Technologies and Tools (4) Flashcards
Sheila is responsible for data backups for all the company servers. She is concerned about frequency of backup and about security of the backup data. Which feature, found in some backup utility software, would be most important to her?
Using data encryption
Digitally signing the data
Using automated backup scheduling
Using data encryption
When backing up data, if you do not encrypt the data, then it would be possible for anyone to restore the backup and have access to all data you have backed up. Not all backup utilities include data encryption
Frank is a web server administrator for a large e-commerce company. He is concerned about someone using netcat to connect to the company web server and retrieving detailed information about the server. What best describes his concern?
Active reconnaissance
Banner grabbing
Vulnerability scanning
Banner grabbing
Banner grabbing is a process whereby someone connects to a target web server and attempts to gather information, literally grabbing the web services “banner.” This is often done by telnetting into the web server. It can also be done with netcat, using an HTTP request
Mike is responsible for testing security at his company. He is using a tool that identifies vulnerabilities and provides mechanisms to test them by attempting to exploit them. What best describes this type of tool?
Vulnerability scanner
Exploit framework
Metasploit
Exploit framework
Exploit frameworks are tools that provide a framework for finding vulnerabilities and then attempting to exploit those vulnerabilities. These tools are an important part of network security testing
William is a security officer for a large bank. When executives’ laptops are decommissioned, he wants to ensure that the data on those laptops is completely wiped so that it cannot be recovered, even using forensic tools. How many times should William wipe a hard drive?
3
5
7
7
US DoD data sanitization standard DoD 5220.22-M recommends an average of 7 complete wipes to wipe data. The standard has a matrix wherein you match the sensitivity of the data to a specific number of wipes, but the general rule is 7
You are responsible for firewalls in your organization. You are concerned about ensuring that all firewalls are properly configured. The gateway firewall is configured as follows: to only allow inbound traffic on a very few specific, required ports; all traffic (allowed or blocked) is logged and logs forwarded to the SIEM. What, if anything, is missing from this configuration?
Nothing, it is a good configuration.
Encrypting all traffic
Outbound connection rules
Outbound connection rules
Firewalls do block inbound traffic and can be configured to fine-tune that blocking. However, they can and should also be configured to handle outbound traffic. This can prevent data exfiltration and other breaches
Charles is responsible for security for web servers in his company. Some web servers are used for an internal intranet, and some for external websites. He has chosen to encrypt all web traffic, and he is using self-signed X.509 certificates. What, if anything, is wrong with this approach?
He cannot encrypt all HTTP traffic.
He should use PGP certificates.
He should not use self-signed certificates.
He should not use self-signed certificates.
X.509 is the most common standard for digital certificates. It is relatively easy to create your own self-signed certificate. However, if you use a self-signed certificate on a public website, everyone visiting the website will receive a security error message from their browser
You are responsible for the security of web servers at your company. You are configuring the WAF and want to allow only encrypted traffic to and from the web server, including traffic from administrators using a command-line interface. What should you do?
Open port 80 and 23, and block port 443.
Open port 443 and 23, and block port 80.
Open port 443 and 22, and block port 80 and 23.
Open port 443 and 22, and block port 80 and 23.
Port 442 is used for HTTPS, HTTP encrypted via TLS. Port 22 is used for secure shell (SSH), which is a secure, encrypted command-line interface often used by administrators. Port 80 is for unencrypted HTTP traffic. Port 23 is for telnet, an insecure command-line interface
Francis is a security administrator at a large law firm. She is concerned that confidential documents, with proprietary information, might be leaked. The leaks could be intentional or accidental. She is looking for a solution that would embed some identifying information into documents in such a way that it would not be seen by the reader but could be extracted with the right software. What technology would best meet Francis’s needs?
Symmetric encryption
Steganography
Hashing
Steganography
Steganography allows you to embed data, messages, or entire files in other files. It is common to use this to embed some identifying mark that would track the owner of the document and perhaps its originating location. Steganography can track confidential documents
You are responsible for the gateway firewall for your company. You need to configure a firewall to allow only email that is encrypted to be sent or received. What action should you take?
Allow ports 25, 110, and 143. Block ports 465, 993, and 995.
Block ports 25, 110, and 143. Allow ports 465, 993, and 995.
Block ports 465, 994, and 464. Allow ports 25, 110, and 80.
Block ports 25, 110, and 143. Allow ports 465, 993, and 995.
Port 465 is for Simple Mail Transfer Protocol Secure (SMTPS). Port 993 is for Internet Message Access Protocol Secure (IMAPS). Port 995 is for Post Office Protocol Secure (POP3S). By allowing these ports you allow encrypted email. Port 25 is for SMTP, unencrypted. Port 110 is for POP3 unencrypted. Ports 143 (or 220) can be used for IMAP unencrypted. By blocking these ports, you prevent unencrypted email traffic
Mark is responsible for security for a small bank. He has a firewall at the gateway as well as one at each network segment. Each firewall logs all accepted and rejected traffic. Mark checks each of these logs regularly. What is the first step Mark should take to improve his firewall configuration?
Integrate with SIEM.
Add a honeypot.
Integrate with AD.
Integrate with SIEM.
Each of these firewalls is logging all activity, but the logs are not centralized. This makes it quite difficult to monitor all logs. By integrating with an SIEM, all logs are centralized and Mark can get alerts for issues
You are setting up VPNs in your company. You are concerned that anyone running a packet sniffer could obtain metadata about the traffic. You have chosen IPSec. What mode should you use to accomplish your goals of preventing metadata being seen?
ESP
Tunneling
Transport
Tunneling
In IPSec, tunneling mode encrypts not only the packet data but the header as well. This prevents someone from determining what protocol the traffic is using, the packet sequence number, or other metadata
John is responsible for configuring security devices in his network. He has implemented a robust NIDS in his network. However, on two occasions the NIDS has missed a breach. What configuration issue should John address?
False negative
Port blocking
SPI
False negative
If an intrusion detection system is missing attacks (whether it is a NIDS or HIDS) this is a false negative. The IDS is incorrectly identifying traffic as not an attack. John needs to reconfigure to reduce false negatives
You are responsible for communications security at your company. Your company has a large number of remote workers, including traveling salespeople. You wish to make sure that when they connect to the network, it is in a secure manner. What should you implement?
IPSec VPN
Site-to-site VPN
Remote-access VPN
Remote-access VPN
Remote-access VPNs are used to allow users at diverse locations to remotely access the network via a secure connection. Traveling employees is a typical scenario in which a remote-access VPN would be used
Your company is issuing portable devices to employees for them to use for both work and personal use. This is done so the company can control the security of the devices. What, if anything, is an issue this process will cause?
Personal information being exposed
Company data being exfiltrated
Devices being insecurely configured
Personal information being exposed
Since employees use the Company-Owned Personally Enabled (COPE) device for personal use, the devices will have the employee’s personal information. This can lead to personal and private data being exposed to the company
Marsha is responsible for mobile device security. Her company uses COPE for mobile devices. All phones and tablets have a screen lock and GPS tagging. What is the next, most important step for Marsha to take to secure the phones?
Implement geofencing.
Implement application management.
Implement remote wipe.
Implement application management.
Application management is primarily concerned with ensuring only authorized and approved applications are installed on mobile devices. This would be the next logical step to perform. Control of which applications are allowed on the device is central to basic security
Valerie is responsible for mobile device security at her company. The company is using BYOD. She is concerned about employees’ personal device usage compromising company data on the phones. What technology would best address this concern?
Containerization
Screen lock
Full disk encryption
Containerization
Containerization establishes a secure, isolated area of the device that is also encrypted. It separates data and applications in the container from the rest of the phone. This would be the best way to segregate company data from personal data on BYOD
Jack is a chief information security officer (CISO) for a small marketing company. The company’s sales staff travel extensively and all use mobile devices. He has recently become concerned about sideloading. Which of the following best describes sideloading?
Installing applications to Android devices via USB
Loading software on any device via WiFi
Bypassing the screen lock
Installing applications to Android devices via USB
The term sideloading in general means to transfer data between two devices—more specifically, with mobile devices. It most often is associated with using the sideloading to install Android apps from places other than Google Play
You are responsible for DLP at a large company. Some employees have COPE and others BYOD. What DLP issue might these devices present?
COPE can be USB OTG.
BYOD can be USB OTG.
COPE and BYOD can be USB OTG.
COPE and BYOD can be USB OTG.
Whether the device is Company-Owned and Personally Enabled (COPE) or Bring Your Own Device (BYOD), any mobile device can be a USB On-the-Go (OTG) device. This means the device itself serves as a mass storage USB drive, and data can be exfiltrated on the device. This is a concern for data loss prevention (DLP)
John is responsible for network security at a large company. He is concerned about a variety of attacks but DNS poisoning in particular. Which of the following protocols would provide the most help in mitigating this issue?
IPSec
DNSSEC
L2TP
DNSSEC
Domain Name System Security Extensions (DNSSEC) is a suite of extensions that add security to the DNS protocol by enabling DNS responses to be validated. With DNSSEC, the DNS protocol is much less susceptible to certain types of attacks, particularly DNS spoofing attacks
You are responsible for network security at your company. You have discovered that NTP is not functioning properly. What security protocol will most likely be affected by this?
Radius
DNSSEC
Kerberos
Kerberos
Kerberos uses encrypted tickets with a time limit. Service tickets are usually limited to less than 5 minutes. The Key Distribution Center, client, and services all need to have time synchronized. If Network Time Protocol (NTP) is not functioning, it is possible that legitimate tickets may appear to have expired
Frank is concerned about DHCP starvation attacks. He is even more worried since he learned that anyone can download software called a “gobbler” and execute a DHCP starvation attack. What technology would most help him mitigate this risk?
Encrypt all DHCP communication with TLS.
FDE on the DHCP server
Network Address Allocation
Network Address Allocation
Network Address Allocation is the process of allocating network addresses. In a DHCP environment, this can be done to limit how many IP addresses are requested from a single network segment. For example, if a network segment has only 30 nodes, then no more than 30 addresses can be allocated to that segment. This would mitigate DHCP starvation
You are trying to allocate appropriate numbers of IP addresses for various subnets in your network. What would be the proper CIDR notation for an IP v4 subnet with 59 nodes?
/27
/24
/26
/26
This is really about network address allocation. Classless Inter-Domain Routing (CIDR) notation provides the number of bits that are masked for the network. Remaining bits are used for nodes. To determine the size of a subnet based in CIDR notation (/N), the formula is simple: [2 ^ (32 – N)] – 2. In this case, that is [2 ^ (32 – 26)] – 2 or (2 ^ 6) – 2, or 64 – 2, or 62 nodes
Lydia is trying to reduce costs at her company and at the same time centralize network administration and maintain direct control of the network. Which of the following solutions would provide the most network administration centralization and control while reducing costs?
Outsourcing network administration
IaaS
PaaS
IaaS
Infrastructure as a Service (IaaS) uses a third-party service and templates to provide the network infrastructure in a virtualized manner, but the client company still administers the network. By moving to a virtualized solution, administration is very centralized. By using IaaS, Lydia will reduce costs, but she will still maintain direct control
You are investigating a remote access protocol for your company to use. The protocol needs to fully encrypt the message, use reliable transport protocols, and support a range of network protocols. Which of the following would be the best choice?
RADIUS
Diameter
TACACS +
TACACS +
Terminal Access Controller Access Control System+ (TACACS+) is a remote access protocol. It uses TCP, which is a reliable transport protocol, and it fully encrypts the messages. TACACS+ also supports a range of network protocols
Carrol is responsible for network connectivity in her company. The sales department is transitioning to VoIP. What are two protocols she must allow through the firewall?
RADIUS and SNMP
TCP and UDP
SIP and RTP
SIP and RTP
Voice over IP (VoIP) is accomplished with at least two protocols. Session Initiation Protocol (SIP) is used to establish the call. Real-time Transport Protocol (RTP) is used to send the actual data. These two, at a minimum, must be allowed through the firewall. If there are secure calls, the Secure Real-time Transport Protocol (SRTP) would also need to be allowed
John is setting up all the database servers on their own subnet. He has placed them on 10.10.3.3/29. How many nodes can be allocated in this subnet?
16
8
6
6
Classless Inter-Domain Routing (CIDR) notation provides the number of bits that are masked for the network. Remaining bits are used for nodes. To determine the size of a subnet based in CIDR notation (/N), the formula is simple: [2 ^ (32 –N)] – 2. In this case, that is [2 ^ (32 – 29)] – 2, or (2 ^ 3) – 2, or 8 – 2, or 6 nodes
Carlos is a security manager for a small company that does medical billing and records management. He is using application blacklisting to prevent malicious applications from being installed. What, if anything, is the weakness with this approach?
None, this is the right approach.
It might block legitimate applications.
It might fail to block malicious applications.
It might fail to block malicious applications.
With application blacklisting, any application that is not on the blacklist is allowed. Since it is impossible to know all the malicious applications that exist in the world, this means that at least some malicious applications would not be blocked. A better approach is application whitelisting. In whitelisting, only those applications on the list can be installed
Joanne is a security administrator for a large company. She discovered that approximately 100 machines on her network were recently attacked by a major virus. She is concerned because there was a patch available that would have stopped the virus from having any impact. What is the best solution for her to implement on her network?
Installing patch management software
Using automatic updates
Putting unpatched machines on a Bridge
Installing patch management software
Patch management software is used to roll out patches to the network. Such software will also provide reports as to what machines are patched, which ones still have not been patched, and any issues with applying a patch
A review of your company’s network traffic shows that most of the malware infections are caused by users visiting illicit websites. You want to implement a solution that will block these websites, scan all web traffic for signs of malware, and block the malware before it enters the company network. Which of the following technologies would be the best solution?
IDS
Firewall
UTM
UTM
Unified Threat Management (UTM) combines multiple security services into one device. In this example, we have blocking (firewall), detection (IDS), and anti-malware all in one device
