Security of Networks, Systems, Applications and Data

Question 1

While every risk assessment methodology has different nuances and approaches, most have three common inputs:

Answer 1

asset identification,
threat assessment and
vulnerability assessment.

Question 2

Risk analyses can be oriented toward one of the inputs, making the risk assessment:

Answer 2

asset-oriented,
threat-oriented or
vulnerability-oriented.

Question 3

For risk that has inadequate or no controls, there are many options to address each risk:

Answer 3

Risk Reduction
Risk Avoidance
Risk Transfer or Sharing
Risk Acceptance

Question 4

Four common types of vulnerabilities:

Answer 4

1. Technical - Errors in design, implementation, or configuration
2. Process - Errors in operation
3. Organizational - Errors in management, decision, planning or from ignorance
4. Emergent - Interactions between, or changes in, environments

Question 5

Penetration testing includes identifying existing vulnerabilities and then using common exploit methods to:

Answer 5

1. Confirm exposures
2. Assess the level of effectiveness and quality of existing security controls
3. Identify how specific vulnerabilities expose IT resources and assets
4. Ensure compliance

Question 6

Several considerations are important prior to any penetration testing:

Answer 6

1. Clearly define the scope of the test
2. Gather explicit, written permission
3. Ensure testers implement “Do no harm” procedures
4. Put in place communication and escalation plans

Question 7

Penetration testing can be divided into four main phases:

Answer 7

1. Planning
2. Discovery
3. Attack
4. Reporting

Question 8

Techniques used to gather information during the Discovery phase of penetration testing include:

Answer 8

a. DNS interrogation, WHOIS queries and network sniffing to discover host name and IP address information
b. Search web servers and directory servers for employee names and contact information
c. Banner grabbing for application and service information
d. NetBIOS enumeration for system information
e. Dumpster diving and physical walk-throughs of the facilities to gather additional information
f. Social engineering, such as posing as a help desk agent and asking for passwords, posing as a user and calling the help desk to reset passwords or sending phishing emails
And includes a vulnerability assessment.

Question 9

The ______ phase (of penetration testing) is the process of verifying previously identified vulnerabilities by attempting to exploit them. Metasploit® hosts a public database of quality-assured exploits. They rank exploits for safe testing.

Answer 9

attack

Question 10

Metasploit’s most popular payload is called _______, which enables a user to upload and download files from the system, take screenshots and collect password hashes.

Answer 10

Meterpreter

Question 11

The ______ phase (of penetration testing) is the process of verifying previously identified vulnerabilities by attempting to exploit them. Metasploit® hosts a public database of quality-assured exploits. They rank exploits for safe testing.

Answer 11

attack

Question 12

The ________ phase (of penetration testing) occurs simultaneously with the other phases. An assessment plan is developed during the planning phase. Logs are kept during the discovery and attack phases.

Answer 12

reporting

Question 13

Network management is the process of assessing, monitoring, and maintaining network devices and connections. The International Organization for Standardization (ISO) network management model defines five functional areas of network management (FCAPS):

Answer 13

• Fault Management—Detect, isolate, notify and correct faults encountered in the network. This category analyzes traffic, trends, SMMP polls and alarms for automatic fault detection.
• Configuration Management—Configuration aspects of network devices include configuration file management, inventory management and software management.
• Accounting Management—Usage information of network resources.
• Performance Management—Monitor and measure various aspects of performance metrics so that acceptable performance can be maintained. This includes response time, link utilization and error rates. Administrators can monitor trends and set threshold alarms.
• Security Management—Provide access to network devices and corporate resources to authorized individuals. This category focuses on authentication, authorization, firewalls, network segmentation, IDS and notifications of attempted breaches.

Question 14

LANs and WANs are particularly susceptible to people and virus-related threats because

Answer 14

of the large number

of people who have access rights.

Question 15

The emphasis has been on providing capability and functionality rather than security.

Answer 15

True.

Question 16

Commonly available network security administrative capabilities include:

Answer 16

• Declaring ownership of programs, files and storage.
• Limiting access to a read-only basis.
• Implementing record and file locking to prevent simultaneous update.
• Enforcing user ID/password sign-on procedures, including the rules relating to password length, format and change frequency.
• Using switches to implement port security policies rather than hubs or nonmanageable routers. This will prevent unauthorized hosts, with unknown MAC addresses, from connecting to the LAN.
Encrypting local traffic using IPSec (IP security) protocol.

Question 17

The most useful WLAN standard used currently is the ____ .

Answer 17

IEEE 802.11 standard.

Question 18

WEP

Answer 18

IEEE 802.11’s Wired Equivalent Privacy encryption uses symmetric, private keys, which means the end user’s radio-based NIC and access point must have the same key. This leads to periodic difficulties distributing new keys to each NIC. As a result, keys remain unchanged on networks for extended times.

Question 19

WPA2 and WPA

Answer 19

Wi-Fi Protected Access utilize public key cryptography techniques to provide effective authentication and encryption between users and access points.

Question 20

A port is a logical connection. When using Transmission Control Protocol/Internet Protocol (TCP/IP), designating a port is a way to identify the specific process to which an Internet or other network message is to be forwarded when it arrives at a server.

Answer 20

True

Question 21

Allowable port numbers range from 0 to ____. Ports 0 to ____ are reserved for certain privileged services— the well-known ports.

Answer 21

65535; 1023

Question 22

Port numbers are divided into three ranges:

Answer 22

• The well-known ports—0 through 1023: Controlled and assigned by the IANA.
• The registered ports—1024 through 49151.
• The dynamic and/or private ports—49152 through 65535:

Question 23

Tunneling is the process of encapsulating one type of protocol in another.

Answer 23

True

Question 24

VoIP networks are still vulnerable to:

Answer 24

sniffing,
DoS,
traffic-flow disruption and
toll fraud.