Technologies and Tools (2) Flashcards
You are concerned about an attacker enumerating all of your network. What protocol might help at least mitigate this issue?
HTTPS
IPSec
LDAPS
LDAPS
Lightweight Directory Access Protocol Secure (LDAPS) would at least mitigate the risk. LDAP is a directory of the network (computers, users, etc.). Securing that would help mitigate network enumeration
You have been asked to implement a secure protocol for transferring files that uses digital certificates. Which protocol would be the best choice?
FTP
SFTP
FTPS
FTPS
FTPS is File Transfer Protocol with SSL/TLS and uses digital certificates to secure file transfer
Ahmed is responsible for VoIP at his company. He has been directed to ensure that all VoIP calls have the option to be encrypted. What protocol is best suited for security VoIP calls?
SIP
TLS
SRTP
SRTP
Secure Real-Time Transport Protocol (SRTP) is used to encrypt and secure RTP. RTP is the protocol for transmitting VoIP
What is the purpose of screen locks on mobile devices?
To encrypt the device
To limit access to the device
To load a specific user’s apps
To limit access to the device
A screen lock limits access to users who know the code
Maria is a security engineer with a large bank. Her CIO has asked her to investigate the use of context-aware authentication for online banking. Which of the following best describes context-aware authentication?
In addition to username and password, authentication is based on the entire context (location, time of day, action being attempted, etc.).
Without a username or password, authentication is based on the entire context (location, time of day, action being attempted, etc.).
Authentication that requires a username and password, but in the context of a token or digital certificate
In addition to username and password, authentication is based on the entire context (location, time of day, action being attempted, etc.).
Context-aware authentication does still require a username and password, but in addition to those criteria, it examines the user’s location, time of day they are logging in, computer they are logging in from, what they are trying to do, and so forth
What does application management accomplish for mobile devices?
Only allows applications from the iTunes store to be installed
Ensures the company has a list of all applications on the devices
Ensures only approved applications are installed on the devices
Ensures only approved applications are installed on the devices
Application management is primarily concerned with ensuring only authorized and approved applications are installed on mobile devices
Dominick is responsible for security at a medium-sized insurance company. He is very concerned about detecting intrusions. The IDS he has purchased states that he must have an IDS on each network segment. What type of IDS is this?
IPS
Passive
Inline
Inline
An inline IDS is actually in the traffic line (i.e., on the network segment where traffic is)
Remote employees at your company frequently need to connect to both the secure company network via VPN and open public websites, simultaneously. What technology would best support this?
Split tunnel
IPSec
Full tunnel
Split tunnel
Split tunneling allows a mobile user to access dissimilar security domains like a public network (e.g., the Internet) and a local LAN or WAN at the same time
Denish is looking for a solution that will allow his network to retrieve information from a wide range of web resources, while all traffic passes through a proxy. What would be the best solution?
Forward proxy
Reverse proxy
SPI
Forward proxy
A forward proxy is a single location that provides access to a wide range of web sources
Someone has been rummaging through your company’s trash bins seeking to find documents, diagrams, or other sensitive information that has been thrown out. What is this called?
Dumpster diving
Trash diving
Social engineering
Dumpster diving
This is the term for rummaging through the waste/trash
Derrick is responsible for a web server cluster at his company. The cluster uses various load-balancing protocols. Derrick wants to ensure that clients connecting from Europe are directed to a specific server in the cluster. What would be the best solution to his problem?
Affinity
Binding
Load balancing
Affinity
Affinity load balancing ties certain users or groups of users to a specific server so they will be routed to that server if possible
Teresa is responsible for WiFi security in her company. Her main concern is that there are many other offices in the building her company occupies and that someone could easily attempt to breach their WiFi from one of these locations. What technique would be best in alleviating her concern?
Using thin WAPs
Geofencing
WAP placement
WAP placement
Placing the WAPs carefully so as to provide the best coverage for the company, with minimum overlap outside the company, will be the best way to keep those in adjacent offices from attempting to breach the WiFi. When placing WAPs for the best coverage, one needs to focus on signal strength to ensure there is no gaps between WPAs
Juan is responsible for the SIEM in his company. The SIEM aggregates logs from 12 servers. In the event that a breach is discovered, which of the following would be Juan’s most important concern?
Event duplication
Impact assessment
Correlation
Correlation
Correlating the events from the servers related to the breach would be the most important issue to address for the SIEM manager
When you are considering an NIDS or NIPS, what are your two most important concerns?
Cost and false positives
False positives and false negatives
Power consumption and cost
False positives and false negatives
The total number of erroneous reports (i.e., false positives and false negatives) is the biggest concern because this determines effectiveness of the system
Shelly is very concerned about unauthorized users connecting to the company routers. She would like to prevent spoofing. What is the most essential antispoofing technique for routers?
ACL
Logon
NIPS
ACL
Access control lists are Cisco’s primary recommendation to prevent spoofing on routers. ACLs limit access to the router and its functionality
Farès has implemented a flood guard. What type of attack is this most likely to defend against?
SYN attack
DNS poisoning
MAC spoofing
SYN attack
A SYN attack is a type of flooding attack that is a denial of service. Flood guards are either stand-alone or, more often, part of a firewall, and they prevent flooding attacks
Terrance is trying to get all of his users to connect to a certificate server on his network. However, some of the users are using machines that are incompatible with the certificate server, and changing those machines is not an option. Which of the following would be the best solution for Terrance?
Use an application proxy for the certificate server.
Use NAT with the certificate server.
Change the server.
Use an application proxy for the certificate server.
An application proxy server is often used when the client and the server are incompatible for direct connection with the server
John is implementing virtual IP load-balancing. He thinks this might alleviate network slowdowns, and perhaps even mitigate some of the impact of a denial-of-service attack. What is the drawback of virtual IP load-balancing?
It is resource-intensive.
Most servers don’t support it.
It is connection-based, not load-based.
It is connection-based, not load-based.
Virtual IP load balancing does not take the load of each interface into account and assumes all loads are essentially similar
There has been a breach of the ACME network. John manages the SIEM at ACME. Part of the attack disrupted NTP; what SIEM issue would this most likely impact?
Time synchronization
Correlation
Event duplication
Time synchronization
If Network Time Protocol (NTP) is disrupted, then the various servers that forward logs to the SIEM might not have the same time. This could lead to events that actually took place at the same time appearing to have occurred at different times
You are a security officer for a large law firm. You are concerned about data loss prevention. You have limited the use of USBs and other portable media, you use an IDS to look for large volumes of outbound data, and a guard searches all personnel and bags before they leave the building. What is a key step in DLP that you have missed?
Portable drives
Bluetooth
An insider could send out data as an email attachment
Which of the following email security measures would have the most impact on phishing emails?
Email encryption
Digitally signing email
Spam filter
Spam filter
Phishing emails are often sent out to masses of people and a spam filter would block at least some of that, thus reducing the phishing email attacks
Joanne has implemented TLS for communication with many of her networks servers. She wants to ensure that the traffic cannot be sniffed. However, users now complain that this is slowing down connectivity. Which of the following is the best solution?
Increase RAM on servers.
Change routers to give more bandwidth to traffic to these servers.
Implement TLS accelerators.
Implement TLS accelerators.
A TLS accelerator is a processor that handles processing, specifically processor-intensive public-key encryption for Transport Layer Security (TLS). This should significantly improve server responsiveness
Olivia has discovered steganography tools on an employee’s computer. What is the greatest concern regarding employees having steganography tools?
Password cracking
Data exfiltration
Hiding network traffic
Data exfiltration
An employee could hide sensitive data in files using steganography and then exfiltrate that data
John has discovered that an attacker is trying to get network passwords by using software that attempts a number of passwords from a list of common passwords. What type of attack is this?
Dictionary
Rainbow table
Brute force
Dictionary
This is an example of a dictionary attack. The attacker uses a list of words that are believed to be likely passwords
Isabella has found netcat installed on an employee’s computer. That employee is not authorized to have netcat. What security concern might this utility present?
It is a password cracker.
It is a packet sniffer.
It is a network communication utility.
It is a network communication utility.
Netcat is a tool widely used by network administrators to establish communication between two machines. Having netcat on a machine could indicate an intruder has compromised that machine and installed netcat as a backdoor, or that the employee is setting up covert communication channels
Omar is a network administrator for ACME Company. He is responsible for the certificate authorities within the corporate network. The CAs publish their CRLs once per week. What, if any, security issue might this present?
Revoked certificates still being used
Invalid certificates being issued
Certificates with weak keys
Revoked certificates still being used
The certificate revocation list designates certificates that have been revoked for some reason. Those certificates should no longer be used. But if the CRL is published only once per week, then a revoked certificate could potentially be used for up to a week after being revoked
Hans is a network administrator for a large bank. He is concerned about employees violating software licenses. What would be the first step in addressing this issue?
Performing software audits
Scanning the network for installed applications
Establishing clear policies
Establishing clear policies
A clear security policy must be created that explains software licensing and the company processes for software licensing. Without clear policies, any other countermeasures will be less effective
You are responsible for authentication methods at your company. You have implemented fingerprint scanners to enter server rooms. Frequently people are being denied access to the server room, even though they are authorized. What problem is this?
FAR
FRR
CER
FRR
The false rejection rate (FRR) is the rate at which authentication attempts are rejected when they should have succeeded. When you are getting a high number of authorized individuals being denied access, that is due to an FRR that is too high
John is responsible for network security at a very small company. Due to both budget constraints and space constraints, John can select only one security device. What should he select?
Antivirus
IDS
UTM
UTM
Unified threat management (UTM) combines multiple security services into one device. It is common for a UTM to have firewall, antivirus, and IDS services all in one device
