Evasion
Type of firewall that looks at applications to decide whether or not to let the packets transmit?
Appliction-Level FW
7. A method for overwhelming an IDS using packets with incorrect TTL values or flags is known as what? a. Session splicing b. Insertion c. Fragmenting d. ACK scanning
B. Insertion
What is a server that is used only to protect insider resources from public?
Bastion Host
How does Bogus RST work
By modifying the check sum of the RST flag, some IDS will stop processing the packet and pass it along
Type of firewall that monitors sessions at the Session layer of OSI?
Circuit-Level Gateway
The subnet used as a buffer between public and private?
DMZ
How would a attacker confuse a IDS to allow it to pass through un-detected
Denial of Service
What is Tripwire?
File Integrity Checker, looks for changes
Type of anttack that uses what is known about the IDS accepting
Insertion Attack
What firewall has a minimum of three connections
Multi-Homed
What kind of firewall has multiple networks connected to it?
Multihomed FW
Four types of IDS
NIDS (network Intrusion Detection System) HIDS (Host Intrusion Detection System) LFMs (Log File Monitors) File-Integrity Checker (Tripwire)
What is changing the standard code for a protocol to pass undetected by an IDS
Obfuscating
How do URG flags work
Packets can be created with the URG to allow it head of line privilege while some IDS will process the urgent packets and let the unurgent packets pass through un-detected
Draw back to anomaly detection?
Too many alerts a lot of false positives
14. In practice a honeypot will be configured how? a. As an unpatched system b. As a decoy server c. As a duplicate of a real system d. As an analysis tool
c. As a duplicate of a real system
8. How does a fragmentation attack, which takes a packet, breaks it into fragments, and sends only some of the fragments to the target, cause a DoS? a. By consuming processor power on the IDS b. By overwhelming the IDS with too many fragments c. By exhausting memory by caching the fragments d. By filling virtual memory with too much data
c. By exhausting memory by caching the fragments
19. What type of firewall analyzes the status of traffic? a. Circuit level b. Packet filtering c. Stateful inspection d. NIDS
c. Stateful inspection
Draw back to signature IDS
must be kept up to date
IDS looks for anomalies based on?
signatures, custom rules, or behaviors.
Detection of anomalies based on missuse of protocols is:
Protocol detection
Acts as middle man between client and router when requesting to go to the internet?
Proxy Firewall
What type of Firewall has three interfaces, one for Internet, DMZ and the last one is for intranet?
Screen Subnet
What is fragmenting packets called?
Session Splicing
Network Layer firewall used only for packet inspection?
Stateful or Packet-filtering FW