True / False Questions
36. (p. 459) RAID technology provides backup for data stored on hard drives.
FALSE
FALSE
37. (p. 458) Outside hackers are the greatest threat to a network.
FALSE
FALSE
38. (p. 462) Free anti-malware programs are not reliable and not recommended.
FALSE
FALSE
39. (p. 465) Rogue access points are difficult to add to a network.
FALSE
FALSE
40. (p. 466) Even the smallest network will have a number of user accounts and groups.
TRUE
TRUE
41. (p. 471) A single router cannot have both NAT and port filtering because they will conflict with other.
FALSE
FALSE
42. (p. 468) Any user account that becomes a member of a group automatically gets the permissions assigned to that group.
TRUE
TRUE
43. (p. 468) A smart device scans your fingerprints for authentication.
FALSE
FALSE
44. (p. 463) A smurf attack is an example of a social engineering attack on a network.
FALSE
FALSE
45. (p. 464) A zombie is an operator of a botnet.
FALSE
FALSE
46. (p. 460) Viruses needs human action to spread.
TRUE
TRUE
47. (p. 461) Some adware actually installs a virus when you click on the ad.
TRUE
TRUE
48. (p. 461) Rootkits cannot strike against firmware.
FALSE
FALSE
49. (p. 460-461) A Trojan can appear as a game, or even a free screensaver.
TRUE
TRUE
50. (p. 460) Worms can't exploit inherent flaws in program code.
FALSE
FALSE
Fill in the Blank Questions
51. (p. 459) Redundant hardware provides _______________ for a computer or network.
fault tolerance
fault tolerance
52. (p. 459) Hackers are just one of many _______________ a network administrator must be prepared for.
network threats
network threats
53. (p. 460) _______________ is the "super" account native to Windows.
Administrator
Administrator
54. (p. 460) Managing the "super" account on a system or network comes under the heading of _______________.
administrative access control
administrative access control
55. (p. 460) Any program or code that does something to a system or network that you don't want to occur is called _______________.
malware
malware
56. (p. 460) The two jobs of a(n) _______________ are to replicate and to activate.
virus
virus
57. (p. 461) A(n) _______________ hides where many anti-malware programs may not find it.
rootkit
rootkit
58. (p. 461) Because malware is constantly changing, an anti-malware program is only as good as its _______________.
updates
updates
59. (p. 462) Surprisingly, a significant percentage of attacks against a network fall into the category of _______________.
social engineering
social engineering
60. (p. 463) In a(n) _______________ attack, the attacker poses as a trusted site and asks you to give them information that will give them access to your private financial identity.
phishing
phishing
61. (p. 463) An attacker who wants to bring a network down will use a(n) _______________ attack that floods the network with more requests than it can handle.
Denial of Service
Denial of Service
62. (p. 463) A(n) _______________ is a group of computers under the control of one operator.
botnet
botnet
63. (p. 465) A(n) _______________ is an unauthorized WAP installed in a computer network.
rogue access point
rogue access point
64. (p. 466) The threats you are trying to eliminate when securing user accounts are _______________ threats.
internal
internal
65. (p. 467) _______________ are the ultimate key to protecting your network.
passwords
passwords
66. (p. 467) _______________ user accounts and groups can become secret back doors to a network.
default
default
67. (p. 471) _______________ hides the IP addresses on an internal network from outsiders.
Network Address Translation (NAT)
Network Address Translation (NAT)
68. (p. 471) _______________ is another name for port filtering.
port blocking
port blocking
69. (p. 473) Using _______________ on outgoing traffic, an administrator can block certain computers from accessing the Internet.
packet filtering or IP filtering
packet filtering or IP filtering
70. (p. 474-475) A host-based software firewall is also called a(n) _______________.
personal firewall
personal firewall
71. (p. 475) _______________ is the personal firewall that comes with Windows.
Windows Firewall
Windows Firewall
72. (p. 477) A private, protected TCP/IP network is called a(n) _______________.
intranet
intranet
73. (p. 476) _______________ is an example of a personal firewall.
ZoneAlarm or Windows Firewall
ZoneAlarm or Windows Firewall
74. (p. 476) By default, Windows Firewall blocks all incoming IP packets that attempt to _______________.
initiate a session
initiate a session
75. (p. 475) Even a computer using a dial-up connection should be sure to have a good _______________ in place and updated.
antivirus program
antivirus program
76. (p. 474) _______________ filtering provides more security than _______________ filtering.
stateful/stateless
stateful/stateless
77. (p. 475) Because _______________ can run over IP, sharing a folder or printer potentially makes it available to anyone on the Internet.
NetBIOS
NetBIOS
78. (p. 474) _______________ limits access to a network based on a NIC's MAC address.
MAC filtering
MAC filtering
79. (p. 470) Permissions assigned to a folder affect the contents of child folders through the _______________ mechanism.
inheritance
inheritance
80. (p. 470) Managing user accounts and the permissions to resources is very complex and difficult, requiring that an administrator use _______________ to stay on top of all the subtleties and protect the network.
diligence
diligence
81. (p. 477) __________ is a great classic example of a vulnerability scanner.
Nessus or Nmap
Nessus or Nmap
82. (p. 473) Both NAT and port filtering are possible on a device if ___________ is properly implemented.
port security
port security
83. (p. 461) __________ is a response to malware that involves updating systems and applications to mitigate vulnerabilities and correct security flaws.
patch management
patch management
84. (p. 461) A(n) _________ is a piece of malware that, by definition, gains privileged access to a computer.
rootkit
rootkit
85. (p. 460) A(n) __________ is programming within an application that enables you to control aspects of the application, but can be used to harm systems if used in a malicious manner.
macro
macro
Essay Questions
86. (p. 458) Give a concise, general definition of a network threat—the way you would explain it to nontechnical management.
A network threat is anything that can potentially damage network data, machines, or users.
87. (p. 459) List at least four common network threats.
Any four of the following or related threats is correct.
System crashes and other hardware failures
Administrative access control weaknesses
Malware (viruses, worms, and so on)
Social engineering
Denial of Service attacks
Physical intrusion
Attacks on wireless connections
System crashes and other hardware failures
Administrative access control weaknesses
Malware (viruses, worms, and so on)
Social engineering
Denial of Service attacks
Physical intrusion
Attacks on wireless connections
88. (p. 459) Briefly discuss threats from within a network.
Threats from within a network, even from users with good intentions, can cause more damage than hackers. It is obvious that administrators must protect a network from threats from outside, but authorized users can pose a greater threat through ignorance or carelessness because they already have access to the network, and must have some level of permissions on the network.
89. (p. 460) Explain the value and danger of the "super" user accounts native to all operating systems.
While the "super" user account is critical, and necessary in an operating system because only this account can do many of the important tasks of managing a system, in the wrong hands, this account can be a threat to the system and the network because of the special privileges of the account.
90. (p. 460-461) Give an overview of the threats that come under the heading of "malware."
Malware includes a variety of programs or code that do something to your computer or network that you do not want to have occur. There are many varieties of malware. A short list includes viruses, worms, macros, Trojans, rootkits, adware, and spyware.
91. (p. 460) What is the distinction between a worm and a virus?
While identical in function to a virus, a worm replicates exclusively through networks. It does not have to wait for someone to use a removable drive to replicate from one machine to another, but can move to other machines across a network.
92. (p. 460) Explain why a macro is a category of threat.
While many applications have a built-in macro language, this is a vulnerability that macro malware can exploit by using the macro language of an application to replicate and activate itself.
93. (p. 461) Briefly list the three ways we fight malware.
The three ways we fight malware are through anti-malware programs, training, and procedures. Anti-malware should be in place and updated, training alerts users to what to look for, and procedures define what everyone should do when they encounter malware.
94. (p. 464) Describe the two areas of physical protection that you should provide for a network.
Two areas of physical protection you should provide for a network are protection of servers and protection of clients. You can physically protect servers by placing them in a secure room or locked closet with access limited only to those trusted persons who have a real need to be in there. Techs should also never walk away from a server while logged on. All users on all systems should enable password-protected screen savers and protect their passwords by never writing them down.
95. (p. 465) Describe the problem of rogue access points.
The problem of rogue access points exists because WAPs are inexpensive, and easy to add to a network by simply plugging the WAP into an Ethernet wall jack. Once the rogue access point is installed, the bad guys can access the network from outside the building. Sometimes employees install them for their own convenience, without realizing that they expose the network to outside threats. You can make a rogue access point nearly invisible by turning off SSID broadcasting.
96. (p. 467) Explain why it is important to protect the passwords of all users, even those with limited permissions on a network.
Half the battle for a hacker is getting into a network, so when a hacker accesses a network with any user account, it is a big security breach.
97. (p. 471) Compare a network-based firewall to a host-based firewall.
A network-based firewall is a device that sits at the edge of a network, while a host-based firewall is a software firewall running on a host within the network.
98. (p. 471) Describe the effect of port filtering.
Port filtering prevents unauthorized TCP or UDP packets from entering a network by limiting open ports to those defined by the administrator.
99. (p. 476) Describe the default behavior of Windows Firewall.
By default, Windows Firewall blocks all incoming IP packets that attempt to initiate a session.
100. (p. 476) Describe at least one downside of host-based firewalls.
A host-based firewall is software that runs on each host, taking CPU processing away from your systems.
101. (p. 476) Describe the position of a dedicated firewall box in a large network.
In a large network, a dedicated firewall box sits between the gateway router and the protected network.
102. (p. 477) Describe a honeypot.
A honeypot, either a freestanding device, or software within a router/firewall, creates a fake network that appears vulnerable to attackers. This draws hackers away from the well-protected real network, and the honeypot records the hackers' actions.
103. (p. 477) Describe the purpose of a demilitarized zone (DMZ) in networking.
While we must rigorously protect the majority of a private network from external threats, some systems, such as mail servers and Web servers, must be accessible from the Internet, and need a different level of protection. Therefore, we position the majority of the hosts behind a firewall, while the servers that must be accessed from the Internet are positioned in a less rigorously protected area called the DMZ.
104. (p. 476) If you cannot run a program that requires Internet access, what might you need to change in your firewall?
You may need to open ports on the firewall. Discover which ports to open by contacting the publisher of the software to see if certain TCP or UDP ports need to be open for the application to run.
105. (p. 475) After ensuring that you have a good firewall, what is one of the first security tasks you should perform as a Windows user after acquiring high-speed, always-on Internet access at home?
One of the first things a Windows user should do is to turn off File and Print Sharing because sharing a folder or printer on a computer connected to the Internet potentially makes it available to anyone on the Internet, unless you take some special precautions.
106. (p. 475) How can a hacker on the Internet tell that you have File and Print Sharing turned on in your home Windows computer connected via broadband to the Internet?
Hackers can discover that a computer has File and Print Sharing turned on through port scanning.
107. (p. 476) When would a very small business of only four or fewer computers require a more robust firewall solution than a consumer-level broadband router?
A very small business of only four or fewer computers would require a more robust firewall solution if the business needed more sophisticated features than are available in many consumer-level broadband routers. A VPN service is one example of such a feature.
108. (p. 476) When you modify the Windows Firewall to open a port, what three pieces of information must you provide?
To modify the Windows Firewall to open a port, you need to provide the port number, the protocol, and a name to identify the port.
109. (p. 475) Explain why, in general, you should not allow incoming Internet traffic to initiate a session on your desktop computer.
The reason you generally do not want incoming traffic to initiate a session on your computer is that this is the behavior of many malware threats. Also, a desktop computer is usually not running a service that is accessible from the Internet.
110. (p. 474-475) Describe why dial-up connections are less susceptible to external threats than broadband connections.
A dial-up connection is not an always-on session, and therefore it is difficult for hackers to detect the connection. Also, since dial-up connections use DHCP-assigned IP address, which usually change from connection instance to connection instance, it is difficult for a hacker to detect and use that IP address to target that user.
111. (p. 468) Describe how a biometric device works.
In place of a password, a biometric device scans some aspect of a user, such as scanning a fingerprint, retina, or voice. The computer compares the scan with a scan held in the user accounts database. If they match, the user is allowed access.
112. (p. 468) Describe the downside to using a smart device for authentication.
The downside to using a smart device for authentication is that the device could be lost or stolen.
113. (p. 466) Describe an ownership factor as an authentication factor.
An ownership factor is something a user has, such as an ID card, security token, or smart device.
114. (p. 466) Describe an inherent factor as an authentication factor.
An inherent factor is some part of a user, such as a fingerprint, retina, or voice. All of these factors are unique and can be scanned for authentication.
115. (p. 467) Why does use of nonalphanumeric characters make a password more difficult to crack?
Using nonalphanumeric characters makes a password more difficult to crack because it adds to the number of possible unique combinations over and above using only alphanumeric characters. This is also true because most password crackers use combinations of common words and numbers to break a password, and adding nonalphanumeric characters into the mix introduces less common combinations, and it is more difficult to crack.
116. (p. 465) Describe leeching.
Leeching is using another person's wireless network without that person's permission. It usually accompanies activities such as war driving (to seek out unprotected networks by using sniffer hardware and cruising neighborhoods) and war chalking (markings or symbols stenciled onto a nearby fence, gate, door, wall, or whatever, marking the open Wi-Fi signal).
117. (p. 465) Discuss cracking wireless encryption.
Using encryption can stop casual leeching. Three types of wireless encryption are used: WEP, WPA, and WPA2. WEP and WPA cracking are very simple. Essentially, an attacker runs a sniffer program to capture packets, and then runs a program to sniff out the password or preshared key. Since WPA2 is very difficult and time-consuming to crack, it should be used before the other encryption methods.
118. (p. 463) Describe a man in the middle attack.
In a man in the middle attack, the attacker inserts him - or herself into a conversation between two other parties and covertly intercepts "private" traffic. The attacker may use this technique to get passwords or other sensitive data. Man in the middle techniques include rouge wireless access points and social engineering.
119. (p. 461) How could adware, which is usually considered to be only annoying, be considered harmful?
Some of these ads and pop-ups could be used by malicious persons and be infected with malware. They may actually install a virus when you click on them.
120. (p. 471) Describe an FTP bounce attack.
An FTP bounce attack is an early exploit of open ports, where a malicious user could run the port command on an FTP server to discover any open ports on the FTP server. Modern FTP servers block this kind of attack.
No comments:
Post a Comment