(solution) You are the security administrator for a private corporation

(solution) You are the security administrator for a private corporation

INFA610 Name ___________________________________________ Multiple Choice – 5 Points Each 1. You are the security administrator for a private corporation. Your network hosts a wide range of data from freely distributed Web documents to customer contact lists to financial records to proprietary business process documentation. All data on the company network is labeled as classified and confidential. However, users don’t seem to understand that they need to handle certain documents with more care and control than others. Which of the following will improve this situation? a. b. c. d. Enforce a mandatory access control environment. Use stronger authentication factors. Create a classification policy. Define an acceptable use policy. Answer _______ 2. You are the security administrator for a company that is a government contractor. You have an established classification policy. Your current means of managing access seems to offer little in the manner of granular controls. Which of the following control mechanisms is a suitable improvement for this environment? a. b. c. d. Least privilege Need to know Separation of duties Job rotation Answer _________ 3. You are the security administrator for your organization. You are evaluating risks for various assets stored on the network. One asset, a collection of Request for Comments (RFC) documents that was downloaded from an Internet source, is threatened by a new Trojan horse program that locates and deletes text documents. Your system is vulnerable to this Trojan horse since no other detection systems are deployed on your network, other than a simple antivirus software product. Why can you ignore this specific risk? a. b. c. d. All antivirus software utilities detect and block Trojan horses. A Trojan horse is effective only if it is executed by an administrative user. Risks exist only against physical assets. The impact of the risk is negligible. Answer ____________ V6 Page 1 INFA610 Name ___________________________________________ 4. What specific policy might recommend removing a server from the network and reinstalling all software and data? a. b. c. d. A privacy policy An authentication policy An incident response policy A violations reporting policy Answer __________ 5. You are the network administrator for your organization. You’ve been assigned to document the network. You collect the relevant information and write out detailed reports for every hardware device, you create a network wiring diagram, and you even write out complete configuration settings for all of the approved applications. A few weeks later the company contracts with a consulting company to perform penetration testing against the network. They look at your network documentation and say that they cannot use it in their work. What is the possible reason for this claim? a. b. c. d. The documentation does not include any security details. The documentation is out of date. The documentation does not include operating systems. The documentation does not include disaster recovery plans. Answer ________ 6. You work for a company that sells products over the Internet. Every time a sale is made, a database record of the transaction is transmitted from the demilitarized zone (DMZ) to the database server in the private network where the database resides. You use a network-based IDS (NIDS) to monitor the network traffic from the DMZ to the private network. A Web server that supports your e-commerce solution is used in the DMZ. A denial of service (DoS) attack is detected by the NIDS. Which of the following is the least desirable response from the NIDS? a. b. c. d. Recording the incident in a report log Disabling the communication link between the DMZ and the private network Notifying the network administrator of the issue Blocking packets with the same source IP address as the original DoS packets Answer __________ V6 Page 2 INFA610 Name ___________________________________________ 7. You are the security administrator for a small company. You have a single server that is used as your Web server and e-commerce server. It is in your office, separate and distinct from all other systems. You have two Internet connections: one dedicated for use by the Web server and the other for shared use by the office network. You just completed a forensic investigation of an intrusion against the Web server that caused significant damage to the hosted data files. The intruder gained administrative-level access and made numerous configuration and setting changes throughout the system. You even found several sets of hacker tools hidden in various places in the system. You need to get the Web server back online quickly since you are losing sales every hour the server remains offline. You format the hard drives, reinstall the operating system and applications, manually reconfigure the system, and then restore verified versions of your data files from backup tapes that were created before the intruder broke in. What additional activity is essential to completing the restoration process? a. b. c. d. Applying any new hot fixes Patching the exploited vulnerability Performing a system-wide backup Reapplying the company security template Answer ________ 8. What type of encryption does PKI use? a. b. c. d. Symmetric Asymmetric DES AES Answer __________ 9. The upper layers of the OSI model are, in correct order. a. b. c. d. Session, application, presentation Session, presentation, application Session, application, presentation, physical Application, presentation, session, physical Answer _______ 10. Match the following: A. Application Layer B. Presentation Layer V6 Page 3 1. Responsible for co-ordinating communication between systems 2. Responsible for multiplexing upper-layer applications INFA610 Name ___________________________________________ C. Session Layer D. Transport Layer a. b. c. d. A—>3; B—>4; C—>2; D—>1 A—>2; B—>4; C—>1; D—>4 A—>2; B—>3; C—>4; D—>1 A—>3; B—>4; C—>1; D—>2 Answer _____________ V6 Page 4 3. Responsible for availability of intended communication partner 4. Responsible for negotiating data transfer syntax INFA610 Name ___________________________________________ 11. While reviewing the security logs for your server, you notice that a user on the Internet has attempted to access your internal mail server. Although it appears that the user’s attempts were unsuccessful, you are still very concerned about the possibility that your systems may be compromised. Which of the following solutions are you most likely to implement? a. b. c. d. A firewall system at the connection point to the Internet A more secure password policy File-level encryption Kerberos authentication Answer _________ 12. If Alice and Bob want to send encrypted messages to each other and Alice communicates first. In most cases what key will Alice use? a. b. c. d. e. Alice’s private key Alice’s public key Bob’s private key Bob’s public key None of the above Answer _______ V6 Page 5