|
You want to make sure that a set of servers will only accept traffic for specific network services.
You have verified that the servers are only running the necessary services, but you also want to
make sure that the servers will not accept packets sent to those services.
Which tool should you use?
IPS
Packet sniffer
Port scanner
System logs
IDS
|
Port scanner
|
|
What security mechanism can be used to detect attacks originating on the internet or from within
an internal trusted subnet?
Firewall
Security alarm
Biometric system
IDS
|
IDS
|
|
What actions can a typical passive intrusion detection system (IDS) take when it detects an
attack? (Select two.)
LAN-side clients are halted and removed from the domain.
The IDS logs all pertinent data about the intrusion.
The IDS configuration is changed dynamically, and the source IP address is banned.
An alert is generated and delivered via email, the console, or an SNMP trap.
|
The IDS logs all pertinent data about the intrusion. An alert is generated and delivered via email, the console, or an SNMP trap.
|
|
Which of the following activities are considered passive in regards to the function of an intrusion
detection system? (Select two.)
Monitoring the audit trails on a server
Transmitting FIN or RES packets to an external host
Listening to network traffic
Disconnecting a port being used by a zombie
|
Monitoring the audit trails on a server Listening to network traffic
|
|
An active IDS system often performs which of the following actions? (Select two.)
Request a second logon test for users performing abnormal activities.
Update filters to block suspect traffic.
Trap and delay the intruder until the authorities arrive.
Perform reverse lookups to identify an intruder.
|
Update filters to block suspect traffic. Perform reverse lookups to identify an intruder.
|
|
Which of the following is the most common detection method used by an IDS?
Anomaly
Signature
Heuristic
Behavior
|
Signature
|
|
You have just installed a new network-based IDS system that uses signature recognition. What
should you do on a regular basis?
Generate a new baseline.
Check for backdoors.
Modify clipping levels.
Update the signature files.
|
Update the signature files.
|
|
Which of the following are security devices that perform stateful inspection of packet data,
looking for patterns that indicate malicious code? (Select two.)
Firewall
ACL
IDS
VPN
IPS
|
IDS IPS
|
|
Properly configured passive IDS and system audit logs are an integral part of a comprehensive
security plan. What step must be taken to ensure that the information is useful for maintaining a
secure environment?
All logs should be deleted and refreshed monthly.
All files must be verified with the IDS checksum.
Periodic reviews must be conducted to detect malicious activity or policy violations.
The accounting department must compress the logs on a quarterly basis.
|
Periodic reviews must be conducted to detect malicious activity or policy violations.
|
|
You are concerned about attacks directed at your network firewall. You want to be able to
identify attacks and be notified of attacks. In addition, you want the system to take immediate
action when possible to stop or prevent the attack.
Which tool should you use?
Packet sniffer
Port scanner
IPS
IDS
|
IPS
|
|
As a security precaution, you have implemented IPsec between any two devices on your
network. IPsec provides encryption for traffic between devices.
You would like to implement a solution that can scan the contents of the encrypted traffic to
prevent any malicious attacks.
Which solution should you implement?
Host-based IDS
VPN concentrator
Port scanner
Protocol analyzer
Network-based IDS
|
Host-based IDS
|
|
You are concerned about protecting your network from network-based attacks from the internet.
Specifically, you are concerned about zero day attacks (attacks that have not yet been identified
or that do not have prescribed protections).
Which type of device should you use?
Network-based firewall
Signature-based IDS
Host-based firewall
Anomaly-based IDS
Anti-virus scanner
|
Anomaly-based IDS
|
|
Creating fake resources such as honeypots, honeynets, and tarpits fulfills which of the following
main intrusion detection and prevention goals? (Select two.)
Lures attackers into a non-critical network segment where their actions are passively
monitored and logged, then shuns the attacker by simply dropping their connection.
Offers attackers a target that occupies their time and attention while distracting them
from valid resources.
Reveals information about an attacker’s methods and gathers evidence for identification
or prosecution purposes.
Detect attacks that are unique to the services on valid system resources and monitor
application activity.
Entices attackers to reveal their IDS signatures, which can then be matched to known
attack patterns.
Detect anomalous behavior that varies from standard activity patterns, also referred to
as heuristic recognition.
|
Offers attackers a target that occupies their time and attention while distracting them from valid resources. Reveals information about an attacker’s methods and gathers evidence for identification or prosecution purposes.
|
|
What does a tarpit specifically do to detect and prevent intrusion into your network?
Entices intruders by displaying a vulnerability, configuration flow, or data that appears
to be of value.
Uses a packet sniffer to examine network traffic and identify known attack patterns,
then locks the attacker’s connection to prevent any further intrusion activities.
Passively monitors and logs suspicious activity until it detects a known attack pattern,
then shuns the intruder by dropping their connection.
Answers connection requests in such a way that the attacking computer is stuck for a
period of time.
|
Answers connection requests in such a way that the attacking computer is stuck for a period of time.
|
|
If maintaining confidentiality is of the utmost importance to your organization, what is the best
response when an intruder is detected on your network?
Delay the intruder.
Terminate the intruder’s session.
Record audit trails about the intruder.
Monitor the intruder’s actions.
|
Terminate the intruder’s session.
|
