Page 830 - StudyBook.pdf
P. 830

814    Appendix • Self Test Appendix

                Answer AYour certificates need to be exchanged, so that e-mail to you can be encrypted using
                 your public key.
              Exchanging your private key with anyone (answer B) is a definite no-no.The expected size of
                 the data to be sent (answer C) may be interesting, but is not a necessary precursor to sending
                 encrypted e-mail; sending Web site addresses (answer D) is not of any particular use to
                 exchanging encrypted information.

             14. An attacker has broken into your SSL-secured Web server, which uses a certificate held in local
                 software storage, and defaced it. Do you need to revoke the certificate?
                  A. Yes. Software storage is no protection against hackers, and the hacker may now have the
                      private key in his possession.
                  B. No.The hacker would have needed to know the key’s password in order to sign anything.
                  C. No.The hacker cannot use the key to sign data once the Web server has been repaired.
                  D. Yes.The hacker may have used the key to sign information that others may continue to
                      trust.
              Answer D.The hacker has defaced the site, and as a result, a site behind SSL was giving out
                 trusted information that was incorrect. . Revoking the certificate allows you to notify users to
                 not trust the signed data.
              Answer A is false, because software storage is some protection against hackers, as the key is only
                 known to those with the right password.Answer B is false, because even without knowing the
                 key, the attacker has persuaded the Web site to certify that data is coming from your site
                 through SSL.Answer C is false, because although the hacker can no longer use the key, he has
                 already signed data of his own as yours


             Chapter 11: Operational and

             Organizational Security: Incident
             Response


             1.  A company has just implemented a recycling program in which paper, plastics and other dis-
                 carded items can be collected. Large containers are located throughout facilities, allowing
                 employees to deposit papers, water bottles and other items in them, so they can be reprocessed
                 into other products.After a custodian brings a full container out to be picked up by a recycling
                 company, he uses his card key to get back into the building and holds the door for a woman
                 wearing business attire and carrying an attaché case.After the dumpster has been emptied by
                 the recycling company, he goes out, and wheels it back into the building.Which of the fol-
                 lowing security threats has occurred?
                  A. Dumpster diving
                  B. Tailgating
                  C. Social engineering
                  D. Phishing



          www.syngress.com
   825   826   827   828   829   830   831   832   833   834   835