Security Assessments and Audits (2) Flashcards

1
Q

A security auditor discovers open wireless networks. She must recommend a secure solution. Which of the following is the most secure wireless solution?

802.1x

WEP

WPA PSK

A
  1. 1x
  2. 1x requires that connecting hosts or users first authenticate with a central authentication server before even gaining access to the network. This is considered the most secure of the listed choices, since WEP and WPA PSK do not require authentication to get on the network; only a passphrase is required. Neither WEP nor WPA PSK uses a centralized authentication server
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

While auditing a Windows Active Directory environment, you discover that administrative accounts do not have configured account lockout policies. Which of the following are security concerns? (Choose two.)

If account lockout is enabled, administrative accounts could be locked out as a result of repeated password attempts.

If account lockout is not enabled, administrative accounts could be subject to password attacks.

If account lockout is enabled, administrative accounts could be subject to password attacks.

If account lockout is not enabled, administrative accounts could be locked out as a result of repeated password attempts.

A

If account lockout is enabled, administrative accounts could be locked out as a result of repeated password attempts.

If account lockout is not enabled, administrative accounts could be subject to password attacks.

These answers present a catch-22 scenario. The best solution to prevent this problem is to authenticate admin accounts with a smartcard. This would eliminate remote attacks on admin accounts because of the requirement of possessing a physical smartcard

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Which type of security testing provides network configuration information to testers?

Known environment

Unknown environment

Partially known environment

A

Known environment

A known environment test provides testers with detailed configuration information regarding the software or network they are testing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which type of tool scans for known security threats on a group of computers?

Packet sniffer

Vulnerability scanner

Risk scanner

A

Vulnerability scanner

Vulnerability scanners such as Nessus normally use an updated database of known security vulnerabilities and misconfigurations for various operating systems and network devices. This database is compared against a single host or a network scan to determine whether any hosts or devices are vulnerable. Reports can then be generated from the scan. Network scans can also reveal the presence of rogue systems, including rogue DHCP servers that dole out incorrect IP configurations to disrupt network communications or to re-route traffic through attacker systems for unauthorized detailed traffic examination

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

You would like an unused host to log zero-day exploit activity. What should you configure?

Patch server

Honeynet

Honeypot

A

Honeypot

Honeypots are intentionally exposed systems used to attract the attention of attackers to study attackers’ methods and extract operational tactics and procedures

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

A large wireless network currently uses WPA PSK. As part of your network audit findings, you recommend a centralized wireless authentication option. What should you recommend?

RADIUS

WEP

WPA2 PSK

A

RADIUS

Remote Authentication Dial-In User Service (RADIUS) is a central server that authenticates users connecting to a network. Failure to authenticate to the RADIUS server means access to the network is denied

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

You are performing a network penetration test for a client. From a command prompt, you issue the command telnet smtp1.acme.com 25 to see what information is returned. Which term refers to what you have done?

Denial of service

Port scan

Banner grab

A

Banner grab

A banner grab is used to probe the listening port of a network service with the intent of learning more, such as what version of software is running

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

When is baseline reporting useful?

When conducting a penetration test

When hardening DNS servers

When comparing normal activity with current activity

A

When comparing normal activity with current activity

A baseline establishes what system performance looks like under normal conditions. This can be compared to current conditions to determine whether anything is out of the norm

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Why are penetration tests sometimes not recommended?

They can identify security threats.

They could degrade network performance.

They could generate too much logging data.

A

They could degrade network performance.

Penetration testing can be risky. Many techniques are involved, but degrading network performance or crashing hosts is a distinct possibility

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

You need to verify whether DNS servers allow DNS zone transfers to all hosts. Which built-in Windows command should you use?

netstat

arp

nslookup

A

nslookup

The name server lookup (nslookup) command is built into Windows, whereas the dig command is specific to Linux and offers similar capabilities

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

You are creating an IT threat assessment for your organization. You are using tools that gather IT security threat details from multiple sources. Which term best describes this scenario?

Threat feeds

Intelligence fusion

Threat advisories

A

Intelligence fusion

Intelligence fusion brings together multiple threat sources such as threat feeds, advisories, bulletins, and open source intelligence (OSINT) resources to be used for a comprehensive threat assessment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Which type of vulnerability scan tests the security and stability of a web application?

Debugging

Port scan

Fuzzing

A

Fuzzing

Fuzzing is a technique used to test the stability and security of an application. Fuzzing feeds random or unexpected data to the app. The app’s behavior is observed during fuzzing to bring to light any security or stability problems through the fuzz testing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Which IT industry standard uses a scoring system to determine the severity of specific threats?

CVE

Metasploit

CVSS

A

CVSS

The Common Vulnerability Scoring System (CVSS) is used to evaluate the severity of IT threats and is used by many vulnerability scanning tools such as Nessus

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

You have been hired as a member of an IT security red team that will exploit discovered vulnerabilities. Which type of activities will you perform?

War flying

Data sanitizing

Penetration testing

A

Penetration testing

Red teams conduct penetration tests. The company’s IT security staff is collectively referred to as the blue team, and the team’s job is to put security controls in place in alignment with organizational security policies to protect digital assets against exploits. White teams set the rules of engagement for penetration testing and analysis security testing results. Purple teaming combines attack results (red team) with security defense techniques (blue team) to enhance the organization’s security posture

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Which Linux command is used to display the entire contents of a text file?

cat

head

tail

A

cat

The Linux cat command, such as cat /etc/hosts, shows the entire contents of a text file

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

You are creating a Linux shell script that will SSH into a target system, change file system permissions, capture network traffic, and then write a custom log entry. Which Linux commands will be used in the script?

chmod, tcpdump, ssh

chmod, tcpreplay, logger

chmod, tcpdump, logger

A

chmod, tcpdump, logger

The Linux chmod command is used to set file system permissions, such as granting read and write permissions to the owning user of a file with the command chmod u +rw file1.txt. The tcpdump command is used to capture network traffic on a specific or all network interfaces: tcpdump -i any. The logger command writes a custom log entry such as with logger “This is a sample log entry”

17
Q

What type of script is the most likely to contain the following command?

Get-Service | Where{$_.status –eq “Running”}

Python script

Batch file

PowerShell script

A

PowerShell script

PowerShell uses a noun–verb style syntax. The listed example will display only running services on the host where the command is executed