Скачать книгу

abnormally high volumes of inbound UDP traffic on port 53. What service typically uses this port?DNSSSH/SCPSSL/TLSHTTP

      3 As Ann analyzes the traffic further, she realizes that the traffic is coming from many different sources and has overwhelmed the network, preventing legitimate uses. The inbound packets are responses to queries that she does not see in outbound traffic. The responses are abnormally large for their type. What type of attack should Ann suspect?ReconnaissanceMalicious codeSystem penetrationDenial of service

      4 Now that Ann understands that an attack has taken place that violates her organization’s security policy, what term best describes what has occurred in Ann’s organization?Security occurrenceSecurity incidentSecurity eventSecurity intrusion

      5 During a log review, Saria discovers a series of logs that show login failures, as shown here:Jan 31 11:39:12 ip-10-0-0-2 sshd[29092]: Invalid user admin from remotehost passwd=orange Jan 31 11:39:20 ip-10-0-0-2 sshd[29098]: Invalid user admin from remotehost passwd=Orang3 Jan 31 11:39:23 ip-10-0-0-2 sshd[29100]: Invalid user admin from remotehost passwd=Orange93 Jan 31 11:39:31 ip-10-0-0-2 sshd[29106]: Invalid user admin from remotehost passwd=Orangutan1 Jan 31 20:40:53 ip-10-0-0-254 sshd[30520]: Invalid user admin from remotehost passwd=OrangemonkeyWhat type of attack has Saria discovered?A brute-force attackA man-in-the-middle attackA dictionary attackA rainbow table attack

      6 Ben is seeking a control objective framework that is widely accepted around the world and focuses specifically on information security controls. Which one of the following frameworks would best meet his needs?ITILISO 27002CMMPMBOK Guide

      7 Alex is using nmap to perform port scanning of a system, and he receives three different port status messages in the results. Match each of the numbered status messages with the appropriate lettered description. You should use each item exactly once.Status messageOpenClosedFilteredDescriptionThe port is accessible on the remote system, but no application is accepting connections on that port.The port is not accessible on the remote system.The port is accessible on the remote system, and an application is accepting connections on that port.

      8 Tony is developing a business continuity plan and is having difficulty prioritizing resources because of the difficulty of combining information about tangible and intangible assets. What would be the most effective risk assessment approach for him to use?Quantitative risk assessmentQualitative risk assessmentNeither quantitative nor qualitative risk assessmentCombination of quantitative and qualitative risk assessment

      9 Angela wants to test a web browser’s handling of unexpected data using an automated tool. What tool should she choose?NmapzzufNessusNikto

      10 Saria wants to log and review traffic information between parts of her network. What type of network logging should she enable on her routers to allow her to perform this analysis?Audit loggingFlow loggingTrace loggingRoute logging

      11 Jim is working with a penetration testing contractor who proposes using Metasploit as part of her penetration testing effort. What should Jim expect to occur when Metasploit is used?Systems will be scanned for vulnerabilities.Systems will have known vulnerabilities exploited.Services will be probed for buffer overflow and other unknown flaws.Systems will be tested for zero-day exploits.

      12 You are completing your business continuity planning effort and have decided that you wish to accept one of the risks. What should you do next?Implement new security controls to reduce the risk level.Design a disaster recovery plan.Repeat the business impact assessment.Document your decision-making process.

      For questions 62–64, please refer to the following scenario. During a port scan, Ben uses nmap’s default settings and sees the following results.

Window shows command Nmap scan report for 192.168.184.130. Host is up (1.0 s latency) . Not show: 977 closed ports. PORT STATE SEVICE. 21/tcp open ftp. 22/t c p open s s h. 23 /tcp open telnet, et cetera for twenty more lines.

      1 If Ben is conducting a penetration test, what should his next step be after receiving these results?Connect to the web server using a web browser.Connect via Telnet to test for vulnerable accounts.Identify interesting ports for further scanning.Use sqlmap against the open databases.

      2 Based on the scan results, what operating system (OS) was the system that was scanned most likely running?Windows DesktopLinuxNetwork deviceWindows Server

      3 Ben’s manager expresses concern about the coverage of his scan. Why might his manager have this concern?Ben did not test UDP services.Ben did not discover ports outside the “well-known ports.”Ben did not perform OS fingerprinting.Ben tested only a limited number of ports.

      4 What is the formula used to determine risk?Risk = Threat * VulnerabilityRisk = Threat / VulnerabilityRisk = Asset * ThreatRisk = Asset / Threat

      5 A zero-day vulnerability is announced for the popular Apache web server in the middle of a workday. In Jacob’s role as an information security analyst, he needs to quickly scan his network to determine what servers are vulnerable to the issue. What is Jacob’s best route to quickly identify vulnerable systems?Immediately run Nessus against all of the servers to identify which systems are vulnerable.Review the CVE database to find the vulnerability information and patch information.Create a custom IDS or IPS signature.Identify affected versions and check systems for that version number using an automated scanner.

      6 During a review of access logs, Alex notices that Danielle logged into her workstation in New York at 8 a.m. daily but that she was recorded as logging into her department’s main web application shortly after 3 a.m. daily. What common logging issue has Alex likely encountered?Inconsistent log formattingModified logsInconsistent timestampsMultiple log sources

      7 What is the final step of a quantitative risk analysis?Determine asset value.Assess the annualized rate of occurrence.Derive the annualized loss expectancy.Conduct a cost/benefit analysis.

      8 Carrie is analyzing the application logs for her web-based application and comes across the following string:../../../../../../../../../etc/passwdWhat type of attack was likely attempted against Carrie’s application?Command injectionSession hijackingDirectory traversalBrute force

      9 Allie is responsible for reviewing authentication logs on her organization’s network. She does not have the time to review all logs, so she decides to choose only records where there have been four or more invalid authentication attempts. What technique is Allie using to reduce the size of the pool?SamplingRandom selectionClippingStatistical analysis

      10 Isaac wants to be able to describe the severity of a vulnerability to his team. What standard could he use to easily describe vulnerabilities using a numerical score?CVSSATT&CKMITRESAML

      11 Which type of business impact assessment tool is most appropriate when attempting to evaluate the impact of a failure on customer confidence?QuantitativeQualitativeAnnualized loss expectancyReduction

      12 What type of vulnerabilities will not be found by a vulnerability scanner?Local vulnerabilitiesService vulnerabilitiesZero-day vulnerabilitiesVulnerabilities that require authentication

      13 Which of the following vulnerabilities is unlikely to be found by a web vulnerability scanner?Path disclosureLocal file inclusionRace conditionBuffer overflow

      14 Jim has been contracted to conduct a gray box penetration test, and his clients have provided him with the following information about their networks so that he can scan them:Data center: 10.10.10.0/24Sales: 10.10.11.0/24Billing: 10.10.12.0/24Wireless: 192.168.0.0/16What problem will Jim encounter if he is contracted to conduct a scan from offsite?The IP ranges are too large to scan efficiently.The IP addresses provided cannot be scanned.The IP ranges overlap and will cause scanning issues.The IP addresses provided are RFC 1918 addresses.

      15 Naomi wants to put a system in place that will allow her team to aggregate and correlate event information from a variety of systems and devices in her organization. She then wants to automate the investigation process using workflows with the correlated data. What type of system should she put in place?A NASAn IPSA SOARAn MDR

      16 Murali wants to determine if SQL injection attacks are being attempted against his web application. Which of the following potential source systems will not be useful when

Скачать книгу