Security Assessments and Audits (1) Flashcards
As part of your security audit, you would like to see what type of network traffic is being transmitted on the network. Which type of tool should you use?
Protocol analyzer
Port scanner
Vulnerability scanner
Protocol analyzer
Protocol analyzers use a promiscuous mode network card driver that enables the capture of all network traffic. Each switch port is a collision domain that prevents capturing unicast traffic related to other hosts; however, some switches enable mirroring of all switch traffic to a specific port. Be aware that packet forgery is easy with freely available tools such as hping
Your network consists of 250 computers. You must determine which machines are secure and which are not. Which type of tool should you use?
Protocol analyzer
Port scanner
Vulnerability scanner
Vulnerability scanner
Vulnerability scanners scan computers for known security vulnerabilities
You would like to focus on and track potential future malicious activity for a particular host in your screened subnet. What should you configure?
Honeynet
Honeypot
DMZ tracker
Honeypot
A honeypot is an intentionally vulnerable host used to attract and track malicious activity
Which of the following would you employ to determine which ports are open on a host?
Vulnerability scanner
Packet sniffer
Port scanner
Port scanner
Port scanners identify open ports on hosts similar to operating system commands such as netstat. Personal firewall software may impede the success of port scanners. Note that port scanning can be detected fairly easily by most modern network-based intrusion protection and detection tools
A technician must identify deviations from normal network activity. Which task must she first perform?
Trend analysis
Baseline analysis
Performance monitoring
Baseline analysis
A baseline analysis establishes what is normal on a given network. Without this data, it is difficult to determine deviations from the norm
A Windows computer has not been patched and unnecessary services have not been disabled. Which of the following statements is true regarding security?
The computer will perform faster.
The computer has a large attack surface.
The computer has a small attack surface.
The computer has a large attack surface.
Computers with many potential vulnerabilities (software, physical) are said to have a larger attack surface than patched machines that run only software that is required. A larger attack surface means a higher degree of possibility of a machine becoming compromised
A network security auditor simulates various network attacks against a corporate network. Which term best defines this procedure?
Vulnerability analysis
Network mapping
Penetration testing
Penetration testing
Penetration testing (pen testing) is an active, or intrusive, type of test that involves simulating malicious activity against hosts or entire networks to assess how secure they are and to identify threats. Proper written consent outlining the rules of engagement must be obtained prior to performing this type of testing, since testing could disrupt hosts and networks
Your manager asks you to configure a collection of purposely vulnerable hosts in a DMZ for the purpose of tracking malicious attacker attempts. What term best describes what you are configuring?
Honeynet
Honeypot
Firewall
Honeynet
A honeynet is composed of two or more honeypots. These are intentionally vulnerable hosts used to track malicious activity
You run a vulnerability scan on subnet 192.168.1.0/24. The results state that TCP ports 135 through 139 are open on most hosts. What does this refer to, assuming default ports are being used?
File and Print Sharing
Web server
Mail server
File and Print Sharing
Windows File and Print Sharing generally uses TCP ports 135 to 139 to enable resources to be discoverable on a local network
After careful log examination, you realize that somebody has hacked into your WEP-secured home wireless network. What can you do to improve the security of wireless traffic?
Use WPA2 Enterprise.
Use WPA2 PSK.
Disable SSID broadcasting.
Use WPA2 PSK.
Wi-Fi Protected Access (WPA2) pre-shared key (PSK) is considered more secure than Wired Equivalent Privacy (WEP) and would be the most suitable solution for a home router
What should be done to ensure that your network security is effective?
Patch all operating systems.
Update the BIOS on all systems.
Periodically test network security controls.
Periodically test network security controls.
Periodic network testing, perhaps even penetration testing, is valuable to ensure that your network security controls remain valid over time and that previously uncompromised hosts have not been compromised and used for persistent attacker connectivity. Compromised hosts or network devices could allow attackers to use one vulnerable device to gain access, and from there scan for and exploit other vulnerable devices on the network (pivoting) through lateral movement
Which of the following are considered passive security testing? (Choose two.)
Capturing network traffic
Brute-force password attack
Dictionary-based disk decryption
OS fingerprinting
Capturing network traffic
OS fingerprinting
The passive testing of security controls does not interfere with the normal operation of a computer system or network. Capturing network traffic simply takes a copy of network packets already being transmitted, and OS fingerprinting attempts to determine the OS used by a device by analyzing network traffic responses from a host
From the following list, identify the security misconfiguration:
A domain administrative account is used as a service account.
An Active Directory account is used as a service account.
Windows stations receive updates from a WSUS server instead of the Internet.
A domain administrative account is used as a service account.
A Windows service (and UNIX/Linux daemons) must run under the context of a standard user account. Assigning a powerful domain administrative account presents a major threat if the service is compromised; the hacker would then have escalated domain administrative privileges. Service accounts should have only the rights and permissions required to function—nothing more. Many administrators do not force periodic password changes for service accounts, which presents yet another security risk
A security-auditing team has been hired to conduct network penetration tests against a network. The team has not been given any data related to the network or its layout. What type of testing will the team perform?
Unknown environment
Known environment
Partially known environment
Unknown environment
Unknown environment testing refers to the process by which computer software or networks are tested and the testers have no information about how the software or networks are designed
You are having trouble pinging host 192.168.17.45; there are no replies. One of your users must use the Remote Desktop Protocol (RDP) against the host to run an application. You cannot test RDP for the user, because you are currently logged on locally to a Linux server with only a command line. What can you use to determine quickly whether RDP is running on 192.168.17.45?
Packet sniffer
Virus scanner
Port scanner
Port scanner
A port scanner is a quick, simple way to determine which ports are open on a host. Even though ping packets may be blocked, RDP packets may not be. Tools such as Netcat can be used on Linux and Windows to test communication with TCP and UDP ports
