Analysis

Question 1

Which standard uses divisions called security assurance levels to evaluate products?

Answer 1

Trusted Computer System Evaluation Criteria (TCSEC)

Question 2

What type of IDS can recognize an attack made with the use of fragroute?

Answer 2

A host-based IDS

Question 3

What happens when insurance is used to eliminate a risk?

Answer 3

Risk transference

Question 4

What is the term for the process of identifying sets of vulnerabilities that can be used together to penetrate a network?

Answer 4

Vulnerability linkage

Question 5

What are the three safeguards in a risk assessments?

Answer 5

Logical safeguards, administrative safeguards, and physical safeguards

Question 6

Which tool is used to intercept, modify, and rewrite egress traffic destined for the specified host in such a way that a NIDS cannot recognize the attack signatures?

Answer 6

fragroute

Question 7

Which type of attack can be prevented by using port security to create static ARP entries in the MAC table?

Answer 7

MAC flood attacks

Question 8

Why would a hacker utilize alternate data streams (ADS)?

Answer 8

To hide malicious file content within a benign file

Question 9

What type of attack changes the IP address to MAC address mappings on two other devices, such that the two devices send frames to the attacker when they think they are sending frames to one another?

Answer 9

ARP poisoning

Question 10

When a router is examining a packet against an access control list and finds a traffic match, what action does the router take?

Answer 10

It takes the prescribed action and stops evaluating the packet

Question 11

In a risk assessment, event logging and password management are examples of which type of safeguard?

Answer 11

Logical safeguards

Question 12

What happens when no control is used to address a particular risk?

Answer 12

Risk acceptance

Question 13

Which step in a penetration test is sometimes called “cleaning up”?

Answer 13

The last step involves returning any systems to their state prior to the pen test, which can include removing or cleaning up user accounts created externally as a result of the test

Question 14

What is the term for the tool or process used to exploit a threat?

Answer 14

Threat vector

Question 15

Which type of attack splits the attack payload into many packet fragments?

Answer 15

Session fragmentation

Question 16

What is the term for a person who attempts to exploit a threat?

Answer 16

Threat agent

Question 17

Which Common Criteria component defines a standard set of security requirements for a specific type of product?

Answer 17

Protection profile

Question 18

Which version of the SPAN switch configuration sends traffic from multiple ports on multiple switches to a single switch port where the IDS is located?

Answer 18

Remote SPAN (RSPAN)

Question 19

What is the purpose of the John the Ripper tool?

Answer 19

To crack weak passwords

Question 20

Which standard uses levels called security functional requirements to assess security functionality?

Answer 20

Information Technology Security Evacuation Criteria (ITSEC)

Question 21

In a risk assessment, data classification and background checks are examples of which type of safeguard?

Answer 21

Administrative safeguards

Question 22

In a risk assessment, facility access control and equipment inventory are examples of which type of safeguard?

Answer 22

Physical safeguards

Question 23

What is the purpose of the Snort tool?

Answer 23

Intrusion detection

Question 24

Which type of attack splits the attack payload into many small packets?

Answer 24

Session splicing

Question 25

Which international standard establishes a baseline of confidence in the security functionality of IT products, and includes protection profiles and evaluation assurance levels?

Answer 25

Common Criteria

Question 26

Which type of scanning operates proactively to locate issues, utilizes automated processes, and scans and identifies vulnerabilities of all systems present on the network?

Answer 26

Vulnerability scanning

Question 27

When an IDS or IPS is examining a packet against an access control list and finds a traffic match, what action does the device take?

Answer 27

It continues to examine the packet after a match is found to identify any additional rules the packet might match.

Question 28

What happens when a control is implemented to reduce the impact of a risk?

Answer 28

Risk mitigation

Question 29

What is the term for a weakness or error that can lead to a compromise?

Answer 29

Vulnerability

Question 30

What is the process called when an IDS reassembles small packets before performing expression matching?

Answer 30

Session reconstruction

Question 31

What job role is in charge of addressing physical risks to the facility?

Answer 31

Facilities manager

Question 32

What is the most efficient protection control against a social engineering attack?

Answer 32

End-user training

Question 33

Which file system is susceptible to an attack that uses alternative data streams?

Answer 33

NTFS

Question 34

What is the goal of session fragmentation and session splicing attacks?

Answer 34

To evade detection by the IDS

Question 35

Which type of attack exploits the TCP handshake process?

Answer 35

SYN flood

Question 36

What is the purpose of a security audit?

Answer 36

It evaluates how well a company adheres to its stated security policy

Question 37

Which type of attack sends many frames with bogus MAC addresses as the source?

Answer 37

MAC flood attack

Question 38

What should you do when no known workaround exists to eliminate a Linux kernel vulnerability?

Answer 38

Upgrade the kernel immediately

Question 39

How do you prevent rule files from loading when snort is started?

Answer 39

Open the snort.config file and comment out all of the rules you do not wish to use

Question 40

What is the purpose of the nmap tool?

Answer 40

Port scanning

Question 41

What is the purpose of a post-mortem in a security audit?

Answer 41

It evaluates the execution of the security plan. It is also called a lessons learned session

Question 42

Which attack is based on changing the IP address to host name mapping?

Answer 42

DNS poisoning

Question 43

What is the purpose of the Tripwire tool?

Answer 43

To check the integrity of system files

Question 44

What is the term for a vulnerability that exists that has the potential to be exploited, as compared to a vulnerability that exists but has no chance of being exploited?

Answer 44

Threat

Question 45

How can a hacker take advantage of alert threshold settings to avoid detection?

Answer 45

By ping scanning very slowly

Question 46

Which impact needs to be considered before implementing a security audit?

Answer 46

The impact on performance

Question 47

What is the ultimate goal of a MAC flood attack?

Answer 47

To fill the MAC table with nonexistent MAC addresses, causing the switch to flood all frames out all interfaces and allowing the attacker to receive frames normally not allowed to see

Question 48

Which feature can be enabled on a switch to prevent MAC flooding and MAC spoofing?

Answer 48

Port security

Question 49

What is the term for risk that still exists after security controls have been applied?

Answer 49

Residual risk

Question 50

In which stage of the Secure Software Development Lifecycle is the platform and programming language chosen?

Answer 50

Design phase

Question 51

What happens when an organization decides to cease an activity or process that creates a risk?

Answer 51

Risk avoidance

Question 52

Which attack uses a multitude of infected computers known as zombies or bots?

Answer 52

DDoS attacks

Question 53

What vulnerability tool is specifically designed to locate potential exploits in the products from Microsoft?

Answer 53

Microsoft Baseline Security Analyzer (MBSA)

Question 54

What job role is in charge of ensuring systems and information assets for a unit are used to accomplish business objectives?

Answer 54

Business or functional manager

Question 55

Which configuration on a switch sends all traffic to the port on which the IDS is located?

Answer 55

Switched Port Analyzer (SPAN) feature

Question 56

Which file contains the options for the configuration of the Snort tool?

Answer 56

snort.config

Question 57

Which Common Criteria component defines how thoroughly the product is tested?

Answer 57

Evaluation Assurance Level (EAL)

Question 58

In which stage of the Secure Assurance Maturity Model lifecycle are components and libraries built?

Answer 58

Construction stage

Question 59

Which type of device is targeted by MAC flood attacks?

Answer 59

Switches