Chat with AI
Deck 12: Assessing a System
Full screen (f)
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Unlock Deck
Sign up to unlock the cards in this deck!
Unlock Deck
Unlock Deck
1/30
Play
Full screen (f)
Deck 12: Assessing a System
1
What is the best security threat score a system can achieve with the author's system?
A)-8
B)-30
C)1
D)10
A)-8
B)-30
C)1
D)10
A
2
What does the author consider the absolute minimum patching frequency for any organization?
A)Weekly
B)Bi-weekly
C)Monthly
D)Quarterly
A)Weekly
B)Bi-weekly
C)Monthly
D)Quarterly
D
3
What is the greatest threat to most networks?
A)Denial of service attack
B)Hackers
C)Spyware
D)Virus infection
A)Denial of service attack
B)Hackers
C)Spyware
D)Virus infection
D
4
Which is NOT one of the "Six P's" the author refers to in the stages of assessing a system's security?
A)Ports
B)Probe
C)Policies
D)Problems
A)Ports
B)Probe
C)Policies
D)Problems
Unlock Deck
Unlock for access to all 30 flashcards in this deck.
Unlock Deck
k this deck
5
The author's security evaluation scoring system is based on scoring several factors on a scale of:
A)0 to10
B)1 to 10
C)-10 to 10
D)-30 to 30
A)0 to10
B)1 to 10
C)-10 to 10
D)-30 to 30
Unlock Deck
Unlock for access to all 30 flashcards in this deck.
Unlock Deck
k this deck
6
What port numbers are assigned and used by well-known protocols?
A)0-255
B)0-1024
C)1-1024
D)1-2048
A)0-255
B)0-1024
C)1-1024
D)1-2048
Unlock Deck
Unlock for access to all 30 flashcards in this deck.
Unlock Deck
k this deck
7
Which is NOT an advantage to an organization provided by a proxy server?
A)Protects against virus infections.
B)Masks internal IP addresses.
C)Permits filtering Web access.
D)Provides records of what Web sites employees access.
A)Protects against virus infections.
B)Masks internal IP addresses.
C)Permits filtering Web access.
D)Provides records of what Web sites employees access.
Unlock Deck
Unlock for access to all 30 flashcards in this deck.
Unlock Deck
k this deck
8
Which automated patching system will actually monitor the network for "rogue" devices not using the automated patching system?
A)ePolicy Orchestrator
B)HFNNetChkPro
C)PatchLink
D)Zen Works
A)ePolicy Orchestrator
B)HFNNetChkPro
C)PatchLink
D)Zen Works
Unlock Deck
Unlock for access to all 30 flashcards in this deck.
Unlock Deck
k this deck
9
Physical security measures are intended to protect all of the following EXCEPT:
A)backup tapes.
B)laptops.
C)routers.
D)All of these require physical security.
A)backup tapes.
B)laptops.
C)routers.
D)All of these require physical security.
Unlock Deck
Unlock for access to all 30 flashcards in this deck.
Unlock Deck
k this deck
10
Which does the author suggest is perhaps the most fundamental part of security?
A)Adequate login procedures
B)Locking down unused ports
C)Patching systems
D)User policies
A)Adequate login procedures
B)Locking down unused ports
C)Patching systems
D)User policies
Unlock Deck
Unlock for access to all 30 flashcards in this deck.
Unlock Deck
k this deck
11
Which is a scanner that can provide reports on registry entries,shared drives,services running,and operating system flaws?
A)Active Ports
B)Cerberus
C)NetStat
D)SATAN
A)Active Ports
B)Cerberus
C)NetStat
D)SATAN
Unlock Deck
Unlock for access to all 30 flashcards in this deck.
Unlock Deck
k this deck
12
In evaluating security aspects to arrive at a numeric score,which is NOT an aspect the author included?
A)Attractiveness to attackers
B)Level of security
C)Nature of system information
D)Threats to system security
A)Attractiveness to attackers
B)Level of security
C)Nature of system information
D)Threats to system security
Unlock Deck
Unlock for access to all 30 flashcards in this deck.
Unlock Deck
k this deck
13
Which is perhaps the most important reason to scan a network with NetStat or NetStat Live?
A)To determine if a hacker is attempting to access the network.
B)To identify normal network traffic and traffic patterns as a baseline.
C)To identify the source and frequency of network intrusions.
D)To track intruders as they access network resources.
A)To determine if a hacker is attempting to access the network.
B)To identify normal network traffic and traffic patterns as a baseline.
C)To identify the source and frequency of network intrusions.
D)To track intruders as they access network resources.
Unlock Deck
Unlock for access to all 30 flashcards in this deck.
Unlock Deck
k this deck
14
Perhaps the most critical first step in assessing network security is to:
A)audit policies and procedures.
B)check logs and patches.
C)install antivirus software.
D)probe the network for vulnerabilities with a network scanner.
A)audit policies and procedures.
B)check logs and patches.
C)install antivirus software.
D)probe the network for vulnerabilities with a network scanner.
Unlock Deck
Unlock for access to all 30 flashcards in this deck.
Unlock Deck
k this deck
15
Which is a Windows application that displays detailed listings of TCP and UDP endpoints on a system including remote addresses connection state?
A)ActiveScan
B)Fport
C)SuperScan
D)TCPView
A)ActiveScan
B)Fport
C)SuperScan
D)TCPView
Unlock Deck
Unlock for access to all 30 flashcards in this deck.
Unlock Deck
k this deck
16
What is the worst security threat score a system can achieve with the author's system?
A)-30
B)0
C)19
D)30
A)-30
B)0
C)19
D)30
Unlock Deck
Unlock for access to all 30 flashcards in this deck.
Unlock Deck
k this deck
17
When should a security audit report be filed and maintained?
A)Every time a security audit is performed.
B)On a monthly basis.
C)On a quarterly basis.
D)Whenever an audit identifies a problem.
A)Every time a security audit is performed.
B)On a monthly basis.
C)On a quarterly basis.
D)Whenever an audit identifies a problem.
Unlock Deck
Unlock for access to all 30 flashcards in this deck.
Unlock Deck
k this deck
18
What must one consider in evaluating the value of the information on a system?
A)The impact of such data being made public.
B)The probability of such data being made public.
C)The threats the system must withstand.
D)The type of information stored on the system.
A)The impact of such data being made public.
B)The probability of such data being made public.
C)The threats the system must withstand.
D)The type of information stored on the system.
Unlock Deck
Unlock for access to all 30 flashcards in this deck.
Unlock Deck
k this deck
19
Which is true about written policies regarding patching systems?
A)Audits should be performed to confirm that policies are actually being followed.
B)Automated systems have not proven efficient in maintaining patches.
C)Establishing written policies can ensure that patches are kept up-to-date.
D)Patching should be done on a daily basis.
A)Audits should be performed to confirm that policies are actually being followed.
B)Automated systems have not proven efficient in maintaining patches.
C)Establishing written policies can ensure that patches are kept up-to-date.
D)Patching should be done on a daily basis.
Unlock Deck
Unlock for access to all 30 flashcards in this deck.
Unlock Deck
k this deck
20
The only way to know of impending attacks is by installation and use of which of the following?
A)Anti-spyware software
B)A firewall
C)An IDS
D)A proxy-server
A)Anti-spyware software
B)A firewall
C)An IDS
D)A proxy-server
Unlock Deck
Unlock for access to all 30 flashcards in this deck.
Unlock Deck
k this deck
21
____________ security includes keeping servers behind locked doors,requiring laptops to be signed out,and restricting keys and access to only those who must have such.
Unlock Deck
Unlock for access to all 30 flashcards in this deck.
Unlock Deck
k this deck
22
An organization must consider the impact of data being made ____________ in order to evaluate the actual value of the data.
Unlock Deck
Unlock for access to all 30 flashcards in this deck.
Unlock Deck
k this deck
23
To provide protection for data when connecting from outside the network,all external connections should be made via a(n)____________.
Unlock Deck
Unlock for access to all 30 flashcards in this deck.
Unlock Deck
k this deck
24
To ensure that the appropriate level of security is being maintained,periodic ____________ should be conducted.
Unlock Deck
Unlock for access to all 30 flashcards in this deck.
Unlock Deck
k this deck
25
____________ is one of the most popular protocol monitors in part because it is included with Windows.
Unlock Deck
Unlock for access to all 30 flashcards in this deck.
Unlock Deck
k this deck
26
Using three or four port scanners can increase the chances of identifying all possible ____________.
Unlock Deck
Unlock for access to all 30 flashcards in this deck.
Unlock Deck
k this deck
27
Although often considered nonessential by some security experts,a(n)____________ is the only way to know of impending attacks.
Unlock Deck
Unlock for access to all 30 flashcards in this deck.
Unlock Deck
k this deck
28
____________ is a free Unix scanner originally used by hackers to learn about target systems.
Unlock Deck
Unlock for access to all 30 flashcards in this deck.
Unlock Deck
k this deck
29
Probably the most distinctive feature of the network assessment scanner ____________ is it's ability to prioritize vulnerabilities
Unlock Deck
Unlock for access to all 30 flashcards in this deck.
Unlock Deck
k this deck
30
Having ____________ to evaluate threat levels provides a quantifiable method for evaluating system security.
Unlock Deck
Unlock for access to all 30 flashcards in this deck.
Unlock Deck
k this deck
Unlock Deck
Unlock for access to all 30 flashcards in this deck.
