14.1.9 Practice Exam

Which of the following activities are considered passive in regards to the functioning of anintrusion detection system? (Select two.) -Listening to network traffic - Transmitting FIN or RES packets to an external host - Monitoring the audit trails on a server - Disconnection a port being used by a zombie

An active IDS system often performs which of the following actions? select two - Perform reverse lookups to indetify an intruder - Update filters to block suspect traffic - Request a second logon test for users performing abnormal activities - Trap and delay the intruder until the authorities arrive

What does an IDS that uses signature recognition use for identifying attacks? - Statistical analysis to find unusual deviations - Comparison of current statistics to past statistics - Exceeding threshold values - Comparison to a database of known attacks

Which of the following are security devices that perform stageful inspections of packet data, looking for patterns that indicate malicious code? select two - ACL - VPN - Firewall - IDS - IPS

Properly configured passive IDS and system audit logs are an integral part of a comprehensive security plan. What step must be taken to ensure that the information is useful in maintaining a secure environment? - All files must be verified with the IDS checksum - The accounting department must compress the logs on a quarterly basis - All logs should be deleted and refreshed monthly - Periodic reviews must be conducted to detect malicious activity or policy violations

What security mechanism can be used to detect attacks originating on the Internet or from within an internal trusted subnet? - Firewall - IDS - Security alarm - Biometric system

You are connected about attacks directed at your network firewall. You want to be able to identify and be notified of any attacks. In addition, you want the system to take immediate action when poosible to stop or prevent the attacks. Which tool should you use? - IDS - Packet sniffer - IPS - Port scanner

As a security precaution, you have implemented IPsec that is used between any two devices on your network. IPsec provides encryption for traffic between devices. You would like to implement a solution that can scan the contents of the encrypted traffic to prevent any malicious attacks. Which solution should you implement? - VPN concentrator - Network based IDS - Host based IDS - Port scanner - Protocol analyzer

You are concerned about protecting your network from network-based attacks from the internet. Specifically, you are concerned about zero day attacks (attacks that have not yet been identified or that do not have prescribed protections.) Which type of device should you use? - Anomaly based IDS - Signature based IDS - Anti-virus scanner - Host based firewall - Network based firewall

If maintaining confidentiality is of the utmost importance to your organization, what is the best response when an intruder is detected on your network? - Delay the intruder - Monitor the intruder's actions - Record audit trails about the intruder - Disconnect the intruder

You have worked as a network Admin for a company for seven months. One day all picture files on the server become corrupted. You discover that a user downloaded a virus from the internet onto his workstation, and it propagated to the server. You successfully restore all files from backup, but your boss adam at that this situation does not occur. What should you do? - Install a network virus detection software solution - Disconnect the user from the Internet - Allow users to access the Internet only from terminals that are not attached to the main network - Install a firewall

Which of the following actions should you take to reduce the attack surface of a server? - Install a host-based IDS - Install the latest patches and hotfixes - Install anti-malware software - Disable unused services

You want to make sure that a set of servers will only accept traffic for specific network services. You have verified that the servers are only running the necessary services, but you also want to make sure that the servers will not accept packets sent to those services. Which tool should you use? - Packet sniffer - System logs - IPS - IDS - Port scanner

Which of the following intrusion detection and prevention systems use fake resources to entice intruders by displaying a vulnerability, configuration flaw, or valuable data? - Botnet - Honeypot - Trojan horse - Zombie

What does a tarpit specifically do to detect and prevent intrusion into your network? - Entices intruders by displaying a vulnerability, configuration flow, or data that appears to be of value to an attacker - Uses a packet sniffer to examine network traffic and identify known attack patterns then locks the attacker's connection to prevent any further intrusion activities - Answers connection requests in such a way that the attacking computer is stuck for a period of time - Passively monitors and logs suspicious activity until it detects a known attack pattern then shuns the intruder by dropping their connection