Term
| Security, or controlling access to networks and data, is performed to achieve what three goals? |
|
Definition
|
|
Term
| Which of the following terms describes a person who has gained legitimate access to a computer or network by providing a valid username and password? |
|
Definition
|
|
Term
| What is the most common method of authentication in computer networks? |
|
Definition
|
|
Term
| The principle of least privilege requires that each user in a network be given what? |
|
Definition
| Only enough access to perform his or her job. |
|
|
Term
| Why are unique usernames important in maintaining and reviewing audit trails? |
|
Definition
| They establish individual accountability and nonrepudiation |
|
|
Term
| Which of the following is a characteristic of Mandatory Access Control (MAC)? |
|
Definition
| Access to files is based on security levels of data and users. |
|
|
Term
| What best describes Discretionary Access Control (DAC)? |
|
Definition
| The person who created a file is the file's owner and has full control over access to that file. |
|
|
Term
| You're a security designer planning Role-Based Access Control for an intranet where each user has his or her own workstation. The department in which a user works determines his or her job function. The departments are: Management, Production, Marketing, and Sales. Different departments need access to different printers, files, folders, and workstations. Which of the following are the roles you should define? |
|
Definition
| Management, production, marketing, and sales. |
|
|
Term
| While examining network protocols enabled on network interface cards on servers and clients throughout an organization, a security administrator finds that most have far more active protocols than seem necessary for the network. What, if anything, should the security administrator do to enhance security? |
|
Definition
| Check for dependencies, and then disable all unnecessary protocols on all computers. |
|
|
Term
| Why are social engineering attacks such a common and often successful way to gain unauthorized access to networks? |
|
Definition
| Lack of security awareness and education among network users. |
|
|
Term
| What do you call a program that appears to serve some useful function but actually does harm behind the scenes? |
|
Definition
|
|
Term
| Using simple passwords like birthdays, pet names, and nicknames exposes users to which type of attack? |
|
Definition
|
|
Term
| Which type of attack does not attempt to gain unauthorized access to information but instead only thwarts the availability of a resource? |
|
Definition
|
|
Term
| What kind of attack exploits vulnerabilities in half-open connections during a TCP three-way handshake? |
|
Definition
|
|
Term
| Which type of attack takes over a legitimate TCP connection? |
|
Definition
|
|
Term
| What must you purchase if you want to use S/MIME to secure Internet e-mail? |
|
Definition
|
|
Term
| Which of the following allows a Web server to store connection information and information about users? |
|
Definition
|
|
Term
| A user receives an e-mail warning of a virus going around with instructions to delete a specific file. What should the user do? |
|
Definition
| Report the message to a security administrator before taking any action. |
|
|
Term
| Which type of program would a hacker use to get sensitive information from clear text data sent by IM and FTP programs? |
|
Definition
|
|
Term
| Suppose you're the security administrator of an FTP server. You want employees to be able to access the site from home. But you want to prevent the general public from accessing the site. What should you do? |
|
Definition
| Disable anonymous access. |
|
|
Term
| What should security administrators do before implementing a wireless network? |
|
Definition
| Conduct a thorough site survey. |
|
|
Term
| LDAP organizes directories into trees. What do you call the start of each tree? |
|
Definition
|
|
Term
| What technique does VPN (Virtual Private Networking) use to provide security over untrusted public networks? |
|
Definition
|
|
Term
| Which of the following is a VPN protocol that operates at the Network layer (layer 3) or the OSI Reference model? |
|
Definition
|
|
Term
| Your company wants to offer some employees Telnet access to the company network. However, they want to make sure it's secure. Which protocol should you use to secure the Telnet connection? |
|
Definition
|
|
Term
| Many government agencies rely on AES (Advanced Encryption Standard) for symmetric encryption. What is the name of the encryption algorithm upon which AES is based? |
|
Definition
|
|
Term
| What should security administrators do before implementing a wireless network? |
|
Definition
| Conduct a thorough site survey. |
|
|
Term
| Which of the following is an asymmetric encryption algorithm? |
|
Definition
| RSA (Rivest Shamir Adelman). |
|
|
Term
| Which of these would best ensure data integrity? |
|
Definition
|
|
Term
| Upon receiving a digitally signed document, what does the recipient use to verify the sender's signature? |
|
Definition
|
|
Term
| Experts agree that hashed passwords provide the best security in terms of confidentiality. But even hashed passwords are still vulnerable to which type of attacks? |
|
Definition
| Brute force, dictionary, and birthday. |
|
|
Term
| Which of the following items could be found in a digital certificate? |
|
Definition
| Certificate holder's public key. |
|
|
Term
| PGP (Pretty Good Privacy) is based on which trust model? |
|
Definition
|
|
Term
| Which of these statements is true of the query results from a CRL? |
|
Definition
| The data returned by the query might be outdated. |
|
|
Term
| When a Web browser connects to a Web server that's secured with SSL, what does the server present to the browser? |
|
Definition
|
|
Term
| What are the four primary components of ISAKMP (Internet Security Association Key Management Protocol)? |
|
Definition
| Peer authentication, security associations, threat management, and key creation/management. |
|
|
Term
| Peer authentication, security associations, threat management, and key creation/management. |
|
Definition
| Though a key-management protocol, ISAKMP is not directly related to PKI and doesn't involve Certificate Authorities. |
|
|
Term
| To access a workstation, a user inserts a smart card containing a public encryption key. Then she types a password or PIN. The workstation decrypts the password or PIN using its private key. If everything looks good, the user is logged on to the workstation. What security method did the workstation use to grant access? |
|
Definition
| Multifactor authentication |
|
|
Term
| Company executives are concerned about eavesdroppers picking up sensitive data from cables in unsecured areas of the building. Which type of cabling would you recommend for those areas? |
|
Definition
|
|
Term
| Which of the following storage media has the least storage capacity? |
|
Definition
|
|
Term
| Which type of firewall is able to detect and drop rogue packets that are not part of an established TCP connection? |
|
Definition
|
|
Term
| Which of the following devices provides a good defense against hostile packet sniffing? |
|
Definition
|
|
Term
| An organization wants to set up a network to conduct secure transactions with business partners. Which network topology should they use? |
|
Definition
|
|
Term
| You need to restrict access to parts of an existing network without changing the network's current topology. You want to use a simple hardware-based solution that requires minimal administrative overhead. What would be the best way to achieve this goal? |
|
Definition
Implement a VLAN (Virtual LAN) using Ethernet switches.
LAN) |
|
|
Term
| Which technology hides internal hosts from external networks and serves as a basic firewall by blocking traffic that didn't originate from inside the local network? |
|
Definition
| NAT (Network Address Translation) |
|
|
Term
| What type of intrusion detection system might automatically break a connection or shut down a server in response to an intrusion? |
|
Definition
|
|
Term
| What's the first action a system administrator should take in response to suspected criminal activity? |
|
Definition
| Contact the incident response team |
|
|
Term
| What would be the most effective way to prevent hackers from finding open ports and services to exploit when they scan your system? |
|
Definition
| Uninstall or disable all unused services and protocols |
|
|
Term
| Which two techniques allow an attacker to fingerprint a computer's operating system? |
|
Definition
| Malicious port scanning, ICMP message quoting. |
|
|
Term
| Which type of scanner uses ICMP to map a network? |
|
Definition
| A ping scanner can scan a whole range of addresses, thereby providing a map to an entire network. |
|
|
Term
| What is the best way to harden a custom application that's developed in-house? |
|
Definition
| Make sure that security is given due consideration at each step in the development process |
|
|
Term
| What configuration change protects a DNS server from misdirected traffic caused by spoofing attacks? |
|
Definition
Disallow zone transfers from untrusted networks
Zone transfers allow data from one DNS server to be copied to another automatically. Preventing unauthorized zone transfers will prevent spoofing. |
|
|
Term
| The security goal to protect data from unauthorized disclosure or access is called what? |
|
Definition
Confidentiality.
Confidentiality is about keeping sensitive data from prying eyes (and hands!). |
|
|
Term
What do you call a program that appears to perform some useful function while doing bad
things behind the scenes? |
|
Definition
|
|
Term
| Providing false information about the source of a message or attack is a form of what? |
|
Definition
IP spoofing involves forging the source IP address in a packet to hide the actual source of
that packet. |
|
|
Term
| Which access control method bases authorization on people's role within an organization? |
|
Definition
| RBAC (Role Based Access Control) . |
|
|
Term
What is an attacker hoping to achieve by sending more data to a program or protocol
handler than that item was designed to handle? |
|
Definition
Buffer overflow
A buffer overflow occurs when poorly designed software can't handle more data than it was
designed to manage. |
|
|
Term
Which type of attack attempts to destroy availability by preventing a system from handling
normal, legitimate requests for data? |
|
Definition
DoS (Denial of Service) attack.
DoS attacks don't attempt to steal data or gain unauthorized access. They just try to prevent
other people from gaining access to a system. |
|
|
Term
What must an administrator do to minimize the attack surface that a network device
exposes? |
|
Definition
Disable all unnecessary protocols on the device.
Minimizing the attack surface requires disabling all protocols except those required for the
device to function as needed within the local network. |
|
|
Term
| Minimizing the vulnerabilities of assets and resources is the goal of which security objective? |
|
Definition
Integrity.
Data integrity is about minimizing vulnerabilities in data and networks. |
|
|
Term
People who use a pet name, nickname, birthday, or other simple password are exposing
themselves to which type of attack? |
|
Definition
Dictionary attack.
A Dictionary attack uses a dictionary of commonly used passwords to discover a specific
password. |
|
|
Term
Intentionally altering the destination IP address that a name server provides during name
resolution is an example of which type of attack? |
|
Definition
Spoofing attack.
Spoofing is the intentional forging of source and destination IP addresses to hide the true
source of an attack, or misdirect traffic. |
|
|
Term
Giving every user just enough access to perform his or her job, and nothing more, is known
as what? |
|
Definition
Principle of least privilege.
The principle of least privilege states that every user be given exactly as much access as
needed to perform a job, and nothing more. |
|
|
Term
| Which access control method is based on sensitivity labels and security clearances? |
|
Definition
MAC (Mandatory Access Control).
MAC uses sensitivity labels and security clearances like Confidential, Secret, and Top Secret
to maximize data confidentiality and integrity. |
|
|
Term
Which attack exploits the small buffers used in the TCP three-way handshake to hinder the
availability of data on a server? |
|
Definition
SYN flood.
A SYN flood exploits vulnerabilities by using spoofed source IP addresses to leave half-open
connections on a server. That prevents the server from handling legitimate users who are
attempting to connect to the server. |
|
|
Term
What do you call a file that keeps a record of successful logins, failed login attempts, file
activities, and the like? |
|
Definition
Audit trail.
Audit trails keep track of who did what and when. |
|
|
Term
| Which is an example of biometric authentication? |
|
Definition
Retinal scan.
Biometrics is based on biological features that are unique to each person, like fingerprints,
handprints, voice patterns, and blood vessels in the retina. |
|
|
Term
Which authentication approach is used for Internet connections when a username and
password are not enough to provide proof of identity? |
|
Definition
Multi-factor.
When biometrics isn't feasible, but passwords are not enough, multi-factor authentication
can be used to require two or more forms of authentication. |
|
|
Term
Which type of attack sends an ICMP Echo Request with a malformed offset and improper
MTU (Maximum Transmission Unit) to intentionally crash a server? |
|
Definition
Ping of Death.
An ICMP Echo Request is also known as a ping. Sending a bad one can overflow the
recipient's buffer and cause it to crash. |
|
|
Term
What is an easy method that any user can employ to prevent virus infection from e-mail
attachments? |
|
Definition
Install anti-virus software that scans incoming e-mail messages.
Many viruses spread through e-mail attachments. Virtually all anti-virus software scans
incoming e-mail for viruses and other malware. |
|
|
Term
| DAC (Discretionary Access Control) is inherently vulnerable to which kind of attack? |
|
Definition
Trojan horse.
DAC has two weaknesses, 1) Lack of centralized administration and 2) no means of
preventing Trojan horses from doing evil deeds. |
|
|
Term
| What is the best way to protect a system from social engineering attacks? |
|
Definition
Training and education.
Social engineering attacks are nontechnical. They rely on users' ignorance and tendency to
trust other people. Human training and awareness are really the only defense. |
|
|
Term
Which access control method is based on the Bell-LaPadula model, which allows users to
read down, but not to write down? |
|
Definition
| MAC (Mandatory Access Control). |
|
|
Term
Which access control model offers great granularity through the use of ACLs (Access Control
Lists)? |
|
Definition
DAC (Discretionary Access Control) .
DAC (Discretionary Access Control) is best known for granular access control through ACLs at
each file and folder. |
|
|
Term
| What is the basic goal of system logging? |
|
Definition
Keep a record of system usage.
The most basic and common use of system logging is simply to keep a record of system
usage. |
|
|
Term
User Mary has Allow Read and Allow Write permissions to FileA through her membership in
the Accountants group. She has Deny Read permissions to FileA through her individual user
account. What is Mary's effective permission on FileA? |
|
Definition
| Mary has no access to FileA. |
|
|
Term
Which is the preferred access control method in organization with
high turnover rates? |
|
Definition
RBAC (Role Based Access Control) .
RBAC, which authorizes access based on people's roles, is the preferred access control
method in organizations with high employee turnover. |
|
|
Term
A system administrator reports that upon deleting a terminated employee's files, other files
on the system started disappearing on their own. The system administrator has been
victimized by which type of malware? |
|
Definition
Logic bomb.
Programs relating to employees that do bad things on schedule, or in response to some other
event, are usually Logic bombs. |
|
|
Term
Why would a network administrator create complex ingress/egress filtering rules to drop
packets that don't contain certain source and destination IP addresses? |
|
Definition
To prevent spoofing.
Ingress/egress filtering provides the best defense against spoofing attacks. |
|
|
Term
Which type of attack exploits a TCP vulnerability that allows spoofed packets to be inserted
into a stream and executed like legitimate packets? |
|
Definition
TCP Session Hijacking .
TCP Session hijacking swipes an Internet connection's session state by inserting spoofed
destination IP addresses into a stream to poison the ARP cache. |
|
|
Term
| What do Ping of Death, Smurf, Fraggle, Teardrop, Bonk, and Boink have in common? |
|
Definition
| They use buffer overflows to crash a server and deny service. |
|
|
Term
Which type of DoS attack uses multiple computers to simultaneously send requests for pages
to a Web server? |
|
Definition
DDoS (Distributed Denial of Service).
DDoS employs multiple zombie computers to send simultaneously and flood a server with
connection requests. |
|
|
Term
| Subseven, Masters Paradise, and NetBus are programs used to launch which type of attack? |
|
Definition
Backdoor.
Some backdoor attacks exploit maintenance hooks in existing programs. Programs like those
mentioned in this question also provide a means of launching backdoor attacks. |
|
|
Term
Users report that information transmitted across the network seems delayed, and in some
cases altered in transit. To which type of attack have these users likely fallen victim? |
|
Definition
Man in the Middle.
The Man in the Middle is a computer or program that can capture and manipulate packets as
they cross a network |
|
|
Term
Ensuring that a message sent across a network is not intercepted and altered in transit is an
example of what security goal? |
|
Definition
Integrity.
Confidentiality is about preventing unauthorized disclosure. Ensuring that data is true,
accurate, and has not been falsified comes under data integrity |
|
|
Term
| While reviewing audit trails, an administrator notices that a regular user ran a program that requires administrative privileges. Which term describes what happened? |
|
Definition
|
|
Term
| Which type of physical access barrier was designed to prevent piggybacking? |
|
Definition
Mantrap
A mantrap is a room that's specially designed to prevent piggybacking, where an unauthorized person gains access with the help of an authorized person. |
|
|
Term
| Which of the following technologies supports high availability? |
|
Definition
RAID.
Correct! RAID (Redundant Array of Independent Drives) stores data on multiple hard drives to provide high availability. |
|
|
Term
| Documenting change levels and revision information is especially important for which of the following? |
|
Definition
|
|
Term
| Which would be the best source of information regarding the Annualized Rate of Occurrence (ARO) for a risk? |
|
Definition
An insurance company
Insurance companies thrive on risk analysis and would therefore be your best bet for finding the annualized rate of occurrence for a risk. |
|
|
Term
| Which of the following best describes the concept of due care? |
|
Definition
| Policies and procedures designed to minimize damage or injury. |
|
|
Term
| When recovering from a disaster, which processes should be reinstated first? |
|
Definition
| The least critical processes. |
|
|
Term
| Crime scene technicians and investigators keep a log of everything that happens to a piece of evidence from the moment it is discovered. What is this log called? |
|
Definition
Chain of custody.
The chain of custody details everything that happens to a piece of evidence from the time it's found to its presentation in court. |
|
|
Term
| When is a privileged user account most vulnerable to misuse? |
|
Definition
| When the account holder's |
|
|
Term
| When is a privileged user account most vulnerable to misuse? |
|
Definition
| When the account holder's employment is terminated. |
|
|
Term
| Management gives an employee a laptop to use away from the office. While using it, the employee erases some critical files that render the laptop useless. What steps should have been taken to avoid this problem? |
|
Definition
| The user should have been trained how to use the laptop. |
|
|
Term
| The protection of data against unauthorized access or disclosure is an example of what? |
|
Definition
|
|
Term
| Which of the following accurately describes the concept of data integrity? |
|
Definition
| A means of minimizing vulnerabilities of assets and resources. |
|
|
Term
| An online retailer's business model consists of three departments: Inventory, Order Processing, and Shipping. People in the Inventory department need Read/Write access to Inventory data and Read access to Orders data. People in Order Processing need Read/Write access to Orders data and Read access to Inventory data. People in Shipping need Read access to Orders and Inventory data. There is a high rate of turnover in all departments. Which access control model would work best for this business? |
|
Definition
| RBAC (Role-Based Access Control). |
|
|
Term
| A disgruntled customer calls the Customer Support department of an online business, demanding that his password be changed because the system will not accept the password he originally entered. To keep the customer happy, the operator changes the password as per the customer's request. Some weeks later, the actual customer calls to complain of fraudulent purchases made on her account and sent to an unknown address. What type of intrusion has the Customer Support department been victimized by? |
|
Definition
|
|
Term
| A network administrator reports that upon deleting some records from a terminated employee, other files suddenly started to disappear on their own. Which type of malicious code is most likely the cause of this problem? |
|
Definition
|
|
Term
| To hide the true source of an attack or gain unauthorized access to a system, an attacker spoofs which field in a packet? |
|
Definition
|
|
Term
| A Web server becomes overwhelmed by thousands of legitimate requests for a Web page, apparently all coming from different computers at the same time. This Web server is most likely under which type of attack? |
|
Definition
| A DDoS attack creates agents on hundreds or thousands of unsuspecting computers called zombies. A handler then triggers the zombies to request a Web page all at the same time. |
|
|
Term
| Which two encryption key lengths does SSL/TLS support? |
|
Definition
|
|
Term
| What is the most common source of attack against CGI scripts? |
|
Definition
User data typed into forms.
Attackers can cause buffer overflows and security breaches from the HTML forms that CGI relies on. |
|
|
Term
| What must an e-mail relay server administrator do to prevent spam from being forwarded to a primary mail server? |
|
Definition
| Remove * from the list of trusted domains. |
|
|
Term
| Which technology can make wireless network security equivalent to a wired network's security? |
|
Definition
| WEP (Wired Equivalence Privacy) makes wireless networks as secure as wired networks. |
|
|
Term
| Which specification brings an object-oriented information model to LDAP directories and SNMP data? |
|
Definition
| DEN improves upon LDAP and SNMP by making their data more accessible to modern object-oriented programming languages. |
|
|
Term
| Which of the following protocols lets you create a Virtual Private Network (VPN) between a corporate network and a remote office? |
|
Definition
|
|
Term
| In symmetric encryption, how many security keys are needed to encrypt and decrypt files? |
|
Definition
| Symmetric encryption uses a single private key for encryption and decryption. |
|
|
Term
| What is the primary advantage of asymmetric encryption? |
|
Definition
| It allows encryption and decryption without the sharing of private keys. |
|
|
Term
| What is the primary advantage of asymmetric encryption? |
|
Definition
| It allows encryption and decryption without the sharing of private keys. |
|
|
Term
| To apply for a digital certificate, a subject must submit proof of identity and what else? |
|
Definition
|
|
Term
| X.509 requires CAs to provide data structure that lists certificates that have been revoked before their expiration date. What is the name of that data structure? |
|
Definition
| Certificate Revocation List |
|
|
Term
| Web browsers contain a trust list of trusted root CAs. Which technical term below refers to that internal trust list? |
|
Definition
| Embedded root certificates |
|
|
Term
| What should be your first step in implementing a company firewall? |
|
Definition
| Create a firewall policy. |
|
|
Term
| What network device lets you confine sensitive data to specific workstations using Access Control Lists and routing tables? |
|
Definition
|
|
Term
| Using ingress filtering on a perimeter router to block packets with local network IP addresses protects against which type |
|
Definition
|
|
Term
| What do you call an area of a network that's designed to provide services to the general public? |
|
Definition
| DMZ (demilitarized zone). |
|
|
Term
| Security administrators notice unusual activity that appears to be a series of attack attempts. What type of system should the administrators install to collect information about the attacker's identity, access, and attack methods? |
|
Definition
|
|
Term
| Which IDS method provides information about potential threats but takes no action against those threats? |
|
Definition
|
|
Term
| In Microsoft Windows, what security advantage does NTFS offer over the original FAT file system? |
|
Definition
| Granular control over file and folder permissions through ACLs. |
|
|
Term
| Which tool would be most effective in helping a security administrator find security holes in a network? |
|
Definition
|
|
Term
| What's the best way to protect a DNS server from DoS attacks? |
|
Definition
| Disable all applications except DNS on the primary DNS server |
|
|
Term
| Which of the following should be included in a fire protection plan for a fireproof computer room? |
|
Definition
Emergency shutdown procedures.
Even a fireproof computer room will get hot from nearby fire, so it's best to shut the computers down until things cool off. |
|
|
Term
| In a decentralized privilege management structure, where are user accounts and passwords stored? |
|
Definition
| On each individual server |
|
|
Term
| Extreme fluctuations in room temperature can cause which problem? |
|
Definition
|
|
Term
| A need to know policy is based on which security principle? |
|
Definition
|
|
Term
| What is the first step to developing a disaster recovery plan (DRP)? |
|
Definition
| Get policymakers to agree on the plan objectives. |
|
|
Term
| What is the most overlooked element of security management? |
|
Definition
|
|
