1.0 Threat Management

Question 1

<p>what is a public cloud?</p>

Answer 1

<p>the standard cloud computing model where a service provider makes resources available to the public over the internet</p>

Question 2

<p>what does OS fingerprinting involve?</p>

Answer 2

<p>using active fingerprinting to look at the ports (open/closed and the types of responses) and passive fingerprinting to examine the traffic to and from the computer (looking for the default window size or TTL of packets)</p>

Question 3

<p>what are the three main protocols that can be used for wireless networks?</p>

Answer 3

<p>wired equivalent privacy (WEP), WPAv1, WPAv2</p>

Question 4

<p>what is the purpose of infrastructure as a service (IaaS) in cloud computing?</p>

Answer 4

<p>it provides computer and server infrastructure, typically through a virtualization environment</p>

Question 5

<p>what do you use to control traffic from the internet to the LAN (local area network) by controlling the packets that are allowed to enter the LAN?</p>

Answer 5

<p>a firewall</p>

Question 6

<p>what is the most common type of system used to detect intrusions into a computer network?</p>

Answer 6

<p>NIDS</p>

Question 7

<p>what is the purpose of PaaS in cloud computing?</p>

Answer 7

<p>it provides not only a virtualized deployment platform but also a value-added solution stack and an application development platform</p>

Question 8

<p>what is the term for an unauthorized access that a network-based intrusion detection system (NIDS) fails to detect?</p>

Answer 8

<p>missed detection or false positive</p>

Question 9

<p>what does the acronym IDS denote?</p>

Answer 9

<p>Intrusion detection system</p>

Question 10

<p>what is the main difference between an IDS and an IPS?</p>

Answer 10

<p>an IDS detects intrusions. an IPS prevents intrusions</p>

Question 11

<p>what does the acronym ACL denote?</p>

Answer 11

<p>access control list</p>

Question 12

<p>what devices can limit the effectiveness of sniffing attacks: switches or routers?</p>

Answer 12

<p>switches</p>

Question 13

<p>what are the two major types of intrusion detection systems (IDS)?</p>

Answer 13

<p>network IDS (NIDS) and host IDS (HIDS)</p>

Question 14

<p>which type of IDS detects attack on individual devices?</p>

Answer 14

<p>host intrusion detection system (HIDS)</p>

Question 15

<p>which layer 3 device allows different logical networks to communicate?</p>

Answer 15

<p>router</p>

Question 16

<p>what is the default rule found in a firewall's access control list (ACL)?</p>

Answer 16

<p>deny all</p>

Question 17

<p>what does the acronym NIDS denote?</p>

Answer 17

<p>network-based intrusion detection system</p>

Question 18

<p>which security control is lost when using cloud computing?</p>

Answer 18

<p>physical control of the data</p>

Question 19

<p>what is the term for an authorized access that a network-based intrusion detection system (NIDS) incorrectly detects as an attack?</p>

Answer 19

<p>false positive</p>

Question 20

<p>what are the four types of cloud computing based on management type?</p>

Answer 20

<p>public, private, hybrid, and community</p>

Question 21

<p>what is hybrid cloud?</p>

Answer 21

<p>a cloud computing environment in which an organization provides and manages some resources in-house and has others provided externally via a public cloud</p>

Question 22

<p>what is multi-tenancy cloud?</p>

Answer 22

<p>a cloud model where multiple tenants share the resources. this model allows the service providers to manage the resource utilization more efficiently</p>

Question 23

<p>which type of system identifies suspicious patterns that may indicate a network or system attack?</p>

Answer 23

<p>intrusion detection system (IDS)</p>

Question 24

<p>why is data isolation used in cloud environments?</p>

Answer 24

<p>to ensure that tenant data in a multi-tenant solution is isolated from other tenant' data using a tenant ID in the data labels</p>

Question 25

<p>which information do routers use to forward packets to their destinations?</p>

Answer 25

<p>the network address and subnet mask</p>

Question 26

<p>what does the acronym HIDS denote?</p>

Answer 26

<p>host-based intrusion detection system</p>

Question 27

<p>what is a community cloud?</p>

Answer 27

<p>an infrastructure that is shared among several organizations from a specific group with common computing concerns</p>

Question 28

<p>what is the purpose of software as a service (SaaS) in cloud computing?</p>

Answer 28

<p>it ensures on-demand, online access to an application suite without the need for local installation</p>

Question 29

<p>what is a single-tenancy cloud?</p>

Answer 29

<p>a cloud model where a single client or organization uses a resource</p>

Question 30

<p>what OS footprinting do?</p>

Answer 30

<p>it performs the fingerprinting steps as well as gathering additional information, such as polling DNS (check the status/survey), registrar queries, and so on</p>

Question 31

<p>which type of IDS detects malicious packets on a network?</p>

Answer 31

<p>network intrusion detection system (NIDS)</p>

Question 32

what is lightweight extensible authentication protocol (LEAP)?

Answer 32

a proprietary wireless LAN authentication method developed by Cisco Systems

Question 33

which type of analysis involves identifying traffic that is abnormal?

Answer 33

anomaly analysis

Question 34

which wireless protocol provides the best security: WEP, WAP, WPA, or WPA2?

Answer 34

WPA2 with CCMP

Question 35

which category of IDS might increase logging activities, disable a service, or close a port as a response to a detected security breach?

Answer 35

active detection

Question 36

what does the acronym SIEM denote?

Answer 36

security information and event management

Question 37

what should you do to ensure that a wireless access point signal does not extend beyond it needed range?

Answer 37

reduce the power levels

Question 38

which type of analysis involves examining information in the header of the packet?

Answer 38

protocol analysis

Question 39

what is the purpose of MAC filtering?

Answer 39

to restrict the clients that can access a wireless network

Question 40

what is protected extensible authentication protocol (PEAP)?

Answer 40

a protocol that encapsulates the EAP within an encrypted and authenticated TLS tunnel

Question 41

what are the two modes of WAP and WPA2?

Answer 41

personal (also called preshared key or WPA-PSK / WPA2-PSK) and enterprise

Question 42

what type of analysis focuses on the long term direction in the increase or decrease in a particular type of traffic?

Answer 42

trend analysis

Question 43

which security protocol is the standard encryption protocol for use with the WPA2 standard?

Answer 43

counter mode cipher block chaining message authentication code protocol (CCMP)

Question 44

which security protocol was designed as an interim solution to replace WEP without requiring the replacement of legacy hardware?

Answer 44

temporal key integrity protocol (TKIP)

Question 45

which intrusion detection system (IDS) watches for intrusions that match a known identity?

Answer 45

signature-based IDS

Question 46

which software can collect logs from specified devices, combine the logs, and analyze the combined logs for security issues?

Answer 46

security information and event management (SIEM)

Question 47

what doe heuristic analysis do?

Answer 47

it determines the susceptibility of a system towards a particular threat/risk using decision rules or weighing methods

Question 48

which protocol does the enterprise mode of WPA and WPA2 use for authentication?

Answer 48

extensible authentication protocol (EAP)

Question 49

which wireless mode ensures that wireless clients can only communicate with the wireless access point and not with other wireless clients?

Answer 49

isolation mode

Question 50

which type of IDS or IPS uses an initial database of known attack types but dynamically alters their signatures base on learned behavior?

Answer 50

heuristic

Question 51

what doe packet analysis do?

Answer 51

it examines the entire packet, including the payload

Question 52

what are the non-overlapping channels for 802.11g/n?

Answer 52

channels 1,6, and 11

Question 53

what are the non-overlapping channels for 802.11b?

Answer 53

channels 1,6,11, and 14

Question 54

what is the most secure implementation of file transfer protocol (FTP)?

Answer 54

secure file transfer protocol (SFTP)

Question 55

what is the name for a hole in the security of an application deliberately left in place by a designer?

Answer 55

backdoor

Question 56

which malicious software infects a system without relying upon other applications for its execution?

Answer 56

a worm

Question 57

what does an anti-virus application signature file contain?

Answer 57

it contains identifying information about viruses

Question 58

which application or services uses TCP/UDP port 3389?

Answer 58

remote desktop protocol (RDP)

Question 59

which port number is used by TFTP?

Answer 59

UDP port 69

Question 60

what is the name for a fix that addresses a specific windows system problem or set of problems?

Answer 60

hotfix

Question 61

which firewall port should you enable to allow SMTP trafic to flow through the firewall?

Answer 61

port 25

Question 62

how many TCP/UDP ports are vulnerable to malicious attacks?

Answer 62

65,536

Question 63

which type of virus can change its signature to avoid detection?

Answer 63

polymorphic

Question 64

what is the default PPTP port?

Answer 64

TCP port 1723

Question 65

what is the purpose of NAC?

Answer 65

network access control (NAC) ensures that the computer on the network meets an organization’s security policies

Question 66

using role-based access control (RBAC), which entities are assigned roles?

Answer 66

users or subjects

Question 67

what is the name of the area that connects to a firewall and offers services to untrusted networks?

Answer 67

DMZ

Question 68

which virus creates many variants by modifying its code to deceive antivirus scanners?

Answer 68

polymorphic virus

Question 69

which port should you block at your network firewall to prevent telnet access?

Answer 69

port 23

Question 70

what is a good solution if you need to separate two departments into separate networks?

Answer 70

VLAN segregation

Question 71

which port number does LDAP use for communications encrypted using SSL/TLS?

Answer 71

port 636

Question 72

which type of code performs malicious acts only when a certain set of conditions occurs?

Answer 72

a logic bomb

Question 73

which firewall port should you enable to allow IMAP4 traffic to flow through the firewall?

Answer 73

TCP port 143

Question 74

which two port does FTP use?

Answer 74

ports 20 and 21

Question 75

what does VLAN segregation accomplish?

Answer 75

it protects each individual segment by isolating the segments

Question 76

which port number does HTTP use?

Answer 76

port 80

Question 77

which port numbers are used by NetBIOS?

Answer 77

ports 137, 138, 139

Question 78

which type of malware appears to perform a valuable function, but actually performs malicious acts?

Answer 78

trojan horse

Question 79

which port number does LDAP use when communications are not secured using SSL/TLS?

Answer 79

port 389

Question 80

what does the acronym RBAC denote?

Answer 80

role-based access control

Question 81

which viruses are written in macro language and typically infect operating systems?

Answer 81

macro viruses

Question 82

who can change a resource’s category in a mandatory access control environment?

Answer 82

administrators only

Question 83

which port number does NNTP (network news transfer protocol) use?

Answer 83

TCP port 119

Question 84

what is a trojan horse?

Answer 84

malware that is disguised as a useful utility, but is embedded with a malicious code to infect computer systems

Question 85

which port number does NTP use?

Answer 85

port 123

Question 86

what does the acronym DAC denote?

Answer 86

discretionary access control

Question 87

which firewall port should you enable to allow POP3 traffic to flow through the firewall?

Answer 87

TCP port 110

Question 88

which port number does DHCP use?

Answer 88

port 67

Question 89

which port number is used by SSL, FTPS, and HTTPS?

Answer 89

TCP port 443

Question 90

which port number is used by SSH, SCP, and SFTP?

Answer 90

port 22

Question 91

what is the default L2TP port?

Answer 91

UDP port 1701

Question 92

which type of access control associates roles with each user?

Answer 92

role-based access control (RBAC)

Question 93

why should you install a software firewall and the latest software patches and hotfixes on your computer?

Answer 93

to reduce security risks

Question 94

what is the name for a collection of hotfixes that have been combined into a single patch?

Answer 94

a service pack

Question 95

which type of access control is the multi-level security mechanism used by the department of defense (DoD)?

Answer 95

mandatory access control (MAC)

Question 96

which port number does DNS use?

Answer 96

port 53

Question 97

which port number is used by SMB?

Answer 97

tcp port 445

Question 98

what is a file considered in a mandatory access control environment?

Answer 98

an object

Question 99

what is the purpose of anti-spam application or filters?

Answer 99

to prevent unsolicited e-mail

Question 100

which type of access control was originally developed for military use?

Answer 100

mandatory access control (MAC)

Question 101

when should you install a software patch on a production server?

Answer 101

after the patch has been tested

Question 102

which type of access control is most suitable for top-secret information?

Answer 102

mandatory access control (MAC)

Question 103

which port number does SNMP use?

Answer 103

UDP port 161

Question 104

in a secure network, what should be the default permission position?

Answer 104

implicit deny

Question 105

which port number does SSH use?

Answer 105

port 22

Question 106

which type of virus attempts to hide from antivirus software and from the operating system by remaining in memory?

Answer 106

stealth

Question 107

which port is used for LDAP authentication?

Answer 107

port 389

Question 108

which self-replicating computer program sends copies of itself to other devices on the network?

Answer 108

worm

Question 109

which port number is used by microsoft SQL server?

Answer 109

tcp port 1433

Question 110

which TCP port number does secure sockets layer (SSL) use?

Answer 110

port 443

Question 111

according to the CySA+ objectives, what are the six rules of engagement for penetration testing?

Answer 111

timingscopeauthorizationexploitationcommunicationreporting

Question 112

is a DHCP server normally placed inside a DMZ?

Answer 112

no

Question 113

what is meant by the term exploitation in regards to rules of engagement in penetration testing?

Answer 113

all exploits that will be attempted during a scan

Question 114

what is decomposition?

Answer 114

the process of breaking software or malware down to discover how it works

Question 115

what is meant by the term scope in regards to vulnerability testing?

Answer 115

the devices or parts of the network that can be scanned and the types of scans to be performed

Question 116

which technology enables a LAN to use one set of IP addresses for internal traffic and a second set of addresses for external traffic, while hiding internal addresses or address space?

Answer 116

NAT

Question 117

which assessment determines whether network security is properly configured to rebuff hacker attacks?

Answer 117

penetration test

Question 118

what is the purpose of network segmentation?

Answer 118

to isolate a group of devices

Question 119

what can be used to run a possibly malicious program in a safe environment?

Answer 119

sandbox

Question 120

which term is used for the process of verifying the integrity of a file by using a hashing algorithm?

Answer 120

fingerprinting or hashing

Question 121

what is the purpose of the blue team in a training exercise?

Answer 121

defending the device or network

Question 122

which documentation reduces the likelihood that you have received counterfeit equipment?

Answer 122

OEM (original equipment manufacturer) documentation

Question 123

which type of connectivity provides a remote user the ability to safely connect to his or her corporate network while maintaining data confidentiality and integrity?

Answer 123

VPN

Question 124

what is the purpose of the red team in a training exercise?

Answer 124

attacking the devices or network

Question 125

what is meant by the term timing in regards to penetration testing?

Answer 125

the time when the test should occur and when it should not occur

Question 126

what is the primary security advantage of using NAT?

Answer 126

NAT hides internal IP addresses from the public network

Question 127

what is meant by the term authorization in regards to penetration testing?

Answer 127

the written agreement and legal authority to perform a vulnerability test

Question 128

which type of test attempts to exploit vulnerabilities?

Answer 128

penetration test or pentest

Question 129

which type of test ONLY identifies vulnerabilities?

Answer 129

vulnerability test

Question 130

what is the purpose of rules of engagement for penetration testing?

Answer 130

they define how a penetration test should occur, including the factors that limit the penetration test

Question 131

what does the acronym OEM denote?

Answer 131

original equipment manufacturer

Question 132

which team acts as the referee during a training exercise?

Answer 132

white team

Question 133

what is the purpose of the Trusted Foundry?

Answer 133

it identifies trusted vendors and ensures a trusted supply chain for the united states department of defense (DoD)

Question 134

does each VLAN create its own collision domain or its own broadcast domain?

Answer 134

broadcast domain