Technologies and Tools (4)

Question 1

Sheila is responsible for data backups for all the company servers. She is concerned about frequency of backup and about security of the backup data. Which feature, found in some backup utility software, would be most important to her?

Using data encryption

Digitally signing the data

Using automated backup scheduling

Answer 1

Using data encryption

When backing up data, if you do not encrypt the data, then it would be possible for anyone to restore the backup and have access to all data you have backed up. Not all backup utilities include data encryption

Question 2

Frank is a web server administrator for a large e-commerce company. He is concerned about someone using netcat to connect to the company web server and retrieving detailed information about the server. What best describes his concern?

Active reconnaissance

Banner grabbing

Vulnerability scanning

Answer 2

Banner grabbing

Banner grabbing is a process whereby someone connects to a target web server and attempts to gather information, literally grabbing the web services “banner.” This is often done by telnetting into the web server. It can also be done with netcat, using an HTTP request

Question 3

Mike is responsible for testing security at his company. He is using a tool that identifies vulnerabilities and provides mechanisms to test them by attempting to exploit them. What best describes this type of tool?

Vulnerability scanner

Exploit framework

Metasploit

Answer 3

Exploit framework

Exploit frameworks are tools that provide a framework for finding vulnerabilities and then attempting to exploit those vulnerabilities. These tools are an important part of network security testing

Question 4

William is a security officer for a large bank. When executives’ laptops are decommissioned, he wants to ensure that the data on those laptops is completely wiped so that it cannot be recovered, even using forensic tools. How many times should William wipe a hard drive?

3

5

7

Answer 4

7

US DoD data sanitization standard DoD 5220.22-M recommends an average of 7 complete wipes to wipe data. The standard has a matrix wherein you match the sensitivity of the data to a specific number of wipes, but the general rule is 7

Question 5

You are responsible for firewalls in your organization. You are concerned about ensuring that all firewalls are properly configured. The gateway firewall is configured as follows: to only allow inbound traffic on a very few specific, required ports; all traffic (allowed or blocked) is logged and logs forwarded to the SIEM. What, if anything, is missing from this configuration?

Nothing, it is a good configuration.

Encrypting all traffic

Outbound connection rules

Answer 5

Outbound connection rules

Firewalls do block inbound traffic and can be configured to fine-tune that blocking. However, they can and should also be configured to handle outbound traffic. This can prevent data exfiltration and other breaches

Question 6

Charles is responsible for security for web servers in his company. Some web servers are used for an internal intranet, and some for external websites. He has chosen to encrypt all web traffic, and he is using self-signed X.509 certificates. What, if anything, is wrong with this approach?

He cannot encrypt all HTTP traffic.

He should use PGP certificates.

He should not use self-signed certificates.

Answer 6

He should not use self-signed certificates.

X.509 is the most common standard for digital certificates. It is relatively easy to create your own self-signed certificate. However, if you use a self-signed certificate on a public website, everyone visiting the website will receive a security error message from their browser

Question 7

You are responsible for the security of web servers at your company. You are configuring the WAF and want to allow only encrypted traffic to and from the web server, including traffic from administrators using a command-line interface. What should you do?

Open port 80 and 23, and block port 443.

Open port 443 and 23, and block port 80.

Open port 443 and 22, and block port 80 and 23.

Answer 7

Open port 443 and 22, and block port 80 and 23.

Port 442 is used for HTTPS, HTTP encrypted via TLS. Port 22 is used for secure shell (SSH), which is a secure, encrypted command-line interface often used by administrators. Port 80 is for unencrypted HTTP traffic. Port 23 is for telnet, an insecure command-line interface

Question 8

Francis is a security administrator at a large law firm. She is concerned that confidential documents, with proprietary information, might be leaked. The leaks could be intentional or accidental. She is looking for a solution that would embed some identifying information into documents in such a way that it would not be seen by the reader but could be extracted with the right software. What technology would best meet Francis’s needs?

Symmetric encryption

Steganography

Hashing

Answer 8

Steganography

Steganography allows you to embed data, messages, or entire files in other files. It is common to use this to embed some identifying mark that would track the owner of the document and perhaps its originating location. Steganography can track confidential documents

Question 9

You are responsible for the gateway firewall for your company. You need to configure a firewall to allow only email that is encrypted to be sent or received. What action should you take?

Allow ports 25, 110, and 143. Block ports 465, 993, and 995.

Block ports 25, 110, and 143. Allow ports 465, 993, and 995.

Block ports 465, 994, and 464. Allow ports 25, 110, and 80.

Answer 9

Block ports 25, 110, and 143. Allow ports 465, 993, and 995.

Port 465 is for Simple Mail Transfer Protocol Secure (SMTPS). Port 993 is for Internet Message Access Protocol Secure (IMAPS). Port 995 is for Post Office Protocol Secure (POP3S). By allowing these ports you allow encrypted email. Port 25 is for SMTP, unencrypted. Port 110 is for POP3 unencrypted. Ports 143 (or 220) can be used for IMAP unencrypted. By blocking these ports, you prevent unencrypted email traffic

Question 10

Mark is responsible for security for a small bank. He has a firewall at the gateway as well as one at each network segment. Each firewall logs all accepted and rejected traffic. Mark checks each of these logs regularly. What is the first step Mark should take to improve his firewall configuration?

Integrate with SIEM.

Add a honeypot.

Integrate with AD.

Answer 10

Integrate with SIEM.

Each of these firewalls is logging all activity, but the logs are not centralized. This makes it quite difficult to monitor all logs. By integrating with an SIEM, all logs are centralized and Mark can get alerts for issues

Question 11

You are setting up VPNs in your company. You are concerned that anyone running a packet sniffer could obtain metadata about the traffic. You have chosen IPSec. What mode should you use to accomplish your goals of preventing metadata being seen?

ESP

Tunneling

Transport

Answer 11

Tunneling

In IPSec, tunneling mode encrypts not only the packet data but the header as well. This prevents someone from determining what protocol the traffic is using, the packet sequence number, or other metadata

Question 12

John is responsible for configuring security devices in his network. He has implemented a robust NIDS in his network. However, on two occasions the NIDS has missed a breach. What configuration issue should John address?

False negative

Port blocking

SPI

Answer 12

False negative

If an intrusion detection system is missing attacks (whether it is a NIDS or HIDS) this is a false negative. The IDS is incorrectly identifying traffic as not an attack. John needs to reconfigure to reduce false negatives

Question 13

You are responsible for communications security at your company. Your company has a large number of remote workers, including traveling salespeople. You wish to make sure that when they connect to the network, it is in a secure manner. What should you implement?

IPSec VPN

Site-to-site VPN

Remote-access VPN

Answer 13

Remote-access VPN

Remote-access VPNs are used to allow users at diverse locations to remotely access the network via a secure connection. Traveling employees is a typical scenario in which a remote-access VPN would be used

Question 14

Your company is issuing portable devices to employees for them to use for both work and personal use. This is done so the company can control the security of the devices. What, if anything, is an issue this process will cause?

Personal information being exposed

Company data being exfiltrated

Devices being insecurely configured

Answer 14

Personal information being exposed

Since employees use the Company-Owned Personally Enabled (COPE) device for personal use, the devices will have the employee’s personal information. This can lead to personal and private data being exposed to the company

Question 15

Marsha is responsible for mobile device security. Her company uses COPE for mobile devices. All phones and tablets have a screen lock and GPS tagging. What is the next, most important step for Marsha to take to secure the phones?

Implement geofencing.

Implement application management.

Implement remote wipe.

Answer 15

Implement application management.

Application management is primarily concerned with ensuring only authorized and approved applications are installed on mobile devices. This would be the next logical step to perform. Control of which applications are allowed on the device is central to basic security

Question 16

Valerie is responsible for mobile device security at her company. The company is using BYOD. She is concerned about employees’ personal device usage compromising company data on the phones. What technology would best address this concern?

Containerization

Screen lock

Full disk encryption

Answer 16

Containerization

Containerization establishes a secure, isolated area of the device that is also encrypted. It separates data and applications in the container from the rest of the phone. This would be the best way to segregate company data from personal data on BYOD

Question 17

Jack is a chief information security officer (CISO) for a small marketing company. The company’s sales staff travel extensively and all use mobile devices. He has recently become concerned about sideloading. Which of the following best describes sideloading?

Installing applications to Android devices via USB

Loading software on any device via WiFi

Bypassing the screen lock

Answer 17

Installing applications to Android devices via USB

The term sideloading in general means to transfer data between two devices—more specifically, with mobile devices. It most often is associated with using the sideloading to install Android apps from places other than Google Play

Question 18

You are responsible for DLP at a large company. Some employees have COPE and others BYOD. What DLP issue might these devices present?

COPE can be USB OTG.

BYOD can be USB OTG.

COPE and BYOD can be USB OTG.

Answer 18

COPE and BYOD can be USB OTG.

Whether the device is Company-Owned and Personally Enabled (COPE) or Bring Your Own Device (BYOD), any mobile device can be a USB On-the-Go (OTG) device. This means the device itself serves as a mass storage USB drive, and data can be exfiltrated on the device. This is a concern for data loss prevention (DLP)

Question 19

John is responsible for network security at a large company. He is concerned about a variety of attacks but DNS poisoning in particular. Which of the following protocols would provide the most help in mitigating this issue?

IPSec

DNSSEC

L2TP

Answer 19

DNSSEC

Domain Name System Security Extensions (DNSSEC) is a suite of extensions that add security to the DNS protocol by enabling DNS responses to be validated. With DNSSEC, the DNS protocol is much less susceptible to certain types of attacks, particularly DNS spoofing attacks

Question 20

You are responsible for network security at your company. You have discovered that NTP is not functioning properly. What security protocol will most likely be affected by this?

Radius

DNSSEC

Kerberos

Answer 20

Kerberos

Kerberos uses encrypted tickets with a time limit. Service tickets are usually limited to less than 5 minutes. The Key Distribution Center, client, and services all need to have time synchronized. If Network Time Protocol (NTP) is not functioning, it is possible that legitimate tickets may appear to have expired

Question 21

Frank is concerned about DHCP starvation attacks. He is even more worried since he learned that anyone can download software called a “gobbler” and execute a DHCP starvation attack. What technology would most help him mitigate this risk?

Encrypt all DHCP communication with TLS.

FDE on the DHCP server

Network Address Allocation

Answer 21

Network Address Allocation

Network Address Allocation is the process of allocating network addresses. In a DHCP environment, this can be done to limit how many IP addresses are requested from a single network segment. For example, if a network segment has only 30 nodes, then no more than 30 addresses can be allocated to that segment. This would mitigate DHCP starvation

Question 22

You are trying to allocate appropriate numbers of IP addresses for various subnets in your network. What would be the proper CIDR notation for an IP v4 subnet with 59 nodes?

/27

/24

/26

Answer 22

/26

This is really about network address allocation. Classless Inter-Domain Routing (CIDR) notation provides the number of bits that are masked for the network. Remaining bits are used for nodes. To determine the size of a subnet based in CIDR notation (/N), the formula is simple: [2 ^ (32 – N)] – 2. In this case, that is [2 ^ (32 – 26)] – 2 or (2 ^ 6) – 2, or 64 – 2, or 62 nodes

Question 23

Lydia is trying to reduce costs at her company and at the same time centralize network administration and maintain direct control of the network. Which of the following solutions would provide the most network administration centralization and control while reducing costs?

Outsourcing network administration

IaaS

PaaS

Answer 23

IaaS

Infrastructure as a Service (IaaS) uses a third-party service and templates to provide the network infrastructure in a virtualized manner, but the client company still administers the network. By moving to a virtualized solution, administration is very centralized. By using IaaS, Lydia will reduce costs, but she will still maintain direct control

Question 24

You are investigating a remote access protocol for your company to use. The protocol needs to fully encrypt the message, use reliable transport protocols, and support a range of network protocols. Which of the following would be the best choice?

RADIUS

Diameter

TACACS +

Answer 24

TACACS +

Terminal Access Controller Access Control System+ (TACACS+) is a remote access protocol. It uses TCP, which is a reliable transport protocol, and it fully encrypts the messages. TACACS+ also supports a range of network protocols

Question 25

Carrol is responsible for network connectivity in her company. The sales department is transitioning to VoIP. What are two protocols she must allow through the firewall?

RADIUS and SNMP

TCP and UDP

SIP and RTP

Answer 25

SIP and RTP

Voice over IP (VoIP) is accomplished with at least two protocols. Session Initiation Protocol (SIP) is used to establish the call. Real-time Transport Protocol (RTP) is used to send the actual data. These two, at a minimum, must be allowed through the firewall. If there are secure calls, the Secure Real-time Transport Protocol (SRTP) would also need to be allowed

Question 26

John is setting up all the database servers on their own subnet. He has placed them on 10.10.3.3/29. How many nodes can be allocated in this subnet?

16

8

6

Answer 26

6

Classless Inter-Domain Routing (CIDR) notation provides the number of bits that are masked for the network. Remaining bits are used for nodes. To determine the size of a subnet based in CIDR notation (/N), the formula is simple: [2 ^ (32 –N)] – 2. In this case, that is [2 ^ (32 – 29)] – 2, or (2 ^ 3) – 2, or 8 – 2, or 6 nodes

Question 27

Carlos is a security manager for a small company that does medical billing and records management. He is using application blacklisting to prevent malicious applications from being installed. What, if anything, is the weakness with this approach?

None, this is the right approach.

It might block legitimate applications.

It might fail to block malicious applications.

Answer 27

It might fail to block malicious applications.

With application blacklisting, any application that is not on the blacklist is allowed. Since it is impossible to know all the malicious applications that exist in the world, this means that at least some malicious applications would not be blocked. A better approach is application whitelisting. In whitelisting, only those applications on the list can be installed

Question 28

Joanne is a security administrator for a large company. She discovered that approximately 100 machines on her network were recently attacked by a major virus. She is concerned because there was a patch available that would have stopped the virus from having any impact. What is the best solution for her to implement on her network?

Installing patch management software

Using automatic updates

Putting unpatched machines on a Bridge

Answer 28

Installing patch management software

Patch management software is used to roll out patches to the network. Such software will also provide reports as to what machines are patched, which ones still have not been patched, and any issues with applying a patch

Question 29

A review of your company’s network traffic shows that most of the malware infections are caused by users visiting illicit websites. You want to implement a solution that will block these websites, scan all web traffic for signs of malware, and block the malware before it enters the company network. Which of the following technologies would be the best solution?

IDS

Firewall

UTM

Answer 29

UTM

Unified Threat Management (UTM) combines multiple security services into one device. In this example, we have blocking (firewall), detection (IDS), and anti-malware all in one device