Module III Certification Quiz Part 2

Approved & Edited by ProProfs Editorial Team

The editorial team at ProProfs Quizzes consists of a select group of subject experts, trivia writers, and quiz masters who have authored over 10,000 quizzes taken by more than 100 million users. This team includes our in-house seasoned quiz moderators and subject matter experts. Our editorial experts, spread across the world, are rigorously trained using our comprehensive guidelines to ensure that you receive the highest quality quizzes.

Learn about Our Editorial Process

| By Vtgamer

Vtgamer

Community Contributor

Quizzes Created: 5 | Total Attempts: 3,904

Questions: 62 | Attempts: 136 | Updated: Mar 15, 2023

Questions

Settings

Feedback

During the Quiz End of Quiz

Play as

Quiz Flashcard

Create your own Quiz

SCOO certifiaction quiz for security plus test test and test some more

Questions and Answers

1.

Choose the network mapping tool (scanner) which uses ICMP (Internet Control Message Protocol)
- A.
  
  A ping scanner
- B.
  
  A share scanner
- C.
  
  A port scanner
- D.
  
  A map scanner
Correct Answer
A. A ping scanner

Explanation
A ping scanner is the correct answer because it uses ICMP (Internet Control Message Protocol) to send a ping request to a target IP address and receives a response. This allows the scanner to determine if the target IP address is reachable and estimate the round-trip time for the ping request. By analyzing the responses, the ping scanner can provide information about the network connectivity and identify potential issues or vulnerabilities.

Rate this question:
2.

Which of the following is a protocol analyzer?
- A.
  
  Nessus
- B.
  
  Cain _Abel
- C.
  
  WireShark
- D.
  
  John the Ripper
Correct Answer
C. WireShark

Explanation
WireShark is a protocol analyzer. It is a network analysis tool that allows users to capture and analyze network traffic in real-time. It helps in troubleshooting network issues, analyzing network protocols, and detecting security vulnerabilities. It can decode various protocols and display their details, making it a valuable tool for network administrators and security professionals.

Rate this question:
3.

Which of the following will require setting a baseline ?(select TWO)
- A.
  
  NIPS
- B.
  
  Anomaly-based monitoring
- C.
  
  Signature-based monitoring
- D.
  
  Behavior-based monitoring
Correct Answer(s)
B. Anomaly-based monitoring
D. Behavior-based monitoring

Explanation
Setting a baseline is necessary for anomaly-based monitoring and behavior-based monitoring. Anomaly-based monitoring involves detecting deviations from normal behavior or patterns, so establishing a baseline of what is considered normal is essential for accurate detection. Similarly, behavior-based monitoring relies on understanding typical behavior to identify abnormal or suspicious activities. Therefore, both of these monitoring approaches require setting a baseline to effectively detect anomalies or deviations.

Rate this question:
4.

An organization needs to monitor all network traffic as it traverses their network. Which item should be used by the technician?
- A.
  
  Honeypot
- B.
  
  Protocol analyzer
- C.
  
  HIDS
- D.
  
  Content filter
Correct Answer
B. Protocol analyzer

Explanation
A protocol analyzer is a tool that captures and analyzes network traffic, allowing the organization to monitor all data packets as they traverse the network. This tool helps in identifying and troubleshooting network issues, detecting security threats, and monitoring network performance. It provides detailed information about the protocols, source and destination IP addresses, ports, and other relevant data. Therefore, a protocol analyzer is the most suitable item for the organization to monitor all network traffic effectively.

Rate this question:
5.

After implementing auditing on a file, which log will show unauthorized usage attempts?
- A.
  
  Application
- B.
  
  Security
- C.
  
  System
- D.
  
  Performance
Correct Answer
B. Security

Explanation
After implementing auditing on a file, the Security log will show unauthorized usage attempts. The Security log is specifically designed to record security-related events, such as unauthorized access attempts, failed logins, and other security breaches. By enabling auditing on a file, any unauthorized attempts to access or modify the file will be recorded in the Security log, providing a valuable source of information for investigating and preventing security incidents.

Rate this question:
6.

One of the below is a description for a password cracker, which one is it?
- A.
  
  A program that can locate and read a password file
- B.
  
  A program that provides software registration passwords or keys
- C.
  
  A program that performs comparative analysis
- D.
  
  A program that obtains privileged access to the system
Correct Answer
C. A program that performs comparative analysis

Explanation
The correct answer is "A program that performs comparative analysis". This description suggests that a password cracker is a program that compares different combinations of characters or algorithms to determine the correct password. It does not specifically mention obtaining privileged access or reading password files, which are other possible functions of a password cracker.

Rate this question:
7.

A honeypot is used to:
- A.
  
  Allow administrators a chance to observe an attack
- B.
  
  Trap attackers in a false network
- C.
  
  Provide an unauthorized u ser with a place to safely work
- D.
  
  Give an unauthorized user time to complete an attack
Correct Answer
A. Allow administrators a chance to observe an attack

Explanation
A honeypot is a security mechanism that is used to attract and deceive attackers. It is designed to mimic a real system or network and lure attackers into interacting with it. By doing so, it allows administrators to observe and study the attack techniques and methods used by attackers. This helps in gaining valuable insights into their tactics and improving overall security measures.

Rate this question:
8.

Which of the following logs shows when the workstation was last shutdown?
- A.
  
  Security
- B.
  
  System
- C.
  
  Application
- D.
  
  DHCP
Correct Answer
B. System

Explanation
The System log shows when the workstation was last shutdown. This log contains information about system events, including shutdown and startup events. By checking the System log, one can find the timestamp of the last shutdown event, indicating when the workstation was last turned off. The Security log records security-related events, the Application log contains information about application events, and the DHCP log logs DHCP server-related events.

Rate this question:
9.

Look at the following intrusion detection systems carefully, which one uses well defined models of how an attack occurs?
- A.
  
  Behavior
- B.
  
  Anomaly
- C.
  
  Signature
- D.
  
  Protocol
Correct Answer
C. Signature

Explanation
Signature-based intrusion detection systems use well-defined models of how an attack occurs. These systems compare network traffic or system behavior against a database of known attack signatures or patterns. When a match is found, it indicates that an attack is taking place. This approach is effective in detecting known attacks but may not be able to detect new or unknown attacks.

Rate this question:
10.

Which of the following is a reason to use a vulnerability scanner?
- A.
  
  To assist with PKI implementation
- B.
  
  To assist with protocol analyzing
- C.
  
  To identify remove access policies
- D.
  
  To identify open ports on a system
Correct Answer
D. To identify open ports on a system

Explanation
A vulnerability scanner is used to identify open ports on a system. Open ports can be potential entry points for attackers to exploit and gain unauthorized access to a system. By scanning for open ports, organizations can identify any vulnerabilities and take necessary actions to secure their systems. This helps in preventing unauthorized access and protecting sensitive information from being compromised.

Rate this question:
11.

Password cracking tools are available worldwide over the Internet. Which one of the following items is a password cracking tool?
- A.
  
  John the Ripper
- B.
  
  Nessus
- C.
  
  AirSnort
- D.
  
  Wireshark
Correct Answer
A. John the Ripper

Explanation
John the Ripper is a well-known password cracking tool that is available worldwide over the Internet. It is used by security professionals and hackers to test the strength of passwords by attempting to crack them. Nessus is a vulnerability scanning tool, AirSnort is a wireless LAN tool, and Wireshark is a network protocol analyzer. However, only John the Ripper is specifically designed for password cracking.

Rate this question:
12.

While monitoring application activity and modification, which system should be used?
- A.
  
  NIDS
- B.
  
  RADIUS
- C.
  
  HIDS
- D.
  
  OVAL
Correct Answer
C. HIDS

Explanation
HIDS, or Host-based Intrusion Detection System, should be used while monitoring application activity and modification. HIDS is a security solution that is installed on individual hosts or servers to monitor and analyze their activity for any signs of intrusion or unauthorized modifications. It is specifically designed to detect and respond to threats at the host level, providing real-time monitoring and alerting capabilities. By using HIDS, organizations can effectively detect and mitigate any suspicious or malicious activities happening within their applications, ensuring the security and integrity of their systems.

Rate this question:
13.

The NIC should be placed in which mode to monitor all network traffic while placing a NIDS onto the network?
- A.
  
  Half-duplex
- B.
  
  Full-duplex
- C.
  
  Auto
- D.
  
  Promiscuous
Correct Answer
D. Promiscuous

Explanation
The NIC should be placed in promiscuous mode to monitor all network traffic while placing a NIDS onto the network. In promiscuous mode, the NIC captures all network traffic, including packets not intended for the specific device. This allows the NIDS to analyze and detect any suspicious or malicious activity on the network, even if it is not directly targeted at the device where the NIDS is installed.

Rate this question:
14.

Which method is the LEAST intrusive to check the environment for known software flaws?
- A.
  
  Vulnerability scanner
- B.
  
  Port scanner
- C.
  
  Protocol analyzer
- D.
  
  Penetration test
Correct Answer
A. Vulnerability scanner

Explanation
A vulnerability scanner is the least intrusive method to check the environment for known software flaws because it scans the system for vulnerabilities without actively exploiting them. It identifies weaknesses in software configurations, missing patches, and other security issues without causing any disruption or damage to the system. On the other hand, a port scanner scans for open ports on a network, a protocol analyzer captures and analyzes network traffic, and a penetration test involves actively exploiting vulnerabilities to assess the system's security. These methods are more intrusive and can potentially cause disruptions or damage to the environment.

Rate this question:
15.

A network administrator believes that PCs on the internal network may be acting as zombies participating in external DDoS attacks. Which item will most effectively confirm the administrator’s suspicions?
- A.
  
  AV server logs
- B.
  
  Firewall logs
- C.
  
  HIDS logs
- D.
  
  Proxy logs
Correct Answer
B. Firewall logs

Explanation
Firewall logs would be the most effective item to confirm the administrator's suspicions. Firewall logs can provide information about the incoming and outgoing network traffic, including IP addresses and ports. By analyzing the firewall logs, the administrator can identify any suspicious or unauthorized connections from the internal network to external servers, which could indicate the presence of zombies participating in DDoS attacks. Additionally, the logs can provide insights into the type and volume of traffic, helping the administrator to further investigate and mitigate the issue.

Rate this question:
16.

For the following items, which one is a collection of servers set up to attrack hackers?
- A.
  
  DMZ
- B.
  
  Honeynet
- C.
  
  Honeypot
- D.
  
  VLAN
Correct Answer
B. Honeynet

Explanation
A honeynet is a collection of servers set up with the intention of attracting hackers. It is designed to mimic a real network and contains valuable or enticing information to lure hackers. The purpose of a honeynet is to study and analyze hacker behavior, techniques, and vulnerabilities, in order to enhance network security and develop effective countermeasures. Honeypots, on the other hand, are individual systems or services within a network that are used to attract and trap hackers, while DMZ (Demilitarized Zone) and VLAN (Virtual Local Area Network) are network security architectures that separate and isolate certain parts of a network.

Rate this question:
17.

An Auditing system is necessary to detect intrusions on what part of the system?
- A.
  
  The files
- B.
  
  The system’s memory
- C.
  
  None of the above
- D.
  
  The operating system
Correct Answer
A. The files

Explanation
An auditing system is necessary to detect intrusions on the files. This is because files contain important data and information that can be targeted by intruders. By monitoring and auditing the files, any unauthorized access or modifications can be detected and appropriate actions can be taken to prevent further damage or breaches in the system's security.

Rate this question:
18.

Which method could identify when unauthorized access has occurred?
- A.
  
  Implement session termination mechanism
- B.
  
  Implement two-factor authentication
- C.
  
  Implement session lock mechanism
- D.
  
  Implement previous logon notification
Correct Answer
D. Implement previous logon notification

Explanation
Implementing previous logon notification can help identify when unauthorized access has occurred. This method notifies the user whenever there is a login attempt made from a different device or location than the previous logon. By receiving these notifications, the user can quickly identify if someone else is trying to access their account without authorization. This can help prevent unauthorized access and allow the user to take necessary actions to protect their account.

Rate this question:
19.

Which of the following assessment tools would be MOST appropriate for determining if a password was being sent across the network in clear text?
- A.
  
  Protocol analyzer
- B.
  
  Password cracker
- C.
  
  Vulnerability scanner
- D.
  
  Port scanner
Correct Answer
A. Protocol analyzer

Explanation
A protocol analyzer is the most appropriate assessment tool for determining if a password is being sent across the network in clear text. A protocol analyzer allows the user to capture and analyze network traffic, including the contents of packets being sent over the network. By examining the captured packets, it is possible to identify if a password is being transmitted without encryption, which would indicate that it is being sent in clear text. Password cracker tools are used to guess or crack passwords, vulnerability scanners are used to identify security vulnerabilities, and port scanners are used to identify open ports on a network.

Rate this question:
20.

Which is the primary objective to implement performance monitoring applications on network systems from a security standpoint?
- A.
  
  To detect integrity degradations to network attached storage
- B.
  
  To detect availability degradations caused by attackers
- C.
  
  To detect host intrusions from external networks
- D.
  
  To detect network intrusions from external attackers
Correct Answer
B. To detect availability degradations caused by attackers

Explanation
The primary objective of implementing performance monitoring applications on network systems from a security standpoint is to detect availability degradations caused by attackers. This means that the applications are designed to identify any disruptions or slowdowns in the network caused by malicious activities and alert the administrators to take appropriate actions to mitigate the attacks and ensure the network remains available and functional for legitimate users.

Rate this question:
21.

Which security application can not proactively detect workstation anomalies?
- A.
  
  NIDS
- B.
  
  Antivirus software
- C.
  
  HIPS
- D.
  
  Personal software firewall
Correct Answer
A. NIDS
22.

A protocol analyzer will most likely detect which security related anomalies?
- A.
  
  Many malformed or fragmented packets
- B.
  
  Passive sniffing of local network traffic
- C.
  
  Disabled network interface on a server
- D.
  
  Decryption of encrypted network traffic
Correct Answer
A. Many malformed or fragmented packets

Explanation
A protocol analyzer is a tool used to analyze network traffic and monitor the communication between devices. It captures and examines packets of data to identify any anomalies or issues in the network. Malformed or fragmented packets can indicate potential security vulnerabilities or attacks, such as packet injection or buffer overflow. Therefore, a protocol analyzer is most likely to detect many malformed or fragmented packets as they can be indicators of security-related anomalies.

Rate this question:
23.

What should be taken into consideration while executing proper logging procedures? (Select TWO).
- A.
  
  The information that is needed to reconstruct events
- B.
  
  The virtual memory allocated on the log server
- C.
  
  The password requirements for user accounts
- D.
  
  The amount of disk space required
Correct Answer(s)
A. The information that is needed to reconstruct events
D. The amount of disk space required

Explanation
When executing proper logging procedures, two important factors to consider are the information needed to reconstruct events and the amount of disk space required. The information needed to reconstruct events ensures that all necessary data is captured and logged accurately for future analysis or investigation. The amount of disk space required is essential to ensure that sufficient storage is available to store the logs effectively and efficiently. By considering these two factors, organizations can ensure that their logging procedures are effective and meet their requirements.

Rate this question:
24.

John works as a network administrator for his company. He uses a tool to check SMTP, DNS, AND POP3 and ICMP packets on the network. This is an example of which of the following?
- A.
  
  A vulnerability scan
- B.
  
  A penetration test
- C.
  
  A port scanner
- D.
  
  A protocol analyzer
Correct Answer
D. A protocol analyzer

Explanation
The given scenario describes John using a tool to check various types of network packets, such as SMTP, DNS, POP3, and ICMP. This indicates that John is using a protocol analyzer. A protocol analyzer is a tool used to capture, analyze, and interpret network traffic, allowing network administrators to troubleshoot network issues and monitor network performance. It helps in identifying and diagnosing problems related to specific protocols, such as SMTP, DNS, POP3, and ICMP, which are mentioned in the scenario. Therefore, the correct answer is a protocol analyzer.

Rate this question:
25.

One type of port scan can determine which ports are in a listening state on the network, and can then perform a two-way handshake. Which type of port scan can perform this set of actions?
- A.
  
  TCP connect scan
- B.
  
  TCP (Transmission Control Protocol) SYN (Synchronize) scan
- C.
  
  TCP null scan
- D.
  
  TCP fin scan
Correct Answer
B. TCP (Transmission Control Protocol) SYN (Synchronize) scan

Explanation
A TCP (Transmission Control Protocol) SYN (Synchronize) scan can determine which ports are in a listening state on the network and can perform a two-way handshake. In this type of scan, the scanner sends a SYN packet to the target host's port. If the port is open and listening, the target host responds with a SYN-ACK packet. The scanner then sends an ACK packet to complete the handshake. If the port is closed, the target host responds with a RST packet. This scan is stealthy and commonly used for reconnaissance purposes as it does not complete the full three-way handshake.

Rate this question:
26.

Audit log information can BEST be protected by: (Select TWO).
- A.
  
  Using a VPN
- B.
  
  Recording to write-once media
- C.
  
  An intrusion prevention system (IPS)
- D.
  
  A firewall that creates an enclave
- E.
  
  Access controls that restrict usage
Correct Answer(s)
B. Recording to write-once media
E. Access controls that restrict usage

Explanation
Audit log information can be best protected by recording it to write-once media and implementing access controls that restrict usage. Recording to write-once media ensures that the log information cannot be altered or tampered with, providing a reliable and secure record of activities. Implementing access controls that restrict usage ensures that only authorized individuals have access to the audit log information, preventing unauthorized modifications or deletions. By combining these two measures, the integrity and confidentiality of the audit log information can be effectively maintained.

Rate this question:
27.

Host intrusion detection systems (HIDS) and network intrusion detection systems (NIDS) are methods of security management for computers and networks. A HIDS is installed to monitor which of the following?
- A.
  
  Temporary Internet files
- B.
  
  CPU performance
- C.
  
  NIC performance
- D.
  
  System files
Correct Answer
D. System files

Explanation
A HIDS (Host Intrusion Detection System) is installed to monitor system files. System files are critical components of a computer's operating system and contain important configuration and security information. By monitoring system files, a HIDS can detect any unauthorized changes or modifications that could indicate a potential intrusion or security breach. This allows the system administrator to take appropriate action to prevent further damage or compromise to the system.

Rate this question:
28.

An organization has approximately 30,000 users. The network administrator wants to store six months of Internet proxy logs on a dedicated logging server for analysis and content reporting. The reports are not time critical, but need to be maintained for legal obligations. Which of the following will NOT be a consideration when determining the requirements for the logging server?
- A.
  
  Performance baseline and audit trails
- B.
  
  Log storage and backup requirements
- C.
  
  Log details and level of verbose logging
- D.
  
  Time stamping and integrity of the logs
Correct Answer
A. Performance baseline and audit trails

Explanation
The performance baseline and audit trails will not be a consideration when determining the requirements for the logging server. The question states that the reports are not time critical, meaning that the server does not need to prioritize performance for real-time analysis. Audit trails, which track user activity, are also not mentioned as a requirement. Therefore, other factors such as log storage and backup requirements, log details and level of verbose logging, and time stamping and integrity of the logs would need to be considered.

Rate this question:
29.

Which description is true about penetration testing?
- A.
  
  Simulating an actual attack on a network
- B.
  
  Establishing a security baseline
- C.
  
  Detecting active intrusions
- D.
  
  Hacking into a network for malicious reasons
Correct Answer
A. Simulating an actual attack on a network

Explanation
Penetration testing involves simulating an actual attack on a network to identify vulnerabilities and weaknesses. It is a proactive approach to assess the security of a system by attempting to exploit its vulnerabilities in a controlled environment. This helps organizations identify potential entry points that could be exploited by malicious actors and allows them to strengthen their security measures accordingly. Penetration testing is an essential practice to ensure the overall security and integrity of a network.

Rate this question:
30.

Network utilization is the ratio of current network traffic to the maximum traffic that the port can handle. Which of the following can most effectively determine whether network utilization is abnormal?
- A.
  
  Application log
- B.
  
  Systems monitor
- C.
  
  Security log
- D.
  
  Performance baseline
Correct Answer
D. Performance baseline

Explanation
A performance baseline is the most effective way to determine abnormal network utilization because it provides a reference point for normal network traffic levels. By comparing current network traffic to the baseline, any significant deviation can be identified as abnormal utilization. Application logs, system monitors, and security logs may provide some insights into network activity, but they do not provide a comprehensive and objective measure of network utilization.

Rate this question:
31.

After analyzing for vulnerabilities and applying a security patch, which non-intrusive action should be taken to verify that the vulnerability was truly removed?
- A.
  
  Apply a security patch from the vendor
- B.
  
  Repeat the vulnerability scan
- C.
  
  Update the antivirus definition file
- D.
  
  Perform a penetration test
Correct Answer
B. Repeat the vulnerability scan

Explanation
After applying a security patch to address vulnerabilities, the next step should be to repeat the vulnerability scan. This is necessary to verify whether the patch was successful in removing the identified vulnerabilities. By conducting another vulnerability scan, any remaining vulnerabilities can be identified and addressed, ensuring that the system is secure.

Rate this question:
32.

A system administrator reports that an unauthorized user has accessed the network. Which of the following would be the FIRST action to take?
- A.
  
  Determine the business impact
- B.
  
  Notify management
- C.
  
  Contact law enforcement officials
- D.
  
  Contain the problem
Correct Answer
D. Contain the problem

Explanation
The first action to take when an unauthorized user has accessed the network is to contain the problem. This means isolating the affected systems or network segments to prevent further unauthorized access or damage. By containing the problem, the administrator can limit the potential impact and prevent the unauthorized user from causing further harm. Once the problem is contained, further actions such as determining the business impact, notifying management, and contacting law enforcement officials can be taken to address the situation effectively.

Rate this question:
33.

An Intrusion detection system (IDS) is software and/or hardware designed to detect unwanted attempts at accessing, manipulating, and/or disabling of computer systems, mainly through a network, such as the Internet. When an IDS is configured to match a specific traffic pattern, then which of the following is this referring to?
- A.
  
  Signature-based
- B.
  
  Anomaly-based
- C.
  
  Heuristic-based
- D.
  
  Behavior-based
Correct Answer
A. Signature-based

Explanation
A signature-based intrusion detection system (IDS) refers to a system that detects unwanted attempts at accessing, manipulating, and disabling computer systems by matching specific traffic patterns with known signatures or patterns of known attacks. It relies on a database of predefined signatures to identify malicious activity.

Rate this question:
34.

Tom is a network administrator for his company. He suspects that files are being copied to a remote location during off hours. The file server does not have logging enabled. Which logs will be the BEST place to look for information?
- A.
  
  Antivirus logs
- B.
  
  DNS logs
- C.
  
  Intrusion detection logs
- D.
  
  Firewall logs
Correct Answer
D. Firewall logs

Explanation
Firewall logs are the best place to look for information in this scenario because they record all incoming and outgoing network traffic, including any attempts to access remote locations. By analyzing the firewall logs, Tom can identify any suspicious or unauthorized connections to remote locations during off hours, which would indicate the copying of files. The other options, such as antivirus logs, DNS logs, and intrusion detection logs, may provide some information, but they are less likely to capture the specific activity of file copying to a remote location.

Rate this question:
35.

Which of the following steps is MOST often overlooked during the auditing process?
- A.
  
  Auditing every system event
- B.
  
  Reviewing event logs regularly
- C.
  
  Deciding what events to audit
- D.
  
  Enabling auditing on the system
Correct Answer
B. Reviewing event logs regularly

Explanation
Reviewing event logs regularly is the step that is most often overlooked during the auditing process. Event logs contain important information about system events and can help identify any suspicious or unauthorized activities. Regularly reviewing these logs allows auditors to detect any anomalies or potential security breaches. Neglecting this step can lead to missed opportunities to identify and address security issues, making it a critical oversight in the auditing process.

Rate this question:
36.

Which tool can best monitor changes to the approved system baseline?
- A.
  
  Enterprise key management software
- B.
  
  Enterprise antivirus software
- C.
  
  Enterprise performance monitoring software
- D.
  
  Enterprise resource planning software
Correct Answer
C. Enterprise performance monitoring software

Explanation
Enterprise performance monitoring software is the best tool to monitor changes to the approved system baseline because it is specifically designed to track and analyze the performance of an organization's systems and applications. This software can detect any changes or deviations from the baseline and provide real-time monitoring and alerts to ensure that the system is operating within the approved parameters. It can also provide detailed reports and analysis to help identify any performance issues or potential security breaches.

Rate this question:
37.

Which of the following would be MOST useful in determining which internal user was the source of an attack that compromised another computer in its network?
- A.
  
  The attacking computer’s audit logs
- B.
  
  The target computer’s audit logs
- C.
  
  The firewall’s logs
- D.
  
  The domain controller’s logs
Correct Answer
B. The target computer’s audit logs

Explanation
The target computer's audit logs would be the most useful in determining which internal user was the source of an attack that compromised another computer in its network. The audit logs on the target computer would contain information about the actions and activities performed on that specific computer, including any unauthorized access or suspicious activities. By analyzing these logs, it would be possible to track the actions of the attacker and identify the internal user responsible for the attack.

Rate this question:
38.

This type of attack specifically aims to enumerate the TCP and UPD application ports that are open on a host. Essentially, the attack consists of sending a message to each port, one at a time. The kind of response received indicates whether the port is used and can therefore be probed further for weakness. Which of the following BEST describes the attack that is occurring?
- A.
  
  DNS spoofing
- B.
  
  Port scanning
- C.
  
  PING sweep
- D.
  
  ARP poisoning
Correct Answer
B. Port scanning

Explanation
Port scanning is the best description for the attack that is occurring. Port scanning involves sending messages to each port on a host to determine which ports are open and can be probed further for weaknesses. This attack aims to enumerate the TCP and UDP application ports that are open on a host. DNS spoofing, PING sweep, and ARP poisoning are different types of attacks and not applicable to the given scenario.

Rate this question:
39.

IDS is short for Intrusion Detection Systems. Which option is the MOST basic type of IDS?
- A.
  
  Signature
- B.
  
  Statistical
- C.
  
  Behavioral
- D.
  
  Anomaly
Correct Answer
A. Signature

Explanation
Signature-based IDS is the most basic type of IDS. This type of IDS identifies known patterns or signatures of known attacks or malicious activities. It compares network traffic or system behavior against a database of predefined signatures to detect any matches. When a match is found, it triggers an alert or takes action to prevent the attack. Signature-based IDS is effective in detecting known attacks but may struggle with detecting new or unknown threats.

Rate this question:
40.

A technician is auditing the security posture of an organization. An audit shows that many of the users have the ability to access the company’s accounting information. Which of the following should the technician recommend to address this problem?
- A.
  
  Implementing a host based intrusion prevention system
- B.
  
  Changing file level audit settings
- C.
  
  Changing the user rights and security groups
- D.
  
  Implementing a host based instruction detection system
Correct Answer
C. Changing the user rights and security groups

Explanation
The technician should recommend changing the user rights and security groups to address the problem of many users having access to the company's accounting information. By adjusting the user rights and security groups, the technician can restrict access to only those individuals who need it for their job roles, thus reducing the risk of unauthorized access and potential misuse of sensitive financial data. This solution focuses on controlling user privileges and ensuring that only authorized personnel have access to critical information.

Rate this question:
41.

Which security measures should be recommended while implementing system logging procedures? (Select TWO)
- A.
  
  Perform CRC checks
- B.
  
  Collect system temporary files
- C.
  
  Perform hashing of the log files
- D.
  
  Apply retention policies on the log files
Correct Answer(s)
C. Perform hashing of the log files
D. Apply retention policies on the log files

Explanation
Performing hashing of the log files ensures the integrity of the logs by generating a unique hash value for each log file. This allows for detection of any unauthorized modifications or tampering with the logs. Applying retention policies on the log files helps in managing the storage space and ensuring that logs are retained for an appropriate period of time for compliance and investigation purposes.

Rate this question:
42.

Which of the following should be done if an audit fails in an information system?
- A.
  
  Stop generating audit records
- B.
  
  Overwrite the oldest audit records
- C.
  
  Log off the user
- D.
  
  Send an alert to the appropriate personnel
Correct Answer
D. Send an alert to the appropriate personnel

Explanation
When an audit fails in an information system, it is important to notify the appropriate personnel. Sending an alert allows the necessary individuals to be informed about the failure, enabling them to take appropriate action. This could involve investigating the cause of the failure, implementing necessary security measures, or addressing any potential vulnerabilities in the system. It is crucial to promptly notify the appropriate personnel so that they can respond effectively and mitigate any potential risks or threats to the system's security.

Rate this question:
43.

Tom is a network technician of his company. Now, he is making a decision between implementing a HIDS on the database server and implementing a NIDS. Why would a NIDS be better to implement (Select TWO).
- A.
  
  Many HIDS are not good at detecting attacks on database servers
- B.
  
  Many HIDS only offer a low level of detection granularity
- C.
  
  Many HIDS have a negative impact on system performance
- D.
  
  Many HIDS are not able to detect network attacks
Correct Answer(s)
C. Many HIDS have a negative impact on system performance
D. Many HIDS are not able to detect network attacks

Explanation
A Network Intrusion Detection System (NIDS) would be better to implement because many Host Intrusion Detection Systems (HIDS) are not able to detect network attacks, which are a common type of attack on database servers. Additionally, many HIDS have a negative impact on system performance, which can affect the overall functioning of the database server. Therefore, implementing a NIDS would provide better protection against network attacks and minimize the impact on system performance.

Rate this question:
44.

Which of the following types of removable media is write-once and appropriate for archiving security logs?
- A.
  
  CD-R
- B.
  
  USB drive
- C.
  
  Tape
- D.
  
  Hard disk
Correct Answer
A. CD-R

Explanation
CD-R (Compact Disc-Recordable) is a type of removable media that can only be written to once. It is a suitable option for archiving security logs because once the logs are written onto the CD-R, they cannot be altered or modified, ensuring the integrity and security of the data. CD-Rs are also relatively inexpensive and have a long lifespan, making them a reliable choice for long-term storage and archiving purposes.

Rate this question:
45.

An outside auditor has been contracted to determine whether weak passwords are being used on the network. In order to achieve this goal, the auditor is running a password cracker against the master password file. Which of the following is this an example of?
- A.
  
  Vulnerability assessment
- B.
  
  Fingerprinting
- C.
  
  Malware scan
- D.
  
  Baselining
Correct Answer
A. Vulnerability assessment

Explanation
This scenario is an example of a vulnerability assessment because the outside auditor is specifically checking for weak passwords on the network. A vulnerability assessment is the process of identifying and evaluating potential vulnerabilities in a system or network to determine the level of risk. In this case, the auditor is using a password cracker to test the strength of the passwords in the master password file, which is a common method used in vulnerability assessments to identify potential weaknesses in password security.

Rate this question:
46.

In computer security, an access control list (ACL) is a list of permissions attached to an object. Which log will reveal activities about ACL?
- A.
  
  Performance
- B.
  
  Firewall
- C.
  
  Mobile device
- D.
  
  Transaction
Correct Answer
B. Firewall

Explanation
A firewall is a security device that monitors and controls incoming and outgoing network traffic based on predetermined security rules. It is designed to prevent unauthorized access to or from a private network. As access control lists (ACLs) are a fundamental component of network security, a firewall log will reveal activities related to ACLs. This log will provide information about any attempts to access or modify permissions associated with objects, helping to identify potential security breaches or unauthorized actions.

Rate this question:
47.

Which tool can help the technician to find all open ports on the network?
- A.
  
  Router ACL
- B.
  
  Protocol analyzer
- C.
  
  Performance monitor
- D.
  
  Network scanner
Correct Answer
D. Network scanner

Explanation
A network scanner is a tool that can help a technician find all open ports on a network. It scans the network and identifies all active devices and the ports they have open. By using a network scanner, the technician can quickly identify any potential vulnerabilities or security risks on the network. This tool is commonly used for network troubleshooting, security audits, and monitoring network performance.

Rate this question:
48.

For the following items, which one is a collection of servers setup to attract hackers?
- A.
  
  VLAN
- B.
  
  Honeynet
- C.
  
  DMZ
- D.
  
  Honeypot
Correct Answer
B. Honeynet

Explanation
A honeynet is a collection of servers that are intentionally set up to attract hackers. It is designed to gather information about their tactics, techniques, and motives. By luring hackers into the honeynet, organizations can study their behavior, identify vulnerabilities, and develop strategies to enhance their cybersecurity defenses. Unlike a honeypot, which is a single decoy system, a honeynet consists of multiple interconnected systems that mimic a real network environment. This allows for a more comprehensive analysis of hacker activities and provides valuable insights for improving overall network security.

Rate this question:
49.

A network intrusion detection system (NIDS) is an intrusion detection system that tries to detect malicious activity such as denial of service attacks, port scans or even attempts to crack into computers by monitoring network traffic. Which NIDS configuration is solely based on specific network traffic?
- A.
  
  Host-based
- B.
  
  Signature-based
- C.
  
  Anomaly-based
- D.
  
  Behavior-based
Correct Answer
B. Signature-based

Explanation
Signature-based NIDS configuration is solely based on specific network traffic. This configuration uses predefined patterns or signatures to identify known threats and malicious activity. It compares the network traffic against a database of signatures and if a match is found, it raises an alert. This approach is effective in detecting and preventing known attacks, but it may not be able to detect new or unknown threats.

Rate this question:
50.

Which one of the following options is a vulnerability assessment tool?
- A.
  
  Nessus
- B.
  
  AirSnort
- C.
  
  John the Ripper
- D.
  
  Cain _Abel
Correct Answer
A. Nessus

Explanation
Nessus is a vulnerability assessment tool used to identify vulnerabilities and misconfigurations in computer systems and networks. It scans for known vulnerabilities and provides detailed reports on the findings, allowing organizations to prioritize and address potential security risks. AirSnort is a tool used for wireless network auditing, John the Ripper is a password cracking tool, and Cain & Abel is a password recovery tool. Therefore, Nessus is the correct answer as it specifically focuses on vulnerability assessment.

Rate this question:

Quiz Review Timeline +

Our quizzes are rigorously reviewed, monitored and continuously updated by our expert board to maintain accuracy, relevance, and timeliness.

Current Version
Mar 15, 2023

Quiz Edited by
ProProfs Editorial Team
Feb 19, 2010

Quiz Created by
Vtgamer

Module III Certification Quiz Part 2

Choose the network mapping tool (scanner) which uses ICMP (Internet Control Message Protocol)

Which of the following is a protocol analyzer?

Which of the following will require setting a baseline ?(select TWO)

An organization needs to monitor all network traffic as it traverses their network. Which item should be used by the technician?

After implementing auditing on a file, which log will show unauthorized usage attempts?

One of the below is a description for a password cracker, which one is it?

A honeypot is used to:

Which of the following logs shows when the workstation was last shutdown?

Look at the following intrusion detection systems carefully, which one uses well defined models of how an attack occurs?

Which of the following is a reason to use a vulnerability scanner?

Password cracking tools are available worldwide over the Internet. Which one of the following items is a password cracking tool?

While monitoring application activity and modification, which system should be used?

The NIC should be placed in which mode to monitor all network traffic while placing a NIDS onto the network?

Which method is the LEAST intrusive to check the environment for known software flaws?

A network administrator believes that PCs on the internal network may be acting as zombies participating in external DDoS attacks. Which item will most effectively confirm the administrator’s suspicions?

For the following items, which one is a collection of servers set up to attrack hackers?

An Auditing system is necessary to detect intrusions on what part of the system?

Which method could identify when unauthorized access has occurred?

Which of the following assessment tools would be MOST appropriate for determining if a password was being sent across the network in clear text?

Which is the primary objective to implement performance monitoring applications on network systems from a security standpoint?

Which security application can not proactively detect workstation anomalies?

A protocol analyzer will most likely detect which security related anomalies?

What should be taken into consideration while executing proper logging procedures? (Select TWO).

John works as a network administrator for his company. He uses a tool to check SMTP, DNS, AND POP3 and ICMP packets on the network. This is an example of which of the following?

One type of port scan can determine which ports are in a listening state on the network, and can then perform a two-way handshake. Which type of port scan can perform this set of actions?

Audit log information can BEST be protected by: (Select TWO).

Host intrusion detection systems (HIDS) and network intrusion detection systems (NIDS) are methods of security management for computers and networks. A HIDS is installed to monitor which of the following?

Which description is true about penetration testing?

Network utilization is the ratio of current network traffic to the maximum traffic that the port can handle. Which of the following can most effectively determine whether network utilization is abnormal?

After analyzing for vulnerabilities and applying a security patch, which non-intrusive action should be taken to verify that the vulnerability was truly removed?

A system administrator reports that an unauthorized user has accessed the network. Which of the following would be the FIRST action to take?

Tom is a network administrator for his company. He suspects that files are being copied to a remote location during off hours. The file server does not have logging enabled. Which logs will be the BEST place to look for information?

Which of the following steps is MOST often overlooked during the auditing process?

Which tool can best monitor changes to the approved system baseline?

Which of the following would be MOST useful in determining which internal user was the source of an attack that compromised another computer in its network?

IDS is short for Intrusion Detection Systems. Which option is the MOST basic type of IDS?

A technician is auditing the security posture of an organization. An audit shows that many of the users have the ability to access the company’s accounting information. Which of the following should the technician recommend to address this problem?

Which security measures should be recommended while implementing system logging procedures? (Select TWO)

Which of the following should be done if an audit fails in an information system?

Tom is a network technician of his company. Now, he is making a decision between implementing a HIDS on the database server and implementing a NIDS. Why would a NIDS be better to implement (Select TWO).

Which of the following types of removable media is write-once and appropriate for archiving security logs?

An outside auditor has been contracted to determine whether weak passwords are being used on the network. In order to achieve this goal, the auditor is running a password cracker against the master password file. Which of the following is this an example of?

In computer security, an access control list (ACL) is a list of permissions attached to an object. Which log will reveal activities about ACL?

Which tool can help the technician to find all open ports on the network?

For the following items, which one is a collection of servers setup to attract hackers?

Which one of the following options is a vulnerability assessment tool?