Chapter 2: Monitoring and Diagnosing Networks

Question 1

Sniffer

Answer 1

A passive network monitor that listens to the signaling and traffic on the network

Question 2

Promiscuous Mode

Answer 2

A NIC in promiscuous mode looks at any packet it sees on the network even if it isn’t addressed to that NIC.

Question 3

Application Log

Answer 3

Where applications log various events such as errors

Question 4

Security Log

Answer 4

Records events related to resource use, logon attempts, file use, etc.

Question 5

var/log/faillog

Answer 5

Linux log file containing failed user logins

Question 6

/var/log/apport.log

Answer 6

Linux log file that records application crashes

Question 7

Windows tool for viewing log files

Answer 7

Event Viewer

Question 8

Services

Answer 8

Programs that run when the operating system boots, often running in the background.

Question 9

File and Print Servers are primarily vulnerable to _______.

Answer 9

DoS attacks

Question 10

Which service should you disable on a network with PC-based systems?

Answer 10

NetBIOS, ports 135, 137, 138, 139

Question 11

Which port should you make sure is closed on Unix systems?

Answer 11

Remote Procedure Call (RPC), port 111

Question 12

Performance Monitor

Answer 12

Can be used to examine activity on any counter.

Question 13

Service Pack Patch

Answer 13

A periodic update that corrects problems in one version of a product

Question 14

Update Patch

Answer 14

Code fixes for products that are provided to individual customers

Question 15

File Allocation Table (FAT)

Answer 15

-Microsoft’s first file system, very unsecure

Question 16

Two types of FAT privileges

Answer 16

1) Share-level

2) User-level

Question 17

New Technology Filesystem (NTFS)

Answer 17

-Introduced with Windows NT to address security problems

Question 18

Command to see version of NTFS

Answer 18

fsutil fsinfo ntfsinfo C:

Question 19

802.1X

Answer 19

Defines port-based security for wireless network access control

Question 20

EAPOL

Answer 20

• EAP over LAN

- Another name for 802.1X

Question 21

How to disable a port?

Answer 21

Disable the service and block the port with a firewall

Question 22

Security Audit

Answer 22

A scheduled, in-depth check of security

Question 23

Alarms

Answer 23

• Indications of ongoing current problems

- Address them now

Question 24

Alerts

Answer 24

-Issues you should pay attention to, but will not bring the system down now

Question 25

Trends

Answer 25

Trends in threats

Question 26

OS Hardening

Answer 26

Making the OS as secure as possible before adding antivirus, firewall, etc.

Question 27

Entrapment

Answer 27

Law enforcement encourages a person to commit a crime when the criminal expresses desire not to.

Question 28

Enticement

Answer 28

Luring someone in to commit a crime