|
Home > Archive > Certified Internet Webmaster - CIW > September 2001 > I have to pull a Shanalee here (Security questions)
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
I have to pull a Shanalee here (Security questions)
|
|
| Drummer 2001-09-12, 7:40 pm |
| I managed to get ahold of some security test questions. I sent the following to my instructor but I haven't heard back so I thought I'd run them by you guys. Everything below is verbatim from the e-mail. "John" referred to below is a guy in my classes.
9. Which level(s) of security, as defined by the National Computer Security
Center (NCSC), is attained by many "out of the box" implementations of
commercially available operating systems?
A. Level B2
B. Level D
C. Level D through B2
D. Level B through
***** The answer key says A but John and I both think it's C. Can't really
find a definitive answer in the book.
35. You notice that your FTP service reveals unnecessary information about
your server. Which of the following is the most efficient solution to this
problem?
A. Filter out the login banner using a packet filter.
B. Disable the service in question.
C. Place the service behind the firewall.
D. Disable the login banner for the service.
***** Answer key says A, we think it's D but we can't find anything to
confirm it.
47. ___ wants to ensure that a hacker cannot access his DNS zone files. What
is the best action for him to take?
A. Filter TCP port 23.
B. Configure the firewall to block zone transfers and accept zone transfer
requests only from specific hosts.
C. Configure all routers to block zone transfers and encrypt zone transfer
messages.
D. Disable Nslookup.
****** Answer key says D which seems silly. We thought it was B but we're
not sure.
53. You are using a packet sniffer to capture transmissions between two
remote systems. However, you find that you can only capture packets between
your own system and another. What is the problem?
A. You have configured your filter incorrectly.
B. You are sniffing packets in a switch network.
C. Tcpdump captures packets only between your host and another host.
D. Your system does not have its default gateway configured.
******* The answer key says B. John agrees. I thought it might be A or D.
56. Which security feature does NNTP possess that SMTP does not?
A. Dynamic port assignment
B. Separate control and data ports
C. Usablility in conjunction with SSL
D. Strict bounds checking on arrays
****** The answer key says C, but John and I can't figure out why Network
News Transfer Protocol would use SSL. The only one left is D.
72. Which tool, command or service allows a remote or local user to find any
open connection paths to the system on the Internet or an intranet?
A. Traceroute
B. Whois
C. Nslookup
D. Port scanner
****** The key says A. The question is vague. It could be A or it could be
D.
76. Where are most of the binaries located on the hard drive of a UNIX
server(using default installation)?
A. /bin
B. /sbin
C. /usr
D. /proc
***** The key says C. John and I weren't sure what they meant by "binaries".
There's no reference to that anywhere. If it means operating system files
than C is probably correct.
81. Which one of the following choices lists the two greatest security
problems associated with HTTP?
A. Community names and encrypted passwords
B. IP and ICMP spoofing
C. Viewer applications and external programs used by the HTTP server
D. No bound checking on arrays and anonymous access
****** John and I couldn't find any references to any of this. Could be C.
The key says D.
86. Which of the following is the best way to secure CGI scripts?
A. Configure the firewall to filter CGI at ports 80 and 443.
B. Disable anonymous HTTP logins when using CGI.
C. Ensure that the code checks all user input.
D. Active Java on the primary web server.
***** Answer key says B but that doesn't seem right. Looking at it now it
seems like it could be A because CGI works with http a lot and SSL
sometimes. | |
| Hacker 2001-09-13, 12:39 am |
| 9) B.
10) D.
47) B.
53) A.
56) C.
72) A.
76) C. ( A bit vague, but usually /usr will be the largest directory as a user installs more software as time goes on.
81) D.
86) B.
The answers for some are relatively easy if a user has played around with a www server.
My suggestion is that you get the CIW book at Amazon.com. | |
| Drummer 2001-09-13, 9:19 pm |
| Thanks for your help. Taking it again tomorrow. |
|
|
|
|