Monitoring and Diagnosing Networks Flashcards
A periodic update that corrects problems in one version of a product is called a(n)____________
Hotfix
Overhaul
Service pack
Service pack
A periodic update that corrects problems in one version of a product is called a service pack. Answer A is incorrect. A hot fix is an immediate and urgent fix for a specific problem. Answer B is incorrect; an Overhaul is not a term used in the industry. Answer D is incorrect. A patch is done to fix a specific problem
Which device monitors network traffic in a passive manner?
Sniffer
IDS
Firewall
IDS
An IDS monitors network traffic, but it does not take any specific action and is therefore considered passive. Answer A is incorrect because sniffers tend to be run for a specific period of time by a human operator. Answer C is incorrect; a firewall is for blocking traffic, not monitoring, and is thus not passive. Answer D is incorrect; a web browser is for viewing web pages
What is a system that is intended or designed to be broken into by an attacker?
Honeypot
Honeybucket
Decoy
Honeypot
A honeypot is a system specifically designed to be being broken into. Answers B, C, and D are not the terms used in the industry
In intrusion detection system vernacular, which account is responsible for setting the security policy for an organization?
Supervisor
Administrator
Root
Administrator
An administrator is the term for someone setting security policy in an IDS. Answers A, C and D are not the terms used in the industry
You are a junior security administrator for a large bank. You have been asked to make the database servers as secure as they can be. The process of making certain that an entity (operating system, application, and so on) is as secure as it can be is known as which of the following?
Stabilizing
Reinforcing
Hardening
Hardening
Hardening is the term used for making a system as secure as it can be. Answers A, B, and D are not the terms used in the industry
John is working on designing a network for the insurance company where he is employed. He wants to put the web server in an area that has somewhat less security so that outside users might access it. But he does not want that to compromise the security of the rest of the network. What would be John’s best approach?
Place the web server in a honeynet.
Place the web server on the guest network segment.
Place the web server in a DMZ.
Place the web server in a DMZ.
DMZs are meant to set public facing servers. The exterior firewall of the DMZ is more permissive than the interior, making the DMZ somewhat less secure. Answer A is incorrect. A honeynet is designed to catch attackers, and it should not be obviously less secure than the actual production network. Answer B is incorrect; a guest network is not meant to be accessible from the outside world. Answer D is incorrect. It would be completely insecure, not just somewhat less secure
Tom has been instructed to find a security standard, applicable to the United States, that will help him develop appropriate security policies. He has found a standard that describes 8 principles and 14 practices that can be used to develop security policies. What standard is Tom most likely reviewing?
ISO/IEC 27001:2013
NIST 800-12
NIST 800-14
NIST 800-14
The other answers are other standards
Juanita is implementing a security mechanism that will fully encrypt the hard drive of laptops in her organization. The encryption and decryption will be automatic. What best describes what Juanita is implementing?
TPM
FDE
SED
SED
SED or Self Encrypting Drive is what is being described in this scenario. The other answers are related to cryptography but are not automatic. For example, FDE, or Full Disk Encryption, would fully encrypt the hard drive, but it would not be automatic
Ahmed has been working to mitigate the threat of malware in his network. He has selected a specific vendor (Vendor ABC) for his antivirus software. He is using ABC products everywhere he needs antivirus software. Is this the correct decision? Why or why not?
Yes, consistency is more secure.
No, this violates control diversity.
No, this violates vendor diversity.
No, this violates control diversity.
This violated vendor diversity. He is using the same vendor for all of his anti-malware. If there is any flaw in that vendor or the algorithm used by that vendor misses a specific virus, then it will be missed everywhere
You are concerned about your backup files becoming infected with malware. Which of the following technologies would be best to protect your backup?
Air-gap
SPI firewall
DMZ
Air-gap
An air-gapped backup is not exposed to the network and thus is far less likely to become infected. In fact, the only possibility for infection at the moment is that a backup is transferred to the air-gapped storage. If anti-virus is run just prior to this action, then the chances of malware in the backup become extremely small. The other answers have nothing to do with protecting backups