40. Current operating systems are far more resistant to which of the following types of denial-of-service attacks and have become less of a threat?

a. Reflector attack

b. Amplified attack

c. Distributed attack

d. SYNflood attack

40. d. Synchronized flood (SYNflood) attacks often target an application and daemon, like a Web server, and not the operating system (OS) itself; although the OS may get impacted due to resources used by the attack. It is good to know that current operating systems are far more resistant to SYNflood attacks, and many firewalls now offer protections against such attacks, so they have become less of a threat. Still, SYNfloods can occur if attackers initiate many thousands of transmission control protocol (TCP) connections in a short time.

The other three types of attacks are more of a threat. In a reflector attack, a host sends many requests with a spoofed source address to a service on an intermediate host. Like a reflector attack, an amplified attack involves sending requests with a spoofed source address to an intermediate host. However, an amplified attack does not use a single intermediate host; instead, its goal is to use a whole network of intermediate hosts. Distributed attacks coordinate attacks among many computers (i.e., zombies).

41. Which of the following is the correct sequence of solutions for containing a denial-of-service incident?

1. Relocate the target computer.

2. Have the Internet service provider implement filtering.

3. Implement filtering based on the characteristics of the attack.

4. Correct the vulnerability that is being exploited.

a. 2, 3, 1, and 4

b. 2, 4, 3, and 1

c. 3, 4, 2, and 1

d. 4, 3, 1, and 2

41. c. The decision-making process for containing a denial-of-service (DoS) incident should be easier if recommended actions are predetermined. The containment strategy should include several solutions in sequence as shown in the correct answer.

42. Computer security incident handling can be considered that portion of contingency planning that responds to malicious technical threats (for example, a virus). Which of the following best describes a secondary benefit of an incident handling capability?

a. Containing and repairing damage from incidents

b. Preventing future damage

c. Using the incident data in enhancing the risk assessment process

d. Enhancing the training and awareness program

42. c. An incident capability may be viewed as a component of contingency planning because it provides the ability to react quickly and efficiently to disruptions in normal processing. Incidents can be logged and analyzed to determine whether there is a recurring problem, which would not be noticed if each incident were viewed only in isolation. Statistics on the numbers and types of incidents in the organization can be used in the risk assessment process as an indication of vulnerabilities and threats.

Containing and repairing damage from incidents and preventing future damages are incorrect because they are examples of primary benefits of an incident handling capability. An incident handling capability can provide enormous benefits by responding quickly to suspicious activity and coordinating incident handling with responsible offices and individuals as necessary. Incidents can be studied internally to gain a better understanding of the organization’s threats and vulnerabilities. Enhancing the training and awareness program is an example of a secondary benefit. Based on incidents reported, training personnel will have a better understanding of users’ knowledge of security issues. Training that is based on current threats and controls recommended by incident handling staff provides users with information more specifically directed to their current needs. Using the incident data in enhancing the risk assessment process is the best answer when compared to enhancing the training and awareness program.

43. Automatic file restoration requires which of the following?

a. Log file and checkpoint information

b. Access file and check digit information

c. Transaction file and parity bit information

d. Backup file and checkpoint information

43. a. Automatic file restoration requires log file and checkpoint information to recover from a system crash. A backup file is different from a log file in that it can be a simple copy of the original file whereas a log file contains specific and limited information. The other three choices do not have the log file capabilities.

44. Which of the following is the most common type of redundancy?

a. Cable backup

b. Server backup

c. Router backup

d. Data backup

44. d. In general, redundancy means having extra, duplicate elements to compensate for any malfunctions or emergencies that could occur during normal, day-to-day operations. The most common type of redundancy is the data backup, although the concept is often applied to cabling, server hardware, and network connectivity devices such as routers and switches.

45. Increasing which one of the following items increases the other three items?

a. Reliability

b. Availability

c. Redundancy

d. Serviceability

45. c. Reliability minimizes the possibility of failure and availability is a measurement of uptime while serviceability is a measure of the amount of time it takes to repair a problem or to restore a system following a failure. Increasing redundancy increases reliability, availability, and serviceability.

46. Which of the following is often overlooked in building redundancy?

a. Disks

b. Processors

c. Electrical power

d. Controllers

46. c. Redundant electric power and cooling is an important but often overlooked part of a contingency plan. Network administrators usually plan for backup disks, processors, controllers, and system boards.

47. Network availability is increased with which of the following?

a. Data redundancy

b. Link redundancy

c. Software redundancy

d. Power redundancy

47. b. Link redundancy, due to redundant cabling, increases network availability because it provides a parallel path that runs next to the main data path and a routing methodology that can establish an alternative path in case the main path fails. The other three redundancies are good in their own way, but they do not increase network availability. In other words, there are two paths: a main path and an alternative path.

48. What does an effective backup method for handling large volumes of data in a local-area-network environment include?

a. Backing up at the workstation

b. Backing up at the file server