




























































































Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
A range of network security concepts and vulnerabilities, including topics such as replay attacks, address resolution protocol (arp) cache corruption, intrusion prevention systems, data classification, network auditing, and more. It provides an overview of common security threats and best practices for mitigating them. Likely intended for it professionals, security analysts, or students studying network security, as it delves into technical details and security mechanisms. The information could be useful for understanding network security principles, identifying potential vulnerabilities, and developing strategies to enhance the overall security of an organization's network infrastructure.
Typology: Exams
1 / 102
This page cannot be seen from the preview
Don't miss anything!





























































































Which of the following specifically addresses how to detect cyberattacks against an organization's IT systems and how to recover from an attack? a. An incident response plan b. An IT contingency plan c. A business continuity plan d. A continuity of operations plan - Correct Answer a. Incident response plan cyber attack is an incident An IS auditor reviewing access controls for a client-server environment should FIRST: a. evaluate the encryption technique. b. identify the network access points. c. review the identity management system. d. review the application level access controls. - Correct Answer b. identify the network access points. A client-server environment typically contains several access points and uses distributed techniques, increasing the risk of unauthorized access to data and processing. To evaluate the security of the client server environment, all network access points should be identified. ' ex; think about cyberark and jump host multiple ways to access server An organization is planning to replace its wired networks with wireless networks. Which of the following would BEST secure the wireless network from unauthorized access? a. Implement Wired Equivalent Privacy. b. Permit access to only authorized media access control addresses. c. Disable open broadcast of service set identifiers. d. Implement Wi-Fi Protected Access 2. - Correct Answer d. Implement Wi-Fi Protected Access 2. This implements most of the requirements of the IEEE 802.11i standard. The Advanced Encryption Standard used in WPA2 provides better security. Also, WPA2 supports both the Extensible Authentication Protocol and the pre-shared secret key authentication model. Which of the following is the responsibility of information asset owners?
a. Implementation of information security within applications b. Assignment of criticality levels to data c. Implementation of access rules to data and programs d. Provision of physical and logical security for data - Correct Answer b. Assignment of criticality levels to data think about the data owner question - they know the most about the information so they know what's most critical Digital signatures require the: a. signer to have a public key and the receiver to have a private key. b. signer to have a private key and the receiver to have a public key. c. signer and receiver to have a public key. d. signer and receiver to have a private key. - Correct Answer b. signer to have a private key and the receiver to have a public key. When a signer electronically signs a document, the signature is created using the signer's private key, which is always securely kept by the signer (think of like fingerprint everyone's is different/unique to them) As an example, Jane signs an agreement to sell a timeshare using her private key. The buyer receives the document. The buyer who receives the document also receives a copy of Jane's public key. If the public key can't decrypt the signature (via the cipher from which the keys were created), it means the signature isn't Jane's, or has been changed since it was signed. The signature is then considered invalid. Confidentiality of transmitted data can best be delivered by encrypting the: a. message digest with the sender's private key. b. session key with the sender's public key. c. messages with the receiver's private key. d. session key with the receiver's public key. - Correct Answer d. session key with the receiver's public key. This will ensure that the session key can only be obtained using the receiver's private key, retained by the receiver. session key - Correct Answer a single-use symmetric key used for encrypting all messages in one communication session it's a temporary key that is only used once, during one stretch of time, for encrypting and decrypting data; future conversations between the two parties would be encrypted with different session keys. like a password that has to be reset each time they log in
Which of the following types of transmission media provide the BEST security against unauthorized access? a. Copper wire b. Shielded twisted pair c. Fiber-optic cables d. Coaxial cables - Correct Answer c. fiber-optic cables Fiber-optic cables have proven to be more secure and more difficult to tap than the other media. think commercials always saying how great fiber optics is Shielded Twisted Pair (STP) - Correct Answer A twisted pair cable that has an aluminum shield inside the plastic jacket that surrounds the pairs of wires. traffic can be monitored with inexpensive equipment (not secure) copper wire - Correct Answer traffic can be monitored with inexpensive equipment (not secure) coaxil cable - Correct Answer traffic can be monitored with inexpensive equipment (not secure) Which of the following provides the MOST relevant information for proactively strengthening security settings? a. Bastion host b. Intrusion detection system c. Honeypot d. Intrusion prevention system - Correct Answer c. honey pot The design of a honeypot is such that it lures the hacker and provides clues as to the hacker's methods and strategies, and the resources required to address such attacks. A honeypot allows the attack to continue, so as to obtain information about the hacker's strategy and methods. Honeypot - Correct Answer Vulnerable computer that is set up to entice an intruder to break into it allows organization to collect information on the hacker's strategy bastion host - Correct Answer A strongly protected computer that is in a network protected by a firewall (or is part of a firewall) and is the only host (or one of only a few
hosts) in the network that can be directly accessed from networks on the other side of the firewall. Which of the following is an object-oriented technology characteristic that permits an enhanced degree of security over data? a. Inheritance b. Dynamic warehousing c. Encapsulation d. Polymorphism - Correct Answer c. encapsulation This is a property of objects, and it prevents accessing either properties or methods that have not been previously defined as public. This means that any implementation of the behavior of an object is not accessible. An object defines a communication interface with the exterior and only that which belongs to that interface can be accessed. The use of residual biometric information to gain unauthorized access is an example of which of the following attacks? a. Replay b. Brute force c. Cryptographic d. Mimic - Correct Answer a. Replay key word: residual Replay Attack - Correct Answer A type of network attack where an attacker captures network traffic and stores it for retransmission at a later time to gain unauthorized access to a network. biometric information - Correct Answer are physical or behavioral human characteristics to that can be used to digitally identify a person to grant access to systems, devices or data. EX: Fingerprint Scanner, facial recognition, voice, digital signature brute force attack - Correct Answer An attack on passwords or encryption that tries every possible password or encryption key. a brute-force attack consists of an attacker submitting many passwords or passphrases with the hope of eventually guessing a combination correctly. The attacker systematically checks all possible passwords and passphrases until the correct one is found
An organization has experienced a large amount of traffic being re-routed from its Voice-over Internet Protocol packet network. The organization believes it is a victim of eavesdropping. Which of the following could result in eavesdropping of VoIP traffic? a. Corruption of the Address Resolution Protocol cache in Ethernet switches b. Use of a default administrator password on the analog phone switch c. Deploying virtual local area networks without enabling encryption d. End users having access to software tools such as packet sniffer applications - Correct Answer a. corruption of the address resolution protocol cache in ethernet switches **SAYS CORRUPTION others dont say it happened On an Ethernet switch there is a data table known as the ARP cache, which stores mappings between media access control and IP addresses. During normal operations, Ethernet switches only allow directed traffic to flow between the ports involved in the conversation and no other ports can see that traffic. However, if the ARP cache is intentionally corrupted with an ARP poisoning attack, some Ethernet switches simply "flood" the directed traffic to all ports of the switch, which could allow an attacker to monitor traffic not normally visible to the port where the attacker was connected, and thereby eavesdrop on Voice-over Internet Protocol (VoIP) traffic. Voice over Internet Protocol (VoIP) - Correct Answer phone calls transferred in digital packets over the Internet rather than on circuit-switched telephone wires ex; skype, zoom Confidentiality of the data transmitted in a wireless local area network is BEST protected if the session is: a. restricted to predefined media access control addresses. b. encrypted using static keys. c. encrypted using dynamic keys. d. initiated from devices that have encrypted storage. - Correct Answer c. encrypted using dynamic keys. When using dynamic keys, the encryption key is changed frequently, thus reducing the risk of the key being compromised and the message being decrypted. Which of the following is an advantage of elliptic curve encryption over RSA encryption?
a. Computation speed b. Ability to support digital signatures c. Simpler key distribution d. Message integrity controls - Correct Answer a. Computation speed The main advantage of elliptic curve encryption (ECC) over RSA encryption is its computation speed. This is due in part to the use of much smaller keys in the ECC algorithm than in RSA. **Think elliptical = speed Two-factor authentication can be circumvented through which of the following attacks? a. brute force b. key logging c. man in the middle d. denial of service - Correct Answer c - man in the middle b/c the password goes through the man in the middle and then the code u have to enter also goes through the man in the middle key logging attack - Correct Answer is the action of recording the keys struck on a keyboard, typically covertly, so that a person using the keyboard is unaware that their actions are being monitored. brute force attack - Correct Answer the password cracker tries every possible combination of characters can't circumvent two factor authentication man-in-the-middle attack - Correct Answer a hacker placing himself between a client and a host to intercept communications between them common in bank fraud An organization has requested that an IS auditor provide a recommendation to enhance the security and reliability of its Voice-over Internet Protocol (VoIP) system and data traffic. Which of the following would meet this objective? a. VoIP infrastructure needs to be segregated using virtual local area networks. b. Buffers need to be introduced at the VoIP endpoints. c. Ensure that end-to-end encryption is enabled in the VoIP system.
ex: helpdesk telling you to clear your cache to help things go faster proxy server - Correct Answer A computer system (or an application program) that intercepts internal user requests and then processes that request on behalf of the user. Which of the following controls would be MOST effective in reducing the risk of loss due to fraudulent online payment requests? a. transaction monitoring b. Protecting web sessions using Secure Sockets Layer c. Enforcing password complexity for authentication d. Inputting validation checks on web forms - Correct Answer a. transaction monitoring An unauthorized user could potentially enter false transactions. By monitoring transactions, the payment processor could identify potentially fraudulent transactions based on the typical usage patterns, monetary amounts, physical location of purchases, and other data that are part of the transaction process. Ex; think about the bank if you make a strange purchase they may ask you about it b/c the monitor your usual behaviors An IS auditor is assessing a biometric system used to protect physical access to a data center containing regulated data. Which of the following observations is the GREATEST concern to the auditor? a. Administrative access to the biometric scanners or the access control system is permitted over a virtual private network. b. Biometric scanners are not installed in restricted areas. c. Data transmitted between the biometric scanners and the access control system do not use a securely encrypted tunnel. - Correct Answer c. Data transmitted between the biometric scanners and the access control system do not use a securely encrypted tunnel. the tunnel needs to be protected to protect confidentiality Which of the following is the MOST secure and economical method for connecting a private network over the Internet in a small- to medium-sized organization? a. Virtual Private Network b. Dedicated line C. Leased Line D. Integrated services digital network - Correct Answer a. VPN
The most secure method is a virtual private network, using encryption, authentication and tunneling to allow data to travel securely from a private network to the Internet. EX; most clients have vpn regardless of size A certificate authority (CA) can delegate the processes of: a. revocation and suspension of a subscriber's certificate. b. generation and distribution of the CA public key. c. establishing a link between the requesting entity and its public key. d. issuing and distributing subscriber certificates. - Correct Answer c. establishing a link between the requesting entity and its public key. Certificate Authority (CA) - Correct Answer is a company or organization that acts to validate the identities of entities (such as websites, email addresses, companies, or individual persons) and bind them to cryptographic keys through the issuance of electronic documents known as digital certificates. A digital certificate provides: -authentication
After understanding the legal and regulatory requirements, an IS auditor should evaluate organizational policies, standards and procedures to determine whether they adequately address the privacy requirements, and then review the adherence to these specific policies, standards and procedures. Which of the following is the BEST control to mitigate the risk of pharming attacks to an Internet banking application? a. User registration and password policies b. User security awareness c. Use of intrusion detection/intrusion prevention systems d. Domain name system server security hardening - Correct Answer d. Domain name system server security hardening The pharming attack redirects the traffic to an unauthorized web site by exploiting vulnerabilities of the DNS server. To avoid this kind of attack, it is necessary to eliminate any known vulnerability that could allow DNS poisoning. Older versions of DNS software are vulnerable to this kind of attack and should be patched. pharming attack - Correct Answer is a form of online fraud involving malicious code and fraudulent websites. Cybercriminals install malicious code on your computer or server. The code automatically directs you to bogus websites without your knowledge or consent by exploiting vulnerabilities of the Domain Name System (DNS) server. The goal is to get you to provide personal information, like payment card data or passwords, on the false websites. Cybercriminals could then use your personal information to commit financial fraud and identity theft. Which of the following is an example of a passive cybersecurity attack? a. Traffic analysis b. Masquerading c. Denial-of-service d. Email spoofing - Correct Answer a. Traffic analysis A passive attack is one that monitors or captures network traffic but does not in any way modify, insert or delete the traffic. Examples of passive attacks include network analysis, eavesdropping and traffic analysis. key word: passive passive attack - Correct Answer one that monitors or captures network traffic but does not in any way modify, insert or delete the traffic. Examples of passive attacks include network analysis, eavesdropping and traffic analysis.
Active Attack - Correct Answer Attack where the attacker does interact with processing or communication activities. ex: masquerading, denial of service, email spoofing An IS auditor is reviewing an organization to ensure that evidence related to a data breach case is preserved. Which of the following choices would be of MOST concern to the IS auditor? a. End users are not aware of incident reporting procedures. b. Log servers are not on a separate network. c. Backups are not performed consistently. d. There is no chain of custody policy. - Correct Answer d - chain of custody Organizations should have a policy in place that directs employees to follow certain procedures when collecting evidence that may be used in a court of law. There is a concern that the risk of unauthorized access may increase after implementing a single sign-on process. To prevent unauthorized access, the MOST important action is to: a. monitor failed authentication attempts. b. review log files regularly. c. deactivate unused accounts promptly. d. mandate a strong password policy. - Correct Answer d. mandate a strong password policy. Strong passwords are important in any environment but take on special importance in an SSO environment, where a user enters a password only one time and thereafter has general access throughout the environment. Of the options given, only a strong password policy offers broad preventative effects. think what do we test During a logical access controls review, an IS auditor observes that user accounts are shared. The GREATEST risk resulting from this situation is that: a. an unauthorized user may use the ID to gain access. b. user access management is time consuming. c. user accountability is not established. d. passwords are easily guessed. - Correct Answer c. user accountability is not established. might not be able to trace actions back to a single user The GREATEST risk from an improperly implemented intrusion prevention system is:
d. enable message transmission in a digital format. - Correct Answer a. show if the message has been altered after transmission. The message digest is calculated and included in a digital signature to prove that the message has not been altered. The message digest sent with the message should have the same value as the recalculation of the digest of the received message. Key: question is about message digest not digital signature message digest - Correct Answer designed to protect the integrity of a piece of data or media to detect changes and alterations to any part of a message. An IS auditor is reviewing security incident management procedures for the company. Which of the following choices is the MOST important consideration? a. Chain of custody of electronic evidence b. System breach notification procedures c. Escalation procedures to external agencies d. Procedures to recover lost data - Correct Answer a. Chain of custody of electronic evidence The preservation of evidence is the most important consideration in regard to security incident management. If data and evidence are not collected properly, valuable information could be lost and would not be admissible in a court of law should the company decide to pursue litigation. Think: legal requirements come first An IS auditor selects a server for a penetration test that will be carried out by a technical specialist. Which of the following is MOST important? a. The tools used to conduct the test b. Certifications held by the IS auditor c. Permission from the data owner of the server d. An intrusion detection system is enabled - Correct Answer c. Permission from the data owner of the server The data owner should be informed of the risk associated with a penetration test, the timing of the test, what types of tests are to be conducted and other relevant details. Penetration Testing - Correct Answer Professional hacking to access data and computing power without being granted access; professional pen-testers are hired to identify and repair vulnerabilities and only work once, given written permission to obtain ungranted access.
During the collection of forensic evidence, which of the following actions would MOST likely result in the destruction or corruption of evidence on a compromised system? a. Dumping the memory content to a file b. Generating disk images of the compromised system c. Rebooting the system d. Removing the system from the network - Correct Answer c. Rebooting the system think rebooting iphone clears all data The management of an organization has decided to establish a security awareness program. Which of the following would MOST likely be a part of the program? a. Using an intrusion detection system to report incidents b. Mandating the use of passwords to access all software c. Installing an efficient user log system to track the actions of each user d. Training provided on a regular basis to all current and new employees - Correct Answer d. Training provided on a regular basis to all current and new employees Regular training is an important part of a security awareness program. Think human life most important Which of the following controls would BEST detect intrusion? a. User IDs and user privileges are granted through authorized procedures. b. Automatic logoff is used when a workstation is inactive for a particular period of time. c. Automatic logoff of the system occurs after a specified number of unsuccessful attempts. d. Unsuccessful logon attempts are monitored by the security administrator. - Correct Answer d. Unsuccessful logon attempts are monitored by the security administrator. only one which is detecting anything When auditing a role-based access control system, the IS auditor noticed that some IT security employees have system administrator privileges on some servers, which allows them to modify or delete transaction logs. Which would be the BEST recommendation that the IS auditor should make? a. Ensure that these employees are adequately supervised.
a. updating group metadata. b. reviewing existing user access. c. approval of user access. d. removing terminated users. - Correct Answer c. approval of user access. without an owner to provide approval for user access to the group, unauthorized individuals could potentially gain access to any sensitive data within the rights of the group. hash totals - Correct Answer the use of has totals is an effective method to reliably detect errors in data processing a hash total would detect errors in data processing Which of the following BEST ensures the integrity of a server's operating system? a. protecting the server in a secure location b. setting a boot password c. hardening the server configuration d. implementing activity logging - Correct Answer hardening the server configuration This means to configure it in the most secure manner (install latest security patches, properly define access authorization for users and administrators, disable insecure options and uninstall unused services) to prevent nonprivileged users from gaining the right to execute privileged instructions and, thus, take control of the entire machine, jeopardizing the integrity of the OS. hardening - Correct Answer to configure it in the most secure manner (install latest security patches, properly define access authorization for users and administrators, disable insecure options and uninstall unused services) to prevent nonprivileged users from gaining the right to execute privileged instructions and, thus, take control of the entire machine, jeopardizing the integrity of the OS During an implementation review of a recent application deployment, it was determined that several incidents were assigned incorrect priorities and, because of this, failed to meet the business service level agreement (SLA). What is the GREATEST concern? a. The support model was not approved by senior management. b. The incident resolution time specified in the SLA is not realistic. c. There are inadequate resources to support the applications. d. The support model was not properly developed and implemented. - Correct Answer d. The support model was not properly developed and implemented. he greatest concern for the IS auditor is that the support model was not developed and implemented correctly to prevent or react to potential outages. Incidents could cost the business a significant amount of money and a support model should be implemented
with the project. This should be a step within the system development life cycle and procedures and, if it is missed on one project, it may be a symptom of an overall breakdown in process. During an application audit, an IS auditor is asked to provide assurance of the database referential integrity. Which of the following should be reviewed? a. field definition - Correct Answer a. field definition referential integrity in a relational database refers to consistency between coupled tables Referential integrity is usually enforced by the combination of a primary key or candidate key (alternate key) and a foreign key. For referential integrity to hold, any field in a table that is declared a foreign key should contain only values from a parent table's primary key or a candidate key. Referential Integrity - Correct Answer refers to the accuracy and consistency of data within a relationship. In relationships, data is linked between two or more tables. This is achieved by having the foreign key (in the associated table) reference a primary key value (in the primary - or parent - table) The internal audit department has written some scripts that are used for continuous auditing of some information systems. The IT department has asked for copies of the scripts so that they can use them for setting up a continuous monitoring process on key systems. Would sharing these scripts with IT affect the ability of the IS auditors to independently and objectively audit the IT function? a. Sharing the scripts is not permitted because it would give IT the ability to pre-audit systems and avoid an accurate, comprehensive audit. b. Sharing the scripts is required because IT must have the ability to review all programs and software that runs on IS systems regardless of audit independence. c. Sharing the scripts is permissible as long as IT recognizes that audits may still be conducted in areas not covered in the scripts. d. Sharing the scripts is not permitted because it would mean that the IS auditors who wrote - Correct Answer c. Sharing the scripts is permissible as long as IT recognizes that audits may still be conducted in areas not covered in the scripts. Ex: think about running ACTT; we have to provide the scripts to IT however it doesn't cover entire environment just the servers we ask them to run it on The implementation of access controls FIRST requires: