Objective 3.5: Security Baselines
Which of the following items relates to the fundamental principal of implementing security measures on computer equipment to ensure that minimum standards are being met?
Objectives 3.5.1: OS/NOS Hardening (Concepts and Processes)
You have just installed a Network Operating System (NOS) and want to establish a security baseline. Which of the following tasks should you perform to harden your new NOS? (Select all that apply.)
Check the installation CD for a valid expiration date
Check the manufacture's Web site for any additional service patches for the NOS
Lock the back of the computer with a padlock
Disable any unused services
Objective 220.127.116.11. File System
Which of the following file systems allows for both file and folder level permissions?
You want to harden your Linux file system by modifying folder permissions. Which command allows you to change folder permissions on a Linux system?
When would you consider restoring a clean version of a file from a backup?
When you are in a financial position to do so
When you have time to do so
When things are quiet at night
When a system file has become infected
Objective 18.104.22.168: Updates (Hotfixes, Service Packs, and Patches)
You frequently browse the Internet for new products and updates. You notice that one of your computer manufacturers has distributed a new security patch. When should you install this update?
As soon as possible to prevent catastrophic security threats
After you have tested the security patch on a nonproduction server
After you have called the manufacturer to verify the source
After you have verified that patch for safety on a production server
Objective 3.5.2: Network Hardening
Even in a large, mixed environment, TCP/IP is the protocol of choice for most networks. Which of the following protocols would you want to deny passage over your Firewall?
Objective 22.214.171.124: Updates (Firmware)
Which of the following terms refers to actions taken by a programmer to fix logic errors in a program under development before actual production?
Objective 126.96.36.199: Configuration
Which of the following steps might be appropriate to harden your network system? (Select all that apply.)
Configure ACL settings on select servers
Configure your servers to have unused services disabled
Configure your servers to all run NAT
Configure your servers to all run in promiscuous mode
Objective 188.8.131.52.1: Enabling and Disabling Services and Protocols
Which of the following is the best method to disable services?
Verify the dependencies of all unused services before removing
Verify the dependencies of all active services before removing
Verify the dependencies of all unused services after removing
Verify the dependencies of all active services after removing
There are several common TCP and UDP ports, some of which you may wish to disable. List the matching service provided by ports 20, 21, 23, 25, 42, 53, 67, 70, 80, 110, 119, 135, 139, 161, and 443. How many common ports do you recognize?
At least 13 of the 15 ports
At least 10 of the 15 ports
At least 5 of the 15 ports
At least 2 of the 15 ports
Your network administrator has found one of your unused server services enabled. What should you do?
Disable the unused service for security reasons after verifying dependencies
Monitor the unused service for security reasons before verifying dependencies
Troubleshoot the unused service for security reasons and functionality
Maintain the enabled unused service for security reasons and functionality
Objective 184.108.40.206.2: Access Control Lists
Which of the following hardening methods gives you the capability to deny access to one individual computer by IP address or computer name?
Access control lists
Objective 3.5.3: Application Hardening
Which of the following relates best to application hardening?
Buying the most recent application version available
Buying the most recent software package available
Configuring network applications with the most recent updates and service packs
Testing the most recent hotfixes, service packs, and patches after purchasing
Objective 220.127.116.11: Updates (Hotfixes, Service Packs, and Patches)
You are responsible for your network security. Where would you go to ensure that you have the most current network updates, including hotfixes, service packs, and patches?
Your purchasing manager
The manufacturer's Web site
Your network administrator
Objective 18.104.22.168: Web Servers
You have added a new Web server to your network. Which of the following are sound practices when checking a Web server for security features? (Select all that apply.)
Check with the vendor for the latest security patches for the Web software
Check the Web Server for any additional unused services
Check the Web Server for date of software distribution
Check the Internet for any reports of software vulnerabilities
Objective 22.214.171.124: Email Servers
Your small company is growing and has decided to host a Web page and dedicate a server for email. What protocol is used to support email traffic?
Which of the following functions has an email message relay agent?
You desire to protect your email server. What should you configure to protect your email server? (Select all that apply.)
SMTP relay settings
SNMP relay settings
Access control permissions
Objective 126.96.36.199: FTP Servers
What is the primary purpose of an FTP server?
Simplify storage of files
Allow for backup storage of files
Report security violations of files
Facilitate transfer of files
Which of the following is frequently used to send and receive text-based files and messages, including router configurations and ACL information?
File Transport Protocol (FTP)
Trivial File Transfer Protocol (TFTP)
Fast File Transfer Protocol (FFTP)
Trivial Transport Protocol (TTP)
Objective 188.8.131.52: DNS Servers
What is the primary function of a DNS server?
Resolve 32-bit addresses in IPv4
Find other DNS servers
Resolve Fully Qualified Domain Names to IP addresses
Find MAC, 48-bit hardware addresses
Which of the following is one of the most important tasks to perform when hardening a DNS server?
Check the forward lookup zone for proper connections
Perform a DNS recursive query
Check the reverse lookup zone for proper connections
Restrict zone transfers to authorized computers
Objective 184.108.40.206: NNTP Servers
Which of the following servers allows for a high volume of group network traffic and is a potential source for malicious code or DoS?
File and Print server
Which one of the following is an easy way to protect an NNTP server from malicious attacks?
Implement a firewall protection plan on the NNTP server
Use a bastion host on the NNTP server
Implement virus scanning on the NNTP server
Turn off the NNTP server, because there is no way to protect a NNTP server from malicious attacks
Objective 220.127.116.11: File/Print Servers
Because networks were created to share resources, file and print servers announce network shares by default. Which of the following provides the best hardening technique for file and print servers?
Limit access to less than ten users at a time
Configure network shares to the default settings
Evaluate and set each folder share for the appropriate file and folder permissions
Audit all folders for successful access
Objective 18.104.22.168: DHCP Servers
What is the primary network security concern with DHCP servers?
Statically configured clients have the same address as DHCP clients
A cracker pretending to be the DHCP server, maliciously spoofs DHCP clients
The DNS server can be vulnerable to DHCP changes, causing clients to disconnect
The router is no longer available to DHCP clients
Which of the following could pose a conflict of IP addressing for clients on your network, thereby removing them from your zone?
A primary DHCP server
A secondary DHCP server
A rogue DHCP server
An Active Directory DHCP server
Objective 22.214.171.124: Data Repositories
Which of the following are used as large Data Repositories? (Select all that apply.)
Objective 126.96.36.199.1: Directory Services
Which of the following is considered a Directory Service?
Lightweight Directory Access Protocol (LDAP)
Heavyweight Directory Access Protocol (HDAP)
Hierarchical Directory Access Protocol (HDAP)
Local Directory Access Protocol (LDAP)
Objective 188.8.131.52.2: Databases
Which of the following databases have this default security vulnerability: The "sa" account is established with a blank password?
Which of the following is the best definition for the term polyinstantiation?
Many instances or copies of a file
Keeping database information hidden
Many instances or copies of a database
Lower-level databases have access to many upper-level databases