Study your flashcards anywhere!

Download the official Cram app for free >

  • Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off
Reading...
Front

How to study your flashcards.

Right/Left arrow keys: Navigate between flashcards.right arrow keyleft arrow key

Up/Down arrow keys: Flip the card between the front and back.down keyup key

H key: Show hint (3rd side).h key

A key: Read text to speech.a key

image

Play button

image

Play button

image

Progress

1/20

Click to flip

20 Cards in this Set

  • Front
  • Back
  • 3rd side (hint)
1 CH 3
 In order for network monitoring to work properly, you need a PC and a network card running in what mode?
1
A) Launch
B) Exposed
C) Promiscuous
D) Sweep
1) C
In order for network monitoring to work properly, you need a PC and a network card running in promiscuous mode.
2 CH 3
Which Linux utility can show if there is more than one set of documentation on the system for a command you are trying to find information on?
2
A) Lookaround
B) Howmany
C) Whereall
D) Whatis
2) D
In Linux, the whatis utility can show if there is more than one set of documentation on the system for a command you are trying to find information on.
3 CH 3
In intrusion detection system parlance, which account is responsible for setting the security policy for an organization?
3
A) Supervisor
B) Administrator
C) Root
D) Director
3) B
The administrator is the person/account responsible for setting the security policy for an organization.
4 CH 3
Which of the following IDS types looks for things outside of the ordinary?
4
A) Incongruity-based
B) Variance-based
C) Anomaly-based
D) Difference-based
4) C
An anomaly-detection IDS (AD-IDS)  looks for anomalies, meaning it looks for things outside of the ordinary.
5 CH 3
Which of the following copies the traffic from all ports to a single port and disallows bidirectional traffic on that port?
5
A) Port spanning
B) Socket blending
C) Straddling
D) Amalgamation
5) A
Port spanning (also known as port mirroring) copies the traffic from all ports to a single port and disallows bidirectional traffic on that port.
6 CH 3
Which of the following implies ignoring an attack and is a common response?
6
A) Eschewing
B) Spurning
C) Shirking
D) Shunning
6) D
Shunning, or ignoring an attack, is a common response.
7 CH 3
Which IDS system uses algorithms to analyze the traffic passing through the network?
7
A) Arithmetical
B) Algebraic
C) Statistical
D) Heuristic
7) D
A heuristic system uses algorithms to analyze the traffic passing through the network.
8 CH 3
Which of the following utilities can be used in Linux to view a list of users’ failed authentication attempts?
8
A) badlog
B) faillog
C) wronglog
D) killlog
8) B
Use the faillog utility in Linux to view a list of users’ failed authentication attempts.
9 CH 3
Which of the following is the process in which a law enforcement officer or a government agent encourages or induces a person to commit a crime when the potential criminal expresses a desire not to go ahead?
9
A) Enticement
B) Entrapment
C) Deceit
D) Sting
9) B
Entrapment is the process in which a law enforcement officer or a government agent encourages or induces a person to commit a crime when the potential criminal expresses a desire not to go ahead.
10 CH 3
The IDS console is known as what?
10
A) Manager
B) Window
C) Dashboard
D) Screen
10) A
The IDS console is known as the manager.
11 CH 3
Sockets are a combination of the IP address and which of the following?
11
A) Port
B) MAC address
C) NIC setting
D) NetBIOS ID
11 A
Sockets  are a combination of the IP address and the port.
12 CH 3
Which type of active response fools the attacker into thinking the attack is succeeding while the system monitors the activity and potentially redirects the attacker to a system that is designed to be broken?
12
A) Pretexting
B) Shamming
C) Deception
D) Scamming
12 C
A deception active response fools the attacker into thinking the attack is succeeding while the system monitors the activity and potentially redirects the attacker to a system that is designed to be broken.
13 CH 3
Which device monitors network traffic in a passive manner?
13
A) Sniffer
B) IDS
C) Firewall
D) Web browser
13 A
Sniffers monitor network traffic and display traffic in real time. Sniffers, also called network monitors, were originally designed for network maintenance and troubleshooting.
14 CH 3
Security has become the utmost priority at your organization. You’re no longer content to act reactively to incidents when they occur—you want to start acting more proactively. Which system performs active network monitoring and analysis and can take proactive steps to protect a network?
14
A) IDS
B) Sniffer
C) Router
D) Switch
14 A
An IDS is used to protect and report network abnormalities to a network administrator or system. It works with audit files and rule-based processing to determine how to act in the event of an unusual situation on the network.
15 CH 3
Which of the following can be used to monitor a network for unauthorized activity? (Choose two.)
15
A) Network sniffer
B) NIDS
C) HIDS
D) VPN
15 A/B
Network sniffers and NIDSs are used to monitor network traffic. Network sniffers are manually oriented, whereas an NIDS can be automated.
16 CH 3
You’re the administrator for Acme Widgets. After attending a conference on buzzwords for management, your boss informs you that an IDS should be up and running on the network by the end of the week. Which of the following systems should be installed on a host to provide IDS capabilities?
16
A) Network sniffer
B) NIDS
C) HIDS
D) VPN
16 C
A host-based IDS (HIDS) is installed on each host that needs IDS capabilities.
17 CH 3
Which of the following is an active response in an IDS?
17
A) Sending an alert to a console
B) Shunning
C) Reconfiguring a router to block an IP address
D) Making an entry in the security audit file
17 C
Dynamically changing the system’s configuration to protect the network or a system is an active response.
18 CH 3
A junior administrator bursts into your office with a report in his hand. He claims that he has found documentation proving that an intruder has been entering the network on a regular basis. Which of the following implementations of IDS detects intrusions based on previously established rules that are in place on your network?
18
A) MD-IDS
B) AD-IDS
C) HIDS
D) NIDS
18 A
By comparing attack signatures and audit trails, a misuse-detection IDS determines whether an attack is occurring.
19 CH 3
Which IDS function evaluates data collected from sensors?
19
A) Operator
B) Manager
C) Alert
D) Analyze
19 D
The analyzer function uses data sources from sensors to analyze and determine whether an attack is under way.
20 CH 3
What is a system that is intended or designed to be broken into by an attacker called?
20
A) Honeypot
B) Honeybucket
C) Decoy
D) Spoofing system
20 A
A honeypot is a system that is intended to be sacrificed in the name of knowledge. Honeypot systems allow investigators to evaluate and analyze the attack strategies used. Law enforcement agencies use honeypots to gather evidence for prosecution.