Chapter One Labs Kevin Kirch CompTIA Security+ Due Next Week

advertisement
Chapter One Labs
Kevin Kirch
CompTIA Security+
Due Next Week: Chapter 2 Questions
Lab 1.1 Review Questions
1.) The smallest percentage of the exam is devoted to Access Control and Identity Management
True or False?
Answer: False.
Reason: Access Control and Identity Management is 13% of the grade, while Cryptography is
11%.
2.) Which of the following is a protocol used to facilitate wireless network security?
Answer: (B) LEAP, (C) WPA
Reason: (A) TFTP and (D) ICMP are not part of wireless infrastructure
3.) Which of the following is considered an application attack?
Answer: (A) Buffer overflow, (D) Header manipulation
Reason: (B) Vishing – Criminal social engineering using telephones. (C) pie thrust – made up?
4.) Which of the following is a port security practice or procedure?
Answer: (C) MAC filtering, (D) 802.1x
Reason: (A) lease privilege – has nothing to do with port security (B) disabling unnecessary
accounts – ports don’t use accounts.
5.) Which of the following tools is used to discover security threats and vulnerabilities?
Answer: (A) Port scanner, (B) Honeypot, (C) Protocol analyzer, (D) Sniffer
Chapter One Labs
Kevin Kirch
CompTIA Security+
Due Next Week: Chapter 2 Questions
Lab 1.2 Review Questions
1.) In the article “Information Security Employment: An Empirical Study,” the authors found that in
the advertised information security jobs, entry-level workers were most commonly required to
have ____.
Answer: (D) one to two years of experience
2.) In the article “Information Security Employment: An Empirical Study,” the authors found that in
the advertised information security jobs, manager-level works were most commonly required to
have ____.
Answer: (C) Five to seven years of experience
3.) In the article “Information Security Employment: An Empirical Study,” the authors found that in
the advertised information security jobs, the most common requirements was ____.
Answer: (A) A bachelor of science or bachelor of arts degree
4.) Many information technology job descriptions include some aspect of information security. True
or False?
Answer: True
5.) In the article “Information Security Employment: An Empirical Study,” the authors found that
the most commonly held mid- to high-level information security certification was ____.
Answer: (C) CISSP
Chapter One Labs
Kevin Kirch
CompTIA Security+
Due Next Week: Chapter 2 Questions
Lab 1.3 Review Questions
1.) What is the definition of social engineering according to Ian Mann?
Answer: Ian Mann indicates that social engineering is “To manipulate people by deception,
into giving out information or performing an action” (Hacking the Human, Ian Mann).
2.) According to the article, information obtained by a survey-based social engineering attack
could overcome the ____ component of a financial institution’s security measures.
Answer: (A) Authentication
3.) Which of the following attacks could be based on information obtained in a survey-based
social engineering attack?
Answer: (A) in-person, (D) spear phishing
Reason: (B) man-in-the-middle – cannot be performed with a survey-based attack. (C) Smurf
is not applicable.
4.) A survey-based social engineering attack is more likely to represent an unstructured threat
because the attacker ____.
Answer: (D) Is more likely to be a recreational cracker trolling for information
5.) Which of the following actions is a recommended measure to counter a survey-based social
engineering attack?
Answer: (A) Educate users not to give out information that could be used to attack the user,
the user’s family, or the company for which the user works. (B) Block social networking Web
Sites.
Chapter One Labs
Kevin Kirch
CompTIA Security+
Due Next Week: Chapter 2 Questions
Lab 1.4 Review Questions
1.) According to Mike Bailey, who was quoted in the article “In Their Words: Experts Weigh in on
Mac vs. PC Security,” ____.
Answer: (A) OS X and Windows 7 are about equally secure
2.) According to Robert G. Ferrell, who was quoted in the article “In Their Words: Experts Weigh in
on Mac vs. PC Security,” ____.
Answer: (C) the comparison of Mac and Windows security is irrelevant
3.) According to Marius Oiaga, who wrote the article “Microsoft Does It Again: Vista Is the Safest –
Linux and Mac OS X Bite the Dust,” Windows Vista is more secure than Linux and OS X because
____.
Answer: (B) More vulnerabilities have been reported in Linux and OS X system than in Vista
system
4.) According to Jacob West, who wrote the article “Windows vs. Linux Security Strengths and
Weaknesses,” ____.
Answer: (D) the User Account Control in Windows 7 is less secure than the User Account Control
in Windows Vista.
5.) According to Dino Dia Zovi, who was quoted in the article “In Their Words: Experts Weigh in on
Mac vs. PC Security,” ____.
Answer: (A) Apples iPad is significantly more secure than Linux, Mac, or a PC.
Chapter One Labs
Kevin Kirch
CompTIA Security+
Due Next Week: Chapter 2 Questions
Lab 1.5 Review Questions
Paper Activity
After researching these five terms, write a one-page paper in which you define each term and give an
example of each in an information security context.
See: Next Page
1.) Using two firewalls by different vendors is an example of ____.
Answer: (B) Diversity
2.) Allowing only those who must use data to have access to it is called ____.
Answer: (D) Limiting
3.) A layered security approach refers to placing your weakest security controls closer to potential
attackers and placing your strongest security controls closer to the assets being protected. True
or False?
Answer: False
Reason: Does not fit the definition of layering, which does not elaborate on the strength of each
layer.
4.) An example of ____ is avoiding clear patterns of behavior, thus making attacks from outside
more difficult.
Answer: (C) Obscurity
5.) Decreasing the chance that security personel inadvertently misconfigure a system and decrease
its protection is accomplished by ____.
Answer: (C) Simplicity
Download