01. Which of the following potentially blocks hacking attempts?
A. intrusion detection system
B. Honeypot system
C. Intrusion prevention system
D. Network security scanner
Explanation:
An intrusion prevention system (IPS) is deployed as an in-line device that can detect and block hacking attempts.
An intrusion detection system (IDS) normally is deployed in sniffing mode and can detect intrusion attempts, but cannot effectively stopthem . A honeypot solution traps the intruders to explore a simulated target. A network security scanner scans for the vulnerabilities, but it will not stop the intrusion.
02. A virtual private network (VPN) provides data confidentiality by using:
A. Secure Sockets Layer (SSL)
B. Tunnelling
C. Digital signatures
D. Phishing
Explanation:
VPNs secure data in transit by encapsulating traffic, a process known as tunnelling .
SSL is a symmetric method of encryption between a server and a browser. Digital signatures are not used in the VPN process, while phishing is a form of a social engineering attack.
03. An IS auditor reviewing wireless network security determines that the Dynamic Host Configuration Protocol is disabled at all wireless access points. This practice:
A. reduces the risk of unauthorized access to the network.
B. is not suitable for small networks.
C. automatically provides an IP address to anyone.
D. increases the risks associated with Wireless Encryption Protocol (WEP).
Explanation:
Dynamic Host Configuration Protocol (DHCP) automatically assigns IP addresses to anyone connected to the network. With DHCP disabled, static IP addresses must be used and represent less risk due to the potential for address contention between an unauthorized device and existing devices on the network.
Choice B is incorrect because DHCP is suitable for small networks. Choice C is incorrect because DHCP does not provide IP addresses when disabled. Choice D is incorrect because disabling of the DHCP makes it more difficult to exploit the well-known weaknesses in WEP.
04. IS management recently replaced its existing wired local area network (LAN) with a wireless infrastructure to accommodate the increased use of mobile devices within the organization. This will increase the risk of which of the following attacks?
A. Port scanning
B. Back door
C. Man-in-the-middle
D. War driving
Explanation:
A war driving attack uses a wireless Ethernet card, set in promiscuous mode, and a powerful antenna to penetrate wireless systems from outside. Port scanning will often target the external firewall of the organization. A back door is an opening leftin software that enables an unknown entry into a system. Man-in-the-middle attacks intercept a message and either replace or modify it.
05. Active radio frequency ID (RFID) tags are subject to which of the following exposures?
A. Session hijacking
B. Eavesdropping
C. Malicious code
D. Phishing
Explanation:
Like wireless devices, active RFID tags are subject to eavesdropping. They are by nature not subject to session hijacking, malicious code or phishing.
06. Two-factor authentication can be circumvented through which of the following attacks?
A. Denial-of-service
B. Man-in-the-middle
C. Key logging
D. Brute force
circumvent- ফাঁদে ফেলা; পরিবেষ্টন করা; প্রতারণা করা; অবরোধ করা; বোকা বানান; বোকা বানানো
Explanation:
A man-in-the-middle attack is similar to piggybacking, in that the attacker pretends to be the legitimate destination, and then merely retransmits whatever is sent by the authorized user along with additional transactions after authentication has been accepted. A denial-of-service attack does not have a relationship to authentication. Key logging and brute force could circumvent a normal authentication but not a two-factor authentication.
07. Which of the following ensures confidentiality of information sent over the internet?
A. Digital signature
B. Digital certificate
C. Online Certificate Status Protocol
D. Private key cryptosystem
Explanation:
Confidentiality is assured by a private key cryptosystem.
Digital signatures assure data integrity, authentication and nonrepudiation , but not confidentially. A digital certificate is a certificate that uses a digital signature to bind together a public key with an identity; therefore, it does not address confidentiality. Online Certificate Status Protocol (OCSP) is an Internet protocol used for obtaining the revocation status of a digital certificate.
08.
Which of the following attacks targets the Secure Sockets Layer (SSL)?
A. Man-in-the middle
B. Dictionary
C. Password sniffing
D. Phishing
Explanation:
Attackers can establish a fake Secure Sockets Layer (SSL) server to accept user’s SSL traffic and then route to the real SSL server, so that sensitive information can be discovered. A dictionary attack that has been launched to discover passwords would not attack SSL since SSL does not rely on passwords. SSL traffic is encrypted, thus it is not possible to sniff the password. A phishing attack targets a user and not SSL Phishing attacks attempt to have the user surrender private information byfalsely claiming to be a trusted person or enterprise.
09.
Which of the following potentially blocks hacking attempts?
A. intrusion detection system
B. Honeypot system
C. Intrusion prevention system
D. Network security scanner
Explanation:
An intrusion prevention system (IPS) is deployed as an in-line device that can detect and block hacking attempts. An intrusion detection system (IDS) normally is deployed in sniffing mode and can detect intrusion attempts, but cannot effectively stopthem . A honeypot solution traps the intruders to explore a simulated target. A network security scanner scans for the vulnerabilities, but it will not stop the intrusion.
10.
A web server is attacked and compromised. Which of the following should be performed FIRST to handle the incident?
A. Dump the volatile storage data to a disk.
B. Run the server in a fail-safe mode.
C. Disconnect the web server from the network.
D. Shut down the web server.
Explanation:
The first action is to disconnect the web server from the network to contain the damage and prevent more actions by the attacker. Dumping the volatile storage data to a disk may be used at the investigation stage but does not contain an attack in progress. To run the server in a fail-safe mode, the server needs to be shut down. Shutting down the server could potentially erase information that might be needed for a forensic investigation or to develop a strategy to prevent future similar attacks.
A. intrusion detection system
B. Honeypot system
C. Intrusion prevention system
D. Network security scanner
Explanation:
An intrusion prevention system (IPS) is deployed as an in-line device that can detect and block hacking attempts.
An intrusion detection system (IDS) normally is deployed in sniffing mode and can detect intrusion attempts, but cannot effectively stopthem . A honeypot solution traps the intruders to explore a simulated target. A network security scanner scans for the vulnerabilities, but it will not stop the intrusion.
02. A virtual private network (VPN) provides data confidentiality by using:
A. Secure Sockets Layer (SSL)
B. Tunnelling
C. Digital signatures
D. Phishing
Explanation:
VPNs secure data in transit by encapsulating traffic, a process known as tunnelling .
SSL is a symmetric method of encryption between a server and a browser. Digital signatures are not used in the VPN process, while phishing is a form of a social engineering attack.
03. An IS auditor reviewing wireless network security determines that the Dynamic Host Configuration Protocol is disabled at all wireless access points. This practice:
A. reduces the risk of unauthorized access to the network.
B. is not suitable for small networks.
C. automatically provides an IP address to anyone.
D. increases the risks associated with Wireless Encryption Protocol (WEP).
Explanation:
Dynamic Host Configuration Protocol (DHCP) automatically assigns IP addresses to anyone connected to the network. With DHCP disabled, static IP addresses must be used and represent less risk due to the potential for address contention between an unauthorized device and existing devices on the network.
Choice B is incorrect because DHCP is suitable for small networks. Choice C is incorrect because DHCP does not provide IP addresses when disabled. Choice D is incorrect because disabling of the DHCP makes it more difficult to exploit the well-known weaknesses in WEP.
04. IS management recently replaced its existing wired local area network (LAN) with a wireless infrastructure to accommodate the increased use of mobile devices within the organization. This will increase the risk of which of the following attacks?
A. Port scanning
B. Back door
C. Man-in-the-middle
D. War driving
Explanation:
A war driving attack uses a wireless Ethernet card, set in promiscuous mode, and a powerful antenna to penetrate wireless systems from outside. Port scanning will often target the external firewall of the organization. A back door is an opening leftin software that enables an unknown entry into a system. Man-in-the-middle attacks intercept a message and either replace or modify it.
05. Active radio frequency ID (RFID) tags are subject to which of the following exposures?
A. Session hijacking
B. Eavesdropping
C. Malicious code
D. Phishing
Explanation:
Like wireless devices, active RFID tags are subject to eavesdropping. They are by nature not subject to session hijacking, malicious code or phishing.
06. Two-factor authentication can be circumvented through which of the following attacks?
A. Denial-of-service
B. Man-in-the-middle
C. Key logging
D. Brute force
circumvent- ফাঁদে ফেলা; পরিবেষ্টন করা; প্রতারণা করা; অবরোধ করা; বোকা বানান; বোকা বানানো
Explanation:
A man-in-the-middle attack is similar to piggybacking, in that the attacker pretends to be the legitimate destination, and then merely retransmits whatever is sent by the authorized user along with additional transactions after authentication has been accepted. A denial-of-service attack does not have a relationship to authentication. Key logging and brute force could circumvent a normal authentication but not a two-factor authentication.
07. Which of the following ensures confidentiality of information sent over the internet?
A. Digital signature
B. Digital certificate
C. Online Certificate Status Protocol
D. Private key cryptosystem
Explanation:
Confidentiality is assured by a private key cryptosystem.
Digital signatures assure data integrity, authentication and nonrepudiation , but not confidentially. A digital certificate is a certificate that uses a digital signature to bind together a public key with an identity; therefore, it does not address confidentiality. Online Certificate Status Protocol (OCSP) is an Internet protocol used for obtaining the revocation status of a digital certificate.
08.
Which of the following attacks targets the Secure Sockets Layer (SSL)?
A. Man-in-the middle
B. Dictionary
C. Password sniffing
D. Phishing
Explanation:
Attackers can establish a fake Secure Sockets Layer (SSL) server to accept user’s SSL traffic and then route to the real SSL server, so that sensitive information can be discovered. A dictionary attack that has been launched to discover passwords would not attack SSL since SSL does not rely on passwords. SSL traffic is encrypted, thus it is not possible to sniff the password. A phishing attack targets a user and not SSL Phishing attacks attempt to have the user surrender private information byfalsely claiming to be a trusted person or enterprise.
09.
Which of the following potentially blocks hacking attempts?
A. intrusion detection system
B. Honeypot system
C. Intrusion prevention system
D. Network security scanner
Explanation:
An intrusion prevention system (IPS) is deployed as an in-line device that can detect and block hacking attempts. An intrusion detection system (IDS) normally is deployed in sniffing mode and can detect intrusion attempts, but cannot effectively stopthem . A honeypot solution traps the intruders to explore a simulated target. A network security scanner scans for the vulnerabilities, but it will not stop the intrusion.
10.
A web server is attacked and compromised. Which of the following should be performed FIRST to handle the incident?
A. Dump the volatile storage data to a disk.
B. Run the server in a fail-safe mode.
C. Disconnect the web server from the network.
D. Shut down the web server.
Explanation:
The first action is to disconnect the web server from the network to contain the damage and prevent more actions by the attacker. Dumping the volatile storage data to a disk may be used at the investigation stage but does not contain an attack in progress. To run the server in a fail-safe mode, the server needs to be shut down. Shutting down the server could potentially erase information that might be needed for a forensic investigation or to develop a strategy to prevent future similar attacks.
