Part 8

Question 0

Even with the most robust security tools in place, it is important to ____ your systems.

Answer 0

monitor

Question 1

Monitor ____

Answer 1

Systems

Question 2

All security products are ____ and can ____ or be ____.

Answer 2

manmade, fail, compromised

Question 3

As with any other aspect of technology, one should ____on simply one product or tool.

Answer 3

never rely

Question 4

Enabling ____ on your systems is one way to put your organization in a position to identify problem areas.

Answer 4

logging

Question 5

The problem is, ____

Answer 5

what should be logged?

Question 6

Logging mechanisms and the ability to track ____ are critical.

Answer 6

user activities

Question 7

The presence of logs in all environments allows thorough tracking and analysis if something does go wrong. Determining the cause of a compromise is very difficult without ____:

Answer 7

system activity logs

Question 8

Invalid ____ access attempts

Answer 8

logical

Question 9

Record at least the following \_\_\_\_ for all system components for each event:
● User identification
● Type of event
● Date and time
● Success or failure indication
● Origination of event

Answer 9

audit trail entries

Question 10

____ or name of affected data, system component, or resource

Answer 10

Identity

Question 11

____ for all system components at least daily. ______ must include those servers that perform security functions like intrusion detection system (IDS) and authentication, authorization, and accounting protocol (AAA) servers (for example, RADIUS).
Note: Log harvesting, parsing, and alerting tools may
be used to achieve compliance.

Answer 11

Review logs

Question 12

Fortunately, there are tools that will collect and ____ log files from a variety of sources. All these tools have the ability to notify individuals of a particular event.

Answer 12

parse

Question 13

Hire a ____ to Audit Security

Answer 13

Third Party

Question 14

Regardless of how talented your staff is, there is always the possibility that they ___ something or inad- vertently misconfigured a device or setting.

Answer 14

overlooked

Question 15

For this reason it is very important to bring in an extra set of “eyes, ears, and hands” to ____ your organization’s security posture.

Answer 15

review

Question 16

Though some IT professionals will become paranoid having a third party review their work, intelligent staff members will recognize that a security review by outsiders can be a great ____.

Answer 16

learning opportunity

Question 17

The advantage of having a ___review your systems is that the outsiders have experience reviewing a wide range of systems, applications, and devices in a variety of industries.

Answer 17

third party

Question 18

They will know what works well and what might work but cause problems in the future. They are also more likely to be up to speed on new ____ and the latest product updates. Why? Because this is all they do.

Answer 18

vulnerabilities

Question 19

What is heartbleed

Answer 19

Research

Question 20

They are not encumbered by administrative duties, inter- nal politics, and help desk requests. They will be more ____ than in-house staff, and they will be in a position to make recommendations after their analysis.

Answer 20

objective

Question 21

The —- analysis should involve a two-pronged approach: They should identify how the network appears to attackers and how secure the system is, should attack- ers make it past the perimeter defenses.

Answer 21

third-party

Question 22

Don’t Forget the ____

Answer 22

Basics

Question 23

Many organizations spend a great deal of time and money addressing ____ and overlook some fundamental security mechanisms, as described here.

Answer 23

perimeter defenses

Question 24

Change ____

Answer 24

Default Account Passwords

Question 25

Nearly all network devices come ___ with a password/username combination.

Answer 25

preconfigured

Question 26

If these ____ are not changed upon configu- ration, it becomes a trivial matter for an attacker to get into these systems.

Answer 26

default passwords

Question 27

Use ___ Passwords

Answer 27

Robust

Question 28

Close Unnecessary ____

Answer 28

Ports

Question 29

____ on a computer are logical access points for com- munication over a network.

Answer 29

Ports

Question 30

The well-known port numbers are 0 through ____.

Answer 30

1023

Question 31

● Port 21: 
●bPort 23: 
● Port 25:
● Port 53: 
● Port 80: 
● Port 110:

Answer 31

Port 21: FTP
● Port 23: Telnet
● Port 25: SMTP
● Port 53: DNS
● Port 80: HTTP
● Port 110: POP

Question 32

The built-in command-line tool ____ will allow you to identify open ports and process IDs by using the following switches:
-a Displays all connections and listening ports
-n Displays addresses and port numbers in numerical
form
-o Displays the owning process ID associated with each
connection
(Note: In Unix, netstat is also available but utilizes the following switches: -atvp.)
Other tools that can prove helpful are ActivePorts,47 a graphical user interface (GUI) tool that allows you to export the results in delimited format, and Fport,48 a popula

Answer 32

netstat

Question 33

Nearly all operating systems have a mechanism for auto- matically checking for ____. This notification system should be turned on.

Answer 33

updates

Question 34

Use Administrator Accounts for ____

Answer 34

Administrative Tasks

Question 35

This means that the malicious software can run with ____, which can create serious problems. Administrators should log into their systems using a standard user account to prevent malicious software from gaining control of their computers.

Answer 35

administrator privi- leges

Question 36

Restrict ___

Answer 36

Physical Access

Question 37

Critical systems should be kept in ___

Answer 37

secure areas.

Question 38

A ___ is one that provides the ability to control access to only those who need access to the systems as part of their job responsibilities.

Answer 38

secure area