Security Assessments and Audits (2) Flashcards
A security auditor discovers open wireless networks. She must recommend a secure solution. Which of the following is the most secure wireless solution?
802.1x
WEP
WPA PSK
- 1x
- 1x requires that connecting hosts or users first authenticate with a central authentication server before even gaining access to the network. This is considered the most secure of the listed choices, since WEP and WPA PSK do not require authentication to get on the network; only a passphrase is required. Neither WEP nor WPA PSK uses a centralized authentication server
While auditing a Windows Active Directory environment, you discover that administrative accounts do not have configured account lockout policies. Which of the following are security concerns? (Choose two.)
If account lockout is enabled, administrative accounts could be locked out as a result of repeated password attempts.
If account lockout is not enabled, administrative accounts could be subject to password attacks.
If account lockout is enabled, administrative accounts could be subject to password attacks.
If account lockout is not enabled, administrative accounts could be locked out as a result of repeated password attempts.
If account lockout is enabled, administrative accounts could be locked out as a result of repeated password attempts.
If account lockout is not enabled, administrative accounts could be subject to password attacks.
These answers present a catch-22 scenario. The best solution to prevent this problem is to authenticate admin accounts with a smartcard. This would eliminate remote attacks on admin accounts because of the requirement of possessing a physical smartcard
Which type of security testing provides network configuration information to testers?
Known environment
Unknown environment
Partially known environment
Known environment
A known environment test provides testers with detailed configuration information regarding the software or network they are testing
Which type of tool scans for known security threats on a group of computers?
Packet sniffer
Vulnerability scanner
Risk scanner
Vulnerability scanner
Vulnerability scanners such as Nessus normally use an updated database of known security vulnerabilities and misconfigurations for various operating systems and network devices. This database is compared against a single host or a network scan to determine whether any hosts or devices are vulnerable. Reports can then be generated from the scan. Network scans can also reveal the presence of rogue systems, including rogue DHCP servers that dole out incorrect IP configurations to disrupt network communications or to re-route traffic through attacker systems for unauthorized detailed traffic examination
You would like an unused host to log zero-day exploit activity. What should you configure?
Patch server
Honeynet
Honeypot
Honeypot
Honeypots are intentionally exposed systems used to attract the attention of attackers to study attackers’ methods and extract operational tactics and procedures
A large wireless network currently uses WPA PSK. As part of your network audit findings, you recommend a centralized wireless authentication option. What should you recommend?
RADIUS
WEP
WPA2 PSK
RADIUS
Remote Authentication Dial-In User Service (RADIUS) is a central server that authenticates users connecting to a network. Failure to authenticate to the RADIUS server means access to the network is denied
You are performing a network penetration test for a client. From a command prompt, you issue the command telnet smtp1.acme.com 25 to see what information is returned. Which term refers to what you have done?
Denial of service
Port scan
Banner grab
Banner grab
A banner grab is used to probe the listening port of a network service with the intent of learning more, such as what version of software is running
When is baseline reporting useful?
When conducting a penetration test
When hardening DNS servers
When comparing normal activity with current activity
When comparing normal activity with current activity
A baseline establishes what system performance looks like under normal conditions. This can be compared to current conditions to determine whether anything is out of the norm
Why are penetration tests sometimes not recommended?
They can identify security threats.
They could degrade network performance.
They could generate too much logging data.
They could degrade network performance.
Penetration testing can be risky. Many techniques are involved, but degrading network performance or crashing hosts is a distinct possibility
You need to verify whether DNS servers allow DNS zone transfers to all hosts. Which built-in Windows command should you use?
netstat
arp
nslookup
nslookup
The name server lookup (nslookup) command is built into Windows, whereas the dig command is specific to Linux and offers similar capabilities
You are creating an IT threat assessment for your organization. You are using tools that gather IT security threat details from multiple sources. Which term best describes this scenario?
Threat feeds
Intelligence fusion
Threat advisories
Intelligence fusion
Intelligence fusion brings together multiple threat sources such as threat feeds, advisories, bulletins, and open source intelligence (OSINT) resources to be used for a comprehensive threat assessment
Which type of vulnerability scan tests the security and stability of a web application?
Debugging
Port scan
Fuzzing
Fuzzing
Fuzzing is a technique used to test the stability and security of an application. Fuzzing feeds random or unexpected data to the app. The app’s behavior is observed during fuzzing to bring to light any security or stability problems through the fuzz testing
Which IT industry standard uses a scoring system to determine the severity of specific threats?
CVE
Metasploit
CVSS
CVSS
The Common Vulnerability Scoring System (CVSS) is used to evaluate the severity of IT threats and is used by many vulnerability scanning tools such as Nessus
You have been hired as a member of an IT security red team that will exploit discovered vulnerabilities. Which type of activities will you perform?
War flying
Data sanitizing
Penetration testing
Penetration testing
Red teams conduct penetration tests. The company’s IT security staff is collectively referred to as the blue team, and the team’s job is to put security controls in place in alignment with organizational security policies to protect digital assets against exploits. White teams set the rules of engagement for penetration testing and analysis security testing results. Purple teaming combines attack results (red team) with security defense techniques (blue team) to enhance the organization’s security posture
Which Linux command is used to display the entire contents of a text file?
cat
head
tail
cat
The Linux cat command, such as cat /etc/hosts, shows the entire contents of a text file