How to Become CompTIA Certified:This training material can help you prepare for and pass a related CompTIA certification exam or exams.. In order to achieve CompTIA certification, you m
Trang 1Security+ Study Guide Second Edition
4350.book Page i Thursday, July 8, 2004 11:49 PM
Trang 24350.book Page ii Thursday, July 8, 2004 11:49 PM
Trang 3San Francisco • London
Study Guide Second Edition
Mike Pastore and Emmett Dulaney4350.book Page iii Thursday, July 8, 2004 11:49 PM
Trang 4Associate Publisher: Neil Edde
Acquisitions and Developmental Editor: Jeff Kellum
Production Editor: Susan Berge
Technical Editors: J Kevin Lundy, Jay Stephen Leeds
Copyeditor: Tiffany Taylor
Compositor: Craig Woods, Happenstance Type-O-Rama
Graphic Illustrator: Happenstance Type-O-Rama
CD Coordinator: Dan Mummert
CD Technician: Kevin Ly
Proofreaders: Laurie O’Connell, Nancy Riddiough
Indexer: Ted Laux
Book Designers: Bill Gibson, Judy Fung
Cover Designer: Archer Design
Cover Photograph: Photodisc and Victor Arre
Copyright © 2004 SYBEX Inc., 1151 Marina Village Parkway, Alameda, CA 94501 World rights reserved No part of this publication may be stored in a retrieval system, transmitted, or reproduced in any way, including but not limited to photocopy, photograph, magnetic, or other record, without the prior agreement and written per- mission of the publisher.
First edition copyright © 2003 SYBEX Inc.
Library of Congress Card Number: 2004104231
Comp-4350.book Page iv Thursday, July 8, 2004 11:49 PM
Trang 5How to Become CompTIA Certified:
This training material can help you prepare for and pass a related CompTIA certification exam or exams In order
to achieve CompTIA certification, you must register for and pass a CompTIA certification exam or exams.
In order to become CompTIA certified, you must:
(1) Select a certification exam provider For more information please visit http://www.comptia.org/certification/ general_information/test_locations.asp.
(2) Register for and schedule a time to take the CompTIA certification exam(s) at a convenient location (3) Read and sign the Candidate Agreement, which will be presented at the time of the exam(s) The text of the Candidate Agreement can be found at http://www.comptia.org/certification/general_information/candidate_ agreement.asp.
(4) Take and pass the CompTIA certification exam(s).
For more information about CompTIA’s certifications, such as their industry acceptance, benefits, or program news, please visit http://www.comptia.org/certification/default.asp.
CompTIA is a non-profit information technology (IT) trade association CompTIA’s certifications are designed
by subject matter experts from across the IT industry Each CompTIA certification is vendor-neutral, covers tiple technologies, and requires demonstration of skills and knowledge widely sought after by the IT industry.
mul-To contact CompTIA with any questions or comments:
Please call + 1 630 268 1818
questions@comptia.org
Sybex is an independent entity from CompTIA and is not affiliated with CompTIA in any manner Neither TIA nor Sybex warrants that use of this publication will ensure passing the relevant exam Security+ is either a registered trademark or trademark of CompTIA in the United States and/or other countries.
Comp-TRADEMARKS: SYBEX has attempted throughout this book to distinguish proprietary trademarks from descriptive terms by following the capitalization style used by the manufacturer.
The author and publisher have made their best efforts to prepare this book, and the content is based upon final release software whenever possible Portions of the manuscript may be based upon pre-release versions supplied
by software manufacturer(s) The author and the publisher make no representation or warranties of any kind with regard to the completeness or accuracy of the contents herein and accept no liability of any kind including but not limited to performance, merchantability, fitness for any particular purpose, or any losses or damages of any kind caused or alleged to be caused directly or indirectly from this book.
Manufactured in the United States of America
10 9 8 7 6 5 4 3 2 1
4350.book Page v Thursday, July 8, 2004 11:49 PM
Trang 6Software License Agreement: Terms and Conditions
The media and/or any online materials accompanying
this book that are available now or in the future contain
programs and/or text files (the "Software") to be used in
connection with the book SYBEX hereby grants to you
a license to use the Software, subject to the terms that
follow Your purchase, acceptance, or use of the
Soft-ware will constitute your acceptance of such terms.
The Software compilation is the property of SYBEX
unless otherwise indicated and is protected by copyright
to SYBEX or other copyright owner(s) as indicated in
the media files (the "Owner(s)") You are hereby
granted a single-user license to use the Software for your
personal, noncommercial use only You may not
repro-duce, sell, distribute, publish, circulate, or commercially
exploit the Software, or any portion thereof, without the
written consent of SYBEX and the specific copyright
owner(s) of any component software included on this
media.
In the event that the Software or components include
specific license requirements or end-user agreements,
statements of condition, disclaimers, limitations or
war-ranties ("End-User License"), those End-User Licenses
supersede the terms and conditions herein as to that
par-ticular Software component Your purchase,
accep-tance, or use of the Software will constitute your
acceptance of such End-User Licenses.
By purchase, use or acceptance of the Software you
fur-ther agree to comply with all export laws and
regula-tions of the United States as such laws and regularegula-tions
may exist from time to time.
Software Support
Components of the supplemental Software and any
offers associated with them may be supported by the
specific Owner(s) of that material, but they are not
sup-ported by SYBEX Information regarding any available
support may be obtained from the Owner(s) using the
information provided in the appropriate read.me files or
listed elsewhere on the media.
Should the manufacturer(s) or other Owner(s) cease to
offer support or decline to honor any offer, SYBEX
bears no responsibility This notice concerning support
for the Software is provided for your information only
SYBEX is not the agent or principal of the Owner(s),
and SYBEX is in no way responsible for providing any
support for the Software, nor is it liable or responsible
for any support provided, or not provided, by the
Owner(s).
Warranty
SYBEX warrants the enclosed media to be free of
phys-ical defects for a period of ninety (90) days after
pur-chase The Software is not available from SYBEX in any
other form or media than that enclosed herein or posted
to www.sybex.com If you discover a defect in the
media during this warranty period, you may obtain a replacement of identical format at no charge by sending the defective media, postage prepaid, with proof of pur- chase to:
SYBEX Inc.
Product Support Department
1151 Marina Village Parkway Alameda, CA 94501 Web: http://www.sybex.com After the 90-day period, you can obtain replacement media of identical format by sending us the defective disk, proof of purchase, and a check or money order for
$10, payable to SYBEX.
Disclaimer
SYBEX makes no warranty or representation, either expressed or implied, with respect to the Software or its contents, quality, performance, merchantability, or fit- ness for a particular purpose In no event will SYBEX, its distributors, or dealers be liable to you or any other party for direct, indirect, special, incidental, consequen- tial, or other damages arising out of the use of or inabil- ity to use the Software or its contents even if advised of the possibility of such damage In the event that the Soft- ware includes an online update feature, SYBEX further disclaims any obligation to provide this feature for any specific duration other than the initial posting The exclusion of implied warranties is not permitted by some states Therefore, the above exclusion may not apply to you This warranty provides you with specific legal rights; there may be other rights that you may have that vary from state to state The pricing of the book with the Software by SYBEX reflects the allocation of risk and limitations on liability contained in this agree- ment of Terms and Conditions.
Shareware Distribution
This Software may contain various programs that are distributed as shareware Copyright laws apply to both shareware and ordinary commercial software, and the copyright Owner(s) retains all rights If you try a share- ware program and continue using it, you are expected to register it Individual programs differ on details of trial periods, registration, and payment Please observe the requirements stated in appropriate files.
Copy Protection
The Software in whole or in part may or may not be copy-protected or encrypted However, in all cases, reselling or redistributing these files without authoriza- tion is expressly forbidden except as specifically pro- vided for by the Owner(s) therein.
4350.book Page vi Thursday, July 8, 2004 11:49 PM
Trang 7To Our Valued Readers:
Thank you for looking to Sybex for your Security+ exam prep needs We at Sybex are proud of our reputation for providing certification candidates with the practical knowledge and skills needed to succeed in the highly competitive IT marketplace Certification candidates have come
to rely on Sybex for accurate and accessible instruction on today’s crucial technologies and ness skills For the second year in a row, readers such as yourself voted Sybex as winner of the
busi-“Best Study Guides” category in the most recent CertCities Readers Choice Awards
Just as CompTIA is committed to establishing measurable standards for certifying IT security professionals by means of the Security+ certification, Sybex is committed to providing those individuals with the knowledge needed to meet those standards
The authors and editors have worked hard to ensure that the new edition of the Security+ Study Guide you hold in your hands is comprehensive, in-depth, and pedagogically sound We’re con-fident that this book will exceed the demanding standards of the certification marketplace and help you, the Security+ certification candidate, succeed in your endeavors
As always, your feedback is important to us If you believe you’ve identified an error in the book, please send a detailed e-mail to support@sybex.com And if you have general com-ments or suggestions, feel free to drop me a line directly at nedde@sybex.com At Sybex we’re continually striving to meet the needs of individuals preparing for certification exams Good luck in pursuit of your Security+ certification!
Neil EddeAssociate Publisher—CertificationSybex, Inc
4350.book Page vii Thursday, July 8, 2004 11:49 PM
Trang 8For John Pastore and Peter Steinberg, two fine young men who left us too soon They would want us to remember to enjoy life and care about each other They are truly missed
Trang 9I would like to thank Michael Pastore for creating this text in the first place and for providing such good material to work with Thanks also to Jeff Kellum, Susan Berge, Kevin Lundy, Tiffany Taylor, Steve Leeds, Kevin Ly, Dan Mummert, Laurie O’Connell, Nancy Riddiough, Happenstance Type-O-Rama, and Ted Laux for having a vision and making certain that it was met
4350.book Page ix Thursday, July 8, 2004 11:49 PM
Trang 10Contents at a Glance
4350.book Page x Thursday, July 8, 2004 11:49 PM
Trang 11Summary 36
Identifying Denial of Service (DoS) and
Encapsulation 62
4350.book Page xi Thursday, July 8, 2004 11:49 PM
Trang 12xii Contents
Summary 84
Firewalls 100Hubs 104Routers 105Switches 107
Modems 109
4350.book Page xii Thursday, July 8, 2004 11:49 PM
Trang 13WEP/WAP 179
Footprinting 184Scanning 185Summary 185
4350.book Page xiii Thursday, July 8, 2004 11:49 PM
Trang 14xiv Contents
Trang 15Summary 270
Confidentiality 295Integrity 296Authentication 297Non-Repudiation 299
Working with Registration Authorities and
Summary 312
PKIX/PKCS 326
4350.book Page xv Thursday, July 8, 2004 11:49 PM
Trang 16xvi Contents
X.509 327
CMP 330S/MIME 330SET 330SSH 331PGP 332HTTPS 333S-HTTP 334IPSec 334FIPS 335
WTLS 335WEP 335
Utilities 357
4350.book Page xvi Thursday, July 8, 2004 11:49 PM
Trang 17Contents xvii
Websites 421
Trang 18Table of Exercises
Exercise 1.1 Survey Your Physical Environment 6
Exercise 1.2 Survey Your Operational Environment .7
Exercise 1.3 Assemble and Examine Your Procedures 10
Exercise 1.4 Compute Availability 24
Exercise 1.5 Assign a Value to Data Assets 33
Exercise 2.1 Survey Your Surroundings 50
Exercise 2.2 Responding to an Attack 58
Exercise 3.1 Compile an Infrastructure List 99
Exercise 3.2 Decide Which Traffic to Allow Through 102
Exercise 3.3 Examine the Routing Table 107
Exercise 3.4 Look for Ways to Harden your Servers .117
Exercise 3.5 Understanding Tape Rotation Schemes 141
Exercise 4.1 View the Active TCP and UDP Ports .156
Exercise 4.2 Run Network Monitor 160
Exercise 4.3 Run a Practice Incident-Response Plan .176
Exercise 4.4 Make File Extensions Visible .183
Exercise 5.1 EAL from a Windows 2000 Administrator’s View .200
Exercise 5.2 Working with Performance Monitor .207
Exercise 5.3 Working with Unix/Linux Networking 210
Exercise 6.1 Security Zones in the Physical Environment 240
Exercise 6.2 Testing Social Engineering 245
Exercise 6.3 Risk Assessment Computations .256
Exercise 7.1 Working with rot13 284
Exercise 7.2 Hash Rules in Windows Server 2003 .287
Exercise 8.1 SSL Settings in Windows Server 2003 .329
Exercise 8.2 Looking for Errors in IPSec Performance Statistics .334
Exercise 9.1 Formulating Business Continuity Plans .358
Exercise 9.2 How Many Disks Does RAID Need? 363
Exercise 9.3 Automated System Recovery in Windows Server 2003 369
Exercise 9.4 Recovering a System 373
Exercise 10.1 Thinking Through a Chain of Custody 407
Exercise 10.2 Applying Education Appropriately .418
Exercise 10.3 Configuring Windows Automatic Updates 419
4350.book Page xviii Thursday, July 8, 2004 11:49 PM
Trang 19infor-mation as you can concerning computer and physical security The more inforinfor-mation you have at your disposal and the more hands-on experience you gain, the better off you’ll be when attempting the exam This study guide was written with that in mind We have attempted to dispense as much information as we can about computer security The key was to provide enough information that you’ll be prepared for the test but not so much that you’ll be overloaded with information outside the scope of the exam
This book presents the material at an intermediate technical level Experience with and understanding of security concepts, operating systems, and applications systems will help you get a full understanding of the challenges facing you as a security professional
We’ve included review questions at the end of each chapter to give you a taste of what it’s like to take the exam If you’re already working in the security field, we recommend that you check out these questions first to gauge your level of expertise You can then use the book mainly to fill in the gaps in your current knowledge This study guide will help you round out your knowledge base before tackling the exam
If you can answer 80 percent or more of the review questions correctly for a given chapter, you can probably feel safe moving on to the next chapter If you’re unable to answer that many correctly, reread the chapter and try the questions again Your score should improve
Don’t just study the questions and answers! The questions on the actual exam will be different from the practice questions included in this book and on the
CD The exam is designed to test your knowledge of a concept or objective, so use this book to learn the objective behind the question.
Before You Begin
Before you begin studying for the exam, it’s imperative that you understand a few things about the Security+ certification Security+ is a certification-for-life from CompTIA granted to those who obtain a passing score on a single entry-level exam In addition to being a stand-alone cer-tification that can be added to the bottom of your resume, Security+ can also be used as an elec-tive in Microsoft’s MCSA and MCSE tracks, and it counts as credit toward the security specializations Microsoft offers
When you’re studying for any exam, the first step in preparation should always be to find out
as much as possible about the test; the more you know up front, the better you can plan your study The current exam number, and the one this book is written to, is SY0-101; it consists of
100 questions You have 90 minutes to take the exam, and the passing score is 764 on a scale from 100 to 900 Both Pearson VUE and Thompson Prometric testing centers administer the exam throughout the United States and several other countries
4350.book Page xix Thursday, July 8, 2004 11:49 PM
Trang 20xx Introduction
The exam is multiple choice, with short, terse questions followed by four possible answers
If you expect lengthy scenarios and complex solutions, you’re mistaken This is an entry-level exam of knowledge-level topics; it expects you to know a great deal about security topics from
an overview perspective, not in implementation In many books, the glossary is filler added to the back of the text; this book’s glossary should be considered necessary reading You’re likely
to see a question on the exam about what reverse DNS is, not how to implement it Spend your study time learning the different security solutions and identifying potential security vulnera-bilities and where they would be applicable Don’t get bogged down in step-by-step details; those are saved for certification exams beyond the scope of Security+
You should also know that CompTIA is notorious for including vague questions on all its exams You might see a question for which two of the possible four answers are correct—but you can only choose one Use your knowledge, logic, and intuition to choose the best answer, and then move on Sometimes the questions are worded in ways that would make English majors cringe—a typo here, an incorrect verb there Don’t let this frustrate you; answer the question, and go to the next Although we haven’t intentionally added typos or other grammat-ical errors, the questions throughout this book make every attempt to re-create the structure and appearance of the real exam questions
In addition, CompTIA frequently includes “item seating,” which is the practice
of including unscored questions on exams The reason they do that is to gather psychometric data, which is then used when developing new versions of the exam Before you take the exam, you are told that your exam may include unscored questions In addition, if you come across a question that does not appear to map to any of the exam objectives—or for that matter, is not covered
in this exam—it is likely a seated question
Last, you need to know that the exam you’ll take was created at a certain point in time, and the questions were frozen at that time You won’t see a question about the new virus that hit your systems last week, but you’ll see questions about concepts that existed in 2002 when this exam was created Updates to the exam are a difficult process and result in an increment in the exam number when they’re finished
Why Become Security+ Certified?
stand out from the crowd In this age of technology certifications, you’ll find hundreds of sands of administrators who have successfully completed the Microsoft and Novell certification
will help you prepare for more advanced certifications, because it provides a solid grounding in security concepts and will give you the recognition you deserve
4350.book Page xx Thursday, July 8, 2004 11:49 PM
Trang 21Introduction xxi
you’re security certified, you’ll have the credentials to prove your competency And, tions can’t be taken from you when you change jobs—you can take that certification with you
certifica-to any position you accept
and dedicated are the ones who will most likely be promoted Becoming certified is a great way
to prove your skill level and show your employer that you’re committed to improving your skill set Look around you at those who are certified: They are probably the people who receive good pay raises and promotions
so that they stay up-to-date on the latest technologies Having a certification program in rity provides administrators with another certification path to follow when they have exhausted some of the other industry-standard certifications
undoubtedly require qualified staff to achieve these certifications Many companies outsource their work to consulting firms with experience working with security Firms that have certified staff have a definite advantage over firms that don’t
How to Become a Security+ Certified Professional
As this book goes to press, there are two Security+ exam providers: Thompson Prometric and Pearson VUE The following table contains all the necessary contact information and exam-specific details for registering Exam pricing may vary by country or by CompTIA membership
When you schedule the exam, you’ll receive instructions regarding appointment and lation procedures, ID requirements, and information about the testing center location In addi-tion, you’ll receive a registration and payment confirmation letter Exams can be scheduled up
cancel-to six weeks out or as late as the next day (or, in some cases, even the same day)
Exam prices and codes may vary based on the country in which the exam is administered For detailed pricing and exam registration procedures, please refer to CompTIA’s website, www.comptia.com
that is good for life Within four to six weeks of passing the exam, you’ll receive your official
Trang 22xxii Introduction
tak-ing the test, contact CompTIA directly ustak-ing the information found in your registration packet.)
Who Should Buy This Book?
If you want to acquire a solid foundation in computer security and your goal is to prepare for the exam by learning how to develop and improve security, this book is for you You’ll find clear explanations of the concepts you need to grasp and plenty of help to achieve the high level
of professional competency you need in order to succeed in your chosen field
However, if you just want to attempt to pass the exam without really understanding security, this study guide isn’t for you It’s written for people who want to acquire hands-on skills and in-depth knowledge of computer security
In addition to reading the book, you might consider downloading and reading the white papers on security that are scattered throughout the Internet.
How to Use This Book and the CD
We’ve included several testing features in the book and on the CD-ROM These tools will help you retain vital exam content as well as prepare to sit for the actual exam:
Before You Begin At the beginning of the book (right after this introduction) is an assessment test you can use to check your readiness for the exam Take this test before you start reading the book; it will help you determine the areas you may need to brush up on The answers to the assess-ment test appear on a separate page after the last question of the test Each answer includes an explanation and a note telling you the chapter in which the material appears
are review questions at the end of each chapter As you finish each chapter, answer the review questions and then check your answers—the correct answers appear on the page following the last review question You can go back to reread the section that deals with each question you got wrong to ensure that you answer correctly the next time you’re tested on the material
These are short question and answers, just like the flashcards you probably used to study in school You can answer them on your PC or download them onto a Palm device for quick and convenient reviewing
can identify weak areas up front and then develop a solid studying strategy using each of these robust testing features Our thorough readme file will walk you through the quick, easy instal-lation process
4350.book Page xxii Thursday, July 8, 2004 11:49 PM
Trang 23Introduction xxiii
In addition to taking the assessment test and the chapter review questions in the test engine, you’ll find two sample exams Take these practice exams just as if you were taking the actual exam (without any reference material) When you’ve finished the first exam, move on to the next one to solidify your test-taking skills If you get more than 90 percent of the answers cor-rect, you’re ready to take the certification exam
format so you can easily read it on any computer If you have to travel but still need to study for the exam, and you have a laptop with a CD-ROM drive, you can carry this entire book with you
Exam Objectives
CompTIA goes to great lengths to ensure that its certification programs accurately reflect the IT industry’s best practices The company does this by establishing Cornerstone committees for each of its exam programs (Sybex is a Cornerstone member of the Security+ exam.) Each com-mittee comprises a small group of IT professionals, training providers, and publishers who are responsible for establishing the exam’s baseline competency level and who determine the appro-priate target audience level Once these factors are determined, CompTIA shares this informa-tion with a group of hand-selected Subject Matter Experts (SMEs) These folks are the true brainpower behind the certification program In the case of this exam, they are IT-seasoned pros from the likes of Microsoft, Sun Microsystems, Verisign, and RSA Security, to name just a few They review the committee’s findings, refine them, and shape them into the objectives you see before you CompTIA calls this process a Job Task Analysis (JTA) Finally, CompTIA conducts
a survey to ensure that the objectives and weightings truly reflect the job requirements Only then can the SMEs go to work writing the hundreds of questions needed for the exam And, in many cases, they have to go back to the drawing board for further refinements before the exam
is ready to go live in its final state So, rest assured the content you’re about to learn will serve you long after you take the exam
Exam objectives are subject to change at any time without prior notice and at CompTIA’s sole discretion Please visit the certification page of CompTIA’s website at www.comptia.org for the most current listing of exam objectives.
CompTIA also publishes relative weightings for each of the exam’s objectives The following
the exam For example, expect to spend more time answering questions that pertain to tication from the first domain, General Security Concepts, than questions on algorithms from the fourth domain, Basics of Cryptography As you use this study guide, you’ll find that we have administered just the right dosage of objective knowledge to you by tailoring our coverage to mirror the percentages that CompTIA uses
authen-4350.book Page xxiii Thursday, July 8, 2004 11:49 PM
Trang 24xxiv Introduction
1.0 General Security Concepts
risks of those services and protocols
vulnerability and risk
Trang 25take to mitigate vulnerability and risk
2.0 Communication Security
technologies
2.2 Recognize and understand the administration of the following email security concepts
Trang 26xxvi Introduction
2.3 Recognize and understand the administration of the following Internet security concepts
2.4 Recognize and understand the administration of the following directory security concepts
and concepts
Trang 28xxviii Introduction
3.4 Differentiate the following types of intrusion detection, be able to explain the concepts of
each type, and understand the implementation and configuration of each kind of intrusion detection system
3.5 Understand the following concepts of Security Baselines, be able to explain what a
Secu-rity Baseline is, and understand the implementation and configuration of each kind of intrusion detection system
Trang 305.3 Understand the security implications of the following topics of business continuity
Trang 31Introduction xxxi
5.5 Explain the following concepts of privilege management
5.8 Understand the security relevance of the education and training of end users, executives
and human resources
5.9 Understand and explain the following documentation concepts
Trang 32Tips for Taking the Security+ Exam
Here are some general tips for taking your exam successfully:
other can be a major credit card or a passport Both forms must include a signature
particu-larly tables and lists of exam-related information
you know exactly what the question is asking
cor-rect answer, a message at the bottom of the screen will prompt you to either “Choose two”
or “Choose all that apply.” Be sure to read the messages displayed to know how many rect answers you must choose
elimi-nation to get rid of the obviously incorrect answers first Doing so will improve your odds
if you need to make an educated guess
save them for last You can move forward and backward through the exam
Comp-TIA’s website at www.comptia.org
About the Authors
experience in IT, including management, administration, and development He has consulted with a number of organizations on computer and computer security issues Mike has been involved in CompTIA certifications for several years, and he has worked with CompTIA on several exams He also teaches computer and management topics at several colleges You can e-mail him at mikepast@aol.com
Emmett Dulaney holds, or has held, 18 vendor certifications and is the author of over 30 books The former Director of Training for Mercury Technical Solutions, he specializes in cer-tification and cross-platform integration Emmett can be reached at edulaney@iquest.net
Trang 34xxxiv Assessment Test
7. Which design concept limits access to systems from outside users while protecting systems in an inside LAN?
12. The integrity objective addresses which characteristic of information security?
Trang 3516. Which mechanism or process is used to enable or disable access to a network resource based on
17. Which of the following would provide additional security to an Internet web server?
18. What type of program exists primarily to propagate and spread itself to other systems?
D. Worm
Trang 36xxxvi Assessment Test
19. An individual presents himself at your office claiming to be a service technician He wants to cuss your current server configuration This may be an example of what type of attack?
20. Which of the following is a major security problem with FTP servers?
21. Which system would you install to provide active protection and notification of security lems in a network connected to the Internet?
Trang 37Assessment Test xxxvii
25. Which algorithm is used to create a temporary secure session for the exchange of key information?
Trang 38xxxviii Answers to Assessment Test
Answers to Assessment Test
1. A A privilege audit is used to determine that all groups, users, and other accounts have the appropriate privileges assigned according to the policies of an organization For more informa-tion, see Chapter 9
2. D A mantrap is a device, such as a small room, that limits access to a small number of viduals Mantraps typically use electronic locks and other methods to control access For more information, see Chapter 6
indi-3. B Public Key Cryptography Standards are a set of voluntary standards for public key raphy This set of standards is coordinated by RSA Incorporated For more information, see Chapter 7
cryptog-4. B Wired Equivalent Privacy (WEP) is designed to provide security equivalent to that of a wired network WEP has vulnerabilities and isn’t considered highly secure For additional informa-tion, see Chapter 4
5. C The Process layer interfaces with applications and encapsulates traffic through the Host or Transport layer, the Internet layer, and the Network Access layer For more informa-tion, see Chapter 2
Host-to-6. B L2TP (Layer 2 Tunneling Protocol) is a tunneling protocol that can be used between LANs L2TP isn’t secure, and you should use IPSec with it to provide data security
For more information, see Chapter 3
7. A A DMZ (demilitarized zone) is an area in a network that allows restrictive access to
untrusted users and isolates the internal network from access by external users and systems It does so by using routers and firewalls to limit access to sensitive network resources For more information, see Chapter 1
8. C A key recovery process must be able to recover a previous key If the previous key can’t be recovered, then all the information that used the key will be irrecoverably lost For more infor-mation, see Chapter 8
9. D A flood attack is designed to overload a protocol or service by repeatedly initiating a request for service This type of attack usually results in a DoS (denial of service) situation occurring, due
to the protocol freezing or excessive bandwidth usage in the network as a result of the requests For more information, see Chapter 2
10. B A sensor collects data from the data source and passes it on to the analyzer If the analyzer determines that unusual activity has occurred, an alert may be generated For additional infor-mation, see Chapter 4
11. A Hardening is the term used to describe the process of securing a system This is accomplished
in many ways, including disabling unneeded protocols For additional information on ing, see Chapter 5
Trang 39harden-Answers to Assessment Test xxxix
12. A The goal of integrity is to verify that information being used is accurate and hasn’t been tampered with Integrity is coupled with accountability to ensure that data is accurate and that a final authority exists to verify this, if needed For more information, see Chapter 1
13. D Online Certificate Status Protocol (OCSP) is the mechanism used to immediately verify
whether a certificate is valid The CRL (Certificate Revocation List) is published on a regular
basis, but it isn’t current once it’s published For additional information, see Chapter 7
14. B Partitioning is the process of breaking a network into smaller components that can each be individually protected The concept is the same as building walls in an office building For addi-tional information, see Chapter 6
15. A IM and other systems allow unsuspecting users to download files that may contain viruses Due to a weakness in the file extensions naming conventions, a file that appears to have one extension may actually have another extension For example, the file mydocument.doc.vbs would appear in many applications as mydocument.doc, but it’s actually a Visual Basic script and could contain malicious code For additional information, see Chapter 4
16. B Access Control Lists (ACLs) are used to allow or deny an IP address access to a network ACL mechanisms are implemented in many routers, firewalls, and other network devices For additional information, see Chapter 5
17. B The default port for a web server is port 80 By changing the port to 1019, you force users
to specify this port when they are using a browser This action provides a little additional rity for your website Adding a firewall to block port 80 would secure your website so much that
secu-no one would be able to access it For more information, see Chapter 3
18. D A worm is designed to multiply and propagate Worms may carry viruses that cause system destruction, but that isn’t their primary mission For more information, see Chapter 2
19. A Social engineering is the method of using human intelligence methods to gain access or mation about your organization For additional information, see Chapter 6
infor-20. C In most environments, FTP sends account and password information unencrypted This makes these accounts vulnerable to network sniffing For additional information, see Chapter 5
21. A An Intrusion Detection System provides active monitoring and rules-based responses to unusual activities on a network A firewall provides passive security by preventing access from unauthorized traffic If the firewall were compromised, the IDS would notify you based on rules it’s designed to implement For more information, see Chapter 3
22. B The chain of custody ensures that each step taken with evidence is documented and accounted for from the point of collection Chain of custody is the Who, What, When, Where, and Why of evidence storage For additional information, see Chapter 10
23. A Steganography is the process of hiding one message in another Steganography may also be referred to as electronic watermarking For additional information, see Chapter 7
24. C The use policy is also referred to as the usage policy It should state acceptable uses of computer and organizational resources by employees This policy should outline consequences of noncompli-ance For additional information, see Chapter 10
Trang 40xl Answers to Assessment Test
25. B The Key Exchange Algorithm (KEA) is used to create a temporary session to exchange key information This session creates a secret key When this key has been exchanged, the regular session begins For more information, see Chapter 8
26. A Elliptic Curve Cryptography (ECC) would probably be your best choice for a PDA ECC is designed to work with smaller processors The other systems may be options, but they require more computing power than ECC For additional information, see Chapter 7
27. B An incremental backup will generally be the fastest of the backup methods because it backs up only the files that have changed since the last incremental or full backup See Chapter 9 for more information
28. C Biometrics is the authentication process that uses physical characteristics, such as a palm print or retinal pattern, to establish identification For more information, see Chapter 1
29. C Role-Based Access Control (RBAC) is primarily concerned with providing access to systems that a user needs based on the user’s role in the organization For more information, see Chapter 9
30. A Computer forensics is the process of investigating a computer system to determine the cause
of an incident Part of this process would be gathering evidence For additional information, see Chapter 10