C837 - CIW WEB SECURITY ASSOCIATE |89 QUESTIONS AND ANSWERS.

What tool allows network administrators to capture and analyze data traversing their networks? Protocol analyzer Following a natural or manmade incident at your organization that involved loss of data from local HDDs and storage, what entity should you contact to enable recovery of data? Backup service What is a disadvantage of creating hashes of each file on an attached storage device? Places a performance burden on the host and slows its ability to respond to requests What is a primary disadvantage of asymmetric-key encryption? Slow speed due to high processing burden What defensive action will allow you to reduce severity of attacks involving specific services and protocols coming from outside of your network? Configure your firewall to filter out unwanted traffic based on protocol or services What is considered to be the most secure default firewall policy? Implicit Deny (Blocking all access by default, then allowing only specific, necessary connections) Common security threats to Web servers include, but are not limited to: CGI Scripts, SQL injections, Cross site scripting (XSS), DDOS What is the foundational component needed to be in place FIRST when creating a secure networking environment? Security Policy In considering authentication using HTTP vs HTTPS, which operates fully in the clear and introduces susceptibility man-in-the-middle attacks? HTTP What malicious logic, when installed on a system, replaces or modifies legitimate programs preventing them from functioning as expected in effort to hide malicious programs and activity? A root kit What organization maintains information about how to solve specific security problems and publishes security advisories? CERT When considering symmetric vs asymmetric encryption, and encryption speed is your #1 priority for the endeavor, which type would you choose? Symmetric In addition to normal day-to-day security scanning and operations conducted to protect your networked devices and systems, what action is imperative to compliment those actions and ensure you are protected against new threats, vulnerabilities and newly discovered bugs? Implement all regular and emergency system and software updates MD5 and SHA are examples of what type of mechanisms? Hash Algorithms What type of malicious logic contains programming code enabling it to execute differently each time it is run to evade detection by anti-virus software? Polymorphic What Public Key Infrastructure standard is used for digital certificates? X.509 Regarding IPSEC, which activity occurs during the Internet Key Exchange (IKE) before keys are exchanged (during main mode)? Authentication method and encryption type negotiation What will assist in addressing compromised regular user passwords being used to access a system? Strong password policy (set passwords to expire at specific intervals, length and complexity considerations etc) A Kerberos server acts as a trusted third party that provides what primary service? Authentication What attack involves an attacker sending a spoofed IP packet to a target system using the target system's IP address as the source and destination IP address? Land An instance in which an application is able to write data into an area of memory that has not been properly allocated to the application essentially describes what? Buffer overflow Most proxy-oriented firewalls operate at what layer of the OSI model? Layer 7, Application What is the primary use of one-way hash encryption? Signing files to preserve data integrity Regarding key transport in PKI, what is a function of the asymmetric-key-encryption algorithm? To encrypt the symmetric (shared) key before it is sent across Security breaches involving illegal compromise of sensitive customer information should always warrant notification who at a minimum? Affected customers, and law enforcement What is the primary drawback of using symmetric-key encryption? Difficulty with key transport/distribution across a network (Key exchange) When considering reconnaissance for a network attack, references to potential target areas such as kernel modules, etc/shadow file, Root UID, are indicative of what operation systems? *nix systems When considering reconnaissance for a network attack, references to potential target areas such as boot sector files, System32 DLL files, shared libraries, SAM file, and registry are indicative of what operation systems? Windows systems What type of attack involves an attacker sending a succession of SYN requests to a target system in an attempt to consume enough resources to make the system unresponsive to legitimate traffic? SYN Flood What is the best way to defend against (or at least make it more difficult for the attacker) password brute force and dictionary attacks? Implement and enforce a strong, organization-wide, password policy. A vulnerability that is unknown to those interested in mitigating it, is called what? Zero Day What are some standard details that should be included in documentation of an attack from an incident response perspective? The time and date of the attack, nature of attack, and the names of personnel contacted during the response, servers involved, applications used During incident response actions, system administrators and response team members should NOT panic and make snap decisions, but rather do what? Review and respond to the incident according to the established company policy and protocol If you are concerned with managing which objects are allowed to interact with which resources and to what extent, you are concerned with managing what? Access control What entity external to your organization can you leverage to assist you in investigating attacks involving high volumes of traffic flooding your network? Your Internet Service Provider (ISP)