All device interpret attack signature uniformly |
False |
All atomic attack is a barrage of hundreds of packets directed at a host |
False |
The signature of a normal FTP connection includes a three-way handshake |
True |
Newer Trojans listen at a predetermined port on the target computer so that detection is more difficult |
True |
Packet fragment is not normal, and can only occur if an attack has been initiated |
False |
How does CVE standard make network security devices and tools more effective |
They share information about attack signature |
Which of the following is NOT among the items of information that a CVE reference reports |
Attack signature |
Which of the following is an accurate set of characteristic you would find in an attack signature |
IP address,TCP flags,port numbers |
What is the tern used when an IDPS doesn’t recognize that an attack is underway |
False negative |
Which of the following is NOT a category of suspicious TCP/IP packet |
Suspicious CRC value |
What can an IDPS check to try to determine weather a packet has been has been tampered with or damaged in transit |
Checksum |
What type of attack does a remote access Trojan attempt to perpetrate |
Composite attack |
Under which attack category does a UNIX sendmail exploitation fall |
Suspicious data payload |
Of what category of attack is a DoS attack an example |
Multiple-packet attack |
Which element of an ICMP header would indicate that the packet is an ICMP echo request message |
Type |
Which of the following is an element of the TCP header that can indicate that a connection has been established |
SEQ/ACK analysis |
Which TCP flag can be default response to a probe on a closed port |
RST |
What is the typical packet sequence of packets for a successful three-way handshake |
SYN,SYN ACK,ACK |
Which of the following correctly represents the port used by FTP control traffic and FTP file transfer traffic respectively |
21,20 |
What is the packet called where a Web browser sends a request to the Web server for Web page data |
HTTP GET |
Under which suspicious traffic signature category would a port scan fall |
denial of service |
In which type of scan does an attacker scan only ports that are commonly used by specific programs |
strobe scan |
Which type of scan has FIN,PSH,and URG flag set |
Xmas scan |
Which of the following is the description of a land attack |
source and destination IP address/port are the same |
Crafted packets that are inserted into network traffic |
Packet injection |
Let the other computer know it is finished sending data |
FIN packet |
An undocumented hidden opening through which an attacker can access a computer |
Back door |
A set of characteristic that define a type of network security |
Signature |
Used by attackers to delay the progression of a scan |
Scan throttling |
A standard set of communications rules that allows one computer to request a service from another computer |
RPC |
Sent when one computer wants to stop and restart the connection |
RST packet |
The maximum packet size that can be transmitted |
MTU |
All ports from 0 to 65.535 are probed one after another |
Vanilla scan |
A series of ICMP echo request packets in a range of IP address |
Pin sweep |
A packet monkey is a unskilled programmer who spreads viruses and other malicious scripts to exploit computer weakness |
False |
A worm creates files that copy themselves repeatedly and consume disk space |
True |
Physical security protects a system fro theft,fire,or environmental disater |
True |
Reviewing log files is a time consuming task and therefore should only be done when an attack on the network has occured |
False |
With discretionary access control, network users can share information with other users, making it more risky than MAC |
True |
Security devices on a network process digital information, such as text files and web pages, in the same way.However,which of the following pieces of information might they handle differently |
Attack signature |
In which of the following situations can CVE improve the coordination of intrusion information on a network |
Installing application patches can thwart a report attack |
In which OSI model layer will you find the OSPF protocol |
Network |
Which protocol is responsible for automatic assignment of IP address |
DHCP |
Which of the following is NOT a critical goal of information security |
Scalability |
Which of the following is true about cryptographic primitive |
Primitives are usually not the source of security failures |
CNT 4406 Chapter 3
Share This
Unfinished tasks keep piling up?
Let us complete them for you. Quickly and professionally.
Check Price