Detection and Prevention

Question 1

You are concerned about attacks directed at your network firewall. You want to be able to identify and be
notified of any attacks. In addition, you want the system to take immediate action when possible to stop or
prevent the attack.
Which tool should you use?

IDS
Packet sniffer
IPS
Port scanner

Answer 1

IPS

Question 2

What is the most common form of host based IDS that employs signature or pattern matching detection
methods?

Motion detectors
Anti-virus software
Firewalls
Honey pots

Answer 2

Anti-virus software

Question 3

What actions can a typical passive Intrusion Detection System (IDS) take when it detects an attack? (Select
two.)

The IDS configuration is changed dynamically and the source IP address is banned.
The IDS logs all pertinent data about the intrusion.
An alert is generated and delivered via Email, the console, or an SNMP trap.
LAN side clients are halted and removed from the domain.

Answer 3

The IDS logs all pertinent data about the intrusion.

An alert is generated and delivered via Email, the console, or an SNMP trap.

Question 4

Which IDS method searches for intrusion or attack attempts by recognizing patterns or identities listed in a
database?

Signature based
Stateful inspection based
Heuristics based
Anomaly analysis based

Answer 4

Signature based

Question 5

As a security precaution, you have implemented IPsec that is used between any two devices on your network.
IPsec provides encryption for traffic between devices.
You would like to implement a solution that can scan the contents of the encrypted traffic to prevent any
malicious attacks.
Which solution should you implement?

Port scanner
Network based IDS
Host based IDS
VPN concentrator
Protocol analyzer

Answer 5

Host based IDS

Question 6

What security mechanism can be used to detect attacks originating on the Internet or from within an internal
trusted subnet?

Security alarm
Firewall
Biometric system
IDS

Answer 6

IDS

Question 7

Which of the following devices can monitor a network and detect potential security attacks?

CSU/DSU
DNS server
IDS
Proxy
Load balancer

Answer 7

IDS

Question 8

You are concerned about protecting your network from network-based attacks from the Internet. Specifically,
you are concerned about “zero day” attacks (attacks that have not yet been identified or that do not have
prescribed protections).
Which type of device should you use?

Anti-virus scanner
Signature based IDS
Network based firewall
Anomaly based IDS
Host based firewall

Answer 8

Anomaly based IDS

Question 9

Which of the following functions can a port scanner provide? (Select two.)

Discovering unadvertised servers.
Testing virus definition design for false positives.
Auditing IPsec encryption algorithm configuration.
Determining which ports are open on a firewall.

Answer 9

Discovering unadvertised servers.

Determining which ports are open on a firewall.

Question 10

Which of the following is a security service that monitors network traffic in real time or reviews the audit logs
on servers looking for security violations?

Switch
Firewall
Padded cell
IDS

Answer 10

IDS

Question 11

You want to make sure that a set of servers will only accept traffic for specific network services. You have
verified that the servers are only running the necessary services, but you also want to make sure that the
servers will not accept packets sent to those services.
Which tool should you use?

System logs
Packet sniffer
IDS
Port scanner
IPS

Answer 11

Port scanner

Question 12

Which of the following devices is capable of detecting and responding to security threats?

IPS
IDS
Multilayer switch
DNS server

Answer 12

IPS