Professional Documents
Culture Documents
• Layer1:Physical Layer
• Layer2:Data Link Layer
• Layer3: Network Layer
• Layer4: Transport Layer
• Layer5: Session Layer
• Layer6: Presentation Layer
• Layer7: Application Layer
The OSI reference model specifies standards for describing “Open Systems Interconnection”. The
term ‘open’ was chosen to emphasise the fact that by using these international standards, a system
may be defined which is open to all other systems obeying the same standards throughout the
world.
It consists of 7 Layers with each Layer being functionally independent of the others. Control is
passed from one layer to the next, starting at the top and proceeding to the bottom layer, over the
channel to the other station and back up the layers. The receiving layer at the destination host
receives exactly the same object as sent by the matching layer at the source host. This is shown in
the diagram below:
The layers are in two groups. The upper four layers are used whenever a message passes from or
to a user. The lower three layers are used when any message passes through the host computer.
Messages intended for this computer pass to the upper layers. Messages destined for some other
host are not passed up to the upper layers but are forwarded to another host.
The sending process passes data to the application layer. The application layer attaches an
application header and then passes the frame to the presentation layer.
The presentation layer can transform data in various ways, if necessary, such as by translating it and
adding a header. It gives the result to the session layer. The presentation layer is not aware of which
portion (if any) of the data received from the application layer is the application header and which
portion is actually user data, because that information is irrelevant to the presentation layer’s role.
The process of adding headers is repeated from layer to layer until the frame reaches the data link
layer. There, in addition to a data-link header, a data-link trailer is added. The data-link trailer
contains a checksum and padding if needed. This aids in frame synchronization. The frame is
passed down to the physical layer, where it is transmitted to the receiving host. On the receiving
host, the various headers and the data trailer are stripped off one by one as the frame ascends the
layers and finally reaches the receiving process.
Testinside v3.29 769
Books:
Sybex Deluxe Edition 2008
Videos:
Learnkey
VTC
Ports between 1024 and 29151 are known as the Registered Ports. Basically,
programs are supposed to register their use of these ports and thereby try to be
careful and avoid stomping on each other. Here are some common ports and their
programs.
4. You are performing risk assessment for an organization. What should you do during
impact assessment?
5.
Determine the potential monetary costs related to a threat.
Asymmetric key
Symmetric key
TPM
You are preparing to perform vulnerability analysis on a network. Which tools require a computer
with a network adapter that can be placed in promiscuous mode? (Choose two.)
Vulnerability scanner
Network mapper
Port scanner
Password cracker
Protocol analyzer
The 802.11i standard specifies support for which encryption algorithms? (Choose two.)
DES
ECC
TKIP
RSA
AES
You have several computers that use the NTLM authentication protocol for client authentication.
Network policy requires user passwords with at least 16 characters.
LM hash
AES
SHA
MD5
You need to ensure that a critical server has minimal down time. You need to ensure data fault
tolerance for the server.
Deploy a UPS.
Use RAID.
You are preparing to deploy an e-commerce Web site. The Web site uses
dynamically generated Web pages based on user input. This is a requirement for
the application running on the Web site. You need to design the site to prevent
cross-site scripting attacks. You need to choose the most appropriate action to take.
That should you do? Implement user input validation.
You discover that when network users attempt to navigate to your company's
public Web site, they are being redirected to a different Web site. This is an
example of what type of attack? DNS poisoning
You are designing network access control so that remote users are limited to
accessing the network during normal business hours only. Policies regarding user
access apply to all users.
This is an example of what type of access control? Rule-based access control
What protocol is used to encrypt e-mail messages for transmission and delivery?
Secure Multipurpose Internet Mail Extension (S/MIME)
You want to create a document that describes what types of things employees are
permitted to do regarding e-mail and Web usage. Acceptable use policy
You are looking for ways to protect data on a network. Your solution should:
Which solution should you use? Use file servers attached to an NAS system. Lock
the file servers and NAS in a secure area.
You suspect that an attacker is sending damaged packets into your network as a
way to compromise your firewall. You need collect as much information about
network traffic as possible.
You are designing a secure application environment. You need to ensure that data
is kept as secure as possible. You need to select the strictest access control model.
What access control model should you use? You should use the mandatory access
control (MAC) model.
Why should you require the sender to digitally sign sensitive e-mail messages? To
provide for nonrepudiation.
Your office is TEMPEST-compliant. This prevents what potential risk? Using a cell
phone to access unauthorized Web sites.
What should you do first if you discover a rogue AP on your LAN? Immediately
disconnect the rogue AP from your network.
The process of logging onto a network with a user name and password is an
example of which of the following? Authentication
Your network is protected from the Internet by a firewall. You are concerned about
potential risks in the firewall protection.
What should you do? Scan the firewall's incoming ports with a port scanner.
Which type of encryption should you use? Advanced Encryption Standard (AES) is
a symmetric key encryption algorithm.
You are brought in to assist on a local area network configured with a single
network address. Network clients access the Internet through a wireless access
point that is also a high-bandwidth Internet gateway connected to a cable modem.
You discover that some network traffic is being redirected to a client that is infected
with a Trojan. The IP addresses and MAC addresses on the redirected packets do
not match up correctly. All packets have the MAC address of the infected system.
The IP addresses are legitimate host addresses.
Of what kind of attack is this a symptom? Address Resolution Protocol (ARP)
poisoning.
You deploy a two-factor authentication system for your network computers using a
smart card and PIN. Despite this, unauthorized personnel are gaining access to the
network.
What should you do to help prevent this in the future? Improve user education
and awareness training.
You need to determine which ports are open on your perimeter network's firewall.
You need to dispose of several computers. You want to ensure that the highly
confidential medical patient information on the hard drives cannot be recovered.
What should you do? Use a third-party company to destroy/shred/melt the drives.
A critical Web server is targeted by an attacker for buffer overflow attacks. Capture
of user input contains packets with a long string of no operation (NOP) commands
coming from various Internet IP addresses. You need to minimize the affect of these
attacks.
What should you do? Check all user input for validity &
Your network has servers that are configured as member servers in a Windows
Active Directory domain. You need to minimize the risk of unauthorized persons
logging on locally to the servers. The solution should have minimal impact on local
management and administration and should not limit administrator access.
What should you do? Require strong passwords. & Rename the local default
accounts.
You want to be able to identify changes in activity in critical Windows servers that
might identify attempts to compromise the server or its data. You have installed
security software such as antivirus software on the servers and have locked down
the server configurations.
Your company has a Web farm that runs an e-commerce Web site. There are four
servers in the Web farm. The Web farm is supported by a database server.
A computer configured as a router protects your network from the Internet. You
discover that the router has been reconfigured.
What does LDAP use to provide security? It uses Transport Layer Security (TLS) to
provide confidentiality and data integrity.
One of your colleagues has suggested that you use Nessus to help analyze security
on your network.
An image file that contains a hidden message or data uses which technique?
Steganography
Which of the following presents the incident response steps in the correct order?
Preparation, Identification, Containment, Eradication, Recovery, Follow-up
You need to do what you can to prevent buffer overflows at any of the Web servers.
What can you do to minimize the risk of buffer overflows? Implement user input
validation to prevent script injection.
What is a potential risk associated with WEP when it is used to secure a WLAN?
Weak encryption
Which of the following is typically used to authenticate the Web site of an online
business? Digital certificate
You need to secure access to network file servers. Your first task is to determine
current access permissions.
What does IPSec use to determine when to create a new set of keys? ISAKMP
You are investigating some malware that has infected a server in your company.
You make a digital copy of the hard drive that you can analyze. You place the
original drive in a secure cabinet.
You download a file management application from the Internet. When you launch
the application, your screen goes blank and your hard disk's active light starts
flashing. You restart the computer and discover that your hard disk partitions have
been deleted.
Smart card access control relies on which of the following access control methods?
Logical token
Which of the following would be the best backup scheme to meet your goals?
Perform a full backup weekly. Perform incremental backups nightly.
Network users whose computers are running Windows XP Professional complain that
the extra windows that appear when they browse the Internet are becoming a
nuisance. You need to minimize how often these windows appear.
What should you do? Configure the Internet Explorer popup blockers.
You need to connect your LAN to the Internet. The configuration needs to include a
perimeter network. You need to keep the hardware requirements to a minimum.
You need to keep the administrative overhead needed to manage access security to
a minimum. You need to be able to quickly modify a user's permissions if that user
is assigned to a different role. A user can be assigned to more than one role within
the organization.
What should you do? Create security groups and assign access permissions based
on organizational roles. & Assign users membership to security groups based on
organizational roles
What is the best way to determine if users are selecting strong passwords for their
user accounts? Use a password cracker.
Which of the following can be used to prevent external electrical fields from
affecting sensitive equipment? Faraday cage
You need to test a Linux program that might be a previously unknown type of
malware. You need to minimize the risk while testing and also minimize the effort
necessary to recover after testing.
What should you do? Test the program in a virtual environment.
Which type of IDS is more ambitious and informative than other types? HIDS
Your network is isolated from the Internet by a firewall that also acts as a proxy
server. You suspect that a potential attacker has been probing your network looking
for open ports.
What entity within a PKI is able to provide digital keys to an authorized third party?
Key Escrow
You have six 100 GB hard disks available for data storage. Which RAID configuration
will provide the most available storage with fault tolerance? RAID-5
What is the advantage of using application virtualization? It lets you minimize the
attack surface relating to the application.
How can you minimize the potential impact of this type of attack? Run the
application with the minimum permissions required.
What kinds of attacks are best prevented through user education and awareness
training? (Choose two.) Phishing & Dumpster diving
What type of physical security allows you to hold an intruder in between two sets of
doors? Mantrap
You need to secure traffic between SMTP servers over the Internet. You want to
make sure that servers that can connect securely use a secure connection, but you
do not want to lose connections with servers that cannot connect securely.
Which protocol offers the best solution? Transport Layer Security (TLS)
You have developed a disaster recovery plan for an organization. You need to
ensure that it can be implemented quickly and correctly.
You currently have all computer systems set up to boot first from the hard drive.
You want to prevent users from booting the computers from CDs, DVDs, or USB
drives.
You are designing Internet access controls for a company. You need to ensure that
internal network users are prevented from accessing inappropriate Web sites.
Your network is configured as a Windows Server 2003 Active Directory domain. The
network includes two file servers named FS0 and FS1. Folders from both file servers
are shared to the network.
You need to configure the same access permissions for 20 domain users to folders
shared from FS0 and FS1. The users that need access to this set of folders may
change over time. You need to minimize the effort needed to deploy and maintain
this solution.
What is used to provide secure communication over a L2TP VPN connection? IPSec
* Automated remediation
When calculating risk assessment for an organization, what is the role of impact
assessment? Estimating the potential costs related to a threat
What entity within a PKI verifies user requests for digital certificates? Registration
Authority
You are determining environmental control requirements for a data center that will
contain several computers?
You need to test a new network-aware application that will be deployed on your
network. You need to keep the potential risks to the production network and the
costs involved to a minimum.
What should you do? Configure a virtual server and client and test the application
in a virtualized network environment.
What type of IDS reports possible attacks when it detects conditions that match the
conditions contained in a database of attacks? Signature-based
When users log on to the domain, in addition to being given access to domain file
resources, they are given access to a Microsoft SQL Server database server and an
internal Web site through Windows integrated authentication.
What should you do? Install a HIDS on each of the departmental computers.
22
23
443
992
Which port represents the biggest security risk from an antiquated protocol? 23
Your network is configured as a Windows Server 2003 Active Directory domain. The
Finance group has read permission to the Reports and History shared folders as well
as other shared folders. The Accounting group has read and write permissions to
the Reports, AccountRecs, and Statements shared folders. Several users are
members of both the Finance and Accounting groups.
All of the folders are located on a file server named FS0. The Everyone group is
granted the Full Control NTFS permission for each folder through inheritance, but
non-administrative users do not have the right to log on locally at the server. Access
to the shared folders is managed through share permissions.
It is determined that the Finance group should no longer have read access to the
Reports folder. This change should not affect access permissions granted through
membership in other groups.
What should you do? Remove the read permission from the Finance group for the
Reports folder.
You determine that group policies that should apply to all users in the domain are
not being applied to users in the Maintenance OU. The group policies are linked at
the domain and apply to all other domain users.
What should you do? Review group policy properties for the Maintenance OU.
The 802.11i standard specifies support for which encryption algorithms AES &
TKIP
What should you have the antispam software do when it identifies an e-mail as
spam? Save the message in a separate folder.
What can you use to monitor traffic on a switched network? Port mirroring
Your company has three computer security professionals. Every month, a different
one is assigned to auditing duties.
You install an NIPS in your perimeter network. You need to determine how effective
the NIPS is against DoS attacks targeting your Web servers.