Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
20 Cards in this Set
- Front
- Back
- 3rd side (hint)
|
1 CH 3
In order for network monitoring to work properly, you need a PC and a network card running in what mode? |
1
A) Launch B) Exposed C) Promiscuous D) Sweep |
1) C
In order for network monitoring to work properly, you need a PC and a network card running in promiscuous mode. |
|
|
2 CH 3
Which Linux utility can show if there is more than one set of documentation on the system for a command you are trying to find information on? |
2
A) Lookaround B) Howmany C) Whereall D) Whatis |
2) D
In Linux, the whatis utility can show if there is more than one set of documentation on the system for a command you are trying to find information on. |
|
|
3 CH 3
In intrusion detection system parlance, which account is responsible for setting the security policy for an organization? |
3
A) Supervisor B) Administrator C) Root D) Director |
3) B
The administrator is the person/account responsible for setting the security policy for an organization. |
|
|
4 CH 3
Which of the following IDS types looks for things outside of the ordinary? |
4
A) Incongruity-based B) Variance-based C) Anomaly-based D) Difference-based |
4) C
An anomaly-detection IDS (AD-IDS) looks for anomalies, meaning it looks for things outside of the ordinary. |
|
|
5 CH 3
Which of the following copies the traffic from all ports to a single port and disallows bidirectional traffic on that port? |
5
A) Port spanning B) Socket blending C) Straddling D) Amalgamation |
5) A
Port spanning (also known as port mirroring) copies the traffic from all ports to a single port and disallows bidirectional traffic on that port. |
|
|
6 CH 3
Which of the following implies ignoring an attack and is a common response? |
6
A) Eschewing B) Spurning C) Shirking D) Shunning |
6) D
Shunning, or ignoring an attack, is a common response. |
|
|
7 CH 3
Which IDS system uses algorithms to analyze the traffic passing through the network? |
7
A) Arithmetical B) Algebraic C) Statistical D) Heuristic |
7) D
A heuristic system uses algorithms to analyze the traffic passing through the network. |
|
|
8 CH 3
Which of the following utilities can be used in Linux to view a list of users’ failed authentication attempts? |
8
A) badlog B) faillog C) wronglog D) killlog |
8) B
Use the faillog utility in Linux to view a list of users’ failed authentication attempts. |
|
|
9 CH 3
Which of the following is the process in which a law enforcement officer or a government agent encourages or induces a person to commit a crime when the potential criminal expresses a desire not to go ahead? |
9
A) Enticement B) Entrapment C) Deceit D) Sting |
9) B
Entrapment is the process in which a law enforcement officer or a government agent encourages or induces a person to commit a crime when the potential criminal expresses a desire not to go ahead. |
|
|
10 CH 3
The IDS console is known as what? |
10
A) Manager B) Window C) Dashboard D) Screen |
10) A
The IDS console is known as the manager. |
|
|
11 CH 3
Sockets are a combination of the IP address and which of the following? |
11
A) Port B) MAC address C) NIC setting D) NetBIOS ID |
11 A
Sockets are a combination of the IP address and the port. |
|
|
12 CH 3
Which type of active response fools the attacker into thinking the attack is succeeding while the system monitors the activity and potentially redirects the attacker to a system that is designed to be broken? |
12
A) Pretexting B) Shamming C) Deception D) Scamming |
12 C
A deception active response fools the attacker into thinking the attack is succeeding while the system monitors the activity and potentially redirects the attacker to a system that is designed to be broken. |
|
|
13 CH 3
Which device monitors network traffic in a passive manner? |
13
A) Sniffer B) IDS C) Firewall D) Web browser |
13 A
Sniffers monitor network traffic and display traffic in real time. Sniffers, also called network monitors, were originally designed for network maintenance and troubleshooting. |
|
|
14 CH 3
Security has become the utmost priority at your organization. You’re no longer content to act reactively to incidents when they occur—you want to start acting more proactively. Which system performs active network monitoring and analysis and can take proactive steps to protect a network? |
14
A) IDS B) Sniffer C) Router D) Switch |
14 A
An IDS is used to protect and report network abnormalities to a network administrator or system. It works with audit files and rule-based processing to determine how to act in the event of an unusual situation on the network. |
|
|
15 CH 3
Which of the following can be used to monitor a network for unauthorized activity? (Choose two.) |
15
A) Network sniffer B) NIDS C) HIDS D) VPN |
15 A/B
Network sniffers and NIDSs are used to monitor network traffic. Network sniffers are manually oriented, whereas an NIDS can be automated. |
|
|
16 CH 3
You’re the administrator for Acme Widgets. After attending a conference on buzzwords for management, your boss informs you that an IDS should be up and running on the network by the end of the week. Which of the following systems should be installed on a host to provide IDS capabilities? |
16
A) Network sniffer B) NIDS C) HIDS D) VPN |
16 C
A host-based IDS (HIDS) is installed on each host that needs IDS capabilities. |
|
|
17 CH 3
Which of the following is an active response in an IDS? |
17
A) Sending an alert to a console B) Shunning C) Reconfiguring a router to block an IP address D) Making an entry in the security audit file |
17 C
Dynamically changing the system’s configuration to protect the network or a system is an active response. |
|
|
18 CH 3
A junior administrator bursts into your office with a report in his hand. He claims that he has found documentation proving that an intruder has been entering the network on a regular basis. Which of the following implementations of IDS detects intrusions based on previously established rules that are in place on your network? |
18
A) MD-IDS B) AD-IDS C) HIDS D) NIDS |
18 A
By comparing attack signatures and audit trails, a misuse-detection IDS determines whether an attack is occurring. |
|
|
19 CH 3
Which IDS function evaluates data collected from sensors? |
19
A) Operator B) Manager C) Alert D) Analyze |
19 D
The analyzer function uses data sources from sensors to analyze and determine whether an attack is under way. |
|
|
20 CH 3
What is a system that is intended or designed to be broken into by an attacker called? |
20
A) Honeypot B) Honeybucket C) Decoy D) Spoofing system |
20 A
A honeypot is a system that is intended to be sacrificed in the name of knowledge. Honeypot systems allow investigators to evaluate and analyze the attack strategies used. Law enforcement agencies use honeypots to gather evidence for prosecution. |
