4.0 Security Architecture and Tool Sets

Question 1

which audit category will audit all instances of users exercising their rights?

Answer 1

the audit privilege use audit category

Question 2

what is another term for logical controls?

Answer 2

technical controls

Question 3

which type of controls dictates how security policies are implemented to fulfill the company’s security goals?

Answer 3

administrative or management control

Question 4

what is the name of the process for removing only the incriminating data from the audit logs?

Answer 4

scrubbing

Question 5

which type of controls is implemented to secure physical access to an object, such as building, a room, or a computer?

Answer 5

physical or operational control

Question 6

which type of controls include developing policies and procedures, screening personnel, conducting security awareness training, and implementing change control?

Answer 6

administrative controls

Question 7

what is the purpose of administrative controls?

Answer 7

to implement security policies based on procedures, standards, and guidelines

Question 8

what is the purpose of password complexity rules?

Answer 8

to ensure that users do not use passwords that are easy to guess using dictionary attacks

Question 9

what must you do for an effective security auditing policy, besides creating security logs?

Answer 9

analyze the logs

Question 10

what is the purpose of physical controls?

Answer 10

to work with administrative and technical controls to enforce physical access control

Question 11

which audit category tracks access to all objects outside active directory?

Answer 11

the audit object access audit category

Question 12

which password attack does an account lockout policy protect against?

Answer 12

a brute force attack

Question 13

if a user needs administrative-level access, how many user accounts should be issued to the user?

Answer 13

two - one for normal tasks, one for administrative-level tasks

Question 14

which setting ensures that accounts are not used beyond a certain data and/or time?

Answer 14

account expiration

Question 15

what are you trying to determine if you implement audit trails to ensure that users are not performing unauthorized functions?

Answer 15

accountability

Question 16

which setting ensures that users periodically change their account passwords?

Answer 16

password expiration

Question 17

what is the name for the process of tracking user activities by recording selected events in the server activity logs?

Answer 17

auditing

Question 18

which document is used when it is necessary to invoke legal action against an employee for inappropriate use of computer resources?

Answer 18

acceptable use policy

Question 19

which type of controls includes access control mechanisms, password management, identification methods, authentication methods, and security devices?

Answer 19

technical or logical controls

Question 20

what are the FIVE stages in the life cycle of the evidence or the chain of custody?

Answer 20

1. collection of evidence from the site2. analysis of the evidence by a team of experts3. storage of the evidence in a secure place to ensure that the evidence is not tampered with4. presentation of the evidence by legal experts in a court of law5. returning the evidence to the owner after the proceedings are over

Question 21

what is the purpose of audit logs?

Answer 21

to document actions taken on a computer network and the party responsible for those actions

Question 22

which type of controls work to protect system access, network architecture and access, control zones, auditing, and encryption and protocols?

Answer 22

technical controls

Question 23

what is the purpose of technical controls?

Answer 23

to restrict access to objects and protect availability, confidentiality, and integrity

Question 24

when should an administrative account be used?

Answer 24

when performing administrative-level tasks

Question 25

which linux file contains encrypted user passwords that only the root user can read?

Answer 25

/etc/shadow

Question 26

what is the purpose of password age rules?

Answer 26

to ensure that users change their passwords on a regular basis

Question 27

which account should you rename immediately after installing a new operating system (OS) to harden the OS?

Answer 27

the administrator account

Question 28

which assessment examines whether network security practices follow a company’s security policy?

Answer 28

an audit

Question 29

which audit category monitors changes to user accounts and groups?

Answer 29

the audit account management audit category

Question 30

what is the purpose of the password history settings?

Answer 30

to ensure that users do not keep reusing the same passwords

Question 31

which setting ensures that repeated attempts to guess a user’s password is not possible beyond the configured value?

Answer 31

account lockout

Question 32

which account should you disable immediately after installing a new operating system (OS) to harden the OS?

Answer 32

the guest account

Question 33

which log in event viewer should you open to view events that are generated based on your auditing settings?

Answer 33

the security log

Question 34

what is a good password complexity policy?

Answer 34

a mixture of numbers, uppercase and lowercase letters, and special characters, such as rObin3*nest

Question 35

which audit category tracks all attempts to log on with a domain user account when enabled on domain controllers?

Answer 35

the audit account logon events audit category

Question 36

which type of controls includes controlling access to different parts of a building, implementing locking systems, installing fencing, implementing environmental controls, and protecting the facility perimeter?

Answer 36

physical controls

Question 37

what is the top-most level of the LDAP hierarchy?

Answer 37

root

Question 38

what is the primary function of LDAP?

Answer 38

lightweight directory access protocol (LDAP) controls client access to directories

Question 39

what are flood guards?

Answer 39

devices that protect denial of service (DoS) attacks

Question 40

what does the acronym RADIUS denote?

Answer 40

remote authentication dial-in user service

Question 41

what are the two types of eye scans?

Answer 41

iris scans and retinal scans

Question 42

which type of authentication is accomplished by authenticating both the client and server sides of a concentration through the encrypted exchange of credentials?

Answer 42

mutual authentication

Question 43

what does the acronym TACACS denote?

Answer 43

terminal access controller access control system

Question 44

which function does a single sign-on (SSO) system provide?

Answer 44

it allows a user to present authentication credentials once and gain access to all computers within the SSO system

Question 45

what is the purpose of federated identity management?

Answer 45

it allows single sign-on (SSO) between companies

Question 46

what does the acronym KDC denote?

Answer 46

key distribution center

Question 47

which authentication protocol uses UDP: TACACS+ or RADIUS?

Answer 47

RADIUS

Question 48

which security-server application and protocol implements authentication and authorization of users from a central server over TCP?

Answer 48

terminal access controller access control system plus (TACACS+)

Question 49

which authentication protocol is an open standard: TACACS+ or RADIUS?

Answer 49

RADIUS

Question 50

which authentication system includes clients, servers, and a key distribution center (KDC)?

Answer 50

kerberos

Question 51

which authentication protocol separates authentication and authorization: TACACS+ or RADIUS?

Answer 51

TACACS+

Question 52

which Cisco implementation is similar to a RADIUS implementation?

Answer 52

TACACS

Question 53

what are the two components of the kerberos key distribution center?

Answer 53

authentication server (AS) and ticket-granting server (TGS)

Question 54

which access control model is based on the data’s owner implementing and administering access control?

Answer 54

discretionary access control (DAC)

Question 55

which eye scan measures the pattern of blood vessels at the back of the eye?

Answer 55

retinal scan

Question 56

scanning fingerprints is an example of which authentication technique

Answer 56

biometrics

Question 57

using role-based access control (RBAC), which entities are assigned roles?

Answer 57

users or subjects

Question 58

which kerberos component holds all users’ and services’ cryptographic keys and generates tickets?

Answer 58

key distribution center (KDC)

Question 59

who has the responsibility for configuring access rights in discretionary access control (DAC)?

Answer 59

the data owner or data custodian

Question 60

what is the most important biometric system characteristic?

Answer 60

accuracy

Question 61

which type of attack can turn a switch into a hub?

Answer 61

MAC flooding

Question 62

what does the acronym MAC denote?

Answer 62

mandatory access control

Question 63

which type of eye scan is considered more intrusive than other eye scans?

Answer 63

retinal scan

Question 64

which fingerprint scan will analyze fingerprint ridge direction?

Answer 64

minutiae matching

Question 65

why is password disclosure a significant security issue in a single sign-on network?

Answer 65

it could compromise the entire system because authentication grants access to any systems on the network to which the actual user may have permission

Question 66

which access control model has the lowest cost?

Answer 66

role-based access control (RBAC)

Question 67

what does the acronym SSO denote?

Answer 67

single sign-on

Question 68

which authentication protocol encrypts the entire packet (not just the password): TACACS+ or RADIUS?

Answer 68

TACACS+

Question 69

which authentication protocol uses tickets to authenticate users?

Answer 69

Kerberos

Question 70

which function does RADIUS provide?

Answer 70

centralized authentication, authorization, and accounting for remote dial-in users

Question 71

which security-server application and protocol implement authentication of users from a central server over UDP?

Answer 71

remote authentication dial-in user service (RADIUS)

Question 72

which directory protocol does directory-enabled networking (DEN) use?

Answer 72

lightweight directory access protocol (LDAP)

Question 73

which access control model uses security labels for each resource?

Answer 73

mandatory access control (MAC)

Question 74

what are the two advantages of single sign-on (SSO)?

Answer 74

convenience and centralized administration

Question 75

which access control model requires assigning security clearance levels to users, such as secret, top-secret, and confidential?

Answer 75

mandatory access control (MAC)

Question 76

which internet protocol based on X.500 is used to access the data stored in a network directory?

Answer 76

lightweight directory access protocol (LDAP)

Question 77

what is the purpose of RADIUS?

Answer 77

remote access dial-in user service (RADIUS) enables remote access users to log on to a network through a shared authentication database

Question 78

which ethernet standard uses a wireless access point with a remote authentication dial-in user service (RADIUS) server to authenticate wireless users?

Answer 78

802.1x

Question 79

which type of authentication combines two or more authentication methods, like something that a person knows (such as password), something that a person owns (such as a smart card), and a characteristic about the person (such as a fingerprint)?

Answer 79

multi-factor authentication

Question 80

which technique is used to prevent network bridging?

Answer 80

network separation

Question 81

on which standard is lightweight directory access protocol (LDAP) based?

Answer 81

X.500

Question 82

what are the two types of ciphers?

Answer 82

block and streaming

Question 83

what is most commonly used to provide proof of message’s origin?

Answer 83

a digital signature

Question 84

which key is used to decrypt a digital signature: public or private?

Answer 84

public

Question 85

which cryptographic technique is based on a combination of two keys: a secret (private) key and a public key?

Answer 85

public-key cryptography

Question 86

in asymmetric encryption for a digital signature, which key is used for encryption: public or private?

Answer 86

private

Question 87

what are mandatory vacations?

Answer 87

administrative controls that ensure that employees take vacations at periodic intervals

Question 88

what are two other names for single-key cryptography?

Answer 88

symmetric key encryption and secret-key encryption

Question 89

which type of cryptography is more secure: symmetric or asymmetric?

Answer 89

asymmetric

Question 90

which security measure prevents fraud by reducing the chances of collusion?

Answer 90

separation of duties

Question 91

what are the three issues that symmetric data encryption fails to address?

Answer 91

data integrity, repudiation, scalable key distribution

Question 92

to provide checks and balances and to prevent one person from gaining too much power over a system, which type of security policy should you implement?

Answer 92

separation of duties

Question 93

what is the term for the process that applies a one-way mathematical function called a message digest function to an arbitrary amount of data?

Answer 93

hashing

Question 94

what is a dual control?

Answer 94

when two operators work together to accomplish a sensitive task

Question 95

what is segregation of duties?

Answer 95

when a sensitive activity is segregated into multiple activities and tasks are assigned to different individuals to achieve a common goal

Question 96

what is another name for public-key encryption?

Answer 96

asymmetric encryption

Question 97

what is another term used for layered security?

Answer 97

defense in depth

Question 98

what is job rotation?

Answer 98

when an individual can fulfill the tasks of more than one position in the organization and duties are regularly rotated to prevent fraud

Question 99

what is the opposite of confidentiality?

Answer 99

disclosure

Question 100

what is the purpose of filters on a web server?

Answer 100

they limit the traffic that is allowed through

Question 101

what is the purpose of sandbox in a java applet?

Answer 101

it prevents java applets from accessing unauthorized areas on a user’s computer

Question 102

which error condition arises because data is not checked before input to ensure that it has an appropriate length?

Answer 102

buffer overflow errors

Question 103

when does fuzzing occur?

Answer 103

when unexpected values are provided as input to an application to make the application crash

Question 104

what are the FIVE phases of the system development life cycle (SDLC)?

Answer 104

1. initiation2. development and acquisition3. implementation and assessment4. operations and maintenance5. disposal

Question 105

what is the purpose of a decompiler?

Answer 105

to re-create the source code in some high-level language

Question 106

which type of attack runs code within another process’s address space by making it load a dynamic link library?

Answer 106

a DLL injection attack

Question 107

what is the purpose of fuzz testing?

Answer 107

to identify bugs and security flaws within an application

Question 108

what are alternate terms for cross-site request forgery (XSRF)?

Answer 108

session riding or one-click attack

Question 109

which application hardening method requires that your organization periodically checks with the application vendor?

Answer 109

patch management

Question 110

what is the most significant misuse of cookies?

Answer 110

misuse of personal data

Question 111

when does fuzzing occur?

Answer 111

when unexpected values are provided as input to an application in an effort to make the application crash

Question 112

what does a race condition typically attack?

Answer 112

the delay between time of check (TOC) and time of use (TOU)

Question 113

when does a cross-site scripting (XSS) attack occur?

Answer 113

it occurs when an attacker locates a vulnerability on a web site that allows the attacker to inject malicious code into a web application

Question 114

what is the name for a small piece of information that is saved on a client machine on the hard disk to enable tracking of user information on future web visits?

Answer 114

a cookie

Question 115

what is the purpose of an application disassembler?

Answer 115

to read and understand the raw language of the program

Question 116

what is the purpose of a fail-safe error handler?

Answer 116

to ensure that the application stops working, reports the error, and closes down

Question 117

what is an application backdoor?

Answer 117

lines of code that are inserted into an application to allow developers to enter the application and bypass the security mechanisms

Question 118

what is cross-site request forgery (XSRF)?

Answer 118

unauthorized commands coming from a trusted user to a user or web site, usually through social networking

Question 119

what should application developers do to prevent race condition attack?

Answer 119

create code that processes exclusive-lock resources in a certain sequence and unlocks them in reverse order

Question 120

what is the best protection against cross-site scripting? (XSS)?

Answer 120

disable the running of scripts

Question 121

what is the purpose of secure code review?

Answer 121

it examines all written code for any security holes that may exist

Question 122

what is a cookie?

Answer 122

a web client test file that stores persistent settings for a web server

Question 123

what is the purpose of input validation?

Answer 123

to ensure that data being entered into a database follows certain parameters

Question 124

what is the purpose of application hardening?

Answer 124

it ensures that an application is secure and unnecessary services are disabled

Question 125

which error occurs when the length of the input data is more than the length that processor buffers can handle?

Answer 125

buffer overflow

Question 126

which type of attack is characterized by an attacker who takes over the session of an already authenticated user?

Answer 126

hijacking

Question 127

what is a zero-day exploit?

Answer 127

an attack that exploits a security vulnerability on the day the vulnerability becomes generally known

Question 128

when does a persistent XSS attack occur?

Answer 128

when data provided to the web application is first stored persistently on the server and later displayed to users without being encoded using HTML on the Web client

Question 129

which type of attack intercepts an established TCP session?

Answer 129

TCP hijacking or session hijacking

Question 130

which type of attack enables an intruder to capture and modify data traffic by rerouting the traffic from a network device to the intruder’s computer?

Answer 130

network address hijacking

Question 131

what are the FIVE monitoring tools analyst need to know?

Answer 131

MRTG (multi router traffic grapher)NagiosSolarWindsCactiNetflow Analyzer

Question 132

what is wireshark?

Answer 132

a protocol analyzer or packet sniffer

Question 133

what are the THREE IPS tools?

Answer 133

sourcefiresnortbro

Question 134

what is unit testing?

Answer 134

the debugging performed by the programmer while coding instructions

Question 135

what are the THREE categories of exploit tools?

Answer 135

interception proxyexploit frameworkfuzzers

Question 136

what error condition arises because data is not checked before input to ensure that it has an appropriate length?

Answer 136

buffer overflow errors

Question 137

what is the purpose of content inspection?

Answer 137

to search for malicious code or behavior

Question 138

what are the TWO exploit framework tools analyst need to know?

Answer 138

Metasploit, Nexpose

Question 139

what are the six SIEM tools analyst need to know?

Answer 139

Arcsight, QRadar, Splunk, AlienVault, OSSIM, Kiwi Syslog

Question 140

what is microsoft baseline security analyzer?

Answer 140

a microsoft application that creates security reports

Question 141

what are TWO examples of input validation errors?

Answer 141

buffer overflow and boundary condition errors

Question 142

what is a proxy server?

Answer 142

a server that caches and filters content

Question 143

what are the seven categories of preventive tools?

Answer 143

IPSFirewallAnti-VirusAnti-malwareEnhanced Mitigation Experience Toolkit (EMET)Web proxyWeb application firewall

Question 144

which error occurs when the length of the input data is more than the length that processor buffers can handle?

Answer 144

a buffer overflow

Question 145

what is the most popular intrusion detection system (IDS)?

Answer 145

network-based IDS

Question 146

what are the three interception proxy tools analyst need to know?

Answer 146

Burp SuiteZapVega

Question 147

what does the acronym IDS denote?

Answer 147

intrusion detection system

Question 148

what are the SEVEN command-line tools analyst need to know?

Answer 148

netstatpingtracert/tracerouteipconfig/ifconfignslookup/digSysinternalsOpenSSL

Question 149

what is the difference between a password checker and a password cracker?

Answer 149

there is no difference. they are the same tools

Question 150

what are the SIX vulnerability scanning tools analyst need to know?

Answer 150

QualysNessusOpenVASNexposeNiktoMicrosoft Baseline Security Analyzer

Question 151

what are the TWO password cracking tools analyst need to know?

Answer 151

john the rippercain and abel

Question 152

what are the five forensic suite tools analyst need to know?

Answer 152

EnCaseFTK (forensic toolkit)HelixSysinternalsCellebrite

Question 153

which type of control is an intrusion detection system (IDS)?

Answer 153

detective technical

Question 154

which type of vulnerability assessment is more likely to demonstrate the success or failure of a possible attack?

Answer 154

a double-blind test

Question 155

what is Nessus?

Answer 155

a network vulnerability scanner

Question 156

what are the THREE categories of analytical tools?

Answer 156

vulnerability scanningmonitoring toolsinterception proxy

Question 157

what are the THREE web application firewalls (WAFs) analyst need to know?

Answer 157

ModSecurityNAXSIImperva

Question 158

what is the imaging tool analysts need to know?

Answer 158

DD

Question 159

what are the two hashing tools analyst need to know?

Answer 159

MD5sumSHAsum

Question 160

what is the network scanning tool analyst need to know?

Answer 160

NMAP

Question 161

what activity provides identification of security flaws and verification of levels of existing resistance?

Answer 161

penetration testing

Question 162

what are the THREE fuzzer tools analyst need to know?

Answer 162

UntidyPeach FuzzerMicrosoft SDL File/Regex Fuzzer

Question 163

what are the FOUR categories of forensics tools?

Answer 163

forensics suiteshashingpassword crackingimaging

Question 164

what are the four packet capture tools analyst need to know?

Answer 164

wiresharktcpdumpnetwork generalaircrack-ng

Question 165

which tool obtains a visual map of the topology of your network, including all devices on the network?

Answer 165

a network mapper, also referred to as a network enumerator

Question 166

what are the THREE firewall vendors analyst need to understand?

Answer 166

Cisco, Palo Alto, Check Point

Question 167

which tool should you use to retrieve the contents of a GET request: a protocol analyzer or port scanner?

Answer 167

protocol analyzer

Question 168

what are the SIX categories of collective tools?

Answer 168

SIEMNetworking scanningVulnerability scanningPacket captureCommand-line utilitiesIDS