Scribd
Upload
23 views6 pages

BBAIT Advanced Network Security Quiz 2

Uploaded by

MynorGarzona
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
23 views6 pages

BBAIT Advanced Network Security Quiz 2

Uploaded by

MynorGarzona
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 6

Question 1

What are characteristics of Host based IDS? (Choose three)

Response: Logs include logins, file opens and program executions

Response: Logs are analysed to detect tails of intrusion

Response: Logs are archived daily Nop

Score: The host operating system logs in the audit information

Question 2
Of the following choices, what represents the best choice for a system to detect
attacks on a network, but not block them?

Response: Network-based Intrusion Detection System

Score: 1 out of 1 Yes

Question 3
In an IP packet header, the ____ is the address of the computer or device that is
to receive the packet

Response: Destination address

Score: 1 out of 1 Yes

Question 4
What are the strengths of Host based IDS? (Choose three)

Response: Attack verification

Response: System specific activity

Response: No additional hardware required

Score: 1 out of 1 Yes

Question 5
What is a major drawback of anomaly detection IDS?

Response: It generates many false alarms

Score: 1 out of 1 Yes

Question 6
What are characteristics of signature based IDS? (choose two)

Response: Most are based on simple pattern matching algorithms

Score: It is programmed to interpret a certain series of packets

Question 7
Of the following choices, what can you use to divert malicious attacks on your
network away from valuable resources to relatively worthless resources?

Response: Honeypot

Score: 1 out of 1 Yes


Question 8
Which of the following is not a typical component of an intrusion detection
system?

Response: Zone system

Score: 1 out of 1 Yes

Question 9
Your network has several critical servers that are accessible from the Internet.
The servers have been the targets of attackers in the past. You want to keep the
attackers away from your actual network but still want to monitor their activities.
How can you accomplish this?

Response: Create a honeypot for the attacker

Score: 1 out of 1 Yes

Question 10
What are the drawbacks of signature based IDS? (Choose three)

Response: They suffer from false alarms

Response: They have to be programmed again for every new pattern to be detected

Response: They are unable to detect novel attacks

Score: 1 out of 1 Yes

Question 11
Of the following choices, what would detect compromises on a local server?

Response: Host-based Intrusion Detection System

Score: 1 out of 1 Yes

Question 12
What are the strengths of Network based IDS? (Choose three)

Response: Cost of ownership reduced

Response: Malicious intent detection

Response: Real time detection and response

Score: 1 out of 1 Yes

Question 13
Of the following choices, what most accurately describes a Network-based Intrusion
Prevention System?

Response: Detects and takes action against threats

Score: 1 out of 1 Yes

Question 14
What is the difference between an intrusion detection system and an intrusion
prevention system?
Response: An IDS automates the intrusion detection process, while an IPS can detect
and also attempt to stop possible incidents

Score: 1 out of 1 Yes

Question 15
When discussing IDPS, what is a signature?

Response: Attack-definition file

Score: 1 out of 1 Yes

Question 16
Which of the following is true of signature-based IDPSes?

Response: They can scan network traffic or packets to identify matches with attack-
definition files

Score: 1 out of 1 Yes

Question 17
Which of the following is an advantage of anomaly detection?

Response: The engine can scale as the rule set grows

Score: 1 out of 1 Yes

Question 18
What does DHCP stand for?

Response: Dynamic Host Configuration Protocol

Score: 1 out of 1 Yes

Question 19
Your organization is using a Network-based Intrusion Detection System (NIDS). The
Network-based Intrusion Detection System vendor regularly provides updates for the
NIDS to detect known attacks. What type of NIDS is this?

Response: Prevention-based

Score: Signature-based

Question 20
An IDPS follows a two-step process consisting of a passive component and an active
component. Which of the following is part of the active component?

Response: Inspection of system to detect policy violations

Score: Mechanisms put in place to reenact known methods of attack and record system
responses

Question 21
A false positive can be defined as ____ (Choose two)

Response: An alert that indicates nefarious activity on a system that, upon further
inspection, turns out to represent legitimate network traffic or behaviour
Score: An alert that indicates nefarious activity on a system that turns out to
represent malicious traffic or behaviour

Question 22
What can an administrator use to detect malicious activity after it occurred?

Response: IDPS

Score: 1 out of 1 Yes

Question 23
One of the most obvious places to put an IDS sensor is near the firewall. Where
exactly in relation to the firewall is the most productive placement?

Response: Inside the firewall

Score: 1 out of 1 Yes

Question 24
What are the characteristics of Network based IDS? (Choose two)

Response: They look for attack signatures in network traffic

Response: It is programmed to interpret a certain series of packet NOP

Score: Filter decides which traffic will be discarted or passed

Question 25
An organization wants to prevent SQL and script injection attacks on its Internet
web application. The organization should implement a(n):

Response: Application firewall

Score: 1 out of 1 Yes

Question 26
Of the following choices, what best describes the function of an Intrusion
Prevention System?

Response: Notify appropriate personnel of attacks

Score: Stop attacks in progress

Question 27
In the intrusion detection context, what is a threshold?

Response: A value that sets the limit between normal and abnormal behaviour

Score: 1 out of 1 Yes

Question 28
At which two traffic layers do most commercial IDPSes generate signatures? (Choose
two)

Response: Network layer

Response: Transport layer


Score: 1 out of 1 Yes

Question 29
What does NFAT stand for?

Response: Network forensic analysis tools

Score: 1 out of 1 Yes

Question 30
What are the different ways to classify an IDS? (Choose two)

Response: Host based

Response: Network based

Score: 1 out of 1 Yes

Question 31
You have installed an intrusion detection system on one of the production servers
to monitor malicious activities of applications and users only on that server. What
kind of IDS is this?

Response: Host-based IDS

Score: 1 out of 1 Yes

Question 32
What are the drawbacks of Host based IDS? (Choose two)

Response: Unselective logging of messages may increase the audit burdens

Response: They have to be programmed for new patterns NO

Score: selective logging runs the risk of missed attacks

Question 33
What are characteristics of anomaly based IDS? (Choose two)

Response: It models the normal usage of network as a noise characterization

Response: Anything distinct from the noise is assumed to be intrusion activity

Score: 1 out of 1 Yes

Question 34
What is the purpose of a shadow honeypot?

Response: To randomly check suspicious traffic identified by an anomaly detection


system

Score: 1 out of 1 Yes

Question 35
You are preparing to deploy an anomaly-based detection system to monitor network
activity. What would you create first?

Response: Baseline
Score: 1 out of 1

You might also like