Chapter 2 - Monitoring & Diagnosing Networks Flashcards Preview

Security + > Chapter 2 - Monitoring & Diagnosing Networks > Flashcards

Flashcards in Chapter 2 - Monitoring & Diagnosing Networks Deck (28)
Loading flashcards...
1

Network monitors are also called what?

What do they do to your NIC?

2-46

sniffers

put it in promiscuous mode

2

Tell me the 2 most important logs for security purposes

2-47

application log
security log

3

Linux has 2 logs that are important to security. What are their names and how do they help you?

2-47

faillog - this has the failed user logins, use this when you're looking for attempts to crack into the system.

apport.log - records application crashes, can reveal attempts to compromise the system, virus or spyware

4

Where do you view the event logs?

2-48

go to the Event Viewer

5

Your event viewer is recording logs and the maximum has been reached for space allotted for those logs. It still needs more space for the new logs. What will happen?

2-51

Older log files will be overwritten.

6

Explain the basic concept of "hardening".

2-52

It means you're doing everything you can do make your system secure. Don't have unnecessary applications running, keep things updated, keep your user accounts secure, etc.

7

Why is it important to turn off the unnecessary services?

2-53

Because services can provide an attack vector.

8

File and Print Servers are vulnerable to what kind of attack?

What can you do to defend against this?

2-53

Denial of Service and access attacks

Only run the necessary protocols on your servers.

9

For a PC-based system, some attacks are targeted at NetBIOS servers. What ports will these attacks happen on?

What 2 things can you do to combat this?

If you're on a Unix system, what port should you close?

2-53

135, 137, 138, and 139

You can disable the NetBIOS services on servers OR put a robust firewall between the server and the Internet.

111, the RPC (remote procedure call)

10

What is a good practice for hardening the root directories?

2-53

Keep them hidden from browsing.

11

Tell me 3 things you can configure from the System and Security applet in Control Panel.

2-55

Windows Firewall
automatic scans
Windows Defender

12

If you suspect that your workstation has been compromised, what is something in Performance Monitor that might tip you off?

2-55

look at the CPU usage

13

True of False: According to the book, it is better to have one role per server instead of multiple roles on one server.

2-55

True

14

Tell me the appropriate way to deal with patches on your machines.

2-56

Test it on one to make sure everything is okay instead of just blindly applying across the whole network at once.

15

There are 3 kinds of patches. Explain what they are and tell me which ones don't need to be installed immediately.

2-57

service pack - provides new tools and extends functionality
updates - code fixes when there's no available workaround
security updates - mandatory addressing of security vulnerability

security update is immediate. the others aren't

16

Tell me 3 types of accounts you should disable.

2-59

employees who left the company

temporary employees

default guest accounts

17

Going chronologically, tell me 4 file system types.

2-58,59

FAT - File Allocation Table
FAT16 - first upgrade to FAT
FAT32 - designed for large disk systems
NTFS - New Technology File System, handles larger disk sizes, more security, added file stability

18

Which file system should you use to establish your network shares?

2-59

NTFS

19

Tell me the command to see the NTFS version on your workstation.

2-59

from administrative command prompt, type
fsutil fsinfo ntfsinfo C:

20

You have a wireless network and need port based security. Which wireless standard defines this?

2-60

802.1X

21

Tell me 4 things you can do to heighten the security of your network.

2-60

MAC filtering
802.1X
Disable unused ports
scan for rogue machines

22

What is a security audit?

2-62

a thorough evaluation of your security

23

When you perform a security audit, what 4 things should you be searching through?

2-62

security logs
policies and compliance with policies
security device configuration
incident response reports

24

You are looking at discrepancies between the current security state of your system and where it should be. What are the 3 categories for the discrepancies?

2-62

minor - no immediate threat

serious - nasty threat, but highly unlikely

critical - you need to deal with this ASAP

25

System events are classified as one of three things in the Event Viewer. What are they?

2-63

information
warning
error

26

What is the value of observing trends?

2-64

It can help you take action to avoid a major catastrophe.

27

Honeypot systems are used to draw attackers away from your true system and to learn their methods for their attacks. What is the process of luring someone into your trap called?

2-65

enticement

28

What do you call it when the government encourages someone to commit a crime?

2-65

entrapment

(And no, "politics" is NOT the correct answer here.)