test

Report this post to a moderator

I have a couple of questions below which I need help
on.

1. Can somebody tell me what the name of the file
would be if the administrator could only access the
password file from root?

a. shadow
b. passwd
c. password
d. none of the above

2. What are the 3 components of Kerberos?


3. What vulnerability is in TCP/IP that allows a
hijack session to occur?

4. A severed T-1 circuit is an example of what?
a. incident response
b. incident handling
c. disaster recovery
d. business continuity?

5. What is a good practice in deploying a CA?

Just a few questions that have me scratching my head.

Report this post to a moderator

First a question ..... where did your questions come from?

__________________
Go hard or go home!

Report this post to a moderator

I got them from a friend who has been studying for the CISSP exam as well as the SSCP exam. Do you know any of the answers?

Report this post to a moderator

Q1 I haven't seen anything like this in any of the Sec+ materials I have read. However I would hazard a guess and say shadow "Most systems ship with shadow passport support. In this systems users passwords are stored in a seperate file, /etc/shadow. This file cannot be read by most users making it more difficukt for a miscreant with an accoubnt on a computer to break into other users accounts. (Sybex Linux+ / Roderick Smith).

Q2 3 components of Kreberos? I am confused here - does this refeer to the 3 steps of authentication? - Or perhaps the 3 systems involved? (client/KDC/Resource server)

Q3 There are a couple vulnerabilities in TCP/IP. These range from Telnet sessions to web based ecommerce to hijacking session cookies - a wide scope there.

Q4 A severed T1 could be an example of several things depending on various factors.
a. incident response - yes if it involves repairing it.
c. disaster recovery - not6 100%, but could be included if your hot/colf site was also connected to this line.
d. business continuity - yes if your business relies on the T1 line totally.

Q5 Another interesting and possibly confusing one. I would suggest that having a good understanding of the Certificate Policy was right up there.

__________________
Go hard or go home!

Report this post to a moderator

Good answers RussS

Can anyone tell me a disadvantage to using a VPN or other encrypted data in a network?

Report this post to a moderator

There are a couple that I can think of, but I will wait and see who else responds before I advance my opinion

__________________
Go hard or go home!

Report this post to a moderator

1. There is the higher bandwidth consumption required.
2. It requires increased processing time and power.
3. NIDS cannot detect the intent of the packets nullifying any benefits, which would require implementation and use of HIDS, which also increases processing time and power.
4. Interchange of keys can be problematic and usually requires use of a specialized system, such as SSL/TLS.

Cheers,
TB

Report this post to a moderator

Excellent responses

I will add common mistakes or problems ....

Forgetting or discounting other forms of security access controls such as NTFS permissions.
Not ensuring that both ends of the VPN have the same permissions etc.
Incorrect firewall settings.

Of course I am consider anything but seriously encrypted VPN or VPN over SSH totally insecure and a waste of time

__________________
Go hard or go home!

Report this post to a moderator

What, IPSec traffic between Win2k machines doesn't count?

Cheers,
TB

Report this post to a moderator