1. Which produces fewer collisions: SHA-1 or MD5?
  2. If you have multiple ISPs, each one uses its own ___.
  3. Each device’s manufacturer and model number has its own ___.
    default password
  4. What’s an easy way to disable a 10base2 network?
    remove a terminator
  5. ___ produces more collisions than SHA-1.
  6. What does it mean, if the firewall logs show several network PCs sending packets routinely, to a single external PC?
    the remote PC is running a zombie master, and the local PCs are running zombie slave applications
  7. ___ can give you fast, secure encryption on your USB flash drive.
  8. What can you use to restore a private key if a CA server crashes?
    Recovery agent
  9. Is “a backup generator” or “redundant power supplies” or “UPSs” a counter-measure when power must be delivered to critical systems no matter what?
    Backup generator
  10. If many workstations on the network start flooding the servers, it is probably caused by ___.
    a worm
  11. ___ is the most secure hashing algorithm.
    MD5, which is used in IPSec for data authentication
  12. A ___ only looks at the header information of network traffic.
    packet filter
  13. What is a recovery agent?
    a third-party company that stores a unique key that can be used to unlock the backup of the private keys
  14. ___ is often disabled to make password cracking more difficult.
    NTLM—Microsoft’s authentication protocol which replaced LANMAN. LANMAN created weak passwords.
  15. What is a DNS zone transfer?
    It is an answer to a DNS query to list all DNS information (such as Name Servers, host names, MX records, CNAME records, glue records (delegation for child Domains), zone serial number, Time To Live (TTL) records, etc) for a Domain. The query can be made from a single host to look up information for the entire Domain. It is also the mechanism Primary and Secondary Name Servers use to update its DNS data. This is one of the vulnerable points where a malicious person can compromise DNS data integrity.
  16. Why are DNS zone transfers a security issue?
    The default behavior for DNS zone transfer permits any host to request and receive a full zone transfer for a Domain. This is a security issue since DNS data can be used to decipher the topology of a company’s network. The information obtained can be used for malicious exploitation such as DNS poisoning/spoofing. This is like an anonymous person calling the receptionist to request and receive the entire company’s telephone and address book.
  17. ___ has the least amount of problems when inspecting encrypted traffic?
  18. ___ specifies a set of consistent requirements for a workstation or a server.
    configuration baseline
  19. What is a difficult security concern to detect, when contractors enter a secure area?
    copying sensitive information with a cell phone
  20. What would stop the “log-in box” from appearing for one of your web-based applications, after you get a browser upgrade?
    the pop-up blocker may not trust that website
  21. What devices will protect your network from attacks launched from a business-to-business intranet?
    NIPS and firewall
  22. Penetration testing should only be used ___.
    with written permission
  23. ___ overwrites the return address within a program to execute malicious code.
    buffer overflow
  24. ___ algorithms are associated with the “signing” of email messages.
  25. If you want to collect information about attackers and attempted methods of gaining access to the internal network, you should use ___.
    a honey pot
  26. ___ is/are used to demonstrate a weakness in a system, and then provide documentation on the weakness.
    penetration tests
  27. A hash is a unique number that is based on the file’s contents and ___.
    should be verified after download
  28. When assigning permissions, should “least privilege” or “Role Based” be applied to enable a person to do their job tasks?
    least privilege
  29. ___ can be used to encrypt FTP or telnet credentials over the wire.
  30. TACACS is different from RADIUS because TACACS separates ___ capabilities.
    authentication, authorization, and auditing
  31. Does a “service pack” or a “patch rollup” include several patches from the same vendor for several different applications?
    service pack
  32. Does the account lockout “duration” or “threshold” set an account to lockout for 30 minutes after the maximum number of attempts have failed?
    account lockout duration
  33. ___ can be used to institute a tunneling protocol for security?
  34. ___ improves security in a wireless system.
    MAC filtering, which is where an access point can be configured to accept connections only from certain hardware MAC addresses.
  35. What tool is best for monitoring changes to the approved system baseline?
    enterprise performance monitoring software
  36. Is an iris scanner or a retina scanner better?
    retina scanner
  37. What can be implemented to assure that system abuse by administrators does not go undetected in the logs?
    separation of duties
  38. What’s it called when you have multiple web servers fed from a load balancer?
    redundant servers
  39. Does NIDS require signature updates to be effective?
  40. Concerning AH “authentication headers”, the authentication information is a ___ based on ___.
    keyed hash based on all the bytes in the packet
  41. Is “identity proofing” part of authentication or part of identification?
  42. Is it an example of RAID, when you have multiple web servers fed from a load balancer?
    No, it’s redundant servers
  43. Does a “firewall” or “NIDS” require signature updates?
  44. Which is a stronger hashing algorithm: NTLM or NTLMv2?
  45. What is the “key word” in this question: “Security templates are used for which of the following, etc?
    “security” is the key word, NOT “templates”
  46. Social engineering, password cracking, and vulnerability exploitation are examples of ___.
    penetration testing
  47. What can detect malicious traffic patterns inside the network originating between client workstations?
  48. What does NIDS need to remain effective?
    signature updates
  49. What is NTLM?
    a Microsoft hashing algorithm
  50. What is SSO?
    single sign-on
Card Set