(51) To address a maintenance
problem, a vendor needs remote access to a critical network. The MOST secure
and effective solution is to provide the vendor with a:
A. Secure
Shell (SSH-2) tunnel for the duration of the problem.
B. two-factor authentication mechanism
for network access.
C. dial-in access.
D. virtual private network (VPN)
account for the duration of the vendor support contract.
Explanation:
For granting temporary access to the network, a Secure Shell (SSH-2) tunnel is the best approach. It has auditing features and allows restriction to specific access points. Choices B, C and D all give full access to the internal network. Two-factor authentication and virtual private network (VPN) provide access to the entire network and are suitable for dedicated users. Dial-in access would need to be closely monitored or reinforced with another mechanism to ensure authentication to achieve thesame level of security as SSH-2.
For granting temporary access to the network, a Secure Shell (SSH-2) tunnel is the best approach. It has auditing features and allows restriction to specific access points. Choices B, C and D all give full access to the internal network. Two-factor authentication and virtual private network (VPN) provide access to the entire network and are suitable for dedicated users. Dial-in access would need to be closely monitored or reinforced with another mechanism to ensure authentication to achieve thesame level of security as SSH-2.
(52) What is the BEST approach
to mitigate the risk of a phishing attack?
A. implement an intrusion detection
system (IDS)
B. Assess web site security
C. Strong authentication
D. User
education
Explanation:
Phishing attacks can be mounted in various ways; intrusion detection systems (IDSs) and strong authentication cannot mitigate most types of phishing attacks. Assessing web site security does not mitigate the risk. Phishing uses a server masqueradingas a legitimate server. The best way to mitigate the risk of phishing is to educate users to take caution with suspicious internet communications and not to trust them until verified. Users require adequate training to recognize suspicious web pagesand e-mail.
Phishing attacks can be mounted in various ways; intrusion detection systems (IDSs) and strong authentication cannot mitigate most types of phishing attacks. Assessing web site security does not mitigate the risk. Phishing uses a server masqueradingas a legitimate server. The best way to mitigate the risk of phishing is to educate users to take caution with suspicious internet communications and not to trust them until verified. Users require adequate training to recognize suspicious web pagesand e-mail.
(53) A sender of an e-mail
message applies a digital signature to the digest of the message. This action
provides assurance of the:
A. date and time stamp of the message.
B. identity of the originating
computer.
C. confidentiality of the message’s
content.
D. authenticity
of the sender.
Explanation:
The signature on the digest can be used to authenticate the sender. It does not provide assurance of the date and time stamp or the identity of the originating computer. Digitally signing an e-mail message does not prevent access to its content and,therefore , does not assure confidentiality.
The signature on the digest can be used to authenticate the sender. It does not provide assurance of the date and time stamp or the identity of the originating computer. Digitally signing an e-mail message does not prevent access to its content and,therefore , does not assure confidentiality.
(54) The BEST filter rule for
protecting a network from being used as an amplifier in a denial of service (DoS)
attack is to deny all:
A. outgoing
traffic with IP source addressesexterna! to the network.
B. incoming traffic with discernible
spoofed IP source addresses.
C. incoming traffic with IP options
set.
D. incoming traffic to critical hosts.
Explanation:
Outgoing traffic with an IP source address different than the IP range in the network is invalid, in most of the cases, it signals a DoS attack originated by an internal user or by a previously compromised internal machine; in both cases, applying this filter will stop the attack.
Outgoing traffic with an IP source address different than the IP range in the network is invalid, in most of the cases, it signals a DoS attack originated by an internal user or by a previously compromised internal machine; in both cases, applying this filter will stop the attack.
(55) The network of an
organization has been the victim of several intruders’ attacks. Which of the
following measures would allow for the early detection of such incidents?
A. Antivirus software
B. Hardening the servers
C. Screening routers
D. Honeypots
Explanation:
Honeypots can collect data on precursors of attacks. Since they serve no business function, honeypots are hosts that have no authorized users other than the honeypot administrators. All activity directed at them is considered suspicious. Attackers will scan and attack honeypots , giving administrators data on new trends and attack tools, particularly malicious code. However, honeypots are a supplement to, not a replacement for, properly securing networks, systems and applications. If honeypots are to be used by an organization, qualified incident handlers and intrusion detection analysts should manage them. The other choices do not provide indications of potential attacks.
Honeypots can collect data on precursors of attacks. Since they serve no business function, honeypots are hosts that have no authorized users other than the honeypot administrators. All activity directed at them is considered suspicious. Attackers will scan and attack honeypots , giving administrators data on new trends and attack tools, particularly malicious code. However, honeypots are a supplement to, not a replacement for, properly securing networks, systems and applications. If honeypots are to be used by an organization, qualified incident handlers and intrusion detection analysts should manage them. The other choices do not provide indications of potential attacks.
(56) A company has decided to
implement an electronic signature scheme based on public key infrastructure.
The user’s private key will be stored on the computer’s hard drive and
protected by a password. The MOST significant risk of this approach is:
A. use
of the user’s electronic signature by another person if the password is
compromised.
B. forgery by using another user’s
private key to sign a message with an electronic signature.
C. impersonation of a user by
substitution of the user’s public key with another person’s public key.
D. forgery by substitution of another
person’s private key on the computer.
Explanation:
The user’s digital signature is only protected by a password. Compromise of the password would enable access to the signature. This is the most significant risk. Choice B would require subversion of the public key infrastructure mechanism, which is very difficult and least likely.
Choice C would require that the message appear to have come from a different person and therefore the true user’s credentials would not be forged. Choice D has the same consequence as choice C.
The user’s digital signature is only protected by a password. Compromise of the password would enable access to the signature. This is the most significant risk. Choice B would require subversion of the public key infrastructure mechanism, which is very difficult and least likely.
Choice C would require that the message appear to have come from a different person and therefore the true user’s credentials would not be forged. Choice D has the same consequence as choice C.
(57) An IS auditor selects a
server for a penetration test that will be carried out by a technical
specialist.
Which of the following is MOST important?
Which of the following is MOST important?
A. The tools used to conduct the test
B. Certifications held by the IS
auditor
C. Permission
from the data owner of the server
D. An intrusion detection system (IDS)
is enabled
Explanation:
The data owner should be informed of the risks associated with a penetration test, what types of tests are to be conducted and other relevant details. All other choices are not as important as the data owner’s responsibility for the security of the data assets.
The data owner should be informed of the risks associated with a penetration test, what types of tests are to be conducted and other relevant details. All other choices are not as important as the data owner’s responsibility for the security of the data assets.
(58) After observing suspicious
activities in a server, a manager requests a forensic analysis. Which of the
following findings should be of MOST concern to the investigator?
A.Server is a member of a workgroup and not part of the
server domain
B. Guest account is enabled on the
server
C. Recently, 100 users were created in
the server
D. Audit
logs are not enabled for the server
Explanation:
Audit logs can provide evidence which is required to proceed with an investigation and should not be disabled. For business needs, a server can be a member of a workgroup and, therefore, not a concern. Having a guest account enabled on a system is apoor security practice but not a forensic investigation concern. Recently creating 100 users in the server may have been required to meet business needs and should not be a concern.
Audit logs can provide evidence which is required to proceed with an investigation and should not be disabled. For business needs, a server can be a member of a workgroup and, therefore, not a concern. Having a guest account enabled on a system is apoor security practice but not a forensic investigation concern. Recently creating 100 users in the server may have been required to meet business needs and should not be a concern.
(59) Which of the following
would be the GREATEST cause for concern when data are sent over the Internet
using HTTPS protocol?
A. Presence
of spyware in one of the ends
B. The use of a traffic sniffing tool
C. The implementation of an
RSA-compliant solution
D. A symmetric cryptography is used for
transmitting data
Explanation:
Encryption using secure sockets layer/transport layer security (SSL/TLS) tunnels makes it difficult to intercept data in transit, but when spyware is running on an end user’s computer, data are collected before encryption takes place. The other choices are related to encrypting the traffic, but the presence of spyware in one of the ends captures the data before encryption takes place.
Encryption using secure sockets layer/transport layer security (SSL/TLS) tunnels makes it difficult to intercept data in transit, but when spyware is running on an end user’s computer, data are collected before encryption takes place. The other choices are related to encrypting the traffic, but the presence of spyware in one of the ends captures the data before encryption takes place.
(60) A firewall is being
deployed at a new location. Which of the following is the MOST important factor
in ensuring a successful deployment?
A. Reviewing logs frequently
B. Testing
and validating the rules
C. Training a local administrator at
the new location
D. Sharing firewall administrative
duties
Explanation:
A mistake in the rule set can render a firewall insecure. Therefore, testing and validating the rules is the most important factor in ensuring a successful deployment. A regular review of log files would not start until the deployment has been completed. Training a local administrator may not be necessary if the firewalls are managed from a central location. Having multiple administrators is a good idea, but not the most important.
A mistake in the rule set can render a firewall insecure. Therefore, testing and validating the rules is the most important factor in ensuring a successful deployment. A regular review of log files would not start until the deployment has been completed. Training a local administrator may not be necessary if the firewalls are managed from a central location. Having multiple administrators is a good idea, but not the most important.
- Muhammad Idham Azhari
No comments:
Post a Comment