Protecting Networks Flashcards
In order for network monitoring to work properly, you need a PC and a network card running
in what mode?
A. Launch
B. Exposed
C. Promiscuous
D. Sweep
C. In order for network monitoring to work properly, you need a PC and a network card
running in promiscuous mode.
Which Linux utility can show if there is more than one set of documentation on the system
for a command you are trying to find information on?
A. Lookaround
B. Howmany
C. Whereall
D. Whatis
D. In Linux, the whatis utility can show if there is more than one set of documentation on
the system for a command you are trying to find information on.
In intrusion detection system parlance, which account is responsible for setting the security
policy for an organization?
A. Supervisor
B. Administrator
C. Root
D. Director
B. The administrator is the person/account responsible for setting the security policy for
an organization.
Which of the following IDS types looks for things outside of the ordinary?
A. Incongruity-based
B. Variance-based
C. Anomaly-based
D. Difference-based
C. An anomaly-detection IDS (AD-IDS) looks for anomalies, meaning it looks for things
outside of the ordinary
Which of the following copies the traffic from all ports to a single port and disallows bidirectional
traffic on that port?
A. Port spanning
B. Socket blending
C. Straddling
D. Amalgamation
A. Port spanning (also known as port mirroring) copies the traffic from all ports to a single
port and disallows bidirectional traffic on that port.
Which of the following implies ignoring an attack and is a common response?
A. Eschewing
B. Spurning
C. Shirking
D. Shunning
D. Shunning, or ignoring an attack, is a common response
Which IDS system uses algorithms to analyze the traffic passing through the network?
A. Arithmetical
B. Algebraic
C. Statistical
D. Heuristic
D. A heuristic system uses algorithms to analyze the traffic passing through the network.
Which of the following utilities can be used in Linux to view a list of users’ failed authentication
attempts?
A. badlog
B. faillog
C. wronglog
D. killlog
B. Use the faillog utility in Linux to view a list of users’ failed authentication attempts.
Which of the following is the process in which a law enforcement officer or a government
agent encourages or induces a person to commit a crime when the potential criminal expresses
a desire not to go ahead?
A. Enticement
B. Entrapment
C. Deceit
D. Sting
B. Entrapment is the process in which a law enforcement officer or a government agent
encourages or induces a person to commit a crime when the potential criminal expresses a
desire not to go ahead
The IDS console is known as what?
A. Manager
B. Window
C. Dashboard
D. Screen
A. The IDS console is known as the manager.
Sockets are a combination of the IP address and which of the following?
A. Port
B. MAC address
C. NIC setting
D. NetBIOS ID
A. Sockets are a combination of the IP address and the port.
Which type of active response fools the attacker into thinking the attack is succeeding
while the system monitors the activity and potentially redirects the attacker to a system
that is designed to be broken?
A. Pretexting
B. Shamming
C. Deception
D. Scamming
C. A deception active response fools the attacker into thinking the attack is succeeding
while the system monitors the activity and potentially redirects the attacker to a system that
is designed to be broken.
Which device monitors network traffic in a passive manner?
A. Sniffer
B. IDS
C. Firewall
D. Web browser
A. Sniffers monitor network traffic and display traffic in real time. Sniffers, also called network
monitors, were originally designed for network maintenance and troubleshooting.
Security has become the utmost priority at your organization. You’re no longer content
to act reactively to incidents when they occur—you want to start acting more proactively.
Which system performs active network monitoring and analysis and can take proactive
steps to protect a network?
A. IDS
B. Sniffer
C. Router
D. Switch
A. An IDS is used to protect and report network abnormalities to a network administrator
or system. It works with audit files and rule-based processing to determine how to act in the
event of an unusual situation on the network.
Which of the following can be used to monitor a network for unauthorized activity?
(Choose two.)
A. Network sniffer
B. NIDS
C. HIDS
D. VPN
A, B. Network sniffers and NIDSs are used to monitor network traffic. Network sniffers
are manually oriented, whereas an NIDS can be automated.