ITN 261 QUIZ 3
Which of the following provides the ability to monitor a network, host, or application, and report back when suspicious activity is detected? Firewall Control Honeypot Intrusion detection system (IDS)
D. Intrusion detection system (IDS)
Which class of individuals works the most with the server and is primarily concerned with access to content and services? Server administrator Network administrator End user Web attacker
End user
A denial of service (DoS) attack can be considered an "upgraded" and advanced version of a distributed denial of service (DDoS) attack. T/F
FALSE
A denial of service (DoS) attack is typically the first action an attacker will take in an attempt to access a system. T/F
FALSE
A distributed denial of service (DDoS) attack can be performed using only a software component; no hardware component is necessary. T/F
FALSE
A host-based intrusion detection system (HIDS) monitors activity on a network. T/F
FALSE
A packet filtering firewall is a type of firewall that functions as a gateway for requests arriving from clients. T/F
FALSE
Ad hoc wireless networks are networks that use an access point (AP) that each client associates with. T/F
FALSE
After a firewall is designed and implemented, a firewall policy should be developed. T/F
FALSE
An access point (AP), present in wired networks but not in wireless networks, is a device that wired clients associate with in order to gain access to the network. T/F
FALSE
An intrusion detection system (IDS) is a single piece of software, as opposed to a series of components. T/F
FALSE
An intrusion detection system (IDS) prevents attacks from occurring. T/F
FALSE
An intrusion detection system (IDS) provides a way of both detecting an attack and dealing with it. T/F
FALSE
Bluetooth devices cannot be secured. T/F
FALSE
By definition, misuse is always malicious in nature. T/F
FALSE
Fail-open state results in closed and completely restricted access or communication. T/F
FALSE
Firewalls perform well against misuse. T/F
FALSE
Honeypots and honeynets are, by definition, illegal. T/F
FALSE
Intrusion detection is the ability to detect misuse of resources or privileges. T/F
FALSE
It is easy for an attacker to predict the sequence numbers of the packets in order to hijack a session successfully. T/F
FALSE
Misuse detection is the technique of uncovering successful or attempted unauthorized access to an information system. T/F
FALSE
Most networks and protocols are inherently secure making them difficult to sniff. T/F
FALSE
NetStumbler is the only wireless hacking tool that can perform wireless network scanning. T/F
FALSE
Over the past few years, the use of denial of service (DoS) attacks to commit crimes such as extortion has decreased. T/F
FALSE
Role based access control (RBAC) depends on the owner or author of data to manage security. T/F
FALSE
Session hijacking is the process of assisting two parties in establishing a new session. T/F
FALSE
Sniffers are fundamentally evil because they are only used to steal information. T/F
FALSE
The default access point (AP) security settings should never be changed. T/F
FALSE
The widespread availability of wireless has made management and security much easier for the network and security administrator. T/F
FALSE
Typically, a computer system can see all communications, whether they are addressed to the listening station or not. T/F
FALSE
A denial of service (DoS) attack is considered a critical problem because it is very difficult to defeat. True False
False
A distributed denial of service (DDoS) attack is mostly an annoyance; however, a denial of service (DoS) attack is much more of a problem. True False
False
A poison null byte attack uploads masses of files to a server with the goal of filling up the hard drive on the server in an attempt to cause the application to crash. True False
False
An effective method for uncovering database problems is to consider the security problem simply from an insider's perspective, rather than an outsider's perspective. True False
False
Databases are rarely a target for attackers because many of them are "unhackable." True False
False
Firewalls provide very little protection to a database server. True False
False
Over time, corporations have been moving fewer and fewer services to the cloud. True False
False
Structured Query Language (SQL) injections require very little skill or knowledge to execute. True False
False
A denial of service (DoS) attack is designed to deny legitimate users the use of a system or service through the systematic overloading of its resources. T/F
TRUE
A lookup table is used to track which Media Access Control (MAC) addresses are present on which ports on the switch. T/F
TRUE
A multi-homed device has multiple network interfaces that use rules to determine how packets will be forwarded between interfaces. T/F
TRUE
A screened host is a setup where the network is protected by a device that combines the features of proxy servers with packet filtering. T/F
TRUE
Active session hijacking takes sniffing to the next level by moving from listening to interacting. T/F
TRUE
Active sniffing introduces traffic onto the network, meaning that the user's presence is now detectable by anyone or anything that may be looking. T/F
TRUE
Ad hoc networks can be created very quickly and easily because no access point (AP) is required in their setup. T/F
TRUE
An intrusion detection system (IDS) essentially extends the traffic-capturing capability of a packet sniffer in that the IDS compares the intercepted traffic to known good or bad behavior. T/F
TRUE
Association with an access point (AP) occurs when a wireless client has the service set identifier (SSID) preconfigured for the network it is supposed to be attaching to. T/F
TRUE
Atmospheric conditions, building materials, and nearby devices can all affect emanations of wireless networks. T/F
TRUE
Barriers, guards, cameras, and locks are examples of physical controls. T/F
TRUE
Bluetooth devices that are set to be seen or discovered by other Bluetooth devices can be seen by the owners of devices who have both good and bad intentions. T/F
TRUE
Bluetooth employs security mechanisms called "trusted devices," which have the ability to exchange data without asking any permission because they are already trusted to do so. T/F
TRUE
Both denial of service (DoS) and distributed denial of service (DDoS) attacks seek to overwhelm a victim with requests designed to lock up, slow down, or crash a system. T/F
TRUE
Content addressable memory (CAM) is the memory present on a switch that is used to look up the Media Access Control (MAC) address to port mappings that are present on a network. T/F
TRUE
Content addressable memory (CAM) is used to build a lookup table.
TRUE
Firewalls separate networks and organizations into different zones of trust. T/F
TRUE
In networks based on the Ethernet standard (802.3), stations transmit their information using the Carrier Sense Multiple Access with Collision Detection (CSMA/CD) method. T/F
TRUE
In the first wave of a distributed denial of service (DDoS) attack, the targets that will be the "foot soldiers" are infected with the implements that will be used to attack the ultimate victim. T/F
TRUE
In wireless networks based on the 802.11 standard, stations transmit their information using the Carrier Sense Multiple Access with Collision Avoidance (CSMA/CA). T/F
TRUE
Intrusion detection is the process of detecting potential misuse or attacks and the ability to respond based on the alert that is provided. T/F
TRUE
Media access control (MAC) address filtering is a way to enforce access control on a wireless network by registering the MAC addresses of wireless clients with the access point (AP). T/F
TRUE
Most intrusion detection systems (IDSs) are based on signature analysis. T/F
TRUE
Network connectivity arguably has the biggest impact on the effectiveness of the firewall. T/F
TRUE
Placement of an access point (AP) is an important security consideration in defending a wireless network. T/F
TRUE
Promiscuous mode is a special mode that a network card can be switched to that will allow the card to observe all traffic that passes by on the network. T/F
TRUE
The early networks did not resemble the networks in use today because they were mainly proprietary and performed poorly compared with today's deployments. T/F
TRUE
The inSSIDer wireless hacking tool can inspect a WLAN and surrounding networks to troubleshoot competing access points (APs). T/F
TRUE
Wardriving is the process of an attacker traveling through an area with the goal of detecting wireless access points (APs) or devices. T/F
TRUE
Wireless LANs are built upon the 802.11 family of standards and operate in a similar manner to wired networks. T/F
TRUE
Wireless networks use radio frequency (RF) or radio techniques, which allow wireless transmissions to reach out in all directions, enabling connectivity but also allowing anyone in those directions to eavesdrop. T/F
TRUE
Wireshark, Tcpdump, Windump, and Omnipeek are popular sniffing tools. T/F
TRUE
A buffer overflow can result in data being corrupted or overwritten. True False
True
A good way to prevent Structured Query Language (SQL) injection attacks is to use input validation, which ensures that only approved characters are accepted. True False
True
A number of different methods can be used to deface a Web site. True False
True
A session, the connection that a client has with the server application, should use the same identifier, encryption, and other parameters every time a new connection between client and server is created, rather than create new information for each connection and then discard it each time. True False
True
An organization's Web server is often the public face of the organization that customers and clients see first. True False
True
Brutus is a password cracker that is designed to decode different password types present in Web applications. True False
True
Databases can be easily missed because they may be installed as part of another application or just not reported by the application owner. True False
True
Defacing a Web site is one of the most common acts of vandalism against Web sites. True False
True
Error messages should be considered a potential Web server vulnerability because they can provide vital information to an attacker. True False
True
Input validation refers to restricting the type of input or data the Web site will accept so that mistakes will not be entered into the system. True False
True
Process isolation provides extra protection against catastrophic failure of a system by ensuring that one process crashing will not take others with it. True False
True
When working on securing Web applications, the safety of information must be considered both when it is being stored and when it is being transmitted, because both stages are potential areas for attack. True False
True
Which of the following statements is NOT true about firewall policy? A policy is not necessary if the firewall is configured in the way the administrator wants. A policy lays out the rules on what traffic is allowed and what is not. The policy will specifically define the IP addresses, address ranges, protocol types, and applications that will be evaluated and granted or denied access to the network. The policy will provide guidance on how changes to traffic and requirements are to be dealt with.
a. A policy is not necessary if the firewall is configured in the way the administrator wants.
Which of the following controls fit in the area of policy and procedure? Administrative Physical Technical Equipment
a. Administrative
Which of the following allows someone authorized or unauthorized to send messages to a cell phone? Bluejacking Bluesnarfing Bluebugging Bluebombing
a. Bluejacking
Common forms of distributed denial of service (DDoS) attacks include all of the following EXCEPT: Buffer overflows Ping flooding attack Smurf attack SYN flooding
a. Buffer overflows
Which of the following statements is NOT true about firewalls? Firewalls have not changed much over the years. The firewall is located on the perimeter or boundary between the internal network and the outside world. The firewall forms a logical and physical barrier between the organization’s network and everything outside. The firewall is able to deny or grant access based on a number of rules that are configured on the device.
a. Firewalls have not changed much over the years.
A group of computers or a network configured to attract attackers is called a(n): honeynet. honeypot. target. entrapment.
a. Honeynet
Which of the following is NOT one of the steps an attacker must perform to conduct a successful session hijacking? Inject packets into the network prior to the authentication process. Analyze and predict the sequence number of the packets. Sever the connection between the two parties. Seize control of the session.
a. Inject packets into the network prior to the authentication process.
Countermeasures that can be used to defeat sniffing include all of the following EXCEPT: Media Access Control (MAC) flooding. port security. encryption. static ARP entries.
a. Media Access Control (MAC) flooding.
Which of the following is NOT a countermeasure to threats against wireless LANs? Promiscuous clients Firewalls Antivirus programs Training
a. Promiscuous clients
Which class of individuals is primarily concerned with the security of the Web server because it can provide an easy means of getting into the local network? Server administrator Network administrator End user Web attacker
a. Server administrator
Which of the following refers to encryption using short keys or keys that are poorly designed and implemented that can allow an attacker to decrypt data easily and gain unauthorized access to the information? Weak ciphers or encoding algorithms Vulnerable software Absent or inadequate password change controls Insecure or weak session identifiers
a. Weak ciphers or encoding algorithms
Any activity that should not be but is occurring on an information system is called: an intrusion. an anomaly. misuse. detection.
a. an intrusion.
Typical categories of databases include all of the following EXCEPT: relational database. applied database. distributed database. object-oriented programming database.
a. applied database.
With a hub connectivity device in place, all traffic can be seen by all other stations, which can be also referred to as all stations being on the same: collision domain. switch. sniffer. lookup table.
a. collision domain.
Security issues that can arise in cloud computing that are above and beyond those with standard environments include all of the following EXCEPT: detectability. availability. reliability. loss of control.
a. detectability
All of the following actions can be helpful in thwarting session hijacking attacks EXCEPT: employing operating systems that create predictable sets of sequence numbers. using encryption to make it difficult for attackers to see what is being transmitted. configuring routers to block spoofed traffic from outside the protected network. using an intrusion detection system (IDS) that can watch for suspicious activity.
a. employing operating systems that create predictable sets of sequence numbers.
Exploitative behaviors against Web applications include all of the following EXCEPT: man-in-the-middle attacks. domain Name Server (DNS) attacks. destruction of data. theft of information such as credit cards or other sensitive data.
a. man-in-the-middle attacks.
The 802.11n standard uses a new method of transmitting signals, which can transmit multiple signalsacross multiple antennas. This new method of transmitting signals is called: multiple input and multiple output (MIMO). multiple signal and multiple antennas (MSMA). Bluetooth. Blu-ray.
a. multiple input and multiple output (MIMO).
NGSSquirreL and AppDetective are: pieces of software for performing audits on databases. languages for communicating with databases. tools for locating rogue or unknown database installations. cloud computing software.
a. pieces of software for performing audits on databases.
The primary difference between denial of service (DoS) attacks and distributed denial of service (DDoS) attacks is: a. scale. b. time. c. the use of botnets. d. the use of sniffing.
a. scale
The two main types of intrusion detection systems (IDSs) are: the network-based intrusion detection system (NIDS) and the host-based intrusion detection system (HIDS). the signature recognition system and signature analysis system. the honeypot system and honeynet system. the file system and the folder system.
a. the network-based intrusion detection system (NIDS) and the host-based intrusion detection system (HIDS).
A setup created by wireless networking technologies that are designed to extend or replace wired networks is called: wireless local area network (WLAN). service set identifier (SSID). wireless universal network (WUN). service local area network (SLAN).
a. wireless local area network (WLAN).
Which of the following was the first wireless standard that saw any major usage outside of proprietary or custom deployments? Bluetooth standard 802.11 standard 805.22 standard Blu-ray standard
b. 802.11 standard
The first widely adopted wireless technology was: 802.11a. 802.11b. 802.11c. 802.11d.
b. 802.11b
Which of the following is a detection method that uses a known model of activity in an environment and reports deviations from established normal behavior? File integrity checking Anomaly detection Signature analysis Signature recognition
b. Anomaly detection
Which of the following is used to steal data from a phone? Bluejacking Bluesnarfing Bluebugging Bluebombing
b. Bluesnarfing
In wireless networks based on the 802.11 standard, stations transmit their messages using the: Carrier Sense Multiple Access with Collision Detection (CSMA/CD). Carrier Sense Multiple Access with Collision Avoidance (CSMA/CA). Carrier Sense Multiple Access without Collision (CSMA/WC). Carrier Sense Multiple Access with Collision Overdrive (CSMA/CO).
b. Carrier Sense Multiple Access with Collision Avoidance (CSMA/CA).
Which of the following refers to using many systems to attack another system? Denial of service (DoS) attacks Distributed denial of service (DDoS) attacks Sniffing Session hijacking
b. Distributed denial of service (DDoS) attacks
A single computer that is configured to attract attackers to it and act as a decoy is called a(n): honeynet. honeypot. target. entrapment.
b. Honeypot
Which of the following options for firewall implementation has multiple network interfaces that use rules to determine how packets will be forwarded between interfaces? Single packet filtering device Multi-homed device Screened host Demilitarized zone (DMZ)
b. Multi-homed device
Which of the following is a capability implemented through Bluetooth technology, designed to reach a maximum range on average of 10 meters or 30 feet? Local area network (LAN) Personal area network (PAN) Limited range network (LRN) Contained network (CN)
b. Personal area network (PAN)
Which of the following is NOT considered a vulnerability of Web servers? Improper or poor Web design Poor end-user training Denial of service (DoS) and distributed denial of service (DDoS) attacks Buffer overflow
b. Poor end-user training
Which of the following is NOT a threat to wireless LANs? Misconfigured security settings Secured connections Rogue access points Promiscuous clients
b. Secured connections
All of the following are commonly used tools to perform session hijacking EXCEPT: Ettercap. Smurf. Hunt. IP Watcher.
b. Smurf
Which of the following statements is NOT true regarding distributed denial of service (DDoS) attacks? Attacks of this type use hundreds or thousands of systems to conduct the attack. The attack is easily tracked back to its true source. Defense is difficult due to the number of attackers. The impact of this attack is increased over that of a standard denial of service (DoS) attack.
b. The attack is easily tracked back to its true source.
Which of the following technologies is specifically designed to deliver Internet access over the so-called last mile to homes or businesses that may not otherwise be able to get access? Wi-Fi WiMAX Bluetooth Rainbow
b. WiMAX
Media Access Control (MAC) flooding and Address Resolution Protocol (ARP) poisoning are: forms of passive sniffing. methods of bypassing a switch to perform sniffing. types of promiscuous modes. methods of placing stations in separate collision domains.
b. methods of bypassing a switch to perform sniffing.
An application or device that is designed to capture network traffic as it moves across the network itself is referred to as a: hub. protocol. sniffer. collision domain.
b. sniffer
A device used to break a network into logical network segments known as collision domains is called a: promiscuous mode. switch. sniffer. lookup table.
b. switch
Wi-Fi is a trademark, introduced in 1999 and owned by the Wi-Fi Alliance, that is used to brand wireless technologies that conform to the: Bluetooth standard. LANs standard. 802.11 standard. radio frequency (RF) standard.
c. 802.11 standard.
In what type of attack does the attacker take over an established session between two parties and then interact with the remaining party as if the attacker were the party that has been disconnected? Active sniffing Passive sniffing Active session hijacking Passive session hijacking
c. Active session hijacking
What type of sniffing takes place on networks that have connectivity hardware that is "smarter" or more advanced, such as those with a switch? Promiscuous sniffing Protocol sniffing Active sniffing Passive sniffing
c. Active sniffing
Which of the following technologies emerged for the first time in 1998 and was designed to be a short-range networking technology that could connect different devices together? Wi-Fi WiMAX Bluetooth Rainbow
c. Bluetooth
What type of attack relies on a variation of the input validation attack but has the goal of going after a user instead of the application or data. Web site defacing Buffer overflows Cross-site scripting (XSS) Structured Query Language (SQL)
c. Cross-site scripting (XSS)
Which of the following is a hierarchical, structured format for storing information for later retrieval, modification, management, and other purposes? Cipher Session Database Encryption
c. Database
Which of the following was NOT a benefit of the 802.11a over 802.11b? Much greater bandwidth Higher frequency range, resulting in less interference Lower cost of equipment Easier to contain because the signal cannot penetrate walls
c. Lower cost of equipment
Which of the following is entered ahead of time for both the access point (AP) and client so they can authenticate and associate securely? Exclusive keys Mutual keys Preshared keys Open keys
c. Preshared keys
Which of the following refers to an intrusion detection system (IDS) that is programmed to identify known attacks occurring in an information system or network by comparing sniffed traffic or other activity with that stored in a database? File integrity checking Anomaly detection Signature analysis Signature recognition
c. Signature analysis
Which of the following refers to a language used to interact with databases, making it possible to access, manipulate, and change data? Cross-site scripting (XSS) Banner language Structured Query Language (SQL) Buffer overflow
c. Structured Query Language (SQL)
Which of the following is a firewall best able to control? Viruses Secondary connections Traffic Social engineering
c. Traffic
A group of infected systems that are used to collectively attack another system is called a: sniffer. hijacker. botnet. hub.
c. botnet
The principle that individuals will be given only the level of access that is appropriate for their specific job role or function is called: implicit deny. separation of duties. least privilege. job rotation.
c. least privilege.
The improper use of privileges or resources within an organization is called: an intrusion. an anomaly. misuse. detection.
c. misuse
Common database vulnerabilities include all of the following EXCEPT: unused stored procedures. services account privilege issues. strong audit log settings. weak or poor authentication methods enabled.
c. strong audit log settings.
The primary components of a host-based intrusion detection system (HIDS) are: the log file monitor and the IDS response matrix. the signature recognizer and the file integrity checker. the command console and the monitoring agent software. the command console and the network sensor.
c. the command console and the monitoring agent software.
SQLPing and SQLRecon are: pieces of software for performing audits on databases. languages for communicating with databases. tools for locating rogue or unknown database installations. cloud computing software.
c. tools for locating rogue or unknown database installations.
Which of the following standards combines the best of both 802.11a and 802.11b? 802.11c 802.11d 802.11f 802.11g
d. 802.11g
Which of the following is an intrusion detection system with additional abilities that make it possible to protect systems from attack by using different methods of access control? A botnet A firewall An intrusion detection system analyzer An intrusion prevention system
d. An intrusion prevention system
Which of the following is used to make calls or send text messages from the targeted device? Bluejacking Bluesnarfing Bluebugging Bluebombing
d. Bluebugging
Which category of risk inherent with Web servers includes risks such as the ability to steal information from a server, run scripts or executables remotely, enumerate servers, and carry out denial of service (DoS) attacks? Port-side risks Browser or client-side risks Browser- and network-based risks Defects and misconfiguration risks
d. Defects and misconfiguration risks
Which of the following options for firewall implementation has a region of the network or zone that is sandwiched between two firewalls? Single packet filtering device Multi-homed device Screened host Demilitarized zone (DMZ)
d. Demilitarized zone (DMZ)
Which of the following statements is NOT true regarding passive session hijacking? Passive hijacking is functionally no different from sniffing. In passive session hijacking, the attacker does not interact with the remaining party. In passive session hijacking, attackers switch to an observation type mode where they record and analyze the traffic as it moves. In passive session hijacking, the attacker assumes the role of the party he has displaced.
d. In passive session hijacking, the attacker assumes the role of the party he has displaced.
Which of the following statements is NOT true regarding Address Resolution Protocol (ARP) poisoning? Anyone can download malicious software used to run ARP spoofing attacks. Attackers can use bogus ARP messages to redirect traffic. It can be used to intercept and read data as well as intercept credentials such as usernames and passwords. It cannot be used to alter data in transmission or tap Voice over IP (VoIP) phone calls.
d. It cannot be used to alter data in transmission or tap Voice over IP (VoIP) phone calls.
What type of sniffing takes place on networks such as those that have a hub as the connectivity device? Promiscuous sniffing Protocol sniffing Active sniffing Passive sniffing
d. Passive sniffing
Which of the following statements is NOT true regarding passive sniffing? Passive sniffing is difficult to detect because the attacker does not broadcast anything on the network as a practice. Passive sniffing takes place and is effective when a hub is present. Passive sniffing can be done very simply. Passive sniffing works only when the traffic you wish to observe and the station that will do the sniffing are in different collision domains.
d. Passive sniffing works only when the traffic you wish to observe and the station that will do the sniffing are in different collision domains.
Which of the following is NOT one of the three basic modes firewalls can operate in? Packet filtering Stateful inspection Application proxying SYN proxying
d. SYN proxying
Which of the following is used to uniquely identify a network, thereby ensuring that clients can locate the correct wireless local area network (WLAN) that they should be attaching to? Local area network identifier (LANID) Wireless network identifier (WNID) Station identifier (SID) Service set identifier (SSID)
d. Service set identifier (SSID)
Which of the following statements is NOT true regarding Structured Query Language (SQL) injections? a. They involve the attacker “injecting” SQL code into an input box or form with the goal of gaining unauthorized access or alter data. b. They can be used to inject SQL commands to exploit non-validated input vulnerabilities in a Web app database. c. They can be used to execute arbitrary SQL commands through a Web application. d. They are specific to only one vendor’s database and cannot force the application to reveal restricted information.
d. They are specific to only one vendor’s database and cannot force the application to reveal restricted information.
Question 381 / 1 pts Which of the following statements is NOT true regarding the protection of databases? Databases can be protected by making sure their existence is not obvious. Tools are available to keep a database hidden from scans by attackers. Most Web servers, Web applications, and the databases hosted in the environment include some security features. Very few tools are available to locate, audit, and ultimately protect databases.
d. Very few tools are available to locate, audit, and ultimately protect databases.
The Institute of Electrical and Electronics Engineers (IEEE) 802.11 family of standards, which range from 802.11a to 802.11n, are known collectively in standard jargon as: Wii. WiMAX. Bluetooth. Wi-Fi.
d. Wi-Fi
Which one of the following is the strongest authentication technology for protecting wireless networks? Wired Equivalent Privacy (WEP) Wired Equivalent Privacy version 2 (WEP2) Wi-Fi Protected Access (WPA) Wi-Fi Protected Access version 2 (WPA2)
d. Wi-Fi Protected Access version 2 (WPA2)
Offloading services from the local intranet to the Internet itself can be done by the use of: SQL injections. buffer overflows. firewalls. cloud computing.
d. cloud computing
Consumption of bandwidth, consumption of resources, and exploitation of programming defects are the three broad categories of: sniffing. session hijacking. botnets. denial of service (DoS) attacks.
d. denial of service (DoS) attacks.
The categories of Web application vulnerabilities include all of the following EXCEPT: authentication issues. authorization configuration. session management issues. end-user education.
d. end-user education.
Web applications that require a user to log on prior to gaining access can track information relating to improper or incorrect logons; this information typically lists entries such as all of the following EXCEPT: entry of an invalid user ID with a valid password. entry of a valid user ID with an invalid password. entry of an invalid user ID and password. entry of a valid user ID and password.
d. entry of a valid user ID and password.
Botnets are used to perform all of the following attacks EXCEPT: distributed denial of service (DDoS) attacks. transmitting spam and other bogus information on behalf of their owner. stealing information. passive session hijacking.
d. passive session hijacking.
Which of the following is commonly known as misuse detection because it attempts to detect activities that may be indicative of misuse or intrusions? File integrity checking Anomaly detection Signature analysis Signature recognition
d. signature
The primary components of a network-based intrusion detection system (NIDS) are: the log file monitor and the IDS response matrix. the signature recognizer and the file integrity checker. the command console and the monitoring agent software. the command console and the network sensor.
d. the command console and the network sensor.