|
|
1. | Which of the following is an appropriate name for the network administration account?
|
|
2. | Which type of firewall checks for a current communication and the next packet needed?
|
|
3. | Which version(s) of Windows is/are certified by the DoD?
|
|
4. | Which version(s) of NetWare is/are certified by the DoD? (Choose all that apply.)
|
|
5. | For security reasons, where should you store backup tapes? (Choose all that apply.)
|
|
6. | Which operating system(s) has/have achieved a National Security Agency certification allowing it/them to be used in a networked B- or C-level certified environment? (Choose all that apply.)
|
|
7. | Which group of books does the DoD publish that deal with network security?
|
|
8. | Which government agency did the U.S. Department of Defense (DoD) task to handle computer security certification?
|
|
9. | What is the Diffie-Hellman algorithm used to do?
|
|
10. | What is the strongest bit-strength encryption that the U.S. government normally allows to be exported?
|
|
11. | Which type of security uses a file that identifies predefined IP addresses that are allowed to send data through a router?
|
|
12. | Which of the following passwords are considered weak? (Choose all that apply.)
|
|
13. | How often should regular users be forced to reset their passwords?
|
|
14. | Which of the following are good criteria for a strong password? (Choose all that apply.)
|
|
15. | What is the proper action to take before you leave your workstation? You are going to get a glass of water and will return in five minutes.
|
|
16. | Whose accounts should immediately be disabled when their employment is terminated? (Choose all that apply.)
|
|
17. | What should be collected in an exit interview of a terminated employee? (Choose all that apply.)
|
|
18. | What types of recording devices are typically allowed inside technology companies?
|
|
19. | Active intrusion-detection systems have which of the following characteristics? (Choose all that apply.)
|
|
20. | Which of the following attacks affects only Windows operating systems?
|
|
Answers
1. | C. It’s considered a “best practice” to not use the names super, superuser, or administrator because those are default accounts. The best choice is to pick a user and give them administrative privileges. Then, delete or disable the built-in administration accounts. |
2. | E. A proxy provides firewall services by keeping track of all communications sessions and fetching the next packets. |
3. | A. The only version of Windows that is currently certified as a secure workstation platform is Windows NT version 3.5. |
4. | C, E. Versions 4 and 4.11 are certified by the DoD as secure. |
5. | D, F. The best location for backup tapes is locked in a cabinet offsite. These practices make it difficult for someone to steal the backups. |
6. | A, B. Of the OSes listed, only Unix and NetWare have been certified for use in a networked environment. Windows NT 3.5 was certified, but only as a workstation environment. |
7. | A. The Rainbow Series is the series of books that the DoD publishes for standards of secure networking. |
8. | E. The National Security Agency (NSA) is responsible for handling computer security certification. |
9. | A. Diffie-Hellman is a public key cryptography algorithm. |
10. | B. At the time of the writing of this exam, a 40-bit encryption algorithm was the strongest you could export. That restriction is currently being revised. |
11. | A. Access control list security uses a file (the ACL) that identifies which addresses can send data through a particular firewall or router. |
12. | B, C, D. The best passwords are those that don’t use any part of a person’s name or a dictionary word. Thus, since options B, C, and D all are essentially usernames, they would be considered weak passwords. |
13. | D. It has been found that, for ease of remembrance and maximum possible security, a user should be forced to change their password at least once a month (or every 30 days). Any sooner and the user will forget their new password frequently; any later and they may complain that they would just like to keep their same password all the time (as well as increase the chance an unauthorized user might guess the password). |
14. | B, C, E. The best passwords are eight characters or longer; use numbers, letters, and special characters; and are words not necessarily found in a dictionary. Any word that can be found in a dictionary, is a proper name, or is another name of sentimental value is considered a bad/weak password. |
15. | B. It would be inefficient to shut down your workstation or unplug the computer because it takes so long to restart it. Unplugging the monitor would still leave the computer accessible (an intruder could simply plug it back in). The only convenient way to secure the computer for that short a time is to simply log out. |
16. | A, B, C, D, E, F. For security reasons, all accounts should be disabled when the employee quits or is terminated. You don’t necessarily have to delete the account, but it should be disabled so that the employee can’t use it. |
17. | A, D, E, F. Any item that could be used to gain access to a company’s resources should be collected during the exit interview of an employee. Keys, badges, and important papers (like schematics) should be obtained along with any company property (intellectual or otherwise). |
18. | C. For an absolutely secure installation, the only recording devices that should be on the premises are company-owned and -operated devices like security cameras. |
19. | A, C. Active intrusion systems detect intrusions or possible intrusions the moment they occur and take actions to prevent the intrusion. These systems, if working correctly, should only affect the intruder. |
20. | C. Although many of these attacks can affect Windows systems, only one—WinNuke—was designed specifically to attack Windows systems. It works because of a bug in the Windows TCP/IP stack. |
|
|