General Study Guides

Malware Scanners

True or false? It’s best to choose one reliable malware scanner and stick with it through the repair process.

1. True
2. False

Answer: The correct answer is 2.

Breakdown: No one program can remove all malware. Different scanning and repair tools can recognize different threats, and some malware is designed specifically to fool common security software suites. You may wish to run multiple scanners to verify the results of the infection removal process.

Windows 7 Spyware Protection

What is the Windows Vista and Windows 7 built-in spyware protection function called?

1. Windows Defender
2. Windows Antispyware
3. Windows Security Center
4. Windows Firewall

Answer: The correct answer is 1.

Breakdown: Windows Defender is real-time protection software that detects spyware and blocks pop-ups.

System Restore Utility

True or false? System Restore can prevent malware from being fully removed.

1. True
2. False

Answer: The correct answer is 1.

Breakdown: System Restore can be useful in recovering from operating system damage due to malware, but it can also back up infected files in the process. If you restore a system from a restore point made while it was infected, you may introduce the infection back into the system. Hence, it’s often a good idea to disable System Restore after recovering from an infection in order to delete any potentially infected restore points.

Install Disk Scanning Tool

True or false? The Windows 7 install disk contains an antivirus scanning tool for systems that will not boot.

1. True
2. False

Answer: The correct answer is 2.

Breakdown: Windows 7 includes the Windows Recovery Environment or System Recovery Options for systems that won’t boot. While useful in repairing system files, these recovery environments will not find or remove malware; for this, you will need a bootable rescue disk with an antivirus scanner. Typically, you will need to create such a disk yourself.

Physical Data Destruction Methods

Which of the following are examples of physical data destruction methods? (Choose all that apply)

1. Shredding a floppy disk.
2. Demagnetizing a tape.
3. Zeroing a hard drive.
4. Drilling several holes in a DVD.

Answer: The correct answer is 1, 2 and 4.

Breakdown: The process where the storage medium is removed from a computer and otherwise physically or electromagnetically altered such as drilling holes in it or subjecting it to a strong magnetic field (degaussing) is a form of physical data destruction.

Windows Overwrite Command

In Windows Vista and 7 you can overwrite a hard drive with zeros using which command?

1. overwrite
2. wipe
3. clean
4. format

Answer: The correct answer is 4.

Breakdown: Beginning in Windows Vista the ability to overwrite existing data with zeros was added to the Format command.

Overwriting Utility

Why might a simple overwriting utility not erase all data from a drive? (Choose all that apply)

1. It can’t access hidden drive areas.
2. Its only purpose is to replace user files with zeros.
3. It can’t access locked drive areas.
4. It doesn’t overwrite bad sectors on the drive.

Answer: The correct answer is 1, 3 and 4

Breakdown: Overwriting is a method of sanitization that typically replaces existing data with a meaningless pattern such as all zeros. But many of these utilities cannot access hidden or locked drive areas nor can they overwrite bad sectors. This potentially leaves some recoverable information on the drive.

Data Destruction Methods

What is the least secure method of data destruction?

1. Low-level formatting
2. Degaussing tool
3. Standard formatting
4. Overwriting

Answer: The correct answer is 3.

Breakdown: Standard formatting is a method of preparing a hard drive to receive new dat1. This is the least secure method of data destruction since it only deletes the file system, rendering the data invisible but not destroyed. Any number of free file recovery tools could retrieve data you thought had been erased.

Social Engineering Attack

What is primarily exploited by a social engineering attack?

1. Facebook
2. Twitter
3. Trust
4. Ignorance

Answer: The correct answer is 3.

Breakdown: Social engineering exploits trust between people to gain information that attackers can then use to gain access to computer systems. The goals of social engineering techniques include fraud, network intrusion, industrial espionage, identity theft, and a desire to disrupt a system or network.

Self-propagating Malware

Which type of malicious software is a self-propagating program meant to disrupt the operation of a PC?

1. Adware
2. Spam
3. Spyware
4. Worm

Answer: The correct answer is 4.

Breakdown: Worms are programs that replication themselves over the network. A worm attaches itself to a file or a packet on the network and travels of its own accord. It can copy itself to multiple computers, bringing the entire network down.

Social Engineering Methods

In which type of social engineering attack do hackers send e-mail messages or create Web sites that mimic a legitimate site in order to gather usernames and passwords?

1. Dumpster diving
2. Phishing
3. Shoulder surfing
4. Spam

Answer: The correct answer is 2.

Breakdown: Phishing is an example of social engineering where hackers send e-mail messages or create Web sites that mimic a legitimate site to gather usernames and passwords. Hackers can then use stolen information to place unauthorized credit card purchases or even drain a victim’s bank account.

Malware Infection

What kind of program poses as something else, causing the user to “willingly” afflict the attack on himself or herself?

1. Virus
2. Worm
3. Trojan horse
4. Spyware

Answer: The correct answer is 3.

Breakdown: Trojan horses are delivery vehicles for destructive code. They appear to be harmless programs but are enemies in disguise. They can delete data, mail copies of themselves to email address lists, steal personal information, and open up other computers for attack. Trojan horses are most often distributed via spam.

Spyware Basics

True or false? Spyware is a computer program designed to destroy data, damage your computer’s operations, and distribute itself without your involvement.

1. True
2. False

Answer: The correct answer is 2.

Breakdown: Spyware is software that gets installed on your system without your knowledge. It can cause a lot of problems for the user, including gathering personal or other sensitive information. In addition, spyware often displays ads, referred to as adware.

Malicious Software Basics

What term is used to describe any type of malicious software?

1. Virus
2. Worm
3. Malware
4. Spyware

Answer: The correct answer is 3.

Breakdown: Security professionals have coined many names to describe malicious software. The broadest term is malware. Specific types of malware vary by their method of propagation, purpose, and severity.

Gmail Authentication

When you sign into Gmail and you find that you are also signed into Google Calendar, what kind of authentication did you receive?

1. Global
2. Single sign-on
3. Google Drive
4. Run anywhere

Answer: The correct answer is 2.

Breakdown: A server that has already authenticated a user can pass the user’s authentication on to another server so that the user doesn’t need to sign on again in order to access resources. Windows Passport and Gmail are examples of single sign-on applications.

Effective Permissions Tool

True or false? The Effective Permissions tool only accounts for NTFS permissions, not shared permissions.

1. True
2. False

Answer: The correct answer is 1.

Breakdown: The Effective Permissions tool allows you to troubleshoot an access-denied error. You can use it to determine a given user’s effective NTFS permissions for a particular folder or file, however, the tool does not consider share permissions when performing its calculations — only NTFS permissions.

NTFS File Permissions

If you want a colleague to be able to change a file, but not delete it, which NTFS file permission should you assign?

1. Full Control
2. Modify
3. Read and execute
4. Write

Answer: The correct answer is 2.

Breakdown: The NTFS Modify permission allows users to modify files and folders, but they cannot create or delete them.

Local Account Policies

True or false? If your computer is a member of an Active Directory domain, the local account policies you set might not be active.

1. True
2. False

Answer: The correct answer is 1.

Breakdown: If your computer participates in a domain, such an Active Directory domain, it might inherit security policy settings from the domain. Settings at the domain level override those made at the local computer level.

Removable Media Malware

What is one way to protect workstations from malware that might be hidden in removable media?

1. Run an antivirus scan with media plugged into computer
2. Forbid using removable media on all computers
3. Disable Autoplay
4. Boot computer into Safe mode

Answer: The correct answer is 3.

Breakdown: The autorun.ini file is a favorite location to hide malware, so you might want to consider disabling Autoplay on a workstation to prevent infection.

Password Policies

Which password policy forces users to include special characters in their passwords?

1. Account lockout
2. Enforce password history
3. Minimum password length
4. Passwords must meet complexity requirements

Answer: The correct answer is 4.

Breakdown: The Passwords must meet complexity requirements policy forces users’ passwords to meet a set of complexity guidelines, which includes requiring that the password contain characters from three of four of the following categories: English uppercase characters; English lowercase characters; Base 10 digits; and non-alphanumeric (special) characters.

Active Directory Authentication

Which is the primary authentication protocol used in Active Directory domain environments?

1. Keberos v5
2. TACACS
3. Single sign-on
4. RADIUS

Answer: The correct answer is 1.

Breakdown: Kerberos v5 is the primary authentication protocol used in Active Directory domain environments.

Windows Log On

Which type of authentication is the process by which a user provides his or her username and password in the Log On to Windows dialog box?

1. Network
2. Interactive
3. Windows
4. Single sign-on

Answer: The correct answer is 2.

Breakdown: The authentication process can be handled in several ways to produce various results, depending on how the environment is structured. Interactive authentication is the process by which a user enters his or her name and password in the Log On to Windows dialog box. There are two types of logons: Domain and Local.

Common User Accounts

Most of the user accounts in your Windows environment will be which type?

1. Administrator
2. Guest
3. User

Answer: The correct answer is 3.

Breakdown: The most common type of user account in a corporate Windows environment is the User account type.

Password Change Frequency

What’s the general rule for when you should change your password?

1. Less than 30 days
2. Between 60 and 90 days
3. Between 30 and 60 days
4. At 180 days

Answer: The correct answer is 3.

Breakdown: Passwords should be changed frequently. A general rule of thumb is to change your password every 30 to 60 days.

Password Complexity

A complex password consists of letters, numbers, and what other type of characters?

1. alpha-numeric
2. mixed case
3. ASCII
4. special

Answer: The correct answer is 4.

Breakdown: A complex password can be constructed by taking a phrase and using it as the basis of a password. Users make some of the letters uppercase and some lowercase, and then add numbers and special characters such ans “& % $ #” to make the password more secure.

User Password Rules

True or false? Passwords for Windows user accounts aren’t case sensitive.

The correct answer is 2.

Breakdown: User passwords can contain letters, numbers, characters, but cannot begin or end with a space. Passwords are case sensitive and must be between 1 and 127 characters long.

Anti-Virus Software, the Third Step in Securing a Virtual Environment

Why anti-virus software is the third step in securing a virtual environment and how to properly implement it.

Because virtual machines are set up to be self-contained systems, some kind of anti-virus software is required to protect these systems. Even if an antivirus program is installed…

Answer: …on the host machine, it won’t extend to the virtual machine environments. Anti-virus scans files and folders on the local host machine, but has no way of scanning those items contained in the virtual environment. That is why antivirus must be placed on all the virtual machine environments.

What are Buffer Overflow Attacks?

Describe buffer overflow.

Buffer overflow is the state of an application that has received more data than it is configured to handle. It benefits an attacker not only to deploy malicious code on…

Answer: …the target system but also implement backdoors on the target system to activate further attacks. Buffer overflow attacks are a result of poor programming or faulty memory management by the application developers.

Client-Based Techniques for State Management

What are the primary client-based techniques for state management and what are some of the advantages and disadvantages?

Client-based techniques maintain state of a Web page by holding information either on the page or on a client computer. If the data is stored on the client, it is submitted to a web server by the client with each web request. Here are the known advantages and disadvantages of storing data on the client computer: Advantages/Disadvantages When storing information on a client, if a large amount of data is client-side it has better scalability. Because several users send can increase bandwidth requests simultaneously, utilization and page load is improved for the client times. The disadvantage is storing data on a client side is an unauthorized user may access and compromise the data. Some client-based techniques for state management include:

Answer:

View State: View state is used to continue changes to the state of a web page across postbacks. View state data variables are stored as base 64- encoded strings in one or more embedded fields. It is retrieved by using the ViewState property of a web page. The property provides a dictionary object and maintains page or control property values between multiple user requests for the same web page. Control State: View state data of a custom control for a web page can be stored by using the ControlState property, rather than the ViewState property of the Web page. The ControlState property holds control property data during multiple round trips to the server. The control state data pertains to a custom control and is retained even if the view state is inactive at the page level. Hidden Fields: A hidden field is used to keep ViewState state information in a Web page in a HiddenField control. The control is delivered as an HTML element. A hidden field holds data that’s not visible on a web page. However, it is sent to the web server along with the page post backs. Cookies: A cookie is a client-based method and is a condensed packet of information that stores key-value pairs at the client-side. The information correlates to a specific domain and is sent along with the client request on a Web browser. Cookies hold preferences of users and offer a personalized browsing experience. Query Strings: A query string is a client-based method that keeps state information stored in a query string by affixing it to the URL of a Web page. The actual URL separates the state information with a question mark ‘?’. The state data is represented by a set of key-value pairs, each of which is separated by an ampersand character.

Client-side processing vs. server-side processing

Know the difference between client-side processing vs. server-side processing.

Client-side processing is the function of operations performed by the client in a client-server relationship in a computer network. A client is a system application that’s executed on a user’s computer with…

Answer: …connection to a server when needed. Operations may be conducted client-side when they need available data on the client but not the server. Here the user may need to add input because the server can’t fully process the operations in a timely fashion for all clients it serves. Also, if operations can be handled by the client without transmitting data over the network, it may require less time, bandwidth and have low security risk.

Privilege Escalation in Web Applications

Does privilege escalation play a similar role in web application security, as it does in network security?

As we have discussed before, privilege escalation is the act of exposing a bug or design error in a software application to gain access to…

Answer: …resources that otherwise would have been safeguarded from an application or user. The outcome is the application performs actions with more privileges than intended by the application developer or system administrator.

What is Host Hardening?

Define and describe host hardening.

Host hardening begins with a requirements evaluation to determine server function and to determine the risks involved. Security is a fine balance between ultimate security and usability. In practical terms, the more secure a device is, its usability decreases. Standard Operating Environment is a…

Answer: …specification for employing a standard architecture and applications within an organization. There is no systemized SOE standardization; however, organizations usually employ standard disks, operating systems, computer hardware, and standard applications and software within their own organization.

What is Web Service Security (WS-Security)?

Define Web Service Security (WS-Security).

Web Service Security (WS-Security) is a security service that is used for enabling message-level security for Web services. To activate this service, the user must…

Answer: …verify the related WSSE policy information is available to the Managed Servers. The SOAP messages that are transmitted between two or more Web services can be protected by WS-Security using security tokens, digital signatures, and encryption.

De-provisioning in Cloud Computing

Understand the concept and need for de-provisioning in cloud computing.

Public cloud providers apply multi-tenancy to optimize server workloads and reduce costs. Multi-tenancy shares server space with other organizations so it’s important to know…

Answer: …what security mechanisms your cloud provider has in place. Based on sensitivity of data, encryption may need to be used as well. The method of de-provisioning will become more challenging as password verification methods become more sophisticated. Federated identity management schemes will allow users to log on to multiple clouds, and that will make de-provisioning much trickier.

Troubleshooting Router LAN Connectivity Problems

Which of the following commands can be used for troubleshooting router LAN connectivity problems? (Choose all that apply)

1. show interfaces
2. show IP route
3. tracert
4. ping
5. DNS lookups

Answer: The correct answer is 1, 2 and 4.

Breakdown: Pinging the remote host, tracing the IP route, and viewing the interfaces are all useful techniques for troubleshooting LAN connectivity problems from a router. Note: the tracert is a Windows command.

Types of Flow Control

Which of the following are types of flow control? (Choose all that apply)

1. Buffering
2. Cut-through
3. Windowing
4. Congestion avoidance
5. VLANs

Answer: The correct answer is 1, 3 and 4.

Breakdown: Buffering, windowing, and congestion avoidance are all common types of flow control.

Understand Unified Communications (UC)

Know the principles behind Unified Communications (UC).

Unified communications (UC) is the combining of real-time communication services with non-real-time communication services. It is a group of products that support an ongoing unified user interface and user experience across multiple devices and media types. Unified communication offers the capability of transmitting a message on one medium and receiving the same communication on another medium. For instance, an individual can…

Answer: …receive an email message and can access it through a cell phone or remote device. If the sender is online according to available status information, the response can be sent immediately through text chat or phone call. Otherwise, the response can be sent as a non-real-time message that can be accessed through another media. Components of unified communications With unified communications, multiple mediums of business communications are cohesively integrated. Unified communication components: Call control and multimodal communications Presence Instant messaging Unified messaging Speech Conferencing Collaboration tools Business process integration (BPI) Business process integration

Unsuccessful Router Telnetting

You are unsuccessful in telnetting from a router into a remote device. What could be the problem? (Choose all that apply)

1. IP addresses are incorrect.
2. Access control list is filtering Telnet.
3. There is a defective serial cable.
4. The VTY password is missing.

Answer: The correct answer is 2 and 4.

Breakdown: Though the problem could be due to either a defective serial cable or using incorrect IP addresses, these are obvious problems that should be quickly realized. The best answers are that either an access control list is filtering the Telnet session or the VTY password is not set on the remote device.

USB Standards

Which USB version has a top transfer speed of 480 Mbps?

1. USB 1.0
2. USB 1.1
3. USB 2.0
4. USB 3.0

Answer: The correct answer is 3.

Breakdown: USB 2.0 has a top speed (hi-speed) of 480 Mbps. It has a low-speed of 1.5 Mbps and full-speed of 12 Mbps.

User Account Info

Which of the following items does a user account not include?

1. Account type
2. Account policies
3. First and last name
4. Password

Answer: The correct answer is 2.

Breakdown: A user account is a collection of settings and privileges associated with a person. The information might include a first and last name, password, group membership information, and other data.

Valid Host Address in Class B Subnet

Which is a valid host address in the following Class B subnet: 172.16.17.0/22?

1. 172.16.17.1 255.255.255.252
2. 172.16.0.1 255.255.240.0
3. 172.16.20.1 255.255.254.0
4. 172.16.16.1 255.255.255.240
5. 172.16.18.255 255.255.252.0
6. 172.16.0.1 255.255.255.0

Answer: The correct answer is 5.

Breakdown: A Class B network with a /22 mask is 255.255.252.0 with a block size of 4 in the third octet. The network address given is in subnet 172.16.16.0 and has a broadcast address of 172.16.19.255. Therefore, the only correct answer is 172.16.18.255 with a subnet mask of 255.255.252.0.

Verifying Network Security

What application would you use to verify the security of a network and also check for any weaknesses?

1. Honey pot
2. Posture monitor
3. Profile scanner
4. Vulnerability scanner

Answer: The correct answer is 4.

Breakdown: It’s vital that the network security solution of a deployed network be checked on a periodic basis to verify that things work as expected and to also identify and secure any discovered weaknesses. Applications known as security scanners are used for this purpose. Two such applications are Nessus and Nmap. These scanners employ many of the same scanning features that attackers utilize in order to discover network vulnerabilities.

VLSM Network Masks

On a VLSM network, which mask should you use on point-to-point WAN links in order to reduce the wasted IP addresses?

1. /27
2. /28
3. /29
4. /30
5. /31

Answer: The correct answer is 4.

Breakdown: A point-to-point link only uses two hosts, therefore, a /30 mask (255.255.255.252) will provide two hosts per subnet.

What are Elements of an Identify Fraud Investigation?

Elements of an Identify Fraud Investigation

Pieces of an identity fraud investigation include…

Answer: Hardware and software tools, including digital cameras, credit card readers, credit card generators and scanners Internet activity, including email and newsgroup posting, online orders, online trading information, erased documents, system files and file slack, and activity at forgery sites ID templates, including birth certificates, check cashing cards, digital photo information, drivers license and fictitious vehicle registration,social security cards, electronic and scanned signatures Negotiable instruments, including business and cashiers checks, credit card numbers, counterfeit currency, fictitious court documents, loan documents and sales receipts

What are Methods for Application and File Analysis?

Elements of Application and File Analysis

Painstaking analysis of files and applications can produce useful information…

Answer: Examine file names for patterns Examine individual files Identify operating systems Match files with applications on the system Examine relationships between files—internet searches with cache files, for example, and email files with attachments Scrutinize unknown file types Search users default storage location for files Examine users configuration files

What are Steps to Follow in Searching for Hidden Files?

Searching for Hidden Files

Using Data Hiding Analysis to search for files can produce important evidence. Some methods for hidden file searches:

Answer: Match file headers to file extensions to find any mismatches, which may indicate an intent to hide files Look for files that are encrypted, password protected and compressed; this may indicate intent to conceal data; Use software to search for files hidden within files—steganography

What are the Challenges in Collecting and Using Digital Evidence?

Challenges in Collecting and Using Digital Evidence

Digital evidence can establish a key link between a crime and the criminal but it is not foolproof…

Answer: There are several ways digital evidence can be manipulated: Can be maliciously tampered with Is unstable if not handled carefully Cannot always be traced Can be lost if computer is turned off Can be erased remotely or overwritten

What are the Different Types of Digital Data?

Different Types of Digital Data

Investigators need to know which data files are permanent and which are temporary…

Answer: Volatile memory: Needs power to remain in the system; disappears when computer is turned off. Includes logged-on users, open files, network information and command history. Non-volatile memory: Used for secondary storage and persists when power is turned off. Includes hidden files, swap files registry settings, unused partitions and events logs. Transient datLost when computer is turned off. Includes open network connection, user logout, programs in memory and cache data. Fragile datInformation temporarily saved on the hard disk, it can be altered or erased. Includes access dates on files and last-access timestamps. Temporarily accessible datStored on the hard drive and accessible for limited time. Includes encrypted file information Active datData used for daily operations. Accessible. Archival datManages long-term storage Backup datCopy of system data that can be accessed at time of recovery after system crash or other disaster Residual datWhen a file is deleted, computer tags the deleted space as residual data; file can be retrieved until space is reused. MetadatContains record for a document, including format, and information about the file’s creation and any modifications

What is a Collaboration Platform?

Define and describe collaboration platforms and what they do within an organization.

Collaboration platform is a unified electronic platform that works with both synchronous and asynchronous communication using a range of devices and mediums. It provides a set of software components and services. These components and services allow users to communicate, share information, and collaborate to carry out common business goals. A collaboration platform has these key elements: Messaging (email, calendaring and scheduling, and contacts) Team collaboration (file synchronization, ideas and notes in a wiki, task management, and full-text search) Real-time communication (presence, instant messaging, web conferencing, application/desktop sharing, voice, and audio and video conferencing) The scope of collaboration platforms and associated tools can be optimized for these different types of users:

Answer: Enterprise class, for business purposes (B2B): meaning high usage volume, numerous simultaneous sessions, with large groups. Also refers to high storage requirements for many files, or large file types such as video, simultaneous use of several tools and availability of high bandwidth; possibly relatively sophisticated users or a savvy moderator. Small to medium sized businesses (SMB), (B2B): lower volume of usage, fewer simultaneous sessions, and fewer attendees per session. Consumers: such as small businesses, social groups or individuals, for business or non-business use.

What is an End-to-End Solution (E2ES)?

Describe an End-to-End (E2ES) solution.

An end-to-end solution (E2ES) indicates that…

Answer: …the supplier of an application program or system will furnish all hardware and software components and resources to accommodate the customer’s requirement and no additional supplier is required in this process.

What is Attestation and What Makes it a Good Security Practice?

Describe attestation and how it applies to reducing organizational risk.

Attestation is the formal process of witnessing the signing of a document, then the witness adds his signature to verify the document was properly signed by those bound to its contents. Attestation conveys a certification review process where…

Answer: …an individual attests to or witnesses/vows to something significant. It specifies a review/certification process that requires resource owners to confirm their authorized users on an ongoing basis. Attestation supplies an organization with a degree of protection from liability and the risks involved with potential negligence of the resource owner to control access to his resource in order to comply with legal or regulatory requirements. These three statements are required for attestation: I am the individual who makes the authorization decision for the specific resource. These individuals and groups are authorized to use the intended resource. I understand which resource I have authorized these individuals to access.

What is Certificate-Based Authentication?

What is certificate-based authentication and what are the processes involved when using it?

A certificate-based authentication scheme is a scheme that uses a public key cryptography and digital certificate to authenticate a user. A digital certificate is an electronic form that contains identification data, public key, and the digital signature of a certification authority derived from that certification authority’s private key. When a user signs on to the server, he provides his digital certificate that has the public key and signature of the certification authority. The server then confirms the validity of the digital signature and if the certificate has been issued by a trusted certificate authority or not. The server then authenticates the user with public key cryptography to confirm the user is in possession of the private key associated with the certificate. The processes involved when using certificate-based mutual authentication:

Answer: A client requests access to a protected resource. The web server presents its certificate to the client. The client verifies the server’s certificate. If verified, the client sends its certificate to the server. The server verifies the client’s credentials. If confirmed, the server grants access to the protected resource requested by the client.

What is Change Management?

Describe change management.

Change Management is used to confirm that standardized methods and procedures are implemented for efficient handling of all changes. A change is “an event that results in a new status of one or more configuration items (CI’s)” affirmed by management, cost effective, enhances business process changes (fixes) – with lowered risk to IT infrastructure. The primary goals of Change Management:

Answer: Minimal disruption of services Reduction in back-out activities Economic utilization of resources involved in the change

What is Decommissioning?

Define the term decommissioning and describe the process behind it.

Decommissioning is a managed process to retire a facility that is no longer needed as safely and securely as possible. During decommissioning, hazardous materials, equipment or structures are cleaned and/or contained so that the facility does not become a risk hazard in the future. This process involves:

Answer: Decontamination Fixing or isolating contaminants Demolition and dismantlement Building conversion and reuse Waste management and disposal

What is Desktop Sharing?

Discuss the concept of desktop sharing.

Desktop sharing allows remote access and remote collaboration on a person’s desktop via a graphical terminal emulator. The most common two scenarios for desktop sharing: click to view

Answer: Remote log-in Real-time collaboration Remote log-in allows users to connect to their desktop from a different location. Systems that support the X Window System, typically Unix-based systems, are configured with this capability. Windows versions starting from Windows 2000 have a built-in solution for remote access as well Remote Desktop Protocol, and the earlier program, Microsoft’s NetMeeting. The open source product VNC allows cross-platform solutions for remote log-in. The disadvantage of the above solutions is they can’t operate outside of a single NAT environment. Several commercial products resolve this restriction by tunneling the traffic through rendezvous servers. Real-time collaboration is an expanded aspect of desktop sharing use, and is an evolving component of robust multimedia communications. Desktop sharing, when used together with other mediums of multimedia communications such as audio and video, creates the experience of virtual space where people can connect, socialize, and collaborate. On a broader scale, this is also referred to as web conferencing.

What is eXtensible Access Control Markup Language (XACML)?

Define and describe eXtensible Access Control Markup Language (XACML).

XACML is the acronym for: eXtensible Access Control Markup Language. It is the specified access control policy language implemented in XML and a processing model, explaining how to interpret the policies. Version 2.0 was ratified by…

Answer: …OASIS standards organization on 1 February 2005. Currently in development, Version 3.0 will add generic attribute categories for the evaluation context and policy delegation profile (administrative policy profile). XACML is applied as a basic, flexible way to define and impose access control policies in a range of environments. It secures content from unauthorized use in business data exchanges. The benefits of using XACML: It is designed and written in XML, which has found a wide and expanding base in global enterprise environments. XACML has been ratified by OASIS, which drives the development, convergence, and adoption of e-business standards. XACML implements a set of powerful features at the disposal of developers. It allows a firm to create and implement authorization policies to match its mix of assets and business use-cases.

What is Included in a Final Report of an Investigation?

Elements of Final Report of Investigation

All elements of the investigation need to be summarized in the report, including…

Answer: Files related to the original search Other files that support the findings Results of all searches of the system All internet evidence Analysis of any graphical evidence Registration data Data analysis Description of programs related to the investigation Hidden or masked data All supporting materials

What is Instant Messaging?

Understand the principle concepts of instant messaging.

Instant messaging (IM) is a method of real-time, text communication between two or more people using personal computers or other devices and shared software. The user’s text is…

Answer: …displayed over a network, such as the Internet. More advanced IM software clients also support upgraded modes of communication, such as live voice or video calling. IM falls under the general terminology known as online chat, and is a real-time text-based networked communication medium, while having the unique component of employing client-based applications such as Buddy List, Friend List or Contact List to facilitate communications between users. Online ‘chat’ also employs web-based applications to generate communication between users in a multi-user environment.

What is Phreaking?

Describe the security / theft concept of Phreaking.

Phreaking, a method used in service theft, is a type of hacking that steals service from a provider, or uses the service while assigning cost to another person. Encryption is not commonly used in SIP, which administers authentication over VoIP calls, so user credentials are exposed to theft. Most hackers are able to…

Answer: …swipe sensitive information through eavesdropping. An unauthorized party can obtain names, passwords and other credentials, granting them unrestricted use of voicemail, calling plan, call forwarding, and billing information. The end result is service theft. Swiping credentials to make free calls is not the sole motivation behind identity theft. Often it’s a means to obtain important information like business data. A phreaker can manipulate calling plans and packages by adding more credit or using the victim’s account to make calls, as well as accessing other confidential information to his benefit.

What is Remote Assistance?

Define the topic of remote assistance.

Remote Assistance is a Windows feature that allows a support team (or helper) to provide technical support to a remote user (host). Through Remote Assistance the helper can view the Windows session of a host on his computer. The basics of Remote Assistance: click to view

Answer: A remote user sends an invitation to an Administrator (or expert) through e-mail or Windows Messenger. The Administrator accepts the request and can then view the user’s desktop. To maintain privacy and security, all communication is encrypted. Remote Assistance can be used only with the permission of the person who requires the assistance. Note: If the user has activated “Allow” (on the computer to be controlled remotely) in the Remote Assistance Settings dialog box, an expert can take control of the keyboard and mouse of a remote computer to guide the user.

What is Route Poisoning?

What is route poisoning?

1. It sends back the protocol received from a router as a poison pill, which stops the regular updates.
2. It is information received from a router that can’t be sent back to the originating router.
3. It prevents regular update messages from reinstating a route that has just come up.
4. It describes when a router sets the metric for a downed link to infinity.

Answer: The correct answer is 4.

Breakdown: One way to avoid problems caused by inconsistent updates and to stop network loops is with route poisoning. When a network goes down, the distance-vector routing protocol initiates route poisoning by advertising the network with a metric of 16, or unreachable, which is essentially setting it to infinite.

What is a Secure Socket Layer (SSL)?

Describe Secure Socket Layer (SSL) and its purpose.

Secure Socket Layer (SSL) is a protocol used to send private documents over the Internet. SSL uses both public key and symmetric encryption to provide…

Answer: …confidential communication, authentication, and message integrity. With this protocol, clients and servers can exchange information while being safeguarded from eavesdropping and tampering of data on the Internet. Secure Socket Layer protocol is used by many websites to safely obtain confidential user information, such as credit card numbers. URLs that require an SSL connection begin with https: instead of http:. By default, SSL uses port 443 for protected communication. Message integrity assures the message being sent is not being altered in the transmission path. A checksum algorithm is used at the sending and the receiving points to preserve the message so that it’s received intact. Digital signatures are applied to verify user’s identifications.

What is Security Assertion Markup Language (SAML)?

What is Security Assertion Markup Language (SAML)?

Security Assertion Markup Language (SAML) is an XML-based protocol for sharing authentication and…

Answer: …authorization information between security domains, specifically, between an identity provider and a service provider. SAML is a product of the OASIS Security Services Technical Committee.

What is Service Provisioning Markup Language (SPML)?

Define and describe the concept of Service Provisioning Markup Language (SPML).

Service Provisioning Markup Language (SPML) is an XML-based framework developed by OASIS (Organization for the Advancement of Structured Information Standards). SPML is applied to…

Answer: …share user, resource and service provisioning data between participating organizations. SPML is the open standard for the implementation and interoperation of service provisioning requests. The objective is to allow organizations to expediently and safely set up user interfaces for Web applications and services, by letting business platforms such as Web portals, application servers, and service centers create provisioning requests throughout organizations.

What is Simple Object Access Protocol (SOAP)?

Define and describe Simple Object Access Protocol (SOAP).

SOAP (Simple Object Access Protocol) is a communication protocol for XML Web services, and expresses the XML format for messages. It is purposed to share structured and typed information between different applications that support XML Web services. SOAP protocol consists of three parts:

Answer: The first part identifies an envelope that contains the message and is the basic element of exchange between the processors of SOAP messages; the second part identifies a set of data encoding rules that are used to encode application specific data types; the third part identifies the message request or response that is exchanged between XML Web services.

What is Single Sign-On (SSO) and its Benefits?

Let's take a deep look at Single Sign-On (SSO), the available types, and the benefits of using it.

Single sign-on (SSO) is a system functionality giving users access to a number of applications without having to go through the log-on process or key in passwords for each application. In SSO, a user can access all computer applications and systems where he has access permission without having to enter multiple passwords. This minimizes human error and systems failure. There are several commercial SSO solutions available in the market, such as: Central Authentication Service (CAS) The Dutch NREN CoSign Enterprise Single Sign-On (E-SSO) Web Single Sign-On (Web SSO) Security Assertion Markup Language (SAML) Direct SSO Shibboleth The primary benefits of the Single sign-on are:

Answer: Minimizes phishing success, because users are not trained to enter passwords everywhere without thinking. Minimizes password fatigue from various user name and password combinations. Decreases time spent re-entering passwords for the same identity. Can accommodate traditional authentications, such as Windows credentials (username/password). Lowers IT costs due to reduced calls to IT help desk calls about passwords. Security on all levels of entry/exit/access to systems without the need to re-prompt users. Centralized reporting for compliance adherence.

What is the System Development Life Cycle?

Describe System Development Life Cycle (SDLC):

Given the size and complexity of today’s systems, teams of architects, analysts, programmers, testers and users must collaborate to create the exhaustive, explicit, custom-written code that drives our enterprises. To handle this with efficiency, several system development life cycle (SDLC) models have been developed, such as waterfall, fountain, spiral, build and fix, rapid prototyping, incremental, and synchronize and stabilize. The best known and long-standing model is the waterfall: a series of stages in which the output of each stage becomes the input for the next. These stages can be split up and described in various ways, including:

Answer: Project planning and feasibility study Systems analysis and requirements definition Systems design Implementation Integration and testing Acceptance, installation, and deployment Maintenance

What is Telephony?

Describe the concept of telephony.

Telephony is the mechanism that involves the electronic transmission of voice, fax, or other data between distant parties using mediums historically associated with…

Answer: …the telephone, a device containing both a speaker or transmitter and a receiver. With the advancement of computer technology and transmission of digital information over telephone systems and the use of radio to send telephone signals, the line between telephony and telecommunication has become difficult to discern.

What is the Concept of Presence in Telephony?

Describe the concept of Presence, as it pertains to communications.

In the area of telephony, Presence is known as communicating the user’s need and capability to communicate, as well as the medium used for their communication to occur. If a user has a live Internet connection, presence may…

Answer: …indicate that the user is to be reached through the medium of IP telephony. The basis of presence is to allow the user to be located and contacted where they’re physically using the preferred method of communication. Presence information functions as a status reader in a telecommunications network indicating the readiness of a user to communicate. A user’s client signals presence information through a network connection to a presence service, which is logged in the user’s personal availability record and can be dispatched to other users to inform them of his availability for communication. Presence information has extensive application in many communication programs and is one of the innovations advancing the popularity of instant messaging or recent applications of voice over IP clients.

What is the Definition of Digital Evidence?

Definition of Digital Evidence

Digital evidence, which is the core of any cyber investigation, takes many forms and can be found in several places…

Answer: Digital evidence is evidence stored or transmitted in digital format. It can take the form of: Graphic, spreadsheet, word processing files Audio or video files, Server or other log files Emails Internet browser histories. Investigators can collect digital evidence from: Storage media Network traffic Computer files collected during an evidence search

What is the Importance of Ownership and Possession?

Conducting Ownership and Possession Searches

Determine which user created or accessed suspect files…

Answer: The key to an investigation may come from placing a user in the system at a time when other evidence presents proof of wrongdoing.

What is the Security Development Lifecycle?

Define and describe the Security Development Lifecycle, its components and the seven phases.

The Security Development Lifecycle (SDL) is a software development security assurance process introduced by Microsoft. It lowers software maintenance costs while enhancing reliability of software with regard to security related bugs. The Security Development Lifecycle (SDL) involves these seven phases: Training Requirements Design Implementation Verification Release Response During each phase of (SDL) these security practices are followed:

Answer: Phases Security Practices Training Core Security Training Requirements Security and Privacy Requirements Create Quality Gates/Bug Bars Security and Privacy Risk Assessment Design Establish Design Requirements Attack Surface Analysis/Reduction Threat Modeling Implementation Use Approved Tools Deprecate Unsafe Functions Perform Static Analysis Verification Perform Dynamic Analysis Fuzz Testing Attack Surface Review Release Incident Response Plan Final Security Review Release/Archive Response Execute Incident Response Plan

What is the Security Requirements Traceability Matrix (SRTM)?

Define and describe Security Requirements Traceability Matrix (SRTM).

Security Requirements Traceability Matrix (SRTM) is a grid that supplies documentation and a straightforward presentation of the required elements for security of a system. It is vital to incorporate the best level of security in technical projects that require such. SRTM can be used for any type of project. Requirements and tests can be easily tracked in relationship to one another. SRTM assures accountability for all processes and completion of all work. An SRTM between security requirements and test activities have a grid, comparable to an Excel spreadsheet. This spreadsheet contains a column for these items: Requirement identification number Description of the requirement Source of the requirement Objective of the test Verification method for the test Each row indicates a new requirement. An SRTM provides a simple way to review and compare the different requirements and tests appropriated for a specific security project. Adapt solutions to address emerging threats and security trends Increasing threats can come from various sources, both internal and external sources. Examples of emerging threats include:

Answer: New technology Changes in the culture of the organization or environment Unauthorized use of technology, such as wireless technologies, rogue modems, PDAs, unlicensed software, and iPods Changes in regulations and laws Changes in business practices, such as outsourcing and globalization In order to identify and locate emerging threats and vulnerabilities, risk analysis should be done regularly. A vigilant security professional should always be on alert and watch for new threats that may present the need for a new risk review.

What is Validation of Systems Design?

What is the process of validation in systems design?

Validation is a quality control process purposed to keep track of development and verification procedures in a system and that these elements establish a system that meets initial requirements, specifications, and regulations. For a new development flow or verification flow, validation methods may…

Answer: …entail modeling either flow and using simulations to determine faults or gaps that might lead to faulty or incomplete verification or development of a system. A series of validation requirements, specifications, and regulations can be applied as the foundation for assessing a development flow or verification flow for a system. Other validation procedures also include those specialized to make certain all modifications made to an existing qualified development flow or verification flow will bear the end-result of a system that satisfies the initial design requirements, specifications, and regulations. Such validations help sustain qualified flow. Validation of a system affords a high level of assurance that a system achieves its intended requirements. This often includes acceptance of fitness for purpose with end users and other product stakeholders.

What is Video Conferencing?

Know the principles of video conferencing.

Video conferencing is a group of interactive telecommunication mechanisms that connect two or more locations in real time via two-way video and audio transmissions. Video conferencing is different from video phone calls as…

Answer: …it’s designed to support interactive conferencing in a group setting rather than individuals. It uses telecommunications of audio and video to assemble people at different locations to participate in a meeting. This can be a straightforward discussion between two people in private offices (point-to-point) or the interlinking of several sites (multi-point) with several participants in large rooms at different locations. In addition to the audio and visual transmission of meeting activities, videoconferencing can be a tool for file sharing, computer-displayed information, and whiteboards.

What is Voice over Internet Protocol (VoIP)?

Describe Voice over Internet Protocol (VoIP) and the four methods of calls through the internet.

The Voice over Internet Protocol (VoIP) is used for the circulating of voice conversation over the Internet. The VoIP is also referred to as IP Telephony, Broadband Telephony, etc. Analog signals are used in telephones where sound is received as electrical pulsation that is boosted and…

Answer: …sent to a small loudspeaker attached to the other phone, and the call receiver can hear the sound. Analog signals are converted into digital signals in VoIP that are sent to the Internet. With an Internet connection, VoIP is used to make free phone calls through any VoIP software available in the market. There are different methods for making phone calls through the Internet, such as: Through Analog Telephone Adapter (ATA): This method takes a traditional phone and attaches it to the computer through ATA. ATA receives analog signals from the phone and then converts them to digital signals. The digital signals are then received by the Internet Service Providers (ISP), readying the system to make calls over VoIP. Through IP Phone: IP Phones look like traditional phones, but they have RJ-45 Ethernet connectors, instead of RJ-11 phone connectors, to connect to the computers. Computer To Computer: This simplest method to use VoIP. Required components are software, microphone, speakers, sound card and an Internet connection through a cable or a DSL modem. Softphones: This is a software application that can be loaded onto a computer and used anywhere in the broadband spectrum. Soon after VoIP was made available, there was no major concern about security vulnerabilities. The focus was mainly on cost, functionality, and reliability. Now that VoIP is becoming one of the mainstream communication technologies, security has become a major concern.

What is Web Conferencing?

Know the principles of web conferencing.

Web conferencing is used for live meetings, training, and presentations on the Internet. Participants are connected to each other through their computers through a web stream. This can be done via an…

Answer: …application that’s downloaded on each of the attendees’ computers, or a web-based application where attendees are connected through a link distributed by e-mail invitation to access the meeting. Web conferencing software allows multiple people in various locations to participate in an audio conference, video conference, or an audio-video conference. It can be used as a video chat session such as Skype; or a more sophisticated set-up such as an international two-way video conference with many participants. Web conferencing categories: Audio conferencing Video conferencing Webinars Real time conferencing

What Kinds of Digital Evidence Indicates Online Auction Fraud?

Digital Evidence of Online Auction Fraud

Here’s where to look for evidence of online auction fraud…

Answer: Account data at online auction sites Accounting or bookkeeping software Address books Customer information or credit card data Databases Internet browser history of cache files Digital camera software Email, correspondence, notes Financial records

What Kinds of Evidence Suggest a Death Investigation?

Evidence of a Death Investigation

Here’s where to look for evidence of death investigation…

Answer: Address books Diaries Email and other correspondence Financial records Images Internet activity logs Will and other legal documents Medical records Telephone records

What Should an Evidence Examiner’s Report Include?

Elements of An Evidence Examiner’s Report

An evidence Examiner should keep meticulous notes throughout his search…

Answer: Take notes when interviewing investigator Preserve copy of the search authority and chain of custody document Detail each action taken, including date, time, complete description of action and results Note operating system name software and patches.

When are Multiple Warrants Recommended in a Cyber Investigation?

Need for Multiple Warrants in a Cyber Investigation:

A federal search warrant usually applies only to territory in the jurisdiction of the District Court issuing the warrant. Investigators embarking in a search of a computer network may not know in advance where all the files are located…

Answer: …it may be located on computer systems in another District. In instances where agents suspect data may be stored in more than one district, investigators should consider seeking warrants for several districts to ensure that the evidence collected in the search is admissible in court.

Where Can Evidence of Child Exploitation be Found?

Finding Evidence of Child Exploitation

Here’s where to look for evidence of child exploitation…

Answer: Chat logs Date and time stamps Digital camera software Email and other correspondence Games Graphic editing and viewing software Director and file names that describe images Internet logs Images Movie files

Where Can Evidence of Economic Fraud be Found?

Evidence of Economic Fraud

Here’s where to look for evidence of economic fraud…

Answer: Check, currency and money order images Credit card skimmers Images of signatures False financial forms Fraudulent Identification

Where Can Evidence of Email Threats Be Found?

Evidence of Email Threats

Here’s where to look for evidence of email threats…

Answer: Internet activity logs Legal documents Telephone records Background research on victim Email and other correspondence Financial records

Where Can Evidence of Extortion be Found?

Evidence of Extortion

Here’s where to look for evidence of extortion…

Answer: Date and time stamps Email and other correspondence History log Internet activity log Temporary internet files User names

Where Can Evidence of Gambling be Found?

Evidence of Gambling

Here’s where to look for evidence of gambling…

Answer: Database of customers and player records Customer credit card information Electronic currency Statistics on sports betting Image players

Where can Evidence of Narcotics Trafficking be Found?

Evidence of Narcotics Trafficking

Here’s where to look for evidence of narcotics trafficking…

Answer: Address book Calendar Databases Drug recipes False identification Email and other correspondence Financial records Prescription forms Internet activity log

Where can Evidence of Prostitution be Found?

Evidence of Prostitution

Here’s where to look for evidence of prostitution…

Answer: Address books and calendars Biographies Customer databases False identification Financial records Medical records Web advertising Internet activity log

Where Can Evidence of Software Piracy be Found?

Evidence of Software Piracy

Here’s where to look for evidence of software piracy…

Answer: Chat logs Email and other correspondence Image files of software certificates Internet activity logs Serial numbers Software cracking utilities

Where Can Evidence of Telecommunications Fraud Be Found?

Evidence of Telecommunications Fraud

Here’s where to look for evidence of telecommunications fraud…

Answer: Cloning software and customer records Electronic serial number /Mobile identification pair records Email and other correspondence Financial records Manuals on how to Phreak Internet activity and telephone records

Where Evidence of Computer Intrusion Can be Found?

Evidence of Computer Intrusion

Here’s where to look for evidence of computer intrusion…

Answer: Address books Configuration files Email and other correspondence Executable programs Internet activity logs IP addresses and usernames Internet relay chat logs Text files with usernames and passwords Source code

Windows 7 Problem Resolution

True or false? In Windows 7, many common problems are resolved transparently, requiring little, if any, user interaction.

1. True
2. False

Answer: The correct answer is 2.

Breakdown: Unfortunately, even modern versions of the Windows operating system, such as Windows 7, are occasionally subject to errors. The good news is that the built-in diagnostic tools as well as other recovery tools are available to guide you through troubleshooting OS problems.

Windows Homegroups

True or false? Homegroups were introduced in Windows Vista.

1. True
2. False

Answer: The correct answer is 2.

Breakdown: Windows 7 provides a feature called HomeGroup that allows computers to share pictures, music, videos, documents, and printers with other computers in the same homegroup. To create a homegroup, you must be running Windows 7 Home Premium, Professional, Ultimate, or Enterprise.

Windows Network Connectivity

By default, Windows network interfaces connect by:

1. Static IP Address
2. DHCP
3. Wake-on-LAN
4. Domain

Answer: The correct answer is 2.

Breakdown: By default, Windows network connections are configured to use DHCP.

Windows User Accounts

True or false? The two types of user accounts are computer administrator and standard user.

1. True
2. False

Answer: The correct answer is 1.

Breakdown: Windows 7 and Windows Vista support two general types of user accounts: computer administrator and standard user. Administrators have full control of the computer, while standard user accounts can use programs but cannot make system changes that affect other user accounts.

Acceptable Internet Use Policy

The organization routinely has issues with employees using all of the available bandwidth on their Internet link for non-work related tasks. How should the company go about defining an acceptable Internet use policy?

1. The company should mandate that employees only use personal mobile devices to access the Internet for non-work related use.
2. The company should institute a request system for accessing the Internet for non-work related use.
3. The company should update their acceptable use policy for use of the corporate network to specify that Internet access is only for work-related use. Exceptions can be made for the occasional personal email.

Answer: The correct answer is 3.

Breakdown: An acceptable use policy should be created as part of the overall information security policy to define which actions are acceptable to be done on employee computing platforms. In the case above, the detrimental impact to throughput on the corporate network due to employee personal Internet usage should be cited and used to justify usage restrictions. An exemption for occasional personal use such as sending personal email can be made to accommodate reality and to make the policy less onerous on employees.

Vendor Minimum Obligations Document

The organization’s HR system has been outsourced and all of the accounting personnel responsible for payroll have complained the system is slow. What document should be reviewed to see if the vendor is meeting the minimum obligations for how they are delivering the service?

1. NDA
2. Vendor contract
3. Purchase order
4. SLA

Answer: The correct answer is 4.

Breakdown: A service level agreement (SLA) is put in place between two organizations to establish a baseline for services provided from one organization to another. Most commonly, SLAs pertain to transaction-level performance such as up time or certain response time for transactions, but can also be used for nontechnical services such as time for hardware replacement or repair.

Security Events vs. Security Incidents

Which of the following are examples of security incidents? (Choose all that apply)

1. Malicious port scan
2. Worm infection on network
3. DDos attack on corporate Web server
4. IIS attack against corporate Apache Web server
5. Employee theft of confidential data

Answer: The correct answer is 2, 3, and 5.

Breakdown: Not every attack encountered by an enterprise is a security incident. To focus the limited resources at their disposal, security professionals delineate between security events and security incidents based on risk. A security event is any activity that takes place that does not pose a risk to the organization such as when an IIS attack is launched against an Apache web server. A security incident occurs when an attack is successful or there is significant risk associated with the event.

Organizational Security Stakeholders

True or false? Organizational security stakeholders can include members from any business discipline.

1. True
2. False

Answer: The correct answer is 1.

Breakdown: Stakeholders can include anyone with an interest in the outcome of the organization or a specific project regardless of business discipline. Stakeholders can include members of the same organization or members of a different organization.

Application Development and Security Policy

With regards to an organization’s security policy, which business discipline is responsible for application development?

1. Finance
2. IT department
3. Training group
4. Programming group

Answer: The correct answer is 4.

Breakdown: The programming group develops and maintains an enterprise’s applications. It is important to work with programmers during the development stage in order to identify security issues and mitigate them prior to application release.

Waterfall Development Methodology and Organizational Security

In the waterfall development methodology, what phase follows the requirements phase?

1. Verification
2. Implementation
3. Maintenance
4. Design

Answer: The correct answer is 2.

Breakdown: The waterfall model was developed for technology project management, but can also be applied to implementing secure solutions. There are five phases to this model: Requirements Design Implementation Verification Maintenance

VoIP Deployment Concerns

Which of these is the most important when it comes to VoIP deployment concerns?

1. Security controls
2. How many people are in the organization
3. Network latency and capacity
4. Number of firewalls

Answer: The correct answer is 1.

Breakdown: Security is typically assumed across traditional phone lines and over cellular networks, but it becomes more of a challenge for VoIP networks where communication can be more easily intercepted and spoofed. Where security concerns are present due to the potential insecurity of the network, both end-to-end encryption and mutual authentication of both parties should be implemented.

Unified Communications Technologies Definition

True or false? The unified communications technologies definition refers to the integration of older communications technologies with newer Internet and cloud-based technologies.

1. True
2. False

Answer: The correct answer is 2.

Breakdown: The concept of Unified Communications (UC) is the integration of a large number of communication technologies that traverse a wide range of networking technologies. While some technologies traverse older technologies such as phone or traditional data networks, the US is rapidly shifting to be carried largely by the various Internet technologies such as the cloud.

Security Best Practices for Mobile Devices

Which is NOT one of the security best practices for mobile devices?

1. Screen lock
2. Device encryption
3. Logging phone calls
4. Strong password

Answer: The correct answer is 3.

Breakdown: Lost or stolen mobile devices pose a tremendous risk to organizations. Employing some key security best practices for mobile devices can help to minimize these risks: Enable screen lock Require a strong password Require remote wipe/sanitization Configure device encryption

VoIP Traffic Encryption Obstacles

Which is one of the possible VoIP traffic encryption obstacles?

1. Network cables don’t have encryption built in.
2. Network doesn’t have enough capacity/throughput to support it.
3. IDS isn’t able to read encrypted traffic.
4. VoIP doesn’t support encryption.

Answer: The correct answer is 2.

Breakdown: End-to-end encryption is one of the minimum set of security controls that should be implemented for VoIP, however, the overhead to implement encryption may degrade service delivery due to insufficient throughput on the network.

Security of Email Communications Technologies

When considering the security of email communications technologies, which of the following is not something that you need to worry about?

1. Security of the server
2. Security of the email client
3. Encrypting the email in transit
4. Susceptibility of the user to phishing

Answer: The correct answer is 2.

Breakdown: Email is largely an “insecure by default” set of protocols, but a basic set of security precautions must be implemented to minimize risk. These consist of protecting email in transit by using encryption, securing the email server(s), and protecting those reading emails in the form of antivirus software and user education to be alert to phishing schemes and other social engineering exploits. Security of the email client falls outside of the scope of the email infrastructure and onto the realm of computer and application security.

Security Issues in System Decommissioning

Which of the following are security issues in system decommissioning?

1. Data left on devices.
2. Availability of services once the system is decommissioned.
3. Not having the piece of hardware anymore.
4. All of the above.

Answer: The correct answer is 1.

Breakdown: All technology solutions reach the point where they no longer meet business needs or a new solution is put in place to meet those needs. Often, decommissioned systems contain large amounts of the organization’s data which needs to be properly disposed of before the system is completely decommissioned. Failure to do so can result in significant data breaches which subsequently can exact a heavy toll.

New Technology Deployment Concerns

What new technology deployment concerns are significant operational concerns with regard to information security?

1. New personnel who haven’t taken annual awareness training.
2. New processes required to support the security of the technology.
3. Less IT resources for administration.
4. More developed code in the organization.

Answer: The correct answer is 2.

Breakdown: When a new technology is deployed, information security needs to take into account how the day-to-day operational activities of the security group will change to account for the new solution. These operational activities need to take into consideration the emerging threat and vulnerabilities the new technology solution introduces into the data environment and the additional security operations required to maintain the security of the new system.

Security Issues Remediation Cost

In the SDLC, in which phase is the security issues remediation cost highest?

1. Requirements Analysis
2. Project Planning
3. Testing/Quality Assurance
4. Implementation

Answer: The correct answer is 3.

Breakdown: Fixing defects along with security concerns becomes progressively more expensive the further into the SDLC they are discovered. Identifying and fixing defects in the Testing/QA phase is much more expensive than if they were anticipated and accounted for during the requirements analysis phase.

Address Range of Class B Network Addresses

What is the address range of Class B network addresses in binary?

1. 01xxxxxx
2. 0xxxxxxx
3. 10xxxxxx
4. 110xxxxx

Answer: The correct answer is 3.

Breakdown: The range of a Class B network address is 128-191, which in binary is 10xxxxxx.

Application Layer TCP/IP Protocols

Which are application layer TCP/IP protocols in OSI model? (Choose all that apply)

1. IP
2. TCP
3. Telnet
4. FTP
5. TFTP

Answer: The correct answer is 3, 4 and 5.

Breakdown: Telnet, FTP, and TFTP are all Application layer protocols. IP is a Network layer protocol and TCP is a Transport layer protocol.

ARP Request For Remote Host

Which of the following allows a router to respond to an ARP request for a remote host?

1. Gateway DP
2. Reverse ARP (RARP)
3. Proxy ARP
4. Inverse ARP (IARP)
5. Address Resolution Protocol (ARP)

Answer: The correct answer is 3.

Breakdown: Proxy Address Resolution Protocol (ARP) can help machines on a subnet reach remote subnets without configuring routing or a default gateway.

Basic Router Functions

Which of the following are basic router functions? (Choose all that apply)

1. Packet switching
2. Collision prevention
3. Packet filtering
4. Broadcast domain enlargement
5. Internetwork communication
6. Broadcast forwarding
7. Path selection

Answer: The correct answer is 1, 3, 5 and 7.

Breakdown: Routers operate at Layer-3 of the OSI model and provide packet switching, packet filtering, internetwork communications, and path selection.

Binary Number Decimal and Hexadecimal Equivalents

For the following binary number: 10110111 What are the decimal and hexadecimal equivalents?

1. 69/0x2102
2. 183/B7
3. 173/A6
4. 83/0xC5

Answer: The correct answer is 2.

Breakdown: Converting to decimal: 10110111 = 128 + 32 + 16 +4 + 2 + 1 = 183. Breaking the bits into 4-bit nibbles: 1011 0111 we get 11 and 7 decimal, which is 0xB7 in hexadecimal.

Browser Security Settings

What applet would you use to change your browser security settings?

1. The Action Center
2. Windows Firewall
3. Internet Options
4. System Protection

Answer: The correct answer is 3.

Breakdown: The Internet Options, or Internet Properties, d

Calculate Maximum Number of IP Addresses

Calculate the maximum number of IP addresses that can be assigned to hosts on a local subnet that uses the 255.255.255.224 subnet mask.

1. 14
2. 15
3. 16
4. 30
5. 31
6. 62

Answer: The correct answer is 4.

Breakdown: A /27 subnet mask is 3 bits on and 5 bits off. This provides 8 subnets, each with 30 hosts.

Calculate Subnets and Hosts Number

Calculate the number of subnets and hosts from the following network address: 172.16.0.0/19.

1. 7 subnets, 30 hosts each
2. 7 subnets, 2,046 hosts each
3. 7 subnets, 8,190 hosts each
4. 8 subnets, 30 hosts each
5. 8 subnets, 2,046 hosts each
6. 8 subnets, 8,190 hosts each

Answer: The correct answer is 8.

Breakdown: A /19 subnet mask has 3 ones in the third octet (111111111 11111111 111), hence 2^3 = 8 subnets. Taking the remaining ones bits (13): 2^13 = 8192, then subtracting two: 8192 – 2 = 8190 hosts available in the subnet.

Carry out security activities across the technology life cycle

Carrying out the security in business.

Enterprise security provides objective advice so that technology and vendor selections can accommodate the organizational requirements. A security professional aids in addressing the entire business security life cycle with services and solutions that include:

Answer: Developing security strategies and roadmaps Helping to achieve governance, risk, and compliance needs Creating payment card industry solutions Installing and assisting with infrastructure Managing threats and vulnerabilities

Categorizing Security Controls by Time of Response to the Incident

Security controls can be categorized by the time they can be implemented in accordance to the incident. What are those categorizations?

To help examine or design security controls, they can be categorized by several criteria, very commonly, the duration of time that they act in response to a security incident: Before the event: preventive controls are proposed to prevent an incident from occurring; for example, using video monitors to watch for trespassers. During the event: detective controls are intended to identify and assess an incident in progress; for example, triggering an intruder alarm and alerting authorities. After the event: corrective controls are intended to minimize damage caused by the incident; for example, returning the organization to normal working status as efficiently as possible.

Characteristics of ICMP Packets

Which statements are true regarding the characteristics of ICMP packets? (Choose all that apply)

1. ICMP guarantees datagram delivery.
2. ICMP can provide hosts with information about network problems.
3. ICMP is encapsulated within IP datagrams.
4. ICMP is encapsulated within UDP datagrams.

Answer: The correct answer is 2 and 3.

Breakdown: ICMP provides hosts with information about network problems such as destination unreachable messages supported by the ping command. ICMP is encapsulated within IP datagrams.

Characteristics of the DHCP Discover Message

Which of the following describe characteristics of the DHCP discovery message? (Choose all that apply)

1. It uses FF:FF:FF:FF:FF:FF as a layer 2 broadcast.
2. It uses UDP as the Transport layer protocol.
3. It uses TCP as the Transport layer protocol.
4. It does not use a layer 2 destination address.

Answer: The correct answer is 1 and 2.

Breakdown: The layer 2 broadcast for DHCP is all Fs in hex: FF:FF:FF:FF:FF

Cisco Router Ambiguous Command Error

You type Router#sh ru and receive an % ambiguous command error. Why did you receive this Cisco router ambiguous command error?

1. The command requires additional options or parameters.
2. There is more than one show command that starts with the letters ru.
3. There is no show command that starts with ru.
4. The command is being executed from the wrong router mode.

Answer: The correct answer is 2.

Breakdown: This error means that there is more than one possible command that starts with ru — it’s ambiguous. You should use a question mark to find the correct command.

Cisco Router Command o/r

What does the Cisco router command o/r 0x2142 provide?

1. Used to restart the router.
2. used to bypass the configuration in NVRAM.
3. Used to enter ROM Monitor mode.
4. Used to view the lost password.

Answer: The correct answer is 2.

Breakdown: The default configuration setting is 0x2102, which tells the router to load the IOS from flash memory and the router configuration from NVRAM. The 0x2142 setting tells the router to bypass the configuration in NVRAM in order to perform password recovery.

Cisco Router Command to find Broadcast Address

You need to find the broadcast address used on a LAN on your router. What command do you need to type into the router from user mode to find the broadcast address?

1. show running-config
2. show startup-config
3. show interfaces
4. show protocols

Answer: The correct answer is 3.

Breakdown: The show interfaces command will provide the IP address and mask for each interface on the router. From there, you can then determine the mask in order to calculate the broadcast address for a LAN.

Cisco Router Debug IP RIP Command

You type the Cisco router debug ip rip command on your router console and see that 172.16.10.0 is being advertised with a metric of 16. What does this mean?

1. The router is 16 hops away.
2. The route has a delay of 16 microseconds.
3. The route is inaccessible.
4. The route is queued at 16 messages per second.

Answer: The correct answer is 3.

Breakdown: It’s important to remember that you cannot have 16 hops on a RIP network by default. If you receive a route advertised with a metric of 16, then this means it’s inaccessible.

Cisco Router Default Routes

If the routing table in your Cisco router has a static, a RIP, and an IGRP route to the same network, which route will be used as the default route for packets destined for this network?

1. Any available route
2. RIP route
3. Static route
4. IGRP route
5. They will all load-balance

Answer: The correct answer is 3.

Breakdown: Remember that static routes have an administrative distance (AD) of 1 by default. Unless this has been changed in the router’s configuration, a static route will always be used over any other found route. IGRP has an AD of 100 and RIP has an AD of 120 by default.

Cisco Router IP Source and Destinations

A Cisco router receives an IP packet with a source IP address of 192.168.214.20 and a destination address of 192.168.22.3. Looking at the output from the router shown below, what will it do with this packet? Copr#sh ip route [output cut] R 192.168.215.0 [120/2] via 192.168.20.2, 00:00:23, Serial0/0 R 192.168.115.0 [120/1] via 192.168.20.2, 00:00:23, Serial0/0 R 192.168.30.0 [120/1] via 192.168.20.2, 00:00:23, Serial0/0 C 192.168.20.0 is directly connected, Serial0/0 C 192.168.214.0 is directly connected, FastEthernet0/0

1. The packet will be discarded.
2. The packet will be routed out the S0/0 interface.
3. The router will broadcast looking for the destination.
4. The packet will be routed out the Fa0/0 interface.

Answer: The correct answer is 1.

Breakdown: Since the routing table shows no route to the 192.168.22.0 network, the router will discard the packet and send an ICMP destination unreachable out the interface FastEtherent0/0, which is the source LAN where the packet originated from.

Cisco Router Running-Config Command

You type show running-config and get this output: [output cut] Line console 0 Exec-timeout 1 44 Password 7098C0BQR Login [output cut] What do the two numbers following the exec-timeout command mean?

1. If no command has been typed in 44 seconds, the console connection will be closed.
2. If no router activity has been detected in 1 hour and 44 minutes, the console will be locked out.
3. If no commands have been typed in 1 minute and 44 seconds, the console connection will be closed.
4. If you’re connected to the router by a Telnet connection, input must be detected within 1 minute and 44 seconds or the connection will be closed.

Answer: The correct answer is 3.

Breakdown: The Exec-timeout value is in minutes and seconds, therefore, in this example, if no commands have been typed in 1 minute and 44 seconds, then the console connection will be closed.

Cisco Router Show Hosts Command

What information is displayed by the Cisco router show hosts command? (Choose all that apply)

1. Temporary DNS entries.
2. The names of the routers created using the hostname command.
3. The IP addresses of workstations allowed access to the router.
4. Permanent name-to-address mappings created using the ip host command.
5. The length of time a host has been connected to the router via Telnet.

Answer: The correct answer is 1 and 4.

Breakdown: The show hosts command provides information on temporary DNS entries and permanent name-to-address mappings created using the ip host command.

Cisco Router Running-Config Command

You type show running-config and get this output: [output cut] Line console 0 Exec-timeout 1 44 Password 7098C0BQR Login [output cut] What do the two numbers following the exec-timeout command mean?

1. If no command has been typed in 44 seconds, the console connection will be closed.
2. If no router activity has been detected in 1 hour and 44 minutes, the console will be locked out.
3. If no commands have been typed in 1 minute and 44 seconds, the console connection will be closed.
4. If you’re connected to the router by a Telnet connection, input must be detected within 1 minute and 44 seconds or the connection will be closed.

Answer: The correct answer is 3.

Breakdown: The Exec-timeout value is in minutes and seconds, therefore, in this example, if no commands have been typed in 1 minute and 44 seconds, then the console connection will be closed.

Cisco Router Show Hosts Command

What information is displayed by the Cisco router show hosts command? (Choose all that apply)

1. Temporary DNS entries.
2. The names of the routers created using the hostname command.
3. The IP addresses of workstations allowed access to the router.
4. Permanent name-to-address mappings created using the ip host command.
5. The length of time a host has been connected to the router via Telnet.

Answer: The correct answer is 1 and 4.

Breakdown: The show hosts command provides information on temporary DNS entries and permanent name-to-address mappings created using the ip host command.

Cisco Split Horizon

What is a split horizon with respect to Cisco routers?

The correct answer is 1.

Breakdown: A split horizon will not advertise a route back to the same router it learned the route from.

Class B Network Subnetting

For the following Class B network address: 172.16.45.14/30, what is the subnetwork this host belongs to?

Class B Subnetwork Host Address

For the following Class B Subnetwork host address, what would be the valid subnet address for this host?

1. 172.16.112.0
2. 172.16.0.0
3. 172.16.96.0
4. 172.16.255.0
5. 172.16.128.0

Answer: The correct answer is 1.

Breakdown: The /25 mask is 255.255.255.128. When used with a Class B network, the third and fourth octets are used for subnetting with a total of 9 bits, 8 bits in the third octet and 1 bit in the fourth. This places the IP address 172.16.112.1/25 in the 0 subnet making its network address 172.16.112.0.

Class C Broadcast Address

You have an interface on a router with the IP address of 192.168.192.10/29. What is the broadcast address the hosts will use on this LAN?

1. 192.168.192.15
2. 192.168.192.31
3. 192.168.192.63
4. 192.168.192.127
5. 192.168.192.255

Answer: The correct answer is 1.

Breakdown: A mask of /29 provides 5 subnet bits in the fourth octet with a block size of 8. This means that the IP address 192.168.192.10 is in the 8.0 subnet and the next subnet is 16.0, hence its broadcast address resides at 192.168.192.15.

Class C Subnetting

For a server on the following Class C subnetwork: 192.168.19.24/29, which address should you assign to the server, assuming the router has the first available host address?

1. 192.168.19.0 255.255.255.0
2. 192.168.19.33 255.255.255.240
3. 192.168.19.26 255.255.255.248
4. 192.168.19.31 255.255.255.248
5. 192.168.19.34 255.255.255.240

Answer: The correct answer is 3.

Breakdown: A /29 mask is 255.255.255.248 which is a block size of 8 in the fourth octet. The subnets are 0, 8, 16, 32, etc. The IP address 192.168.19.24 is the 24 subnet, which means that 192.168.19.26 is within this subnetwork and is the next available host address after the router at 192.168.19.25.

Classful Subnet Mask

You need to subnet a network that has 5 subnets, each with at least 16 hosts. Which classful subnet mask would you use?

1. 255.255.255.192
2. 255.255.255.224
3. 255.255.255.240
4. 255.255.255.248

Answer: The correct answer is 2.

Breakdown: Since you need 5 subnets, each with at least 16 hosts, then the mask 255.255.255.224 which provides 8 subnets, each with 30 hosts is the best answer from all of the choices.

Computer Security Legislation

The Electronic Communications Privacy Act of 1986 deals with eavesdropping and the interception of message contents without discerning between private or public systems. This law updated the Federal privacy clause in the Omnibus Crime Control and Safe Streets Act of 1968 to include digitized voice, data, or video, whether transmitted over wire, microwave, or fiber optics. Court warrants are purposed to intercept wire or oral communications, except for phone companies, the FCC, and police officers that are involved through the consent of one of the parties.

The Computer Security Act of 1987 places mandates on federal government agencies to conduct security-related training, to pinpoint sensitive systems, and to develop a security plan for those sensitive systems. A category of sensitive information called Sensitive But Unclassified (SBU) has to be taken into account. This category, formerly known as Sensitive Unclassified Information (SUI), addresses information below the government’s classified level that is valuable enough to protect, such as medical information, financial information, and research and development knowledge. This act also divided the government’s responsibility for security between the National Institute of Standards and Technology (NIST) and the National Security Agency (NSA). NIST was given the duty of monitoring information security in general, mainly for the commercial and SBU arenas, and NSA retained the duties for cryptography for classified government and military applications.

The Computer Security Act established the national Computer System Security and Privacy Advisory Board (CSSPAB) a twelve-member advisory group of experts in computer and telecommunications systems security.

The British Computer Misuse Act of 1990 deals with computer-related criminal offenses. The Federal Sentencing Guidelines of 1991 outlines punishment procedures for those found guilty of breaking federal law. Additional laws follow:

Answer: The OECD Guidelines to Serve as a Total Security Framework of 1992 includes laws, policies, technical and administrative measures, and education. The Communications Assistance for Law Enforcement Act of 1994 mandates that all communications carriers make wiretaps possible.

Configure Router to Use Internet

Network 206.143.5.0 was assigned to your company to connect to your ISP. As an administrator, you want to configure a router using the commands to use the Internet. Which of the following commands would you use to configure the Gateway router to allow Internet access to the entire network?

1. Gateway(config)#ip route 0.0.0.0.0.0.0.0 206.143.5.2
2. Gateway(config)#router rip
3. Gateway(config-router)#network 206.143.5.0
4. Gateway(config)#router rip
5. Gateway(config)#ip route 206.143.5.0 255.255.255.0 default
6. Gateway(config)#ip route 206.143.5.0 255.255.255.0 default
7. Gateway(config)#ip default-network 206.143.5.0

Answer: The correct answer is 1 and 7.

Breakdown: You can set a default route with the 0.0.0.0.0.0.0.0 mask and then specify the next hop as in answer 1. You can also use the same mask and use the exit interface instead of the next hop (not one of the answer choices). Finally, you can use the ip default-network command.

Connection Oriented Session Reliability

A receiving host has failed to receive all of the segments that it should acknowledge. What can the host do to improve the connection oriented session reliability in this case?

1. Send a different source port number.
2. Restart the virtual circuit.
3. Decrease the sequence number.
4. Decrease the window size.

Answer: The correct answer is 4.

Breakdown: Windows controls how much information is transferred from one end to the other. If a receiving host fails to receive all the segments that it should acknowledge, the host can improve the communication session by decreasing the window size.

Connections That Can Use Full Duplex

Which of the following are connections that can use full duplex? (Choose all that apply)

1. Hub to hub
2. Switch to switch
3. Host to host
4. Switch to hub
5. Switch to host

Answer: The correct answer is 2, 3 and 5.

Breakdown: The important point to remember is that hubs can’t run full-duplex. On the other hand, switches and hosts can run full duplexes between one another.