|
|
1. | Which type of audit determines whether accounts have been established properly and that privilege creep is not occurring?
|
|
2. | A physical access device that restricts access to a small number of individuals at one time is called?
|
|
3. | Which of the following is a set of voluntary standards governing encryption?
|
|
4. | Which protocol is used to create a secure environment in a wireless network?
|
|
5. | An Internet server interfaces with TCP/IP at which layer of the DOD model?
|
|
6. | You want to establish a network connection between two LANS using the Internet. Which technology would best accomplish that for you?
|
|
7. | Which design concept limits access to systems from outside users while protecting systems in an inside LAN?
|
|
8. | In the key recovery process, which key must be recoverable?
|
|
9. | An attack that is designed to overload a particular protocol or service is referred to as which kind of attack?
|
|
10. | The component of an IDS that collects data is referred to as a what?
|
|
11. | What is the process of making an operating system secure from attack called?
|
|
12. | The integrity objective addresses which characteristic of information security?
|
|
13. | Which mechanism is used by PKI to allow immediate verification of a certificate's validity?
|
|
14. | Which of the following is the equivalent of a VLAN from a physical security perspective?
|
|
15. | Your user has just reported that he downloaded a file from a prospective client using IM. The user indicates that the file was called account.doc. The system has been behaving unusually since he downloaded the file. What is the most likely event that occurred?
|
|
16. | The mechanism used to enable or disable access to a network resource based on an IP address is referred to as what?
|
|
17. | Which of the following would provide additional security to an Internet WWW server?
|
|
18. | What is a program that exists primarily to propagate and spread to other systems called?
|
|
19. | An individual presents himself at your office claiming to be a service technician. He wants to discuss your current server configuration. This may be an example of what type of attack?
|
|
20. | Which of the following is a major security problem with FTP servers?
|
|
21. | Which system would you install to provide active protection and notification of security problems in a network connected to the Internet?
|
|
22. | The process of verifying the steps taken to maintain the integrity of evidence is called what?
|
|
23. | The encryption process that uses one message to hide another is called?
|
|
24. | The policy that dictates how computers are used in an organization is called what?
|
|
25. | Which algorithm is used to create a temporary secure session for the exchange of key information?
|
|
26. | You are being asked to consult on security for hand-held devices, such as a PDA. You are told you must use an asymmetric system. Which security standard would you recommend?
|
|
27. | Which of the following backup methods will generally provide the fastest backup times?
|
|
28. | Which security method uses physical characteristics as a method of determining identity?
|
|
29. | Which access control method is primarily concerned with the role that individuals have in the organization?
|
|
30. | The process of investigating a computer system for clues into an event is called what?
|
|
Answers
1. | A. A privilege audit is used to determine that all groups, users, and other accounts have the appropriate privileges assigned according to the policies of an organization. For more information, see Chapter 9. |
2. | D. A mantrap is a device, such as a small room, that limits access to a small number of individuals. Mantraps typically use electronic locks and other methods to control access. |
3. | B. Public Keys Cryptography Standards are a set of voluntary standards for public key cryptography. This set of standards is coordinated by RSA Incorporated. |
4. | B. Wired Equivalent Privacy (WEP) is designed to provide security equivalent to that of a wired network. WEP has is known to have vulnerabilities and is not considered highly secure. For additional information, see Chapter 4. |
5. | C. The Process layer interfaces with applications and encapsulates traffic through the Host-to-Host or Transport layer, the Internet layer and the Network Access layer. For more information, see Chapter 2. |
6. | B. L2TP is a tunneling protocol that can be used between LANs. L2TP is not secure, and you would want to use IPSec with it to provide data security. For more information, see Chapter 3. |
7. | A. A DMZ is an area in a network that allows restrictive access to untrusted users, and it isolates the internal network from access by external users and systems. This is accomplished using routers and firewalls to limit access to sensitive network resources. For more information, see Chapter 1. |
8. | C. A key recovery process must be able to recover a previous key. If the previous key can't be recovered, all of the information that used that key will be irrecoverably lost. |
9. | D. A flood attack is designed to overload a protocol or service by repeatedly initiating a request for service. This type of attack usually results in a DoS situation occurring. This may be caused by the protocol freezing or from excessive bandwidth usage in the network as a result of the requests. For more information, see Chapter 2. |
10. | B. A sensor collects data from the data source and passes it on to the analyzer. If the analyzer determines that unusual activity has occurred, an alert may be generated. For additional information, see Chapter 4. |
11. | A. Hardening is the term used to describe the process of securing a system. This is accomplished in many ways, including disabling unneeded protocols. For additional information on hardening, see Chapter 5. |
12. | A. The goal of integrity is to verify that information being used is accurate and has not been tampered with. Integrity is coupled with accountability to ensure that data is accurate and that a final authority exists to verify this, if needed. For more information, see Chapter 1. |
13. | D. Online certificate status protocol (OCSP) is the mechanism used to immediately verify if a certificate is valid. The CRL is published on a regular basis, but it is not current once it is published. For additional information, see Chapter 7. |
14. | B. Partitioning is the process of breaking a network into smaller components that can each be individually protected. The concept is the same as building walls in an office building. For additional information, see Chapter 6. |
15. | A. IM and other systems allow unsuspecting users to download files that may contain viruses. Due to a weakness in the file extensions naming conventions, a file that appears to have one extension may actually have another extension. An example of this might be mydocument.doc.vbs. This file would appear in many applications as mydocument.doc, but it is actually a Visual Basic script and could contain malicious code. For additional information, see Chapter 4. |
16. | B. Access Control Lists (ACLs) are used to allow or deny an IP address access to a network. ACL mechanisms are implemented in many routers, firewalls, and other network devices. For additional information, see Chapter 5. |
17. | B. The default port for a WWW server is Port 80. By changing the port to 1019, you force users to specify this port when they are using a browser. This provides a little additional security for your website. Adding a firewall to block Port 80 would secure your website so much that no one would be able to access it. For more information, see Chapter 3. |
18. | D. A worm is designed to multiply and propagate. Worms may carry viruses that cause systems destruction, but that is not their primary mission. For more information, see Chapter 2. |
19. | A. Social engineering is the method of using human intelligence methods to gain access or information about your organization. For additional information, see Chapter 6. |
20. | C. FTP in most environments sends account and password information unencrypted. This makes these accounts vulnerable to network sniffing. For additional information, see Chapter 5. |
21. | A. An Intrusion Detection System provides active monitoring and rules-based responses to unusual activities on a network. A firewall provides passive security by preventing access from unauthorized traffic. If the firewall were compromised, the IDS would notify you based on rules it is designed to implement. For more information, see Chapter 3. |
22. | B. The chain of custody ensures that each step taken with evidence is documented and accounted for from the point of collection. Chain of custody is the Who, What, When, Where, and Why of evidence storage. For additional information, see Chapter 10. |
23. | A. Steganography is the process of hiding one message in another. Steganography may also be referred to as electronic watermarking. For additional information, see Chapter 7. |
24. | C. The use policy is also referred to as the usage policy. It should state acceptable uses of computer and organizational resources by employees. This policy should outline consequences of noncompliance. For additional information, see Chapter 10. |
25. | B. The Key Exchange Algorithm (KEA) is used to create a temporary session to exchange key information. This session creates a secret key that is used. When the key has been exchanged, the regular session begins. |
26. | A. Elliptical Curve Cryptosystem (ECC) would probably be your best choice for a PDA. ECC is designed to work with smaller processors. The other systems may be options, but they require more computing power than ECC. For additional information, see Chapter 7. |
27. | B. An incremental backup will generally be the fastest of the back methods because it backs up only the files that have changed since the last incremental or full backup. See Chapter 9 for more information. |
28. | C. Biometrics is the authentication process that uses physical characteristics, such as a palm print or retinal pattern, to establish identification. For more information, see Chapter 1. |
29. | C. Role-Based Access Control (RBAC) is primarily concerned with providing access to systems that a user needs based on the role they have in the organization. For more information, see Chapter 9. |
30. | A. Computer forensics is the process of investigating a computer system to determine the cause of an incident. Part of this process would be gathering evidence. For additional information, see Chapter 10. |
|
|