Security

What is Authentication?

Proves Identity

What is Authorization?

Identifies resources a user can access.

What is Availability?

Ensures that data is accessible to authorized users.

What is Confidentiality?

Ensures that only authorized parties can view information.

What is exploiting?

To take advantage of a vulnerability.

What is integrity?

Ensures that information is correct and that no unauthorized users or malicious software has altered the data.

ActiveX downloads to a computer and does not run in a sandbox?True False

True

Examples of Bluesnarfing?

Accessing calendars and contacts via bluetooth w/o perms.

What is bluejacking?

Sending business cards via bluetooth in range.

What is a zone transfer?

Transfer of info between DNS servers. (exchanging info)

What is SNMP?

Protocol used to manage network devices.

What is TKIP and what does it replace?

Temporal Key Integrity Protocol is an encryption technology used to replace WEP.

What is RC4?

Cipher algorithm used in WEP, Replaces one char with another char.

What is the mnemonics for symmetric keys?

I had a REALLY COOL IDEA (RC4,5,&6) to walk around the BLOCK (BLOCK CYPHER) and CAST in a STREAM (STREAM CYPHER) for some FISH. I caught TWOFISH that were BLOWFISH and in fact it wasn�t a really cool idea, I thought it was my DEStiny. (DES, 3DES and AES)

What are the disadvantages of using symmetric encryption over asymmetric encryption?

1.Inability to support non-repudiation: Since both the sender and receiver use the same key, it is difficult to determine who is the sender, should a dispute arise.2.Impractical for web commerce: Imagine thousands of customers buying goods and services over the Internet. If symmetric encryption standard is used, one unique private key-pair needs to be used for each user. It is therefore, impractical.3.Another major difficult is with the transmission of private key. With symmetric encryption, the private key needs to be transmitted to the other party for decryption, which may pose security risk.

Asymmetric keys use how many keys?

2 keys creates digital signatures, PUBLIC KEY CRYPTO!RSA, DIFFIE-HELLMAN and ECC.

What are the steps involved with CHAP?

CHAP (Challenge Handshake Authentication Protocol) works on point to point connections. It uses a three step process for authentication (excluding making the connection itself). If making the connection is also involved, it would be a 4 step process.

PGP can be used to encrypt ip phone calls and emails?True False

TRUE

TPM does what?

It stores and generates CRYPTO keys.

What are MAC�s?

Message Authentication Codes (MACs), also called "keyed hashes", are used to verify the authenticity of a message. Let us say, Jane (the sender of a message) and Mike (the recipient) share a secret key. Jane uses the message and the key to compute the MAC, and sends the MAC along with the message. When Mike receives the message, he computes the MAC, and then checks to see if his MAC matches Jane�s. If it does, then he knows the message is from Jane and that nobody has changed it since she sent it

What are hashing algorithms and what are they used for?

Hashing is a ONE-WAY hash, creates a UNIQUE signature for a set of DATA. Hashing is used for integrity.Hash Algorithms: Hash algorithms produce a hash of a message and encrypt it. They use a mathematical formula for hashing, and it is extremely difficult to tamper with the message and still produce the same hash. Basically, Hashing enable a recipient to check whether a message is received intact without being tampered by a third party.

Authenticity does what?

Provides proof of genuineness of the user.

What is a ONE-TIME PAD?

Combining a truly random key with plaintext.

What is a stream-chipher?

Replaces a char letter for letter.

Asymmetric keys use what?

Two mathematically related keys. Public to encrypt and private to decrypt.

Remote Access policies provide what?

Authorization

Where is the RA policies stored?

On the AUTHoriztion and AUTHentication servers.

Kerberos is what? 88

A single sign-on and is used to verify network users.The following are the important properties of Kerberos:1.It uses symmetric encryption2.Tickets are time stamped3.Passwords are not sent over the network

Digital certs contain what?

Owner name, public key, name of issuer, digital sig of issuer, serial # and expiration date. can be created by using asymmetric keys

What is a CRL?

Certificate Revocation List

What is PKI?

Public key Infrastructure. Digital signature management.

What is Key escrow?

Private keys are slit in half. and each is encrypted.

What is the MAC?

Mandatory Access Control (MAC) secures information by assigning sensitivity labels on objects (resources) and comparing this to the level of sensitivity a subject (user) is operating at. MAC ensures that all users only have access to that data for which they have matching or greater security label (or security clearance). In general, MAC access control mechanisms are more secure than DAC. MAC is usually appropriate for extremely secure systems including multilevel secure military applications or mission critical data applications.

What is RoAC? Real-world approach...

Role Based Access Control (RBAC): In Role-Based Access Control (RBAC), access decisions are based on an individual's roles and responsibilities within the organization. For instance, in a corporation, the different roles of users may include those such as chief executive, manager, executive, and clerk. Obviously, these members require different levels of access in order to perform their functions, but also the types of web transactions and their allowed context vary greatly depending on the security policy. In Role Based Access Control, the administrator sets the roles. Therefore, this type of access control is sometimes considered as a subset of MAC.

What is DAC?

Discretionary Access Control (DAC): Discretionary Access Control (DAC) is a means of restricting access to information based on the identity of users and/or membership in certain groups. Access decisions are typically based on the authorizations granted to a user based on the credentials he presented at the time of authentication (user name, password, hardware/software token, etc.). In most typical DAC models, the owner of information or any resource is able to change its permissions at his discretion. DAC has the drawback of the administrators not being able to centrally manage these permissions on files/information stored on the web server.

RuAC

Rule Based Access Control (RBAC): The access to a resource in Rule Based Access Control is based a set of rules. ACLs (Access Control Lists) are used for this type of access control. In Rule Based Access Control, the administrator sets the rules. Therefore, this type of access control is sometimes considered as a subset of MAC.

What is FSRM?

File Server Resouce Manager- creates quotas and file screens used with NTFS for access perms.

KEBEROS uses what?

which consists of two logically separate parts: an Authentication Server (AS) and a Ticket Granting Server (TGS). Kerberos works on the basis of "tickets" which serve to prove the identity of users.NTP

IPsec has two headers?

Yes. AH (Authentication header) and ESP (Encapsulating Security Payload)

Incremental Backups do what?

Back up files that were changed from last full backup or incremental backup.Quicker/less storage.

Differential backups do what?

Back up data that had been changed since the last full backup.More space/faster to recover.

Vulnerability scans are different from penetration by?

Vulnerability is done inside the org. Pen is not.

Is RAID5 or RAID1 fault-tolerant?

RAID5

RAID 1+0 can loose how many disks and still not loose data?

2 or more.

Data is encrypted with? (wireless)

TKIP and AES

What two protocols are used to create a VPN?

L2TP and PPTP

ISAKMP/Oakley is used for what?

Negotiation of encryption with IPsec. generates keys and authenticates user by using techniques such as certificates.

S/MIME uses what encryption?

RSA and Digital Certs. which are X.509

SSL uses what encryption?

a public key to encrypt data and uses TLS to guarantees privacy and integrity. Asymmetric Encryption

What does Digital Certs use?

X.509 by ITU

GPO store what?

The location where Group policy settings is stored.

What is NAC?

Network Access Control. It is a technology that examines a systems state and corrects any deficiency before it is allowed to access the network.

What is a reverse proxy?

A proxy that routes incoming requests to the correct server

What is an Authentication server?

A server who�s job it is to verify authentication of devices.

What is EAP?

Extensible Authentication Protocol considered and �envelope� to carry different kinds of exchange data used for authentication.

Asymmetric crypto is which?

Diffie-HellmansElGamalElliptical CurveRSA

What does TLS uses?

Diffie-Hellman

The ____ are the operating system settings that impose how the policy will be enforced.

Configuration baseline

Javascript resides in HTML?True False

True

One approach to substituting a fraudulent IP address is to target the external DNS server and is called ____.

DNS poisoning or DNS spoofing

____ specifies that before a networked device starts to send, it should first listen (called carrier sensing) to see if any other device is transmitting.

CSMA/CD

When TCP/IP was developed, the host table concept was expanded to a hierarchical name system known as the ____.

DNS

Each wireless device looks for beacon frames in a process known as ____.

scanning

DNS poisoning can be prevented by using the latest editions of the DNS software, ____.

BIND

Signed Java applets by default run in the sandbox and are restricted regarding what they can do.True False

True

____, also called add-ons, represent a specific way of implementing ActiveX and are sometimes called ActiveX applications.

ActiveX controls

____ can fully decode application-layer network protocols. Once these protocols are decoded, the different parts of the protocol can be analyzed for any suspicious behavior.

Protocol Analyzers

____ monitor Internet traffic and block access to preselected Web sites and files.

Proxy servers

At regular intervals a wireless AP sends a beacon frame to announce its presence and to provide the necessary information for devices that want to join the network. This process is known as ____.

beaconing

____ is the presentation of credentials or identification, typically performed when logging on to a system.

Identification

____ is the verification of the credentials to ensure that they are genuine and not fabricated.

Authentication

____ is the right to use specific resources.

Access

OpenID is completely centralized.True False

False

Because port numbers are 32 bits in length they can have a decimal value from 0 to 65,535. 16/16True False

trueTCP uses the notion of port numbers to identify sending and receiving application end-points on a host, or Internet sockets. Each side of a TCP connection has an associated 16-bit unsigned port number (0-65535) reserved by the sending or receiving application. Arriving TCP data packets are identified as belonging to a specific TCP connection by its sockets, that is, the combination of source host address, source port, destination host address, and destination port. This means that a server computer can provide several clients with several services simultaneously, as long as a client takes care of initiating any simultaneous connections to one destination port from different source ports.Port numbers are categorized into three basic categories: well-known, registered, and dynamic/private. The well-known ports are assigned by the Internet Assigned Numbers Authority (IANA) and are typically used by system-level or root processes. Well-known applications running as servers and passively listening for connections typically use these ports. Some examples include: FTP (21), SSH (22), TELNET (23), SMTP(25) and HTTP (80). Registered ports are typically used by end user applications as ephemeral source ports when contacting servers, but they can also identify named services that have been registered by a third party. Dynamic/private ports can also be used by end user applications, but are less commonly so. Dynamic/private ports do not contain any meaning outside of any particular TCP connection.

Determining vulnerabilities often depends upon the background and experience of the assessor.True False

true

Identifying vulnerabilities through a(n) ____ determines the current security weaknesses that could expose assets to threats.

vulnerability appraisal

____ provides support to IP in the form of ICMP messages that allow different types of communication to occur between IP devices.

ICMP

A(n) ____ port means that the host system does not reply to any inquiries to this port number.

blocked

A(n) ____ port indicates that no process is listening at this port.

closed

Several large Internet providers support SSO, but only for their own suite of services and applications.True False

True

____ time is the time it takes for a key to be pressed and then released.

Dwell

There are several types of OTPs. The most common type is a ____ OTP.

Time-syncronized

____ is granting permission for admittance.

Authorization

The ____ model can dynamically assign roles to subjects based on a set of rules defined by a custodian.

RuBac

The ____ model is considered a more �real world� approach than the other models to structuring access control.

RoBAC

Regarding access control, a(n) ____ is a user or a process functioning on behalf of the user who attempts to access an object.

operation

Generally a ____ is used to configure settings for systems that are not part of Active Directory.

Local group policy

Controlling wireless access of devices to the WLAN is accomplished by limiting a device�s access to the access point (AP).True False

True

The PRNG in WEP is based on the ____ cipher algorithm.

RC4

The plaintext to be transmitted has a cyclic redundancy check (CRC) value calculated, which is a checksum based on the contents of the text. WEP calls this the ____ and appends it to the end of the text.

Integrity Check Value (ICV)

Encryption under the WPA2 personal security model is accomplished by ____.

AES-CCMP

WPA also replaces the cyclic redundancy check (CRC) function in WEP with the ____.

MIC Message Integrity Check

Access points have a setting called �____,� which is what the PSK uses as a seed value to generate new keys.

Group Key Renewal

In order to address growing wireless security concerns, in October 2003 the Wi-Fi Alliance introduced ____.

WPA

Often the devices most vulnerable to attack are those that provide services to inside users.True False

False

____ switches are connected directly to the devices on the network.

Workgroup

____ are designed to inspect traffic, and based on their configuration or security policy, they can drop malicious traffic.

NIPS

Using ____, networks can essentially be divided into three parts: network, subnet, and host.

Classful addressing

Symmetric crypto uses?

RC(4,5,6)IDEACASTTwofishBLowfishDES,3des, AES (Rijndael) Stongest.

What is the bit-length of an Initialization Vector (IV)?

24 bytes

What does the PSK (Pre-shared Key) authenticate with?

A passphrase

What is identification?

The review of credentials.

What is Implicit deny?

If condition is not explicitly met, it is denied.

What is explicit deny?

Clearly denied

What is a mantrap?

A security device that monitors and controls two interlocking doors to a small room that separates a secure area.

You are the system administrator for your organization. You are responsible for access privilege for which of the following control systems?

Mandatory Access Control System administrator is responsible for access control in the MAC model. The owner of the organization will be responsible for DAC. The RBAC is dependent on the role played by the user in the organization.

While assigning access privilege using the DAC, which of the following will you be needing?

Access Control listThe information of mapping users to their permissions for resource access would be available in the ACL.

Which of the following statements relating to the MAC model is true? Choose two.

MAC uses static mapping or predefined access privileges MAC cannot allow dynamic sharing of resourcesMAC uses a static or predefined set of access privileges and hence cannot allow dynamic sharing of resources.

Certificates are best used in which of the following scenarios? Choose all that apply.

Accessing Web sitesIntranet loginLAN login will be secure if the network policies in the organization follow book rules. It will not require certificates. Certificates are best used during WAN access. For ex: when using web sites that require you to provide confidential information about yourself, or when you are logging in to the Intranet, from an unknown location. The Dial-up connection in itself does not require any authentication except with the service provider.

Which of the following does NOT happen during a CHAP authentication? Choose all that apply

The server issues password to any body requesting for it.The server requests for the passwordThe server expects a clear text password initially.Whenever a user requests login, the Server poses a challenge and then the user provides the requested password and then the server will decide based on the credentials if it should authorize the user or not. This is what is referred to as three-way handshake.

Which of the following is true about a token system? Choose all that apply.

A token is generated per every session of the user. A token contains user access permissions. A token is destroyed after the session is completed.A token is generated when a user has been successfully authenticated. This token is attached to the users' session and will be destroyed once the session is terminated or after the user has logged out. This token will contain user access permission assigned on the network resources for that user.

Which of the following are key components in the Kerberos system? Choose two.

Key Distribution CenterTicketThe Kerberos system requires a Key Distribution Center (KDC) which is responsible for authenticating any network user, Computer or Service. Depending on whether the authentication fails or succeeds the ticket will be granted to the end user, Computer or Service.

Which of the following does the Biometrics use to establish user identity? Choose two

Finger printRetinal scan

To allow access to a campus you would use Kerberos. T/F?True False

FalseTo allow access to a campus you would use smart cards.

Which of the following are an advantage and a disadvantage with clear text authentication?

Easy to implement and not secureClear text authentication is very simple and easy to implement and verify. But a network that has implemented clear text security is not very secure as it is very easy to decipher clear text passwords.

If you had to implement a foolproof method of establishing User ID in your organization, which of the following would you choose? Choose the best answer.

BiometricBiometric will authenticate or establish User ID depending on the physical attribute of the user. For ex: Finger print, hand scan or retina scan. Since these physical attributes are always physically attached to the person, there is no fear of any of these being lost or reaching wrong hands. Hence Biometric is the most secure form of authentication.

RADIUS is abbreviation for Remote Access Data Inspection User Service. T/F?True False

FalseRADIUS is abbreviation for Remote Access Dial In User Service.

If you were implementing an Enterprise network that require remote users connecting to the Intranet, which of the following services would be most important?

DHCPIt is imperative that remote users be assigned a separate block of IP addresses for the purpose of connecting to the company Intranet. This is inline with security for the network. This dynamic allocation will be possible only with the help of DHCP service.

Which of the following services when placed on the edge of the newtork, will provide security to the entire network?

Firewall

Which of the following is a Wireless LAN susceptible to?

Eavesdropping

Which of the following can be termed as the Denial of Service Attack?

Your Web server has gone into a loop trying to service a client request

You are planning on hosting an eCommerce Web server. You are intent on making the server secure against all external attacks possible. Which of the following would be the best way to test your server for its weaknesses? Choose the best answer

Simulate a DDoS attack on that server

When debugging an Operating system, a programmer would make use of a front door. T/F?

A programmer makes use of back doors in the program for the purpose of debugging or observing the performance of the program.

Which of the following protocols help to gain MAC address of a PC on the network?

Address Resolution Protocol (ARP) of the IP protocol suite is responsible for obtaining MAC address of the PC whose IP address is available for communication.

To transfer mails between email servers of different domains you would require POP3 service. T/F?

SMTP to transfer between different domains

Which of the following is the most popular protocol that is used in dial-up connections?

SLIP and PPP are the only two protocols that can be used for dial-up connections. SLIP is now obsolete. PPTP is a tunneling protocol and POP3 is used for mail retrieval.

Which of the following protocols could a VPN make use of? Choose two.

PPTP and L2TPA VPN tunnel requires tunneling protocols. L2TP (Layer 2 Tunneling Protocol) and PPTP (Point to Point Tunneling Protocol) are the only two relevant protocols that relate to VPN. HTTP and NNTP are services that are usually configured on a Web Server.

When a remote user is dialing-in to the network, which of the following servers would be challenging his request for authentication first?

In the mentioned scenario, the RADIUS server would be challenging the users request first, the rest of the servers on the network, would then verify with this RADIUS server at a later stage when they receive a request for resource access from this dial-in or remote user.

You are configuring a VPN whose tunnel passes through the public network. You are concerned for the security as your VPN may be connecting across the globe to several networks operating on different platforms. Which of the following would be ideal to secure your VPN? Choose the best answer.

IPsecSince the only protocol that supports cross platform communication is IP, the best way to implement security in this scenario would be through IPSec. PPTP is a tunneling protocol and does not relate to security. Kerberos is a LAN security protocol. Certificates can help in this scenario provided the access limitation is acceptable.

Which of the following would help with dedicated authentication to dial-in clients?

TACACS (Terminal Access Controller Access Control System), RADIUS are both dedicated authenticating services for dial in users. IAS (Internet Authentication Server) is not ideally meant for this purpose.

L2TP can work over which of the following networks? Choose all appropriate answers.

L2TP (Layer 2 Tunneling Protocol) was created by Cisco as well as Microsoft. It is meant to function over IP, IPX and SNA networks (IBM System Network Architecture)

Which of the following will be compulsory tasks to run on Web servers of your network? Choose two.

There are web sites that keep updating vulnerability information for different platforms. It is ideal to constantly browse these sites and keep checking if it applicable for the platform and applications housed in your web server. Another mandatory task is to update virus definition files regularly.

Which of the following virus types can be transmitted via email? Choose two most common types that apply.

Trojan and Worms

When configuring antivirus for email, which of the following configurations must be applied? Choose two.

Scan before downloading will ensure the message that is infected will be deleted before actually downloading to the hard disk. Scan before sending will ensure that you are not inadvertently transmitting a virus along with the message tot the destination email Id.

Which of the following port numbers is used by SMTP?

SMTP service uses port number 25.

Which of the following statements about an email server is/are true? Choose only answer(s) that apply

Before transmitting any email, the mail server is bound to verify the domain in the destination address of the email to see if it the domain name is self or not before it actually sends the mail out. Before receiving any email its primary security function is to ensure that the email is not infected. In case of the email being infected it is supposed to be discarded.

Which of the following statements regarding Infrared communication is true? Choose three.

Infrared and Radio frequency are two different communication media. The Infrared communication requires line of sight. If the device that intends interception is placed in the line of sight as the main devices then interception will be very easy. This mode of communication is least secure.

To which layer do the following communicating devices belong? Switch, Ethernet Card.

L2

Which of the following communications use the 2.4 GHz frequency? Choose three.

Microwave, Cordless Phone and WLAN g&b

If you wish to block FTP access to your Web server, which of the following Firewall types should you consider?

Packet Filtering Firewall.Stateful inspection is a type of filtering used when complex security is required and header information of packets will have to be read to perform filtering. In the above mentioned scenario, you just need filtering based on port numbers. This type of filtering is done in packet filtering firewall types. Port filtering is a function and not a firewall type. Application filtering is irrelevant.

Which of the following are capable of functioning as a Firewall? Choose two

Proxy and RouterProxy service as well as the Router is both capable of Network Address translation (NAT) which is the basic function of a firewall.

Which of the following about the Stateful inspection firewall is true? Choose two.

The Stateful inspection firewall, monitors connection status based on the state table. It functions on the network layer and monitors connection status for the entire network.

Stateful inspection firewall will operate on all the 7 layers of the OSI reference model. T/F?True False

False

Which of the following will relates to how the external world can access the internal network resources?

Access PolicyThe access policy or the Service access policy will dictate to what extend the external users can access internal network resources or which of the internal resources will be totally inaccessible to the outside world.

Which of the following firewall policies is most restrictive?

Deny All

When faced with an outgoing packet, which of the following header components would a firewall look at first?

Destination Address

If you have implemented a DHCP in your network and you would wish to secure this service so that no external user will be able to become a DHCP client, which of the following would you ensure?

Blocking port numbers 67 and 68 on the external interface of the firewall for incoming connections will ensure that no external user will be able to access the internal DHCP service.

What ports are used for DHCP?

67 and 68

If you wish to allow the external users access your Web server you must block port number 110. T/F?

Port 80If you wish to allow the external users access your Web server you must unblock port number 80.

Which of the following can secure your internal server best, against external attacks? Choose all that apply.

The best way to preserve an internal server from external attacks is to make sure there are no unnecessary services running on the server, no unused user names are existing in the user database, all vulnerabilities are being verified and monitored at required intervals.

Which of the following is true about providing security to database servers? Choose two.

It is always safe that you host a database server on a server resource internal to the network rather than on the same server as your Web server. A three-tier model ensures security to your database server as the database server cannot be directly accessed in this model. Centralized or distributed administration will not be a security concern here.

To prevent internal Web servers from being accessed you must block TCP port 20. T/F?True False

False Port 443 and 20

Authorized update is one way of securing DNS serer. T/F?True False

TrueAuthorizing the sender of the update and then checking for verification purpose is one way of securing the DNS server database and service availability.

Does NTFS provide file system security?

Yes.It uses EFS (Encrypting file system)

Which of the following statements about the SHA (Security Hash Algorithm) are true? Choose two.

Current version is SHA-1 and it is used with encrypting protocols.

Which of the following are encryption systems? Choose two.

RC5 (Ron�s Code) and Blowfish

Which of the following is true about Public/Private key pairs? Choose two.

They form an essential part of Web site security system, as it is the most convenient security system for Web sites considering that clients would be accessing the Web site over the public network. The Certificate security system uses the basic logic of Public/Private key pairs.

RSA is the encryption system used in cellular devices. T/F?

ECC is used in cellphones

What is the requirement for cryptography? Choose two.

Network resource access will have to be controlled through access permissions. Server access will have to be controlled through physical security to the server. Unauthorized access prevention of stored information or information being transmitted is the role of cryptography.

Which of the following is responsible for key issues relating to security of inter-bank communications?

ABA

Which of the following will be required to perform Cryptanalysis? Choose three.

Mathematical ToolsAnalytic ReasoningPattern Finding Cryptanalysis is a process of studying the pattern of secure communication and breaking it. It involves complex combination such as patience and determination combined with skills of pattern finding, mathematical tools and analytical reasoning.

In symmetric-key encryption, one key will be used for encryption and another will be used for decryption to provide maximum security. T/F?

In symmetric-key encryption, one key will be used for encryption as well as decryption.FALSE

Which of the following is an advantage of using conventional encryption?

Its very fast

The concept of public key cryptography was introduced by Diffie-Hellman. T/F?True False

TrueThe issues with key distribution faced by conventional encryption, was overcome by the Public-key cryptography concepts introduced by Diffie-Hellman.

Which of the following statements about Public Key Cryptography are true? Choose two.

You do not need an existing security setup Public key can only encrypt and private key can only decrypt

A digital signature is synonymous to which of the following?

Handwritten signature

Which of the following are the two key-based algorithms?

Symmetric and Asymmetric There are two types of key-based algorithms. Depending on the key pair types they use, they can be categorized as symmetric or asymmetric algorithms.

Which of the following types of cryptography is possible? Choose two.

Cryptography with keys Cryptography without keys

Cryptography without keys is more secure than cryptography with keys. T/F?True False

FalseCryptography without keys is not at all secure as the deciphering program will reside on the same media where the data or message is being received. In case of thest, the data can be stolen along with the deciphering program.

Which of the following is required by the cipher when it is important to maintain a message as a secret?

To keep a message a secret it is required that the cipher must be able to generate several cipher text.

Which of the following is the most common attack faced by the DES algorithm?

Brute force

Differential cryptanalysis is nothing but pattern studying. T/F?True False

True

Which of the following is provided by IDEA? Choose two.

IDEA provides high level of security along with ease of implementation.

Which of the following best describes Ron?s Code 2?

code 2 is a 64-bit block cipher. It was devised by Ron Rivest.

The block size in RC5 can range from 0 to 255. Y/N?

Nohe block size in RC5 can be 32-bit, 64-bit or 128-bit

Which of the following statements are true about the way data classification can be made? Choose two

It may be adhoc or informal The strategy usually involves a scheme that splits into different levels

Which of the following will allow you to take stock of sensitive data in the organization?

By auditing all servers in the network for stored data, you can classify data as sensitive or non-sensitive. Auditing is the best process of taking stock of sensitive data in the network.

In case of fire, which o the following needs to be programmed to be put off instantly?

Electric Supply

Which of the following is an ideal location for storing the backup?

Any off site location is good. Within the vicinity of the site will ensure that data backup is safe in case of fire and is also available at short notice when required to restore. In general, Budget and security concerns should dictate distance, as far away location will protect against natural disasters that may effect the city/neighbrohood.

Which of the following backup is most time consuming to restore during a server crash?

Incremental

Which of the following processes will allow you to ascertain organizational assets?

Auditing Auditing is an accounting process where in the organization assets and deficits will be accounted for.

Which of the following is necessary when analyzing threats?

View the data in the history to analyze the pattern and frequency of an occurrence

Which of the following is an essential configuration for email messages?

Content specific action will ensure that you can discard the mail that is containing sensitive or prohibited data.

It is ideal that a network supports a specific encryption standard only. T/F?True False

FalseSupporting only a specific encryption standard will make that network a closed network and will make it impossible to communicate with networks that follow flexibility in encryption.

It is ideal for any organization to employ an encryption scheme that can address its entire organizations? data security either stores or transmitted. T/F?True False

False

Creating a basic standard for application settings, security settings, and active services on every company laptop would be considered...

a security template

All of the following are correct about LDAP EXCEPT:

. all attributes will be encrypted

Which of the following is a key reason for using virtual machines in a test lab where attackers or malware may compromise a machine?

Easier to restore the system to the original state

Which of the following is more of an irritation than a security threat?

Adware

Least privilege is defined as giving access to information:

needed to complete the task

Which of the following describes a piece of malicious code that is activated when specified conditions are met?

Logic Bomb

An administrator wishes to enable network auditing policies. Which of the following should the security administrator log?

Logon Success and Failures

From a security perspective a performance baseline is MOST useful for

detecting performance anomalies that may be due to security breaches

A company creates its own application that accesses the company databases and requires a unique login, based on the user�s domain account. The developer has an undocumented login for testing that does not need to be authenticated against the domain. Which of the following is a security issue regarding this scenario?

It can be used as a backdoor into the company�s databases

In order to perform a TCP hijacking attack, an attacker would be required to:

know the IP addresses of both hosts and sequence numbers of the TCP/IP packets

Port 20, 21

FTP

Port 22

SSH/SCP

Port 23

Telnet

Port 25

SMTP mail

Port 43

WHOIS

Port 49

TACACS

Port 53

DNS

Ports 67-68

DHCP/BOOTP

Port 69

TFTP

Port 79

Finger

Port 80

HTTP

Port 88

KEBEROS

Port 102

MS Exchange

Port 110

POP3

Port 119

NNTP

Port 123

Network Time Protocol

Port 137-139

NetBIOS

Port 143

IMAP4

Port 161-162

SNMP management

Port 201

AppleTalk

Port 389

LDAP

Port 411-412

PEER-TO-PEER comm.

Port 443

HTTP over SSL

Port 445

MS DS (Directory Service)

Port 464

KEBEROS

Port 465

SMTP over SSL

Port 500

ISAKMP

Port 514

syslog

Port 546-547

DHCPv6

Port 563

NNTP over SSL

Port 587

SMTP

Port 636

LDAP over SSL

Port 691

MS Exchange

Port 860

iSCSI

Port 989-990

FTP over SSL

Port 993

IMAP4 over SSL

Port 995

POP3 over SSL

Port 1241

NESSUS - Vulnerability Scanner

Port 1701

L2TP

Port 1723

MS PPTP

Port 1725

PPTP

Port 1812-1813

RADIUS

Port 2049

NFS

Port 3124

HTTP Proxy