1. An HIDS is used to monitor activity on which of the following?
- A) Network
- B) Application
- C) Log file
- D) Host
Show Answer
2. Which of the following can be used to identify a firewall?
- A) Search engines
- B) Email
- C) Port scanning
- D) Google hacking
Show Answer
3. An NIDS is based on technology similar to which of the following?
- A) Packet sniffing
- B) Privilege escalation
- C) Enumeration
- D) Backdoor
Show Answer
4. Which of the following can be used to evade an IDS?
- A) Packet sniffing
- B) Port scanning
- C) Enumeration
- D) Encryption
Show Answer
5. Altering a checksum of a packet can be used to do what?
- A) Send an RST.
- B) Send a URG.
- C) Reset a connection.
- D) Evade an NIDS.
Show Answer
6. Firewalking is done to accomplish which of the following?
- A) Find the configuration of an NIDS.
- B) Find the configuration of an HIDS.
- C) Uncover a honeypot.
- D) Analyze a firewall.
Show Answer
7. A method for overwhelming an IDS using packets with incorrect TTL values or flags is known as what?
- A) Session splicing
- B) Insertion
- C) Fragmenting
- D) ACK scanning
Show Answer
8. How does a fragmentation attack, which takes a packet, breaks it into fragments, and sends only some of the fragments to the target, cause a DoS?
- A) By consuming processor power on the IDS
- B) By overwhelming the IDS with too many fragments
- C) By exhausting memory by caching the fragments
- D) By filling virtual memory with too much data
Show Answer
9. Which of the following uses a database of known attacks?
- A) Signature file
- B) Anomaly
- C) Behavior
- D) Shellcode
Show Answer
10. An anomaly-based NIDS is designed to look for what?
- A) Patterns of known attacks
- B) Deviations from known traffic patterns
- C) Log alterations
- D) False positives
Show Answer
11. Multihomed firewall has a minimum of how many network connections?
- A) Two
- B) Three
- C) Four
- D) Five
Show Answer
12. A DMZ is created with which of the following?
- A) A firewall and a router
- B) A multihomed firewall
- C) Two routers
- D) A multihomed router
Show Answer
13. A firewall is used to separate which of the following?
- A) Networks
- B) Hosts
- C) Permissions
- D) ACL
Show Answer
14. In practice a honeypot will be configured how?
- A) As an unpatched system
- B) As a decoy server
- C) As a duplicate of a real system
- D) As an analysis tool
Show Answer
15. Which ports does SNMP use to function?
- A) 160 and 161
- B) 160 and 162
- C) 389 and 160
- D) 161 and 162
Show Answer
16. HTTP is typically open on which port in a firewall?
- A) 25
- B) 443
- C) 80
- D) 110
Show Answer
17. What is a system used as a chokepoint for traffic?
- A) IDS
- B) DMZ
- C) Bastion host
- D) SNMP host
Show Answer
18. At which layer of the OSI model does a packet-filtering firewall work?
- A) Layer 1
- B) Layer 2
- C) Layer 3
- D) Layer 4
Show Answer
19. What type of firewall analyzes the status of traffic?
- A) Circuit level
- B) Packet filtering
- C) Stateful inspection
- D) NIDS
Show Answer
20. What can be used instead of a URL to evade some firewalls?
- A) IP address
- B) Encryption
- C) Stateful inspection
- D) NIDS