Evasion

Type of firewall that looks at applications to decide whether or not to let the packets transmit?

Appliction-Level FW

7. A method for overwhelming an IDS using packets with incorrect TTL values or flags is known as what? a. Session splicing b. Insertion c. Fragmenting d. ACK scanning

B. Insertion

What is a server that is used only to protect insider resources from public?

Bastion Host

How does Bogus RST work

By modifying the check sum of the RST flag, some IDS will stop processing the packet and pass it along

Type of firewall that monitors sessions at the Session layer of OSI?

Circuit-Level Gateway

The subnet used as a buffer between public and private?

DMZ

How would a attacker confuse a IDS to allow it to pass through un-detected

Denial of Service

What is Tripwire?

File Integrity Checker, looks for changes

Type of anttack that uses what is known about the IDS accepting

Insertion Attack

What firewall has a minimum of three connections

Multi-Homed

What kind of firewall has multiple networks connected to it?

Multihomed FW

Four types of IDS

NIDS (network Intrusion Detection System) HIDS (Host Intrusion Detection System) LFMs (Log File Monitors) File-Integrity Checker (Tripwire)

What is changing the standard code for a protocol to pass undetected by an IDS

Obfuscating

How do URG flags work

Packets can be created with the URG to allow it head of line privilege while some IDS will process the urgent packets and let the unurgent packets pass through un-detected

Draw back to anomaly detection?

Too many alerts a lot of false positives

14. In practice a honeypot will be configured how? a. As an unpatched system b. As a decoy server c. As a duplicate of a real system d. As an analysis tool

c. As a duplicate of a real system

8. How does a fragmentation attack, which takes a packet, breaks it into fragments, and sends only some of the fragments to the target, cause a DoS? a. By consuming processor power on the IDS b. By overwhelming the IDS with too many fragments c. By exhausting memory by caching the fragments d. By filling virtual memory with too much data

c. By exhausting memory by caching the fragments

19. What type of firewall analyzes the status of traffic? a. Circuit level b. Packet filtering c. Stateful inspection d. NIDS

c. Stateful inspection

Draw back to signature IDS

must be kept up to date

IDS looks for anomalies based on?

signatures, custom rules, or behaviors.

Detection of anomalies based on missuse of protocols is:

Protocol detection

Acts as middle man between client and router when requesting to go to the internet?

Proxy Firewall

What type of Firewall has three interfaces, one for Internet, DMZ and the last one is for intranet?

Screen Subnet

What is fragmenting packets called?

Session Splicing

Network Layer firewall used only for packet inspection?

Stateful or Packet-filtering FW