Assessment Test

  1. What is the focus of a security audit or vulnerability assessment?

    1. Locating vulnerabilities
    2. Locating threats
    3. Enacting threats
    4. Exploiting vulnerabilities

  2. What kind of physical access device restricts access to a single individual at any one time?

    1. Checkpoint
    2. Perimeter security
    3. Security zones
    4. Mantrap

  3. Which of the following is a mechanism for managing digital certificates through a system of trust?

    1. PKI
    2. PKCS
    3. ISA
    4. SSL

  4. Which protocol is used to create a secure environment in a wireless network?

    1. WAP
    2. WPA
    3. WTLS
    4. WML

  5. What type of exercise is conducted with full knowledge of the target environment?

    1. White box
    2. Gray box
    3. Black box
    4. Glass box

  6. You want to establish a network connection between two LANs using the Internet. Which technology would best accomplish that for you?

    1. IPSec
    2. L2TP
    3. PPP
    4. SLIP

  7. Which design concept limits access to systems from outside users while protecting users and systems inside the LAN?

    1. DMZ
    2. VLAN
    3. I&A
    4. Router

  8. In the key recovery process, which key must be recoverable?

    1. Rollover key
    2. Secret key
    3. Previous key
    4. Escrow key

  9. Which kind of attack is designed to overload a system or resource, taking it temporarily or permanently offline?

    1. Spoofing
    2. Trojan
    3. Man in the middle
    4. Syn flood

  10. Which component of an NIDS collects data?

    1. Data source
    2. Sensor
    3. Event
    4. Analyzer

  11. What is the process of making an operating system secure from attack called?

    1. Hardening
    2. Tuning
    3. Sealing
    4. Locking down

  12. The integrity objective addresses which characteristic of the CIA triad?

    1. Verification that information is accurate
    2. Verification that ethics are properly maintained
    3. Establishment of clear access control of data
    4. Verification that data is kept private and secure

  13. Which mechanism is used by PKI to allow immediate verification of a certificate’s validity?

    1. CRL
    2. MD5
    3. SSHA
    4. OCSP

  14. Which of the following is used to create a VLAN from a physical security perspective?

    1. Hub
    2. Switch
    3. Router
    4. Firewall

  15. A user has just reported that he downloaded a file from a prospective client using IM. The user indicates that the file was called account.doc. The system has been behaving unusually since he downloaded the file. What is the most likely event that occurred?

    1. Your user inadvertently downloaded a macro virus using IM.
    2. Your user may have a defective hard drive.
    3. Your user is imagining what cannot be and is therefore mistaken.
    4. The system is suffering from power surges.

  16. Which mechanism or process is used to enable or disable access to a network resource based on attacks that have been detected?

    1. NIDS
    2. NIPS
    3. NITS
    4. NADS

  17. Which of the following would provide additional security to an Internet web server?

    1. Changing the port address to 80
    2. Changing the port address to 1019
    3. Adding a firewall to block port 80
    4. Web servers can’t be secured.

  18. What type of program exists primarily to propagate and spread itself to other systems and can do so without interaction from users?

    1. Virus
    2. Trojan horse
    3. Logic bomb
    4. Worm

  19. An individual presents herself at your office claiming to be a service technician. She is attempting to discuss technical details of your environment such as applications, hardware, and personnel used to manage it. This may be an example of what type of attack?

    1. Social engineering
    2. Access control
    3. Perimeter screening
    4. Behavioral engineering

  20. Which of the following is a major security problem with the FTP protocol?

    1. Password files are stored in an unsecure area on disk.
    2. Memory traces can corrupt file access.
    3. User IDs and passwords are unencrypted.
    4. FTP sites are unregistered.

  21. Which system would you install to provide detective capabilities within a network?

    1. NIDS
    2. HIDS
    3. NIPS
    4. HIPS

  22. The process of maintaining the integrity of evidence and ensuring no gaps in possession occur is known as?

    1. Security investigation
    2. Chain of custody
    3. Three A’s of investigation
    4. Security policy

  23. What encryption process uses one piece of information as a carrier for another?

    1. Steganography
    2. Hashing
    3. MDA
    4. Cryptointelligence

  24. Which policy dictates how assets can be used by employees of a company?

    1. Security policy
    2. User policy
    3. Use policy
    4. Enforcement policy
    5. Acceptable use policy

  25. Which algorithm is an asymmetric encryption protocol?

    1. RSA
    2. AES
    3. DES
    4. 3DES

  26. Which of the following is an example of a hashing algorithm?

    1. ECC
    2. PKI
    3. SHA
    4. MD

  27. Which of the following creates a fixed-length output from a variable-length input?

    1. MD5
    2. MD7
    3. SHA12
    4. SHA8

  28. Granting access to a system based on a factor such as an individual’s retina during a scan is an example of what type of authentication method?

    1. Smart card
    2. I&A
    3. Biometrics
    4. CHAP

  29. What item is also referred to as a physical address to a computer system?

    1. MAC
    2. DAC
    3. RBAC
    4. STAC

  30. What is the process of investigating a computer system for information relating to a security incident?

    1. Computer forensics
    2. Virus scanning
    3. Security policy
    4. Evidence gathering

  31. Which of the following is seen as a replacement for protocols such as telnet and FTP?

    1. SSL
    2. SCP
    3. Telnet
    4. SSH

  32. Which of the following is commonly used to create thumbprints for digital certificates?

    1. MD5
    2. MD7
    3. SHA12
    4. SHA8

  33. Granting access to a system based on a factor such as a password is an example of?

    1. Something you have
    2. Something you know
    3. Something you are
    4. Sometime you have

  34. What item is also referred to as a logical address to a computer system?

    1. IP address
    2. IPX address
    3. MAC address
    4. SMAC address

  35. How many bits are in an IPv6 address?

    1. 32
    2. 64
    3. 128
    4. 256

Answers to Assessment Test

  1. A. A vulnerability assessment is focused on uncovering vulnerabilities or weaknesses in an environment but by definition does not exploit those vulnerabilities.
  2. D. Mantraps are phonebooth-sized devices designed to prevent activities such as piggybacking and tailgating.
  3. A. Public-key infrastructure (PKI) is a system designed to control the distribution of keys and management of digital certificates.
  4. B. Wi-Fi Protected Access (WPA) is designed to protect wireless transmissions.
  5. A. White-box testing is done with full knowledge of the target environment. Black-box testing is done with very little or no information. Gray Box is performed with limited information somewhere between Black and White.
  6. B. Layer 2 Tunneling Protocol (L2TP) is a VPN technology used to establish secure connections over an insecure medium such as the Internet.
  7. A. Demilitarized zone (DMZ) structures act as a buffer zone between the Internet and an intranet, establishing a protected barrier. DMZs also allow for the placement of publicly accessible resources such as web servers in a semi-secure area.
  8. D. The escrow key is a key held by a third party used to perform cryptographic operations.
  9. D. Syn floods are a form of denial of service (DoS). Attacks of this type are designed to overwhelm a resource for a period of time.
  10. B. Sensors can be placed in different locations around a network with the intention of collecting information and returning it to a central location for analysis and viewing.
  11. A. Hardening is designed to remove nonessential services, applications, and other items from a system with the intent of making it fit a specific role as well as reducing its attack surface.
  12. A. Integrity ensures that information is kept reliable and accurate as well as allowing a party to examine the information to be able to detect a change.
  13. D. The Online Certificate Status Protocol (OCSP) is a protocol used to allow immediate verification of certificates’ validity as opposed to the older certificate revocation list (CRL) method, which allows for lags in detection.
  14. B. A switch allows for the creation of VLANs.
  15. A. The file itself is a Microsoft Word file and as such can have VBA macros embedded into it that can be used to deliver macro viruses.
  16. B. A network intrusion prevention system (NIPS) is similar to an intrusion detection system, but it adds the ability to react to attacks that it detects.
  17. C. A firewall between a web server and the Internet would enhance security and should always be present when exposing this asset to the Internet.
  18. D. A worm propagates by seeking out vulnerabilities it was designed to exploit and then replicating at an extreme rate.
  19. A. In a case like this, an individual showing up and asking to discuss intimate details of an environment may be attempting to obtain information for an attack.
  20. C. The FTP protocol is not designed to provide encryption, and as such, passwords and user IDs or names are not protected as they are with SSH, which uses encryption.
  21. A. A network intrusion detection system (NIDS) is installed at the network level and detects attacks at that level. Unlike a network-based intrusion prevention system (NIPS), an NIDS cannot stop an attack, but it can detect and report the attack to an administrator so that appropriate actions can be taken.
  22. B. Chain of custody is used in investigations and in the handling of evidence to ensure that no gaps in possession occur. Such gaps, if they occurred, could be used to invalidate a case.
  23. A. Steganography is used to conceal information inside of other information, thus making it difficult to detect.
  24. E. Acceptable use policy is an administrative tool used to inform the users of various company assets what is and isn’t considered appropriate use of assets.
  25. A. RSA is an example of an asymmetric encryption protocol that uses a public and private key. The others are examples of symmetric encryption protocols.
  26. C. SHA is an example of one type of hashing algorithm that is commonly used today. Another example would be MD5.
  27. A. MD5 is a hashing algorithm that creates a fixed-length output, as do all hashing algorithms. This fixed-length output is referred to as a hash or message digest.
  28. C. Biometrics is concerned with measuring physical traits and characteristics of a biological organism.
  29. A. Media access control (MAC) is a layer 2 construct in the OSI model. The physical address is coded into the network adapter itself and is designed to be unique.
  30. A. Computer forensics is the process of methodically collecting information relating to a security incident or crime.
  31. D. SSH is a modern protocol designed to be more secure and safer than protocols such as FTP and telnet. As such, the SSH protocol is replacing FTP and telnet in many environments.
  32. A. MD5 is a hashing algorithm that creates a fixed-length output, referred to as a hash or message digest. In the PKI world, SHA and MD5 are the most popular mechanisms for creating thumbprints for digital certificates
  33. B. Passwords are the simplest form of authentication and are commonly used. They fall under first-factor authentication and are referred to as something you know.
  34. A. An IP address is a logical address assigned at layer 3 and can be assigned to an IP-based system. The same IP address can be assigned to different systems, albeit at different times unlike MAC addresses.
  35. C. An IPv6 address has 128 bits as opposed to IPv4, which only has 32 bits. This increased amount of bits allows for the generation of many more IP addresses than is possible with IPv4.