(66) In wireless communication,
which of the following controls allows the device receiving the communications
to verify that the received communications have not been altered in transit?
A. Device authentication and data
origin authentication
B. Wireless intrusion detection (IDS)
and prevention systems (IPS)
C. The
use of cryptographic hashes
D. Packet headers and trailers
Explanation:
Calculating cryptographic hashes for wireless communications allows the device receiving the communications to verify that the received communications have not been altered in transit. This prevents masquerading and message modification attacks. Device authentication and data origin authentication is not the correct answer since authenticating wireless endpoints to each other prevents man-in-the-middle attacks and masquerading. Wireless iDS / lPSs is not the correct answer since wireless IDS/ lPSshave the ability to detect misconfigured devices and rogue devices, and detect and possibly stop certain types of attacks. Packet headers and trailers alone do not ensure that the content has not been altered.
Calculating cryptographic hashes for wireless communications allows the device receiving the communications to verify that the received communications have not been altered in transit. This prevents masquerading and message modification attacks. Device authentication and data origin authentication is not the correct answer since authenticating wireless endpoints to each other prevents man-in-the-middle attacks and masquerading. Wireless iDS / lPSs is not the correct answer since wireless IDS/ lPSshave the ability to detect misconfigured devices and rogue devices, and detect and possibly stop certain types of attacks. Packet headers and trailers alone do not ensure that the content has not been altered.
(67) An organization is
planning to replace its wired networks with wireless networks. Which of the
following would BEST secure the wireless network from unauthorized access?
A. Implement Wired Equivalent Privacy
(WEP)
B. Permit access to only authorized
Media Access Control (MAC) addresses
C. Disable open broadcast of service
set identifiers (SSID)
D. Implement
Wi-Fi Protected Access (WPA) 2
Explanation:
Wi-Fi Protected Access (WPA) 2 implements most of the requirements of the IEEE 802.11i standard. The Advanced Encryption Standard (AESJ used in WPA2 provides better security. Also, WPA2 supports both the Extensible Authentication Protocol and the preshared secret key authentication model. Implementing Wired Equivalent Privacy (WEP) is incorrect since it can be cracked within minutes. WEP uses a static key which has to be communicated to all authorized users, thus management is difficult. Also, there is a greater vulnerability if the static key is not changed at regular intervals. The practice of allowing access based on Media Access Control (MAC) is not a solution since MAC addresses can be spoofed by attackers to gain access to the network. Disabling open broadcast of service set identifiers (SSID) is not the correct answer as they cannot handle access control.
Wi-Fi Protected Access (WPA) 2 implements most of the requirements of the IEEE 802.11i standard. The Advanced Encryption Standard (AESJ used in WPA2 provides better security. Also, WPA2 supports both the Extensible Authentication Protocol and the preshared secret key authentication model. Implementing Wired Equivalent Privacy (WEP) is incorrect since it can be cracked within minutes. WEP uses a static key which has to be communicated to all authorized users, thus management is difficult. Also, there is a greater vulnerability if the static key is not changed at regular intervals. The practice of allowing access based on Media Access Control (MAC) is not a solution since MAC addresses can be spoofed by attackers to gain access to the network. Disabling open broadcast of service set identifiers (SSID) is not the correct answer as they cannot handle access control.
(68) An IS auditor is reviewing
a software-based firewall configuration. Which of the following represents the
GREATEST vulnerability? The firewall software:
A. is configured with an implicit deny
rule as the last rule in the rule base.
B. is
installed on an operating system with default settings.
C. has been configured with rules
permitting or denying access to systems or networks.
D. is configured as a virtual private
network (VPN) endpoint.
Explanation:
Default settings are often published and provide an intruder with predictable configuration information, which allows easier system compromise. To mitigate this risk, firewall software should be installed on a system using a hardened operating system that has limited functionality, providing only the services necessary to support the firewall software. Choices A, C and D are normal or best practices for firewall configurations.
Default settings are often published and provide an intruder with predictable configuration information, which allows easier system compromise. To mitigate this risk, firewall software should be installed on a system using a hardened operating system that has limited functionality, providing only the services necessary to support the firewall software. Choices A, C and D are normal or best practices for firewall configurations.
(69) The GREATEST risk posed by
an improperly implemented intrusion prevention system (IPS) is:
A. that there will be too many alerts
for system administrators to verify.
B. decreased network performance due to
IPS traffic.
C. the
blocking of critical systems or services due to false triggers.
D. reliance on specialized expertise
within the IT organization.
Explanation:
An intrusion prevention system (IPS) prevents a connection or service based on how it is programmed to react to specific incidents. If the packets are coming from a spoofed address and the IPS is triggered based on previously defined behavior, it maybiock the service or connection of a critical internal system. The other choices are risks that are not as severe as blocking critical systems or services due to false triggers.
An intrusion prevention system (IPS) prevents a connection or service based on how it is programmed to react to specific incidents. If the packets are coming from a spoofed address and the IPS is triggered based on previously defined behavior, it maybiock the service or connection of a critical internal system. The other choices are risks that are not as severe as blocking critical systems or services due to false triggers.
(70) The MOST effective control
for reducing the risk related to phishing is:
A. centralized monitoring of systems.
B. including signatures for phishing in
antivirus software.
C. publishing the policy onantiphishing
on the intranet.
D. security
training for all users.
Explanation:
Phishing is a type of e-mail attack that attempts to convince a user that the originator is genuine, with the intention of obtaining information. Phishing is an example of a social engineering attack. Any social engineering type of attack can best Decontrolled through security and awareness training.
Phishing is a type of e-mail attack that attempts to convince a user that the originator is genuine, with the intention of obtaining information. Phishing is an example of a social engineering attack. Any social engineering type of attack can best Decontrolled through security and awareness training.
- Muhammad Idham Azhari
No comments:
Post a Comment