Black Friday / Cyber Monday Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70percent

Exin SCNP SCNP Strategic Infrastructure Security Exam Practice Test

Demo: 34 questions
Total 233 questions

SCNP Strategic Infrastructure Security Questions and Answers

Question 1

Recently at your organization you have been requested to lead the team in performing a new Risk Analysis of the organization. During the first team meeting you identify to your team the three areas of Risk Analysis. What are those three areas?

Options:

A.

Verifying Risk, Minimizing Risk, Removing Risk

B.

Qualifying Risk, Mitigating Risk, Removing Risk

C.

Predicating Risk, Qualifying Risk, Minimizing Risk

D.

Predicting Risk, Quantifying Risk, Mitigating Risk

E.

Quantifying Risk, Mitigating Risk, Removing Risk

Question 2

You have been given the task of writing your organizations security policy. During your research you find that there are several established standards for security policy design. Which of the following are accepted standards?

Options:

A.

ISO 17799

B.

BS 197

C.

ISO 979

D.

BS 7799

E.

ISO 179

Question 3

You have just recently finished a complete Risk Analysis of your organization. During your presentation you present the controls you feel must be implemented. Which is considered to be the major factor in determining a specific control system to implement?

Options:

A.

Control system documentation

B.

Return on investment

C.

Current system availability

D.

Familiarity with the system

E.

Staffs previous use of system

Question 4

One of your users calls to state that their computer is acting unusual. You go to investigate and find there is an unauthorized program installed on this computer. You examine the network and find that this program is now on other machines in the network. It seems to be unable to move through the network on its own, and is getting sent as an email attachment. What type of program is in the network?

Options:

A.

The program is a Worm.

B.

The program is a Virus.

C.

The program is a Port scanner.

D.

The program is a Trojan Horse.

E.

The program is a Macro.

Question 5

During a discussion of asset classification and protection with a coworker, you realize that your coworker does not know the basic concepts of asset protection. You are asked to describe the types of asset protection. Which of the following describes the concept of feasible protection of an asset?

Options:

A.

The cost to replace the asset is greater than the cost of recovery of the asset.

B.

The cost to replace the asset is less than the cost of protect the asset.

C.

The cost to protect the asset is greater than the cost of recovery of the asset.

D.

The cost to replace the asset is less than the cost of recovery of the asset.

E.

The cost to protect the asset is less than the cost of recovery of the asset.

Question 6

Which of the following is the name of the Active X authentication system Microsoft has included to prevent Active X controls from being altered or corrupted by attackers wanting to perform unwarranted operations?

Options:

A.

Driver Signing

B.

Authenticode

C.

Certificate services

D.

NTLM

E.

Kerberos

Question 7

To manage the risk analysis of your organization you must first identify the method of analysis to use.

Which of the following organizations defines the current standards of risk analysis methodologies?

Options:

A.

NIST

B.

CERT

C.

F-ICRC

D.

NBS

E.

NSA

Question 8

In your organization, the majority of employees use Microsoft Outlook Express as their email client. You are configuring these systems so that applications on the employee systems cannot send email, posing as the user of the system. Under the Security tab, which option will you select to achieve this goal?

Options:

A.

Do not allow other applications to send mail as me.

B.

Disable application mail delivery.

C.

Prompt me prior to application mail delivery.

D.

Warn me when other applications try to send mail as me.

E.

Do not allow applications that could potentially transmit a virus to send mail as me.

Question 9

You are configuring the permissions to a file, called file1, on your Linux file server. You wish to change the permissions to remove the execute permission from the others and group. Which of the following commands will complete this task?

Options:

A.

umask x-og file1

B.

umask og-x file1

C.

chmod xog- file1

D.

chmod x-og file1

E.

chmod og-x file1

Question 10

You have recently installed a new Linux machine, running Apache as your web server. You are running Novell SuSe Linux, and are going to use YaST to disable some unneeded modules. In the left-hand options of YaST, which section would you choose in order to disable modules for your Apache web server?

Options:

A.

Network Services

B.

Software

C.

System

D.

Software Management

E.

Miscellaneous

Question 11

To maintain the security of your network you routinely run several checks of the network and computers.

Often you use the built-in tools, such as netstat. If you run the following command: netstat –e which of the following will be the result?

Options:

A.

Displays all connections and listening ports

B.

Displays Ethernet statistics

C.

Displays addresses and port numbers in numerical form

D.

Shows connections for the protocol specified

E.

Displays per-protocol statistics

Question 12

You have a series of new Windows Server 2003 systems, including 3 new web servers running IIS 6.0.

You are concerned about the overall security of your servers, and are checking with Microsoft for any patches or updates that you might need to apply to your systems. Which of the following would you apply if you need to implement an update based on a critical Microsoft Security Bulletin?

Options:

A.

Critical Update

B.

Security Update

C.

Feature Pack

D.

Update Rollup

E.

MSB Update

Question 13

Recently, you have seen an increase in intrusion attempts and in network traffic. You decide to use Snort to run a packet capture and analyze the traffic that is present. Looking at the example, what type of traffic did Snort capture in this log file?

Options:

A.

Nmap SYN/FIN Scan

B.

Nmap NULL Scan

C.

Nmap ACK Scan

D.

Nmap SYN Scan

E.

Nmap XMAS Scan

Question 14

Recently, you have seen an increase in intrusion attempts and in network traffic. You decide to use Snort to run a packet capture and analyze the traffic that is present. Looking at the example, what type of traffic did Snort capture in this log file?

Options:

A.

NetBus Scan

B.

Trojan Scan

C.

Ping Sweep

D.

Port Scan

E.

Ping Sweep

Question 15

Microsoft has developed several security tools to help you with the security and configuration of the systems in your network. One of these tools is the Microsoft Security Baseline Analyzer (MBSA). In the command line options of the MBSA is the HFNetChk tool. What is the function of the HFNetChk tool, available with MBSA?

Options:

A.

To check for the current Hotfixes that are available from Microsoft

B.

It is an upgrade to the Windows Update tool for checking on all updates

C.

It is the tool that must be run prior to installing IIS 6.0

D.

It is the tool that checks the network configuration of all web servers

E.

To record what Hotfixes and service packs are running on the Windows machine

Question 16

Your organization assigns an Annual Loss Expectancy to assets during a risk analysis meeting. You have a server which if down for a day will lose the company $35,000, and has a serious root access attack against it once per month. What is the ALE for this attack against this server?

Options:

A.

$35,000

B.

$120,000

C.

$2,916

D.

$3,500

E.

$420,000

Question 17

From the following list, chose the primary reason for splitting a Security Policy into multiple smaller policies?

Options:

A.

Smaller policies are cheaper to produce

B.

Smaller policies are simpler to manage

C.

Smaller policies are simpler to produce

D.

Smaller policies are more legally binding

E.

Smaller policies provide better security control

Question 18

It has been decided that the network you manage will implement new Windows 2003 Servers, using Active Directory. You are configuring several of the Active Directory objects in your Windows 2003 network.

What is used as the default security for these objects?

Options:

A.

Public Keys

B.

EFS

C.

NTFS

D.

ACLs

E.

Private Keys

Question 19

You have a file on your Linux system, and you need to modify the file's permissions. The permissions you wish to apply are: Read and Write for the User; Read and Write for the Group: and Read for the Others.

What command will allow you to achieve this?

Options:

A.

chmod 660 test_file.tar.gz

B.

chmod 760 test_file.tar.gz

C.

chmod 604 test_file.tar.gz

D.

chmod 704 test_file.tar.gz

E.

chmod 664 test_file.tar.gz

Question 20

Recently, you have seen an increase in intrusion attempts and in network traffic. You decide to use

Snort to run a packet capture and analyze the traffic that is present. Looking at the example, what type of traffic did Snort capture in this log file?

Options:

A.

Nmap SYN/FIN Scan

B.

Nmap ACK Scan

C.

Nmap NULL Scan

D.

Nmap XMAS Scan

E.

Nmap SYN Scan

Question 21

Recently, you have seen an increase in intrusion attempts and in network traffic. You decide to use

Snort to run a packet capture and analyze the traffic that is present. Looking at the example, what type of traffic did Snort capture in this log file?

Options:

A.

Trojan Horse Scan

B.

Back Orifice Scan

C.

NetBus Scan

D.

Port Scan

E.

Ping Sweep

Question 22

There are several clients of your network that require the ability to connect remotely. You are using Internet Authentication Services (IAS) in Windows Server 2003 for security. What is IAS the Windows implementation of?

Options:

A.

MD5

B.

DES

C.

RSA

D.

PKI

E.

RADIUS

Question 23

You have a file on your Linux system, and you need to modify the file's permissions. The permissions you wish to apply are: Read, Write, and Execute for the User; Read and Write for the Group: and Read for the Others. What command will allow you to achieve this?

Options:

A.

chmod 700 test_file.tar.gz

B.

chmod 600 test_file.tar.gz

C.

chmod 774 test_file.tar.gz

D.

chmod 644 test_file.tar.gz

E.

chmod 674 test_file.tar.gz

Question 24

You have recently introduced the users of your Windows 2003 Domain network to EFS, and the company policy indicates that several users must take advantage of EFS for certain files. Since it is new, you are concerned with EFS being implemented in ways not defined in the policy. Which user account is, by default, the Recovery Agent, that can decrypt data if need be?

Options:

A.

The user who created the file

B.

Domain Administrator

C.

The user who encrypted the file

D.

Any PowerUser

E.

The Backup Operator

Question 25

Recently, you have seen an increase in intrusion attempts and in network traffic. You decide to use

Snort to run a packet capture and analyze the traffic that is present. Looking at the example, what type of traffic did Snort capture in this log file?

Options:

A.

Nmap XMAS Scan

B.

Nmap NULL Scan

C.

Nmap SYN Scan

D.

Nmap ACK Scan

E.

Nmap SYN/FIN Scan

Question 26

You have just finished installing new servers and clients in your office network. All the new client machines are running Windows 2000 Professional, and the servers are running Windows Server 2003. You are now working on securing all user authentication related areas of the systems. Where is user account information stored, both for the Domain and the local machine?

Options:

A.

Domain user account information is stored in the Active Directory.

B.

Local user account information is stored in the SAM.

C.

Local user account information is stored in the Active Directory.

D.

Domain user account information is stored in the SAM.

E.

Domain user account information is stored in the Metabase

Question 27

You have recently hired an assistant to help you with managing the security of your network. You are currently running an all Windows environment, and are describing NTFS permission issues. You are using some demonstration files to help with your discussion. You have two NTFS partitions, C:\ and D:\ There is a test file, C:\DIR1\test.txt that is currently set so that only Administrators have Full Control. If you move this file to the C:\DIR2 folder, what will the permissions be for this file?

Options:

A.

The file will have the same permissions as D:\DIR2

B.

The file permissions will remain the same

C.

The file permissions will be lost

D.

The file permissions will convert to Everyone - Full Control

E.

The permissions will be set to whatever the CREATOR OWNER permissions are for the D:\ partition

Question 28

You are working on the configuration of the authentication systems used in your network, and are considering several different authentication methods for your computer systems. What do LM, NTLM, and NTLMv2 use as their Authentication method?

Options:

A.

Challenge/Response

B.

Public Key Cryptography

C.

Private Key Cryptography

D.

Private Certificates

E.

Public Certificates

Question 29

In Windows 2003, there are four methods of implementing IPSec. They are:

1 - Require Security

2 - Request Security

3 - Respond Only

4 - No IPSec Policy

Your network hosts many servers, and different security policies are in place in different locations in the network. The Clients and Servers in your network are configured as follows:

-You have servers numbered 1-9, which have a policy stating they require no network traffic security.

-You have servers numbered 10-19, which have a policy stating they are not required to be secure, but will encrypt network traffic if the client is able to receive it.

-You have servers numbered 20-29, which have a policy stating they are required to be secure and all network traffic they deliver must be secured.

-You have clients numbered 60-79 that are required to access secure servers 20-29.

-You have clients numbered 80-99 that are not required to access secure servers 20-29, but are required to access servers 1-9 and 10-19.

Based on the Client and Server configuration provided above, which of the following computers must implement IPSec method 3?

Options:

A.

Computers numbered 1-9

B.

Computers numbered 10-19

C.

Computers numbered 20-29

D.

Computers numbered 60-79

E.

Computers numbered 80-90

Question 30

You are configuring a complex set of policies in your Windows 2003 Active Directory network. You have parent and child GPOs. If you do not want the child GPO to inherit policy from the parent GPO, you would do which of the following?

Options:

A.

Check the Block Policy Inheritance checkbox.

B.

Uncheck the Disallow Inheritable Permissions to Traverse from Parent to Child Object box.

C.

Uncheck the Reset Permissions on All Child Objects and Enable Propagation of Inheritable Permissions.

D.

Check the Disallow Inheritable Permissions to Traverse from Parent to Child Object box.

E.

You cannot block policy inheritance from parent to child GPOs.

Question 31

What of the following user accounts are given the correct default User Identifier and Group Identifier, assuming the system is running Red Hat Linux?

Options:

A.

ftp: User Identifier 21, Group Identifier 21

B.

root: User Identifier 0, Group Identifier 0

C.

bin: User Identifier 1, Group Identifier 1

D.

adm: User Identifier 3, Group Identifier 3

E.

mail: User Identifier 25, Group Identifier 25

Question 32

On your Linux computer you are examining the contents of various files to ensure they are secured and contain the designated information. Entries in the /etc/hosts file consist of which of the following?

Options:

A.

The IP address, the host-name and aliases (if any)

B.

The IP address, subnet mask, the host-name (if any)

C.

The IP address, subnet mask, the host-name and aliases (if any)

D.

The IP address, subnet mask, default gateway and the host-name

E.

The IP address, subnet mask, default gateway, the host-name and aliases (if any)

Question 33

You have recently hired an assistant to help you with managing the security of your network. You are currently running an all Windows Server 2003 environment, and are describing the issues associated with sharing folders. You describe different shared folder permissions. Which of the following describes the maximum abilities of the Read permission?

Options:

A.

Display folder names, filenames and data, and execute files

B.

Rename files and folders, delete files and folders

C.

Create folders, add files to folders, change or delete flies in folders

D.

Rename files and folders, and execute files

E.

Change file permissions and take ownership of files

Question 34

You are reviewing the lines used in the configuration of TCP Wrappers on your Linux system. When placed in the denial file, what is the function of the following line?

in.telnetd: 192.168.23.: spawn (/bin/echo %c >> /var/log/telnet.log)

Options:

A.

This line will initiate a Telnet connection to the 192.168.23.0/24 network.

B.

This line will write a log line to the /bin/echo directory when a host tries to use Telnet to connect to the 192.168.23.0/24 network.

C.

This line will initiate an ICMP echo request when a host from the 192.168.23.0/24 network uses Telnet.

D.

This line will write a log line that contains client information when a host from the QUESTION NO: 192

68.23.0/24 network attempts to use Telnet.

E.

This line will write a log line to the /var/log directory when a host tries to use Telnet to connect to the 192.168.23.0/24 network.

Demo: 34 questions
Total 233 questions