Chapter 11 Quizzes
Firewalls, whether hardware or software, are only effective as their _____________?
Configuration
An attacker is attempting to determine whether a system is a honeypot. Which of the following actions should the attacker take?
Craft a malicious probe packet to scan for services.
Which of the following is the process of determining the configuration of ACLs by sending a firewall TCP and UDP packets?
Firewalking
You are working on firewall evasion countermeasures and are specifically looking for a tool to expose TTL vulnerabilities. Which of the followings tools would you use?
Firewalking
Jin, a penetration tester, was hired to perform a black box penetration test. He decides to test their firewall. Which of the following techniques should he use first?
Footprinting
What are the two types of Intrusion Detection Systems (IDS)?
HIDS and NIDS
Jessica needs to set up a firewall to protect her internal network from the Internet. Which of the following would be the best type of firewall for her to use?
Hardware
Which of the following honeypot interaction levels simulate all service and applications and can be completely compromised by attackers to get full access to the system in a controlled area?
High-level
Lorena, the CIO, wants to ensure the company's security practices and policies match well with their firewall security configuration for maximum protection against hacking. Which of the following actions should Lorena take?
Hire a penetration tester.
Mark, an ethical hacker, is looking for a honeypot tool that will simulate a mischievous protocol such as devil or mydoom. Which of the following honeypot tools should he use?
HoneyBOT
Ports that show a particular service but deny a three-way handshake connection indicate the potential presence of which of the following?
Honeypot
Which of the following is a physical or virtual network device set up to masquerade as a legitimate network resource?
Honeypot
You are on a Windows system. You receive an alert that a file name MyFile.txt.exe had been found. Which of the following could this indicate?
Host-based IDS
Which of the following firewall limitations is a critical vulnerability because it means that packet filters cannot tell whether a connection was started inside or outside the organization?
Inability to detect the keep the state status.
ARP, DNS, and IP are all examples of which of the following?
Spoofing methods
An attacker conducts a normal port scan on a host and detects protocols used by a Windows operating system and protocols used by a Linux operating system. Which of the following might this indicate?
A honeypot
Which of the following best describes a honeypot?
A honeypot's purpose is to look like a legitimate network resource.
Frank, an attacker, has gained access to your network. He decides to cause an illegal instruction. He watches the timing to handle an illegal instruction. Which of the following is he testing for?
A virtual machine
Which of the following IDS detection types compare behavior to baseline profiles or network behavior baselines?
Anomaly-based
User-Mode-Linux (UML) is an open-source tool used to create virtual machines. It's efficient for deploying honeypots. One of the big issues with UML is that it doesn't use a real hard disk, but a fake IDE device called /dev/ubd*. How can an attacker find a UML system?
Attackers need to take a look at the /etc/ftsab file or execute the mount command.
Robin, an IT technician, has implemented identification and detection techniques based on the ability to distinguish legitimate traffic from illegitimate traffic over the network. Which of the following is he trying to achieve?
Defend the network against IDS evasions.
Which of the following best describes a stateful inspection?
Determines the legitimacy of traffic based on the state of the connection from which the traffic originated.
Ping of death, teardrop, SYN flood, Smurf and fraggle are all examples of which of the following?
DoS attack types
Which of the following honeypot interaction levels can't be compromised completely and is generally set to collect information about attacks like network probes and worms?
Low-level
Which of the following is another name for the signature-based detection method?
Misuse detection
Which of the following is a sign of network-based intrusion?
New or unusual protocols and services running.
An older technique for defeating honeypots is to use tarpits, which sometimes operate at different levels of the OSI model, depending on their function. Which of the following layers of the OSI model do tarpits work at?
OSI layers 2 (DataLink), 4 (Transport), and 7 (Application)
Penetration testing is a practice conducted by an ethical hacker to see how an organization's security policies and security practices measure up to the organization's actual overall successful system security. When can an ethical hacker start the penetration test?
Once all of the legal contracts are signed, formalities settled, and permissions are given.
Which of the following best describes a proxy server?
Operates at Layer 7 (Application) of the OSI model.
Which of the following firewall technologies operates at Layers 3 (Network) and 4 (Transport) of the OSI model?
Packet filtering
Allen, the network administrator, needs a tool that can do network intrusion prevention and intrusion detection, capture packets, and monitory information. Which of the following tools would he most likely select?
Snort
Julie is looking for a honeypot detection tool that is capable of packet manipulation. Which of the following tools should she use?
Snort inline
IP Address spoofin, fragmentation attacks, using proxy servers, ICMP tunneling, and ACP tunneling are all examples of which of the following firewall penetration testing techniques?
TCP packet filtering
Which of the following best describes source routing?
The packet's sender designates the route that a packet should take through the network.
An IDS can perform many types of intrusion detection. Three common detection methods are signature-based, anomaly-based, and protocol-based. Which of the following best describes protocol-based detection?
This detection method can include malformed messages and sequencing errors.
Which of the following tools enables security professionals to audit and validate the behavior of security devices?
Traffic IQ Professional
An IT technician receives an IDS alert on the company network she manages. A seemingly random user now has administration privileges in the system, some files are missing, and other files seem to have just been created. Which of the following alerts did this technician receive?
True positive
When it comes to obfuscation mechanisms, nmap has the ability to generate decoys, meaning that detection of the actual scanning system becomes much more difficult. Which of the following is the proper nmap command?
nmap -D RND:10 target_IP_address
Nmap provides many commands and scripts that are used to evade firewalls and intrusion detection systems. Which of the following is the proper nmap command to use the decoy option?
nmap -D RND:25 10.10.10.1