Domain 5

Question 1

Black Box Penetration Test

Answer 1

Black box penetration testing assumes no prior knowledge of the infrastructure to be tested. Testers simulate an attack from someone who is unfamiliar with the system. It is important to have management knowledge of the proceedings so that if the test is identified by the monitoring systems, the legality of the actions can be determined quickly.

Question 2

User Datagram Protocol (UDP)

Answer 2

User Datagram Protocol (UDP) utilizes a simple transmission model without implicit handshaking routines for providing reliability, ordering or data integrity. Thus, UDP provides an unreliable service and datagrams may arrive out of order, appear duplicated or get dropped.

Question 3

Kerberos

Answer 3

Kerberos is a network authentication protocol for client-server applications that can be used to restrict access to the database to authorized users.

Question 4

rootkit

Answer 4

malicious software

Question 5

Infected Device

Answer 5

The first step is to disconnect the machine from the network, and then, using proper forensic techniques, capture the information stored in temporary files, network connection information, programs loaded into memory and other information on the machine.

Question 6

improperly implemented intrusion prevention system (IPS)

Answer 6

An IPS prevents a connection or service based on how it is programmed to react to specific incidents. If the IPS is triggered based on incorrectly defined or nonstandard behavior, it may block the service or connection of a critical internal system.

Question 7

certification practice statement (CPS)

Answer 7

The certification practice statement (CPS) is the how-to document used in policy-based public key infrastructure (PKI).

Question 8

Port scanning

Answer 8

Port scanning will often target the external firewall of the organization. Use of wireless will not affect this.

Question 9

defense in-depth security principle

Answer 9

Defense in-depth means using different security mechanisms that back each other up. When network traffic passes the firewall unintentionally, the logical access controls form a second line of defense.

Question 10

spoofing

Answer 10

Spoofing is a form of impersonation where one computer tries to take on the identity of another computer. IP spoofing takes advantage of the source-routing option in the Internet Protocol.

Question 11

digital signatures

Answer 11

A digital signature is an electronic identification of a person or entity. It is created by using asymmetric encryption. To verify integrity of data, the sender uses a cryptographic hashing algorithm against the entire message to create a message digest to be sent along with the message. Upon receipt of the message, the receiver will recompute the hash using the same algorithm.

Question 12

type of antivirus software

Answer 12

A. Scanners look for sequences of bits called signatures that are typical of virus programs. They examine memory, disk boot sectors, executable files and command files for bit patterns that match a known virus. Therefore, scanners need to be updated periodically to remain effective.

B. Active monitors interpret disk operating system (DOS) and read-only memory (ROM) basic input-output system (BIOS) calls, looking for virus-like actions. Active monitors can be misleading, because they cannot distinguish between a user request and a program or virus request. As a result, users are asked to confirm actions such as formatting a disk or deleting a file or set of files.

C. Integrity checkers compute a binary number on a known virus-free program that is then stored in a database file. This number is called a cyclical redundancy check (CRC). When that program is called to execute, the checker computes the CRC on the program about to be executed and compares it to the number in the database. A match means no infection; a mismatch means that a change in the program has occurred. A change in the program could mean a virus.

D. Vaccines are known to be good antivirus software. However, they need to be updated periodically to remain effective.

Question 13

best antivirus

Answer 13

Integrity checkers

Question 14

Transaction monitoring

Answer 14

An electronic payment system could be the target of fraudulent activities. An unauthorized user could potentially enter false transactions. By monitoring transactions, the payment processor could identify potentially fraudulent transactions based on the typical usage patterns, monetary amounts, physical location of purchases, and other data that are part of the transaction process.

Question 15

Use of a point-to-point leased line

Answer 15

A leased line will effectively extend the local area network (LAN) of the headquarters to the remote site, and the mainframe Telnet connection would travel over the private line, which would be less of a security risk when using an insecure protocol such as Telnet.

Question 16

directory server in a public key infrastructure (PKI)?

Answer 16

A directory server makes other users’ certificates available to applications.

Question 17

Stores certificate revocation lists (CRLs)

Answer 17

role performed by a security server.

Question 18

(GSM) technology.

Answer 18

The inherent security features of global system for mobile communications (GSM) technology combined with the use of a virtual private network (VPN) are appropriate. The confidentiality of the communication on the GSM radio link is ensured by the use of encryption and the use of a VPN signifies that an encrypted session is established between the laptop and the corporate network

Question 19

targeted testing

Answer 19

penetration testers are provided with information related to target and network design and the target’s IT team is aware of the testing activities.

Question 20

pharming attack

Answer 20

Domain name system (DNS) server security hardening

The pharming attack redirects the traffic to an unauthorized web site by exploiting vulnerabilities of the DNS server.

Question 21

ARP poisoning attack

Answer 21

experienced a large amount of traffic being re-routed from its Voice-over Internet Protocol (VoIP) packet network.

Question 22

firewalls provide the GREATEST degree and granularity of control?

Answer 22

Application gateway

Question 23

Digital certificates with RSA

Answer 23

provide authentication and integrity but do not provide encryption.

Question 24

A demilitarized zone (DMZ)

Answer 24

A demilitarized zone (DMZ) is an isolated network used to permit outsiders to access certain corporate information in a semi-trusted environment. The DMZ may host a web server or other external facing services. Traffic to a DMZ is not usually encrypted unless it is terminating on a VPN located in the DMZ.

Question 25

proxy server

Answer 25

is a type of firewall installation used as an intermediary to filter and control traffic between internal and external parties.

Question 26

web content filter

Answer 26

A web content filter accepts or denies web communications according to the configured rules. To help the administrator properly configure the tool, organizations and vendors have made available uniform resource locator (URL) blacklists and classifications for millions of web sites.

Question 27

Analyzer vs. Sensors

Answer 27

Analyzers receive input from sensors and determine the presence of and type of intrusive activity.

Sensors are responsible for collecting data. Sensors may be attached to a network, server or other location and may gather data from many points for later analysis.

Question 28

Stopping a worm

Answer 28

Stopping the service and installing the security fix is the safest way to prevent the worm from spreading.

Question 29

Digital signatures

Answer 29

signer to have a private key and the receiver to have a public key.

Question 30

Voice-over Internet Protocol (VoIP) system

Answer 30

Segregating the Voice-over Internet Protocol (VoIP) traffic using virtual local area networks (VLANs) would best protect the VoIP infrastructure from network-based attacks, potential eavesdropping and network traffic issues (which would help to ensure uptime).

Question 31

confidentiality, reliability and integrity of data?

Answer 31

Secure Sockets Layer (SSL)-reliability

Question 32

PKI?

Answer 32

Public key infrastructure (PKI) is used in conjunction with SSL is realiability…otherwise SSL

Question 33

Secure Shell (SSH)

Answer 33

Secure Shell (SSH) is a protocol that is used to establish a secure, encrypted, command-line shell session, typically for remote logon. Although SSH encrypts data transmitted during a session, SSH cannot encrypt data at rest, including data on USB drives. As a result, SSH is not appropriate for this scenar

Question 34

Power line conditioners

Answer 34

Power line conditioners are used to compensate for peaks and valleys in the power supply and reduce peaks in the power flow to what is needed by the machine. Any valleys are removed by power stored in the equipment

Question 35

implementing data classification

Answer 35

While implementing data classification, it is most essential that organizational policies and standards, including the data classification schema, are understood by the owner or custodian of the data so they can be properly classified.

Question 36

high security areas

Answer 36

FAR

Question 37

mantrap controlling access

Answer 37

is primarily to prevent piggybacking.

Question 38

effective biometric control system

Answer 38

The EER of a biometric system denotes the percent at which the false-acceptance rate (FAR) is equal to the false-rejection rate (FRR). The biometric that has the lowest EER is the most effective.