Some mroe Sec+ Questions

itrorevitrorev Member Posts: 9 ■□□□□□□□□□
1)Fingerprinting vs Footprinting

I initially thought these terms were synonymous, but I've been told otherwise. Can someone explain?


2) I've ran into the following question on two different practice test, and both give different answers:

Sensitive material is currently displayed on a users monitor. What is the best course of action the user should take before leaving the area?

A. Just leave the area. The desk is a personal space and is at no risk
B. Turn off the monitor
C. Wait for the screensaver to start
D. Refer to the company's policy on securing sensitive data

The original practice test I used stated that D was correct. However, a new one I've gotten a hold of has C as correct. What do you guys think?

Comments

  • gojericho0gojericho0 Member Posts: 1,059 ■■■□□□□□□□
    Fingerprinting is the ability to determine what type of OS a computer system is running. For example nmap has the ability to try to determine the OS of any IP addresses you scan by looking at the responses of the TCP/IP stack.

    Footprinting attempts to derive many IP/hostame mappings as possible by using tools such as WHOIS

    I would agree with C for the answer just because most screen savers require a password to unlock them. However is most IT environments there is policy set to start the screen saver after X amount of time in order to centrally manage security policy and not have to rely on every individual.
  • dynamikdynamik Banned Posts: 12,312 ■■■■■■■■■□
    Wikipedia is always a good source of information for stuff like this.
    http://en.wikipedia.org/wiki/TCP/IP_stack_fingerprinting
    http://en.wikipedia.org/wiki/Footprinting (well, this one is a bit lacking...)

    You can remember the difference by seeing how actual fingerprinting and footprinting is applied and remembering that fingerprinting is more specific.

    I would actually disagree and go with D. A company might have specific policies, such closing the document or locking the machine. The question doesn't state the the screen saver is password protected, so I don't think you should just assume it is. If someone walks by and bumps the desk and moves the mouse a bit, the sensitive information is back on display. That really doesn't seem all that secure. If there is no password, simply turning off the monitor would be a better solution. Plus, it's just a waste of the person's time. What if the screen saver requires 15 or 30 minutes of inactivity? I'd say company policies should take precedence in this type of situation.

    It's not a good question, and I'm not 100% sure myself. I wouldn't get too hung up on it. Just understand why both could be correct, and hopefully you won't get a question on the test where you have to choose between the two.
  • itrorevitrorev Member Posts: 9 ■□□□□□□□□□
    Thanks guys!!

    My gut says that waiting for the screensaver is just impractical and stupid. Now, if you had the option to lock the computer by activating the screensaver at will, (and if it was password protected) that would make sense. But thats not one of the options, so id think D would be correct.
  • ConstantlyLearningConstantlyLearning Member Posts: 445
    I'd go with D everytime.


    With most of those types of questions that I have come across it's usually the "company's policy" option.
    "There are 3 types of people in this world, those who can count and those who can't"
  • supertechCETmasupertechCETma Member Posts: 377
    Delta icon_cool.gif
    Electronic Technicians Association-International www.eta-i.org
    The Fiber Optic Association www.thefoa.org
    Home Acoustics Alliance® http://www.homeacoustics.net/
    Imaging Science Foundation http://www.imagingscience.com/
Sign In or Register to comment.