Professional Documents
Culture Documents
FORESEC FCNS For Reviewer
FORESEC FCNS For Reviewer
1. Your company's network just finished going through a SAS 70 audit. This audit reported
that overall, your network is secure, but there are some areas that needs improvement.
The major area was SNMP security. The audit company recommended turning off SNMP,
but that is not an option since you have so many remote nodes to keep track of. What step
could you take to help secure SNMP on your network?
a. Change the default community string names
b. Block all internal MAC address from using SNMP
c. Block access to UDP port 171
d. Block access to TCP port 171
5. You have downloaded a CD ISO image and want to verify its integrity. What should you
do?
a. Compare the file sizes.
b. Burn the image and see if it works.
c. Create an MD5 sum and compare it to the MD5 sum listed where the image was
downloaded.
d. Create an MD4 sum and compare it to the MD4 sum listed where the image was
downloaded.
6. You are running cabling for a network through a boiler room where the furnace and some
other heavy machinery reside. You are concerned about interference from these sources.
Which of the following types of cabling provides the best protection from interference in this
area?
a. STP b. UTP c. Coaxial d. Fiber-optic
7. Forensic procedures must be followed exactly to ensure the integrity of data obtained in an
investigation. When making copies of data from a machine that is being examined, which of
the following tasks should be done to ensure it is an exact duplicate?
a. Perform a cyclic redundancy check using a checksum or hashing algorithm.
b. Change the attributes of data to make it read only.
c. Open files on the original media and compare them to the copied data.
d. Do nothing. Imaging software always makes an accurate image.
8. From the options, choose the disadvantage of implementing an IDS (Intrusion Detection
System)?
a. False positives c. Compatibility
b. Decrease in throughput d. Administration
9. You have been told to develop a system to control how and when a user will be allowed to
connect to a remote access server. You should specify which media should be used to
connect and to which groups the user should belong. Which of the following aspects of
computer security are you supposed to work with?
a. Access control b. Authorization c. Auditing d. Authentication
10. You are manager of the IT department and have designed a new security policy that
addresses the IT staff’s responsibilities to users, equipment, and data. The policy only
affects the IT staff. It deals with such issues as routine backups of data, network security
changes, and audits of data on servers. Now that the new policy is written, which of the
following should you do next? (Choose all that apply)
a. Publish the policy and make it available for all users to read.
b. Obtain authorization from other members of the IT staff.
c. Obtain authorization from senior management.
d. Provide a copy of the policy to legal counsel, and have them review its content and
wording.
12. A user is concerned that someone may have access to his account, and may be accessing
his data. Which of the following events will you audit to identify if this is the case?
a. Monitor the success and failure of accessing printers and other resources.
b. Monitor the success of changes to accounts.
c. Monitor the success of restarts and shutdowns.
d. Monitor for escalated use of accounts during off hours.
13. On Linux/Unix based Web servers, what privilege should the daemon service be run under?
a. Guest
b. You cannot determine what privilege runs the daemon service
c. Root
d. Something other than root
14. Jason has set up a honeypot environment by creating a DMZ that has no physical or logical
access to his production network. In this honeypot, he has placed a server running
Windows Active Directory. He has also placed a Web server in the DMZ that services a
number of web pages that offer visitors a chance to download sensitive information by
clicking on a button.
A week later, Jason finds in his network logs how an intruder accessed the honeypot and
downloaded sensitive information. Jason uses the logs to try and prosecute the intruder for
stealing sensitive corporate information.
Why will this not be viable?
a. Intruding into ahoneypot is not illegal c. Intruding into a DMZ is not illegal
b. Entrapment d. Enticement
15. Which of the following actions best describes the term IP spoofing?
a. Trying to guess a password.
b. Pretending to be someone you are not.
c. Capturing TCP/IP traffic.
d. Trying to crack an encryption key.
16. When a company uses ____________, it is keeping copies of the private key in two
separate secured locations where only authorized persons are allowed to access them.
18. The PKI identification process is based upon the use of unique identifiers, known as _____.
a. Licenses b. Fingerprints c. Keys d. Locks
19. Jonathan is a network administrator who is currently testing the internal security of his
network. He is attempting to hijack a session, using Ettercap, of a user connected to his
Web server.
Why will Jonathan not succeed?
a. Only an HTTPS session can be hijacked c. Only FTP traffic can be hijacked
b. Only DNS traffic can be hijacked d. HTTP protocol does not maintain session
20. When setting up a wireless network with multiple access points, why is it important to set
each access point on a different channel?
a. Avoid cross talk
b. Avoid over-saturation of wireless signals
c. So that the access points will work on different frequencies
d. Multiple access points can be set up on the same channel without any issues
21. A packet is sent to a router that does not have the packet destination address in its route
table, how will the packet get to its properA packet is sent to a router that does not have
the packet? Destination address in its route table, how will the packet get to its proper
destination?
a. Root Internet servers c. Gateway of last resort
b. Border Gateway Protocol d. Reverse DNS
22. Removal of non essential services and protocols helps in all of the following except:
a. Securing the system c. System performance
b. Network performance d. Reduction of administrative overheads
23. When you use Java, the JVM isolates the Java applet to a sandbox when it executes. What
does this do to provide additional security?
a. This prevents the Java applet from accessing data on the client’s hard drive.
b. This prevents the Java applet from communicating to servers other than the one from
which it was downloaded.
c. This prevents the Java applet from failing in such a way that the Java applet is unable
to execute.
d. This prevents the Java applet from failing in such a way that it affects another
application.
24. A programmer has written malicious code that will delete all systems file on a critical file
server. This code will execute as soon as the programmer is terminated from the company
and his user account is disabled or deleted. What kind of malicious code is this?
a. Trojan horse b. Worm c. Virus d. Logic bomb
25. Why is it a good idea to perform a penetration test from the inside?
a. It is easier to hack from the inside
b. It is never a good idea to perform a penetration test from the inside
27. John and Hillary works at the same department in the company. John wants to find out
Hillary's network password so he can take a look at her documents on the file server. He
enables Lophtcrack program to sniffing mode. John sends Hillary an email with a link to
Error! Reference source not found.
What information will he be able to gather from this?
a. The SID of Hillary's network account
b. The network shares that Hillary has permissions
c. The SAM file from Hillary's computer
d. Hillary's network username and password hash
28. The use of VPNs and __________________ have enabled users to be able to telecommute.
a. PGP b. S/MIME c. Wireless NICs d. RASs
29. The mail server is receiving a large number of spam e-mails and users have hundreds of
unwanted messages in their mailbox.What kind of attack are you receiving?
a. A rootkit c. A virus
b. A DoS flooding attack d. A Logic bomb
30. Sally has come to you for advice and guidance. She is trying to configure a network device
to block attempts to connect on certain ports, but when she finishes the configuration, it
works for a period of time but then changes back to the original configuration. She cannot
understand why the settings continue to change back. When you examine the
configuration, you find that the __________ are incorrect, and are allowing Bob to change
the configuration, although he is not supposed to operate or configure this device. Since he
did not know about Sally, he kept changing the configuration back.
31. What are some of the advantages of off-line password attacks? (Select all that apply.)
a. They do not generate noise on the target network or host.
b. They are not locked out after a set amount of tries.
c. They can be used to reset the user’s password without the need for cracking.
d. They can be initiated by zombies.
32. You are setting up a test plan for verifying that new code being placed on a Web server is
secure and does not cause any problems with the production Web server. What is the best
way to test the code prior to deploying it to the production Web server?
a. Test all new code on a development PC prior to transferring it to the production Web
server.
b. Test all new code on an active internal Web server prior to transferring it to the
production Web server.
c. Test all new code on a duplicate Web server prior to transferring it to the production
Web server.
d. Test all new code on another user’s PC prior to transferring it to the production Web
server.
33. Sally has come to you for advice and guidance. She is trying to configure a network device
to block attempts to connect on certain ports, but when she finishes the configuration, it
works for a period of time but then changes back to the original configuration. She cannot
understand why the settings continue to change back. When you examine the
configuration, you find that the __________ are incorrect, and are allowing Bob to change
the configuration, although he is not supposed to operate or configure this device. Since he
did not know about Sally, he kept changing the configuration back.
34. You are setting up a test plan for verifying that new code being placed on a Web server is
secure and does not cause any problems with the production Web server. What is the best
way to test the code prior to deploying it to the production Web server?
a. Test all new code on a development PC prior to transferring it to the production Web
server.
b. Test all new code on an active internal Web server prior to transferring it to the
production Web server.
c. Test all new code on a duplicate Web server prior to transferring it to the production
Web server.
d. Test all new code on another user’s PC prior to transferring it to the production Web
server.
35. Rick is a security auditor for your company. He is in the process of attempting to attack one
of your servers but when you check all of your production servers, you detect no attacks
happening. Why is this so?
a. Rick is actually attacking a server in someone else’s network.
b. Rick is actually attacking a honeypot, not a production server.
c. Rick is being stopped at the firewall.
d. Rick is using the wrong account with which to launch the attack.