(01)
The network of an organization has been the victim of several intruders’ attacks. Which of the following measures would allow for the early detection of such incidents?
A. Antivirus software
B. Hardening the servers
C. Screening routers
D. Honeypots
Explanation:
Honeypots can collect data on precursors of attacks. Since they serve no business function, honeypots are hosts that have no authorized users other than the honeypot administrators. All activity directed at them is considered suspicious. Attackers will scan and attack honeypots , giving administrators data on new trends and attack tools, particularly malicious code. However, honeypots are a supplement to, not a replacement for, properly securing networks, systems and applications. If honeypots are to be used by an organization, qualified incident handlers and intrusion detection analysts should manage them. The other choices do not provide indications of potential attacks.
(02)
A company has decided to implement an electronic signature scheme based on public key infrastructure. The user’s private key will be stored on the computer’s hard drive and protected by a password. The MOST significant risk of this approach is:
A. use of the user’s electronic signature by another person if the password is compromised.
B. forgery by using another user’s private key to sign a message with an electronic signature.
C. impersonation of a user by substitution of the user’s public key with another person’s public key.
D. forgery by substitution of another person’s private key on the computer.
Explanation:
The user’s digital signature is only protected by a password. Compromise of the password would enable access to the signature. This is the most significant risk. Choice B would require subversion of the public key infrastructure mechanism, which is very difficult and least likely.
Choice C would require that the message appear to have come from a different person and therefore the true user’s credentials would not be forged. Choice D has the same consequence as choice C.
(03)
An IS auditor selects a server for a penetration test that will be carried out by a technical specialist.
Which of the following is MOST important?
A. The tools used to conduct the test
B. Certifications held by the IS auditor
C. Permission from the data owner of the server
D. An intrusion detection system (IDS) is enabled
Explanation:
The data owner should be informed of the risks associated with a penetration test, what types of tests are to be conducted and other relevant details. All other choices are not as important as the data owner’s responsibility for the security of the data assets.
(04)
After observing suspicious activities in a server, a manager requests a forensic analysis. Which of the following findings should be of MOST concern to the investigator?
A.Server is a member of a workgroup and not part of the server domain
B. Guest account is enabled on the server
C. Recently, 100 users were created in the server
D. Audit logs are not enabled for the server
Explanation:
Audit logs can provide evidence which is required to proceed with an investigation and should not be disabled. For business needs, a server can be a member of a workgroup and, therefore, not a concern. Having a guest account enabled on a system is apoor security practice but not a forensic investigation concern. Recently creating 100 users in the server may have been required to meet business needs and should not be a concern.
(05)
Which of the following would be the GREATEST cause for concern when data are sent over the Internet using HTTPS protocol?
A. Presence of spyware in one of the ends
B. The use of a traffic sniffing tool
C. The implementation of an RSA-compliant solution
D. A symmetric cryptography is used for transmitting data
Explanation:
Encryption using secure sockets layer/transport layer security (SSL/TLS) tunnels makes it difficult to intercept data in transit, but when spyware is running on an end user’s computer, data are collected before encryption takes place. The other choices are related to encrypting the traffic, but the presence of spyware in one of the ends captures the data before encryption takes place.
(06)
A firewall is being deployed at a new location. Which of the following is the MOST important factor in ensuring a successful deployment?
A. Reviewing logs frequently
B. Testing and validating the rules
C. Training a local administrator at the new location
D. Sharing firewall administrative duties
Explanation:
A mistake in the rule set can render a firewall insecure. Therefore, testing and validating the rules is the most important factor in ensuring a successful deployment. A regular review of log files would not start until the deployment has been completed. Training a local administrator may not be necessary if the firewalls are managed from a central location. Having multiple administrators is a good idea, but not the most important.
(07)
An IS auditor finds that conference rooms have active network ports. Which of the following is MOST important to ensure?
A. The corporate network is using an intrusion prevention system (IPS)
B. This part of the network is isolated from the corporate network
C. A single sign-on has been implemented in the corporate network
D. Antivirus software is in place to protect the corporate network
Explanation:
If the conference rooms have access to the corporate network, unauthorized users may be able to connect to the corporate network; therefore, both networks should be isolated either via a firewall or being physically separated. An I PS would detect possible attacks, but only after they have occurred. A single sign-on would ease authentication management. Antivirus software would reduce the impact of possible viruses; however, unauthorized users would still be able to access the corporate network, which is the biggest risk.
(08) What is the BEST action to prevent loss of data integrity or confidentiality in the case of an e-commerce application running on a LAN, processing electronic fund transfers (EFT) and orders?
A. Using virtual private network (VPN) tunnels for data transfer
B. Enabling data encryption within the application
C. Auditing the access control to the network
D. Logging all changes to access lists
Explanation:
The best way to ensure confidentiality and integrity of data is to encrypt it using virtual private network (VPN) tunnels. This is the most common and convenient way to encrypt the data traveling over the network. Data encryption within the application is less efficient than VPN. The other options are good practices, but they do not directly prevent the loss of data Integrity and confidentiality during communication through a network.
(09) When conducting a penetration test of an IT system, an organization should be MOST concerned with:
A. the confidentiality of the report.
B. finding all possible weaknesses on the system.
C. restoring all systems to the original state.
D. logging all changes made to the production system.
Explanation:
All suggested items should be considered by the system owner before agreeing to penetration tests, but the most important task is to be able to restore all systems to their original state. Information that is created and/or stored on the tested systems should be removed from these systems. If for some reason, at the end of the penetration test, this is not possible, all files (with their location) should be identified in the technical report so that the client’s technical staff will be able to remove these after the report has been received.
(10) Which of the following penetration tests would MOST effectively evaluate incident handling and response capabilities of an organization?
A. Targeted testing
B. External testing
C. internal testing
D. Double-blind testing
Explanation:
In a double-blind test, the administrator and security staff are not aware of the test, which will result in an assessment of the incident handling and response capability in an organization. In targeted, external, and internal testing, the system administrator and security staff are aware of the tests since they are informed before the start of the tests.
No comments:
Post a Comment