Chapter 2

Question 1

Network Monitors

Answer 1

AKA Sniffers

help troubleshoot network problems. Dig much deeper than IPconfig to tell you what’s actually going on on the network.

Today consists of a PC with an NIC

Question 2

Promiscuous Mode

Answer 2

The network card looks at the packet that it sees on the network even if it is not addressed to that file

Question 3

Application Log

Answer 3

This log contains various events logged by applications or programs. Many applications will record their errors in the log. Provides clues that someone has been attempting to compromise the database

Question 4

Security Log

Answer 4

Contains successful/unsuccessful logon attempts. Also records events related to resource use such as creating, opening, or deleting files/objects

Question 5

Extensions used to save a log file

Answer 5

EVT, TXT, CSV

Question 6

File/Print Server Vulnerabiliy

Answer 6

DoS attacks and access attacks. Target a specific port and overwhelm the the port

Question 7

RPC

Answer 7

Remote Procedure Call

programing interface that allows a remote computer to run programs on a local machine. Contains serious vulnerabilities.

Question 8

Place where common attacks to Networks with PC-Based systems

Answer 8

NetBIOS services: ports 135, 137, 138, and 139

To prevent make sure that NetBIOS services are disabled on servers or that an effective firewall is in place

Question 9

Place to look for up to date informations on Windows operating system issues

Answer 9

Microsoft Safety and Security Center

Question 10

Which software should you keep on your computer?

Answer 10

Only relevant software should be kept on the computer

If it isn’t essential, get rid of it!

Question 11

Patches. What they are and when to get them (not the types)

Answer 11

An update to a system. Can add new functionality or fix a bug in the software. In a business test them first to make sure they won’t mess everything up. In personal use let them auto update.

Also what a pirate wears over his/her eye.

Question 12

Three types of patches

Answer 12

1. Service Pack - corrects problems within a version of the product
2. Updates - code fixes for products that are provided in the event of critical problems
3. Security Updates - Mandatory updates to make sure that known security problems are fixed

Question 13

UAC best practices

Answer 13

User Account Control

Disable unnecessary accounts: they allow for a door into the system. These include former employees and guest accounts

Require passwords: you should always require passwords

Question 14

what does $ denote?

Answer 14

Hidden administrative files. They manage a computer on a network and can only be deleted through Registry edits

Question 15

Should you use MAC filtering or port authentication?

Answer 15

Why not both? MAC filtering can be circumvented fairly simply unless you authenticate

Question 16

Four good ideas to Secure a network

Answer 16

MAC Limiting/Filtering
802.1X
Disable Unused Ports
Rogue Machine Detection

Question 17

Hardening

Answer 17

general process of making sure that the OS itself is as secure as it can be

Question 18

Hazard of disabling a service and how to avoid it

Answer 18

Other services may be dependent on that service to function. Microsoft Services Console gives information on dependencies.

Question 19

Which file system does Microsoft recommend network shares are established using?

Answer 19

NTFS

Question 20

Rogue Machines

Answer 20

Adding an unauthorized machine on to the system. Possibly an intruder or a neighboring office connecting to your wireless

Question 21

EAP

Answer 21

Extensible Authentication Protocol

authentication framework frequently used in wireless networks and point-to-point connections

Question 22

Common aspects of security audits

Answer 22

Review security logs
Review policies and compliance
Check security device configuration
Review Incident Response Reports

Question 23

First two steps after a gap in security posture is detected

Answer 23

1. Classify the gap

2. Begin implementing a plan to remmediate it

Question 24

Three Classifications of threats

Answer 24

Minor - no immediate threat
Serious - possible immediate threat
Critical - total disaster! Respond immediately!

Question 25

Alerts versus Alarms

Answer 25

Alerts are issues that need to be addressed, but they are not immediate

Alarms are immediate. Fix it.