Front | Back |
You have been contracted to determine if network activity spikes are related to an attempt by an attacker to breach the network. The customer wants you to identify when the activity occurs and what type of traffic causes the activity. Which type of tool should you use?
A. Network mapper
B. Protocol analyzer C. Systems monitor D. Performance monitor |
Answer: B. Protocol analyzer.
Explanation: A protocol analyzer will capture packets and timestamp each one. This tells you exactly what type of packets were captured and when. If the timestamps correspond to the network activity spikes, you know you have a match for the time. By digging into the packets with a protocol analyzer, you can find out exactly what type of traffic is causing the activity. Network mappers such as LanSurveyor locate all the hosts on a network. System Monitor is a program used by Linux, and performance monitor is a program used by Windows; both of these monitor a servers resources such as CPU, RAM, and hard drive.
|
Of the following, what is the service provided by message authentication code?
A. Confidentiality
B. Fault tolerance C. Integrity D. Data recovery |
Answer: C. Integrity.
Explanation: Message authentication code (MAC) is a short piece of information that authenticates the message in an attempt to guarantee the messages data integrity. The MAC algorithm is sometimes referred to as a cryptographic hash function. Confidentiality needs to prevent the disclosure of information to unauthorized persons that can be done with encryption, not hashing. Fault tolerance is the capability for a server, network device, or entire network to continue functioning even if an error or attack occurs. Data recovery is necessary if a failure occurs that the network cannot recover from automatically. It is usually part of a disaster recovery plan.
|
The IT director asks you to set up a system that will encrypt credit card data. She wants you to use the most secure symmetric algorithm with the least amount of CPU usage. Which of the following algorithms should you select?
A. AESB B. SHA-1 C. 3DES D. RSA |
Answer: A. AES.
Explanation: The Advanced Encryption Standard (AES) is the best solution for this scenario. It uses the least amount of CPU resources yet is the most secure symmetric algorithm listed. SHA-1 is not a symmetric encryption algorithm; it is a hashing algorithm. 3DES is the predecessor to AES; it is not as secure or fast. RSA is an asymmetric encryption algorithm; it is secure but can use a lot of CPU resources.
|
You are in charge of auditing resources and the changes made to those files. Which of the following log files will show any unauthorized changes to those resources?
A. System log file
B. Application log file C. Directory services log file D. Security log file |
Answer: D. Security log file.
Explanation: The security log file shows any unauthorized changes to the
resources that you decide to audit. These resources can include files,
folders, printers, and so on. This can work only if object access auditing
has been enabled, and if auditing has been turned on for the resource in
question. The system log file logs information pertaining to drivers,
operating system files, the kernel, and so on. The application log file logs
information pertaining to applications such as Windows Explorer, the Command
Prompt, and third-party applications. The directory services log file logs information pertaining to the active directory.
|
You have completed the deployment of PKI within your organization's network. Legally you are required to implement a way to provide decryption keys to a governmental third party on an as-needed basis. Which of the following should you implement?
A. Additional certificate authority
B. Key escrow C. Recovery agent D. Certificate registration |
Answer: B. Key escrow.
Explanation: Key escrow should be implemented so that the governmental third party can be provided decryption keys as necessary. Key escrow is when certificate keys are held in the case that third parties such as government or other organizations need access to encrypted communications. Additional certificate authorities are normally implemented as a form of fault tolerance. To avoid single points of failure such as a single CA, certificate authorities can be organized in a hierarchical manner. Key recovery agents are configured if the lost or corrupted keys need to be restored. Certificate registration occurs when a user tries to access secure information and needs to apply for a certificate. The registration might be completed by the certificate authority or by a registration authority. |
Which of the following environmental controls is part of the TEMPEST standards?
A. Shielding
B. Fire suppression C. HVAC D. Biometrics |
Answer: A. Shielding.
Explanation: Shielding is part of the TEMPEST standards. TEMPEST is a group of standards that refer to the investigations of conducted admissions from electrical and mechanical devices that may or may not compromise an organization. It is important to shield devices such as air conditioners to prevent electromagnetic interference to network devices and cabling. Our suppression deals with the prevention of fires. HVAC deals with heating, ventilation, and air-conditioning. Biometrics is the measurement of human characteristics, such as thumbprint scans and voice recognition. |
Removable media such as USB flash drives can be a threat to security. In what two ways can you mitigate this threat? (Select the two best answers.)
A. Run an antivirus scan daily.
B. Disable the USB root hub. C. Design a written policy stating that USB flash drives are not allowed. D. Turn off USB in the BIOS. |
Answers: B and D. Disable the USB root hub, and turn off USB in the BIOS.
Explanation: The best way to disable USB flash drives is to turn off USB
altogether in the BIOS; however, it can also be turned off by disabling one or more of the USB root hubs within Device Manager in Windows. Disabling the USB flash drive is the best solution when it comes to mitigating this threat. An antivirus scan might find viruses or other amounts contained within the USB flash drive; if USB flash drives must be used, it would be wise to set up automatic scanning of removable media before usage is allowed. Written policies are difficult to enforce; a better option would be to create a software-based policy on the network controlling server.
|
You are in charge of auditing resources and the changes made to those files. Which of the following log files will show any unauthorized changes to those resources?
A. System log file
B. Application log file C. Directory services log file D. Security log file |
Answer: D. Security log file.
Explanation: The security log file shows any unauthorized changes to the resources that you decide to audit. These resources can include files, folders, printers, and so on. This can work only if object access auditing has been enabled, and if auditing has been turned on for the resource in question. The system log file logs information pertaining to drivers, operating system files, the kernel, and so on. The application log file logs information pertaining to applications such as Windows Explorer, the Command Prompt, and third-party applications. The directory services log file logs information pertaining to the active directory.
|
You have been assigned the task of instructing a junior IT professional with learning Internet Assigned Numbers Authority (IANA) assigned port information. The junior technician asks you what port is assigned to the Secure Shell (SSH). What answer do you provide? Choose the best option(s) from those listed below.
a) Port 443 b) Port 22 c) Port 21 d) Port 25 |
Explanation: The Secure Shell (SSH) protocol is assigned to port 22 by default. This network protocol is used to exchange data over a secure channel between two network devices. The SSH protocol provides two versions, SSH1 and SSH2. SSH2 provides several improvements over SSH1 in regards to its design and flexibility.
Correct Option(s): b) Port 22 Incorrect Option(s): a) Port 443 - Port 443 is used by the Hypertext Transfer Protocol Secure (HTTPS). HTTPS provides encrypted communication between web servers by combining Hypertext Transfer Protocol (HTTP) and Transport Layer Security (TLS)/Secure Sockets Layer (SSL). c) Port 21 - Port 21 is used by the File Transfer Protocol (FTP). FTP is commonly used to share files across a network. d) Port 25 - Port 25 is used by the Simple Mail Transfer Protocol (SMTP). SMTP is used for e-mail routing between two e-mail servers. |
You are reviewing Internet security options for your personal wireless network. You would like to secure your wireless connection to avoid unwanted computers from accessing your router and network. Which protocol would be the MOST secure to use? Choose the best option(s) from those listed below.
a) TKIP b) WEP c) AES d) CCMP |
Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP) is an available secure protocol used for encrypting wireless Local Area Networks (LANs). The CCMP protocol is more secure than TKIP and WEP protocols, as it is used with the WPA2 standard.
Correct Option(s): d) CCMP Incorrect Option(s): a) TKIP - Temporal Key Integrity Protocol (TKIP) is used with WPA wireless security and is not as secure as the CCPM protocol. TKIP is an encryption method, whereas CCMP is a protocol used with wireless LANs. b) WEP - Wired Equivalent Privacy (WEP) is a non-secure algorithm and was replaced by WPA. WEP is not as secure as the CCPM protocol. c) AES - Advanced Encryption Standard (AES) is an encryption method used with wireless security and not a protocol. AES is more secure than TKIP and is a common preference over this encryption method. |
You have been asked for assistance by a friend who has recently setup a new wireless home network. Your friend has discovered that anonymous computers have been accessing their wireless connection. Your friend has already implemented WPA2 wireless Internet security. Which additional wireless Internet security option can be applied to help restriction a computer from authenticating with a router? Choose the best option(s) from those listed below.
a) Firewall b) Access control list c) SSL d) MAC address filter |
A MAC address filter can be used with a wireless access point (WAP) to prevent clients from using it. A MAC address filter works by building a list of approved or denied MAC addresses, as well as which devices may be exempt from the filter. Using a wireless authentication method, such as Advanced Encryption Standard (AES) or Wired Equivalent Privacy (WEP), as well as a MAC address filter, is typically recommended to maximize wireless security. A MAC address filter is especially useful when the same devices, such as a computer or cellular phone, will be connecting to the same WAP; otherwise, a MAC address filter can be difficult to maintain if it constantly needs updating.
Correct Option(s): d) MAC address filter Incorrect Option(s): a) Firewall - A firewall is used within a network to filter and examine packets that are transmitted between devices. A firewall cannot be used to prevent a computer from authenticating with a WAP. b) Access control list - An access control list (ACL) is used to provide a list of permissions for a specific resource. An ACL cannot be used to prevent a computer from authenticating with a WAP. c) SSL - Secure Sockets Layer (SSL) is a protocol that provides secure communication over the Internet. SSL cannot be used to prevent a computer from authenticating with a WAP. |
Which of the following details one of the primary benefits of using S/MIME?
A. S/MIME expedites the delivery of e-mail messages. B. S/MIME enables users to send e-mail messages with a return receipt. C. S/MIME enables users to send both encrypted and digitally signed e-mail messages. D. S/MIME enables users to send anonymous e-mail messages. |
C. S/MIME enables users to send both encrypted and digitally signed e-mail messages.
( S/MIME employs a model based on a trusted CA S/MIME (Secure/Multipurpose Internet Mail Extensions) is a standard for public key encryption and signing of MIME data. S/MIME is on an IETF standards track and defined in a number of documents, most importantly RFCs (3369,3370,3850,3851). S/MIME was originally developed by RSA Data Security Inc.) |
Which of the following encryption algorithms can encrypt and decrypt data?
A. SHA-1 B. RC5 C. MD5 D. NTLM |
Ron's Code 5 = RC5 has a variable block size (32, 64 or 128 bits), key size (0 to 2040 bits) and number of rounds (0 to 255). The suggested choice of parameters were a block 64 bits/128-bit key /12 rounds.
SHA-1 produces a 160-bit message digest based on principles similar to MD5 message digest algorithms, but has a more conservative design. NTLM security protocols that provides AIC to users |
When users in your company attempt to access a particular website, the attempts are redirected to a spoofed website. What are two possible reasons for this?
A. DoS B. DNS poisoning C. Modified hosts file D. Domain name kiting |
B. DNS poisoning
C. Modified hosts file The hosts file is one of several system facilities that assists in addressing network nodes in a computer network. It is a common part of an operating system's Internet Protocol (IP) implementation, and serves the function of translating human-friendly hostnames into numeric protocol addresses, called IP addresses, that identify and locate a host in an IP network. In some operating systems, the hosts file's content is used preferentially to other methods, such as the Domain Name System (DNS), but many systems implement name service switches (e.g., nsswitch.conf for Linux and Unix) to provide customization. Unlike the DNS, the hosts file is under the direct control of the local computer's administrator.[1] |
What kind of attack is it when the packets sent do not require a synchronization process and are not connection-oriented?
A. Man-in-the-middle B. TCP/IP hijacking C. UDP attack D. ICMP flood |
C. UDP attack
A UDP flood attack is a denial-of-service (DoS) attack using the User Datagram Protocol (UDP), a sessionless/connectionless computer networking protocol. |