Which type of malicious software does not require user assistance to propagate through the network?
D. Trojan Horse
What would be the BEST way to reduce the number of unsolicited bulk emails that users on a company network receive?
What utility is best to discover a ROOTKIT?
Users inadvertently download malware from the Internet. What can you suggest to help eliminate this problem?
Which type of malicious code is event driven? For example, when a certain application is opened, system files are deleted.
What do the terms whitelisting, blacklisting, closing open relays and strong authentication techniques refer to?
You download and install a new screen saver. You notice, after installing the screen saver, that some files are being deleted or renamed. What type of malware was your screen saver?
Which type of malware does not automatically replicate itself across the network?
Which type of cookie tracks user activities?
A. Persistent cookie
B. Authentication cookie
C. Tracking cookie
D. Session cookie
Which type of attack could be configured to execute on a specific date?
Which of the following terms references Denial of Service (DoS) or Distributed Denial of Service (DDoS) attacks?
Which type of malware attempts to alter system level processes and modify registry keys?
What is the primary difference between a worm and a Trojan horse?
How can you best prevent computer viruses from spreading throughout the network
Which term describes a spammers paradise, and allows the spoofing of email?
You discover that one of your SMTP servers is sending out a tremendous amount of spam. What do you think is the main cause of this problem?
Which type of virus is like a Chameleon and has the ability to mask itself and change it's appearance so it is difficult to detect?
What are the primary characteristics of a computer virus?
Why type of threat do USB hard drives pose to networks?
Removal of sensitive and confidential data
Reverse Proxy can be used for authentication to Network based on?
Location, User, And Time
Virtual Machines reduce what?
Some _____ can detect virtual environments
Three factor authentication:
Location, ATM card, Pin
Observe runaway process=?
Whitelist for apps on a PC=?
Digital signature provides=?
additional config for encrypted communication
Goal of Penetration testing?
Intruder obtains credentials=?
Traffic from server over ports not well known =?
bit torrent/file sharing
Boot to onboard RAID=?
Spyware can affect = ?
Disable USB to prevent?
Boot Sector Virus- through MBR (Master Boot Record)
Port scanner can ?
To login to SSH using certs you must do what?
Public key must be added to "authorized keys" file
Software restrictions limit what
installs of needed apps
_____ should be restored first
Continuity of ops planning least impact =?
Table Top Exercise
Ports left open for access =?
How can you make BIOS more secure and allow changes only by authorized users?
How can you prevent users from copying files to USB drives? (select two)
a. Disable the USB root hub within the OS
b. Configure permissions on the USB devices
c. Disable the USB within the workstations BIOS
d. Run spyware detection against all workstations
What is the LEAST effective when hardening an OS?
Which action should be performed to harden workstations and servers?
a. Report all security incidents
b Install only needed software
c. Log on only as the administrator
d. check logs regularly
Which item can reduce the attack surface of an OS
What preventative measures can reduce vulnerabilities on a web server
What is the term used to describe the process of securing devices on a network?
What is the term used to refer to a workstation or server after hardening the OS?
What term refers to a standard load for all systems?
Which term refers to secure coding and is used to prevent buffer overflow attacks?
Web servers are most susceptible to which attack?
What security issues is associated with instant messaging?
Communications are open and unprotected
The MOST common exploits of Internet-exposed network services are due to:
What term refers to the ability of an Email server to forward email to other Email servers?
How do you prevent buffer overflow?
Apply all security patches to workstations
What is the best way to prevent SQL injection attacks
A HIDS will most often monitor what?
You have installed a new software application on a machine. Which baseline needs to be updated?
Which type of system should be used to monitor for application activity and modifications?
Through virtualization, the underlying operating system is protected from what?
Malware installation from suspicious Internet sites
What is the most probably reason that malware is difficult to detect
The malware may be running at a more privileged level than the antivirus software
A Java Aplet is best described by what?
It allows customized controls, icons, and other features to increase the usability of WEB enabled systems
What refers to registering a domain name and not having to pay for it for up to five days?
what term refers to an attacker capturing traffic from a client to a server, and then resending that information to a server as the client?
What refers to the attack the attack that can change the function of a switch to that of a hub?
What is a nonessential protocol and service?
The results of a port scan can be used to determine what?
The fingerprint of the OS
What port is used by Remote Desktop and Terminal Services
What are two different ways ot get a user to access a spoofed website?
altered hosts file, dns poisoning
why should audit logging be enabled on DNS servers
to monitor unauthorized zone transfers
A man-in-the-middle attack can be carried out by what?
What refers to attempting to determine the operating system running in your networking environment based on the results of a port scan?
What type of attack is referred to when a product is used to access information within an SSL session without disrupting the end user's sessions?
anonymous logins =?
Unauthorized DNS zone transfers would be used for what?
What attack involves the attacker gaining access to a host in the network and logically disconnecting it?
what describes static NAT
a static NAT uses a one-to-one mapping
IPSEC headers are modified by what
What is true concerning MAC address and DTP
MAC addresses can be spoofed and DTP allows rogue network device to configure ports
What term refers to multiple decoy servers
What is the primary purpose of a honeypot
To allow administrators a chance to observe an attack
Which of the following would a security administrator use to determine if internal network clients are participating in a DDoS attack
What is a protocol analyzer
What NIC mode allows packets to accept traffic from any network client
What would be a security risk to consider in regards to using peer-to-peer software?
What are bluetooth threats
Blue Jacking, Bluesnarfing, Discovery mode
What would be best to reduce the chances of a successful wireless attack?
Implement an authentication system and WPA (highest encryption)
The system administrator establishes access permissions to network resources in what access control model?
The identity of the user or group is used in what access control model
What is true regarding the MAC access control model
In the MAC users cannot share resources dynamically
DAC only uses the identity of the user and this causes what loophole
Trojan horse attacks
MAC uses what to identify the users who have permissions to a resource
Predefined access privileges
DAC uses what to identify the users who have permissions to a resource?
What terminology or concept which best describes a MAC model
Group Policy = ?
A KDC (KEY distribution center) is used by what
Detail when the CHAP handshake is performed after the initial logon from the client to the server
At the stage when the connection is established and randomly after the connection has been establish
Which is better, RADIUS or TACACS and why?
TACACS, because it encrypts client-server negotiation dialogs
Multiple keys + management of security associations = ?
It allows credentials to be accepted from multiple methods including Kerberos
What is a mechanism that allows authentication of dial-in and other network connections
Kerberos uses what port
Secure LDAP uses what port?
TACACS uses which port
What is the purpose of using NTP within Kerberos authentication protocol
Clocks are used to ensure that tickets expire correctly
What prevents replays
What replaced SLIP
Proofing occurs during which phase of identification and authentication?
Network access should be allowed only after which security actions have been completed?
Identification and AUTHENTICAITON
what two things to fob based authentication systems use
Username/pw and token
what position within an organization is ultimately in charge of the amount of risk?
The senior management
risk assessment should be based on?
quantitative measurement of risk, impact, and asset value
What is a password cracking utility
a program that provides comparative analysis
What is a password cracking tool
John the Ripper/Cain
A DLL injection is used most often in what?
Vulnerabilities would be discovered by what?
What requires a basline
Anomaly-based and behavior-based monitoring
What type of IDS uses a specific traffic pattern
What is based on specifically defined data pattern referencing how an attack occurs
Most basic type of IDS
DNS operates on what port?
Most encryption schemes are based on
What algorithm cannot be reversed
PKI is based on what type of encryption algorithms
what is steganography primarily used for?
Birthday attacks =
fastest and most secure form of encryption
What encryption algorithm relies on the inability to factor large prime numbers
what type of certificate trust model is used by PGP
Peer to peer
What type of encryption is used by PGP
TLS uses what cryptographic algorithm to establish a session key?
HTTPS/SSL uses what port
SSL provides encryption at what layer of the OSI model
You need to ensure connectivity redundancy for your broadband connection. What should you choose?
What needs to be backed up in order to backup Active Directory?
What is the name of the form used to track evidence
chain of custody
Incident response does not include what
What type of agreement is between a service provider and a customer
What should be placed in promiscuous mode to allow a NIDS to monitor all network traffic?
One-Time Pad key size equals?
size of data contained
What would be most likely to cause a buffer overflow
What overwrites the return address in a program to help with the execution of malicious code
Secure Key Exchange without use of PSK
What is a security threat to virtual machines
What describes an attacker gaining administrator access to a system through the use of a compromised user account?
What access control method should be used in an environment with a high employee turnover rate?
Which type of encryption algorithm should be used when the desired result is fast and a large key size is used?
The NMAP utility can be used to do what
1. Identify the type of OS in use by a device
2. Document open ports
3. Spoof an IP address from which the scan is originating
What is the difference between RADIUS and TACACS?
TACACS separates authentication, authorization, and auditing