41. Disaster recovery plan is also called as business continuity plan or
business process continuity plan. A DRP should include information security,
asset security, and financial security plans.
42. Note that the divisions do not want the information to be made available to
the group personnel only. A role based access control is suitable under this
situation because it provides security, as well as flexibility. Here individual
users are given privileges based on their respective roles in the organization
rather than by name.
43. Kerberos require that the time sources are approximately in synchronization
(with in 5 minutes) with each other. However, with recent revisions of Kerberos
software, this rule has become flexible.
44. The process of securing a computer system is called Hardening. There are
several things that one need to remember for hardening a PC. These include:
- Removing non-essential programs, and services. These may provide
back-doors for an attacker.
- Installing an anti-virus package, and a spyware remover
- Removing unnecessary protocols. If you are using only TCP/IP (required for
connecting to the Internet), keep that protocol and remove all other
- Disable guest account
- Rename Administrator account
- Enable auditing, so that you can view any logon attempts.
- Installing latest patches, and service packs to operating system, and
45. A properly managed tape backups should include the following:
- Regular backups according to a pre-determined plan
- Verifying the backup tapes for integrity
- Labeling tapes properly for easy and unique identification
- Storing tapes securely at off-site location
- Destroying data on old tapes before disposing off the same
46. The Layer 2 Tunnel Protocol (L2TP) is a standard that combines the best
features of: Cisco's Layer 2 Forwarding (L2F) and Microsoft's Point-to-Point
Tunneling Protocol (PPTP). L2TP does not provide information confidentiality by
itself. IPSec is normally used in combination with L2Tp for providing
confidentiality of communication.
PGP is used primarily for securing email communications.
47. Advantages of fiber optic cable over CAT5 cable include the following:
- It provides communication over longer distance
- It is difficult to tap into a fiber optic cable
- It provides higher communication bandwidth
- It is more immune to external interference
However, from security point of view, two chief advantages are a. difficulty
to tap, and b. immunity to external interference, which makes the communication
not easily interruptible.
48. A few techniques used by IDS (Intrusion Detection Systems) include the
- Anomaly detection
- Signature detection
- Target monitoring, and
- Stealth probes
Anomaly detection method establishes a baseline of normal usage patterns, and
anything that widely deviates from the baseline is investigated for possible
intrusion. An example of this would be if a user logs on and off of a machine 10
times a day instead of the normal once or twice a day.
Signature detection uses specifically known patterns of unauthorized behavior to
predict and detect subsequent similar attempts. These specific patterns are
Target monitoring systems do not actively search for anomalies or misuse, but
instead look for the modification of specified files.
49. In public key infrastructure:
A key is required to encode/decode a message, and the security of a message
depends on the security of key.
A cipher text is the encoded message, and
A certificate is a digitally signed document by a trusted authority.
50. Staff training is the most effective tool for preventing attacks by
51. A certificate revocation list (CRL) is a list of certificates, which have
been revoked, and are no longer valid.
52. A back door is a program that allows access to the system without usual
security checks. These are caused primarily due to poor programming practices.
The following are know back door programs:
- Back Orifice: A remote administration program used to remotely control a
- NetBus: This is also a remote administration program that controls a
victim computer system over the Internet. Uses client –server
architecture. Server resides on the victim’s computer and client resides
on the hackers computer. The hacker controls the victim’s computer by
using the client.
- Sub7: This is similar to Back Orifice, and NetBus. Used to take control of
victim’s computer over the Internet.
53. There are primarily three types of backups:
- Full backup
- Differential backup
- Incremental backup
1. Full backup: Here all the data gets backed up. It usually involves huge
amounts of data for large systems, and may take hours to complete. A full backup
is preferred instead of incremental or differential backups where it is
feasible. However, when there is large amount of data, full backup is done once
in a while and incremental or differential backups are done in between. A backup
plan is usually put in place prior to taking backup of data.
2. Differential backup: A differential backup includes all the data that has
changed since last full backup. The “differential backup” that was taken
earlier (after the “full backup” but before the current “differential
backup”) becomes redundant. This is because all changed data since last “full
backup” gets backed up again.
3. Incremental backup: It includes all the data changed since last
incremental backup. Note that for data restoration the full backup and all
incremental backup tapes since last full backup are required. The archive bit is
set after each incremental backup. Incremental backup is useful for backing up
large amounts of data, as it backs up only the changes files since previous
54. There are primarily 5 classes of fire:
- Class 'A' Fire: Involves ordinary combustible materials such as wood,
cloth and paper. Most fires are of this class.
- Class 'B' Fire: Involves flammable liquids or liquid flammable solids such
as petrol, paraffin, paints, oils, greases and fat.
- Class 'C' Fire: Involves gases. Gaseous fires should be extinguished only
by isolating the supply. Extinguishing a gas fire before the supply is off
may cause an explosion.
- Class 'D' Fire: Involves burning metals. These should only be dealt with,
by using special extinguishers, by personnel trained in the handling of
- Class 'F' Fire: Involves flammable liquids (Deep Fat Fryers)
The first three classes are most common.
55. Nonrepudiation is used to ensure that a sender cannot refuse later that
he had not sent the message. A digital signature on the message ensures that the
sender is the original sender of the electronic message.
56. Honeypot is the correct answer. Honeypots are designed such that they
appear to be real targets to hackers. That is a hacker can not distinguish
between a real system and a decoy. This enables lawful action to be taken
against the hacker, and securing the systems at the same time.
57. CHAP (Challenge Handshake Authentication Protocol) works on point to
point connections. It uses a three step process for authentication (excluding
making the connection itself). If making the connection is also involved, it
would be a 4 step process.
58. Social Engineering: Social Engineering exploits human behaviour.
Nonrepudiation ensures that the sender of a message or contract can not refuse
having sent the message or signed the contract at a later date. This is done by
mean of digital signature. Retrenchment is not the correct answer. Separation of
duties ensures that the vital activities are bifurcated among several
individuals. This ensures that one or two individuals can not perform a fraud.
59. Vulnerability testing is part of testing corporate assets for any
particular vulnerability. These may include:
- Blind testing: Here the hacker doesn’t have a prior knowledge of the
network. It is performed from outside of a network.
- Knowledgeable testing: Here the hacker has a prior knowledge of the
- Internet service testing: It is a test for vulnerability of Internet
services such as web service.
- Dial-up service testing: Here the hacker tries to gain access through an
organization’s remote access servers.
- Infrastructure testing: Here the infrastructure, including protocols and
services are tested for any vulnerabilities.
- Application testing: The applications that are running on an organization’s
servers are tested here.
Vulnerability assessment is part of an organization’s security
60. VPN stands for Virtual Private Networking. PPTP (Point to Point Tunneling
Protocol), and L2TP (Layer 2 Tunneling Protocol) are used for VPN.