Protecting Networks Flashcards

1
Q

In order for network monitoring to work properly, you need a PC and a network card running
in what mode?

A. Launch
B. Exposed
C. Promiscuous
D. Sweep

A

C. In order for network monitoring to work properly, you need a PC and a network card
running in promiscuous mode.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which Linux utility can show if there is more than one set of documentation on the system
for a command you are trying to find information on?

A. Lookaround
B. Howmany
C. Whereall
D. Whatis

A

D. In Linux, the whatis utility can show if there is more than one set of documentation on
the system for a command you are trying to find information on.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

In intrusion detection system parlance, which account is responsible for setting the security
policy for an organization?

A. Supervisor
B. Administrator
C. Root
D. Director

A

B. The administrator is the person/account responsible for setting the security policy for
an organization.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which of the following IDS types looks for things outside of the ordinary?

A. Incongruity-based
B. Variance-based
C. Anomaly-based
D. Difference-based

A

C. An anomaly-detection IDS (AD-IDS) looks for anomalies, meaning it looks for things
outside of the ordinary

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which of the following copies the traffic from all ports to a single port and disallows bidirectional
traffic on that port?

A. Port spanning
B. Socket blending
C. Straddling
D. Amalgamation

A

A. Port spanning (also known as port mirroring) copies the traffic from all ports to a single
port and disallows bidirectional traffic on that port.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Which of the following implies ignoring an attack and is a common response?

A. Eschewing
B. Spurning
C. Shirking
D. Shunning

A

D. Shunning, or ignoring an attack, is a common response

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Which IDS system uses algorithms to analyze the traffic passing through the network?

A. Arithmetical
B. Algebraic
C. Statistical
D. Heuristic

A

D. A heuristic system uses algorithms to analyze the traffic passing through the network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Which of the following utilities can be used in Linux to view a list of users’ failed authentication
attempts?

A. badlog
B. faillog
C. wronglog
D. killlog

A

B. Use the faillog utility in Linux to view a list of users’ failed authentication attempts.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Which of the following is the process in which a law enforcement officer or a government
agent encourages or induces a person to commit a crime when the potential criminal expresses
a desire not to go ahead?

A. Enticement
B. Entrapment
C. Deceit
D. Sting

A

B. Entrapment is the process in which a law enforcement officer or a government agent
encourages or induces a person to commit a crime when the potential criminal expresses a
desire not to go ahead

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

The IDS console is known as what?

A. Manager
B. Window
C. Dashboard
D. Screen

A

A. The IDS console is known as the manager.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Sockets are a combination of the IP address and which of the following?

A. Port
B. MAC address
C. NIC setting
D. NetBIOS ID

A

A. Sockets are a combination of the IP address and the port.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Which type of active response fools the attacker into thinking the attack is succeeding
while the system monitors the activity and potentially redirects the attacker to a system
that is designed to be broken?

A. Pretexting
B. Shamming
C. Deception
D. Scamming

A

C. A deception active response fools the attacker into thinking the attack is succeeding
while the system monitors the activity and potentially redirects the attacker to a system that
is designed to be broken.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Which device monitors network traffic in a passive manner?

A. Sniffer
B. IDS
C. Firewall
D. Web browser

A

A. Sniffers monitor network traffic and display traffic in real time. Sniffers, also called network
monitors, were originally designed for network maintenance and troubleshooting.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Security has become the utmost priority at your organization. You’re no longer content
to act reactively to incidents when they occur—you want to start acting more proactively.
Which system performs active network monitoring and analysis and can take proactive
steps to protect a network?

A. IDS
B. Sniffer
C. Router
D. Switch

A

A. An IDS is used to protect and report network abnormalities to a network administrator
or system. It works with audit files and rule-based processing to determine how to act in the
event of an unusual situation on the network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Which of the following can be used to monitor a network for unauthorized activity?
(Choose two.)

A. Network sniffer
B. NIDS
C. HIDS
D. VPN

A

A, B. Network sniffers and NIDSs are used to monitor network traffic. Network sniffers
are manually oriented, whereas an NIDS can be automated.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

You’re the administrator for Acme Widgets. After attending a conference on buzzwords
for management, your boss informs you that an IDS should be up and running on the network
by the end of the week. Which of the following systems should be installed on a host
to provide IDS capabilities?

A. Network sniffer
B. NIDS
C. HIDS
D. VPN

A

C. A host-based IDS (HIDS) is installed on each host that needs IDS capabilities

17
Q

Which of the following is an active response in an IDS?

A. Sending an alert to a console
B. Shunning
C. Reconfiguring a router to block an IP address
D. Making an entry in the security audit file

A

C. Dynamically changing the system’s configuration to protect the network or a system is
an active response.

18
Q

A junior administrator bursts into your office with a report in his hand. He claims that
he has found documentation proving that an intruder has been entering the network on a
regular basis. Which of the following implementations of IDS detects intrusions based on
previously established rules that are in place on your network?

A. MD-IDS
B. AD-IDS
C. HIDS
D. NIDS

A

A. By comparing attack signatures and audit trails, a misuse-detection IDS determines
whether an attack is occurring.

19
Q

Which IDS function evaluates data collected from sensors?

A. Operator
B. Manager
C. Alert
D. Analyzer

A

D. The analyzer function uses data sources from sensors to analyze and determine whether
an attack is under way.

20
Q

What is a system that is intended or designed to be broken into by an attacker called?

A. Honeypot
B. Honeybucket
C. Decoy
D. Spoofing system

A

A. A honeypot is a system that is intended to be sacrificed in the name of knowledge.
Honeypot systems allow investigators to evaluate and analyze the attack strategies used.
Law enforcement agencies use honeypots to gather evidence for prosecution