|
|
1. | Which of the following can be used to monitor a network for unauthorized activity? (Choose two.)
|
|
2. | Which system is installed on a host to provide IDS capabilities?
|
|
3. | Which of the following is an active response in an IDS?
|
|
4. | Which implementation of IDS detects intrusions based on previously established rules?
|
|
5. | Which function in an IDS evaluates data collected from sensors?
|
|
6. | Which role is responsible for reporting the results of an attack to a systems operator or administrator?
|
|
7. | What is a system that is intended or designed to be broken into by an attacker called?
|
|
8. | What is the process of formulating a response to a computer attack called?
|
|
9. | Which of the following is not a part of an incident response?
|
|
10. | The connection between wireless devices is accomplished using which protocol?
|
|
11. | Which protocol operates on 2.4GHz and has a bandwidth of 1Mbps or 2Mbps?
|
|
12. | Which protocol was designed to provide security to a wireless network that is equivalent to the security of a wired network?
|
|
13. | Which of the following is a primary vulnerability of a wireless environment?
|
|
14. | To which of the following is IM vulnerable?
|
|
15. | What is the process of identifying the configuration of your network called?
|
|
16. | What is the process of identifying your network and its security posture called?
|
|
17. | What is the process of gaining access to your information (especially network resources such as user and group files) called?
|
|
18. | What is the process of disrupting an IM session called?
|
|
19. | You have just received a call from an IM user in your office who visited an advertised website. The user is complaining that his system is unresponsive and about a million web browsers have opened on his screen. What type of attack has your user had?
|
|
20. | Which term best describes an occurrence of suspicious activity in a network?
|
|
Answers
1. | A and B. Network sniffers and N-IDS systems are used to monitor network traffic. Network sniffers are manually oriented, while an N-IDS can be automated. |
2. | C. A Host-based IDS (H-IDS) is installed on each host that needs IDS capabilities. |
3. | C. Dynamically changing the system's configuration to protect the network or a system is an active response. |
4. | A. By comparing attack signatures and audit trails, a misuse-detection IDS determines whether or not an attack is occurring. |
5. | D. The analyzer function uses data sources from sensors to analyze and determine whether an attack is underway. |
6. | B. The manager is the component that the operator uses to manage the IDS. The manager may be a graphical interface, a real-time traffic screen, or a command-line driven environment. |
7. | A. A honey pot is a system that is intended to be sacrificed in the name of knowledge. Honey pot systems allow investigators to evaluate and analyze the attack strategies used. Law enforcement agencies use honey pots to gather evidence for prosecution. |
8. | A. Incident response is the process of determining the best method of dealing with a computer security incident. |
9. | C. Entrapment is the process of encouraging an individual to perform an unlawful act that they would not normally have done without encouragement. |
10. | C. Wireless Applications Protocol (WAP) is a protocol intended for use with wireless devices. WAP is similar in function to TCP/IP. |
11. | A. 802.11 operates on 2.4GHZ. This standard allows for bandwidths of 1MB or 2MB. |
12. | C. Wired Equivalent Privacy was intended to provide the equivalent security of a wired network. However, WEP has security vulnerabilities that make this goal impossible. |
13. | D. A site survey is the process of monitoring a wireless network using a computer, wireless controller, and analysis software. Site surveys are easily accomplished and hard to detect. |
14. | A. IM users are highly susceptible to malicious code attacks such as worms, viruses, and Trojan horses. Ensure that IM users have up-to-date antivirus software installed. |
15. | B. Scanning is the process of gathering data about your network configuration and determining which systems are live. |
16. | A. Footprinting involves identifying your network and its security posture. Footprinting is done using multiple sources of information to determine what systems you may be using. |
17. | D. Enumeration occurs after scanning in a typical attack. The purpose is to gain access to resources for nefarious purposes. |
18. | A. Jamming is the process of intentionally disrupting communications in an IM session. Jamming is a loosely defined term, and it refers to any intentional disruption that is not a DoS attack. |
19. | A. Your user has just encountered an application-level DoS. This type of attack is very common, is not usually fatal, but is very annoying. Your user should restart his system, verify that the website did not transmit a virus, and stay away from broadcasted websites. |
20. | A. An IDS will announce an event through an alert when suspicious activity is encountered. |
|
|