1D0-571 - CIW v5 Security Essentials
Go back to CIW
Consider the following series of commands from a Linux system: iptables -A input -p icmp -s 0/0 -d 0/0 -j REJECT Which explanation best describes the impact of the resulting firewall ruleset?
Individuals on remote networks will not be able to use ping to troubleshoot connections.
Which tool is best suited for identifying applications and code on a Web server that can lead to a SQL injection attack?
A vulnerability scanner
At what layer of the OSI/RM does a packet filter operate?
Which of the following is most likely to address a problem with an operating system's ability to withstand an attack that attempts to exploit a buffer overflow?
You have implemented a version of the Kerberos protocol for your network. What service does Kerberos primarily offer?
Which of the following is most likely to pose a security threat to a Web server?
You want to create a quick solution that allows you to obtain real-time login information for the administrative account on an LDAP server that you feel may become a target. Which of the following will accomplish this goal?
Create a login script for the administrative account that records logins to a separate server.
What is the primary drawback of using symmetric-key encryption?
Key transport across a network
Which of the following is considered to be the most secure default firewall policy, yet usually causes the most work from an administrative perspective?
Blocking all access by default, then allowing only necessary connections
You have determined that an attack is currently underway on your database server. An attacker is currently logged in, modifying data. You want to preserve logs, caching and other data on this affected server. Which of the following actions will best allow you to stop the attack and still preserve data?
Pull the server network cable
Which of the following standards is used for digital certificates?
You purchased a network scanner six months ago. In spite of regularly conducting scans using this software, you have noticed that attackers have been able to compromise your servers over the last month. Which of the following is the most likely explanation for this problem?
The network scanner needs an update.
You have been asked to encrypt a large file using a secure encryption algorithm so you can send it via e-mail to your supervisor. Encryption speed is important. The key will not be transmitted across a network. Which form of encryption should you use?
An application is creating hashes of each file on an attached storage device. Which of the following will typically occur during this process?
An increase in the amount of time it takes for the system to respond to requests
Your organization has made a particularly unpopular policy decision. Your supervisor fears that a series of attacks may occur as a result. You have been assigned to increase automated auditing on a server. When fulfilling this request, which of the following resources should you audit the most aggressively?
Authentication databases, including directory servers
Which of the following can help you authoritatively trace a network flooding attack?
Which of the following is the most likely first step to enable a server to recover from a denial-of- service attack in which all hard disk data is lost?
Contact the backup service
The best way to thwart a dictionary attack is by enforcing a:
strong password policy.
What is the primary use of hash (one-way) encryption in networking?
Signing files, for data integrity
Which of the following applications can help determine whether a denial-of-service attack is occurring against a network host?
Thenetstat command and a packet sniffer
You have determined that the company Web server has several vulnerabilities, including a buffer overflow that has resulted in an attack. The Web server uses PHP and has direct connections to an Oracle database server. It also uses many CGI scripts. Which of the following is the most effective way to respond to this attack?
Installing software updates for the Web server daemon
Which algorithm can use a 128-bit key, and has been adopted as a standard by various governments and corporations?
Advanced Encryption Standard (AES)
Which of the following describes the practice of stateful multi-layer inspection?
Inspecting packets in all layers of the OSI/RM with a packet filter
A CGI application on the company's Web server has a bug written into it. This particular bug allows the application to write data into an area of memory that has not been properly allocated to the application. An attacker has created an application that takes advantage of this bug to obtain credit card information. Which of the following security threats is the attacker exploiting, and what can be done to solve the problem?
- Buffer overflow - Work with the Web developer to solve the problem
At the beginning of an IPsec session, which activity occurs during the Internet Key Exchange (IKE)?
Negotiating the authentication method
Which of the following is a primary weakness of asymmetric-key encryption?
It is slow because it requires extensive calculations by the computer.
The most popular types of proxy-oriented firewalls operate at which layer of the OSI/RM?
You have just deployed an application that uses hash-based checksums to monitor changes in the configuration scripts of a database server that is accessible via the Internet. Which of the following is a primary concern for this solution?
The security of the checksum database on a read-only media format
Which of the following will best help you ensure a database server can withstand a recently discovered vulnerability?
Installing a system update
Which of the following errors most commonly occurs when responding to a security breach?
Making snap judgments based on emotions, as opposed to company policy
You are using a PKI solution that is based on Secure Sockets Layer (SSL). Which of the following describes the function of the asymmetric-key-encryption algorithm used?
It encrypts the symmetric key.
What is the first tool needed to create a secure networking environment?
A disgruntled employee has discovered that the company Web server is not protected against a particular buffer overflow vulnerability. The disgruntled employee has created an application to take advantage of this vulnerability and secretly obtain sensitive data from the Web server's hard disk. This application sends a set of packets to the Web server that causes it to present an unauthenticated terminal with root privileges. What is the name for this particular type of attack?
You have discovered that the ls, su and ps commands no longer function as expected. They do not return information in a manner similar to any other Linux system. Also, the implementation of Tripwire you have installed on this server is returning new hash values. Which of the following has most likely occurred?
A root kit has been installed on the system.
A security breach has occurred in which a third party was able to obtain and misuse legitimate authentication information. After investigation, you determined that the specific cause for the breach was that end users have been placing their passwords underneath their keyboards. Which step will best help you resolve this problem?
Set passwords to expire at specific intervals and establish mandatory continual training sessions.
Irina has contracted with a company to provide Web design consulting services. The company has asked her to use several large files available via an HTTP server. The IT department has provided Irina with user name and password, as well as the DNS name of the HTTP server. She then used this information to obtain the files she needs to complete her task using Mozilla Firefox. Which of the following is a primary risk factor when authenticating with a standard HTTP server?
HTTP usescleartext transmission during authentication, which can lead to a man-in-the-middle attack.
Which of the following is a common problem, yet commonly overlooked, in regards to physical security in server rooms?
You have implemented a service on a Linux system that allows a user to read and edit resources. What is the function of this service?
Which of the following activities is the most effective at keeping the actions of nae end users from putting the company's physical and logicalWhich of the following activities is the most effective at keeping the actions of na?e end users from putting the company's physical and logical resources at risk?
Conducting a training session at the time of hire
A new video conferencing device has been installed on the network. You have been assigned to troubleshoot a connectivity problem between remote workers and the central company. Specifically, remote workers are having problems making any connection at all. Which technique will most likely help you solve this problem while retaining the existing level of security at the firewall?
Configure the firewall to provide VPN access.
A security breach has occurred involving the company e-commerce server. Customer credit card data has been released to unauthorized third parties. Which of the following lists the appropriate parties to inform?
Affected customers, credit card companies and law enforcement agencies
You have been assigned to provide security measures for your office's reception area. Although the company needs to provide security measures, costs must be kept to a minimum. Which of the following tools is the most appropriate choice?
Jason is attempting to gain unauthorized access to a corporate server by running a program that enters passwords from a long list of possible passwords. Which type of attack is this?
You want to create a certificate for use in a Secure Sockets Layer (SSL) session. Which of the following is responsible for verifying the identity of an individual and also issuing the certificate?
What is the primary strength of symmetric-key encryption?
It can encrypt large amounts of data very quickly.
A distributed denial-of-service (DDOS) attack has occurred where both ICMP and TCP packets have crashed the company's Web server. Which of the following techniques will best help reduce the severity of this attack?
Filtering traffic at the firewall
Which of the following details should be included in documentation of an attack?
The time and date of the attack, and the names of employees who were contacted during the response
You have been assigned to configure a DMZ that uses multiple firewall components. Specifically, you must configure a router that will authoritatively monitor and, if necessary, block traffic. This device will be the last one that inspects traffic before it passes to the internal network. Which term best describes this device?
Which of the following organizations provides regular updates concerning security breaches and issues?
Which of the following is a primary auditing activity?
Checking log files