Chapter 2 - Monitoring Networks

Question 1

Rene

What were originally introduced to help troubleshoot network problems?

Answer 1

page 46.

Network Monitors, AKA sniffers

Question 2

Rene

What is Promiscuous Mode?

Answer 2

page 46.
Simply means that the network card looks at any packet that it sees on the network, even if that packet is not addressed to the network.

Question 3

Rene

What log contains various events logged by applications or programs.

Answer 3

page 47.

Application Log

Question 4

Rene

Which Log has successful and unsuccessful logon attempts and records events related to resource use, such as creating, opening or deleting file or other objects.

Answer 4

page 47.

Security Log

Question 5

Rene

What are the options in Event Viewer that allow you to perform certain actions?

Answer 5

page 51.
Saving the Log file in (evt, txt or csv format), opening saved logs, filtering the log file and viewing or changing properties.

Question 6

Rene

What is Hardening?

Answer 6

page 52.

A general process of making certain that the operating system itself is as secure as it can be.

Question 7

Rene

True or False
Part of OS Hardening is disabling unneccessary services.

Answer 7

page 53

True

Question 8

Rene

What is RPC

Answer 8

page 53
Remote Procedure Call
Is a programming interface that allows a remote computer to run programs on a local machine.

Question 9

Rene

True or False
It is considered a security best practice to remove unneeded software

Answer 9

page 55

True

Question 10

Rene

What is a patch?

Answer 10

page 56

Is an update to a system, sometimes a patch adds new functionality; in other cases, it corrects a bug in the software

Question 11

Rene

What are the three types of patches?

Answer 11

page 57
Service Pack
Updates
Security Updates

Question 12

Rene

What is IDS?

Answer 12

page 64
Intrusions Detection System
Focused on detecting intrusion

Question 13

Rene

What is IPS?

Answer 13

page 64
Intrusion Prevention System
Focused in preventing intrusions

Question 14

Rene

How does a “Honeypot” work?

Answer 14

page 64

Draw attackers away from higher-value system or allows administrators to gain intelligence about an attack strategy.

Question 15

Rene

How does a “Honeynet” work?

Answer 15

page 64
Creates a synthetic network that can be run on a single computer system and is attached to a network using a normal Network Interface Card (NIC)

Question 16

Rene

What is the process of luring someone into your plan or trap, by using free stuff or a challenge?

Answer 16

page 65

Enticement

Question 17

Rene

What is the process in which a law enforcement officer or a government agent encourages or induces a person to commit a crime when the potential criminal expresses a desire not to go ahead?

Answer 17

page 65

Entrapment

Question 18

Rene

True or False
Enticement and Entrapment are both legal in the US, but not legal in Canada.

Answer 18

page 65

False

Question 19

Rene

What are Alarms?

Answer 19

page 63

Are indications that there is an ongoing CURRENT problem.

Question 20

Rene

What are Alerts?

Answer 20

page 63

Are issues to which you need to pay attention, but are not about to bring the system down at any moment.

Question 21

Rene

What are Trends?

Answer 21

page 63
Trends in threats, example;
Last month, spear phishing attacks been increasing.

Question 22

Rene

What are Security Audits and what do they include?

Answer 22

page 62
An integral part of continuous security monitoring. they include;
* Review of security logs
* Review of policies and compliance with policies
* A check of security device configuration
* Review of incident response reports

Question 23

Rene

What are the settings for Remediation Policy?

Answer 23

page 62

• Minor
• Serious
• Critical

Question 24

Rene

What are methods of Security the Network?

Answer 24

page 60
Using the following concepts;
* MAC Limiting and Filtering
* 802.1X
* Disable Unused Ports
* Rogue Machine Detection

Question 25

Rene

What types of accounts should you disable?

Answer 25

page 58

• Employees who have left the company
• Temporary Employees
• Default Guest Accounts