Technologies and Tools Flashcards
You are implanting a new network for a small office environment. The network includes a domain controller, four resource servers, a network printer, a wireless access point, and three dozen client systems. In addition to standard network management devices, such as switches and routers, why would you want to deploy a firewall?
To watch for intrusions
To control traffic entering and leaving a network
To require strong passwords
To control traffic entering and leaving a network
Firewalls provide protection by controlling traffic entering and leaving a network; thus, this is an essential foundational security device that should be deployed in any network, large or small
As the security administrator for a moderate-sized network, you need to deploy security solutions to reduce the risk of a security breach. You elect to install a network-based IDS. However, after deployment you discover that the NIDS is not suitable for detecting which of the following?
Email spoofing
Denial-of-service attacks
Attacks against the network
Email spoofing
Network-based IDSs aren’t suitable for detecting email spoofing. Detecting email spoofing is not a feature of an NIDS because email is the payload of network communications and an NIDS mostly focuses on the headers of protocols. Furthermore, even those NIDS that do analyze payloads will often be unable to detect spoofed email elements if those elements are technically valid (such as proper values) and represent real entities (although not the actual author and sender of the message)
Illegal or unauthorized zone transfers are a significant and direct threat to what type of network server?
Web
DHCP
DNS
DNS
Illegal or unauthorized zone transfers are a significant and direct threat to DNS servers. If a zone transfer is performed against an internal DNS server by an outsider, the result is the leakage of information about every system with an IP address. This is due to the fact that most internal networks use LDAP-based directory services, LDAP is DNS-based, and DHCP auto-registers devices with LDAP and DNS
What mechanism of loop protection is based on an element in a protocol header?
Spanning Tree Protocol
Ports
Time to live
Time to live
Time to live (TTL) is a value in the IP header used to prevent loops at Layer 3. The TTL value sets the maximum number of routers that an IP packet will traverse before it is discarded if it has not reached its intended destination. Each router will decrement the TTL by 1, then check to see if the result is a non-zero value (to then forward the packet) or a zero value (to discard the packet). If the packet is discarded due to TTL exhaustion, the router will create an ICMP Type 11 Timeout Exceeded message, which is sent to the originator of the discarded communication
What type of wireless antenna can be used to send or receive signals in any direction?
Cantenna
Yagi
Rubber duck
Rubber duck
A rubber duck antenna is an omnidirectional antenna. Cantenna, Yagi, and panel antennas are all examples of directional antennae
What mechanism of wireless security is based on AES?
TKIP
CCMP
LEAP
CCMP
Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP) is based on the AES encryption scheme
What technology provides an organization with the best control over BYOD equipment?
Encrypted removable storage
Mobile device management
Geotagging
Mobile device management
Mobile device management (MDM) is a software solution to the challenging task of managing the myriad mobile devices that employees use to access company resources. The goals of MDM are to improve security, provide monitoring, enable remote management, and support troubleshooting. Not all mobile devices support removable storage, and even fewer support encrypted removable storage. Geotagging is used to mark photos and social network posts, not for BYOD management. Application whitelisting may be an element of BYOD management, but it is only part of a full MDM solution
What is the most effective means to reduce the risk of losing the data on a mobile device, such as a notebook computer?
Encrypt the hard drive.
Minimize sensitive data stored on the mobile device.
Use a cable lock.
Minimize sensitive data stored on the mobile device.
The risk of a lost or stolen notebook is the data loss, not the loss of the system itself. Thus, keeping minimal sensitive data on the system is the only way to reduce the risk. Hard drive encryption, cable locks, and strong passwords, although good ideas, are preventive tools, not means of reducing risk. They don’t keep intentional and malicious data compromise from occurring; instead, they encourage honest people to stay honest
Which security stance will be most successful at preventing malicious software execution?
Deny by exception
Whitelisting
Allow by default
Whitelisting
Whitelisting is a security option that prohibits unauthorized software from being able to execute. Whitelisting is also known as deny by default or implicit deny. Blacklisting, also known as deny by exception or allow by default, is the least successful means of preventing malware execution
LDAP operates over what TCP ports?
636 and 389
110 and 25
443 and 80
636 and 389
LDAP operates over TCP ports 636 and 389. POP3 and SMTP operate over TCP ports 110 and 25, respectively. TLS operates over TCP ports 443 and 80 (SSL operates only over TCP port 443; HTTP operates over TCP port 80). FTP operates over TCP ports 20 and 21
What type of NAC agent is written in a web or mobile language and is temporarily executed on a system only when the specific management page is accessed?
Permanent
Dissolvable
Passive
Dissolvable
NAC agents can be dissolvable or permanent. A dissolvable NAC agent is usually written in a web/mobile language, such as Java or ActiveX, and is downloaded and executed to each local machine when the specific management web page is accessed. The dissolvable NAC agent can be set to run once and then terminate or remain resident in memory until the system reboots. A permanent NAC agent is installed on the monitored system as a persistent software background service
What is the purpose or use of a media gateway?
It is a fictitious environment designed to fool attackers and intruders and lure them away from the private secured network.
It is used to spread or distribute network traffic load across several network links or network devices.
It is any device or service that converts data from one communication format to another.
It is any device or service that converts data from one communication format to another.
A media gateway is any device or service that converts data from one communication format to another. A media gateway is often located at the intersection of two different types of networks. Media gateways are commonly used with VoIP systems, where a conversion from IP-based communications to analog or digital is needed
Which of the following is true regarding an exploitation framework? (Select all that apply.)
Is a passive scanner
Fully exploits vulnerabilities
Only operates in an automated fashion
Allows for customization of test elements
Represents additional risk to the environment
Can only assess systems over IPv4
Fully exploits vulnerabilities
Allows for customization of test elements
Represents additional risk to the environment
An exploitation framework is a vulnerability scanner that is able to fully exploit the weaknesses it discovers. It can be an automated or manual exploit assessment tool. Often an exploitation framework allows for customization of the test elements as well as the crafting of new tests to deploy against your environment’s targets. An exploitation framework does have additional risk compared to that of a vulnerability scanner, since it attempts to fully exploit any discovered weaknesses
What is the purpose of a banner grabbing activity?
Detecting the presence of a wireless network
Capturing the initial response or welcome message from a network service that may directly or indirectly reveal its identity
Preventing access to a network until the client has accepted use terms or fully authenticated
Capturing the initial response or welcome message from a network service that may directly or indirectly reveal its identity
Banner grabbing is the process of capturing the initial response or welcome message from a network service. A banner grab occurs when a request for data or identity is sent to a service on an open port and that service responds with information that may directly or indirectly reveal its identity
How are effective permissions determined or calculated?
Accumulate allows, remove any denials
Count the number of users listed in the ACL
View the last access time stamp of the asset
Accumulate allows, remove any denials
Determining effective permissions is accomplished by accumulating the grants or allows of permissions, either through group memberships or to the user account directly, and then removing any denials of permissions
