|
11.1.11 Practice exam |
… |
|
Which of the following functions can a port scanner provide? (select two) |
Determining which ports are open on a firewall Discovering unadvertised servers |
|
You want to make sure that a set of servers will only accept traffic for specific network services. You have verified that the servers are only running the necessary services, but you also want to make sure that the servers will not accept packets sent to those services. Which tool should you use? |
Port Scanner |
|
You want to be able to identify the services running on a set of servers on you network. Which tool would best give you the information you need? |
Vulnerability Scanner |
|
You want to identify all devices on a network along with a list of open ports on those devices. You want the results displayed in a graphical diagram. Which tool should you use? |
Network Mapper |
|
You want to use a tool to scan a system for vulnerabilities including open ports, running services, and missing patches. Which tool would you use? (select two) |
Nessus Retina |
|
You want to check a server for user account that have weak password. Which tool should you use? |
John the Ripper |
|
Which of the following are performed by the Microsoft Baseline Security Analyzer (MBSA) tool? (select three) |
Check for missing patches Check user accounts for weak passwords Check for open ports |
|
Which of the following identifies standards and XML formats for reporting and analyzing system vulnerabilities? |
OVAL |
|
Which of the following is the name of the type of port scan which does not complete the full three-way handshake of TCP, but rather listens only for either SYN/ACK or RST/ACK packets? |
TCP SYN scan |
|
You have run a vulnerability scanning tool and identified several patches that need to be applied to a system. What should you do next after applying the patches |
Run the vulnerability assessment again |
|
You are using a vulnerability scanner that conforms to the OVAL specifications. Which o the following items containing a specific vulnerability or security issue that could be present on a system? |
Definition |
|
You want to use a vulnerability scanner to check a system for known security risks. What should you do first? |
Up date the scanner definition files |
|
A security administrator logs on to a Windows server on her organizations network. She then runs a vulnerability scan on that server. What type of scan was conducted in this scenario? |
Credentialed scan |
|
A security administrator needs to run a vulnerability scan that will analyze a system from the perspective of a hacker attacking the organization from the outside. What type of scan should he use? |
Non-credentialed scan |
|
11.2.4 practice exam |
… |
|
Which of the following identifies an operating system or network service based upon it response to ICMP messages? |
Fingerprinting |
|
Which of the following uses hacking techniques to proactively discover internal vulnerabilities? |
Penetration testing |
|
You have decided to perform a double blind penetration test. Which of the following actions would you perform first? |
Inform senior management |
|
Which of the following activities are typically associated with penetration testing? (select two) |
Running a port scanner Attempting social engineering |
|
What is the main difference between vulnerability scanning and penetration testing? |
Vulnerability scanning is performed within the security perimeter; penetration testing is performed outside of the security perimeter. |
|
What is the primary purpose of penetration testing? |
Test the effectiveness of your security perimeter |
|
Which of the following types of penetration test teams will provide you information that is most revealing of a real-world hacker attack? |
Zero knowledge team |
|
A security administrator is conducting a penetration test on a network. She connects a notebook |
Active fingerprinting |
|
A security administrator is conducting a penetration test on a network. She connects a notebook |
Passive fingerprinting |
|
Which of the following is included in an operations penetration test? (select two) |
Looking through discarded papers or media for sensitive information Eavesdropping or obtaining sensitive information from items that are not properly stored |
|
Which phase or step of security assessment is a passive activity |
Reconnaissance |
|
Drag each penetration test characteristic on the left to the appropriate penetration test name on the right. |
White box test The tester has detailed information about the target system prior to starting the test. Grey box test The tester has the same amount of information that would be available to a typical insider in the organization. Black box test The tester has no prior knowledge of the target system. Single blind test Either the attacker has prior knowledge about the target system, or the administrator knows that the test is being performed Double blind test The tester does not have prior information about the system and the administrator has no knowledge that the test is being performed. |
|
11.3.4 Practice exam |
… |
|
You want to be able to identify traffic that is being generated and sent through the network by a specific application running on a device. |
Protocol analyzer. |
|
You want to know what protocols are being used on your network. You’d like to monitor network traffic and sort traffic based on protocol. |
Packet sniffer. |
|
You want to use a tool to see packets on a network, including the source and destination of each packet. Which tool should you use? |
Wireshark |
|
u have a small network of devices connected together using a switch. You want to capture the traffic that is sent from Host A to Host B. |
Configure port mirroring |
|
You are concerned about attacks directed against your firewall on your network. You would like to examine the content of individual frames sent to the network. |
Packet sniffer. |
|
You decide to use a packet sniffer to identify the type of traffic sent to a router. You run the packet sniffer software on a device which is connected to the same hub that is connected to the router. |
Promiscuous mode. |
|
You decide to use a packet sniffer to identify the type of traffic sent to the router. You run the packet sniffing software on a device which is connected to a hub with three other computers. The hub is connected to the same switch that is connected to the router. |
Mirroring. |
|
You have recently reconfigured FTP to require encryption of both passwords and data transfers. You would like to check network traffic to verify that all FTP passwords and data are being encrypted. Which tool should you use? |
Protocol analyzer |
|
11.4.8 Practice exam |
… |
|
You want to store your computer-generated audit logs in case they are needed in the future for examination or to be used as evidence in the event of a security incident. Which method can you use to ensure that the logs you put in storage have not been altered when you go to use them in the future? |
Create a hash of each log. |
|
What does hashing of log files provide? |
Proof that the files have not been altered |
|
When a new IT employee is hired by your organization, you need to clearly inform her of the long retention policy. This policy includes details about all but which of the following? |
What limitations of legal punishment or fines is supported by the organization |
|
Over the past few days, a server has gone offline and rebooted automatically several times. You would like to see a record of when each of these restarts has occurred. Which log type should you check? |
System |
|
You have heard about a new Trojan horse program where the compromised system sends personal information to a remote attackers on a specific TCP port. You want to be able to easily tell whether any of your systems are sending data to the attacker. Which log would you monitor? |
Firewall |
|
which of the following is a standard for sending log messages to a central logging server? |
Syslog |
|
You suspect that some of your computers have been hijacking and are being used to perform denial of service attacks directed against other computers on the Internet. |
Firewall |
|
You are interested in identifying the source of potential attacks that have recently been directed against your network but which have been successfully blocked. Which log would you check? |
Firewall |
|
You suspect that your Web server has been the target of a denial of service attack. You would like to view information about the number of connections to the server over the past three days. Which log would you most likely examine? |
Performance |
|
You are concerned that an attacker can gain access to your Web server, make modifications to the system after the log files to hid his actions. Which of the following actions would beset protect the log files? |
Use syslog to send log entries to another server |
|
You decide to use syslog to send log entries from multiple servers to a central logging server. Which of the following are the most important considerations for your implementations. Select two |
Clock synchronization between all devices Disk space on the syslog server |
|
You manage a firewall that connects your private network to the Internet. You would like to see a record of every packet that has been rejected by the firewall in the past month. Which tool should you use? |
Event log |
|
Which of the following best describes an audit daemon? |
The trusted utility that runs a background process whenever auditing is enabled |
|
Which of the following is NOT included in a system level audit event? select two |
Any actions performed by the user Names of accessed files |
|
The auditing feature of an operating system serves as what form of control when users are informed that their actions are being monitored? |
Preventative |
|
11.5.7 Practice exam |
… |
|
Which of the following is NOT an advantage when using an internal auditor to examine security systems and relevant documentation? |
Findings in which the audit and subsequent summations are viewed as objective. |
|
Properly configured passive IDS and System Audit Logs are an integral part of a comprehensive security plan. What step must be taken to ensure that the information is useful in maintaining a secure environment? |
Periodic reviews must be conducted to detect malicious activity or policy violations |
|
Which of the following describes Privilege Auditing? |
Rights and privileges of users and groups are checked to guard against creeping privileges. |
|
Which of the following terms identifies the process of reviewing log files for suspicious activity and threshold compliance? |
auditing |
|
What is the purpose of audit trails? |
Detect security-violation events |
|
Which of the following is a collection of recorded data that may include details about logons, object access and other activities deemed important by your security policy that is often used to detect unwanted and unauthorized user activity? |
audit trail |
|
A recreation of historical events is made possible through? |
audit trails |
Share This
Flashcard
