Chapter 7 Quiz Question Bank - CIST1601-Information Security Fund

__________ is the action of luring an individual into committing a crime to get a conviction. A) Entrapment B) Enticement C) Intrusion D) Padding

A) Entrapment

__________ are decoy systems designed to lure potential attackers away from critical systems. A) Honeypots B) Bastion Hosts C) Wasp Nests D) Designated Targets

A) Honeypots

A(n) __________ works like a burglar alarm in that it detects a violation (some system activities analogous to an opened or broken window) and activates an alarm. A) IDPS B) WiFi C) UDP D) DoS

A) IDPS

Using __________, the system reviews the log files generated by servers, network devices, and even other IDPSs. A) LFM B) stat IDPS C) AppIDPS D) HIDPS

A) LFM

__________ are usually passive devices and can be deployed into existing networks with little or no disruption to normal network operations. A) NIDPSs B) HIDPSs C) AppIDPSs D) SIDPSs

A) NIDPSs

A HIDPS can monitor systems logs for predefined events. A) True B) False

A) True

A fully distributed IDPS control strategy is an IDPS implementation approach in which all control functions are applied at the physical location of each IDPS component.. A) True B) False

A) True

A strategy based on the concept of defense in depth is likely to include intrusion detection systems, active vulnerability scanners, passive vulnerability scanners, automated log analyzers, and protocol analyzers. A) True B) False

A) True

A(n) known vulnerability is a published weakness or fault in an information asset or its protective systems that may be exploited and result in loss. _________________________ A) True B) False

A) True

A(n) log file monitor is similar to a NIDPS. _________________________ A) True B) False

A) True

A(n) partially distributed IDPS control strategy combines the best of the other two strategies. _________________________ A) True B) False

A) True

Alarm events that are accurate and noteworthy but do not pose significant threats to information security are called noise. _________________________ A) True B) False

A) True

An HIDPS can detect local events on host systems and also detect attacks that may elude a network-based IDPS. A) True B) False

A) True

An IDPS can be configured to dial a phone number and produce an alphanumeric page or other type of signal or message. A) True B) False

A) True

IDPS responses can be classified as active or passive. A) True B) False

A) True

In DNS cache poisoning, valid packets exploit poorly configured DNS servers to inject false information to corrupt the servers' answers to routine DNS queries from other systems on the network. A) True B) False

A) True

In order to determine which IDPS best meets an organization's needs, first consider the organizational environment in technical, physical, and political terms. A) True B) False

A) True

Once the OS is known, all of the vulnerabilities to which a system is susceptible can easily be determined. A) True B) False

A) True

Security tools that go beyond routine intrusion detection include honeypots, honeynets and padded cell systems. A) True B) False

A) True

The anomaly-based IDPS collects statistical summaries by observing traffic that is known to be normal. A) True B) False

A) True

To assist in the footprint intelligence collection process, attackers may use an enhanced Web scanner that, among other things, can scan entire Web sites for valuable pieces of information, such as server names and e-mail addresses. A) True B) False

A) True

To use a packet sniffer legally, an administrator only needs permission of the organization's top computing executive. A) True B) False

A) True

When a collection of honeypots connects several honeypot systems on a subnet, it may be called a(n) honeynet. _________________________ A) True B) False

A) True

Network Behavior Analysis system __________ sensors are typically intended for network perimeter use, so they would be deployed in close proximity to the perimeter firewalls, often between the firewall and the Internet border router to limit incoming attacks that could overwhelm the firewall. A) inline B) offline C) passive D) bypass

A) inline

A(n) __________ IDPS is focused on protecting network information assets. A) network-based B) host-based C) application-based D) server-based

A) network-based

A __________ vulnerability scanner listens in on the network and identifies vulnerable versions of both server and client software. A) passive B) aggressive C) active D) secret

A) passive

A HIDPS is optimized to detect multihost scanning, and it is able to detect the scanning of non-host network devices, such as routers or switches. A) True B) False

B) False

A broadcast vulnerability scanner is one that initiates traffic on the network in order to determine security holes. A) True B) False

B) False

A false positive is the failure of an IDPS system to react to an actual attack event. A) True B) False

B) False

A padded cell is a hardened honeynet. _________________________ A) True B) False

B) False

A passive IDPS response is a definitive action automatically initiated when certain types of alerts are triggered. A) True B) False

B) False

A(n) NIDPS functions on the host system, where encrypted traffic will have been decrypted and is available for processing. _________________________ A) True B) False

B) False

A(n) event is an indication that a system has just been attacked or is under attack. _________________________ A) True B) False

B) False

A(n) monitoring vulnerability scanner is one that listens in on the network and determines vulnerable versions of both server and client software. _________________________ A) True B) False

B) False

Administrators who are wary of using the same tools that attackers use should remember that most organizations prohibit use of open source or freeware software tools. A) True B) False

B) False

All IDPS vendors target users with the same levels of technical and security expertise. A) True B) False

B) False

An IDPS can be configured to dial a phone number and produce an alphanumeric page or other type of signal or message. A) True B) False

B) False

Enticement is the action of luring an individual into committing a crime to get a conviction. _________________________ A) True B) False

B) False

Fingerprinting is the organized research of the Internet addresses owned or controlled by a target organization. _________________________ A) True B) False

B) False

Intrusion detection and prevention systems can deal effectively with switched networks. A) True B) False

B) False

Intrusion detection consists of procedures and systems that identify system intrusions and take action when an intrusion is detected. A) True B) False

B) False

Passive scanners are advantageous in that they require vulnerability analysts to get approval prior to testing. A) True B) False

B) False

Port explorers ​are tools used by both attackers and defenders to identify (or fingerprint) the computers that are active on a network, as well as the ports and services active on those computers, the functions and roles the machines are fulfilling, anAn IDPS can be configured to dial a phone number and produce an alphanumeric page or other type of signal or message. A) True B) False other useful information. _________________________ A) True B) False

B) False

Port explorers ​are tools used by both attackers and defenders to identify (or fingerprint) the computers that are active on a network, as well as the ports and services active on those computers, the functions and roles the machines are fulfilling, and other useful information. _________________________ A) True B) False

B) False

Services using the TCP/IP protocol can run only on their commonly used port number as specified in their original Internet standard. A) True B) False

B) False

The activities that gather information about the organization and its network activities and assets is called fingerprinting. _________________________ A) True B) False

B) False

The disadvantages of using the honeypot or padded cell approach include the fact that the technical ​implications of using such devices are not well understood. _________________________ A) True B) False

B) False

The primary advantages of a a centralized IDPS control strategy are cost and ease-of-use. _________________________ A) True B) False

B) False

The process by which attackers change the format and/or timing of their activities to avoid being detected by the IDPS is known as a false attack stimulus. A) True B) False

B) False

The process of entrapment is when an attacker changes the format and/or timing of their activities to avoid being detected by an IDPS. _________________________ A) True B) False

B) False

To use a packet sniffer legally, an administrator only needs permission of the organization's top computing executive. A) True B) False

B) False

To use a packet sniffer legally, an administrator only needs permission of the organization's top computing executive. A) True B) False

B) False

When using trap-and-trace, the trace usually consists of a honeypot or padded cell and an alarm. _________________________ A) True B) False

B) False

Your organization's operational goals, constraints, and culture should not affect the selection of the IDPS and other security tools and technologies to protect your systems. A) True B) False

B) False

__________ testing is a straightforward testing technique that looks for vulnerabilities in a program or protocol by feeding random input to the program or a network running the protocol. A) Buzz B) Fuzz C) Spike D) Black

B) Fuzz

A(n) __________ is an event that triggers an alarm when no actual attack is in progress. A) false neutral B) false attack stimulus C) false negative D) noise

B) false attack stimulus

The ability to detect a target computer's __________ is very valuable to an attacker. A) manufacturer B) operating system C) peripherals D) BIOS

B) operating system

Some vulnerability scanners feature a class of attacks called _________, that are so dangerous they should only be used in a lab environment. A) aggressive B) divisive C) destructive D) disruptive

C) destructive

A(n) __________ is a software program or hardware appliance that can intercept, copy, and interpret network traffic. A) packet scanner B) packet sniffer C) honey pot D) honey packet

C) signatures

To determine whether an attack has occurred or is underway, NIDPSs compare measured activity to known __________ in their knowledge base. A) vulnerabilities B) fingerprints C) signatures D) footprints

C) signatures

To use a packet sniffer legally, the administrator must __________. A) be on a network that the organization owns B) be under direct authorization of the network's owners C) have knowledge and consent of the content's creators D) all of the above

C) signatures

Intrusion __________ activities finalize the restoration of operations to a normal state and seek to identify the source and method of the intrusion in order to ensure that the same type of attack cannot occur again. A) prevention B) reaction C) detection D) correction

D) correction

Which of the following is NOT a described IDPS control strategy? A) centralized B) fully distributed C) partially distributed D) decentralized

D) decentralized

Activities that scan network locales for active systems and then identify the network services offered by the host systems is known as __________. A) port knocking B) doorknob rattling C) footprinting D) fingerprinting

D) fingerprinting