FORESEC

FORENSIC AND E-BUSINESS SECURITY

FORESEC CERTIFICATE IN NETWORKING SECURITY

REVIEWER

Instruction: Select the letter of the correct answer.

1. Your company's network just finished going through a SAS 70 audit. This audit reported
that overall, your network is secure, but there are some areas that needs improvement.
The major area was SNMP security. The audit company recommended turning off SNMP,
but that is not an option since you have so many remote nodes to keep track of. What step
could you take to help secure SNMP on your network?
a. Change the default community string names
b. Block all internal MAC address from using SNMP
c. Block access to UDP port 171
d. Block access to TCP port 171

2. Which of the following protocols can be used to secure a VPN connection?

a. TCP/IP b. DNS c. MPPE d. AppleTalk

3. Which of the following is the main weakness of symmetric encryption algorithms?

a. The size of the keys c. The vulnerability to attacks
b. The distribution of keys d. Processing capabilities

4. An "idle" system is also referred to as what?

a. Zombie c. Bot
b. PC not being used d. PC not connected to the Internet

5. You have downloaded a CD ISO image and want to verify its integrity. What should you
do?
a. Compare the file sizes.
b. Burn the image and see if it works.
c. Create an MD5 sum and compare it to the MD5 sum listed where the image was
downloaded.
d. Create an MD4 sum and compare it to the MD4 sum listed where the image was
downloaded.

6. You are running cabling for a network through a boiler room where the furnace and some
other heavy machinery reside. You are concerned about interference from these sources.
Which of the following types of cabling provides the best protection from interference in this
area?
a. STP b. UTP c. Coaxial d. Fiber-optic

7. Forensic procedures must be followed exactly to ensure the integrity of data obtained in an
investigation. When making copies of data from a machine that is being examined, which of
the following tasks should be done to ensure it is an exact duplicate?
a. Perform a cyclic redundancy check using a checksum or hashing algorithm.
b. Change the attributes of data to make it read only.
c. Open files on the original media and compare them to the copied data.
d. Do nothing. Imaging software always makes an accurate image.
8. From the options, choose the disadvantage of implementing an IDS (Intrusion Detection
System)?
a. False positives c. Compatibility
b. Decrease in throughput d. Administration

FORESEC FCNS For Review Page 1

 FORESEC
FORENSIC AND E-BUSINESS SECURITY

9. You have been told to develop a system to control how and when a user will be allowed to
connect to a remote access server. You should specify which media should be used to
connect and to which groups the user should belong. Which of the following aspects of
computer security are you supposed to work with?
a. Access control b. Authorization c. Auditing d. Authentication

10. You are manager of the IT department and have designed a new security policy that
addresses the IT staff’s responsibilities to users, equipment, and data. The policy only
affects the IT staff. It deals with such issues as routine backups of data, network security
changes, and audits of data on servers. Now that the new policy is written, which of the
following should you do next? (Choose all that apply)
a. Publish the policy and make it available for all users to read.
b. Obtain authorization from other members of the IT staff.
c. Obtain authorization from senior management.
d. Provide a copy of the policy to legal counsel, and have them review its content and
wording.

11. Which of the combinations here can be used to create an extranet?

a. Two intranets c. One intranet and one perimeter network
b. Two perimeter networks d. All of the above configurations

12. A user is concerned that someone may have access to his account, and may be accessing
his data. Which of the following events will you audit to identify if this is the case?
a. Monitor the success and failure of accessing printers and other resources.
b. Monitor the success of changes to accounts.
c. Monitor the success of restarts and shutdowns.
d. Monitor for escalated use of accounts during off hours.

13. On Linux/Unix based Web servers, what privilege should the daemon service be run under?
a. Guest
b. You cannot determine what privilege runs the daemon service
c. Root
d. Something other than root

14. Jason has set up a honeypot environment by creating a DMZ that has no physical or logical
access to his production network. In this honeypot, he has placed a server running
Windows Active Directory. He has also placed a Web server in the DMZ that services a
number of web pages that offer visitors a chance to download sensitive information by
clicking on a button.
A week later, Jason finds in his network logs how an intruder accessed the honeypot and
downloaded sensitive information. Jason uses the logs to try and prosecute the intruder for
stealing sensitive corporate information.
Why will this not be viable?
a. Intruding into ahoneypot is not illegal c. Intruding into a DMZ is not illegal
b. Entrapment d. Enticement

15. Which of the following actions best describes the term IP spoofing?
a. Trying to guess a password.
b. Pretending to be someone you are not.
c. Capturing TCP/IP traffic.
d. Trying to crack an encryption key.

16. When a company uses ____________, it is keeping copies of the private key in two
separate secured locations where only authorized persons are allowed to access them.

FORESEC FCNS For Review Page 2

 FORESEC
FORENSIC AND E-BUSINESS SECURITY

a. Key escrow b. Key destruction c. Key generation d. Key rings

17. Harold wants to set up a firewall on his network but is not sure which one would be the
most appropriate. He knows he needs to allow FTP traffic to one of the servers on his
network, but he wants to only allow FTP-PUT. Which firewall would be most appropriate for
Harold? needs?
a. Application-level proxy firewall c. Packet filtering firewall
b. Data link layer firewall d. Circuit-level proxy firewall

18. The PKI identification process is based upon the use of unique identifiers, known as _____.
a. Licenses b. Fingerprints c. Keys d. Locks

19. Jonathan is a network administrator who is currently testing the internal security of his
network. He is attempting to hijack a session, using Ettercap, of a user connected to his
Web server.
Why will Jonathan not succeed?
a. Only an HTTPS session can be hijacked c. Only FTP traffic can be hijacked
b. Only DNS traffic can be hijacked d. HTTP protocol does not maintain session

20. When setting up a wireless network with multiple access points, why is it important to set
each access point on a different channel?
a. Avoid cross talk
b. Avoid over-saturation of wireless signals
c. So that the access points will work on different frequencies
d. Multiple access points can be set up on the same channel without any issues

21. A packet is sent to a router that does not have the packet destination address in its route
table, how will the packet get to its properA packet is sent to a router that does not have
the packet? Destination address in its route table, how will the packet get to its proper
destination?
a. Root Internet servers c. Gateway of last resort
b. Border Gateway Protocol d. Reverse DNS

22. Removal of non essential services and protocols helps in all of the following except:
a. Securing the system c. System performance
b. Network performance d. Reduction of administrative overheads

23. When you use Java, the JVM isolates the Java applet to a sandbox when it executes. What
does this do to provide additional security?
a. This prevents the Java applet from accessing data on the client’s hard drive.
b. This prevents the Java applet from communicating to servers other than the one from
which it was downloaded.
c. This prevents the Java applet from failing in such a way that the Java applet is unable
to execute.
d. This prevents the Java applet from failing in such a way that it affects another
application.

24. A programmer has written malicious code that will delete all systems file on a critical file
server. This code will execute as soon as the programmer is terminated from the company
and his user account is disabled or deleted. What kind of malicious code is this?
a. Trojan horse b. Worm c. Virus d. Logic bomb

25. Why is it a good idea to perform a penetration test from the inside?
a. It is easier to hack from the inside
b. It is never a good idea to perform a penetration test from the inside

FORESEC FCNS For Review Page 3

 FORESEC
FORENSIC AND E-BUSINESS SECURITY

c. To attack a network from a hacker's perspective

d. Because 70% of attacks are from inside the organization
26. You are a security analyst performing reconnaissance on a company you will be carrying
out a penetration test for. You conduct a search for IT jobs on Dice.com and find the
following information for an open position:
7+ years experience in Windows Server environment
5+ years experience in Exchange 2000/2003 environment Experience with Cisco Pix
Firewall, Linksys 1376 router, Oracle 11i and MYOB v3.4 Accounting software are required
MCSA desired, MCSE preferred
No Unix/Linux Experience needed
What is this information posted on the job website considered?
a. Information vulnerability c. Trade secret
b. Social engineering exploit d. Competitive exploit

27. John and Hillary works at the same department in the company. John wants to find out
Hillary's network password so he can take a look at her documents on the file server. He
enables Lophtcrack program to sniffing mode. John sends Hillary an email with a link to
Error! Reference source not found.
What information will he be able to gather from this?
a. The SID of Hillary's network account
b. The network shares that Hillary has permissions
c. The SAM file from Hillary's computer
d. Hillary's network username and password hash

28. The use of VPNs and __________________ have enabled users to be able to telecommute.
a. PGP b. S/MIME c. Wireless NICs d. RASs

29. The mail server is receiving a large number of spam e-mails and users have hundreds of
unwanted messages in their mailbox.What kind of attack are you receiving?
a. A rootkit c. A virus
b. A DoS flooding attack d. A Logic bomb

30. Sally has come to you for advice and guidance. She is trying to configure a network device
to block attempts to connect on certain ports, but when she finishes the configuration, it
works for a period of time but then changes back to the original configuration. She cannot
understand why the settings continue to change back. When you examine the
configuration, you find that the __________ are incorrect, and are allowing Bob to change
the configuration, although he is not supposed to operate or configure this device. Since he
did not know about Sally, he kept changing the configuration back.

a. MAC settings b. DAC settings c. ACL settings d. Permissions

31. What are some of the advantages of off-line password attacks? (Select all that apply.)
a. They do not generate noise on the target network or host.
b. They are not locked out after a set amount of tries.
c. They can be used to reset the user’s password without the need for cracking.
d. They can be initiated by zombies.

32. You are setting up a test plan for verifying that new code being placed on a Web server is
secure and does not cause any problems with the production Web server. What is the best
way to test the code prior to deploying it to the production Web server?
a. Test all new code on a development PC prior to transferring it to the production Web
server.

FORESEC FCNS For Review Page 4

 FORESEC
FORENSIC AND E-BUSINESS SECURITY

b. Test all new code on an active internal Web server prior to transferring it to the
production Web server.
c. Test all new code on a duplicate Web server prior to transferring it to the production
Web server.
d. Test all new code on another user’s PC prior to transferring it to the production Web
server.

33. Sally has come to you for advice and guidance. She is trying to configure a network device
to block attempts to connect on certain ports, but when she finishes the configuration, it
works for a period of time but then changes back to the original configuration. She cannot
understand why the settings continue to change back. When you examine the
configuration, you find that the __________ are incorrect, and are allowing Bob to change
the configuration, although he is not supposed to operate or configure this device. Since he
did not know about Sally, he kept changing the configuration back.

b. MAC settings b. DAC settings c. ACL settings d. Permissions

34. You are setting up a test plan for verifying that new code being placed on a Web server is
secure and does not cause any problems with the production Web server. What is the best
way to test the code prior to deploying it to the production Web server?
a. Test all new code on a development PC prior to transferring it to the production Web
server.
b. Test all new code on an active internal Web server prior to transferring it to the
production Web server.
c. Test all new code on a duplicate Web server prior to transferring it to the production
Web server.
d. Test all new code on another user’s PC prior to transferring it to the production Web
server.

35. Rick is a security auditor for your company. He is in the process of attempting to attack one
of your servers but when you check all of your production servers, you detect no attacks
happening. Why is this so?
a. Rick is actually attacking a server in someone else’s network.
b. Rick is actually attacking a honeypot, not a production server.
c. Rick is being stopped at the firewall.
d. Rick is using the wrong account with which to launch the attack.

FORESEC FCNS For Review Page 5