Midterm Net & Web Security Analysis

Pataasin ang iyong marka sa homework at exams ngayon gamit ang Quizwiz!

The signature of a normal FTP connection includes a three-way handshake.

True

True or False A hybrid IDPS combines aspects of NIDPS and HIDPS configurations.

True

True or False A worm creates fi les that copy themselves repeatedly and consume diskspace.

True

True or False Physical security protects a system from theft, fi re, or environmental disaster.

True

______________ do not require user intervention to be launched; they are self-propagating.

Worms

What is a VPN typically used for? a. secure remote access b. detection of security threats c. block open ports d. filter harmful scripts

a. secure remote access

True or False A packet monkey is an unskilled programmer who spreads viruses and other malicious scripts to exploit computer weaknesses.

False

True or False All devices interpret attack signatures uniformly.

False

True or False An IDPS consists of a single device that you install between your firewall and the Internet.

False

True or False An NIDPS can tell you whether an attack attempt on the host was successful.

False

True or False An atomic attack is a barrage of hundreds of packets directed at a host.

False

______________________ is the capability to prevent a participant in an electronic transaction from denying that it performed an action.

Nonrepudiation

In the three-way handshake, the first packet in the sequence has the ________ flag set.

SYN

In a _______________ based detection system, the IDPS canbegin working immediately after installation.

Signature

__________________ are spread by several methods, including running executable code, sharing disks or memory sticks, opening e-mail attachments, and viewing infected or malicious Web pages.

Viruses

Which of the following is an element of the TCP header that can indicate that a connection has been established? a. Flags b. Stream index c. SEQ/ACK analysis d. Sequence number

a. Flags

Which type of attack causes the operating system to crash because it isunable to handle arbitrary data sent to a port? a. RPC attacks b. ICMP message abuse c. malicious port scanning d. SYN fl ood

a. RPC attacks

What tool do you use to secure remote access by users who utilize the Internet? a. VPN b. IDS c. DMZ d. DiD

a. VPN

Which type of scan has the FIN, PSH, and URG flags set? a. Xmas scan b. Null scan c. FIN scan d. SYN Scan

a. Xmas scan

Which of the following is NOT among the items of information that a CVE reference reports? a. attack signature b. name of the vulnerability c. description of vulnerability d. reference in other databases

a. attack signature

Which security layer verifi es the identity of a user, service, or computer? a. authentication b. repudiation c. physical security d. authorization

a. authentication

Which of the following is true about an HIDPS? a. monitors OS and application logs b. sniff s packets as they enter the network c. tracks misuse by external users d. centralized configurations affect host performance

a. monitors OS and application logs

Where is a host-based IDPS agent typically placed? a. on a workstation or server b. at Internet gateways c. between remote users and internal network d. between two subnets

a. on a workstation or server

What is the typical packet sequence for closing a TCP session? a. FIN, FIN ACK, RST b. FIN, ACK, FIN ACK, ACK c. FIN ACK, FIN, ACK, RST d. FIN, FIN ACK

b. FIN, ACK, FIN ACK, ACK

Defense in depth can best be described as which of the following? a. a firewall that protects the network and the servers b. a layered approach to security c.antivirus software and firewalls d. authentication and encryption

b. a layered approach to security

Which of the following is true about an NIDPS versus an HIDPS? a. an NIDPS can determine if a host attack was successful b. an HIDPS can detect attacks not caught by an NIDPS c. an HIDPS can detect intrusion attempts on the entire network d. an NIDPS can compare audit log records

b. an HIDPS can detect attacks not caught by an NIDPS

What type of attack does a remote-access Trojan attempt to perpetrate? a. worm b. back door c. remote denial of service d. composite attack

b. back door

Which of the following is a type of script that automates repetitive tasks inan application such as a word processor but can also be programmed tobe a virus? a. worm b. macro c. back door d. Trojan

b. macro

Which type of attack works by an attacker operating between two computers in a network and impersonating one computer to intercept communications? a. malicious port scanning b. man-in-the-middle c. denial of service d. remote procedure call

b. man-in-the-middle

Under which suspicious traffic signature category would a port scan fall? a. informational b. reconnaissance c. denial of service d. unauthorized access

b. reconnaissance

Which of the following is NOT one of the three primary goals of information security? a. confidentiality b. integrity c. impartiality d. availability

c. impartiality

Which of the following is the description of a land attack? a. the local host source address occurs in the packet b. source and destination IP address/port are the same c. an illegal TCP flag is found in the segment header d. the attacker uses an undefined protocol number

b. source and destination IP address/port are the same

What is an advantage of the anomaly detection method? a. makes use of signatures of well-known attacks b. system can detect attacks from inside the network by people with stolen accounts c. easy to understand and less difficult to configure than a signature-based system d. after installation, the IDPS is trained for several days or weeks

b. system can detect attacks from inside the network by people with stolen accounts

How does the CVE standard make network security devices and tools more effective? a. the layered approach makes attacks nearly impossible b. they can share information about attack signatures c. it requires you to use compatible devices from one vendor d. it warns an attacker that your site is being monitored

b. they can share information about attack signatures

Which IDPS customization option is a list of entities known to be harmless? a. thresholds b. whitelists c. blacklists d. alert settings

b. whitelists

What is the packet called where a Web browser sends a request to theWeb server for Web page data? a. HTML SEND b. HTTP XFER c. HTTP GET d. HTML RELAY

c. HTTP GET

Which of the following is an accurate set of characteristics you would find in an attack signature? a. IP address, attacker's alias, UDP options b. protocol options, TCP ports, region of origin c. IP address, TCP flags, port numbers d. IP number, MAC address, TCP options

c. IP address, TCP flags, port numbers

What is the sequence of packets for a successful three-way handshake? a. SYN, ACK, ACK b. SYN, SYN ACK, RST c. SYN, SYN ACK, ACK d. SYN, ACK, FIN

c. SYN, SYN ACK, ACK

What is a program that appears to do something useful but is actually malware? a. virus b. logic bomb c. Trojan d. back door

c. Trojan

What can an IDPS check to try to determine whether a packet has beentampered with or damaged in transit? a. parity bit b. CRC value c. checksum d. fragment off set

c. checksum

Which of the following is an advantage of a signature-based detection system? a. the definition of what constitutes normal traffic changes b. it is based on profiles the administrator creates c. each signature is assigned a number and name d. the IDPS must be trained for weeks

c. each signature is assigned a number and name

Which type of IDPS can have the problem of getting disparate systems to work in a coordinated fashion? a. inline b. host-based c. hybrid d. network-based

c. hybrid

Which of the following is NOT a network defense function found in intrusion detection and prevention systems? a. prevention b. response c. identification d. detection

c. identification

Of what category of attack is a DoS attack an example? a. bad header information b. single-packet attack c. multiple-packet attack d. suspicious data payload

c. multiple-packet attack

Which type of firewall policy calls for a firewall to deny all traffic by default? a. permissive policy b. perimeter policy c. restrictive policy d. demilitarized policy

c. restrictive policy

A hactivist can best be described as which of the following? a. An unskilled programmer that spreads malicious scripts b. consider themselves seekers of knowledge c. use DoS attacks on Web sites with which they disagree d. deface Web sites by leaving messages for their friends to read

c. use DoS attacks on Web sites with which they disagree

Which security tool works by recognizing signs of a possible attack andsending notifi cation to an administrator? a. DiD b. DMZ c. VPN d. IDPS

d. IDPS

Which of the following is true about the steps in setting up and using an IDPS? a. anomaly-based systems come with a database of attack signatures b. sensors placed on network segments will always capture every packet c. alerts are sent when a packet doesn't match a stored signature d. false positives do not compromise network security

d. false positives do not compromise network security

Why might you want your security system to provide nonrepudiation? a. to prevent a user from capturing packets and viewing sensitive information b. to prevent an unauthorized user from logging into the system c. to trace the origin of a worm spread through email d. so a user can't deny sending or receiving a communication

d. so a user can't deny sending or receiving a communication

In which type of scan does an attacker scan only ports that are commonly used by specific programs? a. random scan b. vanilla scan c. ping sweep d. strobe scan

d. strobe scan

Why might you want to allow extra time for setting up the database in ananomaly-based system? a. the installation procedure is usually complex and time consuming b. to add your own custom rule base c. it requires special hardware that must be custom built d. to allow a baseline of data to be compiled

d. to allow a baseline of data to be compiled


Kaugnay na mga set ng pag-aaral

Mid-Term Review Period 4: From The Jefferson Era to the Era of Good Feelings to the Age of Jackson (Including Review Questions)

View Set

Quiz #2 Cardiovascular System and circulation

View Set

Biology 1321 Exam 1 Review (Vargas) Texas State

View Set

Intro to Comptuer Programming Preamble to Ch 2

View Set

Texas Life and Health other questions

View Set

Matter and Energy in Ecosystems Glossary

View Set