Monitoring and Diagnosing Networks

Question 1

A periodic update that corrects problems in one version of a product is called a(n)____________

Hotfix

Overhaul

Service pack

Answer 1

Service pack

A periodic update that corrects problems in one version of a product is called a service pack. Answer A is incorrect. A hot fix is an immediate and urgent fix for a specific problem. Answer B is incorrect; an Overhaul is not a term used in the industry. Answer D is incorrect. A patch is done to fix a specific problem

Question 2

Which device monitors network traffic in a passive manner?

Sniffer

IDS

Firewall

Answer 2

IDS

An IDS monitors network traffic, but it does not take any specific action and is therefore considered passive. Answer A is incorrect because sniffers tend to be run for a specific period of time by a human operator. Answer C is incorrect; a firewall is for blocking traffic, not monitoring, and is thus not passive. Answer D is incorrect; a web browser is for viewing web pages

Question 3

What is a system that is intended or designed to be broken into by an attacker?

Honeypot

Honeybucket

Decoy

Answer 3

Honeypot

A honeypot is a system specifically designed to be being broken into. Answers B, C, and D are not the terms used in the industry

Question 4

In intrusion detection system vernacular, which account is responsible for setting the security policy for an organization?

Supervisor

Administrator

Root

Answer 4

Administrator

An administrator is the term for someone setting security policy in an IDS. Answers A, C and D are not the terms used in the industry

Question 5

You are a junior security administrator for a large bank. You have been asked to make the database servers as secure as they can be. The process of making certain that an entity (operating system, application, and so on) is as secure as it can be is known as which of the following?

Stabilizing

Reinforcing

Hardening

Answer 5

Hardening

Hardening is the term used for making a system as secure as it can be. Answers A, B, and D are not the terms used in the industry

Question 6

John is working on designing a network for the insurance company where he is employed. He wants to put the web server in an area that has somewhat less security so that outside users might access it. But he does not want that to compromise the security of the rest of the network. What would be John’s best approach?

Place the web server in a honeynet.

Place the web server on the guest network segment.

Place the web server in a DMZ.

Answer 6

Place the web server in a DMZ.

DMZs are meant to set public facing servers. The exterior firewall of the DMZ is more permissive than the interior, making the DMZ somewhat less secure. Answer A is incorrect. A honeynet is designed to catch attackers, and it should not be obviously less secure than the actual production network. Answer B is incorrect; a guest network is not meant to be accessible from the outside world. Answer D is incorrect. It would be completely insecure, not just somewhat less secure

Question 7

Tom has been instructed to find a security standard, applicable to the United States, that will help him develop appropriate security policies. He has found a standard that describes 8 principles and 14 practices that can be used to develop security policies. What standard is Tom most likely reviewing?

ISO/IEC 27001:2013

NIST 800-12

NIST 800-14

Answer 7

NIST 800-14

The other answers are other standards

Question 8

Juanita is implementing a security mechanism that will fully encrypt the hard drive of laptops in her organization. The encryption and decryption will be automatic. What best describes what Juanita is implementing?

TPM

FDE

SED

Answer 8

SED

SED or Self Encrypting Drive is what is being described in this scenario. The other answers are related to cryptography but are not automatic. For example, FDE, or Full Disk Encryption, would fully encrypt the hard drive, but it would not be automatic

Question 9

Ahmed has been working to mitigate the threat of malware in his network. He has selected a specific vendor (Vendor ABC) for his antivirus software. He is using ABC products everywhere he needs antivirus software. Is this the correct decision? Why or why not?

Yes, consistency is more secure.

No, this violates control diversity.

No, this violates vendor diversity.

Answer 9

No, this violates control diversity.

This violated vendor diversity. He is using the same vendor for all of his anti-malware. If there is any flaw in that vendor or the algorithm used by that vendor misses a specific virus, then it will be missed everywhere

Question 10

You are concerned about your backup files becoming infected with malware. Which of the following technologies would be best to protect your backup?

Air-gap

SPI firewall

DMZ

Answer 10

Air-gap

An air-gapped backup is not exposed to the network and thus is far less likely to become infected. In fact, the only possibility for infection at the moment is that a backup is transferred to the air-gapped storage. If anti-virus is run just prior to this action, then the chances of malware in the backup become extremely small. The other answers have nothing to do with protecting backups