DCOM 215 Chapter 9 Quiz

Pataasin ang iyong marka sa homework at exams ngayon gamit ang Quizwiz!

Which of the following is not one of the three IP protocols that Snort supports? A.) BGP B.) TCP C.) UDP D.) ICMP

A.) BGP

Which of the following is an attack against an IDS when an IDS rejects a packet that an end system accepts? A.) Evasion B.) Shell code C.) Insertion D.) Flooding

A.) Evasion

Which of the following best describes firewalking? A.) It is used to enumerate firewalls and varies the TTL. B.) It is used to map devices in the DMZ such as web servers and SQL servers. C.) It is used to bypass port security and manipulates ARP packets. D.) It is used to enumerate IDSs and varies the TTL.

A.) It is used to enumerate firewalls and varies the TTL.

Which of the following works best at detecting a zero-day attack on a mirrored port of a switch? A.) NIDS anomaly detection. B.) NIDS signature detection. C.) HIDS anomaly detection. D.) HIDS signature detection

A.) NIDS anomaly detection.

Examine the following access list: access-list 111 deny icmp any any This access list was created to block attackers from using ICMP to enumerate internal devices, but now users complain that the Internet seems to be unreachable. What do you think is the problem? A.) An implicit allow all rule B.) An implicit deny all rule C.) There is no problem with the ACL D.) This rule block web traffic

B.) An implicit deny all rule

Which of the following attacks against an IDS works by inserting a number of low-priority IDS triggers to attempt to keep it busy while a few more damaging attacks slip by? A.) Evasion B.) Flooding C.) Shell code D.) Insertion

B.) Flooding

Which of the following can be used to lure attackers away from real servers and allow for their detection? A.) Firewalls B.) Honeypots C.) IDS systems D.) Jails

B.) Honeypots

Which of the following works best on a server in the DMZ at detecting a known attack such as SYN flood? A.) HIDS anomaly detection B.) NIDS anomaly detection C.) HIDS signature detection D.) NIDS signature detection

C.) HIDS signature detection

Which of the following properly describes an evasion attack? A.) It splits data between several packets that the IDS cannot detect. B.) It uses polymorphic shell code to avoid detection. C.). An end system accepts a packet that an IDS rejects. D.) An IDS blindly believes and accepts a packet that an end system has rejected.

C.). An end system accepts a packet that an IDS rejects.

Which of the following is not one of the three IP protocols that Snort supports? A.) TCP B.) UDP C.) ICMP D.) BGP

D.) BGP

Which of the following is the most serious risk associated with vulnerability assessment tools? A.) Platform dependence B.) False positives C.) Nonspecific reporting features D.) False negatives

D.) False Negatives

You need to implement a detective control and want something installed on an individual host that will excel in detecting zero days and advanced persistent threats. Which of the following is your best choice? A.) NIDS anomaly detection B.) HIDS signature detection C.) NIDS signature detection D.) HIDS anomaly detection

D.) HIDS anomaly detection

Snort is a useful tool. Which of the following best describes Snort's capabilities? A.) Proxy, IDS, and sniffer B.) IDS and sniffer C.) Firewall, IDS, and sniffer D.) IDS, packet logger, and sniffer

D.) IDS, packet logger, and sniffer

Which of the following attacks against an IDS occurs when an IDS accepts a packet that an end system rejects? A.) Flooding B.) Evasion C.) Shell code D.) Insertion

D.) Insertion

You have just run a port scan on an edge device and found ports 256, 257, 258, and 259 open. Which of the following is true? A.) It is most likely a router B.) It is most likely Snort C.) It is most likely Microsoft's proxy server D.) It is most likely Check Point FireWall-1

D.) It is most likely Check Point FireWall-1

Which of the following is the example of a honeypot? A.) Traffic Q Professional B.) Hping C.) Nessus D.) KFSensor

D.) KFSensor

You have been asked to enter the following rule into Snort: Aler6t tcp any any -> any 23(msg: "Telnet Connection Attempt"). What is its purpose? A.) This is an alert rule designed to notify you of the use of Telnet in either direction B.) This is a logging rule designed to notify you of the use of Telnet in one direction C.) This is a logging rule designed to notify you of the use of Telnet in either direction D.) This is an alert rule designed to notify you of the use of Telnet in one direction

D.) This is an alert rule designed to notify you of the use of Telnet in one direction


Kaugnay na mga set ng pag-aaral

Chapter 8&9: Digestive System and Urinary System

View Set

Nursing Management: Patients With Gastric and Duodenal Disorders

View Set

Federal Government Chapter 5 Quiz

View Set

chapter 13 fees credit and collection

View Set

Hypothesis Testing - 8, Sections 8.3 through 8.8

View Set

Risk Management and Insurance Midterm 2

View Set

Windows operating systems exam 3

View Set

Frequently Confused Words IXL #2 Practice

View Set