Question 1

Tripwire is an example of a ____ system.&#10;A) Linux&#10;B) AIX&#10;C) intrusion detection and prevention&#10;D) operating

Accepted Answer

Tripwire is a well-known intrusion detection and prevention system (IDPS) that helps to detect unauthorized changes to critical files on a system in real-time. It works by checking the file system for changes and comparing it against a known baseline, alerting the system administrator if any unauthorized changes are detected. It's not an operating system, nor is it specifically designed for Linux or AIX environments, though it can be used on those platforms.

Question 2

A ____ server is a machine that is placed in the DMZ to attract hackers and direct them away from the servers being protected.&#10;A) flytrap&#10;B) DNS server&#10;C) honeypot&#10;D) bastion host

Accepted Answer

A honeypot server is designed to be an attractive target for attackers. It simulates a vulnerable system and lures attackers away from the actual production servers. This allows security personnel to monitor the attacker's activities and study their techniques.

Question 3

The ___ lists newly discovered security advisories right on its home page.&#10;A) Microsoft Institute&#10;B) FreeBSD Project&#10;C) SANS Institute&#10;D) U.S. Department of Energy's Cyber Incident Response Capability

Accepted Answer

D

Question 4

If a network administrator is most comfortable with UNIX, he or she should choose a bastion host running ____.&#10;A) UNIX&#10;B) Windows&#10;C) Linux&#10;D) MacOS

Accepted Answer

UNIX is the most suitable choice for a network administrator who is already comfortable with it, as it would allow them to leverage their existing knowledge and skills effectively.

Question 5

You can check your computer's system information for the clock speed of your processor, which may be called the ____.&#10;A) Central Processing Unit (CPU)&#10;B) hard drive&#10;C) data cache&#10;D) lookaside buffer

Accepted Answer

The clock speed of a processor is a characteristic of the CPU, or Central Processing Unit.

Question 6

The industry standard for bastion host memory is between 4 GB and 8 GB of RAM depending on the ____ of the memory.&#10;A) size&#10;B) speed&#10;C) manufacturer&#10;D) all of these are correct

Accepted Answer

The industry standard for bastion host memory is between 4 GB and 8 GB of RAM depending on the size, speed, and manufacturer of the memory.

Question 7

The concept of ____ requires hardening the system at multiple levels to minimize the possibility of intrusion.&#10;A) Demilitarized Zones&#10;B) healthy paranoia&#10;C) virtual private networks&#10;D) defense in depth

Accepted Answer

The concept of defense in depth involves implementing multiple layers of security to protect against potential intrusions. This includes hardening the system at multiple levels, such as securing physical access, implementing firewalls and intrusion detection systems, and using strong authentication protocols. Demilitarized zones and virtual private networks are security technologies that can be used as part of a defense in depth strategy, but they are not the concept itself. "Healthy paranoia" is not a security concept, but rather a mindset that involves being cautious and vigilant about potential risks.

Question 8

When selcting a bastion host operating system, the most important consideration is ____.&#10;A) Choose UNIX/LINUX only&#10;B) Choose Windows only&#10;C) Choose the OS you're most familiar with&#10;D) Choose the OS that is the most cost effective

Accepted Answer

The most important consideration when selecting a bastion host operating system is to choose the one with which the system administrator is most familiar. This is because the bastion host will be responsible for securing an organization's network, and any misconfiguration or mistake could have serious consequences. Therefore, it is important to use an operating system that the administrator is familiar with, to ensure that the security measures are properly implemented and maintained. The choice of operating system should not be based solely on cost, as security should always be the top priority. While UNIX/LINUX and Windows are both viable options, the familiarity of the system administrator is more important than the specific operating system used.

Question 9

Its not uncommon for companies to solicit information from a dozen or more hosting services and then request full proposals from five of those companies.

Accepted Answer

This statement is true and suggests that companies often do thorough research and compare different hosting services before choosing one for their business.

Question 10

Once you have configured and deployed a bastion host, there is no need for further maintenance.

Accepted Answer

Bastion hosts require ongoing maintenance to ensure they remain secure, are up to date with security patches and have appropriate access controls in place. Regular monitoring and audit logging should also be performed.

Question 11

What is a downside of co-location for the bastion host?&#10;A) more complicated for the administrator&#10;B) not as much protection from natural disasters&#10;C) decreased network uptime&#10;D) weaker security

Accepted Answer

The answer of What is a downside of co-location for...

Question 12

The ____ utility reports on the services that are currently started.&#10;A) Security Compliance Manager&#10;B) chkconfig&#10;C) syslog&#10;D) daemon

Accepted Answer

The answer of The ____ utility reports on the services...

Question 13

Hard drives for rack-mounted servers range from $250 to $750 per terabyte depending on ____.&#10;A) manufacturer&#10;B) drive speed&#10;C) form factor&#10;D) all of these are correct

Accepted Answer

The answer of Hard drives for rack-mounted servers range from...

Question 14

In general, where should bastion hosts be located on the network?&#10;A) within the internal LAN&#10;B) DMZ&#10;C) before the router&#10;D) between the router and firewall

Accepted Answer

The answer of In general, where should bastion hosts be...

Question 15

The first step in securing a bastion host is:.&#10;A) Obtain a mcahine with sufficient memory and processor speed.&#10;B) Run a security audit&#10;C) Install the services to provide or modify existing services&#10;D) back up the system and all data on it, including log files

Accepted Answer

The answer of The first step in securing a bastion...

Question 16

DNS server located on the DMZ should be configured to prohibit unauthorized ____.&#10;A) partitions&#10;B) log files&#10;C) backups&#10;D) zone transfers

Accepted Answer

The answer of DNS server located on the DMZ should...

Question 17

Where should a bastion host be located if an organization does not have a dedicated server room?&#10;A) manager's office&#10;B) network administrator's cubicle&#10;C) offsite&#10;D) locked server cabinet

Accepted Answer

The answer of Where should a bastion host be located...

Question 18

Network administrators should leave all ports open on a bastion host for maximum network throughput.

Accepted Answer

The answer of Network administrators should leave all ports open...

Question 19

Bastion hosts should contain the latest and most expensive processor/memory combinations.

Accepted Answer

The answer of Bastion hosts should contain the latest and...

Question 20

Windows Server 2003 and 2008 are excellent choices for bastion host operating systems because of their reliability and widespread use as servers

Accepted Answer

The answer of Windows Server 2003 and 2008 are excellent...

Question 21

Match each item with a statement below.&#10;a.instruction cache&#10;b.log files&#10;c.translation lookaside buffer&#10;d.data cache&#10;e.Demilitarized Zone&#10;f.bastion host&#10;g.UNIX&#10;h.processor speed&#10;i.syslog daemon&#10;Standard for logging program message.

Accepted Answer

The answer of Match each item with a statement below.&#10;a.instruction...

Question 22

On a Windows bastion host, consider creating two ____________________: one for the operating system and one for the Web server, DNS server, or other software you plan to run on the host.

Accepted Answer

The answer of On a Windows bastion host, consider creating...

Question 23

The ____________________ location is defined as the exact building and room in which the device is located.

Accepted Answer

The answer of The ____________________ location is defined as the...

Question 24

Match each item with a statement below.&#10;a.instruction cache&#10;b.log files&#10;c.translation lookaside buffer&#10;d.data cache&#10;e.Demilitarized Zone&#10;f.bastion host&#10;g.UNIX&#10;h.processor speed&#10;i.syslog daemon&#10;Speed up the retrieval and storage of stored data.

Accepted Answer

The answer of Match each item with a statement below.&#10;a.instruction...

Question 25

Match each item with a statement below.&#10;a.instruction cache&#10;b.log files&#10;c.translation lookaside buffer&#10;d.data cache&#10;e.Demilitarized Zone&#10;f.bastion host&#10;g.UNIX&#10;h.processor speed&#10;i.syslog daemon&#10;Speeds up the processing of executable instructions.

Accepted Answer

The answer of Match each item with a statement below.&#10;a.instruction...

Question 26

Match each item with a statement below.&#10;a.instruction cache&#10;b.log files&#10;c.translation lookaside buffer&#10;d.data cache&#10;e.Demilitarized Zone&#10;f.bastion host&#10;g.UNIX&#10;h.processor speed&#10;i.syslog daemon&#10;Speeds up the translation of virtual-to-physical address for both data and instructions.

Accepted Answer

The answer of Match each item with a statement below.&#10;a.instruction...

Question 27

UNIX uses a utility called ____________________, which automates the process of analyzing security patches that are already on the system and reports patches that should be added.

Accepted Answer

The answer of UNIX uses a utility called ____________________, which...

Question 28

Match each item with a statement below.&#10;a.instruction cache&#10;b.log files&#10;c.translation lookaside buffer&#10;d.data cache&#10;e.Demilitarized Zone&#10;f.bastion host&#10;g.UNIX&#10;h.processor speed&#10;i.syslog daemon&#10;No-man's-land between the inside and outside networks that serves as a buffer against outside attacks.

Accepted Answer

The answer of Match each item with a statement below.&#10;a.instruction...

Question 29

On a bastion host that is intended to function as a Web server, for instance, you only need to enable traffic on TCP Port 80 and Port ____ for SSL traffic.&#10;A) 79&#10;B) 81&#10;C) 443&#10;D) 450

Accepted Answer

The answer of On a bastion host that is intended...

Question 30

Match each item with a statement below.&#10;a.instruction cache&#10;b.log files&#10;c.translation lookaside buffer&#10;d.data cache&#10;e.Demilitarized Zone&#10;f.bastion host&#10;g.UNIX&#10;h.processor speed&#10;i.syslog daemon&#10;System specifically designed and implemented to withstand attacks.

Accepted Answer

The answer of Match each item with a statement below.&#10;a.instruction...

Question 31

Discuss the pros and cons of having more than one bastion host.

Accepted Answer

The answer of Discuss the pros and cons of having...

Question 32

A ____ is a level of performance that you consider acceptable and against which the system can be compared.&#10;a.log file&#10;b.system audit&#10;c.quality assurance test&#10;d.baseline

Accepted Answer

The answer of A ____ is a level of performance...

Question 33

Match each item with a statement below.&#10;a.instruction cache&#10;b.log files&#10;c.translation lookaside buffer&#10;d.data cache&#10;e.Demilitarized Zone&#10;f.bastion host&#10;g.UNIX&#10;h.processor speed&#10;i.syslog daemon&#10;Rate at which the logic circuitry or microprocessor within a computing device processes the basic instructions that make the device operate.

Accepted Answer

The answer of Match each item with a statement below.&#10;a.instruction...

Question 34

____________________ occurs when a company physically hosts its server(s) in a data center that is managed by a third party.

Accepted Answer

The answer of ____________________ occurs when a company physically hosts...

Question 35

Match each item with a statement below.&#10;a.instruction cache&#10;b.log files&#10;c.translation lookaside buffer&#10;d.data cache&#10;e.Demilitarized Zone&#10;f.bastion host&#10;g.UNIX&#10;h.processor speed&#10;i.syslog daemon&#10;Most popular operating system used to provide services on the Internet.

Accepted Answer

The answer of Match each item with a statement below.&#10;a.instruction...

Question 36

A ____, which is a mirror image of all the data on a hard disk or partition, including not only files but applications and system data.&#10;A) hard backup&#10;B) binary drive image&#10;C) network backup&#10;D) system state backup

Accepted Answer

The answer of A ____, which is a mirror image...

Question 37

Match each item with a statement below.&#10;a.instruction cache&#10;b.log files&#10;c.translation lookaside buffer&#10;d.data cache&#10;e.Demilitarized Zone&#10;f.bastion host&#10;g.UNIX&#10;h.processor speed&#10;i.syslog daemon&#10;Records detailing who accessed resources on the server and when the access attempts occurred.

Accepted Answer

The answer of Match each item with a statement below.&#10;a.instruction...

Question 38

The Microsoft ____ allows system owners to tap into a large knowledge base of details about vulnerabilities and get advice from vendor and security experts on how to make specific Microsoft operating systems and layered products like databases and Web servers more secure.

A) Security Assessment Tool
B) Baseline Security Analyzer
C) Trusted Computing Base
D) security_patch_check

Accepted Answer

The answer of The Microsoft ____ allows system owners to...

Question 39

On a UNIX host, you should run a ____ check, a set of software programs that makes sure any software you're running on your system is a trusted program.&#10;A) Security Assessment Tool&#10;B) Baseline Security Analyzer&#10;C) Trusted Computing Base&#10;D) security_patch_check

Accepted Answer

The answer of On a UNIX host, you should run...

Question 40

It is a best practice idea to rename the ____ account on a bastion host after initial configuration.&#10;A) Administrator&#10;B) Guest&#10;C) Default&#10;D) System

Accepted Answer

The answer of It is a best practice idea to...

Question 41

Why might it be a good idea to re-install the operating system on a bastion host?

Accepted Answer

The answer of Why might it be a good idea...

Question 42

What type of processor speed is best for a bastion host?

Accepted Answer

The answer of What type of processor speed is best...

Question 43

What type of fees do hosting service charge?

Accepted Answer

The answer of What type of fees do hosting service...

Question 44

What tools are available for Windows-based bastion hosts?

Accepted Answer

The answer of What tools are available for Windows-based bastion...

Question 45

What questions should you ask when evaluating the effectiveness of a bastion host configuration?

Accepted Answer

The answer of What questions should you ask when evaluating...

Question 46

What type of documentation should you keep for your bastion host?

Accepted Answer

The answer of What type of documentation should you keep...

Question 47

Why is it a good idea to disable user accounts on the bastion host?

Accepted Answer

The answer of Why is it a good idea to...

Question 48

Where should a bastion host be located?

Accepted Answer

The answer of Where should a bastion host be located?...

Question 49

Describe the RAM needs of a bastion host.

Accepted Answer

The answer of Describe the RAM needs of a bastion...

Deck 8: Implementing the Bastion Host