Small Sys Exam 2

  1. A typical operating system configuration baseline would include each of the following except _______.

    A. changing any default settings that are insecure B. eliminating any unnecessary software
    C. enabling operating system security features
    D. performing a security risk assessment
    D. performing a security risk assessment
  2. True or False- In the virus dictionary approach, the anti-virus monitors the behavior of all programs and flags suspicious behavior.
    False
  3. Which of the following is a list of approved e-mail senders?




    A. Whitelist
  4. All of the following are techniques and approaches used by anti-virus software, except:




    C. code filtering
  5. Which is the preferred means of trapping user input for errors?




    C. Escaping
  6. Which of the following is NOT an advantage to an automated patch update service?

    A. Administrators can approve or decline updates for client systems, force updates to install by a specific date, and obtain reports on what updates each computer needs.

    B. Downloading patches from a local server instead of using the vendor’s online update service can save bandwidth and time because each computer does not have to connect to an external server.

    C. Users can disable or circumvent updates just as they can if their computer is configured to use the vendor’s online update service.

    D. Specific types of updates that the organization does not test, such as hotfixes, can be automatically installed whenever they become available.
    C. Users can disable or circumvent updates just as they can if their computer is configured to use the vendor’s online update service.
  7. True or False- One of the problems with code emulation approach to anti-virus is that it requires periodic online downloads of updated virus signatures.
    False
  8. True or False- Training a Bayesian filter using spam and non-spam messages from your site can reduce the number of false positives.
    True
  9. Ture or False- A spamicity value less than 0.5 means that a message containing the word is likely to be spam.
    False
  10. A stateful firewall can use all of the following to monitor the state of communication session, except:




    A. Port Pairing
  11. True or False- Securing the host involves protecting the physical device itself, securing the operating system software on the system, using security-based software applications, and monitoring logs.
    True
  12. ____ use multiple infrared beams that are aimed across a doorway and positioned so that as a person walks through the doorway some beams are activated.




    B. Tailgate sensors
  13. The signal from an ID badge is detected as the owner moves near a ____, which receives the signal.




    A. proximity reader
  14. In ____, a virtualized environment is created that simulates the central processing unit (CPU) and memory of the computer.




    C. heuristic detection
  15. A ____ is designed to separate a nonsecured area from a secured area.




    C. mantrap
  16. A ____ is software that is a cumulative package of all security updates plus additional features.




    B. service pack
  17. A(n) _____ can provide details regarding requests for specific files on a system.




    D. access log
  18. A(n) ____ is hardware or software that is designed to prevent malicious packets from entering or leaving computers.




    D. firewall
  19. ________ allows for a single configuration to be set and then deployed to many or all users.




    D. Group Policy
  20. Which is the first step in securing an operating system?




    B. Develop the security policy
  21. What are the 3 important elements to secure?
    • -Host (network server or client)
    • -Applications
    • -Data
  22. What does securing the host involve?
    • -Protecting the physical device
    • -Securing the OS software
    • -Using security-based software applications
    • -Monitoring logs
  23. What are the recommended key management procedures?
    • -Change locks after key loss or theft
    • -Inspect locks regularly
    • -Issue keys only to authorized users
    • -Keep records of who uses and turns in keys
    • -Keep track of issued keys
    • -Master keys should not have identifying marks
    • -Secure unused keys in locked safe
    • -Setup key monitoring procedure
    • -Mark duplicate master ksy with "Do not duplicate"
  24. What is a Cipher Lock?
    • -More sophisticated alternative to key lock
    • -Combination sequence necessary to open door
    • -Can be programmed to allow individual's code to give access at only certain days or times
    • -Records when door is opened and by which code
    • -Can be vulnerable to shoulder surfing
    • -Often used in conjunction with tailgate sensor
  25. What is a Hardware Lock?
    Standard keyed enry lock, provides minimal security.
  26. What is a Physical Token in terms of securing devices?
    • ID badge with bearer's photo.
    • ID badge emits a signal identifying the owner.
    • Proximity reader receives signal.
  27. What is an Access List in terms of securing devices?
    • Record of individuals who have permission to enter secure area.
    • Records time they entered and left.
  28. What is a Mantrap in terms of securing devices?
    • Separates a secured from a unsecured area.
    • Device monitors and controls two interlocking doors. (only one door may open at any time)
  29. What is Video Surveillance in terms of securing devices?
    • Closed ciruit television (CCTV).
    • Video cameras transmit signal to limited set of receivers.
    • Cameras may be fixed or able to move.
  30. What is Fencing in terms of securing devices?
    • Barrier around secured area.
    • Modern perimeter fences are equipped with other deterrents.
  31. What are some Mobile Device unique security features?
    • -Remote Wipe, Sanitation
    • -GPS tracking
    • -Voice encryption
  32. What is the 5 step process for protecting the OS?
    • -Develop the security policy
    • -Perform host software baselining
    • -Configure OS security and settings
    • -Deploy the settings
    • -Implement patch management
  33. What is baselining? (#2 in 5 step secure OS)
    • Perform host software baselining.
    • Baseline: standard or checklist against which systems can be evaluated.
  34. Describe a typical configuration baseline. (step 3 in 5 steps secure OS)
    • Changing insecure default settings.
    • Eliminating unnecessary software, services, protocols.
    • Enabling security features such as firewall.
  35. What is meant by Group Policy?
    A single configuration maybe deployed to many users.
  36. What does a Hotfix do?
    Addresses specific customer situation.
  37. What are the advantages of automated patch update service?
    • -Administrators can force updates to install by specific date.
    • -Computers not on the internet can receive updates.
    • -Users cannot disable or circumvent updates.
  38. What is an Anti-Virus?
    • Software that examines a computer for infections.
    • Scans new documents that might contain viruses.
    • Searches for known virus patterns.
  39. What is the weakness of Anti-Virus?
    Vendor must continually search for new viruses, update and distribute signature files to users.
  40. What are Spam Filtering methods?
    • Bayesian filtering
    • Local host filtering (blacklist, whitelist)
    • Blocking certain file attachment types
  41. Explain Bayesian Filtering.
    • The goal is to have a spam filter-
    • 1. List every word in an incoming mail message
    • 2. Determine the odds of each word appearing in a spam messagae
    • 3. Use those odds as input to Bayes' Formula to determine if the message is spam or not
  42. What is a Firewall designed to do?
    • Designed to prevent malicious packets from entering or leaving computer.
    • Maybe hardware or software based.
    • Host-based software firewall runs on local system.
  43. What is an Audit Log?
    It can track user authentication attempts.
  44. What is an Access Log?
    It can provide details about requests for specific files.
  45. What is a Log?
    • Record of events that occur.
    • Log Entries contain information related to a specific event.
  46. Name the benefits of monitoring system logs.
    • -Identify security incidents, policy violations, fraudulent activity
    • -Provide information shortly after event occurs
    • -Provide information to help resolve problems
    • -Help idetify operational trends and long-term problems
    • -Provide documentation of regulatory compliance
  47. What are Errors (exceptions) in terms of application development security?
    • Faults that occur while application is running.
    • Response should be based on the error.
    • Improper handling can lead to application failure or insecurity.
  48. What are some Error handling practices to avoid?
    • Failing to check return codes or handle exceptions or properly checking them.
    • Handling all return codes or exceptions in the same manner.
    • Divulging potentially sensitive data in erro information.
  49. What is Input Validation?
    Performed after data entered but before destination is known. Not possible to know which characters are potentially harmful.
  50. What is Escaping (output encoding)?
    Preferred method for trapping user responses. Ensures characters are treated as data, not relevant to the application.
  51. What is Fuzz testing (fuzzing)?
    Software technique that deliberately provides invalid, unexpected, or random data inputs. Monitor to ensure all errors are trapped.
  52. What is Application Hardening?
    It intends to prevent exploiting vulnerabilities
  53. Data loss prevention typically examines what?
    • Data in use (ex: being printed)
    • Data in motion (being transmitted)
    • Data at rest (stored)
  54. What is a Firewall?
    An integrated collection of security measures designed to prevent unauthorized electronic access to a networked computer system.
  55. Packets flowing through a firewall can have one of three outcomes. Name them.
    • Accepted: permitted through the firewall
    • Dropped: not allowed through with no indication of failure
    • Rejected: not allowed through, accompanied by an attempt to inform the source that the packet was rejected
  56. Policies used by the firewall to handle packets are based on several properties of the packets, such as:
    • TCP or UDP
    • the source and destination IP addresses
    • the source and destination ports
    • the application-level payload of the packet
  57. Name and describe the 2 fundamental approaches to creating firewall policies (or rulesets).
    Blacklist Approach: all packets are allowed through except those that fit the rules defined specifically in a blacklist. This configuration is more flexible in ensuring that service to internal network is not disrupted.

    Whitelist Approach: a safer approach to defining a firewall ruleset is the default-deny policy, in which packets are dropped or rejected unless they are specifically allowed by the firewall.
  58. Name the 3 types of firewalls.
    • Packet filters; stateless
    • Stateful filters
    • Application layer
  59. Describe Stateless firewalls.
    • A Stateless firewall doesn't maintain any remembered context (or "state") with respect to the packets it is processing.
    • It treats each packet attempting to travel through it in isolation without considering packets that it has processed previously.
  60. Describe Stateful firewalls.
    • Stateful firewalls can tell when packets are part of legitimate sessions orginating within a trusted network.
    • They maintain tables containing information on each active connection, including the IP addresses, ports, and sequence number of packets.
    • Using these tables, stateful firewalls can allow only inbound TCP packets that are in response to a connection initiated from within the internal network.
  61. Describe some components of the Application Layer firewall.
    • Deep packet inspection.
    • Looks for telltale signatures inside packets.
    • Analyzes whehter the behavior of the session is typical of appropriate use of the applicatoin.
  62. What are the aspects of securing applications?
    • Application development security
    • Application hardening
    • Patch management
  63. Coding standards increase applications' ___, ____, and ____.
    • Consistency
    • Reliability
    • Security
  64. True/False - Not all applications are designed, written with security in mind. Network must provide protection.
    True
  65. What are the aspects of building a secure network?
    • Network devices
    • Network technologies
    • Design of the network itself
  66. True/False- Security features found in network hardware provide basic level of security.
    True
  67. The Open Systems Interconnection (OSI) model illustrates what?
    • How network device prepares data for delivery.
    • How data is handled once received.
  68. What are Hubs and what level do they work at?
    • When you connect multiple Ethernet devices together to function as a single network segment.
    • Work at Level 1, physical layer.
  69. What are Switches and what level do they work at?
    • They determine which device is connected to each port; can forward frames sent to that specific device.
    • Work at Level 2, data link layer.
  70. What are 2 Traffic Monitoring methods?
    • Port mirroring
    • Network tap (test access point)
  71. What are Routers and what level do they work at?
    • Routers forward packets across computer networks; they can be set to filter out specific types of network traffic.
    • Work at Level 3, network layer.
  72. What are the advantages of load-balancing technology?
    • Reduces probability of overloading a single server.
    • Optimizes bandwidth of network computers.
    • Reduces network downtime.
  73. What do Load Balancers do and how is it achieved?
    • They evenly distribute work across a network.
    • Achieved through software or hardware device.
  74. What are the security advantages of Load Balancing?
    • Can stop attacks directed at a server or application.
    • Can detect and prevent DoS attacks.
    • Some can deny attackers information about the network- hide HTTP error pages; remove server ID headers from HTTP respones
  75. What are Proxies?
    Devices that substitue for primary devices.
  76. What is a Proxy Server?
    Computer or application that intercepts and processes user requests.
  77. What are some Proxy Server advantages?
    • Increased speed (requests served from the cache).
    • Reduced costs (cache reduces bandwidth required).
    • Improved management (block specific web pages).
    • Stronger security (hide clients IP address).
  78. What is a Reverse Proxy?
    • It does not serve clients.
    • Routes incoming requests to correct server.
    • Reverse proxy's IP address is visible to outside users and internal server's IP address is hidden.
  79. What 2 protocols do email systems use and what kind of mail do they handle?
    • Simple Mail Transfer Protocol (SMTP) handles outgoing mail.
    • Post Office Protocol (POP) handles incoming mail.
  80. Describe Spam filters installed with the SMTP server.
    • Filter configured to listen on port 25.
    • Pass non-spam email to SMTP server listening on another port.
    • Method prevents SMTP server from notifying spammer of failed message delivery.
  81. Desribe Spam filters installed on the POP3 server.
    • All spam must first pass through SMTP server and be delivered to user's mailbox.
    • Can result in increased costs (storage, transmission, backup, deletion).
  82. What is a Virtual Private Network (VPN)?
    • Uses unsecured network as if it were secure.
    • All data transmitted between remote device and network is encrypted.
  83. What are the types of VPNs?
    • Remote-Access -user to LAN connection.
    • Site-to-Site -multiple sites can connect to other sites over the internet.
  84. True/False -VPNs can be software based or hardware based.
    • True
    • Hardware based generally have better security.
    • Software based have more flexibility in managing network traffic.
  85. What do Internet Content filters do?
    • Monitor Internet traffic.
    • Block access to preselected Web sites adn files.
    • Unapproved sites identified by URL or matching keywords.
  86. What are examples of blocked Web traffic?
    • ActiveX objects
    • Adware, spyware
    • Peer to peer file sharing
    • Script exploits
  87. Passive and active security can be used in a network. Which provides higher level of security?
    Active measures
  88. What are 2 Passive measures of security?
    • Firewall
    • Internet content filter
  89. What is a Intrusion Detection System (IDS)?
    • Active security measure.
    • Can detect attack as it occurs.
  90. Describe the 4 Monitoring methodologies.
    • Anomaly-based monitoring- compares current detected behavior with baseline.
    • Signature-based monitoring- looks for well known attack signature patterns.
    • Behavior-based monitoring- detects abnormal actions by processes or programs. Alerts user who decides whether to allow or block activity.
    • Heuristic monitoring- uses experience based techniques.
  91. Describe a Host Intrusion Detection System (HIDS).
    • Software based application that can detect attack as it occurs.
    • Installed on each system needing protection.
    • Monitors system calls and file system access.
    • Can recognize unauthorized Registry modification.
    • Monitors all input and output communications (detects anomalous activity).
  92. What are the disadvantages of HIDS?
    • Cannot monitor network traffic that does not reach local system.
    • All log data is stored locally.
    • Resource-intensive and can slow system.
  93. Describe a Network Intrusion Detection System (NIDS).
    • Watches for attacks on the network.
    • NIDS sensors installed on firewalls and routers (gather information and report back to central devices).
    • Passive NIDS will sound alarm.
    • Active NIDS will sound alarm and take action (actions may include filtering out intruder's IP address of terminating TCP session).
  94. Describe a Network Intrusion Prevention System (NIPS).
    • Similar to active NIDS.
    • Monitors network traffic to immediately block a malicious attack.
    • NIPS sensors located in line on firewall itself.
  95. What is the recent trend in network security hardware and its advantage?
    • Combining multipurpose security appliances with traditional evice such as a router.
    • Advantage:
    • -network devices already process all packets.
    • -switch that contains anti-malware software can inspect all packets.
  96. What is a Network Address Translation (NAT)?
    • Allows private IP addresses to be used on the public internet.
    • Replaces private IP address with public address.
  97. What is a Port Address Translation (PAT)?
    • Variation of NAT.
    • Outgoing packets given same IP address but different TCP port number.
  98. What are the advantages of NAT?
    • Masks IP addresses of internal devices.
    • Allows multiple devices to share smaller number of public IP addresses.
  99. SST
Author
lsingh216
ID
113213
Card Set
Small Sys Exam 2
Description
firewall security
Updated