Chapter 8

Nicole is the security administrator for a large governmental agency. She has implemented port security, restricted network traffic, and installed NIDS, firewalls, and spam filters. She thinks the network is secure period now she wants to focus on endpoint security. What is the most comprehensive plan for her to follow?

Sally's CISO asked her to recommend an intrusion system to recognize intrusions traversing the network and send e-mail alerts to the IT staff when one is detected. What type of intrusion system does the C ISO want

Troy must decide about his organization's file integrity monitoring. Stand alone FIM generally means file analysis only. Another option is to integrate it with the host so that Troy can detect threats in other areas, such as system memory or an i/o. for the integration, which of the following does Troy need to use?

The IT department decided to implement a security appliance in front of their web servers to inspect HTTP /HTTPS /SOAP traffic for malicious activity. Which of the following is the best solution to use?

Your employees need internal access while traveling to remote locations you need a service that enables them to securely connect back to a private corporate network from a public network to log into a centralized portal. You want the traffic to be encrypted which of the following is the best tool?

The IT security department was asked with recommending a single security device that can perform various security functions. The security functions include antivirus protection , anti spyware, a firewall, and an intrusion detection and prevention system what device should the IT security department recommend?

The IT group within your organization wants to filter requests between clients and their servers. they want to place a device in front of the servers that acts as a middleman between the clients and the servers. This device receives the request from the client and forwards the request to the servers. The server will reply to the request by sending the reply to the device; Then the device will forward the reply onward to the clients. What device best meets this description?

Your network administrator, George, reaches out to you to investigate why your ecommerce site went down twice in the past three days. Everything looks good on your network, so you reach out to your ISP . You suspect an attacker set up bot Nets that flooded your DNS server with invalid request . You find this out by examining your external logging device. What is this type of attack called?

This disco switch port you are using for traffic analysis and troubleshooting and has a dedicated SP AN port is in an "error disabled state.” what is the procedure to reenable it after you enter privilege exec mode?

Your news organization is dealing with a recent defacement of your website and secure web server. The server was compromised around a three day holiday weekend while most of the IT staff was not at work period the network diagram in order from the outside in, consist of the Internet, firewall , IDS, SSL accelerator, web server farm, internal firewall, and internal network. You attempt a forensic analysis, but the all the web server logs have been deleted, and the internal firewall logs show no activity. As a security administrator what do you do?