Question 1

A(n)_______________ is an artificial environment where attackers can be contained and observed,without putting real systems at risk.

Accepted Answer

The answer of A(n)_______________ is an artificial environment where attackers...

Question 2

A(n)_______________ monitors network traffic for malicious or unwanted behavior and can block,reject,or redirect traffic in real time.

Accepted Answer

intrusion

Question 3

Which component of an IDS examines the collected network traffic and compares it to known patterns of suspicious or malicious activity?

Accepted Answer

A) Traffic collector 
B) Analysis engine 
C) Signature database 
D) Examination collector 
A) Traffic collector 
B) Analysis engine 
C) Signature database 
D) Examination collector

Question 4

A(n)_______________ is a network device with the purpose of enforcing a security policy across its connection,by allowing or denying traffic to pass into or out of the network.

Accepted Answer

The answer of A(n)_______________ is a network device with the...

Question 5

Zone Alarm,Windows ICF,and iptables are all examples of

Accepted Answer

A) Antivirus 
B) Antispyware 
C) Antispam 
D) Personal firewalls 
A) Antivirus 
B) Antispyware 
C) Antispam 
D) Personal firewalls

Question 6

A(n)_______________ is also known as a packet sniffer and network sniffer.

Accepted Answer

The answer of A(n)_______________ is also known as a packet...

Question 7

What are the advantages and disadvantages of HIDSs?

Accepted Answer

Answers can include the following:
ADVAN

Question 8

What must you do in order to sniff the traffic on all ports on a switch?

Accepted Answer

A) Nothing;you can see all the traffic on a switch by default. 
B) Nothing;a switch does not allow you do see all traffic. 
C) Enable port mirroring. 
D) Run a cable to each port. 
A) Nothing;you can see all the traffic on a switch by default. 
B) Nothing;a switch does not allow you do see all traffic. 
C) Enable port mirroring. 
D) Run a cable to each port.

Question 9

Your boss would like you to implement a network device that will monitor traffic and turn off processes and reconfigure permissions as necessary.To do this you would use

Accepted Answer

A) A firewall 
B) A sniffer 
C) A passive HIDS 
D) An active HIDS 
A) A firewall 
B) A sniffer 
C) A passive HIDS 
D) An active HIDS

Question 10

_______________ scanning typically looks for commands or instructions that are not normally found in application programs,such as attempts to access a reserved memory register.

Accepted Answer

The answer of _______________ scanning typically looks for commands or...

Question 11

The main purpose of a honeypot is

Accepted Answer

A) To identify hackers so they can be tracked down by the FBI 
B) To slow hackers down by providing an additional layer of security that they must pass before accessing the actual network 
C) To distract hackers away from attacking an organization's live network 
D) To help security professionals better understand and protect against threats to the system 
A) To identify hackers so they can be tracked down by the FBI 
B) To slow hackers down by providing an additional layer of security that they must pass before accessing the actual network 
C) To distract hackers away from attacking an organization's live network 
D) To help security professionals better understand and protect against threats to the system

Question 12

Which of the following is NOT a disadvantage of host-based IDS?

Accepted Answer

A) The IDS uses local system resources. 
B) The IDS can have a high cost of ownership and maintenance. 
C) The IDS must have a process on every system you want to watch. 
D) The IDS is ineffective when traffic is encrypted. 
A) The IDS uses local system resources. 
B) The IDS can have a high cost of ownership and maintenance. 
C) The IDS must have a process on every system you want to watch. 
D) The IDS is ineffective when traffic is encrypted.

Question 13

While NIDS are able to detect activities such as port scans and brute force attacks,it is unable to detect tunneling.

Accepted Answer

A) True 
 B)False

Question 14

The security tool that will hide information about the requesting system and make the browsing experience secret is a

Accepted Answer

A) Web proxy 
B) Reverse proxy 
C) Anonymizing proxy 
D) Open proxy 
A) Web proxy 
B) Reverse proxy 
C) Anonymizing proxy 
D) Open proxy

Question 15

How does IPS differ from an IDS?

Accepted Answer

A) IPS is passive and IDS is active. 
B) IPS uses heuristics and IDS is signature based. 
C) IPS will block,reject,or redirect unwanted traffic;an IDS will only alert. 
D) IDS will block,reject,or redirect unwanted traffic;an IPS will only alert. 
A) IPS is passive and IDS is active. 
B) IPS uses heuristics and IDS is signature based. 
C) IPS will block,reject,or redirect unwanted traffic;an IDS will only alert. 
D) IDS will block,reject,or redirect unwanted traffic;an IPS will only alert.

Question 16

What was wrong with the first host-based IDSs?

Accepted Answer

Host-based systems r

Question 17

The difference between misuse and anomaly IDS models is

Accepted Answer

A) Misuse models require knowledge of normal activity,whereas anomaly models don't. 
B) Anomaly models require knowledge of normal activity,whereas misuse models don't. 
C) Anomaly models are based on patterns of suspicious activity. 
D) Anomaly model-based systems suffer from many false negatives. 
A) Misuse models require knowledge of normal activity,whereas anomaly models don't. 
B) Anomaly models require knowledge of normal activity,whereas misuse models don't. 
C) Anomaly models are based on patterns of suspicious activity. 
D) Anomaly model-based systems suffer from many false negatives.

Question 18

_______________ are host-based protective mechanisms that monitor and control traffic passing into and out of a single system.

Accepted Answer

The answer of _______________ are host-based protective mechanisms that monitor...

Question 19

Egress filtering

Accepted Answer

A) Scans incoming mail to catch spam 
B) Scans outgoing mail to catch spam 
C) Messages are scan for specific words or phrases 
D) Filters out POP traffic 
A) Scans incoming mail to catch spam 
B) Scans outgoing mail to catch spam 
C) Messages are scan for specific words or phrases 
D) Filters out POP traffic

Question 20

_______________ products filter out the junk e-mail.

Accepted Answer

The answer of _______________ products filter out the junk e-mail....

Exam 13: Intrusion Detection Systems and Network Security

A(n)_______________ is an artificial environment where attackers can be contained and observed,without putting real systems at risk.

A(n)_______________ monitors network traffic for malicious or unwanted behavior and can block,reject,or redirect traffic in real time.

Which component of an IDS examines the collected network traffic and compares it to known patterns of suspicious or malicious activity?

A(n)_______________ is a network device with the purpose of enforcing a security policy across its connection,by allowing or denying traffic to pass into or out of the network.

Zone Alarm,Windows ICF,and iptables are all examples of

A(n)_______________ is also known as a packet sniffer and network sniffer.

What are the advantages and disadvantages of HIDSs?

What must you do in order to sniff the traffic on all ports on a switch?

Your boss would like you to implement a network device that will monitor traffic and turn off processes and reconfigure permissions as necessary.To do this you would use

_______________ scanning typically looks for commands or instructions that are not normally found in application programs,such as attempts to access a reserved memory register.

The main purpose of a honeypot is

Which of the following is NOT a disadvantage of host-based IDS?

While NIDS are able to detect activities such as port scans and brute force attacks,it is unable to detect tunneling.

The security tool that will hide information about the requesting system and make the browsing experience secret is a

How does IPS differ from an IDS?

What was wrong with the first host-based IDSs?

The difference between misuse and anomaly IDS models is

_______________ are host-based protective mechanisms that monitor and control traffic passing into and out of a single system.

Egress filtering

_______________ products filter out the junk e-mail.

Introduction and Security Trends

General Security Concepts

Operational-Organizational Security

The Role of People in Security

Cryptography

Public Key Infrastructure

Standards and Protocols

Physical Security

Network Fundamentals

Infrastructure Security

Authentication and Remote Access

Wireless

Baselines

Types of Attacks and Malicious Software

E-Mail and Instant Messaging

Web Components

Secure Software Development

Disaster Recovery, Business Continuity, and Organizational Policies

Risk Management

Change Management

Privilege Management

Computer Forensics

Legal Issues and Ethics

Privacy

Filters