260 One-Liner Information Security Questions and Answers for Fast Learning

Information Security Questions

With cyberattacks becoming more sophisticated and data breaches posing significant risks, professionals and enthusiasts alike must stay informed. However, keeping up with the constantly evolving world of InfoSec can be challenging.

This is where concise resources come into play, offering quick insights into essential topics. Information security is a vast domain, covering everything from encryption and secure network protocols to compliance regulations and threat mitigation. While in-depth knowledge is crucial, sometimes you need quick answers to basic yet important questions. That’s where one-liner Q&A proves its worth.

This article will give an overview of what this resource offers, why it’s valuable, and a sneak peek into some of the questions it covers.

Q1. What is information security?

Answer- The measures adopted to prevent the unauthorized use, misuse, modification, or denial of use of knowledge, facts, data, or capabilities.

Q2. Identify the components of information security.

Answer- Physical security, communications security, emissions security, computer security, and network security.

Q3. Why did computer security become necessary?

Answer- Because computers became multi-user.

Q4. Why does information security fail in an organization?

Answer- Reliance on single products rather than an examination of the overall risk to the organization.

Q5. Is a system that has been certified as C2 by the U.S. government a very secure system?

Answer- No. C2 provides a small level of functionality and assurance and says nothing of how the system is actually used.

Q6. Why is security a process and not a product?

Answer- No one product will provide total security for an organization.

Q7. How many systems have received A1 certification?

Answer- One system received an A1 certification (Honeywell SCOMP).

Q8. Why did the Orange Book fail?

Answer- The Orange Book failed because it did not address networks, it coupled assurance and functionality, and the certification process was long.

Q9. Was Microsoft Windows NT ever certified C2 under the Orange Book?

Answer- Yes.

Q10. What does TNI stand for?

Answer- Trusted Network Interpretation (of the TCSEC).

Q11. What is the primary reason that physical security cannot guarantee security?

Answer- Physical security cannot guarantee security because people have to use the computers.

Q12. Access control systems rely upon what other type of system to provide file security?

Answer- Authentication systems.

Q13. Firewalls primarily protect against what type of attack?

Answer- Attack from the outside.

Q14. What three things can be used for authentication?

Answer- Something you know, something you have, or something you are.

Q15. Name two types of biometric systems.

Answer- The list may include: retina scanners, fingerprint readers, facial geometry systems, and hand geometry systems.

Q16. Name the four main categories of attack.

Answer- Access, modification, denial of service, and repudiation.

Q17. Access attacks require what type of access to paper records?

Answer- Physical access.

Q18. Why is an interception attack more difficult to perform than an eavesdropping attack?

Answer- Instead of just listening to the communication passively, you must actively become part of the communication.

Q19. Why are modification attacks against paper records difficult?

Answer- It is difficult to modify paper records without detection, and multiple copies may exist that cannot be acquired to modify.

Q20. Wire cutters can be used as an effective tool for what type of attack?

Answer- Denial of service.

Q21. Repudiation is an attack against what characteristic of information?

Answer- The accountability of information.

Q22. If an employee opens a file in another employee’s home directory, the employee is performing what type of attack?

Answer- Snooping (part of access attacks).

Q23. Does a modification attack always include an access attack?

Answer- No. An attacker could have authorized access to a file but not authorization to change the file.

Q24. If a customer denies that they ordered a book from Amazon.com, what type of attack is it?

Answer- A repudiation attack.

Q25. An employee overhearing confidential information from a boss’s office is an example of what type of attack?

Answer- An eavesdropping attack (part of access).

Q26. Wireless networks are particularly vulnerable to what type of attack?

Answer- Access attack, specifically eavesdropping.

Q27. Changing an e-mail header is an example of what type of attack?

Answer- Repudiation attack, specifically masquerading.

Q28. What are the targets of denial-of-service attacks?

Answer- The availability of information, systems, communications, and applications.

Q29. During a denial-of-service attack, what is the objective of the attacker?

Answer- To attack the availability of the system.

Q30. What is usually the first step during a modification attack against electronic information?

Answer- Exploiting a vulnerability that elevates the attacker’s privileges so that he can modify the information.

Q31. NFS with the / directory set to rw world is an example of what type of vulnerability?

Answer- Open sharing vulnerability.

Q32. The use of non-technical means to gain access to a system is the definition of what?

Answer- Social engineering.

Q33. In a buffer overflow attack, what portion of memory is the real target?

Answer- The stack.

Q34. What type of variable is targeted in a buffer overflow attack?

Answer- String variables.

Q35. What programming error allows IP spoofing attacks to occur?

Answer- Initial sequence numbers in TCP connections are not random and, therefore, predictable.

Q36. In a SYN attack, what packet is not sent?

Answer- The final ACK packet.

Q37. Is there any defense against a well-constructed DOS attack?

Answer- No.

Q38. What are untargeted hackers looking for?

Answer- Any system that responds.

Q39. Once a system is owned by an untargeted hacker, what will it be used for?

Answer- The system will be primarily used to compromise other systems. It may also be used for IRC or to store files.

Q40. What site should be used to gather information about IP addresses?

Answer- https://www.arin.net/

Q41. What portion of reconnaissance is the most dangerous for the targeted hacker?

Answer- System reconnaissance.

Q42. Nmap is an example of what type of tool?

Answer- Reconnaissance tool.

Q43. When performing an IP spoofing attack, why is a denial-of-service attack launched against a system?

Answer- The DoS attack is launched so that the trusted system cannot respond to the SYN ACK packet and close the connection.

Q44. What does a Trojan horse program look like that causes individuals to run it?

Answer- Something useful or beneficial to the individual.

Q45. What is nc?

Answer- A communication tool that allows connections to be established between any two ports.

Q46. Name the four security services.

Answer- Confidentiality, integrity, availability, and accountability.

Q47. What service must the confidentiality service rely upon to provide complete protection of information?

Answer- Accountability.

Q48. What services are used to counter a modification attack?

Answer- Integrity and accountability.

Q49. Access control can be used to provide what services?

Answer- Confidentiality and integrity.

Q50. Should all commercial organizations worry about traffic flow confidentiality?

Answer- No. Traffic flow confidentiality is used primarily in the military and only an issue occasionally in the commercial world.

Q51. What is the primary mechanism for providing for the confidentiality and integrity of information while in transmission?

Answer- Encryption.

Q52. In order to prevent interception, encryption must be used with what security service?

Answer- Proper accountability (specifically identification and authentication) is also necessary.

Q53. Can availability be used to prevent denial-of-service attacks?

Answer- No. Nothing can prevent DoS attacks. Availability can help detect and restore service after a DoS attack.

Q54. Name the three types of authentication factors.

Answer- Something you know, something you have, or something you are.

Q55. Why is two-factor authentication stronger than single-factor authentication?

Answer- Two-factor authentication is stronger than single-factor authentication because the attacker must compromise two forms of authentication.

Q56. What is an audit used for?

Answer- Audit is used to reconstruct events that have already occurred.

Q57. What services are used to counter a repudiation attack?

Answer- Integrity and accountability.

Q58. What services are used to counter an access attack?

Answer- Confidentiality and accountability.

Q59. In order to be useful, an audit trail must depend upon what three services?

Answer- Confidentiality, integrity, and accountability.

Q60. Developing a disaster recovery plan is an example of the implementation of what service?

Answer- Availability.

Q61. Is port scanning a system to which you do not have authorized access a federal crime?

Answer- No. Port scanning was held to not be illegal in Moulto v. VC3, N.D. GA, Civil Action File 1:00-CV-434-TWT (11/7/00 Georgia State Court).

Q62. What is the minimum damage amount for a violation of the federal law against computer fraud and abuse?

Answer- $5,000.

Q63. What did the Patriot Act change that made it easier to convict criminals?

Answer- The Patriot Act made it easier to get to the $5,000 minimum, but it did not make it easier to convict.

Q64. A sniffer may be a violation of which federal statute?

Answer- 18 US Code 2511 (interception or wiretap laws).

Q65. If a warez site (a site containing much commercial software made available for distribution) is found, but the owner of the system cannot find $5,000 worth of damage, is the intruder who created it still in violation of federal law? If so, under what statute?

Answer- Yes. This would be a violation of 18 US Code 2319, the copyright laws.

Q66. How do state laws generally differ from federal law?

Answer- State laws generally do not require a $5,000 minimum damage amount.

Q67. Is the stealing of confidential information a state crime in all of the states with computer crime laws?

Answer- No. Several states require that the information be destroyed or damaged for there to be a crime.

Q68. Why may the computer crime laws of other countries impact an action in the United States?

Answer- The other country may not assist in the investigation if they do not have similar laws.

Q69. If evidence is collected under normal procedures at an organization and a cryptographic checksum is not made, can it still be used as evidence?

Answer- Yes.

Q70. It is best not to give evidence to law enforcement until they obtain what?

Answer- A warrant or subpoena.

Q71. If an organization is following industry best practices, can it be sued for negligence?

Answer- Yes. Any organization can be sued for anything. Best practices only allow a better defense.

Q72. What is the primary issue in liability?

Answer- Negligence.

Q73. Name one regulator that might audit for GLBA compliance.

Answer- Office of Comptroller of the Currency, the Federal Reserve System, Office of Thrift Supervision, and the Federal Deposit Insurance Corporation.

Q74. What is the primary reason for the GLBA regulations?

Answer- To protect the confidentiality and integrity of customer information.

Q75. To what types of organizations do the HIPAA rules apply?

Answer- Any organization that processes health information.

Q76. Name the three sections that each policy or procedure should have.

Answer- Purpose, scope, and responsibility.

Q77. What does the information policy define?

Answer- How information should be handled within the organization.

Q78. Should the security policy define the specific implementation requirements for each type of system within the policy itself?

Answer- No. The specifics for each OS should be in the appendix or in a system implementation procedure.

Q79. Why should waivers be included in a security policy?

Answer- Some systems may not be able to meet the requirements but must go into production anyway.

Q80. What should the computer use policy define?

Answer- Who owns the computers, who owns the information, acceptable use of the computers, and that there is no expectation of privacy.

Q81. Is it ever a good idea to allow unrestricted use of computer systems?

Answer- No.

Q82. The user management procedures should include requirements for which individuals?

Answer- Requirements for employees, consultants, and contractors.

Q83. When an employee transfers from one position to another within the organization, who should have the responsibility for notifying system administrators that the employee’s access should be modified?

Answer- The employee’s old supervisor and the employee’s new supervisor.

Q84. What is the purpose of the system administration procedure?

Answer- To define the procedures for normal system operation and maintenance.

Q85. Why must care be taken when defining the objectives of the IRP?

Answer- Because the objectives may be in conflict.

Q86. Name the five departments that should always be part of the incident response team.

Answer- Security, System Administration, Legal, Public Relations, and Human Resources.

Q87. Name the four key sections of the design methodology.

Answer- Requirements definition, design, test, and implementation.

Q88. Name the three types of events that the DRP should cover.

Answer- Single system failures, data center events, and site events.

Q89. During the creation of policy, what should the Security department do?

Answer- Provide outlines, provide initial text, identify the stakeholders, and moderate the meetings.

Q90. Why should Security work with the Audit department?

Answer- So that auditors understand new policies and Security understands how the Audit department will audit the systems.

Q91. Name the two components of risk.

Answer- Vulnerability and threat.

Q92. When no threat exists, what is the level of risk?

Answer- If there is no threat, there is no risk.

Q93. What is a vulnerability?

Answer- A potential avenue of attack.

Q94. Name the four targets of a threat.

Answer- Confidentiality, integrity, availability, and accountability.

Q95. Can a threat have more than one target?

Answer- Yes.

Q96. To be a threat, an agent must have what three things?

Answer- Access, motivation, and knowledge.

Q97. Must an agent have physical access to a system to be a threat?

Answer- No. An agent must have some form of access, not necessarily physical access.

Q98. The general public should be considered a threat to what sort of organizations?

Answer- The general public could be considered a threat for any organization.

Q99. Should only malicious events be considered as part of threat?

Answer- No. Accidental events should also be considered.

Q100. After vulnerabilities and threats are considered, what else should be examined in order to determine the risk to an organization?

Answer- Countermeasures.

Q101. Name the five areas to examine when measuring the risk to an organization.

Answer- Money, time, resources, reputation, and lost business.

Q102. When identifying the real vulnerabilities to an organization, what should you always begin with?

Answer- Entry points.

Q103. If the identification of specific threats becomes too difficult, what model can be used instead?

Answer- The generic threat model.

Q104. Since money is the easiest cost to measure, should you expect that most organizations will be able to define the financial losses for various events?

Answer- No. Most organization cannot provide the information.

Q105. What will be the most difficult cost to measure?

Answer- Lost business.

Q106. Name the five steps in the information security process.

Answer- Assessment, policy, deployment, training, and audit.

Q107. What are assessments used for?

Answer- Risk identification.

Q108. What does policy do?

Answer- Policy defines the expected level of security or how security should be.

Q109. Is a disaster recovery plan included in policy development?

Answer- Yes.

Q110. What is policy deployment?

Answer- The fulfillment or implementation of policy.

Q111. Approximately how long should employee awareness classes last?

Answer- No longer than one hour.

Q112. What type of awareness training class should executives go through?

Answer- The executive training should include information on the state of security within the organization and may also include a shorter version of the class for employees.

Q113. Are training classes the best and only way to get security awareness information out to all employees?

Answer- No. Posters and articles may reach more employees in a more timely manner.

Q114. In what part of the process do penetration tests fall?

Answer- The audit process.

Q115. Why is security a process and not a set of steps that you go through once?

Answer- Organizations change, new projects come on line, new vulnerabilities, and new technology.

Q116. What practical issues prevent the process from being implemented sequentially?

Answer- Politics, resources, and management approval.

Q117. How long does the assessment phase normally last?

Answer- One month.

Q118. Why are the information policy and security policy written first?

Answer- Because they govern how the security awareness classes will be taught and how systems will be configured.

Q119. What is the primary issue with deploying new authentication systems?

Answer- Authentication systems touch all employees and thus must be implemented carefully.

Q120. Why might an organization attack lower-risk items first rather than high-risk items?

Answer- Budget and resource constraints may not allow the highest risk items to be dealt with first.

Q121. What are “best practices”?

Answer- Recommendations on how a security program should be put together. They are not necessarily requirements.

Q122. Identify four required security policies.

Answer- Information policy, security policy, use policy, and backup policy.

Q123. Identify the six skills that all security departments should have.

Answer- Security administration, policy development, architecture, research, assessment, and audit.

Q124. Is it likely that the purchase of security tools will reduce the costs of the security staff?

Answer- No. These tools are normally added to provide additional capabilities rather than increasing the efficiency of the existing staff.

Q125. Who should have the responsibility for security within an organization?

Answer- Ideally, there would be a chief information security officer. However, regardless of whether or not a CISO is present, the responsibility for information security should be an executive-level officer of the organization.

Q126. How long should security awareness classes be?

Answer- Approximately one hour.

Q127. Do disaster plans have to include hot sites?

Answer- No. A hot site is one alternative, but it is not necessary.

Q128. How should permanent network connections to outside organizations be protected?

Answer- A firewall with an appropriate rule set.

Q129. Where should anti-virus products be installed?

Answer- On desktops, servers, and e-mail systems.

Q130. How long should passwords be?

Answer- A minimum of eight characters in length.

Q131. If information is very sensitive, what type of authentication should be used?

Answer- Two-factor authentication should be used for very sensitive information.

Q132. Under ideal conditions, where would audit records be stored?

Answer- Under ideal conditions, all audit information would be stored on a central server which is secured from unauthorized access.

Q133. Should software patches be implemented immediately on all systems when they are made available by the manufacturer?

Answer- No. All patches should be tested prior to implementation on production systems.

Q134. Sensitive computer systems that are placed in a data center should be protected in what four ways?

Answer- Unauthorized physical access, temperature fluctuations, electrical problems, and fire.

Q135. What is the ISO standard that addresses information security?

Answer- ISO 17799.

Q136. Identify the two basic types of firewalls.

Answer- Application layer (proxy) and packet filtering.

Q137. By default, firewalls do what to network traffic?

Answer- Prevent all traffic until certain traffic is specifically allowed.

Q138. Is one type of firewall more secure than the other type?

Answer- No. The security of the firewall depends on the configuration more than on the generic type.

Q139. What does an application layer firewall do to internal addresses by default?

Answer- Internal addresses are hidden behind the firewall’s address by default when an application layer firewall is used.

Q140. In what way is packet filtering firewall like a router?

Answer- Traffic is passed directly to the destination system rather than being terminated on the firewall.

Q141. When is a packet filtering firewall the preferred choice?

Answer- When performance requirements are very high.

Q142. What does stateful inspection require the firewall to keep?

Answer- Stateful inspection requires the firewall to keep state on each connection.

Q143. When does an application layer firewall become a hybrid?

Answer- When a GSP is provided.

Q144. In a single firewall architecture, where are Internet-accessible systems located?

Answer- On a separate network off a third interface on the firewall.

Q145. Why is the firewall rule set order important?

Answer- Because rules can mask each other and performance can be affected.

Q146. Is the use of SSH considered to be a VPN?

Answer- No. SSH does not allow multiple protocols.

Q147. Why should user VPNs require strong authentication?

Answer- Because the user’s system is not located on the internal network and therefore may be open to compromise.

Q148. Can encryption fully protect the data flowing over a VPN?

Answer- Encryption can protect the data from eavesdropping, but this assumes that the end points do not provide an easy avenue for an intruder to learn either the data or the key.

Q149. In order to secure a user VPN, what must policy be combined with?

Answer- Policy must be combined with technology in the form of anti-virus software or personal firewalls.

Q150. Are site-to-site VPNs appropriate for use between organizations?

Answer- Yes.

Q151. Why is addressing a potential problem with site-to-site VPNs?

Answer- The remote site may be using the same internal address space.

Q152. What two criteria should be used for determining whether to use the firewall or a separate system as the VPN server?

Answer- Performance and capability.

Q153. If a separate VPN server is used, should it be placed in the Internet DMZ?

Answer- No. The VPN server should be placed in a separate DMZ dedicated to the VPN system.

Q154. Why does the overall implementation of the VPN matter more than the choice of encryption algorithm?

Answer- Assuming that the algorithm is at least somewhat difficult to break, it is much easier to compromise a system weakness than the algorithm.

Q155. Which authentication mechanisms are best for a user VPN?

Answer- Something you know and something you have.

Q156. Good encryption algorithms rely on the secrecy of what to protect the information?

Answer- The key.

Q157. What are the three ways to attack an encryption scheme?

Answer- Through the algorithm, through brute force, and through the surrounding system.

Q158. What is another name for private key encryption?

Answer- Symmetric key encryption.

Q159. Name an early example of a substitution cipher.

Answer- Atbash cipher or Caesar cipher.

Q160. Can a properly implemented one-time pad be broken?

Answer- No.

Q161. How long are DES keys?

Answer- 56 bits.

Q162. What is the primary weakness of DES?

Answer- Its key is too short and thus brute-force attacks are possible.

Q163. Triple DES increases the security of DES at the expense of what?

Answer- Speed.

Q164. What is the AES intended to do?

Answer- Replace DES.

Q165. Diffie-Hellman security is based on the difficulty of what problem?

Answer- The discrete logarithm problem.

Q166. Can Diffie-Hellman be used to encrypt traffic?

Answer- No. It can only be used to perform a key exchange.

Q167. What is the primary attack against Diffie-Hellman (assuming a and b are chosen well)?

Answer- A man-in-the-middle attack.

Q168. What is a digital signature?

Answer- A digital signature means using the originator’s private key to encrypt a message digest or hash to show that the message has not been modified.

Q169. Why do public keys need to be certified?

Answer- Because they may be used for authentication.

Q170. Which key management problem causes most PKI systems to fail?

Answer- Key revocation.

Q171. What is meant by intrusion detection?

Answer- The identification of attempts to penetrate a security barrier.

Q172. Name the two primary types of IDS.

Answer- Host based and network based.

Q173. Can a host-based IDS always determine if an attack attempt was successful?

Answer- In most cases, the answer is yes if the information about the results of the attack are logged or the indication exists (files changed, for example).

Q174. Can a host-based IDS prevent an attack?

Answer- Yes. Specifically, system call analyzers and application behavior analyzers can prevent an attack from taking place.

Q175. Is it possible to defeat a file integrity checker?

Answer- Yes. If the stored checksums can be changed, the checker can be fooled into believing the files have not changed.

Q176. Identify the five steps to implementing an IDS.

Answer- Identify the goal of the IDS, choose what to monitor, choose the response, set thresholds, and implement the system.

Q177. Is identifying user actions a good choice for an IDS goal?

Answer- Generally, no. Tracking user actions would be better performed by examining audit logs.

Q178. Can a network-based IDS prevent attacks from reaching the target?

Answer- Not unless the IDS is in the path of the traffic.

Q179. What is meant by a passive response?

Answer- A passive response is one that does not directly affect the activities of the attacker.

Q180. What is meant by an active response?

Answer- An active response is one that directly affects the activities of the attacker.

Q181. Should an incident response procedure be put into effect if an IP half scan has occurred?

Answer- No.

Q182. Why are backdoor alerts often false positives?

Answer- Because IDS sensors use ports to identify the backdoor traffic.

Q183. If a large number of different attacks are seen in quick succession, this most likely indicates what?

Answer- A vulnerability scan.

Q184. If an organization wishes to protect a Web server from defacement, which type of IDS would be the best choice?

Answer- A host-based IDS, specifically a file integrity checker, a system call analyzer, or an application behavior analyzer.

Q185. If cost is the primary consideration and the organization wishes to detect attacks, which type of IDS would be the best choice?

Answer- A network-based IDS.

Q186. When turning off a service that is started automatically, what must be done to the startup file?

Answer- The name must be changed so that it does not begin with an S or a K. The file may also be deleted.

Q187. Where is the configuration file for inetd found?

Answer- inetd.conf is found in /etc.

Q188. How is a service turned off for inetd?

Answer- Remove the line from inetd.conf or comment it out by placing a # at the start of the line.

Q189. What does TCP Wrappers do when installed on a system?

Answer- TCP Wrappers provides additional security by providing access control and logging for telnet or FTP connections.

Q190. Why is it inappropriate to put a login banner in /etc/motd?

Answer- The banner configured in /etc/motd is displayed after the user logs in. A banner should be displayed before the login prompt.

Q191. On a Linux system, why is it insufficient to place the banner in /etc/issue and /etc/issue.net?

Answer- Because these files are overwritten on system boot. The rc.local startup script must also be modified so that the files are not overwritten.

Q192. How do the password aging settings differ between Solaris and Linux?

Answer- Solaris is configured for the number of weeks that passwords may be kept, while Linux is configured in the number of days.

Q193. What does the umask parameter set?

Answer- Sets the permissions that are excluded when a file is created.

Q194. Why should the encrypted user passwords be stored in the shadow file rather than the passwd file?

Answer- The passwd file can be viewed by anyone on the system and thus the passwords may be open to a brute-force password attack. The shadow file is only readable by the root account.

Q195. What should the system administrator investigate before turning on the BSM on a Solaris system?

Answer- The overall system load, as the BSM increases the load on the system.

Q196. Why should “auth.info /var/log/auth.log” be included in a syslog.conf file?

Answer- The auth.info command tells syslog to gather and log information on login attempts, su attempts, reboots, and other security-related events.

Q197. Why is a world-writable SUID file a potential vulnerability?

Answer- A world-writable SUID file allows anyone to change the contents of a file that is allowed to change its functional user ID settings when it is run. This means that the file can change the privileges under which it runs, potentially allowing a breach of security.

Q198. What information will the command netstat -rn provide?

Answer- The command netstat -rn will show a list of all of the open connections on the system, but it will not resolve IP addresses into system names.

Q199. How can lsof be used to help secure a system?

Answer- The program lsof shows what process is using a network connection. This can be useful in tracking down the purpose of any connection that is connected or listening on the system.

Q200. What does the ps command show?

Answer- A list of all processes running on the system.

Q201. What are the ramifications to security if Windows 2000 and Windows NT systems are used in the same network?

Answer- The weaker security features of Windows NT must be used instead of the stronger Windows 2000 features.

Q202. What does the Local Security Policy GUI provide?

Answer- A front end to the registry for security configuration changes.

Q203. Under what conditions will a file protected under EFS be written in an unencrypted manner to a disk?

Answer- If the destination location for the file is a non-NTFS 5.0 partition or a floppy disk, the file will not be encrypted when written.

Q204. At a minimum, what two users will always have access to EFS-protected files?

Answer- The user who owns the file and the local administrator account.

Q205. What two changes does Windows 2000 make to the way trust relationships work?

Answer- In a Windows 2000 system, the trust relationship is bi-directional by default. Trust in Windows 2000 is also transitive.

Q206. If the security configuration includes the Passwords Must Meet Complexity Requirements setting, what requirements are placed on all passwords?

Answer- Each password must be at least six characters long, not contain any component of the user name, and contain at least three of the following: numbers, symbols, lowercase, or uppercase.

Q207. What group or groups should the Guest account be a member of?

Answer- Only the Guests group.

Q208. What command can be used to manage the security configuration of a Windows 2000 system?

Answer- secedit.

Q209. What two indications can be found if a brute-force password attack occurs against a system?

Answer- Failed login entries in the security log and locked-out accounts.

Q210. A large number of file access failures might indicate what type of activity?

Answer- An authorized user who is attempting to access sensitive files.

Q211. What is the most secure encryption level for Terminal Services?

Answer- High (data is encrypted using 128-bit encryption).

Q212. What are Software Restriction Policies used for?

Answer- To control which software can run on the computer.

Q213. How can you set the Software Restriction Policies?

Answer- You can set them in the Local Security Policy or the Group Policy on a site, domain, or organizational unit.

Q214. What is the purpose of Group Policy?

Answer- To group security and configuration settings into templates that can be applied to objects within the Active Directory.

Q215. Describe Active Directory trust relationships.

Answer- The default trust in the AD is bi-directional and transitive. Bi-directional domains implicitly trust each other. Transitive trust means that if domain A trusts domain B, and domain B trusts domain C, then domain A trusts domain C.

Q216. What RFC defines the addresses to use for private class networks?

Answer- RFC 1918.

Q217. What is the primary reason that services are offered to the public?

Answer- The organization cannot identify a priori who will use the service and thus the service must be offered to everyone.

Q218. Why can systems accessed from the outside not be fully trusted?

Answer- The system may have been compromised.

Q219. Why is ICMP important to the network?

Answer- ICMP messages provide valuable information about how the network is functioning.

Q220. How many internal systems should be allowed to use NTP to the Internet?

Answer- One, the primary internal time source.

Q221. Why is FTP not recommended for use on the Internet?

Answer- The passwords are in the clear.

Q222. What type of failures is a multiple access to a single ISP architecture designed to handle?

Answer- Single-line failures and equipment failures at a single ISP POP.

Q223. What does BGP stand for?

Answer- Border Gateway Protocol.

Q224. Why is BGP needed if multiple POPs are used?

Answer- It handles the routing within the ISP’s network so that the organization’s IP addresses can be seen from both POPs.

Q225. In a dual-firewall DMZ configuration, are there any necessary restrictions on the types of firewalls that should be used at either location?

Answer- No. However, both firewalls must be carefully configured for the environment.

Q226. What is the primary reason to use NAT?

Answer- The lack of available address space using the existing 32-bit IP addresses.

Q227. Identify the three sets of addresses that can legally be used for an internal system.

Answer- 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16.

Q228. What type of address mapping is provided by static NAT?

Answer- One-to-one address mapping.

Q229. From a security perspective, how should systems accessed via partner networks differ from systems accessed from the Internet?

Answer- There really is no difference between systems accessed via a partner network and systems accessed via the Internet as they should both be considered semi-trusted systems.

Q230. What is the primary driver in defining an Internet architecture?

Answer- Cost.

Q231. What is the most critical security service for e-commerce?

Answer- Availability.

Q232. Generally speaking, which type of e-commerce has greater issues with uptime?

Answer- Business-to-consumer e-commerce.

Q233. What is meant by “global time”?

Answer- At any time, somebody in the world may want to shop or use the e-commerce site.

Q234. Can the cost of downtime be measured directly?

Answer- No. The cost of downtime will include items that cannot be measured, such as lost business or lost reputation.

Q235. If information must be stored on the client system, what should be used to protect the confidentiality of the information?

Answer- Non-persistent, encrypted cookies.

Q236. In an e-commerce site, where should customer information be kept?

Answer- On the database server.

Q237. Where should e-commerce servers that interact with the customer be located?

Answer- In the DMZ.

Q238. When configuring a Web server, where should the Web pages reside?

Answer- In a document directory under the Web server root.

Q239. In what file should .cgi and .pl files be defined so that the programs are run and the source code not shown as a Web page?

Answer- http.conf.

Q240. If sensitive information is involved in a transaction, what is the best location to use to store session information?

Answer- In the back-end database.

Q241. During the development phase of the project, developers should prevent buffer overflows by not passing user input directly to shell commands and __________.

Answer- By not making any assumptions about user input.

Q242. In a three-tiered e-commerce architecture, does the database server have any contact with the front end Web servers?

Answer- No.

Q243. What types of vulnerability scans should be made on e-commerce sites?

Answer- Vulnerability scans should be conducted from the Web server network, the application server network, the organization’s internal network, and outside the firewall.

Q244. What type of system is best to identify configuration control problems?

Answer- Cryptographic checksums that check files for changes.

Q245. Can availability be completely assured by redundant equipment?

Answer- No, as some events are outside the control of the organization.

Q246. What is the approximate range of 802.11x WLANs indoors and outdoors?

Answer- Indoors is 150 feet. Outdoors is 1,500 feet.

Q247. Other than an AP, what type of server is usually available to help a workstation come up on the WLAN?

Answer- A DHCP server is usually available.

Q248. Name the three services that WEP provides.

Answer- Authentication, confidentiality, and integrity.

Q249. Describe the cryptographic authentication mechanism in WEP.

Answer- The AP sends a random number as a challenge to the workstation. The workstation encrypts the challenge with the shared secret and sends it back to the AP. If the AP can decrypt the response with the shared secret and get the original challenge, the workstation is authenticated.

Q250. Since the AP is not authenticated back to the workstation, what type of attack is possible?

Answer- A man-in-the-middle or interception attack.

Q251. What algorithm is used by WEP to provide confidentiality?

Answer- RC4.

Q252. What does the initialization vector flaw in WEP allow an intruder to do?

Answer- Determine the key by capturing enough packets.

Q253. What algorithm is used by WEP to provide integrity?

Answer- CRC-32.

Q254. Why is it not sufficient to use the SSID or MAC addresses to provide authentication?

Answer- It is possible to eavesdrop on the transmissions and learn the information necessary to gain access to the WLAN.

Q255. Why is the single authentication of 802.1X seen as a vulnerability in the system?

Answer- A single authentication step leaves the session open to hijacking.

Q256. Identify two targets of active attacks on a WLAN.

Answer- Active attacks may be directed at an organization’s internal systems or they may be directed at other organizations.

Q257. What type of connection should be used to manage APs?

Answer- HTTPS connections.

Q258. What type of system should be used to properly secure information in transit over a WLAN?

Answer- VPN.

Q259. WLANs should be considered what type of network?

Answer- Untrusted.

Q260. What type of periodic assessment should be conducted with regard to WLANs?

Answer- An organization should conduct periodic assessments to locate unauthorized APs.

You may also like:

Related Posts

Leave a Reply