Network Security CNET-223 C-167 Review Questions Kewal Krisan 300641581

Chapter 2

LAB 2.1
1. In Process Explorer, the processes shaded in light pink are Services 2. In Process Explorer, the processes shaded in purple are Own processes 3. In this lab, the Windows firewall was disabled to allow the remote at command. If you want to activate Windows Firewall yet still allow the remote at command from Vista, you would need to determine the source and destination ports used for the transmission, which command could you use to do so? netstat 4. What would be the effect of omitting the option /interactive from the at command used in Step 18 of the lab? Notepad would run on the remote system but would not be visible on the remote users desktop 5. Which of the following statements regarding Windows Firewall and/or process is correct? In order to configure the windows server 2008 windows firewall to allow the at program, you should access the windows firewall exceptions tab.

LAB 2.2
1. Which of the following statements regarding Sigcheck is correct? sigcheck examines only executable files sigcheck can be used to verify that a digital signature is authentic 2. Which option you use with Sigcheck to examine the current directory and all subdirectories? -s

3. On the Sigcheck web page, in the Usage section, the syntax for command usage is presented. In interpreting the syntax of a command, anything in brackets [] indicates that the Option will be explained below

4. The potential activity security issued addressed by Sigcheck apply to programs installed locally (from CD or DVD) as well as programs downloaded over the Internet. False 5. which of the following is a utility developed by Sysinternals? Process explorer

LAB 2.3
1. Which of the following statements regarding validation of downloaded programs are correct. When the hash of the program on the internet and the hash of that file that you downloaded are the same, you can be sure that the program does not contain malware. 2. Which of the following is a useful way to decrease the chance of inadvertently installing malware? Scan the program file with anti-virus software Check for reports of security programs with the program on technical new groups, email lists, and web sites that track the program threats and vulnerabilities. 3. Which of the following is a reasonable way to increase system security? Use a program that automatically hashes your original operating system files periodically to determine if an attacker has modified a system.

LAB 2.4
1. Once you configure Internet Explorer to prompt you before running Active Scripting, you may get a high number of prompts when accessing trusting sites that you use frequently. A solution to this would be to Add these sites to the internet explorer trusted sites zones 2. As soon as you completed the Registry changes in Lab 2.4, you decide that you want to reverse the kill bit Registry change. The best action would be to Double click hkcrbackup

3. Obfuscate Means to make unclear

4. Is it recommended that you defend against the access snapshot viewer even if you have not downloaded the ActiveX Control? TRUE 5. In order to avoid all the complications associated with securing your system against compromised ActiveX control, you could Install an anti-virus program and an anti-spyware program to run in the background

LAB 2.5
1. LDAP stands for Lightweight directory access protocol 2. The administrator of first domain in a forest is called the Enterprise administrator 3. When a windows 2008 forest is first created, any user can add or remove domains in the forest. false 4. In order to find the LDAP service, a client must access which type of DNS record ? srv 5. Which of the following statements regarding AD DS is true? Installing the ad ds role creates neither a domain controller nor a domain

CHAPTER 3

LAB 3.1
ANSWERS 1. B run the Security configuration Wizard and roll back the last applied security policy 2. A- Defragmenting files 3. A- the security configuration wizard can be used to apply the same security policies as found on the security Templates B- the policies created with the Security Configuration wizard can be applied to remote computers using Group Policies. C-the Security configuration wizard is a role based utility that allows security configuration based on the function of the server.

4. FALSE 5. B- only security updates and patches from the operating system vendor should be applied to a production workstation C- Data Execution Prevention is a system hardening feature. D- Hardening a system includes applying security updates and patches to software programs that run on the operating system

LAB 3.2
Answers 1. A- Local Policies\audit policies\audit object access B- Local policies\user rights assignment\deny log on locally C- Local policies\security options\user account control: Switch to the secure desktop when prompting for elevation D-Local policies\security options\accounts: rename administrator account 2. D-add and delete registry keys and subkeys 3. A- Account policies\Kerberos policy\maximum lifetime for user ticket B- Account policies\account lockout policy\reset account lockout counter after 4. A- the unit of measurement for this setting is minutes B-the security settings determines the maximum number of services that a granted session ticket can be used to access C- Session tickets are used to authenticate new connections with servers 5. A-this setting determines how long a user must wait in order to attempt to log on after an account lockout C-This value must be less than or equal to the Account lockout duration if an account lockout threshold is defined.

LAB 3.3
Answers 1. 2. 3. 4. C- Account policies\account lockout policy\account lockout threshold C-Local policies\security options\network security: Force logoff when logon hours expire A- User rights assignment A-this setting applies both on local and remote logon B- This setting has no effect on Windows 2000, Service pack 1 computers 5. FALSE

LAB 3.4
Answers 1. FALSE 2. B- are found in C:\Documents and settings\all users\documents\security\templates 3. C-Security configuration and Analysis can be used to revert to the original, default settings by importing the setup security template. 4. B- the system services node in a security template allows administrators to specify the startup types and permissions for system services. D- After the installation of Active Directory on a Windows Server 2008, a default security template is created in C:\Windows\Security\Templates. 5. A- Using security configuration and analysis to analyze the computer followed by right-clicking Security configuration and analysis and selecting Export Template

LAB 3.5
Answers 1. B-you do not know who may be attempting to perform actions that are prohibited by access controls 2. A- in lab 3.5 the sales report file inherited the auditing configuration you set on the sales folder B-object access auditing settings on a file may not conflict with the object access auditing settings on the parent folder 3. TRUE 4. A- Auditing will then apply to all domain controllers in the Default Domain controllers OU. CHAPTER 4

LAB 4.1
Answers 1. 2. 3. 4. C- AAA D- ::1 C-64 D- When a file of any size is modified, there is no relationship between the pre- and postmodification hashes and the number of bytes modified 5. A-intrusion detection D- the development of secure cryptographic algorithms

LAB 4.2
ANSWERS 1. A- Anonymous access is permitted by four FTP Server 2. A-Microsoft Network Monitor captures C- Novell LANanalyzer captures 3. B- WinPcap allows applications to capture and transmit network packets bypassing the protocol stack 4. C- Microsoft IIS Log File Format

LAB 4.3
ANSWERS 1. 2. 3. 4. A- require users to authenticate using their domain account A- FTP Data C-Vista initiated the connection by sending to the FTP sever a packet with TCP flag SYN set A- Once the FTP server had been first contacted by Vista, it sent a packet with the TCP flags SYN and ACK set 5. D- the teardown of the TCP session began with Vista sent a packet to the FTP server with the TCP flags FIN and ACK set

LAB 4.4
ANSWERS 1. A- indicates that Telnet can be used to manage a server remotely 2. C- 23 3. B More than 2 frames were captured in less than a millisecond. C- During the Telnet session TCP packets were used to send ACK flags 4.A,B,C,D

5. C- Windows PwerShell

LAB 4.5
Answers1. 2. 3. 4. 5. B-SMTP C-110 C- For DNS clients to access your server by FQDN or by IP address A- 23 FALSE

Chapter 5 LAB 5.1

Answers 1. 2. 3. 4. 5. B-192.168.1.209 B-ICMP C- C:\Wondows\System32\Cmd A-CMD , C- VBS, D-JSE When the computer user enters the command snort, the files in C:\Windows\System32 will be deleted

LAB 5.2
ANSWERS 1. D- There is no data field in an ICMP frame 2. D- Request Web page elements 3. B- 192.1681.209:49223 4. A- ICMP is not processed hign enough in the protocol stack to use a port address. 5. A- none

LAB 5.3
ANSWERS 1. D-255.240.0.0 2. A- The rule is intended to cause an alert to be logged if the computer with the IP address 209.57.134.0 attempts to make any contact with the computer at 67.6.155.9 3. A- Only one packer was captured because only traffic directed to the Cista machine was examined. 4. True 5. A- you have met your primary goal but not secondary goal.

LAB 5.4
ANSWERS 1. B- colon 2. C- comma 3. D- 525 4. A. make sure that the client had to query the DNS sever for the IP address of server.temx.net 5. B- PCRE

Chapter -8

Lab 8.1
1.C 2.C 3.D 4.A,D

5.TRUE

Lab 8.2
1.B 2.D 3.D 4.TRUE 5.C,D

Lab 8.3
1.C 2.B 3.D 4.C 5.C,D

Lab 8.4
1.B,C 2.C 3.D 4.B 5.C

Lab 8.5
1.D 2.B 3.C 4.B

5.FALSE Chapter 9

Lab 9.1
1.D 2.A 3.B 4.D 5.FALSE

Lab 9.2
1.D 2.B,C 3.C 4.C 5.TRUE

Lab 9.3
1.D 2.B 3.C 4.C

Lab 9.4
1.B 2.C 3.B 4.TRUE 5.C

Lab 9.5
1.C 2.B 3.C 4.B 5.A