• Choose a category
• All
• Classic-Fiction

6. B. The manager is the component that the operator uses to manage the IDS. The manager may be a graphical interface, a real-time traffic screen, or a command-line-driven environment.

7. A. A honeypot is a system that is intended to be sacrificed in the name of knowledge. Honeypot systems allow investigators to evaluate and analyze the attack strategies used. Law enforcement agencies use honeypots to gather evidence for prosecution.

8. A. Incident response is the process of determining the best method of dealing with a computer security incident.

9. C. Entrapment is the process of encouraging an individual to perform an unlawful act that they wouldn’t normally have performed.

10. C. Wireless Application Protocol (WAP) is an open international standard for applications that use wireless communication.

11. A. 802.11 operates on 2.4GHZ. This standard allows for bandwidths of 1Mbps or 2Mbps.

12. C. Wi-Fi Protected Access 2 (WPA2) was intended to provide security that’s equivalent to the security on a wired network and implements elements of the 802.11i standard.

13. D. A site survey is the process of monitoring a wireless network using a computer, wireless controller, and analysis software. Site surveys are easily accomplished and hard to detect.

14. A. IM users are highly susceptible to malicious code attacks such as worms, viruses, and Trojan horses. Ensure that IM users have up-to-date antivirus software installed.

15. B. Scanning is the process of gathering data about your network configuration and determining which systems are live.

16. A. Footprinting involves identifying your network and its security posture. Footprinting is done using multiple sources of information to determine what systems you may be using.

17. D. When an event is detected when it is happening, is is said to be detected in Real time.

18. A. Jamming is the process of intentionally disrupting communications in an IM session. Jamming is a loosely defined term, and it refers to any intentional disruption that isn’t a DoS attack.

19. A. Your user has just encountered an application-level DoS attack. This type of attack is common and isn’t usually fatal, but it’s very annoying. Your user should restart his system, verify that the website didn’t transmit a virus, and stay away from broadcasted websites.

20. A. An IDS will announce an event through an alert when suspicious activity is encountered.

Chapter 5

Implementing and Maintaining a Secure Network

THE FOLLOWING COMPTIA SECURITY+ EXAM OBJECTIVES ARE COVERED IN THIS CHAPTER:

✓ 1.3 Implement OS hardening practices and procedures to achieve workstation and server security.

■ Hotfixes

■ Service packs

■ Patches

■ Patch management

■ Group policies

■ Security templates

■ Configuration baselines

✓ 2.1 Differentiate between the different ports and protocols, their respective threats and mitigation techniques.

■ DNS poisoning

■ ARP poisoning

✓ 2.3 Determine the appropriate use of network security tools to facilitate network security.

■ Internet content filters

✓ 2.4 Apply the appropriate network tools to facilitate network security.

■ Internet content filters

✓ 3.7 Deploy various authentication models and identify the components of each.

■ LDAP

✓ 4.3 Within the realm of vulnerability assessments, explain the proper use of penetration testing versus vulnerability scanning.

✓ 4.4 Use monitoring tools on systems and networks and detect security-related anomalies.

■ Performance monitor

■ Systems monitor

■ Performance baseline

✓ 4.7 Conduct periodic audits of system security settings.

■ Group policies

✓ 5.1 Explain general cryptography concepts.

■ Whole disk encryption

The operating systems, applications, and network products you deal with are usually secure when they’re implemented the way the manufacturer intends. This chapter deals with the process of ensuring that the products you use are as secure as they