-
Which produces fewer collisions: SHA-1 or MD5?
SHA-1
-
If you have multiple ISPs, each one uses its own ___.
T1
-
Each device’s manufacturer and model number has its own ___.
default password
-
What’s an easy way to disable a 10base2 network?
remove a terminator
-
___ produces more collisions than SHA-1.
MD5
-
What does it mean, if the firewall logs show several network PCs sending packets routinely, to a single external PC?
the remote PC is running a zombie master, and the local PCs are running zombie slave applications
-
___ can give you fast, secure encryption on your USB flash drive.
AES256
-
What can you use to restore a private key if a CA server crashes?
Recovery agent
-
Is “a backup generator” or “redundant power supplies” or “UPSs” a counter-measure when power must be delivered to critical systems no matter what?
Backup generator
-
If many workstations on the network start flooding the servers, it is probably caused by ___.
a worm
-
___ is the most secure hashing algorithm.
MD5, which is used in IPSec for data authentication
-
A ___ only looks at the header information of network traffic.
packet filter
-
What is a recovery agent?
a third-party company that stores a unique key that can be used to unlock the backup of the private keys
-
___ is often disabled to make password cracking more difficult.
NTLM—Microsoft’s authentication protocol which replaced LANMAN. LANMAN created weak passwords.
-
What is a DNS zone transfer?
It is an answer to a DNS query to list all DNS information (such as Name Servers, host names, MX records, CNAME records, glue records (delegation for child Domains), zone serial number, Time To Live (TTL) records, etc) for a Domain. The query can be made from a single host to look up information for the entire Domain. It is also the mechanism Primary and Secondary Name Servers use to update its DNS data. This is one of the vulnerable points where a malicious person can compromise DNS data integrity.
-
Why are DNS zone transfers a security issue?
The default behavior for DNS zone transfer permits any host to request and receive a full zone transfer for a Domain. This is a security issue since DNS data can be used to decipher the topology of a company’s network. The information obtained can be used for malicious exploitation such as DNS poisoning/spoofing. This is like an anonymous person calling the receptionist to request and receive the entire company’s telephone and address book.
-
___ has the least amount of problems when inspecting encrypted traffic?
anti-virus
-
___ specifies a set of consistent requirements for a workstation or a server.
configuration baseline
-
What is a difficult security concern to detect, when contractors enter a secure area?
copying sensitive information with a cell phone
-
What would stop the “log-in box” from appearing for one of your web-based applications, after you get a browser upgrade?
the pop-up blocker may not trust that website
-
What devices will protect your network from attacks launched from a business-to-business intranet?
NIPS and firewall
-
Penetration testing should only be used ___.
with written permission
-
___ overwrites the return address within a program to execute malicious code.
buffer overflow
-
___ algorithms are associated with the “signing” of email messages.
PGP
-
If you want to collect information about attackers and attempted methods of gaining access to the internal network, you should use ___.
a honey pot
-
___ is/are used to demonstrate a weakness in a system, and then provide documentation on the weakness.
penetration tests
-
A hash is a unique number that is based on the file’s contents and ___.
should be verified after download
-
When assigning permissions, should “least privilege” or “Role Based” be applied to enable a person to do their job tasks?
least privilege
-
___ can be used to encrypt FTP or telnet credentials over the wire.
SSH
-
TACACS is different from RADIUS because TACACS separates ___ capabilities.
authentication, authorization, and auditing
-
Does a “service pack” or a “patch rollup” include several patches from the same vendor for several different applications?
service pack
-
Does the account lockout “duration” or “threshold” set an account to lockout for 30 minutes after the maximum number of attempts have failed?
account lockout duration
-
___ can be used to institute a tunneling protocol for security?
IPSec
-
___ improves security in a wireless system.
MAC filtering, which is where an access point can be configured to accept connections only from certain hardware MAC addresses.
-
What tool is best for monitoring changes to the approved system baseline?
enterprise performance monitoring software
-
Is an iris scanner or a retina scanner better?
retina scanner
-
What can be implemented to assure that system abuse by administrators does not go undetected in the logs?
separation of duties
-
What’s it called when you have multiple web servers fed from a load balancer?
redundant servers
-
Does NIDS require signature updates to be effective?
yes
-
Concerning AH “authentication headers”, the authentication information is a ___ based on ___.
keyed hash based on all the bytes in the packet
-
Is “identity proofing” part of authentication or part of identification?
identification
-
Is it an example of RAID, when you have multiple web servers fed from a load balancer?
No, it’s redundant servers
-
Does a “firewall” or “NIDS” require signature updates?
NIDS
-
Which is a stronger hashing algorithm: NTLM or NTLMv2?
NTLMv2
-
What is the “key word” in this question: “Security templates are used for which of the following, etc?
“security” is the key word, NOT “templates”
-
Social engineering, password cracking, and vulnerability exploitation are examples of ___.
penetration testing
-
What can detect malicious traffic patterns inside the network originating between client workstations?
HIDS
-
What does NIDS need to remain effective?
signature updates
-
What is NTLM?
a Microsoft hashing algorithm
-
What is SSO?
single sign-on
|
|
