01. What would be the result if you were the recipient of a SYN flood or malformed packet?
a) You would be unable to access a legitimate service, such as establishing a network connection.
b) The files on your boot sector would be replaced with infected code.
c) A virus would be unleashed on your system at the time the SYN flood or malformed packet was received.
d) You would be misdirected to a fraudulent Web site without your knowledge or consent.
02. At what layer of the OSI/RM does a packet filter operate?
a) Layer 1
b) Layer 3
c) Layer 5
d) Layer 7
03. Which two protocols can be found at the transport layer of the TCP/IP stack?
a) File Transfer Protocol (FTP) and Hypertext Transfer Protocol (HTTP)
b) Internet Protocol (IP) and Internet Control Message Protocol (ICMP)
c) Post Office Protocol 3 (POP3) and Simple Mail Transfer Protocol (SMTP)
d) Transmission Control Protocol (TCP) and User Datagram Protocol (UDP)
04. Your firewall is configured to forbid all internal traffic from going out to the Internet. You want to allow internal clients to access all Web traffic.
At a minimum, what ports must you open in regards to the internal systems?
a) TCP Port 80 and all ports above 1023
b) TCP Ports 80 and 443, and all ports above 1023
c) All TCP ports above 80 and below 1023
d) TCP Ports 80 and 443
05. Which of the following security measures presents the most risk?
a) A firewall application
b) A tripwire
c) A jail
d) A login script
06. Which type of encryption poses challenges to key transport?
a) Asymmetric-key encryption
b) Hash encryption
c) Symmetric-key encryption
07. In relation to security, which of the following is the primary benefit of classifying systems?
a) Ability to identify common attacks
b) Identification of highest-priority systems to protect
c) Ability to recover quickly from a natural or man-made disaster
d) Collection of information for properly configuring the firewall
08. You have determined that an attack is currently underway on your database server. An attacker is currently logged in, modifying data. You want to preserve logs, caching and other data on this affected server.
Which of the following actions will best allow you to stop the attack and still preserve data?
a) Pull the server network cable
b) Shut down the server
c) Back up the system logs
d) Force an instant password reset
09. How do activity logs help to implement and maintain a security plan?
a) Activity logs provide advice on firewall installation, because they enable network baseline creation.
b) Activity logs remind users to log on with strong passwords, because the logs can be analyzed to see if users are complying with policy.
c) Activity logs allow you to determine if and how an unauthorized activity occurred.
d) Activity logs dissuade would-be hackers from breaching your security.
10. Which of the following constitutes a problem when conducting a reverse scan?
a) IP address spoofing
b) SYN floods
c) Default settings on target systems
d) An older system kernel