|
All device interpret attack signature uniformly |
False |
|
All atomic attack is a barrage of hundreds of packets directed at a host |
False |
|
The signature of a normal FTP connection includes a three-way handshake |
True |
|
Newer Trojans listen at a predetermined port on the target computer so that detection is more difficult |
True |
|
Packet fragment is not normal, and can only occur if an attack has been initiated |
False |
|
How does CVE standard make network security devices and tools more effective |
They share information about attack signature |
|
Which of the following is NOT among the items of information that a CVE reference reports |
Attack signature |
|
Which of the following is an accurate set of characteristic you would find in an attack signature |
IP address,TCP flags,port numbers |
|
What is the tern used when an IDPS doesn’t recognize that an attack is underway |
False negative |
|
Which of the following is NOT a category of suspicious TCP/IP packet |
Suspicious CRC value |
|
What can an IDPS check to try to determine weather a packet has been has been tampered with or damaged in transit |
Checksum |
|
What type of attack does a remote access Trojan attempt to perpetrate |
Composite attack |
|
Under which attack category does a UNIX sendmail exploitation fall |
Suspicious data payload |
|
Of what category of attack is a DoS attack an example |
Multiple-packet attack |
|
Which element of an ICMP header would indicate that the packet is an ICMP echo request message |
Type |
|
Which of the following is an element of the TCP header that can indicate that a connection has been established |
SEQ/ACK analysis |
|
Which TCP flag can be default response to a probe on a closed port |
RST |
|
What is the typical packet sequence of packets for a successful three-way handshake |
SYN,SYN ACK,ACK |
|
Which of the following correctly represents the port used by FTP control traffic and FTP file transfer traffic respectively |
21,20 |
|
What is the packet called where a Web browser sends a request to the Web server for Web page data |
HTTP GET |
|
Under which suspicious traffic signature category would a port scan fall |
denial of service |
|
In which type of scan does an attacker scan only ports that are commonly used by specific programs |
strobe scan |
|
Which type of scan has FIN,PSH,and URG flag set |
Xmas scan |
|
Which of the following is the description of a land attack |
source and destination IP address/port are the same |
|
Crafted packets that are inserted into network traffic |
Packet injection |
|
Let the other computer know it is finished sending data |
FIN packet |
|
An undocumented hidden opening through which an attacker can access a computer |
Back door |
|
A set of characteristic that define a type of network security |
Signature |
|
Used by attackers to delay the progression of a scan |
Scan throttling |
|
A standard set of communications rules that allows one computer to request a service from another computer |
RPC |
|
Sent when one computer wants to stop and restart the connection |
RST packet |
|
The maximum packet size that can be transmitted |
MTU |
|
All ports from 0 to 65.535 are probed one after another |
Vanilla scan |
|
A series of ICMP echo request packets in a range of IP address |
Pin sweep |
|
A packet monkey is a unskilled programmer who spreads viruses and other malicious scripts to exploit computer weakness |
False |
|
A worm creates files that copy themselves repeatedly and consume disk space |
True |
|
Physical security protects a system fro theft,fire,or environmental disater |
True |
|
Reviewing log files is a time consuming task and therefore should only be done when an attack on the network has occured |
False |
|
With discretionary access control, network users can share information with other users, making it more risky than MAC |
True |
|
Security devices on a network process digital information, such as text files and web pages, in the same way.However,which of the following pieces of information might they handle differently |
Attack signature |
|
In which of the following situations can CVE improve the coordination of intrusion information on a network |
Installing application patches can thwart a report attack |
|
In which OSI model layer will you find the OSPF protocol |
Network |
|
Which protocol is responsible for automatic assignment of IP address |
DHCP |
|
Which of the following is NOT a critical goal of information security |
Scalability |
|
Which of the following is true about cryptographic primitive |
Primitives are usually not the source of security failures |
Share This
Flashcard
