INFX 240 Test 4
A code of ethics accomplishes all but which of the following? Serves as a reference for the creation of acceptable use policies. Improves the professionalism of your organization as well as your profession. Clearly defines courses of action to take when a complex issue is encountered. Establishes a baseline for managing complex situations.
C
All of the 802.11 standards for wireless networking support which type of communication path sharing technology? CSMA/CA Polling CSMA/CD Token passing
A
An attacker captures packets as they travel from one host to another with the intent of altering the contents of the packets. Which type of attack is being executed? Man-in-the-middle attack Passive logging Distributed denial of service Spamming
A
Purchasing insurance is what type of response to risk? Transference Deployment of a countermeasure Acceptance Rejection
A
Users on your network report that they have received an email stating that the company has just launched a new website. The email asks employees to click the website link in the email and log in using their username and password. No one in your company has sent this email. What type of attack is this? Phishing Piggybacking Man-in-the-middle Smurf
A
Which of the following is a text file that a website stores on a client's hard drive to track and record information about the user? Cookie Digital signature Certificate Mobile code
A
Which of the following is true of a wireless network SSID? Groups wireless devices together into the same logical network. Is used by STAs as they roam between APs. Allows devices to find a specific AP within an ESS. Is a 48-bit value that identifies an AP.
A
Which of the following terms describes a test lab environment that does not require the use of physical hardware? Virtual sandbox Network as a service (NaaS) VLAN Offsite virtual storage
A
Which type of activity changes or falsifies information in order to mislead or re-direct traffic? Spoofing Snooping Sniffing Spamming
A
Which type of documentation would you consult to find the location of RJ45 wall jacks and their endpoints in the intermediate distribution closet? Wiring schematic Procedure Baseline Policy
A
Your company security policy states that wireless networks are not to be used because of the potential security risk they present to your network. One day you find that an employee has connected a wireless access point to the network in his office. What type of security risk is this? Rogue access point Phishing Physical security Social engineering Man-in-the-middle
A
A new law was recently passed that states that all businesses must keep a history of the emails sent between members of the board of directors. You need to ensure that your organization complies with this law. Which document type would you update first in response to this new law? Procedure Policy Change documentation Configuration documentation
B
A senior executive reports that she received a suspicious email concerning a sensitive internal project that is behind production. The email was sent from someone she doesn't know, and he is asking for immediate clarification on several of the project's details so the project can get back on schedule. Which type of an attack best describes the scenario? Masquerading Whaling Passive MAC spoofing
B
In business continuity planning, what is the primary focus of the scope? Company assets Business processes Recovery time objective Human life and safety
B
What is the least secure place to locate an access point with an omni-directional antenna when creating a wireless cell? In common or community work areas Near a window In the center of the building Above the 3rd floor
B
Which IEEE standard describes wireless communication? 802.3 802.11b 802.7b 802.5 802.2
B
Which business document is a contract that defines the tasks, time frame, and deliverables that a vendor must perform for a client? Master service agreement Statement of work Interconnection security agreement Memorandum of understanding
B
Which of the following attacks is a form of software exploitation that transmits or submits a longer stream of data than the input variable is designed to handle? Time of check/time of use (TOC/TOU) Buffer overflow Smurf Data diddling
B
Which of the following controls is an example of a physical access control method? Passwords Locks on doors Access control lists with permissions Smart cards Hiring background checks
B
Which of the following is an example of an internal threat? A server backdoor allows an attacker on the internet to gain access to the intranet site. A user accidentally deletes the new product designs. A water pipe in the server room breaks. A delivery man is able to walk into a controlled area and steal a laptop.
B
Which of the following measures will make your wireless network invisible to the casual attacker performing war driving? Change the default SSID Disable SSID broadcast Implement WPA2 Personal Use a form of authentication other than open authentication
B
You have configured a wireless access point to create a small network. For security, you have disabled SSID broadcast. From a client computer, you try to browse to find the access point. You see some other wireless networks in the area, but cannot see your network. What should you do? Enable the wireless card on the client. Configure a profile on the wireless client. Set the channel on the client to match the channel used by the access point. Decrease the beacon interval on the access point.
B
You want to make sure that the correct ports on a firewall are open or closed. Which document should you check? Policy Configuration documentation Wiring schematic Baseline
B
You've just deployed a new Cisco router that connects several network segments in your organization . The router is physically located in a cubicle near your office. You've backed up the router configuration to a remote location in an encrypted file. You access the router configuration interface from your notebook computer using an SSH client with a username of admin01 and a password of P@ssW0rd. You have used the MD5 hashing algorithm to protect the password. What should you do to increase the security of this device? Use a Telnet client to access the router configuration. Move the router to a secure server room. Change the default administrative username and password. Use encrypted type 7 passwords. Use TFTP to back up the router configuration to a remote location.
B
Which of the following are examples of social engineering? (Select two.) War dialing Shoulder surfing Dumpster diving Port scanning
B C
In a variation of a brute force attack, an attacker may use a predefined list (dictionary) of common usernames and passwords to gain access to existing user accounts. Which countermeasure best addresses this issue? 3DES encryption VLANs A strong password policy AES encryption
C
What is the most common security policy failure? Failure to assign responsibilities Improperly outlined procedures Lack of user awareness Overlooked critical assets
C
What is the primary countermeasure to social engineering? Heavy management oversight A written security policy Awareness Traffic filters
C
When analyzing assets, which analysis method assigns financial values to assets? Transfer Acceptance Quantitative Qualitative
C
Which of the following defines an acceptable use agreement? An agreement that is a legal contract between the organization and the employee that specifies that the employee is not to disclose the organization's confidential information. An agreement that outlines the organization's monitoring activities. An agreement that identifies the employee's rights to use company property, such as internet access and computer equipment, for personal use. An agreement that prohibits an employee from working for a competing organization for a specified time after the employee leaves the organization.
C
Which of the following features are supplied by WPA2 on a wireless network? Traffic filtering based on packet characteristics Client connection refusals based on MAC address Encryption A centralized access point for clients Network identification
C
Which of the following is not a form of social engineering? Impersonating a utility repair technician Impersonating a manager over the phone Impersonating a user by logging on with stolen credentials A virus hoax email message
C
Which of the following wireless security methods uses a common shared key configured on the wireless access point and all wireless clients? WEP, WPA Personal, WPA Enterprise, WPA2 Personal, and WPA2 Enterprise WPA Enterprise and WPA2 Enterprise WEP, WPA Personal, and WPA2 Personal WPA Personal and WPA2 Enterprise
C
Which type of denial of service (DoS) attack occurs when a name server receives malicious or misleading data that incorrectly maps host names and IP addresses? ARP poisoning Spam DNS poisoning SYN flood
C
You are concerned about the amount of traffic that passed through a router on your network. You want to see how the amount of traffic has changed over time. Which document would help you identify past average network traffic? History log Event log Baseline Network diagram
C
You have installed anti-virus software on computers at your business. Within a few days, however, you notice that one computer has a virus. When you question the computer's user, she says she did install some software a few days ago, but it was supposed to be a file compression utility. She admits she did not scan the file before running it. What should you add to your security measures to help prevent this from happening again? Close unused firewall ports Proxy server User awareness training Account lockout
C
You plan to implement a new security device on your network. Which of the following policies outlines the process you should follow before implementing that device? Resource allocation Acceptable use Change management SLA
C
Your company has developed and implemented countermeasures for the greatest risks to their assets. However, there is still some risk left. What is the remaining risk called? Risk Exposure Residual risk Loss
C
Which of the following are frequencies defined by 802.11 committees for wireless networking? (Select two.) 700 MHz 1.9 GHz 2.4 GHz 5.75 GHz 10 GHz
C D
Which of the following are solutions that address physical security? (Select two.) Scan all floppy disks before use. Disable guest accounts on computers. Escort visitors at all times. Require identification and name badges for all employees. Implement complex passwords.
C D
Dumpster diving is a low-tech means of gathering information that may be useful for gaining unauthorized access or as a starting point for more advanced attacks. How can a company reduce the risk associated with dumpster diving? Mandate the use of Integrated Windows Authentication. Secure all terminals with screensaver passwords. Create a strong password policy. Establish and enforce a document destruction policy.
D
Five salesmen who work out of your office. They frequently leave their laptops laying on the desk in their cubicles. You are concerned that someone might walk by and take one of these laptops. Which of the following is the best way to address your concerns? Encrypt all company data on the hard drives. Require strong passwords in the local security policy. Implement screen saver passwords. Use cable locks to chain the laptops to the desks.
D
What is the primary goal of business continuity planning? Protecting an organization from major computer services failure Minimizing the risk of delays and interruptions in services Minimizing decision-making during the development process Maintaining business operations with reduced or restricted infrastructure capabilities or resources
D
When is choosing to do nothing about an identified risk acceptable? When the asset is an intangible asset instead of a tangible asset. When the threat is likely to occur less than once a year. When the threat is most likely to come from an internal source instead of an external source. When the cost of protecting the asset is greater than the potential loss.
D
When recovery is being performed due to a disaster, which services are to be stabilized first? Financial support Least business critical Outside communications Mission critical
D
When troubleshooting a router, you want to identify which other devices are connected to the router, as well as the subnet addresses of each connected subnet. Which type of document would most likely have this information? Wiring schematic Procedure Baseline Network diagram Policy
D
Which of the following is not an example of a physical barrier access control mechanism? Mantraps Fences Biometric locks One-time passwords
D
Which of the following network strategies connects multiple servers together so that if one server fails, the others immediately take over its tasks, preventing a disruption in service? Storage area networks (SANs) Mirroring Adapter bonding Clustering
D
Which of the following statements about the use of anti-virus software is correct? If servers on a network have anti-virus software installed, workstations do not need anti-virus software installed on them. If you install anti-virus software, you no longer need a firewall on your network. Once installed, anti-virus software needs to be updated on a monthly basis. Anti-virus software should be configured to download updated virus definition files as soon as they become available.
D
You are configuring a wireless network with two wireless access points. Both access points connect to the same wired network. You want wireless users to be able to connect to either access point and have the ability to roam between the two access points. How should you configure the access points? Different SSID, same channel Same SSID, same channel Different SSID, different channel Same SSID, different channel
D
You are troubleshooting a workstation connection to the network. During your troubleshooting, you replace the drop cable connecting the computer to the network. Which type of document should you update? Wiring schematic Configuration documentation Network diagram Change documentation
D
You have been contacted by OsCorp to recommend a wireless Internet solution. The wireless strategy must support a frequency range of 5 GHz, and provide the highest possible transmission speeds. Which of the following wireless solutions would you recommend? 802.11b WEP 802.11a 802.11n Bluetooth
D
You have just received a generic-looking email that is addressed as coming from the administrator of your company. The email says that as part of a system upgrade, you need enter your username and password at a new website so you can manage your email and spam using the new service. What should you do? Click on the link in the email and follow the directions to enter your login information. Click on the link in the email and look for company graphics or information before you enter the login information. Delete the email. Verify that the email was sent by the administrator and that this new service is legitimate. Open a web browser, type in the URL included in the email, and follow the directions to enter your login credentials.
D
An attacker sets up 100 drone computers that flood a DNS server with invalid requests. This is an example of which kind of attack? DoS Spamming Backdoor Replay DDoS
E