Chapter 2 Review Flashcards
What are some of the drawbacks to using a HIDS instead of a NIDS on a server? (Select the two best answers.)
A. A HIDS may use a lot of resources, which can slow server performance.
B. A HIDS cannot detect operating system attacks.
C. A HIDS has a low level of detection of operation system attacks
D. A HIDS cannot detect network attacks.
A. A HIDS may use a lot of resources, which can slow server performance.
D. A HIDS cannot detect network attacks.
Dan is a network administrator. One day notices that his DHCP server is flooded with information. He analyzes it and finds that the information os coming from more than 50 computers the network. Which of the following is the most likely reason?
A. Virus
B. Worm
C. Zombie
D. PHP script
B. Worm
A worm is most likely the reason that the server is being bombarded with information by the clients; perhaps it is perpetrated by a botnet. Because worms self-replicate, the damage can quickly become critical.
Which type of attack uses more than one computer?
A. Virus
B. DoS
C. Worm
D. DDoS
D. DDoS
Distributed Denial of Service attack uses multiple computers to make its attack, usually perpetuated on a server. None of the other answers use multiple computers.
Which of the following are Bluetooth threats? (Select the two best answers.)
A. Bluesnarfing
B. Blue Bearding
C. Bluejacking
D. Distributed Denial of Service
A. Bluesnarfing
C. Bluejacking
Bluesnarfing and bluejacking are the names of a couple of Bluetooth threats. Another attack could be aimed at a Bluetooth device’s discovery mode. To date there is no such thing as Blue Bearding, and a distributed denial of service attack uses multiple computers to attack one host.
Which type of malware does not require a user to execute a program to distribute the software?
A. Worm
B. Virus
C. Trojan horse
D. Stealth
A. Worm
Worms self-replicate and do not require a user to execute a program to distribute the software across networks. All the the other answers do require user intervention, Stealth refers to a type of virus.
Which of the following defines the difference between a Trojan horse and a worm?
A. Worms self replicate but Trojan horse do not
B. The two are the same.
C. Worms are sent via email; Trojan horse are not.
D. Trojan horses are malicious attacks; worms are not
A. The primary difference between a Trojan horse and a worm is that a worms will self-replicate with any intervention; Trojan horses do not self replicate.
Your manager wants you to implement a type of intrusion detection system (IDS) that can be matched to certain types of traffic patterns. What kind of IDS is this?
A. Anomaly-based IDS
B. Signature based IDS
C. Behavior based IDS
D. Heuristic based-IDS
B. Signature based IDS
When using an IDS, particular types of traffic patterns refer to the signature-based IDS.
You are tasked with implementing a solution that encrypts the CEO’s laptop. However, you are not allowed to purchase additional hardware or software. Which of the following solutions should implement?
A. HSM
B. TPM
C. HIDS
D. USB encryption
B. TPM
Trusted Platform Module is a chip that resides on the motherboard of the laptop. It generates cryptographic keys that allow the entire disk to be encrypted, as in full disk encryption (FDE). Hardware security modules (HSM) and USB encryption require additional hardware. A host based intrusion detection system requires either additional software or hardware.
A smartphone is an easy target for theft. Which of the following are the best methods to protect the confidential data o the device? (Select the two best answers.)
A. Remote wipe B. E-mail password C. GPS D. Tethering E. Encryption F. Screen Lock
A. and E. Remote wipe and encryption are the best methods to protect a stollen device’s confidential or sensitive information.
GPS can help to locate a device but it can also be a security vulnerability in general; this will depend on the scenario in which the mobile device is used. Passwords should never be emailed and should not be associated with email. Tethering is when a mobile device is connected to another computer so that the other computer can share Internet access, or other similar sharing functionality in one direction or the other. Screen locks are a decent method of reducing the chance of loin the average person, but they are not much of a deterrent for the persistent attacker.
Which of the following is an advantage of implementing individual file encryption on a hard drive that already uses whole disk encryption?
A. Individually encrypted files will remain encrypted if they are copied to external drives.
B. It reduces the processing overhead necessary to access encrypted files.
C. NTFS permissions remain intact when files are copied to an external drive
D. Double encryption doubles te bit strength of the encrypted file.
A. Individually encrypted files will remain encrypted if they are copied to external drives.
By implementing individual file encryption (such as EFS) on files that are stored on a disk encrypted with whole disk encryption, the files will remain encrypted even if they are copied to a separate derive that does not use whole disk encryption. However, running two types of encryption will usually increase processing overhead, not reduce it. NTFS permissions aren’t relevant here; however, if files are copied to an external drive, those files by default lose their NTFS permissions and inherit new permissions from the parent folder on the new drive.
You are in charge of compliance with financial regulations for credit card transactions. you need to block out certain perts on the individual computers that do these transactions. What should implement to best achieve your goal?
A. HIPS
B. Antivirus updates
C. Host-based firewall
D. NIDS
C. Host-based firewall
To neet regulations, a properly configured host based firewall will be required on the computers that will be transacting business credit card over the Internet. All of the other answers antivirus updates, NIDS, and HIPS are good ideas to secure the the system and or network, but they do not address the core issue of filtering ports, which is the primary purpose of the firewall.
Which of the following would most likely be considered for DLP?
A. Proxy server
B. Print server
C. USB mass storage device
D. Application server content
C. USB mass storage device
USB mass storage device would be the most likely asset to be considered for data loss prevention (DLP). It’s the only advice listed in the answers that should have any real organizational data.