CH 13

• The office manager informs you that her desktop system will no longer boot and asks you to repair or replace it, recovering as much data as possible in the process. You carry the workstation out to your car and bring it back to your office to work on it.
What securityrelated recommendations should you make to this client?
Implement a hardware checkout policy
What is a secure doorway that can be used in coordination with a mantrap to allow easy egress from a secured environment but which actively prevents re-entrance through the exit portal?
Which of the following are solutions that address physical security?(Select two)
Require identification and name badges for all employees //Escort visitors at all times
Which of the following can be used to stop piggybacking that has been occurring at the front entrance where employees should swipe their smart cards to gain entry?
Deploy a mantrap
You want to use CCTV to increase the physical security of your building. Which of the following camera types would offer the sharpest image at the greatest distance under the lowest lighting conditions?
500 resolution, 50mm, .05 LUX
You want to use CCTV to increase your physical security. You want to be able to remotely control the camera position. Which type of camera should you choose?
You want to use CCTV as a preventative security measure. Which of the following is a requirement for your plan?
Security guards
Which of the following CCTV types would you use in areas with little or no lights?
Which of the following CCTV camera types lets you adjust the distance that the camera can see?
Which of the following controls is an example of a physical access control method?
Locks on doors
You have 5 salesmen who work out of your office and who frequently leave their laptops laying on their desk in their cubicles. You are concerned that someone might walk by and take one of these laptops.
Which of the following is the best protection to implement to address your concerns?
Use cable locks to chain the laptops to the desks
Match each physical security control on the left with an appropriate example of that control on
the right. Each security control may be used once, more than once, or not at all.
Hardened carrier
Protected cable distribution
Biometric authentication
Door locks
Perimeter barrier
Emergency escape plans
Alarmed carrier
Protected cable distribution
Antipassback system
Physical access control
Emergency lighting
Exterior floodlights
Perimeter barrier
• You notice that a router/firewall/content filter UTM device has been implemented in the server closet to protect the internal network from external attacks.
Which securityrelated recommendations should you make to this client? (Select two.)
Control access to the work area with locking doors and proximity readers.
//Relocate the switch to the locked server closet.
Which of the following is the most important thing to do to prevent console access to a network
Keep the switch in a room that uses a cipher lock.
You’ve just deployed a new Cisco router that connects several network segments in your organization.
The router is physically located in a cubicle near your office. You’ve backed up the router configuration to a remote location in an encrypted file. You access the router configuration interface from your notebook computer using an SSH client with a user name of admin01 and a password of [email protected] You have used the MD5 hashing algorithm to protect the password.
What should you do to increase the security of this device?
Move the router to a secure server room
What is the primary countermeasure to social engineering?
Which of the following are examples of social engineering?
Dumpster diving //Shoulder surfing
How can an organization help prevent social engineering attacks?
Publish and enforce clearly written security policies //Educate employees on the risks and countermeasures
Users on your network report that they have received an email stating that the company has just launched a new website. The email asks employees to click the website link in the email and log in using their username and password. No one in your company has sent this email.
What type of attack is this?
A senior executive reports that she received a suspicious email concerning a sensitive, internal project that is behind production. The email is sent from someone she doesn’t know and he is asking for immediate clarification on several of the project’s details so the project can get back on schedule. Which type of an attack best describes the scenario?
Which of the following is a common form of social engineering attack?
Hoax virus information e-mails
Which of the following is not a form of social engineering?
Impersonating a user by logging on with stolen credentials
You have just received a generic-looking email that is addressed as coming from the administrator of your company. The email says that as part of a system upgrade, you are to go to a website and enter your username and password at a new website so you can manage your email and spam using the new service. What should you do?
Verify that the email was sent by the administrator and that this new service is legitimate
On your way into the back entrance of the building at work one morning, a man dressed as a plumber asks you to let him in so he can “fix the restroom.”
What should you do?
Direct him to the front entrance and instruct him to check in with the receptionist.
Dumpster diving is a low-tech means of gathering information that may be useful in gaining unauthorized access, or as a starting point for more advanced attacks. How can a company reduce the risk associated with dumpster diving?
Establish and enforce a document destruction policy
What is the primary difference between impersonation and masquerading?
One is more active, the other is more passive
Match the social engineering description on the left with the appropriate attack type on the right.
-An attacker sends an email pretending to be from a trusted organization, asking users to access a website to verify personal information.
-An attacker gathers personal information about the target individual, who is a CEO.
Spear phishing
-An attacker gathers personal information about the target individual in an organization.
Dumpster diving
-An attacker searches through an organization’s trash for sensitive information.
-An attacker enters a secured building by following an authorized employee through a secure
door without providing identification.
-An attacker uses a telephone to convince target individuals to reveal their credit card
Which type of social engineering attack uses peer pressure to persuade someone to help an attacker?
Social validation
Which of the following social engineering attacks use Voice over IP (VoIP) to gain sensitive information?
Which of the following protocols can be used to securely manage a network device from a remote connection?
You want to allow traveling users to connect to your private network through the Internet. Users will connect from various locations including airports, hotels, and public access points such as coffee shops and libraries. As such, you won’t be able to configure the firewalls that might be controlling access to the Internet in these locations.
Which protocol does HTTPS use to offer greater security for Web transactions?
You can use a variety of methods to manage the configuration of a network router. Match the
management option on the right with its corresponding description on the left. (Each option can
be used more than once.)
Uses publickey cryptography
Transfers data in clear text
Uses publickey cryptography
Transfers data in clear text
Console port
Cannot be sniffed
Telnet is inherently insecure because its communication is in plain text and is easily intercepted.
Which of the following is an acceptable alternative to Telnet?
Which security protocols use RSA encryption to secure communications over an untrusted
network? (Select two.)
Secure Sockets Layer
Transport Layer Security
Which of the following protocols are often added to other protocols to provide secure transmission of data? (Select two.)
Hi there, would you like to get such a paper?
How about receiving a customized one?
Check it out
For Only $13.90/page