Which type of malicious software does not require user assistance to propagate through the network?
A. Worm
B. Virus
C. Adware
D. Trojan Horse
Worm
What would be the BEST way to reduce the number of unsolicited bulk emails that users on a company network receive?
B.
What utility is best to discover a ROOTKIT?
B.
Users inadvertently download malware from the Internet. What can you suggest to help eliminate this problem?
A.
Which type of malicious code is event driven? For example, when a certain application is opened, system files are deleted.
B.
What do the terms whitelisting, blacklisting, closing open relays and strong authentication techniques refer to?
B.
You download and install a new screen saver. You notice, after installing the screen saver, that some files are being deleted or renamed. What type of malware was your screen saver?
B.
Which type of malware does not automatically replicate itself across the network?
A.
Which type of cookie tracks user activities?
A. Persistent cookie
B. Authentication cookie
C. Tracking cookie
D. Session cookie
C
Which type of attack could be configured to execute on a specific date?
A.
Which of the following terms references Denial of Service (DoS) or Distributed Denial of Service (DDoS) attacks?
D.
Which type of malware attempts to alter system level processes and modify registry keys?
A.
What is the primary difference between a worm and a Trojan horse?
B.
How can you best prevent computer viruses from spreading throughout the network
A.
Which term describes a spammers paradise, and allows the spoofing of email?
B.
You discover that one of your SMTP servers is sending out a tremendous amount of spam. What do you think is the main cause of this problem?
D.
Which type of virus is like a Chameleon and has the ability to mask itself and change it's appearance so it is difficult to detect?
D.
What are the primary characteristics of a computer virus?
D.
Why type of threat do USB hard drives pose to networks?
Removal of sensitive and confidential data
Reverse Proxy can be used for authentication to Network based on?
Location, User, And Time
Virtual Machines reduce what?
Carbon Footprint
Some _____ can detect virtual environments
malware
Three factor authentication:
Location, ATM card, Pin
Observe runaway process=?
Perf. Monitor
Whitelist for apps on a PC=?
Anti-Virus
Digital signature provides=?
integrity
802.1X Authentication=?
RADIUS
IPSEC requires?
additional config for encrypted communication
Goal of Penetration testing?
Actively Assess
Intruder obtains credentials=?
Password Cracker
Traffic from server over ports not well known =?
bit torrent/file sharing
Boot to onboard RAID=?
BIOS
Spyware can affect = ?
confidentiality
Disable USB to prevent?
Boot Sector Virus- through MBR (Master Boot Record)
Port scanner can ?
detect protocols
To login to SSH using certs you must do what?
Public key must be added to "authorized keys" file
Signed Keys?
PGP
Software restrictions limit what
installs of needed apps
_____ should be restored first
Audit/Logging Transactions
Continuity of ops planning least impact =?
Table Top Exercise
IPv6 =?
IPSEC
Ports left open for access =?
backdoor
How can you make BIOS more secure and allow changes only by authorized users?
B.
How can you prevent users from copying files to USB drives? (select two)
a. Disable the USB root hub within the OS
b. Configure permissions on the USB devices
c. Disable the USB within the workstations BIOS
d. Run spyware detection against all workstations
A, C
What is the LEAST effective when hardening an OS?
A.
Which action should be performed to harden workstations and servers?
a. Report all security incidents
b Install only needed software
c. Log on only as the administrator
d. check logs regularly
B
Which item can reduce the attack surface of an OS
A.
What preventative measures can reduce vulnerabilities on a web server
D.
What is the term used to describe the process of securing devices on a network?
A.
What is the term used to refer to a workstation or server after hardening the OS?
C.
What term refers to a standard load for all systems?
B.
Which term refers to secure coding and is used to prevent buffer overflow attacks?
Input validation
Web servers are most susceptible to which attack?
Buffer overflow
What security issues is associated with instant messaging?
Communications are open and unprotected
The MOST common exploits of Internet-exposed network services are due to:
Buffer Overflow
What term refers to the ability of an Email server to forward email to other Email servers?
SMTP Relay
How do you prevent buffer overflow?
Apply all security patches to workstations
What is the best way to prevent SQL injection attacks
Input validation
A HIDS will most often monitor what?
System files
You have installed a new software application on a machine. Which baseline needs to be updated?
Behavior-Based HIDS
Which type of system should be used to monitor for application activity and modifications?
HIDS
Through virtualization, the underlying operating system is protected from what?
Malware installation from suspicious Internet sites
What is the most probably reason that malware is difficult to detect
The malware may be running at a more privileged level than the antivirus software
A Java Aplet is best described by what?
It allows customized controls, icons, and other features to increase the usability of WEB enabled systems
What refers to registering a domain name and not having to pay for it for up to five days?
kiting
what term refers to an attacker capturing traffic from a client to a server, and then resending that information to a server as the client?
Replay
What refers to the attack the attack that can change the function of a switch to that of a hub?
MAC flooding
What is a nonessential protocol and service?
TFTP
The results of a port scan can be used to determine what?
The fingerprint of the OS
What port is used by Remote Desktop and Terminal Services
3389
What are two different ways ot get a user to access a spoofed website?
altered hosts file, dns poisoning
why should audit logging be enabled on DNS servers
to monitor unauthorized zone transfers
A man-in-the-middle attack can be carried out by what?
A sniffer
What refers to attempting to determine the operating system running in your networking environment based on the results of a port scan?
Fingerprinting
What type of attack is referred to when a product is used to access information within an SSL session without disrupting the end user's sessions?
Man-in-the-middle
anonymous logins =?
FTP
Unauthorized DNS zone transfers would be used for what?
Reconnaissance
What attack involves the attacker gaining access to a host in the network and logically disconnecting it?
TCP/IP Hijacking
what describes static NAT
a static NAT uses a one-to-one mapping
IPSEC headers are modified by what
NAT
What is true concerning MAC address and DTP
MAC addresses can be spoofed and DTP allows rogue network device to configure ports
What term refers to multiple decoy servers
honeynet
What is the primary purpose of a honeypot
To allow administrators a chance to observe an attack
Which of the following would a security administrator use to determine if internal network clients are participating in a DDoS attack
Firewall logs
What is a protocol analyzer
WhireShark
What NIC mode allows packets to accept traffic from any network client
Promiscuous
What would be a security risk to consider in regards to using peer-to-peer software?
Data leakage
What are bluetooth threats
Blue Jacking, Bluesnarfing, Discovery mode
What would be best to reduce the chances of a successful wireless attack?
Implement an authentication system and WPA (highest encryption)
The system administrator establishes access permissions to network resources in what access control model?
MAC
The identity of the user or group is used in what access control model
DAC
What is true regarding the MAC access control model
In the MAC users cannot share resources dynamically
DAC only uses the identity of the user and this causes what loophole
Trojan horse attacks
MAC uses what to identify the users who have permissions to a resource
Predefined access privileges
DAC uses what to identify the users who have permissions to a resource?
ACLs
What terminology or concept which best describes a MAC model
Lattice
Group Policy = ?
GUI
A KDC (KEY distribution center) is used by what
Kerberos
Detail when the CHAP handshake is performed after the initial logon from the client to the server
At the stage when the connection is established and randomly after the connection has been establish
Which is better, RADIUS or TACACS and why?
TACACS, because it encrypts client-server negotiation dialogs
Multiple keys + management of security associations = ?
IKE
Detail TACACS
It allows credentials to be accepted from multiple methods including Kerberos
What is a mechanism that allows authentication of dial-in and other network connections
RADIUS
Kerberos uses what port
88
Secure LDAP uses what port?
636
TACACS uses which port
49
What is the purpose of using NTP within Kerberos authentication protocol
Clocks are used to ensure that tickets expire correctly
What prevents replays
Kerberos
What replaced SLIP
PPP
Proofing occurs during which phase of identification and authentication?
Identification
Network access should be allowed only after which security actions have been completed?
Identification and AUTHENTICAITON
what two things to fob based authentication systems use
Username/pw and token
what position within an organization is ultimately in charge of the amount of risk?
The senior management
risk assessment should be based on?
quantitative measurement of risk, impact, and asset value
What is a password cracking utility
a program that provides comparative analysis
What is a password cracking tool
John the Ripper/Cain
A DLL injection is used most often in what?
Penetration testing
Vulnerabilities would be discovered by what?
Nessus
What requires a basline
Anomaly-based and behavior-based monitoring
What type of IDS uses a specific traffic pattern
Signature based
What is based on specifically defined data pattern referencing how an attack occurs
signature
Most basic type of IDS
signature
DNS operates on what port?
53
Most encryption schemes are based on
algorithms
What algorithm cannot be reversed
one-way function
PKI is based on what type of encryption algorithms
Asymmetric
what is steganography primarily used for?
hides information
Birthday attacks =
collisions
fastest and most secure form of encryption
AES256
What encryption algorithm relies on the inability to factor large prime numbers
RSA
Diffie-Hellman
Key exchange
what type of certificate trust model is used by PGP
Peer to peer
PGP
Key ring
What type of encryption is used by PGP
Asymmetric scheme
TLS uses what cryptographic algorithm to establish a session key?
DH
HTTPS/SSL uses what port
443
SSL provides encryption at what layer of the OSI model
Session
You need to ensure connectivity redundancy for your broadband connection. What should you choose?
Redundant ISP
What needs to be backed up in order to backup Active Directory?
System State
What is the name of the form used to track evidence
chain of custody
Incident response does not include what
repudiation
What type of agreement is between a service provider and a customer
SLA
What should be placed in promiscuous mode to allow a NIDS to monitor all network traffic?
Sensor (NIC)
One-Time Pad key size equals?
size of data contained
What would be most likely to cause a buffer overflow
DoS
What overwrites the return address in a program to help with the execution of malicious code
Buffer Overflow
Secure Key Exchange without use of PSK
DH-ECC
What is a security threat to virtual machines
Escape
What describes an attacker gaining administrator access to a system through the use of a compromised user account?
Privilege escalation
What access control method should be used in an environment with a high employee turnover rate?
ROLE based
Which type of encryption algorithm should be used when the desired result is fast and a large key size is used?
symmetric
The NMAP utility can be used to do what
1. Identify the type of OS in use by a device
2. Document open ports
3. Spoof an IP address from which the scan is originating
What is the difference between RADIUS and TACACS?
TACACS separates authentication, authorization, and auditing