HIM 370 Week 8 Final Exam,100% CORRECT

Document Content and Description Below

Question 1.1. (TCO 1) An attack characterized by an explicit attempt by attackers to prevent legitimate users from accessing a system is called (Points : 5) denial of service. social e ... ngineering. spoofing. war-dialing. Question 2.2. (TCO 1) Which attack relies on broadcast packets to cause a network to actually flood itself with ICMP packets? (Points : 5) ICMP flood SYN flood Tribal flood Smurf attack Question 3.3. (TCO 2) Once a circuit level gateway verifies the user’s logon, it creates a virtual circuit between (Points : 5) the external server and the proxy server. the internal client and the proxy server. the internal client and the external server. the external server and the firewall. Question 4.4. (TCO 2) Which firewall denies or permits access based in part on data determined from previous packets in the conversation? (Points : 5) Application gateway Circuit level gateway Packet filter Stateful packet inspection Question 5.5. (TCO 3) Which is a robust commercial software firewall solution for Linux operating systems? (Points : 5) McAfee Personal Firewall SonicWALL Symantec Norton Firewall Wolverine Question 6.6. (TCO 3) Which is nottrue about enterprise networks and firewall solutions? (Points : 5) They are likely to contain several different operating systems. They are likely to be supported by multiple network administrators. They are usually easier to manage and secure. They are usually made up of several interconnected networks. Question 7.7. (TCO 4) Which is not a function of an intrusion-detection system? (Points : 5) Inspect all inbound and outbound port activity. Look for patterns in port activity. Infiltrate the illicit system to acquire information. Notify the system administrator of suspicious activity. Question 8.8. (TCO 4) Which intrusion detection strategy monitors and compares activity against preset acceptable levels? (Points : 5) Application monitoring Infiltration monitoring Resource profiling Threshold monitoring Question 9.9. (TCO 5) Which type of encrypted communication is most common today? (Points : 5) Computer and Internet communications Radio communications Telephone conversations Written documents Question 10.10. (TCO 5) Which is true about public key encryption? (Points : 5) It uses symmetric keys. It uses two different keys. Both keys must be closely protected to avoid hacking. It is based on the PGP protocol. Question 11.11. (TCO 6) What is a virtual private network? (Points : 5) A method for remote users to connect to a network via a leased line A method for Internet users to connect to a network via a dedicated line A method for users at other sites to connect to a private network via the Internet A method for a remote office to connect to a private network via a leased line Question 12.12. (TCO 6) What two types of tunneling are supported by PPTP? (Points : 5) Compulsory and voluntary Encapsulated and nonencapsulated Mandatory and optional Point-to-point and Layer 2 Question 13.13. (TCO 7) Which is the most widespread danger to a computer connected to the Internet? (Points : 5) Denial of service attacks Password attacks Session hacking Viruses and worms Question 14.14. (TCO 7) NetBus, Back Orifice, and most similar Trojan horses are removed from an infected computer system by (Points : 5) editing the registry. installing a personal firewall. scanning the system with an antivirus scanner. scanning the system with anti-spyware software. Question 15.15. (TCO 8) Why do some Windows system administrators recommend leaving the default administrator account enabled but moving it from the administrator’s group and greatly restricting privileges? (Points : 5) There must be an administrator account for Windows to work properly. The administrator account cannot be deleted, but reducing privileges reduces security risks from hackers. Reducing privileges reduces security risks from hackers, but leaving the account enabled provides a better chance to track hacker activities. Privileges on the default administrator account cannot be changed because it is the default administrator account. Question 16.16. (TCO 8) Why are the default Windows account lockout policies considered unsecure? (Points : 5) They permit hackers to access unencrypted password files. They permit an infinite number of log-in attempts. They permit access by selecting cancel. They permit users to access others’ accounts. Question 17.17. (TCO 9) Which is true about user security policies? (Points : 5) Employees must sign a statement of acknowledgement that they understand them in order for policies to be effective. Policies must be clear and very specific. Security policies can prevent misuse of computer systems. There must be penalties for every infraction. Question 18.18. (TCO 9) Which is an e-mail attachment that would be acceptable to open? (Points : 5) It is an animation or movie. It contains active code. It comes from an unknown source. It contains an expected spreadsheet. Question 19.19. (TCO 10) Which is notone of the Six Ps the author refers to in the stages of assessing a system’s security? (Points : 5) Ports Probe Policies Problems Question 20.20. (TCO 10) To what does the term trusted computing base refer? (Points : 5) A base station facility for secure wireless computing A completely unified structure of protection mechanisms within a computer system A server that maintains secure access A system of numerous domains participating in two-way trust arrangements Question 21. 21. (TCO 11) List at least six ways to harden an IIS web server. (Points : 20) Six ways to harden an IIS Web server are: 1. Run as applicationpoolidentity and run each website in their own application pool 2. Use Request Filtering or URLscan to block SQL injections 3. Disable all unwanted services such as FTP and SMTP 4. Lockdown any delegated permissions or remove them all together. 5. Use Windows firewall to block all but 3389, 80, 443, echo reply. 6. Store Data on a separate drive, remove default NTFS permissions Question 22. 22. (TCO 12) Name five possibly unnecessary Apache modules that should be disabled at installation, and explain what the modules do. (Points : 20) Five Apache modules that should be disabled at installation as they are deemed unnecessary are: mod_imap, mod_include, mod_info, mod_userdir and mod_autoindex. These modes are not required to be installed because other servers or application probablyhandles the specific tasks individually. Below you will find what each module does or is responsible for: mod_imap - this moduleprocesses .map files, thereby replacing the functionality of the imagemap CGI program. Any directory or document type configured to use the handler imap-file will be processed by this module. Basically, its responsible for server-side imagemap processing. mod_include - this module provides a filter which will process files before they are sent to the client. The processing is controlled by specially formatted SGML comments, referred to as elements. mod_info - this module provides a comprehensive overview of the server configuration mod_userdir - this module allows user-specific directories to be accessed using the http://example.com/~user/ syntax. mod_autoindex - this module generates directory indexes, automatically, similar to the Unix ls command or the Win32 dir shell command Question 23. 23. (TCO 9) Why is the proliferation of employee-owned mobile devices a challenge to network administrators? (Points : 20) The proliferation of employee-owned mobile devices or BYOD a challenge to network administrators because of all the challenges that this concept poses. Many may feel that it can help an organization save money over the long run but the security concerns that will surface may not be worth it at all. When BYOD - Bring Your Own Device is in play is brings about a whole lot of questions as it relates to security. One of the main reason for this is that the security responsibilities no longer falls on the IT department of the organization but to the individual employees. A poorly managed BYOD program would and could cause more trouble for an organization. Network administrator would have to ensure that all users who use this program are regularly checked to ensure compliance with other organization security policies and I’m sure many persons would not always comply and give rise to additional work for the network admins and the IT department. Question 24. 24. (TCO 7) What is the difference between a virus and a worm? (Points : 20) In order to understand the difference between a virus and a worm we have to first understand each is. Even though they may be similar in some cases they are different in many ways. A Virus is a program or piece of code that causes an unexpected, usually negative, event. Viruses attaches itself to a program or file enabling it to spread from one computer to another, leaving infections as it travels. Some viruses are just annoyances where as others can cause serious damage to your computers software, hardware and files. A worm is virus that reside in the active memory of a computer and duplicate themselves. They may send copies of themselves to other computers, such as through email or Internet Relay Chat (IRC). Worms have the capability to travel without any human action and normally takes advantage of file or information transport features on your system. Due to the none interaction of humans for the spread of worms it can easily consumes too much system memory (or network bandwidth) and thus make computer non-responsive. Question 25. 25. (TCO 10) Discuss at least two physical security measures that organizations can use to help secure their networks, data, and company in general. (Points : 20) Two physical security measures that organizations can use to help secure their networks, data, and company in general are Securing the data center location, in many organizations their data center is the heart of the physical network, and someone with physical access to the servers, switches, routers, cables and other devices in that room can do enormous damage. Even though we know any lock in the world can be violated it is wise to setup policies that govern access to the locations of the data center. Some key things to note are doors be locked any time the room is unoccupied, and define who has the key or keycode to get in. Additionally, laptops and handhelds needs to be secured as they pose one of the biggest threats as they can be stolen the easily and have a host of company data. Laptops at employees’ desks should secure them to a permanent fixture with a cable lock system or they should take them with them when they leave. To help in protection biometric readers, full disk encryption and software that "phones home" if the stolen laptop connects to the Internet can be used to supplement physical security measure put in place. [Show More]

Last updated: 3 years ago

Preview 1 out of 8 pages