HOD401 Chapter 17
A
13. A firewall is used to separate which of the following? A. Networks B. Hosts C. Permissions D. ACL
B
7. A method for overwhelming an IDS using packets with incorrect TTL values or flags is known as what? A. Session splicing B. Insertion C. Fragmenting D. ACK scanning
B
10. An anomaly-based NIDS is designed to look for what? A. Patterns of known attacks B. Deviations from known traffic patterns C. Log alterations D. False positives
B
12. A DMZ is created with which of the following? A. A firewall and a router B. A multihomed firewall C. Two routers D. A multihomed router
A
20. What can be used instead of a URL to evade some firewalls? A. IP address B. Encryption C. Stateful inspection D. NIDS
D
5. Altering a checksum of a packet can be used to do what? A. Send an RST. B. Send a URG. C. Reset a connection. D. Evade an NIDS.
D
6. Firewalking is done to accomplish which of the following? A. Find the configuration of an NIDS. B. Find the configuration of an HIDS. C. Uncover a honeypot. D. Analyze a firewall.
C
8. How does a fragmentation attack, which takes a packet, breaks it into fragments, and sends only some of the fragments to the target, cause a DoS? A. By consuming processor power on the IDS B. By overwhelming the IDS with too many fragments C. By exhausting memory by caching the fragments D. By filling virtual memory with too much data
A
9. Which of the following uses a database of known attacks? A. Signature file B. Anomaly C. Behavior D. Shellcode
C
16. HTTP is typically open on which port in a firewall? A. 25 B. 443 C. 80 D. 110
A
3. An NIDS is based on technology similar to which of the following? A. Packet sniffing B. Privilege escalation C. Enumeration D. Backdoor
D
4. Which of the following can be used to evade an IDS? A. Packet sniffing B. Port scanning C. Enumeration D. Encryption
D
1. An HIDS is used to monitor activity on which of the following? A. Network B. Application C. Log file D. Host
B
11. Multihomed firewall has a minimum of how many network connections? A. Two B. Three C. Four D. Five
C
14. In practice a honeypot will be configured how? A. As an unpatched system B. As a decoy server C. As a duplicate of a real system D. As an analysis tool
D
15. Which ports does SNMP use to function? A. 160 and 161 B. 160 and 162 C. 389 and 160 D. 161 and 162
C
17. What is a system used as a chokepoint for traffic? A. IDS B. DMZ C. Bastion host D. SNMP host
C
18. At which layer of the OSI model does a packet-filtering firewall work? A. Layer 1 B. Layer 2 C. Layer 3 D. Layer 4
C
19. What type of firewall analyzes the status of traffic? A. Circuit level B. Packet filtering C. Stateful inspection D. NIDS
C
2. Which of the following can be used to identify a firewall? A. Search engines B. Email C. Port scanning D. Google hacking