Recently at your organization you have been requested to lead the team in performing a new Risk Analysis of the organization. During the first team meeting you identify to your team the three areas of Risk Analysis. What are those three areas?
You have been given the task of writing your organizations security policy. During your research you find that there are several established standards for security policy design. Which of the following are accepted standards?
You have just recently finished a complete Risk Analysis of your organization. During your presentation you present the controls you feel must be implemented. Which is considered to be the major factor in determining a specific control system to implement?
One of your users calls to state that their computer is acting unusual. You go to investigate and find there is an unauthorized program installed on this computer. You examine the network and find that this program is now on other machines in the network. It seems to be unable to move through the network on its own, and is getting sent as an email attachment. What type of program is in the network?
During a discussion of asset classification and protection with a coworker, you realize that your coworker does not know the basic concepts of asset protection. You are asked to describe the types of asset protection. Which of the following describes the concept of feasible protection of an asset?
Which of the following is the name of the Active X authentication system Microsoft has included to prevent Active X controls from being altered or corrupted by attackers wanting to perform unwarranted operations?
To manage the risk analysis of your organization you must first identify the method of analysis to use.
Which of the following organizations defines the current standards of risk analysis methodologies?
In your organization, the majority of employees use Microsoft Outlook Express as their email client. You are configuring these systems so that applications on the employee systems cannot send email, posing as the user of the system. Under the Security tab, which option will you select to achieve this goal?
You are configuring the permissions to a file, called file1, on your Linux file server. You wish to change the permissions to remove the execute permission from the others and group. Which of the following commands will complete this task?
You have recently installed a new Linux machine, running Apache as your web server. You are running Novell SuSe Linux, and are going to use YaST to disable some unneeded modules. In the left-hand options of YaST, which section would you choose in order to disable modules for your Apache web server?
To maintain the security of your network you routinely run several checks of the network and computers.
Often you use the built-in tools, such as netstat. If you run the following command: netstat –e which of the following will be the result?
You have a series of new Windows Server 2003 systems, including 3 new web servers running IIS 6.0.
You are concerned about the overall security of your servers, and are checking with Microsoft for any patches or updates that you might need to apply to your systems. Which of the following would you apply if you need to implement an update based on a critical Microsoft Security Bulletin?
Recently, you have seen an increase in intrusion attempts and in network traffic. You decide to use Snort to run a packet capture and analyze the traffic that is present. Looking at the example, what type of traffic did Snort capture in this log file?
Recently, you have seen an increase in intrusion attempts and in network traffic. You decide to use Snort to run a packet capture and analyze the traffic that is present. Looking at the example, what type of traffic did Snort capture in this log file?
Microsoft has developed several security tools to help you with the security and configuration of the systems in your network. One of these tools is the Microsoft Security Baseline Analyzer (MBSA). In the command line options of the MBSA is the HFNetChk tool. What is the function of the HFNetChk tool, available with MBSA?
Your organization assigns an Annual Loss Expectancy to assets during a risk analysis meeting. You have a server which if down for a day will lose the company $35,000, and has a serious root access attack against it once per month. What is the ALE for this attack against this server?
From the following list, chose the primary reason for splitting a Security Policy into multiple smaller policies?
It has been decided that the network you manage will implement new Windows 2003 Servers, using Active Directory. You are configuring several of the Active Directory objects in your Windows 2003 network.
What is used as the default security for these objects?
You have a file on your Linux system, and you need to modify the file's permissions. The permissions you wish to apply are: Read and Write for the User; Read and Write for the Group: and Read for the Others.
What command will allow you to achieve this?
Recently, you have seen an increase in intrusion attempts and in network traffic. You decide to use
Snort to run a packet capture and analyze the traffic that is present. Looking at the example, what type of traffic did Snort capture in this log file?
Recently, you have seen an increase in intrusion attempts and in network traffic. You decide to use
Snort to run a packet capture and analyze the traffic that is present. Looking at the example, what type of traffic did Snort capture in this log file?
There are several clients of your network that require the ability to connect remotely. You are using Internet Authentication Services (IAS) in Windows Server 2003 for security. What is IAS the Windows implementation of?
You have a file on your Linux system, and you need to modify the file's permissions. The permissions you wish to apply are: Read, Write, and Execute for the User; Read and Write for the Group: and Read for the Others. What command will allow you to achieve this?
You have recently introduced the users of your Windows 2003 Domain network to EFS, and the company policy indicates that several users must take advantage of EFS for certain files. Since it is new, you are concerned with EFS being implemented in ways not defined in the policy. Which user account is, by default, the Recovery Agent, that can decrypt data if need be?
Recently, you have seen an increase in intrusion attempts and in network traffic. You decide to use
Snort to run a packet capture and analyze the traffic that is present. Looking at the example, what type of traffic did Snort capture in this log file?
You have just finished installing new servers and clients in your office network. All the new client machines are running Windows 2000 Professional, and the servers are running Windows Server 2003. You are now working on securing all user authentication related areas of the systems. Where is user account information stored, both for the Domain and the local machine?
You have recently hired an assistant to help you with managing the security of your network. You are currently running an all Windows environment, and are describing NTFS permission issues. You are using some demonstration files to help with your discussion. You have two NTFS partitions, C:\ and D:\ There is a test file, C:\DIR1\test.txt that is currently set so that only Administrators have Full Control. If you move this file to the C:\DIR2 folder, what will the permissions be for this file?
You are working on the configuration of the authentication systems used in your network, and are considering several different authentication methods for your computer systems. What do LM, NTLM, and NTLMv2 use as their Authentication method?
In Windows 2003, there are four methods of implementing IPSec. They are:
1 - Require Security
2 - Request Security
3 - Respond Only
4 - No IPSec Policy
Your network hosts many servers, and different security policies are in place in different locations in the network. The Clients and Servers in your network are configured as follows:
-You have servers numbered 1-9, which have a policy stating they require no network traffic security.
-You have servers numbered 10-19, which have a policy stating they are not required to be secure, but will encrypt network traffic if the client is able to receive it.
-You have servers numbered 20-29, which have a policy stating they are required to be secure and all network traffic they deliver must be secured.
-You have clients numbered 60-79 that are required to access secure servers 20-29.
-You have clients numbered 80-99 that are not required to access secure servers 20-29, but are required to access servers 1-9 and 10-19.
Based on the Client and Server configuration provided above, which of the following computers must implement IPSec method 3?
You are configuring a complex set of policies in your Windows 2003 Active Directory network. You have parent and child GPOs. If you do not want the child GPO to inherit policy from the parent GPO, you would do which of the following?
What of the following user accounts are given the correct default User Identifier and Group Identifier, assuming the system is running Red Hat Linux?
On your Linux computer you are examining the contents of various files to ensure they are secured and contain the designated information. Entries in the /etc/hosts file consist of which of the following?
You have recently hired an assistant to help you with managing the security of your network. You are currently running an all Windows Server 2003 environment, and are describing the issues associated with sharing folders. You describe different shared folder permissions. Which of the following describes the maximum abilities of the Read permission?
You are reviewing the lines used in the configuration of TCP Wrappers on your Linux system. When placed in the denial file, what is the function of the following line?
in.telnetd: 192.168.23.: spawn (/bin/echo %c >> /var/log/telnet.log)