17. Access control includes all of the following execpt: Authentication of users

Question

17. Access control includes all of the following execpt:

Authentication of users

Authorization of user's privileges

Auditing to monitor and record user actions

Creation of a user's files

18. The "Perimeter Network" is also known as the

Demilitarized Zone (DMZ)

far edge network devices (FENDs).

the network that lies behind the external firewall and router.

the security network that is hosted by a cloud provider.

19. Border Routers can detect out-of-band communications such as GSM signals.

True

False

20. If I wanted to place an IDS on my network so that it could see the most amount of traffic, I would

Place it right in front of the suspected compromised host.

Place it on any port of a local switch.

Find the closest place to the gateway of my network and use a network tapping device.

IDSs are not used for this role.

21. In most cases, which of the following methods would you NOT want to use with an IDS

SPAN port

Network Tap

Network Hub

An unconfigured switch port   

22. Intrusion Prevention Systems (IPS) are largely passive devices.

True

False

23. Defense in Depth includes all of the following EXCEPT:

Any combination of security devices, practices, and policies

A single, cost effective security appliance that is regularly maintained and updated

is layered like an onion

Cannot be accurately established until proper assessments have been conducted on the network.  

24. Your IDS generates an alert on a potential malicious download in progress. After reviewing the associated pcap in wireshark, you DO NOT observe a graceful tear down of the connection. Chances are the file transfer did not complete.

True

False

25. Internet radio probably uses UDP because it is a connection-less protocol and streaming media typically does not require an established connection.

True

False

26. How are Cisco Access Control Lists usually processed?

They are usually processed by the quantum compiler first, then the flux intensifier, and lastly the decoder.

Access control list entries are processed at the same time.

From the bottom up.

From the top down.

27. All are true about Stateful Firewalls EXCEPT:

Require that connections passing through are legitimate for their protocols.

Have unlimited state tables to monitor connections.

Can rebuild fragmented connections.

Require more processing power than just packet filtering firewalls.

28. Deep Packet Inspection only looks at payload data.

True

False

29. Which one of these sessions would NOT be ideal for payload inspection?

HTTP GET request

Yahoo SMTP session

Amazon SSL connection

An HTTP web search

30. Host based security is not needed when you implement Defense in Depth.

True

False

31. If you implement too many security controls, what portion of the CIA triad (Information Assurance Pyramid) may suffer?

Availability

Confidentiality

Integrity

All of the above

32. This simulates the actions of a hypothetical attacker to attempt to compromise hosts.

Vulnerability assessment

Penetration Test (PenTest)

Risk Assessment

All of the above.

33. How could a corporate user with an unauthorized Wireless USB CDMA adapter from Verizon create a backdoor into the network?

CDMA broadcasts in plaintext.

Since it is easy to do, an attacker is likely to hack the CDMA signal and intercept wireless packets.

This would not create a backdoor since they are two separate networks.

This would inadvertently create a network bridge that could allow access to content behind the business's security controls.

34. Practicing an Incident Response Policy is just as important as having one.

True

False

35. A network interface found in a promiscuous mode on an enterprise network would NOT be considered a possible symptom of system compromise.

True

False

  

36.a Router consists of all of the following EXCEPT:

Changing default passwords

Disable unused services

Turn on logging to syslog server if possible

Enable SSH and TELNET

37. What is the Gold Disk?

Something The Beatles have too many of.

A desktop deployment standard with all of the same programs, services, and baseline features installed for continuity.

A set of server backups placed on a high capacity optical disk

A compilation of patches, fixes, and security controls that can be run on the host machine in order to advert network traffic congestion.

38. Host-Based monitoring will alert on all of the following except:

Changes to the system registry

Kernel changes

Zero-day browser exploits

falied login attempts

Authentication of users

Authorization of user's privileges

Auditing to monitor and record user actions

Creation of a user's files

Explanation / Answer

If you post more than 1 question, as per chegg guidelines I have to solve only first question.

Ques 17. Answer : (b) Authorization of user's privileges

With access ontrol, we can provide the priveledges to the people who can access the files or not. So, we are authorizing their priveledges over files.

Ques 18. Answer : (a) Demilitarized Zone (DMZ)

It is also known as Demilitarized Zone (DMZ).

Related Questions

Navigate

• Browse (All)
• Browse 1
• Subjects

---

---

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.