CEH#17 - Oriyano - Honeypots, IDSs and Firewalls
1. A HIDS is used to monitor activity on which of teh following? a. Network b. application c. log file d. host
c. SaaS, or software as a service, is an environment used to host software services offsite and possibly license just what a company needs and only for as long as they need it.
5. Altering a checksum of a packet can be used to do what? a. send an RST. b. send a URG. c. reset a connection. d. evade an NIDS
d. if an NIDS is employed within a cloud environment, attacks such as altering checksums of a packet can be used to avoid detection.
7. A method for overwhelming an IDS using packets with incorrect TTL values or flags is known as what? a. session splicing b. insertion c. fragmenting d. ACK scanning
d. there is no officially recognized environment referred to as LaaS.
16. HTTP is typically open on which port in a firewall? a. 25 b. 443 c. 80 d. 110
b. even though it would be a cloud based solution, the same ports would be used for common services and endpoints.
3. A NIDS is based on technology similar to which of teh following? a. packet sniffing b. privilege escalatino c. enumeratino d. backdoor
b. soap is used to enable protocol-independent communication between applications.
18. At which layer of the OSI model does a packet-filtering firewall work? a. layer 1 b. layer 2 c. layer 3 d. layer 4
c,d. Since one of the goals of a cloud based solution is to abstract the hardware from the client, layers 3 and above would likely be the only layers that the user would interact with.
17. What is a system used as a chokepoint for traffic? a. IDS b. DMZ c. Bastion host d. SNMP host
c. bastion host is used as a choke ponit
14. In practice a honeypot will be configured how? a. as an unpatched system b. as a decoy server c. as duplicate of a real system d. as an analysis tool
d. platform as a service is ideally suited for development and deployment of custom applications.
8. How does a fragmentation attack, which takes a packet, breaks in into fragments, and sends only some of the fragments to the target, cause a DoS? a. by consuming processor power on the IDS b. by overwhelming the IDS with too many fragments c. by exhausting memory by caching the fragments d. by filling virtual memory with too much data
b. SaaS is the platform type that hosts email services as well as security services in most cases.
6. Firewalking is done to accomplish which of the following? a. find the configuration of a NIDS b. find the configuration of an HIDS c. uncover a honeypot d. analyze a firewall
a, b, d. Cloud technologies can be used for many reasons, but legal responsibility cannot ever be transferred to a third party.
15. Which ports does SNMP use to function? a. 160 and 161 b. 160 and 162 c. 389 and 160 d. 161 and 162
a, b, d. Forensics would not be easier in the cloud; in fact, it may be harder if not impossible to perform.
13. A firewall is used to separate which of the following? a. networks b. hosts c. permissions d. ACL
a. Cloud -based firewalls are used to separate networks with different security ratings.
20. What can be used instead of a URL to evade some firewalls? a. IP address b. encryption c. stateful inspection d. NIDS
a. an ip address can be used instead of a URL to evade some firewalls. Much like standard web applications, ones based in the cloud could still be exploited in the same way.
12. A DMZ is created with which of the following? a. firwall and a router b. a multihomed firewall c. two routers d. a multihomed router
a. email would be a prime example of SaaS as would hosting office suites and other types of software.
10. An anomaly-based NIDS is desgined to look for what? a. patterns of known attacks b. deviations from known traffic patterns c. log alterations d. false positives
a. you would not create a private cloud to reduce costs as most likely it would increase costs due to the need to acquire and maintain expensive hardware and software.
11. Multihomed firewall has a minimum of how many network connections? a. two b. three c. four d. five
b. Three forms of cloud-hosting environments are currently recognized: Saas, PaaS, and IaaS.
2. Which of the following can be used to identify a firewall? a. search engines b. email c. port scanning d. google hacking
b. drive encryption or its equivalent would be useful in protecting data stored in the cloud.
9. Which of the following uses a database of known attacks? a. signature file b. anomaly c. behavior d. shellcode
c. the client who pays the cloud service provider to host their data still has legal responsibility for its safety.
19. What type of firewall analyzes the status of traffic? a. circuit level b. packet filtering c. stateful inspection d. NIDS
c. a firewall with stateful inspection analyzes the status of traffic.
4. Which of the following can be used to evade an IDS? a. packet sniffing b. port scanning c. enumeratino d. encryption
c. man-in-the-middle attacks are effective at altering data in transit between applications and the cloud.