Module III Certification Quiz Part 2

62 Questions | Total Attempts: 123

SettingsSettingsSettings
Please wait...
Module Quizzes & Trivia

SCOO certifiaction quiz for security plus test test and test some more


Questions and Answers
  • 1. 
      Choose the network mapping tool (scanner) which uses ICMP (Internet Control Message Protocol)
    • A. 

      A ping scanner

    • B. 

      A share scanner

    • C. 

      A port scanner

    • D. 

      A map scanner

  • 2. 
      Which of the following is a protocol analyzer?
    • A. 

      Nessus

    • B. 

      Cain _Abel

    • C. 

      WireShark

    • D. 

      John the Ripper

  • 3. 
      Which of the following will require setting a baseline ?(select TWO)
    • A. 

      NIPS

    • B. 

      Anomaly-based monitoring

    • C. 

      Signature-based monitoring

    • D. 

      Behavior-based monitoring

  • 4. 
      An organization needs to monitor all network traffic as it traverses their network. Which item should be used by the technician?
    • A. 

      Honeypot

    • B. 

      Protocol analyzer

    • C. 

      HIDS

    • D. 

      Content filter

  • 5. 
      After implementing auditing on a file, which log will show unauthorized usage attempts?
    • A. 

      Application

    • B. 

      Security

    • C. 

      System

    • D. 

      Performance

  • 6. 
      One of the below is a description for a password cracker, which one is it?
    • A. 

      A program that can locate and read a password file

    • B. 

      A program that provides software registration passwords or keys

    • C. 

      A program that performs comparative analysis

    • D. 

      A program that obtains privileged access to the system

  • 7. 
      A honeypot is used to:
    • A. 

      Allow administrators a chance to observe an attack

    • B. 

      Trap attackers in a false network

    • C. 

      Provide an unauthorized u ser with a place to safely work

    • D. 

      Give an unauthorized user time to complete an attack

  • 8. 
      Which of the following logs shows when the workstation was last shutdown?
    • A. 

      Security

    • B. 

      System

    • C. 

      Application

    • D. 

      DHCP

  • 9. 
      Look at the following intrusion detection systems carefully, which one uses well defined models of how an attack occurs?
    • A. 

      Behavior

    • B. 

      Anomaly

    • C. 

      Signature

    • D. 

      Protocol

  • 10. 
      Which of the following is a reason to use a vulnerability scanner?
    • A. 

      To assist with PKI implementation

    • B. 

      To assist with protocol analyzing

    • C. 

      To identify remove access policies

    • D. 

      To identify open ports on a system

  • 11. 
      Password cracking tools are available worldwide over the Internet. Which one of the following items is a password cracking tool?
    • A. 

      John the Ripper

    • B. 

      Nessus

    • C. 

      AirSnort

    • D. 

      Wireshark

  • 12. 
      While monitoring application activity and modification, which system should be used?
    • A. 

      NIDS

    • B. 

      RADIUS

    • C. 

      HIDS

    • D. 

      OVAL

  • 13. 
      The NIC should be placed in which mode to monitor all network traffic while placing a NIDS onto the network?
    • A. 

      Half-duplex

    • B. 

      Full-duplex

    • C. 

      Auto

    • D. 

      Promiscuous

  • 14. 
      Which method is the LEAST intrusive to check the environment for known software flaws?
    • A. 

      Vulnerability scanner

    • B. 

      Port scanner

    • C. 

      Protocol analyzer

    • D. 

      Penetration test

  • 15. 
      A network administrator believes that PCs on the internal network may be acting as zombies participating in external DDoS attacks. Which item will most effectively confirm the administrator’s suspicions?
    • A. 

      AV server logs

    • B. 

      Firewall logs

    • C. 

      HIDS logs

    • D. 

      Proxy logs

  • 16. 
      For the following items, which one is a collection of servers set up to attrack hackers?
    • A. 

      DMZ

    • B. 

      Honeynet

    • C. 

      Honeypot

    • D. 

      VLAN

  • 17. 
      An Auditing system is necessary to detect intrusions on what part of the system?
    • A. 

      The files

    • B. 

      The system’s memory

    • C. 

      None of the above

    • D. 

      The operating system

  • 18. 
      Which method could identify when unauthorized access has occurred?
    • A. 

      Implement session termination mechanism

    • B. 

      Implement two-factor authentication

    • C. 

      Implement session lock mechanism

    • D. 

      Implement previous logon notification

  • 19. 
      Which of the following assessment tools would be MOST appropriate for determining if a password was being sent across the network in clear text?
    • A. 

      Protocol analyzer

    • B. 

      Password cracker

    • C. 

      Vulnerability scanner

    • D. 

      Port scanner

  • 20. 
      Which is the primary objective to implement performance monitoring applications on network systems from a security standpoint?
    • A. 

      To detect integrity degradations to network attached storage

    • B. 

      To detect availability degradations caused by attackers

    • C. 

      To detect host intrusions from external networks

    • D. 

      To detect network intrusions from external attackers

  • 21. 
      Which security application can not proactively detect workstation anomalies?
    • A. 

      NIDS

    • B. 

      Antivirus software

    • C. 

      HIPS

    • D. 

      Personal software firewall

  • 22. 
      A protocol analyzer will most likely detect which security related anomalies?
    • A. 

      Many malformed or fragmented packets

    • B. 

      Passive sniffing of local network traffic

    • C. 

      Disabled network interface on a server

    • D. 

      Decryption of encrypted network traffic

  • 23. 
      What should be taken into consideration while executing proper logging procedures? (Select TWO).
    • A. 

      The information that is needed to reconstruct events

    • B. 

      The virtual memory allocated on the log server

    • C. 

      The password requirements for user accounts

    • D. 

      The amount of disk space required

  • 24. 
      John works as a network administrator for his company. He uses a tool to check SMTP, DNS, AND POP3 and ICMP packets on the network. This is an example of which of the following?
    • A. 

      A vulnerability scan

    • B. 

      A penetration test

    • C. 

      A port scanner

    • D. 

      A protocol analyzer

  • 25. 
      One type of port scan can determine which ports are in a listening state on the network, and can then perform a two-way handshake. Which type of port scan can perform this set of actions?
    • A. 

      TCP connect scan

    • B. 

      TCP (Transmission Control Protocol) SYN (Synchronize) scan

    • C. 

      TCP null scan

    • D. 

      TCP fin scan

  • 26. 
      Audit log information can BEST be protected by: (Select TWO).
    • A. 

      Using a VPN

    • B. 

      Recording to write-once media

    • C. 

      An intrusion prevention system (IPS)

    • D. 

      A firewall that creates an enclave

    • E. 

      Access controls that restrict usage

  • 27. 
      Host intrusion detection systems (HIDS) and network intrusion detection systems (NIDS) are methods of security management for computers and networks. A HIDS is installed to monitor which of the following?
    • A. 

      Temporary Internet files

    • B. 

      CPU performance

    • C. 

      NIC performance

    • D. 

      System files

  • 28. 
      An organization has approximately 30,000 users. The network administrator wants to store six months of Internet proxy logs on a dedicated logging server for analysis and content reporting. The reports are not time critical, but need to be maintained for legal obligations. Which of the following will NOT be a consideration when determining the requirements for the logging server?
    • A. 

      Performance baseline and audit trails

    • B. 

      Log storage and backup requirements

    • C. 

      Log details and level of verbose logging

    • D. 

      Time stamping and integrity of the logs

  • 29. 
      Which description is true about penetration testing?
    • A. 

      Simulating an actual attack on a network

    • B. 

      Establishing a security baseline

    • C. 

      Detecting active intrusions

    • D. 

      Hacking into a network for malicious reasons

  • 30. 
      Network utilization is the ratio of current network traffic to the maximum traffic that the port can handle. Which of the following can most effectively determine whether network utilization is abnormal?
    • A. 

      Application log

    • B. 

      Systems monitor

    • C. 

      Security log

    • D. 

      Performance baseline

  • 31. 
      After analyzing for vulnerabilities and applying a security patch, which non-intrusive action should be taken to verify that the vulnerability was truly removed?
    • A. 

      Apply a security patch from the vendor

    • B. 

      Repeat the vulnerability scan

    • C. 

      Update the antivirus definition file

    • D. 

      Perform a penetration test

  • 32. 
      A system administrator reports that an unauthorized user has accessed the network. Which of the following would be the FIRST action to take?
    • A. 

      Determine the business impact

    • B. 

      Notify management

    • C. 

      Contact law enforcement officials

    • D. 

      Contain the problem

  • 33. 
      An Intrusion detection system (IDS) is software and/or hardware designed to detect unwanted attempts at accessing, manipulating, and/or disabling of computer systems, mainly through a network, such as the Internet. When an IDS is configured to match a specific traffic pattern, then which of the following is this referring to?
    • A. 

      Signature-based

    • B. 

      Anomaly-based

    • C. 

      Heuristic-based

    • D. 

      Behavior-based

  • 34. 
      Tom is a network administrator for his company. He suspects that files are being copied to a remote location during off hours. The file server does not have logging enabled. Which logs will be the BEST place to look for information?
    • A. 

      Antivirus logs

    • B. 

      DNS logs

    • C. 

      Intrusion detection logs

    • D. 

      Firewall logs

  • 35. 
      Which of the following steps is MOST often overlooked during the auditing process?
    • A. 

      Auditing every system event

    • B. 

      Reviewing event logs regularly

    • C. 

      Deciding what events to audit

    • D. 

      Enabling auditing on the system

  • 36. 
      Which tool can best monitor changes to the approved system baseline?
    • A. 

      Enterprise key management software

    • B. 

      Enterprise antivirus software

    • C. 

      Enterprise performance monitoring software

    • D. 

      Enterprise resource planning software

  • 37. 
      Which of the following would be MOST useful in determining which internal user was the source of an attack that compromised another computer in its network?
    • A. 

      The attacking computer’s audit logs

    • B. 

      The target computer’s audit logs

    • C. 

      The firewall’s logs

    • D. 

      The domain controller’s logs

  • 38. 
      This type of attack specifically aims to enumerate the TCP and UPD application ports that are open on a host. Essentially, the attack consists of sending a message to each port, one at a time. The kind of response received indicates whether the port is used and can therefore be probed further for weakness. Which of the following BEST describes the attack that is occurring?
    • A. 

      DNS spoofing

    • B. 

      Port scanning

    • C. 

      PING sweep

    • D. 

      ARP poisoning

  • 39. 
      IDS is short for Intrusion Detection Systems. Which option is the MOST basic type of IDS?
    • A. 

      Signature

    • B. 

      Statistical

    • C. 

      Behavioral

    • D. 

      Anomaly

  • 40. 
      A technician is auditing the security posture of an organization. An audit shows that many of the users have the ability to access the company’s accounting information. Which of the following should the technician recommend to address this problem?
    • A. 

      Implementing a host based intrusion prevention system

    • B. 

      Changing file level audit settings

    • C. 

      Changing the user rights and security groups

    • D. 

      Implementing a host based instruction detection system

  • 41. 
      Which security measures should be recommended while implementing system logging procedures? (Select TWO)
    • A. 

      Perform CRC checks

    • B. 

      Collect system temporary files

    • C. 

      Perform hashing of the log files

    • D. 

      Apply retention policies on the log files

  • 42. 
      Which of the following should be done if an audit fails in an information system?
    • A. 

      Stop generating audit records

    • B. 

      Overwrite the oldest audit records

    • C. 

      Log off the user

    • D. 

      Send an alert to the appropriate personnel

  • 43. 
      Tom is a network technician of his company. Now, he is making a decision between implementing a HIDS on the database server and implementing a NIDS. Why would a NIDS be better to implement (Select TWO).
    • A. 

      Many HIDS are not good at detecting attacks on database servers

    • B. 

      Many HIDS only offer a low level of detection granularity

    • C. 

      Many HIDS have a negative impact on system performance

    • D. 

      Many HIDS are not able to detect network attacks

  • 44. 
      Which of the following types of removable media is write-once and appropriate for archiving security logs?
    • A. 

      CD-R

    • B. 

      USB drive

    • C. 

      Tape

    • D. 

      Hard disk

  • 45. 
      An outside auditor has been contracted to determine whether weak passwords are being used on the network. In order to achieve this goal, the auditor is running a password cracker against the master password file. Which of the following is this an example of?
    • A. 

      Vulnerability assessment

    • B. 

      Fingerprinting

    • C. 

      Malware scan

    • D. 

      Baselining

  • 46. 
      In computer security, an access control list (ACL) is a list of permissions attached to an object. Which log will reveal activities about ACL?
    • A. 

      Performance

    • B. 

      Firewall

    • C. 

      Mobile device

    • D. 

      Transaction

  • 47. 
      Which tool can help the technician to find all open ports on the network?
    • A. 

      Router ACL

    • B. 

      Protocol analyzer

    • C. 

      Performance monitor

    • D. 

      Network scanner

  • 48. 
      For the following items, which one is a collection of servers setup to attract hackers?
    • A. 

      VLAN

    • B. 

      Honeynet

    • C. 

      DMZ

    • D. 

      Honeypot

  • 49. 
      A network intrusion detection system (NIDS) is an intrusion detection system that tries to detect malicious activity such as denial of service attacks, port scans or even attempts to crack into computers by monitoring network traffic. Which NIDS configuration is solely based on specific network traffic?
    • A. 

      Host-based

    • B. 

      Signature-based

    • C. 

      Anomaly-based

    • D. 

      Behavior-based

  • 50. 
      Which one of the following options is a vulnerability assessment tool?
    • A. 

      Nessus

    • B. 

      AirSnort

    • C. 

      John the Ripper

    • D. 

      Cain _Abel

  • 51. 
      You are a network technician of your company. You have just detected an intrusion on your company’s network from the Internet. What should be checked FIRST?
    • A. 

      The performance logs

    • B. 

      The firewall logs

    • C. 

      The DNS logs

    • D. 

      The access logs

  • 52. 
      Nmap has been run against a server and more open ports than expected have been discovered. Which of the following would be the FIRST step to take?
    • A. 

      Nmap should be run again and observed to see whether different results are obtained

    • B. 

      All ports should be left open and traffic monitored for malicious activity

    • C. 

      The process using the ports should be examined

    • D. 

      All ports should be closed and observed to see whether a process tries to reopen the port

  • 53. 
      Malware, a portmanteau (blending of the two words) malicious and software, is software designed to infiltrate or damage a computer system without the owner’s informed consent. A network technician suspects that a piece of malware is consuming too many CPU cycles and slowing down a system. Which item can help determine the amount of CPU cycles being consumed?
    • A. 

      Use a protocol analyzer to find the cause of the traffic

    • B. 

      Check msconfig Start options to see what is running during startup

    • C. 

      Install malware scanning software

    • D. 

      Run performance monitor to evaluate the CPU usage

  • 54. 
      Which practice is the best to secure log files?
    • A. 

      Deny administrators all access to log files to prevent write failures

    • B. 

      Copy or save the logs to a remote log server

    • C. 

      Change security settings to avoid corruption

    • D. 

      Log all failed and successful login attempts

  • 55. 
      Which description is true about the external security testing?
    • A. 

      Conducted from outside the organization’s security perimeter

    • B. 

      Conducted from outside the building that hosts the organization’s servers

    • C. 

      Conducted from outside the perimeter switch but inside the order router

    • D. 

      Conducted from outside the perimeter switch but inside the firewall

  • 56. 
      Choose the figure which represents the number of ports in the TCP/IP (Transmission Control Protocol/Internet Protocol) which are vulnerable to being scanned, attacked, and exploited.
    • A. 

      32 ports

    • B. 

      16,777,216 ports

    • C. 

      65,535 ports

    • D. 

      1,024 ports

  • 57. 
      Which of the following is the MOST effective way for an administrator to determine what security holes reside on the network?
    • A. 

      Run a port scan

    • B. 

      Run a sniffer

    • C. 

      Perform a vulnerability assessment

    • D. 

      Install and monitor an IDS

  • 58. 
      Malicious port scanning is a method of attack to determine which of the following?
    • A. 

      The fingerprint of the operating system

    • B. 

      Computer name

    • C. 

      The physical cabling topology of a network

    • D. 

      User IDs and passwords

  • 59. 
      Which of the following can be used by a technician to detect staff members that are connecting to an unauthorized website?
    • A. 

      HIDS

    • B. 

      Protocol analyzer

    • C. 

      Bluesnarfing

    • D. 

      Host routing table

  • 60. 
      Which of the following is not identified within the penetration testing scope of work?
    • A. 

      A complete list of all network vulnerabilities

    • B. 

      Handling of information collected by the penetration testing team

    • C. 

      A list of acceptable testing techniques and tools to be utilized

    • D. 

      IP addresses of machines from which penetration testing will be executed

  • 61. 
      For the following items, which is a protocol analyzer?
    • A. 

      John the Ripper

    • B. 

      Nessus

    • C. 

      Cain _Abel

    • D. 

      WireShark

  • 62. 
      Network traffic is data in a network. Which tool can be used to review network traffic for clear text passwords?
    • A. 

      Firewall

    • B. 

      Password cracker

    • C. 

      Port scanner

    • D. 

      Protocol analyzer