ITN 261 - CHAP 3 QUESTIONS &
ANSWERS (RATED A+)
To remove malware from the network before it gets to the endpoint, you would use
which of the following?
Packet filter
Application layer gateway
Unified threat management appliance
Stateful firewall - ANSWERC. Packet filters are used to make block/allow decisions
based on header data like source and destination address and port. Stateful firewalls
add in the ability to factor in the state of the connection—new, related, established. An
Application layer gateway knows about Application layer protocols. A unified threat
management appliance adds additional capabilities on top of firewall functions, including
antivirus.
Why is it important to store system logs remotely?
Local systems can't handle it.
Bandwidth is faster than disks.
Attackers might delete local logs.
It will defend against attacks. - ANSWERC. Commonly, system logs are stored on the
system that generated the log message. Certainly local systems can handle the logs
they have generated. Log messages don't typically consume a lot of space at an
individual message level, so bandwidth isn't a problem. Transmitting over a network is
generally not faster than moving data within local disks. System logs can be used in
identifying attacks, but the logs won't defend against attacks. However, if an attacker
does compromise a system, the attacker may delete the local logs because they could
get access to them.
If you were on a client engagement and discovered that you left an external hard drive
with essential data on it at home, which security principle would you be violating?
Confidentiality
Integrity
Non-repudiation
, Availability - ANSWERD. Confidentiality is about making sure secrets are kept secret.
Integrity makes sure that data isn't altered accidentally or by an unauthorized agent.
Non-repudiation makes sure someone can't say a message didn't originate with them if
it came from their identity. Availability means making sure data is where it needs to be
when it should be there. This includes services as well.
Which of these isn't an example of an attack that compromises integrity?
Buffer overflow
Man in the middle
Heap spraying
Watering hole - ANSWERD. A buffer overflow attack is used to execute attacker-
supplied code by altering the return address in the stack. A man in the middle attack
can be used to intercept and potentially alter a conversation between two systems. A
heap spraying attack sends a lot of data into the heap to overwrite what's there. A
watering hole attack does not compromise integrity since its purpose is to introduce
malware to a system. The malware might eventually compromise integrity, but the
watering hole attack itself does not.
How would you calculate risk?
Probability * loss value
Probability * mitigation factor
(Loss value + mitigation factor) * (loss value/probability)
Probability * mitigation factor - ANSWERA. Risk is the probability of the occurrence of
an event multiplied by the dollar value of loss. There is no mitigation factor that is
quantified, so it could be put into a risk calculation.
Which of the following is one factor of a defense in depth approach to network design?
Switches
Using Linux on the desktop
Optical cable connections
Access control lists on routers - ANSWERD. Switches and optical cable connections
can certainly be part of a network design, but in and of themselves they don't add any
security features. You may use Linux on the desktop, but without more of a strategy for
patch and vulnerability management, Linux is no better than other operating systems.
Access control lists on routers can add an additional layer of security, especially when
combined with other elements like firewalls and intrusion detection systems.
How would you ensure that confidentiality is implemented in an organization?
Watchdog processes
Encryption
Cryptographic hashes
Web servers - ANSWERB. Confidentiality is keeping secret information secret, which
means unauthorized users can't access it. Encryption is a good way to keep
ANSWERS (RATED A+)
To remove malware from the network before it gets to the endpoint, you would use
which of the following?
Packet filter
Application layer gateway
Unified threat management appliance
Stateful firewall - ANSWERC. Packet filters are used to make block/allow decisions
based on header data like source and destination address and port. Stateful firewalls
add in the ability to factor in the state of the connection—new, related, established. An
Application layer gateway knows about Application layer protocols. A unified threat
management appliance adds additional capabilities on top of firewall functions, including
antivirus.
Why is it important to store system logs remotely?
Local systems can't handle it.
Bandwidth is faster than disks.
Attackers might delete local logs.
It will defend against attacks. - ANSWERC. Commonly, system logs are stored on the
system that generated the log message. Certainly local systems can handle the logs
they have generated. Log messages don't typically consume a lot of space at an
individual message level, so bandwidth isn't a problem. Transmitting over a network is
generally not faster than moving data within local disks. System logs can be used in
identifying attacks, but the logs won't defend against attacks. However, if an attacker
does compromise a system, the attacker may delete the local logs because they could
get access to them.
If you were on a client engagement and discovered that you left an external hard drive
with essential data on it at home, which security principle would you be violating?
Confidentiality
Integrity
Non-repudiation
, Availability - ANSWERD. Confidentiality is about making sure secrets are kept secret.
Integrity makes sure that data isn't altered accidentally or by an unauthorized agent.
Non-repudiation makes sure someone can't say a message didn't originate with them if
it came from their identity. Availability means making sure data is where it needs to be
when it should be there. This includes services as well.
Which of these isn't an example of an attack that compromises integrity?
Buffer overflow
Man in the middle
Heap spraying
Watering hole - ANSWERD. A buffer overflow attack is used to execute attacker-
supplied code by altering the return address in the stack. A man in the middle attack
can be used to intercept and potentially alter a conversation between two systems. A
heap spraying attack sends a lot of data into the heap to overwrite what's there. A
watering hole attack does not compromise integrity since its purpose is to introduce
malware to a system. The malware might eventually compromise integrity, but the
watering hole attack itself does not.
How would you calculate risk?
Probability * loss value
Probability * mitigation factor
(Loss value + mitigation factor) * (loss value/probability)
Probability * mitigation factor - ANSWERA. Risk is the probability of the occurrence of
an event multiplied by the dollar value of loss. There is no mitigation factor that is
quantified, so it could be put into a risk calculation.
Which of the following is one factor of a defense in depth approach to network design?
Switches
Using Linux on the desktop
Optical cable connections
Access control lists on routers - ANSWERD. Switches and optical cable connections
can certainly be part of a network design, but in and of themselves they don't add any
security features. You may use Linux on the desktop, but without more of a strategy for
patch and vulnerability management, Linux is no better than other operating systems.
Access control lists on routers can add an additional layer of security, especially when
combined with other elements like firewalls and intrusion detection systems.
How would you ensure that confidentiality is implemented in an organization?
Watchdog processes
Encryption
Cryptographic hashes
Web servers - ANSWERB. Confidentiality is keeping secret information secret, which
means unauthorized users can't access it. Encryption is a good way to keep
