Chapter 7 Quiz Question Bank - CIST1601-Information Security Fund
__________ is the action of luring an individual into committing a crime to get a conviction. A) Entrapment B) Enticement C) Intrusion D) Padding
A) Entrapment
__________ are decoy systems designed to lure potential attackers away from critical systems. A) Honeypots B) Bastion Hosts C) Wasp Nests D) Designated Targets
A) Honeypots
A(n) __________ works like a burglar alarm in that it detects a violation (some system activities analogous to an opened or broken window) and activates an alarm. A) IDPS B) WiFi C) UDP D) DoS
A) IDPS
Using __________, the system reviews the log files generated by servers, network devices, and even other IDPSs. A) LFM B) stat IDPS C) AppIDPS D) HIDPS
A) LFM
__________ are usually passive devices and can be deployed into existing networks with little or no disruption to normal network operations. A) NIDPSs B) HIDPSs C) AppIDPSs D) SIDPSs
A) NIDPSs
A HIDPS can monitor systems logs for predefined events. A) True B) False
A) True
A fully distributed IDPS control strategy is an IDPS implementation approach in which all control functions are applied at the physical location of each IDPS component.. A) True B) False
A) True
A strategy based on the concept of defense in depth is likely to include intrusion detection systems, active vulnerability scanners, passive vulnerability scanners, automated log analyzers, and protocol analyzers. A) True B) False
A) True
A(n) known vulnerability is a published weakness or fault in an information asset or its protective systems that may be exploited and result in loss. _________________________ A) True B) False
A) True
A(n) log file monitor is similar to a NIDPS. _________________________ A) True B) False
A) True
A(n) partially distributed IDPS control strategy combines the best of the other two strategies. _________________________ A) True B) False
A) True
Alarm events that are accurate and noteworthy but do not pose significant threats to information security are called noise. _________________________ A) True B) False
A) True
An HIDPS can detect local events on host systems and also detect attacks that may elude a network-based IDPS. A) True B) False
A) True
An IDPS can be configured to dial a phone number and produce an alphanumeric page or other type of signal or message. A) True B) False
A) True
IDPS responses can be classified as active or passive. A) True B) False
A) True
In DNS cache poisoning, valid packets exploit poorly configured DNS servers to inject false information to corrupt the servers' answers to routine DNS queries from other systems on the network. A) True B) False
A) True
In order to determine which IDPS best meets an organization's needs, first consider the organizational environment in technical, physical, and political terms. A) True B) False
A) True
Once the OS is known, all of the vulnerabilities to which a system is susceptible can easily be determined. A) True B) False
A) True
Security tools that go beyond routine intrusion detection include honeypots, honeynets and padded cell systems. A) True B) False
A) True
The anomaly-based IDPS collects statistical summaries by observing traffic that is known to be normal. A) True B) False
A) True
To assist in the footprint intelligence collection process, attackers may use an enhanced Web scanner that, among other things, can scan entire Web sites for valuable pieces of information, such as server names and e-mail addresses. A) True B) False
A) True
To use a packet sniffer legally, an administrator only needs permission of the organization's top computing executive. A) True B) False
A) True
When a collection of honeypots connects several honeypot systems on a subnet, it may be called a(n) honeynet. _________________________ A) True B) False
A) True
Network Behavior Analysis system __________ sensors are typically intended for network perimeter use, so they would be deployed in close proximity to the perimeter firewalls, often between the firewall and the Internet border router to limit incoming attacks that could overwhelm the firewall. A) inline B) offline C) passive D) bypass
A) inline
A(n) __________ IDPS is focused on protecting network information assets. A) network-based B) host-based C) application-based D) server-based
A) network-based
A __________ vulnerability scanner listens in on the network and identifies vulnerable versions of both server and client software. A) passive B) aggressive C) active D) secret
A) passive
A HIDPS is optimized to detect multihost scanning, and it is able to detect the scanning of non-host network devices, such as routers or switches. A) True B) False
B) False
A broadcast vulnerability scanner is one that initiates traffic on the network in order to determine security holes. A) True B) False
B) False
A false positive is the failure of an IDPS system to react to an actual attack event. A) True B) False
B) False
A padded cell is a hardened honeynet. _________________________ A) True B) False
B) False
A passive IDPS response is a definitive action automatically initiated when certain types of alerts are triggered. A) True B) False
B) False
A(n) NIDPS functions on the host system, where encrypted traffic will have been decrypted and is available for processing. _________________________ A) True B) False
B) False
A(n) event is an indication that a system has just been attacked or is under attack. _________________________ A) True B) False
B) False
A(n) monitoring vulnerability scanner is one that listens in on the network and determines vulnerable versions of both server and client software. _________________________ A) True B) False
B) False
Administrators who are wary of using the same tools that attackers use should remember that most organizations prohibit use of open source or freeware software tools. A) True B) False
B) False
All IDPS vendors target users with the same levels of technical and security expertise. A) True B) False
B) False
An IDPS can be configured to dial a phone number and produce an alphanumeric page or other type of signal or message. A) True B) False
B) False
Enticement is the action of luring an individual into committing a crime to get a conviction. _________________________ A) True B) False
B) False
Fingerprinting is the organized research of the Internet addresses owned or controlled by a target organization. _________________________ A) True B) False
B) False
Intrusion detection and prevention systems can deal effectively with switched networks. A) True B) False
B) False
Intrusion detection consists of procedures and systems that identify system intrusions and take action when an intrusion is detected. A) True B) False
B) False
Passive scanners are advantageous in that they require vulnerability analysts to get approval prior to testing. A) True B) False
B) False
Port explorers are tools used by both attackers and defenders to identify (or fingerprint) the computers that are active on a network, as well as the ports and services active on those computers, the functions and roles the machines are fulfilling, anAn IDPS can be configured to dial a phone number and produce an alphanumeric page or other type of signal or message. A) True B) False other useful information. _________________________ A) True B) False
B) False
Port explorers are tools used by both attackers and defenders to identify (or fingerprint) the computers that are active on a network, as well as the ports and services active on those computers, the functions and roles the machines are fulfilling, and other useful information. _________________________ A) True B) False
B) False
Services using the TCP/IP protocol can run only on their commonly used port number as specified in their original Internet standard. A) True B) False
B) False
The activities that gather information about the organization and its network activities and assets is called fingerprinting. _________________________ A) True B) False
B) False
The disadvantages of using the honeypot or padded cell approach include the fact that the technical implications of using such devices are not well understood. _________________________ A) True B) False
B) False
The primary advantages of a a centralized IDPS control strategy are cost and ease-of-use. _________________________ A) True B) False
B) False
The process by which attackers change the format and/or timing of their activities to avoid being detected by the IDPS is known as a false attack stimulus. A) True B) False
B) False
The process of entrapment is when an attacker changes the format and/or timing of their activities to avoid being detected by an IDPS. _________________________ A) True B) False
B) False
To use a packet sniffer legally, an administrator only needs permission of the organization's top computing executive. A) True B) False
B) False
To use a packet sniffer legally, an administrator only needs permission of the organization's top computing executive. A) True B) False
B) False
When using trap-and-trace, the trace usually consists of a honeypot or padded cell and an alarm. _________________________ A) True B) False
B) False
Your organization's operational goals, constraints, and culture should not affect the selection of the IDPS and other security tools and technologies to protect your systems. A) True B) False
B) False
__________ testing is a straightforward testing technique that looks for vulnerabilities in a program or protocol by feeding random input to the program or a network running the protocol. A) Buzz B) Fuzz C) Spike D) Black
B) Fuzz
A(n) __________ is an event that triggers an alarm when no actual attack is in progress. A) false neutral B) false attack stimulus C) false negative D) noise
B) false attack stimulus
The ability to detect a target computer's __________ is very valuable to an attacker. A) manufacturer B) operating system C) peripherals D) BIOS
B) operating system
Some vulnerability scanners feature a class of attacks called _________, that are so dangerous they should only be used in a lab environment. A) aggressive B) divisive C) destructive D) disruptive
C) destructive
A(n) __________ is a software program or hardware appliance that can intercept, copy, and interpret network traffic. A) packet scanner B) packet sniffer C) honey pot D) honey packet
C) signatures
To determine whether an attack has occurred or is underway, NIDPSs compare measured activity to known __________ in their knowledge base. A) vulnerabilities B) fingerprints C) signatures D) footprints
C) signatures
To use a packet sniffer legally, the administrator must __________. A) be on a network that the organization owns B) be under direct authorization of the network's owners C) have knowledge and consent of the content's creators D) all of the above
C) signatures
Intrusion __________ activities finalize the restoration of operations to a normal state and seek to identify the source and method of the intrusion in order to ensure that the same type of attack cannot occur again. A) prevention B) reaction C) detection D) correction
D) correction
Which of the following is NOT a described IDPS control strategy? A) centralized B) fully distributed C) partially distributed D) decentralized
D) decentralized
Activities that scan network locales for active systems and then identify the network services offered by the host systems is known as __________. A) port knocking B) doorknob rattling C) footprinting D) fingerprinting
D) fingerprinting