Review Questions | Security+ Study Guide

1.	Which of the following can be used to monitor a network for unauthorized activity? (Choose two.) Network sniffer N-IDS H-IDS VPN
2.	Which system is installed on a host to provide IDS capabilities? Network sniffer N-IDS H-IDS VPN
3.	Which of the following is an active response in an IDS? Sending an alert to a console Shunning Reconfiguring a router to block an IP address Making an entry in the security audit file
4.	Which implementation of IDS detects intrusions based on previously established rules? MD-IDS AD-IDS H-IDS N-IDS
5.	Which function in an IDS evaluates data collected from sensors? Operator Manager Alert Analyzer
6.	Which role is responsible for reporting the results of an attack to a systems operator or administrator? Alert Manager Analyzer Data source
7.	What is a system that is intended or designed to be broken into by an attacker called? Honey pot Honeybucket Decoy Spoofing system
8.	What is the process of formulating a response to a computer attack called? Incident response Evidence gathering Entrapment Enticement
9.	Which of the following is not a part of an incident response? Identification Investigating Entrapment Repairing
10.	The connection between wireless devices is accomplished using which protocol? WEP WTLS WAP WOP
11.	Which protocol operates on 2.4GHz and has a bandwidth of 1Mbps or 2Mbps? 802.11 802.11a 802.11b 802.11g
12.	Which protocol was designed to provide security to a wireless network that is equivalent to the security of a wired network? WAP WTLS WEP IR
13.	Which of the following is a primary vulnerability of a wireless environment? Decryption software IP spoofing A gap in the WAP Site survey
14.	To which of the following is IM vulnerable? Malicious code IP spoofing Man in the middle attacks Replay attacks
15.	What is the process of identifying the configuration of your network called? Footprinting Scanning Jamming Enumeration
16.	What is the process of identifying your network and its security posture called? Footprinting Scanning Jamming Enumeration
17.	What is the process of gaining access to your information (especially network resources such as user and group files) called? Footprinting Scanning Jamming Enumeration
18.	What is the process of disrupting an IM session called? Jamming Broadcasting Incident response Site survey
19.	You have just received a call from an IM user in your office who visited an advertised website. The user is complaining that his system is unresponsive and about a million web browsers have opened on his screen. What type of attack has your user had? DoS Malicious code IP spoofing Site survey
20.	Which term best describes an occurrence of suspicious activity in a network? Event Spoofing Jamming Enumeration

Answers

1.	A and B. Network sniffers and N-IDS systems are used to monitor network traffic. Network sniffers are manually oriented, while an N-IDS can be automated.
2.	C. A Host-based IDS (H-IDS) is installed on each host that needs IDS capabilities.
3.	C. Dynamically changing the system's configuration to protect the network or a system is an active response.
4.	A. By comparing attack signatures and audit trails, a misuse-detection IDS determines whether or not an attack is occurring.
5.	D. The analyzer function uses data sources from sensors to analyze and determine whether an attack is underway.
6.	B. The manager is the component that the operator uses to manage the IDS. The manager may be a graphical interface, a real-time traffic screen, or a command-line driven environment.
7.	A. A honey pot is a system that is intended to be sacrificed in the name of knowledge. Honey pot systems allow investigators to evaluate and analyze the attack strategies used. Law enforcement agencies use honey pots to gather evidence for prosecution.
8.	A. Incident response is the process of determining the best method of dealing with a computer security incident.
9.	C. Entrapment is the process of encouraging an individual to perform an unlawful act that they would not normally have done without encouragement.
10.	C. Wireless Applications Protocol (WAP) is a protocol intended for use with wireless devices. WAP is similar in function to TCP/IP.
11.	A. 802.11 operates on 2.4GHZ. This standard allows for bandwidths of 1MB or 2MB.
12.	C. Wired Equivalent Privacy was intended to provide the equivalent security of a wired network. However, WEP has security vulnerabilities that make this goal impossible.
13.	D. A site survey is the process of monitoring a wireless network using a computer, wireless controller, and analysis software. Site surveys are easily accomplished and hard to detect.
14.	A. IM users are highly susceptible to malicious code attacks such as worms, viruses, and Trojan horses. Ensure that IM users have up-to-date antivirus software installed.
15.	B. Scanning is the process of gathering data about your network configuration and determining which systems are live.
16.	A. Footprinting involves identifying your network and its security posture. Footprinting is done using multiple sources of information to determine what systems you may be using.
17.	D. Enumeration occurs after scanning in a typical attack. The purpose is to gain access to resources for nefarious purposes.
18.	A. Jamming is the process of intentionally disrupting communications in an IM session. Jamming is a loosely defined term, and it refers to any intentional disruption that is not a DoS attack.
19.	A. Your user has just encountered an application-level DoS. This type of attack is very common, is not usually fatal, but is very annoying. Your user should restart his system, verify that the website did not transmit a virus, and stay away from broadcasted websites.
20.	A. An IDS will announce an event through an alert when suspicious activity is encountered.