Week 2 Flashcards
What are the techniques by which dual-homed firewalls can provide services?
a. From a Gateway Device
b. Encryption
c. From an External Network
d. Proxy based, login into dual-homed host directly
d. Proxy based, login into dual-homed host directly
Screen host architecture is a combination of which of the following types?
a. Screen Router and Multi-purpose Boxes
b. Screen Router and Gateway Device
c. Screen Router and Dual-homed Firewall
d. Dual-host and Multi-purpose Boxes
c. Screen Router and Dual-homed Firewall
In screen host architecture, a dual-homed component is known as what?
a. Baston Host
b. Remote Host
c. Multi-purpose Host
d. Gateway Host
a. Baston Host
Which of the following options is an iptables rule for blocking all requests to an SMTP mail server on Internet?
a. iptables -A OUTPUT -p tcp –sport 1024:65535 -j REJECT
b. iptables -A OUTPUT -p tcp –sport 1024:65535 –dport 25 -j REJECT
c. iptables -A INPUT -p tcp –sport 1024:65535 –dport 25 -j REJECT
d. iptables -A OUTPUT -p tcp –sport 1024:65535 –dport 25 -j ACCEPT
b. iptables -A OUTPUT -p tcp –sport 1024:65535 –dport 25 -j REJECT
Which of the security goals does Intrusion try to compromise?
a. Correctness, Integrity, and Availability
b. Confidentiality, Integrity, and Authenticity
c. Confidentiality, Integrity, and Availability
d. Confidentiality, Privacy, and Availability
c. Confidentiality, Integrity, and Availability
Which of the following is not a problem in Host based IDS?
a. It provides a logging mechanism for system based events.
b. Unauthorized access to the host machine
c. Dependency on user interaction for installing IDS applications
d. Local view of attack
a. It provides a logging mechanism for system based events.
Consider a scenario where there are two applications running on the network, one is a firewall application and another is an Intrusion Detection System (IDS) application. For any incoming packet in the system, which of the following is true?
a. An incoming packet will never be discarded by the firewall and IDS
b. Incoming packet may discarded by either the firewall or the IDS
c. The incoming packet may be allowed or discarded by the firewall, but it will never be discarded by IDS.
d. The incoming packet will never be discarded by the firewall, but it may be discarded by the IDS
c. Dependency on user interaction for installing IDS applications
Which of the following matches is correct?
a. True Positive (TP) - The detection engine does not detect any malicious traffic but an attack actually happened, False Negative (FN) - The detection engine detected an intrusion and the ground truth says there is an attack happening in the system, False Positive (FP) - The detection engine detects an attack but the ground truth says there was no attack, True Negative (TN) - The detection engine does not detect an attack and the ground rule says there was no attack
b. True Positive (TP) - The detection engine does not detect any attacks and the ground rule says there was no attack, False Negative (FN) - The detection engine does not detect any malicious traffic but and attack actually happened, False Positive (FP) - The detection engine detects an attack, but the ground truth says there was no attack, True Negative (TN) - The detection engine detected an intrusion, and the ground truth says there is attack happening in the system
c. True Positive (TP) - The detection engine detected an intrusion and the ground truth says there is an attack happening in the system, False Negative (FN) - The detection engine detects an attack but the ground truth says there was no attack, False Positive (FP) - The detection engine does not detect any malicious traffic but an attack actually happened, True Negative (TN) - The detection engine does not detect an attack and the ground rule says there was no attack
d. True Positive (TP) - The detection engine detected an intrusion and the ground truth says there is an attack happening in the system, False Negative (FN) - The detection engine does not detect any malicious traffic but an attack actually happened, False Positive (FP) - The detection engine detects an attack but the ground truth says there was no attack, True Negative (TN) - Detection Engine does not detect any attack and the ground rule says there was no attack
d. True Positive (TP) - The detection engine detected an intrusion and the ground truth says there is an attack happening in the system, False Negative (FN) - The detection engine does not detect any malicious traffic but an attack actually happened, False Positive (FP) - The detection engine detects an attack but the ground truth says there was no attack, True Negative (TN) - Detection Engine does not detect any attack and the ground rule says there was no attack
Which of the following tools is generally not used for packet sniffing?
a. NetworkMiner
b. WinScp
c. WireShark
d. Tcpdump
b. WinScp
In which of the following is the simplest way to send an alert message to software developers about the intrusion?
a. Sending an email
d. Sending post
c. Sending short messages
d. local Log files, remote logging server
d. local Log files, remote logging server
In which file is the list of snort rules to be used defined?
a. rules.config
b. snort.rules
c. local.rules
c. local.rules
Which of the following options is a log facility in alert output mode?
a. log_debug
b. log_alert
c. log_daemon
d. log_perror
c. log_daemon
In the data link layer packet dump, which of the following is not seen?
a. Source mac address
b. Type of protocol - ethertype
c. Source IP address
d. Destination mac address
c. Source IP address
Which of the following options is the correct syntax for logging in binary mode?
a. ./snort -l ./log -b
b. ./snort -dev -l ./log -h 192.168.1.0/24
c. ./snort -dev -l ./log
d. ./snort -dev -b -l ./log
a. ./snort -l ./log -b
DAQ is needed to run snort in _____ mode.
a. IDS
b. logging
c. sniffing
d. inline
d. inline
