Chapter 7 Information Security

8 September 2022
4.7 (114 reviews)
127 test answers

Unlock all answers in this set

Unlock answers (123)
question
To assist in the footprint intelligence collection process, attackers may use an enhanced Web scanner that, among other things, can scan entire Web sites for valuable pieces of information, such as server names and e-mail addresses. A) True B) False
answer
A) True
question
__________ testing is a straightforward testing technique that looks for vulnerabilities in a program or protocol by feeding random input to the program or a network running the protocol. A) Buzz B) Fuzz C) Spike D) Black
answer
B) Fuzz
question
The ability to detect a target computer's __________ is very valuable to an attacker. A) manufacturer B) operating system C) peripherals D) BIOS
answer
B) operating system
question
An HIDPS can detect local events on host systems and also detect attacks that may elude a network-based IDPS. A) True B) False
answer
A) True
question
The anomaly-based IDPS collects statistical summaries by observing traffic that is known to be normal. A) True B) False
answer
A) True
question
A HIDPS is optimized to detect multihost scanning, and it is able to detect the scanning of non-host network devices, such as routers or switches. A) True B) False
answer
B) False
question
Port explorers ​are tools used by both attackers and defenders to identify (or fingerprint) the computers that are active on a network, as well as the ports and services active on those computers, the functions and roles the machines are fulfilling, anAn IDPS can be configured to dial a phone number and produce an alphanumeric page or other type of signal or message. A) True B) False other useful information. _________________________ A) True B) False
answer
B) False
question
An IDPS can be configured to dial a phone number and produce an alphanumeric page or other type of signal or message. A) True B) False
answer
B) False
question
A broadcast vulnerability scanner is one that initiates traffic on the network in order to determine security holes. A) True B) False
answer
B) False
question
Fingerprinting is the organized research of the Internet addresses owned or controlled by a target organization. _________________________ A) True B) False
answer
B) False
question
A(n) __________ works like a burglar alarm in that it detects a violation (some system activities analogous to an opened or broken window) and activates an alarm. A) IDPS B) WiFi C) UDP D) DoS
answer
A) IDPS
question
A(n) known vulnerability is a published weakness or fault in an information asset or its protective systems that may be exploited and result in loss. _________________________ A) True B) False
answer
A) True
question
A strategy based on the concept of defense in depth is likely to include intrusion detection systems, active vulnerability scanners, passive vulnerability scanners, automated log analyzers, and protocol analyzers. A) True B) False
answer
A) True
question
Port explorers ​are tools used by both attackers and defenders to identify (or fingerprint) the computers that are active on a network, as well as the ports and services active on those computers, the functions and roles the machines are fulfilling, and other useful information. _________________________ A) True B) False
answer
B) False
question
A(n) event is an indication that a system has just been attacked or is under attack. _________________________ A) True B) False
answer
B) False
question
Some vulnerability scanners feature a class of attacks called _________, that are so dangerous they should only be used in a lab environment. A) aggressive B) divisive C) destructive D) disruptive
answer
C) destructive
question
Passive scanners are advantageous in that they require vulnerability analysts to get approval prior to testing. A) True B) False
answer
B) False
question
__________ is the action of luring an individual into committing a crime to get a conviction. A) Entrapment B) Enticement C) Intrusion D) Padding
answer
A) Entrapment
question
All IDPS vendors target users with the same levels of technical and security expertise. A) True B) False
answer
B) False
question
A(n) NIDPS functions on the host system, where encrypted traffic will have been decrypted and is available for processing. _________________________ A) True B) False
answer
B) False
question
Passive scanners are advantageous in that they require vulnerability analysts to get approval prior to testing. A) True B) False
answer
B) False
question
A(n) __________ is an event that triggers an alarm when no actual attack is in progress. A) false neutral B) false attack stimulus C) false negative D) noise
answer
B) false attack stimulus
question
Enticement is the action of luring an individual into committing a crime to get a conviction. _________________________ A) True B) False
answer
B) False
question
A(n) known vulnerability is a published weakness or fault in an information asset or its protective systems that may be exploited and result in loss. _________________________ A) True B) False
answer
A) True
question
To use a packet sniffer legally, an administrator only needs permission of the organization's top computing executive. A) True B) False
answer
B) False
question
The process by which attackers change the format and/or timing of their activities to avoid being detected by the IDPS is known as a false attack stimulus. A) True B) False
answer
B) False
question
Administrators who are wary of using the same tools that attackers use should remember that most organizations prohibit use of open source or freeware software tools. A) True B) False
answer
B) False
question
In order to determine which IDPS best meets an organization's needs, first consider the organizational environment in technical, physical, and political terms. A) True B) False
answer
A) True
question
Your organization's operational goals, constraints, and culture should not affect the selection of the IDPS and other security tools and technologies to protect your systems. A) True B) False
answer
B) False
question
A __________ vulnerability scanner listens in on the network and identifies vulnerable versions of both server and client software. A) passive B) aggressive C) active D) secret
answer
A) passive
question
A(n) monitoring vulnerability scanner is one that listens in on the network and determines vulnerable versions of both server and client software. _________________________ A) True B) False
answer
B) False
question
Fingerprinting is the organized research of the Internet addresses owned or controlled by a target organization. _________________________ A) True B) False
answer
B) False
question
A(n) __________ IDPS is focused on protecting network information assets. A) network-based B) host-based C) application-based D) server-based
answer
A) network-based
question
Activities that scan network locales for active systems and then identify the network services offered by the host systems is known as __________. A) port knocking B) doorknob rattling C) footprinting D) fingerprinting
answer
D) fingerprinting
question
Services using the TCP/IP protocol can run only on their commonly used port number as specified in their original Internet standard. A) True B) False
answer
B) False
question
To determine whether an attack has occurred or is underway, NIDPSs compare measured activity to known __________ in their knowledge base. A) vulnerabilities B) fingerprints C) signatures D) footprints
answer
C) signatures
question
IDPS responses can be classified as active or passive. A) True B) False
answer
A) True
question
A fully distributed IDPS control strategy is an IDPS implementation approach in which all control functions are applied at the physical location of each IDPS component.. A) True B) False
answer
A) True
question
When using trap-and-trace, the trace usually consists of a honeypot or padded cell and an alarm. _________________________ A) True B) False
answer
B) False
question
The process of entrapment is when an attacker changes the format and/or timing of their activities to avoid being detected by an IDPS. _________________________ A) True B) False
answer
B) False
question
__________ are decoy systems designed to lure potential attackers away from critical systems. A) Honeypots B) Bastion Hosts C) Wasp Nests D) Designated Targets
answer
A) Honeypots
question
Intrusion detection consists of procedures and systems that identify system intrusions and take action when an intrusion is detected. A) True B) False
answer
B) False
question
The disadvantages of using the honeypot or padded cell approach include the fact that the technical ​implications of using such devices are not well understood. _________________________ A) True B) False
answer
B) False
question
The primary advantages of a a centralized IDPS control strategy are cost and ease-of-use. _________________________ A) True B) False
answer
B) False
question
To use a packet sniffer legally, an administrator only needs permission of the organization's top computing executive. A) True B) False
answer
A) True
question
To use a packet sniffer legally, an administrator only needs permission of the organization's top computing executive. A) True B) False
answer
B) False
question
Alarm events that are accurate and noteworthy but do not pose significant threats to information security are called noise. _________________________ A) True B) False
answer
A) True
question
__________ is the action of luring an individual into committing a crime to get a conviction. A) Entrapment B) Enticement C) Intrusion D) Padding
answer
A) Entrapment
question
The activities that gather information about the organization and its network activities and assets is called fingerprinting. _________________________ A) True B) False
answer
B) False, Footprinting
question
A(n) log file monitor is similar to a NIDPS. _________________________ A) True B) False
answer
A) True
question
When a collection of honeypots connects several honeypot systems on a subnet, it may be called a(n) honeynet. _________________________ A) True B) False
answer
A) True
question
A HIDPS is optimized to detect multihost scanning, and it is able to detect the scanning of non-host network devices, such as routers or switches. A) True B) False
answer
B) False
question
A(n) __________ is a software program or hardware appliance that can intercept, copy, and interpret network traffic. A) packet scanner B) packet sniffer C) honey pot D) honey packet
answer
C) signatures
question
Network Behavior Analysis system __________ sensors are typically intended for network perimeter use, so they would be deployed in close proximity to the perimeter firewalls, often between the firewall and the Internet border router to limit incoming attacks that could overwhelm the firewall. A) inline B) offline C) passive D) bypass
answer
A) inline
question
__________ are usually passive devices and can be deployed into existing networks with little or no disruption to normal network operations. A) NIDPSs B) HIDPSs C) AppIDPSs D) SIDPSs
answer
A) NIDPSs
question
__________ are decoy systems designed to lure potential attackers away from critical systems. A) Honeypots B) Bastion Hosts C) Wasp Nests D) Designated Targets
answer
A) Honeypots
question
A passive IDPS response is a definitive action automatically initiated when certain types of alerts are triggered. A) True B) False
answer
B) False
question
An IDPS can be configured to dial a phone number and produce an alphanumeric page or other type of signal or message. A) True B) False
answer
A) True
question
A(n) partially distributed IDPS control strategy combines the best of the other two strategies. _________________________ A) True B) False
answer
A) True
question
To use a packet sniffer legally, the administrator must __________. A) be on a network that the organization owns B) be under direct authorization of the network's owners C) have knowledge and consent of the content's creators D) all of the above
answer
C) signatures
question
A false positive is the failure of an IDPS system to react to an actual attack event. A) True B) False
answer
B) False
question
Security tools that go beyond routine intrusion detection include honeypots, honeynets and padded cell systems. A) True B) False
answer
A) True
question
A HIDPS can monitor systems logs for predefined events. A) True B) False
answer
A) True
question
In DNS cache poisoning, valid packets exploit poorly configured DNS servers to inject false information to corrupt the servers' answers to routine DNS queries from other systems on the network. A) True B) False
answer
A) True
question
A padded cell is a hardened honeynet. _________________________ A) True B) False
answer
B) False
question
Once the OS is known, all of the vulnerabilities to which a system is susceptible can easily be determined. A) True B) False
answer
A) True
question
Your organization's operational goals, constraints, and culture should not affect the selection of the IDPS and other security tools and technologies to protect your systems. A) True B) False
answer
B) False Your organization's operational goals, constraints, and culture will affect the selection of the IDPS and other security tools and technologies to protect your systems.
question
Which of the following is NOT a described IDPS control strategy? A) centralized B) fully distributed C) partially distributed D) decentralized
answer
D) decentralized
question
Enticement is the action of luring an individual into committing a crime to get a conviction. _________________________ A) True B) False
answer
B) False Entrapment: action of luring an individual into committing a crime to get a conviction
question
Using __________, the system reviews the log files generated by servers, network devices, and even other IDPSs. A) LFM B) stat IDPS C) AppIDPS D) HIDPS
answer
A) LFM
question
Intrusion __________ activities finalize the restoration of operations to a normal state and seek to identify the source and method of the intrusion in order to ensure that the same type of attack cannot occur again. A) prevention B) reaction C) detection D) correction
answer
D) correction
question
Intrusion detection and prevention systems can deal effectively with switched networks. A) True B) False
answer
B) False Intrusion Prevention
question
Intrusion detection consists of procedures and systems that identify system intrusions and take action when an intrusion is detected. (T/F)
answer
True
question
A false positive is the failure of an IDPS system to react to an actual attack event. (T/F)
answer
False, False negative is
question
The process by which attackers change the format and/or timing of their activities to avoid being detected by the IDPS is known as a false attack stimulus. (T/F)
answer
False, known as Evasion
question
A HIDPS can monitor systems logs for predefined events. (T/F)
answer
True
question
A passive response is a definitive action automatically initiated when certain types of alerts are triggered. (T/F)
answer
False, active response is
question
The Simple Network Management Protocol contains trap functions, which allow a device to send a message to the SNMP management console indicating that a certain threshold has been crossed, either positively or negatively. (T/F)
answer
True
question
An IDPS can be configured to dial a phone number and produce an alphanumeric page or a modem noise. (T/F)
answer
True
question
In order to determine which IDPS best meets an organization's needs, first consider the organizational environment in technical, physical, and political terms. (T/F)
answer
True
question
Your organization's operational goals, constraints, and culture should not affect the selection of the IDPS and other security tools and technologies to protect your systems. (T/F)
answer
False, culture will affect
question
All IDPS vendors target users with the same levels of technical and security expertise. (T/F)
answer
False, Different IDPS vendors target users with the different levels of technical and security expertise.
question
Intrusion detection and prevention systems perform monitoring and analysis of system events and user behaviors. (T/F)
answer
True
question
Intrusion detection and prevention systems can deal effectively with switched networks.
answer
True
question
A fully distributed IDPS control strategy is the opposite of the centralized strategy. (T/F)
answer
True
question
A strategy based on the concept of defense in depth is likely to include intrusion detection systems, active vulnerability scanners, passive vulnerability scanners, automated log analyzers, and protocol analyzers. (T/F)
answer
True
question
Services using the TCP/IP protocol can run only on port 80. (T/F)
answer
False, any port ussually 1-1023
question
Once the OS is known, all of the vulnerabilities to which a system is susceptible can easily be determined. (T/F)
answer
True
question
A starting scanner is one that initiates traffic on the network in order to determine security holes. (T/F)
answer
False, active scanner is
question
A sniffer cannot be used to eavesdrop on network traffic. (T/F)
answer
False, a sniffer can be used
question
Passive scanners are advantageous in that they require vulnerability analysts to get approval prior to testing. (T/F)
answer
False, do not require vulnerability
question
Most of the technologies that scan human characteristics convert these images to some form of minutiae. (T/F)
answer
True
question
A(n) ____ works like a burglar alarm in that it detects a violation (some system activities analogous to an opened or broken window) and activates an alarm. A. ITS B. IIS C. SIS D. IDS
answer
D. IDS
question
Intrusion ____ activities finalize the restoration of operations to a normal state and seek to identify the source and method of the intrusion in order to ensure that the same type of attack cannot occur again. A. detection B. reaction C. correction D. prevention
answer
C. correction
question
____ is an event that triggers an alarm when no actual attack is in progress. A. False Negative B. False Attack Stimulus C. Noise D. False Positive
answer
B. False Attack Stimulus
question
____ is the process of classifying IDPS alerts so that they can be more effectively managed. A. Alarm compaction B. Alarm clustering C. Alarm attenuation D. Alarm filtering
answer
D. Alarm filtering
question
Activities that scan network locales for active systems and then identify the network services offered by the host systems is known as ____. A. footprinting B. doorknob rattling C. fingerprinting D. filtering
answer
C. fingerprinting
question
A(n) ____ IDPS is focused on protecting network information assets. A. application-based B. host-based C. server-based D. network-based
answer
D. network-based
question
____ is a specially configured connection on a network device that is capable of viewing all of the traffic that moves through the entire device. A. DPS B. SPAN C. IDSE D. NIDPS
answer
B. SPAN
question
To determine whether an attack has occurred or is underway, NIDPSs compare measured activity to known ____ in their knowledge base. A. signatures B. fingerprints C. footprints D. fingernails
answer
A. signatures
question
____ are usually passive devices and can be deployed into existing networks with little or no disruption to normal network operations. A. AppIDPSs B. HIDPSs C. SIDPSs D. NIDPSs
answer
D. NIDPSs
question
____ sensors are typically intended for network perimeter use, so they would be deployed in close proximity to the perimeter firewalls, often between the firewall and the Internet border router to limit incoming attacks that could overwhelm the firewall. A. Passive B. Offline C. Bypass D. Inline
answer
D. Inline
question
____ are decoy systems designed to lure potential attackers away from critical systems. A. Padded cells B. Honeycells C. Padded nets D. Honeypots
answer
D. Honeypots
question
IDPS researchers have used padded cell and honeypot systems since the late ____. A. 1980s B. 1970s C. 1990s D. 1960s
answer
A. 1980s
question
____ applications use a combination of techniques to detect an intrusion and then trace it back to its source. A. Treat and trap B. Trap and trace C. Trace and clip D. Trace and treat
answer
B. Trap and trace
question
____ is the action of luring an individual into committing a crime to get a conviction. A. Intrusion B. Enticement C. Padding D. Entrapment
answer
D. Entrapment
question
In TCP/IP networking, port ____ is not used. A. 13 B. 1 C. 1023 D. 0
answer
D. 0
question
Which of the following ports is commonly used for the HTTP protocol? A. 53 B. 25 C. 80 D. 20
answer
C. 80
question
____ testing is a straightforward testing technique that looks for vulnerabilities in a program or protocol by feeding random input to the program or a network running the protocol. A. Spike B. Fuzz C. Black D. Buzz
answer
B. Fuzz
question
A(n) ____ is a network tool that collects copies of packets from the network and analyzes them. A. honey pot B. packet sniffer C. honey packet D. packet scanner
answer
B. packet sniffer
question
Among all possible biometrics, ____ is(are) considered truly unique. a. retina of the eye b. fingerprints c. iris of the eye d. All of the above
answer
d. All of the above
question
____ is based on the use of some measurable human characteristic or trait to authenticate the identity of a proposed systems user. A. Software access control B. Physical access control C. System access control D. Biometric access control
answer
D. Biometric access control
question
A(n) ____ is a proposed systems user. A. supplicant B. challenger C. activator D. authenticator
answer
A. supplicant
question
The ____ is the level at which the number of false rejections equals the false acceptances, and is also known as the equal error rate. A. IIS B. REC C. CER D. BIOM
answer
C. CER Crossover Error Rate
question
A(n) ____________________ occurs when an attacker attempts to gain entry or disrupt the normal operations of an information system, almost always with the intent to do harm.
answer
intrusion
question
The ongoing activity from alarm events that are accurate and noteworthy but not necessarily significant as potentially successful attacks is called ____________________.
answer
noise
question
A(n) ____________________ IDPS can adapt its reactions in response to administrator guidance over time and circumstances of the current local environment.
answer
smart
question
Alarm ____________________ and compaction is a consolidation of almost identical alarms that happen at close to the same time into a single higher-level alarm
answer
clustering
question
In ____________________ protocol verification, the higher-order protocols are examined for unexpected packet behavior, or improper use.
answer
application
question
Three methods dominate the IDPSs detection methods: ____________________-based approach, statistical anomaly-based approach or the stateful packet inspection approach.
answer
signature
question
When the measured activity is outside the baseline parameters, it is said to exceed the ____________________ level.
answer
clipping
question
With a(n) ____________________ IDPS control strategy all IDPS control functions are implemented and managed in a central location.
answer
centralized
question
When a collection of honeypots connects several honeypot systems on a subnet, it may be called a(n) ____________________.
answer
honeynet
question
A(n) ____________________ is a honey pot that has been protected so that it cannot be easily compromised.
answer
padded cell
question
Under the guise of justice, some less scrupulous administrators may be tempted to ____________________, or hack into a hacker's system to find out as much as possible about the hacker.
answer
back hack
question
____________________ is the process of attracting attention to a system by placing tantalizing bits of information in key locations.
answer
enticement
question
When the measured activity is outside the baseline parameters, it is said to exceed the ____________________ level.
answer
clipping