B#CIW Q1. Why is password lockout an effective deterrent to cracking attempts? ^A: Passwords cannot be changed through brute-force methods ^B: A limited number of login attempts before lockout reduces the number of guesses the potential cracker can made ^C: Passwords protected in this manner are impossible to find because they are locked out of the main flow of information on the WAN ^D: Password lockout provides no real improvement over traditional locking methods. B#CIW Q2. Which of the following choices best defines the Windows NT security account manager? ^A: It is the portion of the GINA DLL that controls security ^B: It is the database containing the identity of the users and their credentials ^C: It is the name of the machine responsible for the management of all the security of the LAN ^D: It is the interface that is responsible for logging on and user IDs A#CIW Q3. Under the level C2 security classification, what does “discretionary access control” mean? ^A: Discretionary access control means that the owner of a resource must be able to use that resource ^B: Discretionary access control is the ability of the system administrator to limit the time any user spends on a computer ^C: Discretionary access control is a policy that limits the use of any resource to a group or a security profile ^D: Discretionary access control is a rule set by the security auditor to prevent others from downloading unauthorized scripts or programs. B#CIW Q4. Michel wants to write a computer virus that will cripple UNIX systems. What is going to be the main obstacle preventing him from success? ^A: UNIX computers are extremely difficult to access illicitly over the internet, and therefore computer viruses are not an issue with UNIX systems ^B: Due to the file permission structure and the number of variations in the UNIX hardware architectures, a virus would have to gain root privileges as well as identify the hardware and UNIX flavor in use. ^C: Due to availability of effective free anti-virus tools, computer viruses are caught early and often. Michel’s virus would have to evade detection for it to succeed. ^D: Due to the extensive use of ANSI “C” in the programming of UNIX, the virus would have to mimic some of the source code used in the infected iteration of the UNIX operating system B#CIW Q5. Which of the following best describes the problem with share permissions and share points in Windows NT? ^A: Share points must be the same value as the directory that serves the share point ^B: Share points contains permissions; and any file under the share point must possess the same permissions ^C: Share permissions are exclusive to root directories and files; they do not involve share points, which define user permissions ^D: Share points are set when connection is established, therefore the static nature of file permissions can conflict with share points if they are not set with read and write permissions for everyone. A#CIW Q6. What do the discretionary ACL (access control list) and the system ACL in Windows NT have in common? ^A: Both share properties for storing secure object identifiers ^B: Both can grant or deny permissions to parts of the system ^C: Both are installed by default on the system in different sections of the client/server model ^D: Both are responsible for creation of the master access control list A#CIW Q7. Winlogon loads the GINA DLL. What does the GINA DLL then do? ^A: It provides the interface for processing logon requests ^B: It creates the link to the user database for the update of the local security authority ^C: It creates the link to the master access list on the server ^D: It checks the user database for correct date/time stamps of last modification C#CIW Q8. You must apply permissions to a file named/home/myname/myfile.txt, and you need to fulfill the following requirements:^ You want full access to the file.^ people in your group should be able to read the file.^ People in your group should not be able to write the file.^ People outside of your group should be denied access to the file.^ What are the most secure permissions you would apply to the file? ^A. Chage 700/home/myname/myfile.txt ^B. Chage 744/home/myname/myfile.txt ^C. Chmod 640/home/myname/myfile.txt ^D. Chmod 064/home/myname/myfile.txt A#CIW Q10. What are the security issues that arise in the use of the NFS (Network File System)? ^A: Synchronization of user and group IDs is poor, so it is easy to spoof trusted hosts and user names. ^B: The lack of logging in one place or on one machine, and the multiple logs this then requires, can create bottlenecks ^C: The possibility arises for Cleartext passwords to be sniffed on the network if it does not use Secure RPC. ^D: NFS uses a weak authentication scheme and transfers information in encrypted form B#CIW Q11. What is the major security issue with standard NIS (Network Information System)? ^A: It is impossible to enforce a centralized login scheme ^B: NIS provides no authentication requirement in its native state ^C: There is no way to encrypt data being transferred ^D: NIS is a legacy service and, as such, is only used in order, less secure operating systems and networks B#CIW Q12. In a Linux system, how do you stop the POP3, IMAPD, and FTP services? ^A: By changing the permissions on the configuration file that controls the service (/sbin/inetd), then recompiling /etc/inetd.config ^B: By commenting out the service using the # symbol in the text file /etc/inetd.conf, then restarting the inetd daemon ^C: By recompiling the system kernel, making sure you have disabled that service ^D: By commenting out the service using the $ symbol in the text file /etc/inetd.conf, then restarting the inetd daemon. A#CIW Q13. Which of the following choices lists the ports that Microsoft internal networking uses that should be blocked from outside access? ^A: UDP 137 and 138, and TCP 139 ^B: Ports 11, 112, and 79 ^C: UDP 1028, 31337 and 6000 ^D: Port 80, 134 and 31337 A#CIW Q14. What is the best way to keep employees on a LAN from unauthorized activity or other mischief? ^A: Reduce each user’s permissions to the minimum needed to perform the tasks required by his or her job ^B: Limit the number of logins available to all users to one at a time ^C: Limit the number of files that any one user can have open at any given time ^D: Implement a zero-tolerance policy in regard to employees who load games or other unauthorized software on the company's computers C#CIW Q15. What is a spoofing attack? ^A: A hacker pretends to be the superuser and spoofs a user into allowing him into the system ^B: A hacker calls a user and pretends to be a system administrator in order to get the user’s password ^C: A computer (or network) pretends to be a trusted host (or network) ^D: A hacker gains entrance to the building where the network resides and accesses the system by pretending to be an employee B#CIW Q16. Abjee is going to log on to his network. His network does not employ traffic padding mechanisms. Why will it be easy for someone to steal his password? ^A: Because his password could be more than two weeks old ^B: Because of he predictability of the length of the login and password prompts ^C: Because the Cleartext user name and password are not encrypted ^D: Because there is no provision for log analysis without traffic padding, thus no accountability when passwords are lost D#CIW Q17. In a typical corporate environment, which of the following resources demands the highest level of security on the network? ^A: Purchasing ^B: Engineering ^C: Sales ^D: Accounting A#CIW Q18. Luke is documenting all of his network attributes. He wants to know the type of network-level information that is represented by the locations of access panels, wiring closets and server rooms. Which of the following is the correct term for this activity? ^A: Network mapping ^B: IP service routing ^C: Router and switch designing ^D: War dialing D#CIW Q19. Which service, command or tool allows a remote user to interface with a system as if he were sitting at the terminal? ^A: Host ^B: Finger ^C: SetRequest ^D: Telnet C#CIW Q20. Which command, tool or service on a UNIX network converts names to IP addresses and IP addresses to names, and can also specify which servers are mail servers? ^A: Port scanner ^B: Traceroute ^C: Host ^D: Nslookup B#CIW Q21. Kerstin connected to an e-commerce site and brought a new mouse pad with her credit card for $5.00 plus shipping and handling. She never received her mouse pad so she called her credit card company to cancel the transaction. She was not charged for the mouse pad, but she received multiple charges she knew nothing about. She tried to connect to the site again but could not find it. Which type of hacking attack occurred? ^A: Denial-of-service attack ^B: Hijacking attack ^C: Illicit server attack ^D: Spoofing attack B#CIW Q22. Which service, tool or command allows a remote or local user to learn the directories or files that are accessible on the network? ^A: Traceroute ^B: Share scanner ^C: Port scanner ^D: Ping scanner D#CIW Q23. Which type of attack utilizes an unauthorized service or daemon running on your system to send out information to a hacker that can be used to further compromise the system? ^A: Virus attack ^B: Hijacking attack ^C: Man-in-the-middle attack ^D: Illicit server attack D#CIW Q24. Which type of attack uses a simple or complex program that self-replicates and/or deposits a payload on a remote or local computer? ^A: Dictionary attack ^B: Hijacking attack ^C: Illicit server attack ^D: Virus attack A#CIW Q25. Which type of attack can use a worm or packet sniffer to crash systems, causing low resources and/or consuming bandwidth? ^A: Denial-of-service attack ^B: Illicit server attack ^C: Man-in-the-middle attack ^D: Virus attack C#CIW Q26. Which service, command or tool discovers the IP addresses of all computers or routers between two computers on an internet/intranet network? ^A: Whois ^B: Port scanner ^C: Traceroute ^D: Nslookup D#CIW Q27. Which tool, service or command will enable you to learn the entire address range used by an organization or company? ^A: Traceroute ^B: Nslookup ^C: Port scanner ^D: Ping scanner A#CIW Q28. What is the final step in assessing the risk of network intrusion from an internal or external source? ^A: Using the existing management and control architecture ^B: Evaluating the existing perimeter and internal security ^C: Analyzing, categorizing and prioritizing resources ^D: Considering the business concerns B#CIW Q29. A file is replace by another file that provides the same service but also has a secret operation that is meant to subvert security. What is this type of attack called? ^A: A buffer overflow attack ^B: A Trojan attack ^C: A denial-of-service attack ^D: An illicit server attack B#CIW Q30. Most hackers run two services first learn information about a computer or Windows server attached to the Internet or intranet. These services enable hackers to find weaknesses in order to infiltrate the computer or network. Which one of the following choices lists the two services? ^A: Ping and traceroute ^B: Nslookup and whois ^C: Whois and ping ^D: Nslookup and traceroute A#CIW Q31. What common target can be reconfigured to disable an interface and provide inaccurate IP addresses over the Internet? ^A: Routers ^B: E-mail servers ^C: DNS servers ^D: Databases B#CIW Q32. Lucy obtains the latest stable versions of server, services or applications. Which type of attack does this action help to prevent? ^A: Dictionary attack ^B: Buffer overflow attack ^C: Trojan attack ^D: Illicit server attack A#CIW Q33. What host-level information would you want to obtain so you can exploit defaults and patches? ^A: Servers ^B: Routers and switches ^C: Databases ^D: Firewall types D#CIW Q34. Which of the following is a way to get around a firewall to intrude into a secure network from a remote location? ^A: IP services ^B: Active ports ^C: Identified network topology ^D: Modem banks D#CIW Q35. You notice that your FTP service reveals unnecessary information about your server. Which of the following is the most efficient solution to this problem? ^A: Filter out the login banner using a packet filter ^B: Disable the service in question ^C: Place the service behind the firewall ^D: Disable the login banner for the service C#CIW Q36. What is the most common security problem on a client/server network? ^A: Outdated software ^B: Old login accounts ^C: Non-secured ports ^D: Browser flaws C#CIW Q37. While assessing the risk of a network, which step are you conducting when you determine whether the network can differentiate itself from other networks? ^A: Considering the business concerns ^B: Analyzing, categorizing and prioritizing resources ^C: Evaluating the existing perimeter and internal security ^D: Using the existing management and control architecture A#CIW Q38. Which type of attack occurs when a hacker obtains passwords and other information from legitimate transactions? ^A: Man-in-the-middle attack ^B: Denial-of-service attack ^C: Dictionary attack ^D: Illicit server attack D#CIW Q39. Which of the following layers of TCP/IP stacks is the most difficult to secure? ^A: Physical ^B: Network ^C: Transport ^D: Application B#CIW Q40. Kerstin wants to improve the security on her FTP server. She is worried about password-sniffing attacks. Which of the following is the best action for her to take? ^A: Disable anonymous logins ^B: Allow only anonymous logins ^C: Configure the firewall to block port 21 ^D: Place the FTP server outside of the firewall D#CIW Q41. What is the primary security problem with FTP? ^A: Anonymous logins do not require a password ^B: Damaging programs can be executed on the client ^C: Damaging programs can be executed on the server ^D: The login name and password are sent to the server in cleartext A#CIW Q42. Which type of port is used by a client when it establishes a TCP connection? ^A: Ephemeral ^B: Well-known ^C: Reserved ^D: Static B#CIW Q43. Which system provides relay services between two devices? ^A: Proxy server ^B: Gateway ^C: VPN ^D: Screening router A#CIW Q44. Which port does FTP use for a control connection? ^A: 21 ^B: 25 ^C: 53 ^D: 162 C#CIW Q45. Which port is used by DNS when conducting zone transfers? ^A: UDP port 53 ^B: UDP port 23 ^C: TCP port 53 ^D: TCP port 23 D#CIW Q46. What is the primary security risk in SNMP? ^A: Login names and passwords are not encrypted ^B: Damaging programs can be executed on the client ^C: Damaging programs can be executed on the server ^D: Passwords and Data is transferred in Cleartext B#CIW Q47. Ulf wants to ensure that a hacker cannot access his DNS zone files. What is the best action for his to take? ^A: Filter TCP port 23 ^B: Configure the firewall to block zone transfers and accept zone transfer requests only from specific hosts ^C: Configure all routers to block zone transfers and encrypt zone transfer messages ^D: Disable Nslookup D#CIW Q48. What is a Windows NT equivalent to a UNIX daemon? ^A: A thread ^B: A process ^C: A protocol ^D: A service A#CIW Q49. Which of the following is the correct order of events in the termination of a TCP/IP connection? ^A: Active close, passive close, FIN, ACK ^B: Passive close, Active close, FIN, ACK ^C: Active close, passive close, ACK, FIN ^D: Passive close, active close, ACK, FIN B#CIW Q50. Which protocol is normally used to communicate errors or other conditions at the IP layer, but has also been used to conduct denial-of-service attacks? ^A: TCP ^B: ICMP ^C: SNMP ^D: UDP D#CIW Q51. Which of the following will help control unauthorized access to an e-mail server? ^A: Disable CGI scripts ^B: Prohibit relaying ^C: Limit the number of e-mail messages a given account can receive in a day ^D: Scan all e-mail messages at the firewall or SMTP server D#CIW Q52. What is the correct order of events in the establishment of a TCP/IP connection? ^A: Passive open, active open, ACK ^B: Passive open, ACK, active open ^C: Active open, active open, ACK ^D: Active open, passive open, ACK B#CIW Q53. You are using a packet sniffer to capture transmissions between two remote systems. However, you find that you can only capture packets between your own system and another. What is the problem? ^A: You have configure your filter incorrectly ^B: You are sniffing packets in a switch network ^C: Tcpdump captures packets only between your host and another host ^D: Your system does not have its default gateway configured D#CIW Q54. How might a hacker cause a denial-of-service attack on an FTP server? ^A: By executing a damaging program on the server ^B: By initiating an ICMP flood ^C: By initiating a broadcast storm ^D: By filling the server’s hard drive to capacity B#CIW Q55. Which type if port is used by HTTP for the control connection? ^A: Ephemeral ^B: Well-known ^C: Dynamic ^D: UDP C#CIW Q56. Which security feature does NNTP possess that SMTP does not? ^A: Dynamic port assignment ^B: Separate control and data ports ^C: Usable in conjunction with SSL ^D: Strict bounds checking on arrays C#CIW Q57. Laura is a system administrator who wants to block all NNTP traffic between her network and the Internet. How should she configure her firewall? ^A: Disable anonymous logins in the NNTP configuration manager ^B: Configure all routers to block broadcast packets ^C: Configure the firewall to block port 119 ^D: Configure the firewall to block port 25 A#CIW Q58. Luke must advise his users about which client to employ when accessing remote systems. Which of the following is a connection-oriented protocol that can contain unencrypted password information from Telnet sessions? ^A: TCP ^B: TTP ^C: HTTP ^D: UDP B#CIW Q59. What is the term for the process of replacing source IP addresses with false IP addresses? ^A: Hijacking ^B: Spoofing ^C: Spamming ^D: Brute force A#CIW Q60. Which ports are used by SNMP? ^A: UDP ports 161 and 162 ^B: UDP ports 20 and 21 ^C: TCP ports 161 and 162 ^D: TCP ports 20 and 21 A#CIW Q61. What is the most common type of network attack? ^A: Denial-of-service attacks, because they are easy to perpetrate ^B: Insider attacks, because most resources are spent defending against outside attacks ^C: Packet sniffing and other “benign” attacks, because there is no way to defend against them ^D: Brute-force password attacks, because most users do not employ good passwords B#CIW Q62. What is the different between digital signature mechanisms and simple encryption? ^A: Digital signatures are generally 128-bit encryption, whereas simple encryption is generally 56 bits ^B: Digital signatures are verified by third parties that vouch for the veracity of the sender and the contents ^C: Digital signatures carry timestamps, whereas standard encryption does not ^D: Standard encryption mechanisms have no provision for traffic padding to thwart password sniffers A#CIW Q63. What is problematic about a new NTFS partition? ^A: The “everyone” group has unrestricted access permissions on the new partition, thus restricting access to the new partition become problematic. ^B: NTFS cannot read user/group permissions tables on FAT systems, thus the group permissions file must be kept in the same file format as the new partition ^C: The “admin” group has exclusive access to the new partition, thus getting client machines to see the new partitions can be problematic ^D: NTFS allows only the root user to access it, thus it is difficult to divide the new partition A#CIW Q64. Why is the rlogin command dangerous to network security? ^A: Remote logins are a security threat regardless of the protocol and should be avoided ^B: There is no way to prevent the user who successfully uses rlogin from becoming root ^C: The rlogin command has a long history of buffer overflows that has not been corrected ^D: If one system that has extensive rlogin privileges to other systems is compromised, then a hacker can spread throughout the entire network C#CIW Q65. Which of the following choices lists the components that make up security descriptions for Windows NT objects? ^A: The user name, the password and the object-owner security identifier ^B: The UNAME the access profile of the object-owner SID, and confirmation by the system access control list ^C: The object-owner SID, the discretionary access control, the DACL, and the group SID ^D: The user name, the object identifiers, the set user identifier, and the time/date stamp B#CIW Q66. What is the major security problem with the SUID/SGID programs or utilities? ^A: The root account must be in order to utilize programs set this way ^B: These permission in a program in a program can temporarily grant root privileges to anyone ^C: SUID programs are not removed immediately from the swap/paging area, which results in a clear security risk ^D: The SGID is a clear violation of good security practice and is only used as a result of the SUID A#CIW Q67. Carol wants to choose a strong password for her computer. Which of the following should she include in her password? ^A: A mixture of uppercase and lowercase letters, symbols and numbers ^B: An arcane phrase only she can remember ^C: An incorrect spelling of a word or a phrase ^D: A mixture of random words that form non-sense B#CIW Q68. Why would Ulf refuse to run the command “chmod-Are 777/home/ulf”? ^A: The command will copy all his files to a public directory ^B: The command will allow everyone to read, write and execute all files in his directory ^C: The command will create problems when his profile file initialises his user settings ^D: The command is known to have security breaches associated with it, and should be avoided. C#CIW Q69. Which command, service or tool allows you to imitate a secondary DNS server in order to obtain its records via a zone transfer? ^A: Traceroute ^B: Ping scanner ^C: Nslookup ^D: Host C#CIW Q70. Which type of attack uses a database or databases to guess a password in order to gain access to a computer system? ^A: Hijacking attack ^B: Virus attack ^C: Dictionary attack ^D: Man-in-the-middle attack A#CIW Q71. What is the name of the risk assessment stage in which you bypass login accounts and passwords?^A: Penetration ^B: Control ^C: Activation ^D: Discovery D#CIW Q72. Which tool, command or service allows a remote or local user to find any open connection paths to the system on the Internet or an intranet? ^A: Traceroute ^B: Whois ^C: Nslookup ^D: Port scanner B#CIW Q73. A hacker has just changed the information for a zone during a zone transfer. This attack caused false information to be passed on to network hosts as if it were legitimate. Which type of server is the target in such an attack? ^A: An e-mail server ^B: A DNS server ^C: A router ^D: A FTP server C#CIW Q74. Which of the following do hackers target because it usually communicates in Cleartext? ^A: Router ^B: DNS server ^C: FTP server ^D: E-mail server B#CIW Q75. Which directory holds the Microsoft NT operating system on an NT 4.0 server (using default installation)? ^A: \windows ^B: \winnt ^C: \winnt4.0 ^D: \program files C#CIW Q76. Where are most of the binaries located on the hard drive of a UNIX server (using default installation)? ^A: /bin ^B: /sbin ^C: /usr ^D: /proc A#CIW Q77. Ulf is a systems administrator. He sees that an attacker from a remote location is sending invalid packets, trying to monopolize Ulf’s connection so that a denial of service occurs. What characteristic of the activity makes Ulf think this is a denial-of-service attack? ^A: Bandwidth consumption ^B: Hijacking of internal user resources ^C: Polling ^D: Use of an illicit server B#CIW Q78. Which application is used to learn about an operating system’s type and patch level?^A: Traceroute ^B: Nmap ^C: Whois ^D: Ping D#CIW Q79. You have installed a proxy server that authenticates users. However, you find that one user has bypassed the proxy server by entering the default gateway IP address. How can you solve this problem? ^A: Configure the default gateway to deny access to all systems ^B: Confront the user ^C: Reconfigure the user’s machine ^D: Configure the default gateway to reject all requests to all systems except for the proxy server B#CIW Q80. What is the standard method for securing individual e-mail messages sent between a company and other users that do not use that e-mail server? ^A: Invoke encryption at the e-mail server ^B: Invoke encryption on each client ^C: Filter firewall port 42 on the company firewall ^D: Store all e-mail messages on a separate partition D#CIW Q81. Which one of the following choices lists the two greatest security problems associated with HTTP? ^A: Community names and encrypted passwords ^B: IP spoofing and ICMP spoofing ^C: Viewer applications and external programs used by the HTTP server ^D: No bound checking on arrays and anonymous access B#CIW Q82. Which tool utilizes a database of known security problems to test a network? ^A: Operating system add-on ^B: Network scanner ^C: Logging and log analysis tool ^D: SNMP B#CIW Q83. How are servers able to conduct a simple authentication check using DNS? ^A: Forward DNS lookup ^B: Reverse DNS lookup ^C: RARP ^D: Nslookup B#CIW Q84. Which port or ports are used for SMTP? ^A: 20 and 21 ^B: 25 ^C: 53 ^D: 161 and 162 A#CIW Q85. When using IIS, what has primary control over security? ^A: The operating system ^B: IIS ^C: The GINA ^D: The SSL Service B#CIW Q86. Which of the following is the best way to secure CGI scripts? ^A: Configure the firewall to filter CGI at ports 80 and 443 ^B: Disable anonymous HTTP logins when using CGI ^C: Ensure that the code checks all user input ^D: Active Java on the primary web server B#CIW Q87. Which type of gateway functions in all layers of the OSI/RM? ^A: A circuit-level gateway ^B: An application-level gateway ^C: A proxy gateway ^D: A universal gateway A#CIW Q88. Which device is similar to a packet filter, but also provides network address translation? ^A: A circuit-level gateway ^B: An application-level gateway ^C: A proxy server ^D: A choke router B#CIW Q89. Which of the following attacks specifically utilizes packet spoofing? ^A: Crack ^B: Smurf ^C: Flood ^D: Worm B#CIW Q90. Tavo wants to check the status of failed Telnet-based login attempts on a Linux machine he administers. Which shell command can he use to see only that information? ^A: cat/etc/passwd> newfile.txt ^B: grep login/var/log/messages ^C: more /var/log/secure ^D: more /etc/passwd A#CIW Q91. Why is the rlogin command dangerous to network security? ^A: Remote logins are a security threat regardless of the protocol and should be avoided ^B: There is no way to prevent the user from becoming root if he successfully uses rlogin ^C: The rlogin command has a history of buffer overflows that has not been corrected ^D: The rlogin command relies on IP-based authentication, which is easily defeated C#CIW Q92. Which of the following is the most desirable goal that UNIX system crackers typically hope to achieve? ^A: To be able to write a message on the compromised computer’s web page ^B: To be able to plant a virus that will wipe out the entire database ^C: To gain root privileges ^D: To alter the /var/log/messages file and thus escape detection A#CIW Q93. What is the purpose of blocking services on any given server? ^A: To limit the number of targets a cracker can choose from ^B: To limit the number of processes that run at any given time, enhancing response time in case of a security breach ^C: To keep the operating system and its processes as simple as possible so administration is easier ^D: None; most services are needed and pose only minor security threats B#CIW Q94. What is the primary function of IPSec? ^A: It thwarts denial-of-service attacks ^B: It provides encryption ^C: It authenticates users ^D: It provides access control A#CIW Q95. When setting up Microsoft Internet Information Server (IIS) in either Windows NT or Windows 2000, what should you change to help provide security? ^A: The default accounts must be renamed because they pose a security problem ^B: The domain controller must be queried for the default encryption for the user database ^C: The administrator must import default admin profiles for secure administration rights ^D: The default users must be trained in the errata and security features of internet information manager B#CIW Q96. Helga is going to log on to her network. Her network does not employ traffic padding mechanisms. Why will it be easy for someone to steal her password? ^A: Because her password could be more than two weeks old ^B: Because of the predictability of the login length and password prompts ^C: Because the cleartext user name and password are not encrypted ^D: Because there is no provision for log analysis without traffic padding, thus no accountability when passwords are lost B#CIW Q97. Why would a Windows NT/2000 administrator place the operating system, the program files and the data on different, discrete directories? ^A: To avoid confusion and duplication of upgrades between applications and the operating system ^B: To enhance security by modifying permissions for each resource as needed ^C: To restrict users from accidentally overwriting critical files (if they fill their home directories to capacity), which makes the operating system vulnerable to hacker attacks ^D: To keep the operating system partition from becoming overwhelmed with user program libraries and DLLs D#CIW Q98. Which layer of the OSI/RM do proxy servers usually address? ^A: Physical layer ^B: Network layer ^C: Transport layer ^D: Application layer C#CIW Q99. At which layer of the OSI/RM do packet filters function? ^A: Data link layer ^B: Physical layer ^C: Network layer ^D: Transport layer B#CIW Q100. Helga deleted extraneous services from a system to ensure that it is relatively secure from attack. Which term best describes this activity? ^A: Securing the system ^B: Operating system hardening ^C: Auditing ^D: System maintenance C#CIW Q101. Lucy is a system administrator who wants to block all NNTP traffic between her network and the Internet. How should she configure her firewall? ^A: Configure the firewall to block all incoming and outgoing packets except for those with the source and destination port of 119. Then, allow all traffic with destination ports above 1024 to transverse the firewall. ^B: Configure the firewall to block all incoming packets with the source port of 119, and outgoing packets with a source port lower than 1024. Then, block all packets with the destination port of 119 and with a source port lower than 1024. ^C: Configure the firewall to block incoming packets with the destination port of 119, and to block outgoing packets with the destination port of 119. ^D: Configure the firewall to block all incoming packets with the source port of 119. B#CIW Q102. Which port is used by HTTP to listen for secure connections? ^A: UDP 80 ^B: TCP 443 ^C: TCP 8080 ^D: UDP 8080 B#CIW Q103. Raul is worried that his network might be attacked through modified ICMP messages. What can he do to prevent this? ^A: Disable anonymous logins ^B: Filter ICMP packets at the firewall ^C: Configure the firewall to block zone transfers ^D: Scan ICMP messages for viruses at the firewall A#CIW Q104. Which layer of the OSI/RM stack controls the flow of information between hosts? ^A: Data link layer ^B: Physical layer ^C: Network layer ^D: Transport layer D#CIW Q105. What is the most important step in securing a web server? ^A: Logging all HTTP activity ^B: Enabling system-wide encryption ^C: Placing the operating system, web server program, and server files on the same partition ^D: Placing the operating system, web server program, and server files on separate partitions D#CIW Q106. You have enabled Tripwire on your Linux system. Which location is best for storing the database file? ^A: On a CD-RW drive attached to the system ^B: In the default location ^C: On a write-protected floppy disk attached to the system ^D: On a CD-R drive attached to the system D#CIW Q107. After installing a Linux server and activating SSH on it, you try to authenticate, but are rejected due to an “authenticated failure.” You have properly transferred host and public keys, and all of your servers use the same flavor of SSH (Open SSH). What is a likely cause for your failure to connect to this newly configured server? ^A: The version of SSH you are using is incompatible with your Linux system ^B: You must first conduct a Telnet session with the server ^C: You must first disable Telnet and rlogin for SSH to work properly ^D: Your name resolution is incorrectly configured B#CIW Q108. What is another term for a network security manager who acts as a potential hacker (a person looking for security loopholes)? ^A: An agent ^B: An auditor ^C: An assessor ^D: An analyzer A#CIW Q109. Helga is a systems administrator. She sees that an attacker from a remote location is sending invalid packets, trying to monopolize Helga’s network connection so that a denial of service occurs. What characteristic of the activity makes Helga think this is a denial-of-service attack? ^A: Bandwidth consumption ^B: Hijacking of internal user resources ^C: Use of an illicit server ^D: System slowdown A#CIW Q110. What is the most secure policy for a firewall? ^A: To reject all traffic unless it is explicitly permitted ^B: To accept all traffic unless it is explicitly rejected ^C: To enable all internal interfaces ^D: To enable all external interfaces C#CIW Q111. Which of the following do hackers target because it usually communicates in cleartext, and because it often carries sensitive information? ^A: Router ^B: DNS server ^C: FTP server ^D: E-mail server B#CIW Q112. What can a hacker destroy or modify to make a server or network intrusion undetectable? ^A: User accounts ^B: Log files ^C: Operating systems ^D: Passwords D#CIW Q113. Which of the following targets is more vulnerable to hacking attacks because of its location in relation to the firewall? ^A: DNS server ^B: FTP server ^C: E-mail server ^D: Router D#CIW Q114. Helga’s web server is placed behind her corporate firewall. Currently, her firewall allows only VPN connections from other remote clients and networks. She wants to open the internet-facing interface on her firewall so that it allows all users on the Internet to access her web server. Which of the following must Helga’s rule contain? ^A: Instructions allowing all UDP connections with a destination port of 80 and a source port of 1024 ^B: Instructions allowing all UDP connections with a source port of 80 on the external interface and a destination port of 1024 ^C: Instructions allowing all TCP connections with a source port of 80 on the internal interface and a destination port of 80 ^D: Instructions allowing all TCP connections with a source port higher than 1024 and a destination port of 80 C#CIW Q115. When assessing the risk to a machine or network, what step should you take first? ^A: Analyzing, categorizing and prioritizing resources ^B: Evaluating the existing perimeter and internal security ^C: Checking for a written security policy ^D: Analyzing the use of existing management and control architecture A#CIW Q116. Your company has suffered several denial-of-service attacks involving Microsoft Outlook e-mail clients. How can you protect your systems from such attacks in the future, yet still allows client users to accomplish their jobs? ^A: Install antivirus applications on the clients and the e-mail server ^B: Filter out all attachments from e-mail messages at the e-mail server ^C: Filter out all attachments from e-mail messages at the e-mail server, and install antivirus applications on the clients ^D: Install personal firewalls in the e-mail server and on each client C#CIW Q117. Which type of device communicates with external servers on behalf of internal clients? ^A: A client-level gateway ^B: An application-level gateway ^C: A proxy server ^D: A packet filter C#CIW Q118. Which choice lists the components that form security descriptors for Windows NT/200 objects? ^A: The user name (UNAME), the password (PWD), and the object-owner security identifier (SID) ^B: The UNAME, the access profile of the object-owner SID, and confirmation by the system access control list (SACL) ^C: The object-owner SID, the discretionary access control list (DACL), the SACL, and the group SID ^D: The user name, the object identifier (OID), the set user identifier (UID), and the time/date stamp D#CIW Q119. Which single service can you disable to stop approximately two-thirds of the exploration tools used against Windows NT/2000? ^A: The Schedule service. ^B: The POSIX subsystem with the C2Config tool. ^C: The Ansi.sys from the boot loader. ^D: The NetBIOS service. C#CIW Q120. Which is included in the formula that Windows NT/2000 uses to create the Security Identifier? ^A: A semi-random number generated by the CPU based on the number of processes in the queue ^B: A set of numbers based on the serial number of the computer CPU and the serial number of Windows NT ^C: The computer name and the current amount of CPU time used by the user mode ^D: The octal encryption of the user name and the password C#CIW Q121. A computer on your network is responding very slowly to network requests, and then it stops responding at all.You use a packet sniffer and create a filter that views packets being sent to that host. You see that the host is receiving thousands of ICMP packets a minute. What type of attack is causing the system to slow down? ^A: A spoofing attack ^B: A root kit installed on the system ^C: A denial-of-service attack ^D: A man-in-the-middle attack C#CIW Q122. What is typically the most desirable asset for a hacker to obtain from a company or department? ^A: E-mail messages ^B: Router tables ^C: Database information ^D: DNS server records A#CIW Q123. Which service, tool or command provides information about administrators, domain name servers, additional domains and physical locations? ^A: Whois ^B: Ping scanner ^C: Host ^D: Traceroute A#CIW Q124. Your IDS application pages you at 3:00^A:m, and informed you that an attack occurred against your DNS server. You drive to the server site to investigate. You find no evidence of an attack, although the IDS application claims that a remote DNS server waged an attack on port 53 of your intranet DNS server. You check the logs and discover that a zone transfer has occurred. You check your zones and name resolution, and discover that all entries exist, and no unusual entries have been added to the database. What has most likely occurred? ^A: A DNS poisoning attack against your internal DNS server. ^B: A denial-of-service attack against your internal DNS server. ^C: A false positive generated by the IDS. ^D: A malfunction of the internal name server. D#CIW Q125. Which of the following is a potential security risk when using CGI scripts? ^A: CGI scripts can contain viruses that can be used against your system. ^B: Compromised CGI scripts are often used in packet spoofing because they do not check packets that generate. ^C: CGI scripts can create broadcast storms on the local network. ^D: Remote user input can be used to execute local commands. B#CIW Q126. Which choice best defines the Windows NT Security Account Manager? ^A: The portion of the GINA.DLL that controls security ^B: The database containing the identities and credentials of users ^C: The name of the machine responsible for management of all security on the LAN ^D: The interface that is responsible for logging on and user IDs A#CIW Q127. Lucy wants to ensure that her Windows NT Server 4.0 and Windows 2000 systems do not incur any unauthorized changes. What can she do to help secure her registry from changes? ^A: Lock the registry so that it cannot be written to by any application. ^B: Enable auditing. ^C: Back up the registry. ^D: Configure the registry so that it does not change. A#CIW Q128. Andreas wants to choose a strong password for his computer. Which of the following should he include for his password? ^A: A mixture of uppercase and lowercase letters, symbols and numbers. ^B: An arcane phrase only he can remember. ^C: An incorrect spelling of a word or a phrase. ^D: A mixture of random words that form non-sense. B#CIW Q129. What is the essential element in the implementation of any security plan? ^A: Testing to make sure any server-side scripts are secure ^B: Testing patch levels ^C: Proper firewall configuration ^D: Auditing D#CIW Q130. A malicious user has connected to your system and learned the specifics of your operating system, including its current patch levels and the operating system name. What is the term for this type of scanning attack? ^A: SYN detection ^B: TCP priming ^C: Cache poisoning ^D: Stack fingerprinting C#CIW Q131. Which type of attack causes a remote host to crash because it cannot respond to any new TCP connection requests? ^A: Crack attack ^B: Smurf attack ^C: SYN flood ^D: ICMP flood B#CIW Q132. Tavo wants to improve the security on his FTP server. He is especially worried about password-sniffing attacks. Which of the following is the best action for Tavo to take? ^A: Disable anonymous logins. ^B: Allow only anonymous logins. ^C: Configure the firewall to block port 21. ^D: Place the FTP server outside of the firewall. A#CIW Q133. Raul wants to know where to find encrypted passwords in a secured Linux server. Where is this information located on the hard drive? ^A: /etc/shadow ^B: /etc/passwd ^C: / secure/etc/shadow ^D: /etc/security/shadow D#CIW Q134. In which risk assessment stage does the security auditor map the systems and resources on a network? ^A: Penetration ^B: Cancellation ^C: Activation ^D: Discovery A#CIW Q135. You installed SSH on an older Linux server. You want to allow users to authenticate securely. Which choice lists two actions that must occur first? ^A: Public keys must first be exchanged to enable data encryption, and then the system exchange hostkeys to enable authentication without passwords. ^B: The system must exchange host keys to enable data encryption, and individual users must exchange public keys to enable authentication without passwords. ^C: A key pair must be obtained from a CA to enable data encryption, then host keys must be exchanged to enable authentication. ^D: A key pair must be obtained from a CA to enable authentication, then host keys must be exchanged to enable data encryption. C#CIW Q136. You want to secure your SMTP transmissions from sniffing attacks. How can you accomplish this? ^A: Forbid relaying. ^B: Enforce masquerading. ^C: Use an SSL certificate. ^D: Use strict bounds checking on arrays.