Module 12 - Evading IDS , Firewalls, and Honeypots ( EC Mode Part 02 ) Flashcards

1
Q

Which of the following methods is NOT a countermeasure to defend against firewall evasion?

A. Catalog and review all inbound and outbound traffic allowed through the firewall
B. Take regular backups of the firewall rule set and configuration files
C. Never run regular risk queries to identify vulnerable firewall rules
D. Control physical access to the firewall

A

Correct Answer: C. Never run regular risk queries to identify vulnerable firewall rules

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which of the following practices helps security professionals defend their organizational network against IDS evasion attempts?

A. Do not store the attack information for future analysis
B. Look for 0x90 other than nop opcode to defend against the polymorphic shellcode problem
C. Ensure that the packets are arriving from a path secured with IDS
D. Never use a traffic normalizer to remove potential ambiguity from the packet stream

A

Correct Answer: C. Ensure that the packets are arriving from a path secured with IDS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Which of the following practices helps security professionals defend their network against firewall bypass attempts?

A. The firewall should be configured such that the IP address of an intruder should not be filtered out
B. Never configure a remote syslog server
C. By default, enable all FTP connections to or from the network
D. Use HTTP Evader to run automated testing for suspected firewall evasions

A

Correct Answer: D. Use HTTP Evader to run automated testing for suspected firewall evasions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which of the following intrusion detection technique involves first creating models of possible intrusions and then comparing these models with incoming events to make a detection decision?

A. Signature Recognition
B. Anomaly Detection
C. Protocol Anomaly Detection
D. Obfuscating

A

Correct Answer: A. Signature Recognition

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Sean who works as a network administrator has just deployed an IDS in his organization’s network. Sean deployed an IDS that generates four types of alerts that include: true positive, false positive, false negative, and true negative. In which of the following conditions does the IDS generate a true positive alert?

A. A true positive is a condition occurring when an IDS fails to react to an actual attack event
B. A true positive is a condition occurring when an IDS identifies an activity as acceptable behavior and the activity is acceptable
C. A true positive is a condition occurring when an event triggers an alarm and causes the IDS to react as if a real attack is in progress
D. A true positive is a condition occurring when an event triggers an alarm when no actual attack is in progress

A

Correct Answer: C. A true positive is a condition occurring when an event triggers an alarm and causes the IDS to react as if a real attack is in progress.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly