Networking

Q: a. accountability f. passive sensorb. escalated g. profilesc. event horizon h. sensord. inline sensor i. stateful protocol analysise. intrusion j. true positive1/ an attempt to gain unauthorized access to network resources2/ the entire length of an attack3/ a genuine attack detected successfully by an IDPS4/ an NIDPS sensor positioned so that all traffic on the network segment isexamined as it passes through5/ an IDPS component that monitors traffic on a network segment6/ increasing an intrusion response to a higher level7/ sets of characteristics that describe network services and resources a user or group normally accesses8/ the process of maintaining a table of current connections so that abnormal traffic can be identified9/ the ability to track an attempted attack or intrusion back to its source10/ an NIDPS sensor that examines copies of traffic on the network

Q: __________________ procedures are a set of actions that are spelled out in the security policy and followed if the IDPS detects a true positive.

Q: A network ____________ is a type of passive sensor that consists of a direct connection between a sensor and the physical network medium.

Q: An IDPS __________________ server is the central repository for sensor and agent data.

Q: In a _______________ based detection system, the IDPS can begin working immediately after installation.

Q: Anomaly detection systems make use of _______________ that describe the services and resources each authorized user or group normally accesses on the network.

Q: Which of the following is true about the steps in setting up and using an IDPS? a. anomaly-based systems come with a database of attack signatures c. alerts are sent when a packet doesn"t match a stored signature b. sensors placed on network segments will always capture every packet d. false positives do not compromise network security

Q: Why might you want to allow extra time for setting up the database in an anomaly-based system?a. the installation procedure is usually complex and time consuming b. to add your own custom rule base c. it requires special hardware that must be custom builtd. to allow a baseline of data to be compiled

Q: If you see a /16 in the header of a snort rule, what does it mean?a. a maximum of 16 log entries should be kept b. the size of the log file is 16 MB c. the subnet mask is 255.255.0.0d. the detected signature is 16 bits in length

Q: Which of the following is an IDPS security best practice?a. to prevent false positives, only test the IDPS at initial configuration b. communication between IDPS components should be encrypted c. all sensors should be assigned IP addressesd. log files for HIDPSs should be kept local

Q: Which of the following is true about an NIDPS versus an HIDPS?a. an NIDPS can determine if a host attack was successful b. an HIDPS can detect attacks not caught by an NIDPS c. an HIDPS can detect intrusion attempts on the entire networkd. an NIDPS can compare audit log records

Q: Which of the following is true about an HIDPS?a. monitors OS and application logs c. tracks misuse by external usersb. sniffs packets as they enter the network d. centralized configurations affect host performance

Q: Which of the following is a sensor type that uses bandwidth throttling and alters malicious content?a. passive only c. active onlyb. inline only d. online only

Q: Which of the following is NOT a method used by passive sensors to monitor traffic?a. spanning port c. packet filterb. network tap d. load balancer

Q: Which type of IDPS can have the problem of getting disparate systems to work in a coordinated fashion?a. inline c. hybridb. host-based d. network-based

Q: Which of the following is considered a problem with a passive, signature-based system?a. profile updating c. custom rulesb. signature training d. false positives

Q: Which IDPS customization option is a list of entities known to be harmless?a. thresholds c. blacklistsb. whitelists d. alert settings

Q: Where is a host-based IDPS agent typically placed?a. on a workstation or server c. between remote users and internal networkb. at Internet gateways d. between two subnets

Q: Which of the following is NOT a typical IDPS component?a. network sensors c. database serverb. command console d. Internet gateway

Q: Which method for detecting certain types of attacks uses an algorithm to detect suspicious traffic, is resource intensive, and requires extensive tuning and maintenance?a. brute force c. signatureb. heuristic d. anomaly

Q: Which of the following is an advantage of a signature-based detection system?a. the definition of what constitutes normal traffic changes b. it is based on profiles the administrator creates c. each signature is assigned a number and named. the IDPS must be trained for weeks

Q: Which approach to stateful protocol analysis involves detection of the protocol in use, followed by activation of analyzers that can identify applications not using standard ports?a. Protocol state tracking c. Traffic rate monitoringb. IP packet reassembly d. Dynamic Application layer protocol analysis

Q: What is an advantage of the anomaly detection method?a. makes use of signatures of well-known attacks b. system can detect attacks from inside the network by people with stolen accounts c. easy to understand and less difficult to configure than a signature-based systemd. after installation, the IDPS is trained for several days or weeks

Q: The period of time during which an IDPS monitors network traffic to observe what constitutes normal network behavior is referred to as which of the following?a. training period c. profile monitoringb. baseline scanning d. traffic normalizing

Q: Which of the following is NOT a primary detection methodology?a. signature detection c. anomaly detectionb. baseline detection d. stateful protocol analysis

Q: Which of the following is NOT a network defense function found in intrusion detection and prevention systems?a. prevention c. identificationb. response d. detection

Q: A hybrid IDPS combines aspects of NIDPS and HIDPS configurations.

Q: An NIDPS can tell you whether an attack attempt on the host was successful.

Q: No actual traffic passes through a passive sensor; it only monitors copies of the traffic.

Q: A weakness of a signature-based system is that it must keep state information on a possible attack.

Q: An IDPS consists of a single device that you install between your firewall and the Internet.

Q: Describe 802.1x authentication.

Q: What is a site survey and why should you conduct one?

Q: List four issues that a wireless security policy should address.

Q: What is the purpose of MAC address filtering and how can attackers defeat it?

Q: What are the two authentication methods provided by early 802.11 standards?

Q: Describe forged deauthentication.

Q: List and define the fields in a control frame.

Q: List the four most common types of control frames.

Q: List the three types of MAC frames defined by the 802.11 standard.

Q: How is wireless security different than wired security?

Q: a. active attacks f. request to sendb. association g. site surveyc. clear to send h. sniffingd. pairwise keys i. TKIPe. penetration testing j. WPA21/ any keys used between a pair of devices in TKIP2/ an in-depth examination of a proposed wireless network site3/ the process of using a variety of tools and techniques to attempt to break into a network4/ a two-step process of being accepted into a wireless network5/ a type of control frame that a station sends when it wants to transmit6/ an encryption method devised as a replacement for WEP in WPA7/ attacks that attempt to gather information for subsequent attacks by sending probe request frames on each available channel8/ a type of control frame that gives a station clearance to begin transmitting packets9/ the encryption and authentication architecture based on the final ratified IEEE 802.11i standard10/ capturing network traffic during transmission

Q: MIBs gather data and report it to a(n) ____________________ management station.

Q: ___________ key encryption in WEP uses the RC4 encryption algorithm.

Q: A _____________ device is a wireless device that employees connect and use without authorization or verified configurations.

Q: A ____________ response is sent by a station in response to a request frame and indicates capabilities, supported data rates, and other information.

Q: Each access point has a(n) ______________ that essentially functions as the name of the network.

Q: Which popular wireless sniffer is an IDS that is passive and undetectable in operation?a. Kismet c. AirSnortb. NetStumbler d. Aircrack-ng

Q: Which of the following is true about IEEE 802.11i?a. it uses WEP2 for authentication and encryption b. it uses a symmetric block cipher for encryption c. temporal key integrity protocol is used for encryptiond. it uses PMK to generate data encryption keys

Q: Which EAP protocol requires digital certificates to validate supplicants?a. EAP-TLS c. LEAPb. EAP-TTLS d. FAST

Q: Which of the following is NOT a suggested practice before using a newly configured wireless network?a. change the administrator password b. change the manufacturer's default key c. use the default encryption methodd. alter the default channel

Q: Which of the following is true about MAC addresses in a wireless network?a. MAC address filtering will stop a determined attacker b. MAC addresses are Network layer identities c. you need to configure the MAC address before you use the WNICd. you can change a WNICs MAC address with software

Q: What is considered to be one of the biggest weaknesses of WEP?a. 24-bit initialization vector c. 128-bit keyb. RC4 encryption d. Kerberos authentication

Q: What function does a RADIUS server provide to a wireless network?a. association c. decryptionb. encryption d. authentication

Q: Which of the following is true about the association process?a. it is a three-step process c. a station first send an association requestb. a station first listens for beacons d. the AP transmits an invitation to associate

Q: In which type of attack do attackers intercept the transmissions of two communicating nodes without the user's knowledge?a. rogue device c. man-in-the-middleb. wardriver d. brute force

Q: Which of the following is true about wardriving?a. attackers use RF monitor mode c. the software is very expensiveb. the hardware is very expensive d. their goal is simply to hijack a connection

Q: In which type of wireless attack does the attacker cause valid users to lose their connections by sending a forged deauthentication frame to their stations?a. association flood c. session hijackingb. jamming d. MAC address spoofing

Q: What is a WNIC's equivalent of a NIC's promiscuous mode?a. active scan mode c. passive attack modeb. RF monitor mode d. auto-capture mode

Q: Which of the following is true about the SSID?a. they can be Null c. they are not found in beacon framesb. they are registered d. they are found in control frames

Q: Which of the following is NOT a field in a control frame?a. Duration c. Frame controlb. Sequence control d. Frame check sequence

Q: Which type of control frame does a station send to let the AP know is can transmit buffered frames?a. CTS c. RTSb. ACK d. PS-Poll

Q: Which type of frame advertises services or information on a wireless network?a. Probe request c. Beaconb. Association response d. Probe response

Q: Which management frame type is sent by a station wanting to terminate the connection?a. Deauthentication c. Reassociation requestb. Disassociation d. Probe response

Q: Which of the following is NOT part of a wireless MAC frame?a. 802.11 protocol version c. FCSb. source MAC address d. TTL

Q: Which of the following is performed by the MAC sublayer?a. joining the wireless network c. resolving names to IP addressesb. resolving IP address to MAC address d. determining best path

Q: Which layer does wireless communication rely heavily upon?a. MAC sublayer of the Network layer c. LLC sublayer of the Data Link layerb. MAC sublayer of the Data Link layer d. LLC sublayer of the Transport layer

Q: SNMP requires the installation of an SNMP agent on the device you want to monitor.

1 2 3 … 25 Next »

Subjects