CCSP SECUR FAQ : Defense in Depth
Q1. What is the major concern with having a compromised host on the internal network?
A. It will make the security administrator look bad.
B. Data on that host can be copied.
C. Data on that host can be corrupted.
D. The host can be used to launch attacks against other hosts on the network.
E. None of the above.
Q2. What are some advantages in implementing AAA on the network? (Choose all that apply.)
A. It limits access to only authorized users.
B. It allows for single sign-on.
C. It provides encrypted connections for user access.
D. It restricts users to only authorized functions.
E. All of the above.
Q3. Which devices can be used to segment a network? (Choose all that apply.)
A. Firewalls
B. Routers
C. Switches
D. Address scheme
E. All of the above
Q4. Where does a host-based IDS reside?
A. At the network layer
B. At the data link layer
C. At the presentation layer
D. As an add-on to the system processor
E. None of the above
Q5. What is the advantage of an anomaly-based IDS?
A. They protect against unknown attacks.
B. They protect against known attacks.
C. They can restart a Windows server after a system crash.
D. They stop and restart services when needed.
E. They are very cost effective.
Q6. How does a signature-based IDS determine whether it is under attack?
A. It compares the traffic to previous traffic.
B. It compares traffic to predefined signatures.
C. It correlates logs from numerous devices.
D. All of the above.
E. None of the above.
Q7. Why is it important to monitor system logs?
A. To determine the state of the network
B. To determine whether your systems are running properly
C. To pick a needle from the haystack
D. To determine whether you are under attack
E. To determine whether you can figure out what they mean
Q8. What is the advantage of using correlation and trending?
A. Most packages print out graphs that you can use for presentations.
B. They enable you to consolidate log data from multiple sources into a readable format.
C. They enable you to correlate log data from multiple sources to get a better understanding of the situation.
D. They enable you to delete traffic that does not apply to your network.
E. None of the above.
Q9. Define the term internetworking.
Q10. How does the use of RFC 1918 addressing on internal networks help prevent attacks that originate from the Internet?
Q11. What is a major limitation of a statically configured firewall?
Q12. What type of IDS uses a system baseline for acceptable behavior?
Q13. What processes enable you to look at events on the network from different views?
Q14. What is the goal of the security process?
More Resources