quiz 3 Flashcards
Security devices on a network process digital information, such as text files and Web
pages, in the same way. However, which of the following pieces of information might
they handle differently?
Question 1 options:
attack signatures
protocols
port numbers
TCP/IP headers
attack signatures
In which of the following situations can CVE improve the coordination of intrusion
information on a network?
Question 2 options:
Attack signatures can be compared to current network topology.
Current network vulnerabilities can be used to generate application patches.
Attack signatures can be compared to lists of known attack signatures on the CVE Web site.
Installing application patches can thwart a reported attack.
Installing application patches can thwart a reported attack.
Which of the following can be included in a network traffic signature? (Choose all
that apply.)
Question 3 options:
A) Ethernet interface number
B) TCP options
C) message digest
D) logon attempts
B) TCP options
D) logon attempts
What is the name of an error-checking procedure that uses a formula to calculate a
numeric value?
Question 4 options:
hexadecimal code
check string
one-way hash
checksum
checksum
How do attackers use fragmentation to circumvent network defenses? (Choose all
that apply.)
Question 5 options:
A) The fragments arrive too slowly.
B) The initial packet is missing.
C) The final fragment sent is less than 400 bytes long.
D) Fragments are crafted to be too large or too small.
A) The fragments arrive too slowly.
B) The initial packet is missing.
D) Fragments are crafted to be too large or too small.
Which of the following packets should never have a data payload?
a.
b.
c.
d.
Question 6 options:
one with the SYN flag set
one with ACK/PSH flags set
one with the ACK flag set
one with SYN/ACK flags set
one with the SYN flag set
Which of the following is not required for a single-packet attack?
Question 7 options:
a source IP address
an established connection
an ICMP echo request
a destination IP address
an established connection
Which of the following is an example of a multiple-packet attack?
Question 8 options:
a false Internet time stamp
an ICMP flood
a packet with SYN/FIN/ACK flags set
a fragment
an ICMP flood
What is the purpose of the 4-byte acknowledgement number in a TCP header?
Question 9 options:
It acknowledges that a connection has been made.
It acknowledges receipt of the previous packet in the sequence.
It verifies that the source and destination IP addresses are correct.
It acknowledges the ID number the packet is using.
It acknowledges receipt of the previous packet in the sequence.
Which of the following is the correct order in which TCP flags appear during the
initiation of a normal connection?
a.
b.
c.
d.
Question 10 options:
SYN, PSH, ACK, FIN
SYN, ACK, FIN, RST
SYN, PSH, ACK, RST
SYN, SYN/ACK, ACK
SYN, SYN/ACK, ACK
Which protocol uses one port number to establish a connection and a different port
number to transfer data?
Question 11 options:
ICMP
TCP/IP
FTP
HTTP
FTP
Which of the following is an example of a reconnaissance traffic signature?
Question 12 options:
denial of service
Ping of Death
ping sweep
Trojan program
ping sweep
Which program keeps track of services and ports made available through Remote
Procedure Calls?
Question 13 options:
Network File Sharing
Network Information System
Network File System
portmapper
portmapper
To avoid attacks that use advanced evasion techniques, such as path obfuscation,
CGI scripts, and packet injection, you must do which of the following? (Choose all
that apply.)
Question 14 options:
A) Install additional IDPS sensors.
B) Keep your IDPS signature files updated.
C) Keep your anti-adware software updated.
D) Watch your log files closely.
B) Keep your IDPS signature files updated.
D) Watch your log files closely.
Which of the following features distinguishes IPv6 from IPv4?
Question 15 options:
IPv6 fragmentation occurs only at the source node.
IPv4 is unfragmentable.
The IPv4 maximum fragment size is larger than its IPv6 counterpart.
IPv6 fragmentation occurs on IPv6-compliant routers.
IPv6 fragmentation occurs only at the source node.
