CIW570.docx
- 文档编号:29060492
- 上传时间:2023-07-20
- 格式:DOCX
- 页数:36
- 大小:29.11KB
CIW570.docx
《CIW570.docx》由会员分享,可在线阅读,更多相关《CIW570.docx(36页珍藏版)》请在冰豆网上搜索。
CIW570
1.Thechiefoperationsofficer(COO)hasquestionedtheneedforend-usertraining.Whichofthefollowingisthemosteffectiveresponse?
A.Indicatethatyouwillnotberesponsibleforthenextvirusoutbreak.
B.RemindtheCEOaboutthelastvirusattackandtheexpenseincurred.
C.Explainthatthecostofend-usertrainingisafractionofthecostofthelastsecuritybreachcausedbyendusers.
D.Providestatisticsthatdefinitivelyshowhowend-usertrainingreducesthelikelihoodofsecuritybreachesonthecorporatenetwork.
Answer:
2.Considerthefollowingsequence:
user1@zeppelin:
/public$su-
root@zeppelin:
~#chmod1777/publicroot@zeppelin:
~#exit
Whichofthefollowingmostaccuratelydescribestheresultofthiscommand?
A.Onlytherootusercancreateanddeletefilesinthe/publicdirectory.
B.Alluserscancreate,deleteandreadfilesinthe/publicdirectory,butonlyroothasexecutepermissions.
C.Alluserscancreateandreadfilesinthe/publicdirectory,butonlyrootcandeleteanotheruser'sfile.
D.Anyusercancreatefilesinthe/directory,butnousercandeleteafileinthisdirectoryunlessrootpermissionsareobtained.
Answer:
3.Whatisthefirststepofagapanalysis?
A.Scanthefirewall.
B.Reviewantivirussettings.
C.Reviewthesecuritypolicy.
D.Reviewintrusion-detectionsoftwaresettings.
Answer:
4.Considerthefollowingfirewallrules:
Incomingtraffic:
TCPPort25
TCPPort139:
Denied
UDPPort137:
DeniedUDPPort138:
Denied
ICMPechorequest:
DeniedICMPechoreply:
Denied
Outgoingtraffic:
TCPPorts1024through65,535toport80:
DeniedTCPPort80:
Denied
ICMPechorequest:
DeniedICMPechoreply:
Denied
TCPPort139:
Denied
UDPPort137:
DeniedUDPPort138:
DeniedAllcompanyproductionserversresidebehindthecorporatefirewall.However,youdiscoverthattheWebserverperformanceisverylow.AftersniffingthetraffictotheWebserver,youlearnthattheWebserverisexperiencing,adistributeddenial-of-serviceattackinwhichmillionsofpingpacketsarebeingdirectedattheserver.Whichofthefollowingisthemostplausibleexplanationforthissituation?
A.Thereisaflawinthefirewallruleset
B.ThefirewallisnotconfiguredtoblockICMPpacketsgeneratedbythepingcommand.
C.Theattackisoriginatingfromawirelessaccesspoint(WAP)connectedtothecorporatenetwork.
D.TheattackisoriginatingfromaWebserverthathasnotbeenproperlyupdated,andwhichhasbeeninfectedwithaTrojanhorse.
Answer:
5.ALinuxsystemrunningApacheServerhasreceivedmillionsofSYNpacketsthatitcannolongerrespondto,becausetheclient'soperatorismaliciouslywithholdingthenecessaryreplypacket.Whatisthemostcommon
solutionforthisproblem?
A.ImplementSSL.
B.ImplementSYNcookiesupport.
C.UpgradetheTCP/IPstackwithnewsoftware.
D.UpgradetheoperatingsystemtosupportIPsec.
Answer:
6.Tworoutersinyourcompanynetworkrequireafirmwareupgrade.Whichofthefollowingupgradestrategieswillreducedowntime?
A.Conductingtheupgradewhiletheroutersarestillrunning
B.Upgradingtheroutersusingthelatestupgradesoftware
C.Conductingtheupgradeafterrebootingtherouter
D.Upgradingtheroutersafterbusinesshours
Answer:
7.Youandyourteamhavecreatedasecuritypolicydocumentthatis120pageslong.Whichofthefollowingtechniqueswillhelpensurethatupper-levelmanagersreadtheessentialpolicyelements?
A.Includingasign-offsheet
B.Includinganexecutivesummary
C.Usingboldtypetoemphasizeessentialelements
D.Usingitalictypetoemphasizeessentialelements
Answer:
8.Whichofthefollowingisamainfunctionofacompany'sinformationsecuritypolicy?
A.ItobligatestheITdepartmenttobasicservices.
B.Itdefinesbasicresponsibilitiesforallstakeholders.
C.Itdefinestheresponsibilitiesofemployeesandmanagers.
D.Itdefinesbasicresponsibilitiesforexecutivemanagement.
Answer:
9.AfterconsultingwiththeITdepartment,youhavedeterminedthataparticularsecuritysolutionisquiteeffectiveforprotectingaparticularresource,butnotnecessaryduetotheexpense.Whichofthefollowingwasconductedtoenablethisconclusion?
A.Riskanalysis
B.Cost-to-benefitanalysis
C.Physicalsecurityanalysis
D.Resourcepriorityanalysis
Answer:
10.YouwanttolearnmoreaboutasecuritybreachthatwasrecentlydiscoveredinaWindowsserver.Whichorganizationshouldyouconsult?
A.ISO
B.SANS
C.CERT
D.IETF
Answer:
11.Yoursupervisorasksyoutorecommendafirewall.Thefirewallmustprovidethefollowingservices:
Theabilitytofilterspecifictraffictypes(e.g.,HTTP,SIP,POP3)
UserauthenticationWebpagecachingforlateruseWhichtypeoffirewallwouldyourecommend?
A.Proxy
B.Stateful
C.Packetfilter
D.Circuit-based
Answer:
12.WhichtypeoffirewallprovidesaDMZ?
A.Dual-homed
B.Router-based
C.Single-homed
D.Screened-subnet
Answer:
13.CompanyemployeeshavenoticedthatthequalityofvoicecallsontheirCiscoIPphonesisgreatlyreducedatvarioustimesduringtheday.Afterinvestigatingtheproblem,younoticethatthetimeswhenvoicequalityis
reducedcoincideswithheavye-mailtraffic.Whichofthefollowingcanyouimplementonthefirewalltoalleviate
thisproblem?
A.Statefulinspection
B.QualityofService(QoS)
C.Networkaddresstranslation(NAT)
D.ResourceReservationProtocol(RSVP)
Answer:
14.Considerthefollowingfirewallrules:
Incomingtraffic:
TCPPort25:
Denied
TCPPort139:
Denied
UDPPort137:
DeniedUDPPort138:
DeniedICMPechorequest:
DeniedICMPechoreply:
Denied
Outgoingtraffic:
TCPPorts1024through65,535toport80:
DeniedICMPechorequest:
Denied
ICMPechoreply:
DeniedTCPPort139:
Denied
UDPPort137:
DeniedUDPPort138:
DeniedAllcompanyproductionserversresidebehindthecorporatefirewall.However,youdiscoverthattheWebserverperformanceisverylow.AftersniffingthetraffictotheWebserver,youlearnthattheWebserverisexperiencing
adistributeddenial-of-serviceattackinwhichmillionsofpingpacketsarebeingdirectedattheserver.Whichisthemostplausibleexplanationforthissituation?
A.Thereisaflawinthefirewallruleset.
B.Theattackisbeingconductedfromaninternalhost.
C.TheWebserverhasbeeninfectedwithaTrojanhorse.
D.ThefirewallisnotconfiguredtoblockICMPpacketsgeneratedbythepingcommand.
Answer:
15.Apacketisbeingsentfromonecomputertothenext.Thispacketisbeingprocessedbyanapplicationdesignedtoencryptsensitivedata.Oneofthedutiesofthisapplicationistoensurethatapackethasnotbeenalteredbyanintruder.Whichtypeofencryptionisthisapplicationmostlikelytousetoachievethisgoal?
A.One-timepad
B.Hashencryption
C.Symmetric-keyencryption
D.Asymmetric-keyencryption
Answer:
16.WhichofthefollowingisresponsibleforencryptingthedatapacketsencapsulatedinanSSL-enabledHTTPsession?
A.One-wayencryption
B.One-timepad(OTP)
C.Symmetric-keyencryption
D.Asymmetric-keyencryption
Answer:
17.YouhaveusedanapplicationcalledPGPtoprotectthecontentsofane-mailmessage.Whichtechnologyisusedtoencryptthekeythatprotectsthedatainthee-mailmessage?
A.Symmetric-keyencryption
B.Asymmetric-keyencryption
C.Diffie-Hellmankeyexchangeprotocol
D.AdvancedEncryptionStandard(AES)
Answer:
18.YourWebbrowserissuedawarningmessagethatacertificatehasnotbeensignedbyarecognizedauthority.Thisfactindicatesthat:
A.anattackisinprogress.
B.theensuingsessionwillnotbeencrypted.
C.theCertificateAuthority(CA)hasrevokedthecertificate.
D.thebrowserdoesnotrecognizetheCertificateAuthority(CA).
Answer:
19.AdevicethatprovidesvoiceandfaxservicesbetweenyourlocalLANandtheInternethasbeeninstalledintheDMZofyournetwork.However,youcannotsendorreceivefaxes.Whichofthefollowingstepsismostlikelygoingtosolvethisproblem,whilestillprotectingyournetworkresources?
A.ConfigurethefaxdevicetousetheT.441protocol.
B.ConfigureyourfirewalltoallowtheT.38protocol.
C.MovethefaxdeviceoffthefirewallandmakeitdirectlyaccessibletotheInternet.
D.ConfigureyourfirewalltoforwardallUDP-basedpacketsfromtheInternettothecompanyPBX.
Answer:
20.Employeecomputershavebeenattackedrepeatedly.Theattackerappearstobeworkinginternally,andhasbeenabletoscaninternalsystemsforweaknesses.Whichofthefollowingwillbesthelpyoustoptheseattacks?
A.InstallingWebcams
B.Upgradingantivirussoftware
C.Installingdesktopfirewalls
D.Establishingaregularauditingschedule
Answer:
21.Whichofthefollowingisafeaturethatyouwouldexpectdesktopfirewallsoftwaretoprovide?
A.Portblocking
B.Spamblocking
C.Firewallreconfiguration
D.Reportingtointrusion-detectionapplications
Answer:
22.Whichwirelesssecuritytechniqueismostsusceptibletospoofing?
A.802.11i
B.Beaconing
C.MACaddressfiltering
D.WiredEquivalentPrivacy(WEP)
Answer:
23.Youhavebeenaskedtoshowendusershowtobestavoidproblemswithspyware.Whichofthefollowingisthebestrecommendationtogive?
A.Upgradeantivirussoftwaredaily.
B.Configureantivirussoftwaretorunautomatically.
C.ConductoperatingsystemupgradesonlyasrecommendedbytheITdepartment.
D.DownloadsoftwareonlyfromtrustedInternetresourcesthatarerecommendedbytheoperatingsystemvendor.
Answer:
24.Whatisthepreferredfirststeptotakeifanendusersuspectsthatadesktopsystemhasbeencompromisedbyanattacker?
A.CallanITassociate.
B.CalltheITmanager.
C.Unplugthesystemfromthenetwork.
- 配套讲稿:
如PPT文件的首页显示word图标,表示该PPT已包含配套word讲稿。双击word图标可打开word文档。
- 特殊限制:
部分文档作品中含有的国旗、国徽等图片,仅作为作品整体效果示例展示,禁止商用。设计者仅对作品中独创性部分享有著作权。
- 关 键 词:
- CIW570