An HTTP proxy
caches information from a web server for a set amount of time. This way an organization can save bandwidth, and the users can get their web pages quicker.
anomaly-based IDS
You have been alerted to suspicious traffic without a specific signature. Under further investigation, you determine that the alert was a false indicator. Furthermore, the same alert has arrived at your workstation several times.
deny TCP any any port 53
This rule will apply to any computer's IP address initiating zone transfers on the inbound and outbound sides.
Load balancing
Which of the following provides for the best application availability and can be easily expanded as an organization's demand grows?
application-proxy firewall
inspects data at layer 7 of the OSI model. These types of firewalls are also known as application-level gateways, or ALGs. They apply security mechanisms to applications such as FTP.
Deploy a honeypot on the perimeter of the network.
You need to gather information about a network attacker but you want to prevent the attacker from knowing that their attempt has been detected.
SYN attack
What kind of attack would a flood guard protect a network from?
Proxy server
Which of the following should a security administrator implement to limit web-based traffic that is based on the country of origin?
Implicit deny
Which of the following is likely to be the last rule contained within the ACLs of a firewall?
The NIPS is blocking web activity from those specific websites.
Tom is getting reports from several users that they are unable to download specific items from particular websites, although they can access other pages of those websites. Also, they can download information from other websites just fine. Tom's IDS is als
MAC flooding
What activity will most likely enable an attacker to force a switch to function like a hub?
Use of a device as it was intended
A coworker has installed an SMTP server on your organization's database server. What security principle does this violate?
802.1X
What protocol permits or denies access to resources through the use of ports?
VLAN
What technology was originally designed to decrease broadcast traffic and reduce the likelihood of having information compromised by network sniffers?
RADIUS
authenticates users to a network and is sometimes used with a VPN.
Banner grabbing
a technique used to find out information about web servers, FTP servers, and mail servers.
Router
What device would most likely have a DMZ interface?
DMZ
What should be placed between the LAN and the Internet?
VLAN
You have been tasked with segmenting internal traffic between layer 2 devices on the LAN. What network design elements would most likely be used?
Update the Voice over IP system.
What is the best way to protect a Voice over IP PBX from man-in-the-middle attacks?
NAC, network access control,
makes security checks of the users or the actual connections that are made before sessions are initiated. It can also remediate issues automatically if configured properly.
127.0.0.1
is the IPv4 loopback address.
DNS servers
are the only types of servers listed that do zone transfers. The purpose of accessing the zone file is to find out what hosts are on the network.
FTPS
What is the best way to utilize FTP sessions securely?
Rdp
Which of the following protocols are you observing in the packet capture below?
16:42:01 - SRC 192.168.1.5:3389 - DST 10.254.254.57:8080 - SYN/ACK
IPsec authentication headers
The authentication information is a keyed hash based on all the bytes in the packet.
Network
Which layer of the OSI model does IPsec operate at?
SNMPv3
You have been tasked with providing daily network usage reports of layer 3 devices without compromising any data during the information gathering process. What technology should you select in this scenario?
Crosstalk
what is the most common problem associated with UTP cable?
Power levels
You are tasked with implementing an access point to gain more wireless coverage area. What should you look at first?
TKIP and AES
What encryption algorithms are supported by the IEEE 802.11i standard?
L2TP
Which of the following protocols creates an unencrypted tunnel?
MSCHAPv2
When authenticating with PEAP, what is used to provide mutual authentication between peer computers?
The computer is missing the authentication agent.
A computer that is connected to an NAC-enabled network is not asked for the proper NAC credentials. What is a possible reason for this?
A two-factor authentication scheme and security awareness training
You are in charge of decreasing the chance of social engineering. What should you implement?
To determine the impact of a threat against your network
What is the best reason to perform a penetration test?
Mandatory vacations
Your boss speculates that an employee in a sensitive position is committing fraud. What is the best way to identify if this is true?
Rootkit
You are the security administrator for your organization and have just completed a routine server audit. You did not notice any abnormal activity. However, another network security analyst finds connections to unauthorized ports from outside the organizat
Change management
One of the developers for your company asks you what he should do before making a change to the code of a program's authentication. What processes should you instruct him to follow?
SNMP
You need to protect passwords. What protocols is not recommended because it can supply passwords over the network?
External security testing is conducted from outside the organization's security perimeter.
What descriptions is true concerning external security testing?
Developers copying data from production to test environments with USB sticks
What is most likely to result in data loss?
Change management strategy
To prevent ad hoc configuration issues on your wireless network, what method should you implement?
Class C extinguisher
If a fire occurs in the server room, which device is the best method to put it out?
Biometrics
What is not a logical method of access control?
Shielding
What environmental controls is part of the TEMPEST standards?
CCTV
What is a detective security control?
Class D
Which of the following fire extinguishers should be used to put out magnesium- or titanium-based metal fires?
RAID
One of your database servers is mission-critical. You cannot afford any downtime. What is the best item to implement to ensure minimal downtime of the server and ensure fault tolerance of the data stored on the database server?
The web server is showing a drop in CPU speed and hard disk speed.
Michael has just completed monitoring and analyzing a web server.What indicates that the server might have been compromised?
Software RAID 1 and Hardware RAID 5
Robert has been asked to make sure that a server is highly available. He must ensure that hard drive failure will not affect the server. What methods allows for this?
True clustering
when multiple computers' resources are used together to create a faster, more efficient system; it often uses load balancing to accomplish this. However, true clustering does not necessarily allow for fault tolerance of data.
Incremental
What backup types, describes the backup of files that have changed since the last full or incremental backup?
RAID
You have been tasked with increasing the level of server fault tolerance. What should you implement to ensure that servers' data can withstand hardware failure?
Back up data to removable media and store a copy offsite.
You are in charge of your organization's backup plan. You need to make sure that the data backups are available in case of a disaster. However, you need to keep the plan as inexpensive as possible. What solutions should you implement?
Grandfather-father-son
What tape backup methods enables daily backups, weekly full backups, and monthly full backups?
Clustering
What reduces the chances of a single point of failure on a server when it fails?
Worm
Dan is a network administrator. One day he notices that his DHCP server is flooded with information. He analyzes it and finds that the information is coming from more than 50 computers on the network. What is the most likely reason?
Trojan
A thumb drive has been used to compromise systems and enable unauthorized access. What kind of malware was most likely installed to the thumb drive?
The computer is part of a botnet.
You are surprised to notice that a co-worker's computer is communicating with an unknown IRC server and is scanning other systems on the network. None of this was scheduled by anyone in your organization, and the user appears to be unknowing of what is tr
Rootkit
You investigate an executive's laptop and find a system-level kernel module that is modifying the operating system's functions. What is this an example of?
Removal of PII data
What threats has the highest probability of being increased by the availability of devices such as USB flash drives on your network?
A Fraggle attack
is a type of DoS attack that sends large amounts of UDP traffic to ports 7 and 19. This is similar to the Smurf attack.
Teardrop DoS attacks
send many IP fragments with oversized payloads to a target.
IP spoofing
when an attacker sends IP packets with a forged source IP address.
The replay attack
when valid data transmissions are maliciously repeated or delayed.
Kiting
What enables a hacker to float a domain registration for a maximum of five days?
Single point of failure
Michael's company has a single web server that is connected to three other distribution servers. What is the greatest risk involved in this scenario?
Flattery and dumpster diving
In addition to bribery and forgery, What are the most common techniques that attackers use to socially engineer people?
Overhearing parts of a conversation
What would be an example of eavesdropping?
Tracking cookie
What is often misused by spyware to collect and report a user's activities?
The new access point was not properly configured and is interfering with another access point.
One of the users in your organization informs you that her 802.11n network adapter is connecting and disconnecting to and from an access point that was recently installed. The user has Bluetooth enabled on the laptop. A neighboring company had its wireles
WPA2-Enterprise
You are configuring an 802.11n wireless network. You need to have the best combination of encryption and authorization. What options should you select?
NOP instructions.
What would you most likely find in a buffer overflow attack?
Forward each computer to a different RDP port.
Jennifer has been tasked with configuring multiple computers on the WLAN to use RDP on the same wireless router. What might be necessary to implement?
Java applets need to have virtual machine web browser support.
What characterizations best suits the term Java applet?
Disable unauthorized ActiveX controls.
You have been asked by an organization to help correct problems with users unknowingly downloading malicious code from websites. What should you do to fix this problem?
Which option enables you to hide ntldr?
Enable Hide Protected Operating System Files
Separation of duties
You have been hired by an organization to design the security for its banking software. You need to implement a system where tasks involving the transfer of money require action by more than one user. Activities should be logged and audited often. What ac
NTFS
A customer's computer uses FAT16 as its file system. What file system can you upgrade it to when using the convert command?
NIDS
What will identify a Smurf attack?
Network and Sharing Center
Where would you turn off file sharing in Windows 7?
Application log
What is not a record of the tracked actions of users?
Copy the log files to a server in a remote location.
What is the best practice to secure log files?
Baseline reporting
A security assessment of an existing application has never been made.What is the best assessment technique to use to identify an application's security posture?
Performance Monitor
You have established a baseline for your server. What is the best tool to use to monitor any changes to that baseline?
Security Log
You are setting up auditing on a Windows computer. If set up properly, which log should have entries?
Identification and authentication
What security actions should be completed before a user is given access to the network?
Signature-based IDS
Your manager wants you to implement a type of intrusion detection system (IDS) that can be matched to certain types of traffic patterns. What kind of IDS is this?
Honeypot
You have implemented a technology that enables you to review logs from computers located on the DMZ. The information gathered is used to find out about new malware attacks. What have you implemented?
When testing to identify known potential security risks inherent to your design
When is it appropriate to use vulnerability scanners to identify any potential holes in your security design?
Vulnerability scan
You have received several reports from users of corrupted data. You patched the affected systems but are still getting reports of corrupted data. What methods should you use to help identify the problem?
Fingerprint" of the operating system
What can hackers accomplish using malicious port scanning?
To find open ports on a server
Why would a security administrator use a vulnerability scanner?
Vulnerability scanning
What is a passive attempt at identifying weaknesses?
Risk elimination
In What ways can risk not be managed?
Gray box
You have been tasked with running a penetration test on a server. You have been given limited knowledge about the inner workings of the server. What kind of test will you be performing?
Risk assessment
You are implementing a new enterprise database server. After you evaluate the product with various vulnerability scans you determine that the product is not a threat in of itself but it has the potential to introduce new vulnerabilities to your network. W
Organize data based on severity and asset value
What is the best action to take when you conduct a corporate vulnerability assessment?
Perform a vulnerability assessment.
What is the best way for a person to find out what security holes exist on the network?
Patch management
What is one example of verifying new software changes on a test system?
Fuzzing
An attacker has identified and exploited several vulnerabilities in a closed-source application that your organization has developed. What did the attacker implement?
TPM
You are tasked with implementing a solution that encrypts the CEO's laptop. However, you are not allowed to purchase additional hardware or software. What solutions should you implement?
HIDS
What is not considered to be an inline device?
System State
What needs to be backed up on a domain controller to recover Active Directory?
To segregate network services and roles
What is a security reason to implement virtualization in your network?
Install pop-up blockers
You are the security administrator for a multimedia development company. Users are constantly searching the Internet for media, information, graphics, and so on. You receive complaints from several users about unwanted windows appearing on their displays.
SPA
Which protocol can be used to secure the e-mail login from an Outlook client using POP3 and SMTP?
Install a pop-up blocker.
What is the most effective way of preventing adware?
Gray-box
Your organization's servers and applications are being audited. One of the external IT auditors tests an application as an authenticated user. What testing methods is being used?
Turn off.
The server room is on fire. What should the HVAC system do?
HSM
Which device is used to encrypt the authentication process?
Implicit deny
What will stop network traffic when the traffic is not identified in the firewall ruleset?
TACACS+ separates authentication, authorization, and auditing capabilities.
What best describes the difference between RADIUS and TACACS+?
Kerberos
What network authentication protocols uses symmetric key cryptography, stores a shared key for each network resource, and uses a Key Distribution Center (KDC)?
Kerberos
Users on your network are identified with tickets. What systems is being used?
MS-CHAPv1 is capable of mutual authentication of the client and server.
What about authentication is false?
TACACS+
When attempting to grant access to remote users, which protocol uses separate, multiple-challenge responses for each of the authentication, authorization, and audit processes?
RADIUS
You are tasked with setting up a wireless network that uses 802.1X for authentication. You set up the wireless network using WPA2 and CCMP; however, you don't want to use a PSK for authentication. What options would support 802.1X authentication?
CAC (common access card)
What is a type of photo ID that is used by government officials to gain access to secure locations?
Kerberos
uses a KDC (Key Distribution Center) to centralize the distribution of certificate keys and keep a list of revoked keys.
Time-based OTP (TOTP)
extends OTP by supporting a time-based moving factor that must be changed each time a new password is generated.
HMAC-based OTP (HOTP),
uses one-time passwords (OTP).
Identification
In What phases of identification and authentication does proofing occur?
TACACS+ because it encrypts client-server negotiation dialogues.
In a secure environment, What authentication mechanism performs better TACACS+ or RADIUS?
RADIUS
is a client-server system that provides authentication, authorization, and accounting services.
CHAP
is more secure than PAP because it encrypts usernames and passwords.
PAP
is insecure because usernames and passwords are sent as clear text.
MS-CHAPv1
is not capable of mutual authentication of the client and server.
TACACS+
What is an authentication and accounting service that uses TCP as its transport mechanism when connecting to routers and switches?
Kerberos
authenticates only, and can use TCP and UDP.
RADIUS
performs authentication and accounting but uses UDP as the transport mechanism.
A captive portal
redirects people in an effort to authenticate them. It will often do this within a web browser, and might use TCP (HTTPS), but does not perform accounting services.
Rule-based access control
What access control methods uses rules to govern whether object access will be allowed?
Labels
When using the mandatory access control model, what component is needed?
TRUE
Mandatory access control users cannot share resources dynamically.
CHAP(Challenge Handshake Authentication Protocol)
Which authentication method completes the following in order: logon request, encrypts value response, server, challenge, compare encrypts results, and authorize or fail referred to?
Discretionary access control
What can restrict access to resources according to the identity of the user?
Kerberos
You are in charge of training a group of technicians on the authentication method their organization uses. The organization currently runs an Active Directory infrastructure. What best correlates to the host authentication protocol used within that organi
Access control lists
What would you use to control the traffic that is allowed in or out of a network?
Role-based access control
You have been commissioned by a customer to implement a network access control model that limits remote users' network usage to normal business hours only. You create one policy that applies to all the remote users. What access control model are you imple
Mandatory access control
What access control models, uses object labels?
Role-based access control (RBAC)
In an environment where administrators, the accounting department, and the marketing department all have different levels of access, What access control models is being used?
Bell-La Padula
is a state machine model used for enforcing access control in government applications. It is a less-common, multilevel security derivative of mandatory access control. This model focuses on data confidentiality and controlled access to classified informat
The Biba Integrity Model
describes rules for the protection of data integrity.
Clark-Wilson
is another integrity model that provides a foundation for specifying and analyzing an integrity policy for a computing system.
Mandatory access control
has two common implementations: rule-based access control and lattice-based access control.
Lattice-based access control
used for more complex determinations of object access by subjects; this is done with advanced mathematics that creates sets of objects and subjects and defines how the two interact.
Role-based access control
You have been commissioned by a customer to implement a network access control model that limits remote users' network usage to normal business hours only. You create one policy that applies to all the remote users. What access control model are you imple
Role-based access control (RBAC)
works with sets of permissions; each set of permissions constitutes a role. Users are assigned to roles to gain access to resources. Examples of user groups that are assigned to roles include remote users, extranet users, guests, and so on.
User rights
Ann has been asked by her boss to periodically ensure that a domain controller/DNS server maintains the proper security configuration. What should she review?
Password complexity requirements
Which security measure should be included when implementing access control?
Mandatory access control
A security administrator implements access controls based on the security classification of the data and need-to-know information. What would best describe this level of access control?
Encrypt, sign, decrypt, and verify
What is the proper order of functions for asymmetric keys?
Non-repudiation
What is not one of the steps of the incident response process?
Decentralized
Rick has a local computer that uses software to generate and store key pairs. What type of PKI implementation is this?
512
An SHA algorithm will have how many bits?
RC4
WEP improperly uses an encryption protocol and because of this is considered to be insecure. What encryption protocol does it use?
AES
When encrypting credit card data, which would be the most secure algorithm with the least CPU utilization?
A cipher can be reversed; a hash cannot.
What statement correctly describes the difference between a secure cipher and a secure hash?
Symmetric scheme
What is used by PGP to encrypt the session key before it is sent?
To decrypt the hash of a digital signature
What might a public key be used to accomplish?
LANMAN
You scan a computer for weak passwords and discover that you can figure out the password by cracking the first seven characters and then cracking the second part of the password separately. What type of hash is being used on the computer?
Ipsec
What is usually used with L2TP?
RSA
What algorithms is used by the protocol TLS to establish a session key?
MD5
Your organization has a policy that states that user passwords must be at least 16 characters. Your computers use NTLM2 authentication for clients. What hash algorithms will be used for password authentication?
PGP
What technologies uses a PSK?
AES
What protocols does the 802.11i standard support?
AES
What algorithms adhere to the requirement of 128 bits?
Public key
For a user to obtain a certificate from a certificate authority, the user must present two items. The first is proof of identity. What is the second?
Private key
Your boss wants you to set up an authentication scheme in which employees will use smart cards to log in to the company network. What kind of key should be used to accomplish this?
L2TP
What is used to implement an unencrypted tunnel between two networks?
Private key
In a public key infrastructure setup, What should be used to encrypt the signature of an e-mail?
RA
a registration authority is used to verify requests for certificates from a certificate authority or multiple certificate authorities. In this scenario, your organization and a sister organization use multiple certificate authorities (CAs). Which componen
One-to-one mapping and many-to-one mapping
What are certificate-based authentication mapping schemes?
Owner's symmetric key
What does not apply to an X.509 certificate?
http://www.tech-faq.com/wp-content/uploads/2009/01/osimodel.png
OSI model
...
Cable types (cat5, sheilded, unshielded
3389
remote access port
Port 53
port used by DNS,
port 161
port used by SNMP, and
port 22
port used by SSH (SCP).
49
port used by TACACS+,
135
port used by RPC ,
25
port used by SMTP
119
port used by NNTP.
161
port used by SNMP.
1433
port used by Mssql ,
19,
port used by CHARGEN, the character generator . It is commonly used by a Fraggle attack.
7
port used by Echo
23
port used by Telnet
25
port used by SMTP
110
port used by pop3
636
Which port number does the protocol LDAP use when it is secured?
88
port used by Kerberos
Port-based Network Access Control
PNA
PaaS
- platform as a service - operating systems
IaaS
- infrastructure as a service - provider clouds
SaaS
- software as a service
Routers
operate at layer 3.
ICMP
is the Internet Control Message Protocol, which is used by ping and other commands.
Zone transfer
one of the many mechanisms available for administrators to replicate DNS databases across a set of DNS servers.
Zone file
a text file that describes a DNS zone. A DNS zone is a subset, often a single domain, of the hierarchical domain name structure of the DNS.
(Access Request Object)
ARO
SLE (Single Loss Expectancy)
he monetary value expected from the occurrence of a risk on an asset.
(Annual Loss Expectancy)
ALE
(Service Level Agreement)
SLA
(Business Process Automation)
BPA
Disaster Recovery Plan
DRP
MOU (memorandum of understanding)
prevents misunderstandings and disputes by clarifying the expectations of the partners
DLP
- data loss prevention
GLB(Graham Leach Bliley)
a federal law enacted in the United States to control the ways that financial institutions deal with the private information of individuals.
Bollards
- short vertical posts
Vishing
the act of using the telephone in an attempt to scam the user into surrendering private information that will be used for identity theft.
Whaling
type of spear phishing that targets senior executives such as CFOs
Raid 0
- disk striping with no parity bit
Raid 1
- disk mirroring
Raid 2
stripes data at the bit (rather than block) level, and uses a Hamming code forerror correction.
Raid 3
byte-level striping with a dedicatedparity disk. One of the characteristics of RAID 3 is that it generally cannot service multiple requests simultaneously
Raid 4
block-level striping with a dedicated paritydisk.
Raid 5
block-level striping with distributed parity. Unlike in RAID 4, parity information is distributed among the drives.
Raid 6
extends RAID 5 by adding another parity block; thus, it uses block-level striping with two parity blocks distributed across all member disks.
Mean time between failure
MTBF
RPO
- a business goal for system restoration and acceptable data loss?
Mean Time to Recovery
MTTR
Polymorphic virus
a complicated computer virus that affects data types and functions. It is a self-encrypted virus designed to avoid detection by a scanner. Upon infection, the polymorphic virusduplicates itself by creating usable, albeit slightly modified, copies of itsel
Watering Hole attack
a computer attack strategy, in which the victim is a particular group (organization, industry, or region).
Phage virus
A computer virus that rewrites the executable file it targets rather than attaching itself to the file and running along with it.
Dictionary attack
A method of guessing passwords by using combination of known phrases and words
HSM
-Which device is used to encrypt the authentication process?
RADIUS
is RADIUS or TACACS+ used to provide centralized administration of dial-up VPN and wireless authentication.
DAC
is the discretionary access control method.
RC4, Rijndael, 3DES
- symmetric encryption algorithms
ECC
- asymmetric encryption algorithm
SHA-2
hashing algorithm with blocks of 512 bits.
SHA-1
is 160-bit hash.
MD5
Hash that is 128-bit; 1024-bit keys are common in asymmetric encryption.
DES (Data Encryption Standard)
was developed in the 1970s; 56-bit key. Considered weak
Private networks can use IP addresses anywhere in the following ranges: 192.168.0.0 - 192.168.255.255 (65,536 IP addresses) 172.16.0.0 - 172.31.255.255 (1,048,576 IP addresses) 10.0.0.0 - 10.255.255.255 (16,777,216 IP addresses)
Private IPv4 space
Uses subnet mask 255.0.0.0 with first octet 1-126
Class A space
Uses subnet mask 255.255.0.0 with first octet 128-191
Class B space
Uses subnet mask 255.255.255.0 with first octet 192-223
Class C space