Saturday, 21 April 2018

RAID technology provides backup for data stored on hard drives.

True / False Questions
 
36. (p. 459) RAID technology provides backup for data stored on hard drives.
FALSE
                                                                    
37. (p. 458) Outside hackers are the greatest threat to a network.
FALSE

38. (p. 462) Free anti-malware programs are not reliable and not recommended.
FALSE

39. (p. 465) Rogue access points are difficult to add to a network.
FALSE

40. (p. 466) Even the smallest network will have a number of user accounts and groups.
TRUE

41. (p. 471) A single router cannot have both NAT and port filtering because they will conflict with other.
FALSE

42. (p. 468) Any user account that becomes a member of a group automatically gets the permissions assigned to that group.
TRUE

43. (p. 468) A smart device scans your fingerprints for authentication.
FALSE

44. (p. 463) A smurf attack is an example of a social engineering attack on a network.
FALSE

45. (p. 464) A zombie is an operator of a botnet.
FALSE

46. (p. 460) Viruses needs human action to spread.
TRUE

47. (p. 461) Some adware actually installs a virus when you click on the ad.
TRUE

48. (p. 461) Rootkits cannot strike against firmware.
FALSE

49. (p. 460-461) A Trojan can appear as a game, or even a free screensaver.
TRUE

50. (p. 460) Worms can't exploit inherent flaws in program code.
FALSE



Fill in the Blank Questions
 
51. (p. 459) Redundant hardware provides _______________ for a computer or network.
fault tolerance

52. (p. 459) Hackers are just one of many _______________ a network administrator must be prepared for.
network threats

53. (p. 460) _______________ is the "super" account native to Windows.
Administrator

54. (p. 460) Managing the "super" account on a system or network comes under the heading of _______________.
administrative access control

55. (p. 460) Any program or code that does something to a system or network that you don't want to occur is called _______________.
malware

56. (p. 460) The two jobs of a(n) _______________ are to replicate and to activate.
virus

57. (p. 461) A(n) _______________ hides where many anti-malware programs may not find it.
rootkit

58. (p. 461) Because malware is constantly changing, an anti-malware program is only as good as its _______________.
updates

59. (p. 462) Surprisingly, a significant percentage of attacks against a network fall into the category of _______________.
social engineering

60. (p. 463) In a(n) _______________ attack, the attacker poses as a trusted site and asks you to give them information that will give them access to your private financial identity.
phishing

61. (p. 463) An attacker who wants to bring a network down will use a(n) _______________ attack that floods the network with more requests than it can handle.
Denial of Service

62. (p. 463) A(n) _______________ is a group of computers under the control of one operator.
botnet

63. (p. 465) A(n) _______________ is an unauthorized WAP installed in a computer network.
rogue access point

64. (p. 466) The threats you are trying to eliminate when securing user accounts are _______________ threats.
internal

65. (p. 467) _______________ are the ultimate key to protecting your network.
passwords

66. (p. 467) _______________ user accounts and groups can become secret back doors to a network.
default

67. (p. 471) _______________ hides the IP addresses on an internal network from outsiders.
Network Address Translation (NAT)

68. (p. 471) _______________ is another name for port filtering.
port blocking

69. (p. 473) Using _______________ on outgoing traffic, an administrator can block certain computers from accessing the Internet.
packet filtering or IP filtering

70. (p. 474-475) A host-based software firewall is also called a(n) _______________.
personal firewall

71. (p. 475) _______________ is the personal firewall that comes with Windows.
Windows Firewall

72. (p. 477) A private, protected TCP/IP network is called a(n) _______________.
intranet

73. (p. 476) _______________ is an example of a personal firewall.
ZoneAlarm or Windows Firewall

74. (p. 476) By default, Windows Firewall blocks all incoming IP packets that attempt to _______________.
initiate a session

75. (p. 475) Even a computer using a dial-up connection should be sure to have a good _______________ in place and updated.
antivirus program

76. (p. 474) _______________ filtering provides more security than _______________ filtering.
stateful/stateless

77. (p. 475) Because _______________ can run over IP, sharing a folder or printer potentially makes it available to anyone on the Internet.
NetBIOS

78. (p. 474) _______________ limits access to a network based on a NIC's MAC address.
MAC filtering

79. (p. 470) Permissions assigned to a folder affect the contents of child folders through the _______________ mechanism.
inheritance

80. (p. 470) Managing user accounts and the permissions to resources is very complex and difficult, requiring that an administrator use _______________ to stay on top of all the subtleties and protect the network.
diligence

81. (p. 477) __________ is a great classic example of a vulnerability scanner.
Nessus or Nmap

82. (p. 473) Both NAT and port filtering are possible on a device if ___________ is properly implemented.
port security

83. (p. 461) __________ is a response to malware that involves updating systems and applications to mitigate vulnerabilities and correct security flaws.
patch management

84. (p. 461) A(n) _________ is a piece of malware that, by definition, gains privileged access to a computer.
rootkit

85. (p. 460) A(n) __________ is programming within an application that enables you to control aspects of the application, but can be used to harm systems if used in a malicious manner.
macro

Essay Questions
 
86. (p. 458) Give a concise, general definition of a network threat—the way you would explain it to nontechnical management. 
A network threat is anything that can potentially damage network data, machines, or users.

87. (p. 459) List at least four common network threats. 
Any four of the following or related threats is correct.
System crashes and other hardware failures
Administrative access control weaknesses
Malware (viruses, worms, and so on)
Social engineering
Denial of Service attacks
Physical intrusion
Attacks on wireless connections

88. (p. 459) Briefly discuss threats from within a network. 
Threats from within a network, even from users with good intentions, can cause more damage than hackers. It is obvious that administrators must protect a network from threats from outside, but authorized users can pose a greater threat through ignorance or carelessness because they already have access to the network, and must have some level of permissions on the network.

89. (p. 460) Explain the value and danger of the "super" user accounts native to all operating systems. 
While the "super" user account is critical, and necessary in an operating system because only this account can do many of the important tasks of managing a system, in the wrong hands, this account can be a threat to the system and the network because of the special privileges of the account.

90. (p. 460-461) Give an overview of the threats that come under the heading of "malware." 
Malware includes a variety of programs or code that do something to your computer or network that you do not want to have occur. There are many varieties of malware. A short list includes viruses, worms, macros, Trojans, rootkits, adware, and spyware.

91. (p. 460) What is the distinction between a worm and a virus? 
While identical in function to a virus, a worm replicates exclusively through networks. It does not have to wait for someone to use a removable drive to replicate from one machine to another, but can move to other machines across a network.

92. (p. 460) Explain why a macro is a category of threat. 
While many applications have a built-in macro language, this is a vulnerability that macro malware can exploit by using the macro language of an application to replicate and activate itself.

93. (p. 461) Briefly list the three ways we fight malware. 
The three ways we fight malware are through anti-malware programs, training, and procedures. Anti-malware should be in place and updated, training alerts users to what to look for, and procedures define what everyone should do when they encounter malware.

94. (p. 464) Describe the two areas of physical protection that you should provide for a network. 
Two areas of physical protection you should provide for a network are protection of servers and protection of clients. You can physically protect servers by placing them in a secure room or locked closet with access limited only to those trusted persons who have a real need to be in there. Techs should also never walk away from a server while logged on. All users on all systems should enable password-protected screen savers and protect their passwords by never writing them down.

95. (p. 465) Describe the problem of rogue access points. 
The problem of rogue access points exists because WAPs are inexpensive, and easy to add to a network by simply plugging the WAP into an Ethernet wall jack. Once the rogue access point is installed, the bad guys can access the network from outside the building. Sometimes employees install them for their own convenience, without realizing that they expose the network to outside threats. You can make a rogue access point nearly invisible by turning off SSID broadcasting.

96. (p. 467) Explain why it is important to protect the passwords of all users, even those with limited permissions on a network. 
Half the battle for a hacker is getting into a network, so when a hacker accesses a network with any user account, it is a big security breach.

97. (p. 471) Compare a network-based firewall to a host-based firewall. 
A network-based firewall is a device that sits at the edge of a network, while a host-based firewall is a software firewall running on a host within the network.

98. (p. 471) Describe the effect of port filtering. 
Port filtering prevents unauthorized TCP or UDP packets from entering a network by limiting open ports to those defined by the administrator.

99. (p. 476) Describe the default behavior of Windows Firewall. 
By default, Windows Firewall blocks all incoming IP packets that attempt to initiate a session.

100. (p. 476) Describe at least one downside of host-based firewalls. 
A host-based firewall is software that runs on each host, taking CPU processing away from your systems.

101. (p. 476) Describe the position of a dedicated firewall box in a large network. 
In a large network, a dedicated firewall box sits between the gateway router and the protected network.

102. (p. 477) Describe a honeypot. 
A honeypot, either a freestanding device, or software within a router/firewall, creates a fake network that appears vulnerable to attackers. This draws hackers away from the well-protected real network, and the honeypot records the hackers' actions.

103. (p. 477) Describe the purpose of a demilitarized zone (DMZ) in networking. 
While we must rigorously protect the majority of a private network from external threats, some systems, such as mail servers and Web servers, must be accessible from the Internet, and need a different level of protection. Therefore, we position the majority of the hosts behind a firewall, while the servers that must be accessed from the Internet are positioned in a less rigorously protected area called the DMZ.

104. (p. 476) If you cannot run a program that requires Internet access, what might you need to change in your firewall? 
You may need to open ports on the firewall. Discover which ports to open by contacting the publisher of the software to see if certain TCP or UDP ports need to be open for the application to run.

105. (p. 475) After ensuring that you have a good firewall, what is one of the first security tasks you should perform as a Windows user after acquiring high-speed, always-on Internet access at home? 
One of the first things a Windows user should do is to turn off File and Print Sharing because sharing a folder or printer on a computer connected to the Internet potentially makes it available to anyone on the Internet, unless you take some special precautions.

106. (p. 475) How can a hacker on the Internet tell that you have File and Print Sharing turned on in your home Windows computer connected via broadband to the Internet? 
Hackers can discover that a computer has File and Print Sharing turned on through port scanning.

107. (p. 476) When would a very small business of only four or fewer computers require a more robust firewall solution than a consumer-level broadband router? 
A very small business of only four or fewer computers would require a more robust firewall solution if the business needed more sophisticated features than are available in many consumer-level broadband routers. A VPN service is one example of such a feature.

108. (p. 476) When you modify the Windows Firewall to open a port, what three pieces of information must you provide? 
To modify the Windows Firewall to open a port, you need to provide the port number, the protocol, and a name to identify the port.

109. (p. 475) Explain why, in general, you should not allow incoming Internet traffic to initiate a session on your desktop computer. 
The reason you generally do not want incoming traffic to initiate a session on your computer is that this is the behavior of many malware threats. Also, a desktop computer is usually not running a service that is accessible from the Internet.

110. (p. 474-475) Describe why dial-up connections are less susceptible to external threats than broadband connections. 
A dial-up connection is not an always-on session, and therefore it is difficult for hackers to detect the connection. Also, since dial-up connections use DHCP-assigned IP address, which usually change from connection instance to connection instance, it is difficult for a hacker to detect and use that IP address to target that user.

111. (p. 468) Describe how a biometric device works. 
In place of a password, a biometric device scans some aspect of a user, such as scanning a fingerprint, retina, or voice. The computer compares the scan with a scan held in the user accounts database. If they match, the user is allowed access.

112. (p. 468) Describe the downside to using a smart device for authentication. 
The downside to using a smart device for authentication is that the device could be lost or stolen.

113. (p. 466) Describe an ownership factor as an authentication factor. 
An ownership factor is something a user has, such as an ID card, security token, or smart device.

114. (p. 466) Describe an inherent factor as an authentication factor. 
An inherent factor is some part of a user, such as a fingerprint, retina, or voice. All of these factors are unique and can be scanned for authentication.

115. (p. 467) Why does use of nonalphanumeric characters make a password more difficult to crack? 
Using nonalphanumeric characters makes a password more difficult to crack because it adds to the number of possible unique combinations over and above using only alphanumeric characters. This is also true because most password crackers use combinations of common words and numbers to break a password, and adding nonalphanumeric characters into the mix introduces less common combinations, and it is more difficult to crack.

116. (p. 465) Describe leeching. 
Leeching is using another person's wireless network without that person's permission. It usually accompanies activities such as war driving (to seek out unprotected networks by using sniffer hardware and cruising neighborhoods) and war chalking (markings or symbols stenciled onto a nearby fence, gate, door, wall, or whatever, marking the open Wi-Fi signal).

117. (p. 465) Discuss cracking wireless encryption. 
Using encryption can stop casual leeching. Three types of wireless encryption are used: WEP, WPA, and WPA2. WEP and WPA cracking are very simple. Essentially, an attacker runs a sniffer program to capture packets, and then runs a program to sniff out the password or preshared key. Since WPA2 is very difficult and time-consuming to crack, it should be used before the other encryption methods.

118. (p. 463) Describe a man in the middle attack. 
In a man in the middle attack, the attacker inserts him - or herself into a conversation between two other parties and covertly intercepts "private" traffic. The attacker may use this technique to get passwords or other sensitive data. Man in the middle techniques include rouge wireless access points and social engineering.

119. (p. 461) How could adware, which is usually considered to be only annoying, be considered harmful? 
Some of these ads and pop-ups could be used by malicious persons and be infected with malware. They may actually install a virus when you click on them.

120. (p. 471) Describe an FTP bounce attack. 
An FTP bounce attack is an early exploit of open ports, where a malicious user could run the port command on an FTP server to discover any open ports on the FTP server. Modern FTP servers block this kind of attack.
 

No comments:

Post a Comment