Exam Notes for Security+

Page1    Page2    Page3    Page4    Page5    Page6    Page7

41. Disaster recovery plan is also called as business continuity plan or business process continuity plan. A DRP should include information security, asset security, and financial security plans.

42. Note that the divisions do not want the information to be made available to the group personnel only. A role based access control is suitable under this situation because it provides security, as well as flexibility. Here individual users are given privileges based on their respective roles in the organization rather than by name.

43. Kerberos require that the time sources are approximately in synchronization (with in 5 minutes) with each other. However, with recent revisions of Kerberos software, this rule has become flexible.

44. The process of securing a computer system is called Hardening. There are several things that one need to remember for hardening a PC. These include:

1. Removing non-essential programs, and services. These may provide back-doors for an attacker.
2. Installing an anti-virus package, and a spyware remover
3. Removing unnecessary protocols. If you are using only TCP/IP (required for connecting to the Internet), keep that protocol and remove all other protocols.
4. Disable guest account
5. Rename Administrator account
6. Enable auditing, so that you can view any logon attempts.
7. Installing latest patches, and service packs to operating system, and software.

45. A properly managed tape backups should include the following:

1. Regular backups according to a pre-determined plan
2. Verifying the backup tapes for integrity
3. Labeling tapes properly for easy and unique identification
4. Storing tapes securely at off-site location
5. Destroying data on old tapes before disposing off the same

46. The Layer 2 Tunnel Protocol (L2TP) is a standard that combines the best features of: Cisco's Layer 2 Forwarding (L2F) and Microsoft's Point-to-Point Tunneling Protocol (PPTP). L2TP does not provide information confidentiality by itself. IPSec is normally used in combination with L2Tp for providing confidentiality of communication.
PGP is used primarily for securing email communications.

47. Advantages of fiber optic cable over CAT5 cable include the following:

• It provides communication over longer distance
• It is difficult to tap into a fiber optic cable
• It provides higher communication bandwidth
• It is more immune to external interference

However, from security point of view, two chief advantages are a. difficulty to tap, and b. immunity to external interference, which makes the communication not easily interruptible.
48. A few techniques used by IDS (Intrusion Detection Systems) include the following:

• Anomaly detection
• Signature detection
• Target monitoring, and
• Stealth probes

Anomaly detection method establishes a baseline of normal usage patterns, and anything that widely deviates from the baseline is investigated for possible intrusion. An example of this would be if a user logs on and off of a machine 10 times a day instead of the normal once or twice a day.
Signature detection uses specifically known patterns of unauthorized behavior to predict and detect subsequent similar attempts. These specific patterns are called signatures.
Target monitoring systems do not actively search for anomalies or misuse, but instead look for the modification of specified files.

49. In public key infrastructure:
A key is required to encode/decode a message, and the security of a message depends on the security of key.
A cipher text is the encoded message, and
A certificate is a digitally signed document by a trusted authority.

50. Staff training is the most effective tool for preventing attacks by social engineering.

51. A certificate revocation list (CRL) is a list of certificates, which have been revoked, and are no longer valid.

52. A back door is a program that allows access to the system without usual security checks. These are caused primarily due to poor programming practices.

The following are know back door programs:

1. Back Orifice: A remote administration program used to remotely control a computer system.
2. NetBus: This is also a remote administration program that controls a victim computer system over the Internet. Uses client –server architecture. Server resides on the victim’s computer and client resides on the hackers computer. The hacker controls the victim’s computer by using the client.
3. Sub7: This is similar to Back Orifice, and NetBus. Used to take control of victim’s computer over the Internet.

53. There are primarily three types of backups:

1. Full backup
2. Differential backup
3. Incremental backup

1. Full backup: Here all the data gets backed up. It usually involves huge amounts of data for large systems, and may take hours to complete. A full backup is preferred instead of incremental or differential backups where it is feasible. However, when there is large amount of data, full backup is done once in a while and incremental or differential backups are done in between. A backup plan is usually put in place prior to taking backup of data.

2. Differential backup: A differential backup includes all the data that has changed since last full backup. The “differential backup” that was taken earlier (after the “full backup” but before the current “differential backup”) becomes redundant. This is because all changed data since last “full backup” gets backed up again.

3. Incremental backup: It includes all the data changed since last incremental backup. Note that for data restoration the full backup and all incremental backup tapes since last full backup are required. The archive bit is set after each incremental backup. Incremental backup is useful for backing up large amounts of data, as it backs up only the changes files since previous incremental backup.

54. There are primarily 5 classes of fire:

• Class 'A' Fire: Involves ordinary combustible materials such as wood, cloth and paper. Most fires are of this class.
• Class 'B' Fire: Involves flammable liquids or liquid flammable solids such as petrol, paraffin, paints, oils, greases and fat.
• Class 'C' Fire: Involves gases. Gaseous fires should be extinguished only by isolating the supply. Extinguishing a gas fire before the supply is off may cause an explosion.
• Class 'D' Fire: Involves burning metals. These should only be dealt with, by using special extinguishers, by personnel trained in the handling of combustible metals.
• Class 'F' Fire: Involves flammable liquids (Deep Fat Fryers)

The first three classes are most common.

55. Nonrepudiation is used to ensure that a sender cannot refuse later that he had not sent the message. A digital signature on the message ensures that the sender is the original sender of the electronic message.

56. Honeypot is the correct answer. Honeypots are designed such that they appear to be real targets to hackers. That is a hacker can not distinguish between a real system and a decoy. This enables lawful action to be taken against the hacker, and securing the systems at the same time.

57. CHAP (Challenge Handshake Authentication Protocol) works on point to point connections. It uses a three step process for authentication (excluding making the connection itself). If making the connection is also involved, it would be a 4 step process.

58. Social Engineering: Social Engineering exploits human behaviour. Nonrepudiation ensures that the sender of a message or contract can not refuse having sent the message or signed the contract at a later date. This is done by mean of digital signature. Retrenchment is not the correct answer. Separation of duties ensures that the vital activities are bifurcated among several individuals. This ensures that one or two individuals can not perform a fraud.

59. Vulnerability testing is part of testing corporate assets for any particular vulnerability. These may include:

1. Blind testing: Here the hacker doesn’t have a prior knowledge of the network. It is performed from outside of a network.
2. Knowledgeable testing: Here the hacker has a prior knowledge of the network.
3. Internet service testing: It is a test for vulnerability of Internet services such as web service.
4. Dial-up service testing: Here the hacker tries to gain access through an organization’s remote access servers.
5. Infrastructure testing: Here the infrastructure, including protocols and services are tested for any vulnerabilities.
6. Application testing: The applications that are running on an organization’s servers are tested here.

Vulnerability assessment is part of an organization’s security architecture.

60. VPN stands for Virtual Private Networking. PPTP (Point to Point Tunneling Protocol), and L2TP (Layer 2 Tunneling Protocol) are used for VPN.

Page1    Page2    Page3    Page4    Page5    Page6    Page7