Review 11

Question 1

What term describes a software program or hardware appliance that monitors network traffic and creates an alert when it encounters a suspicious activity or known threat.

Question options:

Honeypot

IPS

IDS

Firewall

Answer 1

IDS

Question 2

What term describes a software program or hardware appliance that monitors network traffic and takes action to prevent harmful events.

Question options:

Honeypot

IPS

Firewall

IDS

Answer 2

IPS

Question 3

What is the most effective firewall evasion technique?

Question options:

Fragmentation

HTTP Tunneling

Spoofing

Source Routing

Answer 3

Spoofing

Question 4

Which type of system is more difficult to manage since it has to be maintained individually on each system?

Question options:

Honeypot

NIDS

Firewall

HIDS

Answer 4

HIDS

Question 5

To avoid a _________ IDS, you should design the threat to capitalize on weaknesses of the IDS.

Question options:

signature-based

protocol-based

application-based

anomaly-based

Answer 5

signature-based

Question 6

Which type of IDS alert occurs when an alarm was generated, and no condition was present to generate it?

Question options:

True-Negative

True-Positive

False-Positive

False-Negative

Answer 6

False-Positive

Question 7

Which type of IDS compares network behavior to baseline profiles or network behavior baselines?

Question options:

Anomaly-based

Application-based

Signature-based

Protocol-based

Answer 7

Anomaly-based

Question 8

Which of the following is NOT the role of an IDS?

Question options:

Analyze network traffic

Monitor log files

Monitor application execution

Check file integrity

Answer 8

Monitor application execution

Question 9

___________ are physical devices usually placed at the junction or gateway between two networks, usually a private network and a public network, such as the internet.

Question options:

HIDS

NIDS

Software firewalls

Hardware firewalls

Answer 9

Hardware firewalls

Question 10

Which type of attack changes the malicious code with the intent to disguise it as legitimate?

Question options:

DoS or DDoS attack

Insertion attack

Obfuscation attack

Payload attack

Answer 10

Obfuscation attack

Question 11

Which of the following should be avoided in order to avoid detection by a HIDS?

Question options:

Unknown files inserted into the system

Unknown or unexplained messages and warnings in log files

New and/or unusual ports being used or open

New and/or unusual protocols and services being used

Answer 11

Unknown files inserted into the system

Question 12

Which firewall evasion method can bypass firewalls and may be one of the easiest tunneling methods to use because the protocol is already allowed through many firewalls as part of normal operations.

Question options:

Source Routing

ICMP Tunneling

Spoofing

HTTP Tunneling

Answer 12

HTTP Tunneling

Question 13

The logging capability of a __________ is far greater than other network security tools. It captures raw, packet-level data, including the keystrokes and mistakes made by attackers.

Question options:

IPS

honeypot

IDS

firewall

Answer 13

honeypot

Question 14

What is one of the most familiar attacks on a network or system?

Question options:

Insertion attack

Obfuscation attack

DoS or DDoS attack

Payload attack

Answer 14

DoS or DDoS attack

Question 15

Which type of technology utilizes encryption to offer secure connectivity between many entities, both internally and remotely?

Question options:

VPN

Gateway

Firewall

HIDS

Answer 15

VPN