Security Tools and Technologies

Question 1

What kind of tool is Wireshark?

Steganography

Malware

Protocol analyzer

Answer 1

Protocol analyzer

Wireshark is a protocol analyzer that can make visual displays of IP traffic

Question 2

There are reports of a worm going through your company that communicates to other nodes on port TCP/1337. What tool would you use to find infected nodes on your network?

Protocol analyzer

Advanced malware tool

Network scanner

Answer 2

Network scanner

A network scanner that searches for particular ports can help detect infected machines

Question 3

Why should you never use a network scanner on a network you are not authorized to scan?

A network scanner or port scanner is the same tool that an attacker would use.

It might crash the network switch.

Being too efficient at finding network information will cause you to get more work.

Answer 3

A network scanner or port scanner is the same tool that an attacker would use.

Because a network scanner operates the same way that an attacker would operate a port scanner against your network to search for vulnerable machines, many companies prohibit the use of a network scanner on any corporate machines

Question 4

Your manager comes to you with an audit finding that 85 percent of the machines on your network are vulnerable to a variety of different exploits. He wants you to verify the findings of the report. What would be the best tool for this?

Protocol analyzer

Network scanner

Vulnerability scanner

Answer 4

Vulnerability scanner

A vulnerability scanner is the best tool for the task. A protocol analyzer allows you to examine packets, not systems for vulnerabilities. A network scanner maps systems, but has limited vulnerability scanning capability

Question 5

What is the most common use of data sanitization tools?

Clearing web-form fields between user sessions

Erasing hard drives before computers are recycled

Removing PII from a database

Answer 5

Erasing hard drives before computers are recycled

The most common use of a data sanitization tool is to erase hard drives of any potential sensitive data before they are recycled

Question 6

Your organization has been hit with multiple targeted network attacks over the last few months resulting in two data breaches. To attempt to discover how the attackers are getting into your systems, you set up a few vulnerable virtual machines with fake data on them that look like the organization’s real machines. What defense mechanism have you built?

Passive sensors

DMZ

A honeynet

Answer 6

A honeynet

A honeynet is composed of several vulnerable machines deployed to purposely be attacked

Question 7

The tcpdump command-line tool is classified as which of the following?

Network scanner

Password cracker

Protocol analyzer

Answer 7

Protocol analyzer

The tcpdump command-line tool is a protocol analyzer that allows you to filter and display all the network traffic going to a machine, or save it in files for later viewing

Question 8

Why should you compare hashes of the files you download from the Internet to a library of known hash values?

It prevents the spread of malware by checking a file’s integrity.

It prevents you from running the incorrect application.

It protects the data stored in the file.

Answer 8

It prevents the spread of malware by checking a file’s integrity.

Comparing the file’s hash ensures that the file has not been altered from the known good file, which prevents the spread of malware because most changes are due to a virus being implanted in the file

Question 9

What two things can removable media control do to improve security?

Prevent data sharing and prevent executables from running

Prevent infiltration of malware and prevent exfiltration of data

Provide secure log storage and provide portable encryption

Answer 9

Prevent infiltration of malware and prevent exfiltration of data

Removable media control can prevent a path for malware to enter the organization, and can prevent the exfiltration of sensitive data from the organization

Question 10

Which of the following describes most network tools that are designed to detect an attack?

Active

Passive

Linux based

Answer 10

Passive

The majority of detection tools are passive, in that they wait for something in the environment to change as an indicator of an attack. Most tools have equivalents for both Windows and Linux, since the detection is not dependent upon the host system being attacked