A company storing data on a secure server wants to ensure it is legally able to dismiss and prosecute staff who intentionally access the server via Telnet and illegally tamper with customer data. Which of the following administrative controls should be implemented to BEST achieve this?
A. Command shell restrictions
B. Restricted interface
C. Warning banners
D. Session output pipe to /dev/null
Within Microsoft Windows, you have the ability to put signs (in the form of onscreen pop-up banners) that appear before the login telling similar information authorized access only, violators will be prosecuted, and so forth. Such banners convey warnings or regulatory information to the user that they must “accept” in order to use the machine or network. You need to make staff aware that they may legally be prosecuted and a message is best given via a banner so that all staff using workstation will get notification.
A: Command shell restrictions are not used to make everyone aware that they may be prosecuted. It is rather used to implement the actual restriction.
B: A restricted interface will just hamper staff in their execution of their duties. Prosecution can only be done when the staff is made aware of the prohibitions and accept the terms.
D: Configuring the session output pipe tp /dev/null is applying the restriction and not making staff aware of the prohibitions.
Which of the following is an example of a false negative?
A. The IDS does not identify a buffer overflow.
B. Anti-virus identifies a benign application as malware.
C. Anti-virus protection interferes with the normal operation of an application.
D. A user account is locked out after the user mistypes the password too many times.
With a false negative, you are not alerted to a situation when you should be alerted.
B, C, D: This would be an example of a false positive. False positives are essentially events that are mistakenly flagged and are not really events to be concerned about.
Ann, a security technician, is reviewing the IDS log files. She notices a large number of alerts for multicast packets from the switches on the network. After investigation, she discovers that this is normal activity for her network. Which of the following BEST describes these results?
A. True negatives
B. True positives
C. False positives
D. False negatives
A vulnerability scan is reporting that patches are missing on a server. After a review, it is determined that the application requiring the patch does not exist on the operating system. Which of the following describes this cause?
A. Application hardening
B. False positive
C. Baseline code review
D. False negative
Ann, a security administrator, has concerns regarding her company’s wireless network. The network is open and available for visiting prospective clients in the conference room, but she notices that many more devices are connecting to the network than should be. Which of the following would BEST alleviate Ann’s concerns with minimum disturbance of current functionality for clients?
A. Enable MAC filtering on the wireless access point.
B. Configure WPA2 encryption on the wireless access point.
C. Lower the antenna’s broadcasting power.
D. Disable SSID broadcasting.
Some access points include power level controls that allow you to reduce the amount of output provided if the signal is traveling too far.
A: This would require clients to furnish the security administrator with their device’s MAC address.
B: This would require clients to ask for Wi-Fi access.
D: Clients would not be able to detect the Wi-Fi network.
Which of the following would Pete, a security administrator, do to limit a wireless signal from penetrating the exterior walls?
A. Implement TKIP encryption
B. Consider antenna placement
C. Disable the SSID broadcast
D. Disable WPA
Cinderblock walls, metal cabinets, and other barriers can reduce signal strength significantly. Therefore, antenna placement is critical.
A: This option deals with encryption, not signal strength.
C: This option would “cloak” the network, not limit its signal strength.
D: This option deals with authentication, not signal strength.
A security team has identified that the wireless signal is broadcasting into the parking lot. To reduce the risk of an attack against the wireless network from the parking lot, which of the following controls should be used? (Select TWO).
A. Antenna placement
C. Use WEP
D. Single Sign on
E. Disable the SSID
F. Power levels
Which of the following devices would be MOST useful to ensure availability when there are a large number of requests to a certain website?
A. Protocol analyzer
B. Load balancer
C. VPN concentrator
D. Web security gateway
Load balancing refers to shifting a load from one device to another. A load balancer can be implemented as a software or hardware solution, and it is usually associated with a device–a router, a firewall, NAT appliance, and so on. In its most common implementation, a load balancer splits the traffic intended for a website into individual requests that are then rotated to redundant servers as they become available.
A: The terms protocol analyzing and packet sniffing are interchangeable. They refer to the process of monitoring the data that is transmitted across a network.
C: A VPN concentrator is a hardware device used to create remote access VPNs. The concentrator creates encrypted tunnel sessions between hosts, and many use two-factor authentication for additional security.
D: One of the newest buzzwords is web security gateway, which can be thought of as a proxy server (performing proxy and caching functions) with web protection software built in. Depending on the vendor, the “web protection” can range from a standard virus scanner on incoming packets to monitoring outgoing user traffic for red flags as well.
An attacker used an undocumented and unknown application exploit to gain access to a file server. Which of the following BEST describes this type of attack?
A. Integer overflow
B. Cross-site scripting
D. Session hijacking
E. XML injection