Security Assessments and Audits Flashcards
As part of your security audit, you would like to see what type of network traffic is being transmitted on the network. Which type of tool should you use?
Protocol analyzer
Port scanner
Vulnerability scanner
Protocol analyzer
Protocol analyzers use a promiscuous mode network card driver that allows the capture of all network traffic. Each switch port is a collision domain that prevents capturing unicast traffic related to other hosts; however, some switches allow mirroring of all switch traffic to a specific port
A network consists of 250 computers. You must determine which machines are secure and which are not. Which type of tool should you use?
Protocol analyzer
Port scanner
Vulnerability scanner
Vulnerability scanner
Vulnerability scanners scan computers for known security violations and weaknesses
You would like to focus and track malicious activity to a particular host in your DMZ. What should you configure?
Honeynet
Honeypot
DMZ tracker
Honeypot
A honeypot is an intentionally vulnerable host used to attract and track malicious activity
Which of the following would you employ to determine which TCP and UDP ports on a host are open?
Packet sniffer
Performance Monitor
Port scanner
Port scanner
Port scanners identify open ports on hosts. Personal firewall software may impede the success of port scanners. Note that port scanning can be detected
Which procedure identifies assets, threats, and risks and also determines methods to minimize the impact of these threats?
Risk analysis
Vulnerability assessment
Port scanning
Risk analysis
Risk analysis identifies and prioritizes threats while determining how to minimize their effect on business operations
A technician must identify deviations from normal network activity. Which task must she first perform?
Trend analysis
Baseline analysis
Performance monitoring
Baseline analysis
A baseline analysis establishes what is normal on a given network. Without this data, it is difficult to determine deviations from the norm
A developer analyzes source code to ensure there are no errors or potential security risks. Which term best identifies this activity?
Patch management
Debugging
Code review
Code review
Code review is an examination of source code to uncover errors or security risks
A Windows computer has not been patched and the unnecessary services have not been disabled. Which of the following statements is true regarding security?
The computer will perform faster.
The computer has a large attack surface.
The computer has a small attack surface.
The computer has a large attack surface.
Computers with many potential vulnerabilities (software, physical) are said to have a larger attack surface than patched machines that run only software that is required. A larger attack surface means a higher degree of possibility of a machine becoming compromised
A network security auditor simulates various network attacks against a corporate network. Which term best defines this procedure?
Vulnerability analysis
Network mapping
Penetration testing
Penetration testing
Penetration testing (pen testing) is an active, or intrusive, type of test that involves simulating malicious activity against hosts or entire networks in order to assess how secure they are and to identify threats. Proper written consent must be obtained prior to performing this type of testing since testing could disrupt hosts and networks
Your manager asks you to configure a collection of purposely vulnerable hosts in a DMZ for the purpose of tracking hacking attempts. What term best describes what you are configuring?
Honeynet
Honeypot
Firewall
Honeynet
A honeynet is composed of two or more honeypots. These are intentionally vulnerable hosts used to track malicious activity
You run a vulnerability scan on subnet 192.168.1.0/24. The results state TCP ports 135 through 139 are open on most hosts. What does this refer to?
File and Print Sharing
Mail server
Remote Desktop Protocol
File and Print Sharing
Windows File and Print Sharing generally uses TCP ports 135 to 139
You are a network consultant in charge of creating a wireless network infrastructure for a hotel. Toward the end of the implementation, your team evaluates the project to ensure that it meets the original stated requirements. What is this called?
Penetration testing
Risk assessment
Design review
Design review
Design review is a process whereby the original project objectives are compared against current progress to ensure that the objectives are being met
After careful log examination, you realize somebody has hacked into your WEP-secured home wireless network. What can you do to further secure wireless traffic?
Use WPA2 Enterprise.
Use WPA2 PSK.
Disable SSID broadcasting.
Use WPA2 PSK.
Wi-Fi Protected Access (WPA2) pre-shared key (PSK) is considered more secure than Wired Equivalent Privacy (WEP)
What should be done to ensure that your network security is effective?
Patch all operating systems.
Update the BIOS on all systems.
Periodically test network security controls.
Periodically test network security controls.
Periodic network testing, perhaps even penetration testing, is valuable to ensure that your network security controls remain valid over time
Which of the following is considered passive security testing?
Capturing network traffic
Brute-force password attack
Dictionary-based disk decryption
Capturing network traffic
The passive testing of security controls does not interfere with the normal operation of a computer system or network. Capturing network traffic simply takes a copy of network packets already being transmitted