap
Correct answer: D. Mantrap A mantrap limits access to a small number of individuals. It could be, for example, a small room. Mantraps typically use electronic locks and other methods to control access. For more information, see Chapter 10.
Which mechanism is used by PKI to allow immediate verification of a certificate's validity? A. CRL B. MD5 C. SSHA D. OCSP
Correct answer: D. OCSP Online Certificate Status Protocol (OCSP) is the mechanism used to verify immediately whether a certificate is valid. The Certificate Revocation List (CRL) is published on a regular basis, but it isn't current once it's published. For additional information, see Chapter 8.
What type of program exists primarily to propagate and spread itself to other systems? A. Virus B. Trojan horse C. Logic bomb D. Worm
Correct answer: D. Worm A worm is designed to multiply and propagate. Worms may carry viruses that cause system destruction, but that isn't their primary mission. For more information, see Chapter 4.